1
2
3
4
5
6
7
8
9
10
11#include <linux/if.h>
12#include <linux/module.h>
13#include <linux/err.h>
14#include <linux/slab.h>
15#include <linux/list.h>
16#include <linux/if_ether.h>
17#include <linux/ieee80211.h>
18#include <linux/nl80211.h>
19#include <linux/rtnetlink.h>
20#include <linux/netlink.h>
21#include <linux/nospec.h>
22#include <linux/etherdevice.h>
23#include <linux/if_vlan.h>
24#include <net/net_namespace.h>
25#include <net/genetlink.h>
26#include <net/cfg80211.h>
27#include <net/sock.h>
28#include <net/inet_connection_sock.h>
29#include "core.h"
30#include "nl80211.h"
31#include "reg.h"
32#include "rdev-ops.h"
33
34static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
35 struct genl_info *info,
36 struct cfg80211_crypto_settings *settings,
37 int cipher_limit);
38
39
40static struct genl_family nl80211_fam;
41
42
43enum nl80211_multicast_groups {
44 NL80211_MCGRP_CONFIG,
45 NL80211_MCGRP_SCAN,
46 NL80211_MCGRP_REGULATORY,
47 NL80211_MCGRP_MLME,
48 NL80211_MCGRP_VENDOR,
49 NL80211_MCGRP_NAN,
50 NL80211_MCGRP_TESTMODE
51};
52
53static const struct genl_multicast_group nl80211_mcgrps[] = {
54 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
55 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
56 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
57 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
58 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
59 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
60#ifdef CONFIG_NL80211_TESTMODE
61 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
62#endif
63};
64
65
66static struct wireless_dev *
67__cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev,
68 struct net *netns, struct nlattr **attrs)
69{
70 struct wireless_dev *result = NULL;
71 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
72 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
73 u64 wdev_id = 0;
74 int wiphy_idx = -1;
75 int ifidx = -1;
76
77 if (!have_ifidx && !have_wdev_id)
78 return ERR_PTR(-EINVAL);
79
80 if (have_ifidx)
81 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82 if (have_wdev_id) {
83 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84 wiphy_idx = wdev_id >> 32;
85 }
86
87 if (rdev) {
88 struct wireless_dev *wdev;
89
90 lockdep_assert_held(&rdev->wiphy.mtx);
91
92 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
93 if (have_ifidx && wdev->netdev &&
94 wdev->netdev->ifindex == ifidx) {
95 result = wdev;
96 break;
97 }
98 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
99 result = wdev;
100 break;
101 }
102 }
103
104 return result ?: ERR_PTR(-ENODEV);
105 }
106
107 ASSERT_RTNL();
108
109 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
110 struct wireless_dev *wdev;
111
112 if (wiphy_net(&rdev->wiphy) != netns)
113 continue;
114
115 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
116 continue;
117
118 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
119 if (have_ifidx && wdev->netdev &&
120 wdev->netdev->ifindex == ifidx) {
121 result = wdev;
122 break;
123 }
124 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
125 result = wdev;
126 break;
127 }
128 }
129
130 if (result)
131 break;
132 }
133
134 if (result)
135 return result;
136 return ERR_PTR(-ENODEV);
137}
138
139static struct cfg80211_registered_device *
140__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
141{
142 struct cfg80211_registered_device *rdev = NULL, *tmp;
143 struct net_device *netdev;
144
145 ASSERT_RTNL();
146
147 if (!attrs[NL80211_ATTR_WIPHY] &&
148 !attrs[NL80211_ATTR_IFINDEX] &&
149 !attrs[NL80211_ATTR_WDEV])
150 return ERR_PTR(-EINVAL);
151
152 if (attrs[NL80211_ATTR_WIPHY])
153 rdev = cfg80211_rdev_by_wiphy_idx(
154 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
155
156 if (attrs[NL80211_ATTR_WDEV]) {
157 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
158 struct wireless_dev *wdev;
159 bool found = false;
160
161 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
162 if (tmp) {
163
164 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
165 if (wdev->identifier != (u32)wdev_id)
166 continue;
167 found = true;
168 break;
169 }
170
171 if (!found)
172 tmp = NULL;
173
174 if (rdev && tmp != rdev)
175 return ERR_PTR(-EINVAL);
176 rdev = tmp;
177 }
178 }
179
180 if (attrs[NL80211_ATTR_IFINDEX]) {
181 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
182
183 netdev = __dev_get_by_index(netns, ifindex);
184 if (netdev) {
185 if (netdev->ieee80211_ptr)
186 tmp = wiphy_to_rdev(
187 netdev->ieee80211_ptr->wiphy);
188 else
189 tmp = NULL;
190
191
192 if (!tmp)
193 return ERR_PTR(-EINVAL);
194
195
196 if (rdev && tmp != rdev)
197 return ERR_PTR(-EINVAL);
198
199 rdev = tmp;
200 }
201 }
202
203 if (!rdev)
204 return ERR_PTR(-ENODEV);
205
206 if (netns != wiphy_net(&rdev->wiphy))
207 return ERR_PTR(-ENODEV);
208
209 return rdev;
210}
211
212
213
214
215
216
217
218
219static struct cfg80211_registered_device *
220cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
221{
222 return __cfg80211_rdev_from_attrs(netns, info->attrs);
223}
224
225static int validate_beacon_head(const struct nlattr *attr,
226 struct netlink_ext_ack *extack)
227{
228 const u8 *data = nla_data(attr);
229 unsigned int len = nla_len(attr);
230 const struct element *elem;
231 const struct ieee80211_mgmt *mgmt = (void *)data;
232 unsigned int fixedlen, hdrlen;
233 bool s1g_bcn;
234
235 if (len < offsetofend(typeof(*mgmt), frame_control))
236 goto err;
237
238 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
239 if (s1g_bcn) {
240 fixedlen = offsetof(struct ieee80211_ext,
241 u.s1g_beacon.variable);
242 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
243 } else {
244 fixedlen = offsetof(struct ieee80211_mgmt,
245 u.beacon.variable);
246 hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
247 }
248
249 if (len < fixedlen)
250 goto err;
251
252 if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
253 goto err;
254
255 data += fixedlen;
256 len -= fixedlen;
257
258 for_each_element(elem, data, len) {
259
260 }
261
262 if (for_each_element_completed(elem, data, len))
263 return 0;
264
265err:
266 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
267 return -EINVAL;
268}
269
270static int validate_ie_attr(const struct nlattr *attr,
271 struct netlink_ext_ack *extack)
272{
273 const u8 *data = nla_data(attr);
274 unsigned int len = nla_len(attr);
275 const struct element *elem;
276
277 for_each_element(elem, data, len) {
278
279 }
280
281 if (for_each_element_completed(elem, data, len))
282 return 0;
283
284 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
285 return -EINVAL;
286}
287
288
289static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
290
291static const struct nla_policy
292nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
293 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
294 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
295 .len = U8_MAX },
296 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
297 .len = U8_MAX },
298};
299
300static const struct nla_policy
301nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
302 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
303 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
304 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
305 NLA_POLICY_MAX(NLA_U8, 15),
306 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
307 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
308 NLA_POLICY_MAX(NLA_U8, 15),
309 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
310 NLA_POLICY_MAX(NLA_U8, 31),
311 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
312 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
313 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
314 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
315 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
316 [NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG },
317};
318
319static const struct nla_policy
320nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
321 [NL80211_PMSR_TYPE_FTM] =
322 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
323};
324
325static const struct nla_policy
326nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
327 [NL80211_PMSR_REQ_ATTR_DATA] =
328 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
329 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
330};
331
332static const struct nla_policy
333nl80211_pmsr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
334 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
335 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
336 [NL80211_PMSR_PEER_ATTR_REQ] =
337 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
338 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
339};
340
341static const struct nla_policy
342nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
343 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
344 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
345 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
346 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
347 [NL80211_PMSR_ATTR_PEERS] =
348 NLA_POLICY_NESTED_ARRAY(nl80211_pmsr_peer_attr_policy),
349};
350
351static const struct nla_policy
352he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
353 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
354 NLA_POLICY_RANGE(NLA_U8, 1, 20),
355 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
356 NLA_POLICY_RANGE(NLA_U8, 1, 20),
357 [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
358 NLA_POLICY_RANGE(NLA_U8, 1, 20),
359 [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
360 NLA_POLICY_EXACT_LEN(8),
361 [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
362 NLA_POLICY_EXACT_LEN(8),
363 [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
364};
365
366static const struct nla_policy
367he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
368 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
369 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
370 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
371};
372
373static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
374 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
375 .len = NL80211_MAX_SUPP_RATES },
376 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
377 .len = NL80211_MAX_SUPP_HT_RATES },
378 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
379 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
380 [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
381 [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8,
382 NL80211_RATE_INFO_HE_GI_0_8,
383 NL80211_RATE_INFO_HE_GI_3_2),
384 [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
385 NL80211_RATE_INFO_HE_1XLTF,
386 NL80211_RATE_INFO_HE_4XLTF),
387};
388
389static const struct nla_policy
390nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
391 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
392 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
393 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
394 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
395 [NL80211_TID_CONFIG_ATTR_NOACK] =
396 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
397 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
398 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
399 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
400 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
401 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
402 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
403 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
404 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
405 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
406 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
407 [NL80211_TID_CONFIG_ATTR_TX_RATE] =
408 NLA_POLICY_NESTED(nl80211_txattr_policy),
409};
410
411static const struct nla_policy
412nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
413 [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
414 [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
415 [NL80211_FILS_DISCOVERY_ATTR_TMPL] =
416 NLA_POLICY_RANGE(NLA_BINARY,
417 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
418 IEEE80211_MAX_DATA_LEN),
419};
420
421static const struct nla_policy
422nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
423 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
424 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
425 .len = IEEE80211_MAX_DATA_LEN }
426};
427
428static const struct nla_policy
429sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
430 [NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
431 [NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
432};
433
434static const struct nla_policy
435sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
436 [NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
437 [NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
438};
439
440static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
441 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
442 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
443 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
444 .len = 20-1 },
445 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
446
447 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
448 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
449 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
450 NL80211_EDMG_CHANNELS_MIN,
451 NL80211_EDMG_CHANNELS_MAX),
452 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
453 NL80211_EDMG_BW_CONFIG_MIN,
454 NL80211_EDMG_BW_CONFIG_MAX),
455
456 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
457 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
458 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
459 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
460
461 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
462 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
463 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
464 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
465 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
466 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
467
468 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
469 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
470 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
471
472 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
473 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
474
475 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
476 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
477 .len = WLAN_MAX_KEY_LEN },
478 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
479 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
480 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
481 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
482 [NL80211_ATTR_KEY_TYPE] =
483 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
484
485 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
486 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
487 [NL80211_ATTR_BEACON_HEAD] =
488 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
489 IEEE80211_MAX_DATA_LEN),
490 [NL80211_ATTR_BEACON_TAIL] =
491 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
492 IEEE80211_MAX_DATA_LEN),
493 [NL80211_ATTR_STA_AID] =
494 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
495 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
496 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
497 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
498 .len = NL80211_MAX_SUPP_RATES },
499 [NL80211_ATTR_STA_PLINK_ACTION] =
500 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
501 [NL80211_ATTR_STA_TX_POWER_SETTING] =
502 NLA_POLICY_RANGE(NLA_U8,
503 NL80211_TX_POWER_AUTOMATIC,
504 NL80211_TX_POWER_FIXED),
505 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
506 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
507 [NL80211_ATTR_MNTR_FLAGS] = { },
508 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
509 .len = IEEE80211_MAX_MESH_ID_LEN },
510 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
511
512 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
513 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
514
515 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
516 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
517 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
518 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
519 .len = NL80211_MAX_SUPP_RATES },
520 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
521
522 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
523 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
524
525 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
526
527 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
528 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
529 validate_ie_attr,
530 IEEE80211_MAX_DATA_LEN),
531 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
532 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
533
534 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
535 .len = IEEE80211_MAX_SSID_LEN },
536 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
537 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
538 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
539 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
540 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
541 NL80211_MFP_NO,
542 NL80211_MFP_OPTIONAL),
543 [NL80211_ATTR_STA_FLAGS2] = {
544 .len = sizeof(struct nl80211_sta_flag_update),
545 },
546 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
547 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
548 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
549 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
550 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
551 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
552 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
553 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
554 [NL80211_ATTR_PID] = { .type = NLA_U32 },
555 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
556 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
557 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
558 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
559 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
560 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
561 .len = IEEE80211_MAX_DATA_LEN },
562 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
563 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
564 NL80211_PS_DISABLED,
565 NL80211_PS_ENABLED),
566 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
567 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
568 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
569 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
570 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
571 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
572 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
573 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
574 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
575 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
576 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
577 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
578 [NL80211_ATTR_STA_PLINK_STATE] =
579 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
580 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
581 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
582 [NL80211_ATTR_MESH_PEER_AID] =
583 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
584 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
585 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
586 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
587 [NL80211_ATTR_HIDDEN_SSID] =
588 NLA_POLICY_RANGE(NLA_U32,
589 NL80211_HIDDEN_SSID_NOT_IN_USE,
590 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
591 [NL80211_ATTR_IE_PROBE_RESP] =
592 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
593 IEEE80211_MAX_DATA_LEN),
594 [NL80211_ATTR_IE_ASSOC_RESP] =
595 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
596 IEEE80211_MAX_DATA_LEN),
597 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
598 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
599 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
600 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
601 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
602 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
603 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
604 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
605 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
606 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
607 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
608 .len = IEEE80211_MAX_DATA_LEN },
609 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
610 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
611 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
612 .len = NL80211_HT_CAPABILITY_LEN
613 },
614 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
615 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
616 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
617 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
618 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
619
620
621 [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
622
623 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
624 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
625 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
626 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
627 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
628 NLA_POLICY_RANGE(NLA_U32,
629 NL80211_MESH_POWER_UNKNOWN + 1,
630 NL80211_MESH_POWER_MAX),
631 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
632 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
633 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
634 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
635 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
636 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
637 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
638 .len = NL80211_VHT_CAPABILITY_LEN,
639 },
640 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
641 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
642 .len = IEEE80211_MAX_DATA_LEN },
643 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
644 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
645 NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
646 [NL80211_ATTR_PEER_AID] =
647 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
648 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
649 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
650 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
651 [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
652 [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
653 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
654
655
656
657
658 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
659 NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
660 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
661 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
662 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
663 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
664 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
665 [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
666 IEEE80211_QOS_MAP_LEN_MIN,
667 IEEE80211_QOS_MAP_LEN_MAX),
668 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
669 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
670 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
671 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
672 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
673 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
674 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
675 [NL80211_ATTR_USER_PRIO] =
676 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
677 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
678 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
679 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
680 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
681 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
682 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
683 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
684 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
685 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
686 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
687 [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
688 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
689 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
690 .len = VHT_MUMIMO_GROUPS_DATA_LEN
691 },
692 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
693 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
694 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
695 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
696 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
697 .len = FILS_MAX_KEK_LEN },
698 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
699 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
700 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
701 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
702 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
703 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
704 },
705 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
706 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
707 .len = FILS_ERP_MAX_USERNAME_LEN },
708 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
709 .len = FILS_ERP_MAX_REALM_LEN },
710 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
711 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
712 .len = FILS_ERP_MAX_RRK_LEN },
713 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
714 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
715 [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
716 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
717 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
718
719 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
720 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
721 [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
722 [NL80211_ATTR_HE_CAPABILITY] =
723 NLA_POLICY_RANGE(NLA_BINARY,
724 NL80211_HE_MIN_CAPABILITY_LEN,
725 NL80211_HE_MAX_CAPABILITY_LEN),
726 [NL80211_ATTR_FTM_RESPONDER] =
727 NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
728 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
729 [NL80211_ATTR_PEER_MEASUREMENTS] =
730 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
731 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
732 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
733 .len = SAE_PASSWORD_MAX_LEN },
734 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
735 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
736 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
737 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
738 [NL80211_ATTR_TID_CONFIG] =
739 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
740 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
741 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
742 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
743 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
744 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
745 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
746 [NL80211_ATTR_HE_6GHZ_CAPABILITY] =
747 NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
748 [NL80211_ATTR_FILS_DISCOVERY] =
749 NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
750 [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
751 NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
752 [NL80211_ATTR_S1G_CAPABILITY] =
753 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
754 [NL80211_ATTR_S1G_CAPABILITY_MASK] =
755 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
756 [NL80211_ATTR_SAE_PWE] =
757 NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
758 NL80211_SAE_PWE_BOTH),
759 [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
760 [NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
761 [NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG },
762};
763
764
765static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
766 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
767 [NL80211_KEY_IDX] = { .type = NLA_U8 },
768 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
769 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
770 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
771 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
772 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
773 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
774 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
775};
776
777
778static const struct nla_policy
779nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
780 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
781 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
782};
783
784#ifdef CONFIG_PM
785
786static const struct nla_policy
787nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
788 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
789 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
790 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
791 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
792 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
793 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
794 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
795 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
796 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
797 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
798};
799
800static const struct nla_policy
801nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
802 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
803 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
804 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
805 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
806 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
807 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
808 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
809 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
810 },
811 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
812 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
813 },
814 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
815 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
816 [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
817};
818#endif
819
820
821static const struct nla_policy
822nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
823 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
824 [NL80211_ATTR_COALESCE_RULE_CONDITION] =
825 NLA_POLICY_RANGE(NLA_U32,
826 NL80211_COALESCE_CONDITION_MATCH,
827 NL80211_COALESCE_CONDITION_NO_MATCH),
828 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
829};
830
831
832static const struct nla_policy
833nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
834 [NL80211_REKEY_DATA_KEK] = {
835 .type = NLA_BINARY,
836 .len = NL80211_KEK_EXT_LEN
837 },
838 [NL80211_REKEY_DATA_KCK] = {
839 .type = NLA_BINARY,
840 .len = NL80211_KCK_EXT_LEN
841 },
842 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
843 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
844};
845
846static const struct nla_policy
847nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
848 [NL80211_BAND_2GHZ] = { .type = NLA_S32 },
849 [NL80211_BAND_5GHZ] = { .type = NLA_S32 },
850 [NL80211_BAND_6GHZ] = { .type = NLA_S32 },
851 [NL80211_BAND_60GHZ] = { .type = NLA_S32 },
852};
853
854static const struct nla_policy
855nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
856 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
857 .len = IEEE80211_MAX_SSID_LEN },
858 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
859 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
860 [NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
861 NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
862};
863
864static const struct nla_policy
865nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
866 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
867 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
868};
869
870static const struct nla_policy
871nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
872 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
873 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
874 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
875 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
876 },
877};
878
879
880static const struct nla_policy
881nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
882 [NL80211_NAN_FUNC_TYPE] =
883 NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
884 [NL80211_NAN_FUNC_SERVICE_ID] = {
885 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
886 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
887 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
888 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
889 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
890 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
891 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
892 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
893 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
894 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
895 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
896 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
897 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
898 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
899 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
900 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
901};
902
903
904static const struct nla_policy
905nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
906 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
907 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
908 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
909 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
910 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
911};
912
913
914static const struct nla_policy
915nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
916 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
917 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
918 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
919};
920
921int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
922 struct cfg80211_registered_device **rdev,
923 struct wireless_dev **wdev)
924{
925 int err;
926
927 if (!cb->args[0]) {
928 struct nlattr **attrbuf;
929
930 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
931 GFP_KERNEL);
932 if (!attrbuf)
933 return -ENOMEM;
934
935 err = nlmsg_parse_deprecated(cb->nlh,
936 GENL_HDRLEN + nl80211_fam.hdrsize,
937 attrbuf, nl80211_fam.maxattr,
938 nl80211_policy, NULL);
939 if (err) {
940 kfree(attrbuf);
941 return err;
942 }
943
944 rtnl_lock();
945 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk),
946 attrbuf);
947 kfree(attrbuf);
948 if (IS_ERR(*wdev)) {
949 rtnl_unlock();
950 return PTR_ERR(*wdev);
951 }
952 *rdev = wiphy_to_rdev((*wdev)->wiphy);
953 mutex_lock(&(*rdev)->wiphy.mtx);
954 rtnl_unlock();
955
956 cb->args[0] = (*rdev)->wiphy_idx + 1;
957 cb->args[1] = (*wdev)->identifier;
958 } else {
959
960 struct wiphy *wiphy;
961 struct wireless_dev *tmp;
962
963 rtnl_lock();
964 wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
965 if (!wiphy) {
966 rtnl_unlock();
967 return -ENODEV;
968 }
969 *rdev = wiphy_to_rdev(wiphy);
970 *wdev = NULL;
971
972 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
973 if (tmp->identifier == cb->args[1]) {
974 *wdev = tmp;
975 break;
976 }
977 }
978
979 if (!*wdev) {
980 rtnl_unlock();
981 return -ENODEV;
982 }
983 mutex_lock(&(*rdev)->wiphy.mtx);
984 rtnl_unlock();
985 }
986
987 return 0;
988}
989
990
991void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
992 int flags, u8 cmd)
993{
994
995 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
996}
997
998static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
999 const struct ieee80211_reg_rule *rule)
1000{
1001 int j;
1002 struct nlattr *nl_wmm_rules =
1003 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
1004
1005 if (!nl_wmm_rules)
1006 goto nla_put_failure;
1007
1008 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
1009 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
1010
1011 if (!nl_wmm_rule)
1012 goto nla_put_failure;
1013
1014 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
1015 rule->wmm_rule.client[j].cw_min) ||
1016 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
1017 rule->wmm_rule.client[j].cw_max) ||
1018 nla_put_u8(msg, NL80211_WMMR_AIFSN,
1019 rule->wmm_rule.client[j].aifsn) ||
1020 nla_put_u16(msg, NL80211_WMMR_TXOP,
1021 rule->wmm_rule.client[j].cot))
1022 goto nla_put_failure;
1023
1024 nla_nest_end(msg, nl_wmm_rule);
1025 }
1026 nla_nest_end(msg, nl_wmm_rules);
1027
1028 return 0;
1029
1030nla_put_failure:
1031 return -ENOBUFS;
1032}
1033
1034static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
1035 struct ieee80211_channel *chan,
1036 bool large)
1037{
1038
1039
1040
1041 if (!large && chan->flags &
1042 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
1043 return 0;
1044 if (!large && chan->freq_offset)
1045 return 0;
1046
1047 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
1048 chan->center_freq))
1049 goto nla_put_failure;
1050
1051 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
1052 goto nla_put_failure;
1053
1054 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
1055 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
1056 goto nla_put_failure;
1057 if (chan->flags & IEEE80211_CHAN_NO_IR) {
1058 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
1059 goto nla_put_failure;
1060 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
1061 goto nla_put_failure;
1062 }
1063 if (chan->flags & IEEE80211_CHAN_RADAR) {
1064 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
1065 goto nla_put_failure;
1066 if (large) {
1067 u32 time;
1068
1069 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
1070
1071 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
1072 chan->dfs_state))
1073 goto nla_put_failure;
1074 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
1075 time))
1076 goto nla_put_failure;
1077 if (nla_put_u32(msg,
1078 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
1079 chan->dfs_cac_ms))
1080 goto nla_put_failure;
1081 }
1082 }
1083
1084 if (large) {
1085 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
1086 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
1087 goto nla_put_failure;
1088 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
1089 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
1090 goto nla_put_failure;
1091 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
1092 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
1093 goto nla_put_failure;
1094 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
1095 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
1096 goto nla_put_failure;
1097 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
1098 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
1099 goto nla_put_failure;
1100 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
1101 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
1102 goto nla_put_failure;
1103 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
1104 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
1105 goto nla_put_failure;
1106 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
1107 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
1108 goto nla_put_failure;
1109 if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1110 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1111 goto nla_put_failure;
1112 if ((chan->flags & IEEE80211_CHAN_1MHZ) &&
1113 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ))
1114 goto nla_put_failure;
1115 if ((chan->flags & IEEE80211_CHAN_2MHZ) &&
1116 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ))
1117 goto nla_put_failure;
1118 if ((chan->flags & IEEE80211_CHAN_4MHZ) &&
1119 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ))
1120 goto nla_put_failure;
1121 if ((chan->flags & IEEE80211_CHAN_8MHZ) &&
1122 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ))
1123 goto nla_put_failure;
1124 if ((chan->flags & IEEE80211_CHAN_16MHZ) &&
1125 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ))
1126 goto nla_put_failure;
1127 }
1128
1129 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1130 DBM_TO_MBM(chan->max_power)))
1131 goto nla_put_failure;
1132
1133 if (large) {
1134 const struct ieee80211_reg_rule *rule =
1135 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1136
1137 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1138 if (nl80211_msg_put_wmm_rules(msg, rule))
1139 goto nla_put_failure;
1140 }
1141 }
1142
1143 return 0;
1144
1145 nla_put_failure:
1146 return -ENOBUFS;
1147}
1148
1149static bool nl80211_put_txq_stats(struct sk_buff *msg,
1150 struct cfg80211_txq_stats *txqstats,
1151 int attrtype)
1152{
1153 struct nlattr *txqattr;
1154
1155#define PUT_TXQVAL_U32(attr, memb) do { \
1156 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
1157 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1158 return false; \
1159 } while (0)
1160
1161 txqattr = nla_nest_start_noflag(msg, attrtype);
1162 if (!txqattr)
1163 return false;
1164
1165 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1166 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1167 PUT_TXQVAL_U32(FLOWS, flows);
1168 PUT_TXQVAL_U32(DROPS, drops);
1169 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1170 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1171 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1172 PUT_TXQVAL_U32(COLLISIONS, collisions);
1173 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1174 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1175 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1176 nla_nest_end(msg, txqattr);
1177
1178#undef PUT_TXQVAL_U32
1179 return true;
1180}
1181
1182
1183
1184struct key_parse {
1185 struct key_params p;
1186 int idx;
1187 int type;
1188 bool def, defmgmt, defbeacon;
1189 bool def_uni, def_multi;
1190};
1191
1192static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1193 struct key_parse *k)
1194{
1195 struct nlattr *tb[NL80211_KEY_MAX + 1];
1196 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1197 nl80211_key_policy,
1198 info->extack);
1199 if (err)
1200 return err;
1201
1202 k->def = !!tb[NL80211_KEY_DEFAULT];
1203 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1204 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1205
1206 if (k->def) {
1207 k->def_uni = true;
1208 k->def_multi = true;
1209 }
1210 if (k->defmgmt || k->defbeacon)
1211 k->def_multi = true;
1212
1213 if (tb[NL80211_KEY_IDX])
1214 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1215
1216 if (tb[NL80211_KEY_DATA]) {
1217 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1218 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1219 }
1220
1221 if (tb[NL80211_KEY_SEQ]) {
1222 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1223 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1224 }
1225
1226 if (tb[NL80211_KEY_CIPHER])
1227 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1228
1229 if (tb[NL80211_KEY_TYPE])
1230 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1231
1232 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1233 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1234
1235 err = nla_parse_nested_deprecated(kdt,
1236 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1237 tb[NL80211_KEY_DEFAULT_TYPES],
1238 nl80211_key_default_policy,
1239 info->extack);
1240 if (err)
1241 return err;
1242
1243 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1244 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1245 }
1246
1247 if (tb[NL80211_KEY_MODE])
1248 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1249
1250 return 0;
1251}
1252
1253static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1254{
1255 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1256 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1257 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1258 }
1259
1260 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1261 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1262 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1263 }
1264
1265 if (info->attrs[NL80211_ATTR_KEY_IDX])
1266 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1267
1268 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1269 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1270
1271 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1272 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1273
1274 if (k->def) {
1275 k->def_uni = true;
1276 k->def_multi = true;
1277 }
1278 if (k->defmgmt)
1279 k->def_multi = true;
1280
1281 if (info->attrs[NL80211_ATTR_KEY_TYPE])
1282 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1283
1284 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1285 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1286 int err = nla_parse_nested_deprecated(kdt,
1287 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1288 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1289 nl80211_key_default_policy,
1290 info->extack);
1291 if (err)
1292 return err;
1293
1294 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1295 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1296 }
1297
1298 return 0;
1299}
1300
1301static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1302{
1303 int err;
1304
1305 memset(k, 0, sizeof(*k));
1306 k->idx = -1;
1307 k->type = -1;
1308
1309 if (info->attrs[NL80211_ATTR_KEY])
1310 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1311 else
1312 err = nl80211_parse_key_old(info, k);
1313
1314 if (err)
1315 return err;
1316
1317 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1318 (k->defbeacon ? 1 : 0) > 1) {
1319 GENL_SET_ERR_MSG(info,
1320 "key with multiple default flags is invalid");
1321 return -EINVAL;
1322 }
1323
1324 if (k->defmgmt || k->defbeacon) {
1325 if (k->def_uni || !k->def_multi) {
1326 GENL_SET_ERR_MSG(info,
1327 "defmgmt/defbeacon key must be mcast");
1328 return -EINVAL;
1329 }
1330 }
1331
1332 if (k->idx != -1) {
1333 if (k->defmgmt) {
1334 if (k->idx < 4 || k->idx > 5) {
1335 GENL_SET_ERR_MSG(info,
1336 "defmgmt key idx not 4 or 5");
1337 return -EINVAL;
1338 }
1339 } else if (k->defbeacon) {
1340 if (k->idx < 6 || k->idx > 7) {
1341 GENL_SET_ERR_MSG(info,
1342 "defbeacon key idx not 6 or 7");
1343 return -EINVAL;
1344 }
1345 } else if (k->def) {
1346 if (k->idx < 0 || k->idx > 3) {
1347 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1348 return -EINVAL;
1349 }
1350 } else {
1351 if (k->idx < 0 || k->idx > 7) {
1352 GENL_SET_ERR_MSG(info, "key idx not 0-7");
1353 return -EINVAL;
1354 }
1355 }
1356 }
1357
1358 return 0;
1359}
1360
1361static struct cfg80211_cached_keys *
1362nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1363 struct genl_info *info, bool *no_ht)
1364{
1365 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1366 struct key_parse parse;
1367 struct nlattr *key;
1368 struct cfg80211_cached_keys *result;
1369 int rem, err, def = 0;
1370 bool have_key = false;
1371
1372 nla_for_each_nested(key, keys, rem) {
1373 have_key = true;
1374 break;
1375 }
1376
1377 if (!have_key)
1378 return NULL;
1379
1380 result = kzalloc(sizeof(*result), GFP_KERNEL);
1381 if (!result)
1382 return ERR_PTR(-ENOMEM);
1383
1384 result->def = -1;
1385
1386 nla_for_each_nested(key, keys, rem) {
1387 memset(&parse, 0, sizeof(parse));
1388 parse.idx = -1;
1389
1390 err = nl80211_parse_key_new(info, key, &parse);
1391 if (err)
1392 goto error;
1393 err = -EINVAL;
1394 if (!parse.p.key)
1395 goto error;
1396 if (parse.idx < 0 || parse.idx > 3) {
1397 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1398 goto error;
1399 }
1400 if (parse.def) {
1401 if (def) {
1402 GENL_SET_ERR_MSG(info,
1403 "only one key can be default");
1404 goto error;
1405 }
1406 def = 1;
1407 result->def = parse.idx;
1408 if (!parse.def_uni || !parse.def_multi)
1409 goto error;
1410 } else if (parse.defmgmt)
1411 goto error;
1412 err = cfg80211_validate_key_settings(rdev, &parse.p,
1413 parse.idx, false, NULL);
1414 if (err)
1415 goto error;
1416 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1417 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1418 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1419 err = -EINVAL;
1420 goto error;
1421 }
1422 result->params[parse.idx].cipher = parse.p.cipher;
1423 result->params[parse.idx].key_len = parse.p.key_len;
1424 result->params[parse.idx].key = result->data[parse.idx];
1425 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1426
1427
1428 if (no_ht)
1429 *no_ht = true;
1430 }
1431
1432 if (result->def < 0) {
1433 err = -EINVAL;
1434 GENL_SET_ERR_MSG(info, "need a default/TX key");
1435 goto error;
1436 }
1437
1438 return result;
1439 error:
1440 kfree(result);
1441 return ERR_PTR(err);
1442}
1443
1444static int nl80211_key_allowed(struct wireless_dev *wdev)
1445{
1446 ASSERT_WDEV_LOCK(wdev);
1447
1448 switch (wdev->iftype) {
1449 case NL80211_IFTYPE_AP:
1450 case NL80211_IFTYPE_AP_VLAN:
1451 case NL80211_IFTYPE_P2P_GO:
1452 case NL80211_IFTYPE_MESH_POINT:
1453 break;
1454 case NL80211_IFTYPE_ADHOC:
1455 case NL80211_IFTYPE_STATION:
1456 case NL80211_IFTYPE_P2P_CLIENT:
1457 if (!wdev->current_bss)
1458 return -ENOLINK;
1459 break;
1460 case NL80211_IFTYPE_UNSPECIFIED:
1461 case NL80211_IFTYPE_OCB:
1462 case NL80211_IFTYPE_MONITOR:
1463 case NL80211_IFTYPE_NAN:
1464 case NL80211_IFTYPE_P2P_DEVICE:
1465 case NL80211_IFTYPE_WDS:
1466 case NUM_NL80211_IFTYPES:
1467 return -EINVAL;
1468 }
1469
1470 return 0;
1471}
1472
1473static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1474 u32 freq)
1475{
1476 struct ieee80211_channel *chan;
1477
1478 chan = ieee80211_get_channel_khz(wiphy, freq);
1479 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1480 return NULL;
1481 return chan;
1482}
1483
1484static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1485{
1486 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1487 int i;
1488
1489 if (!nl_modes)
1490 goto nla_put_failure;
1491
1492 i = 0;
1493 while (ifmodes) {
1494 if ((ifmodes & 1) && nla_put_flag(msg, i))
1495 goto nla_put_failure;
1496 ifmodes >>= 1;
1497 i++;
1498 }
1499
1500 nla_nest_end(msg, nl_modes);
1501 return 0;
1502
1503nla_put_failure:
1504 return -ENOBUFS;
1505}
1506
1507static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1508 struct sk_buff *msg,
1509 bool large)
1510{
1511 struct nlattr *nl_combis;
1512 int i, j;
1513
1514 nl_combis = nla_nest_start_noflag(msg,
1515 NL80211_ATTR_INTERFACE_COMBINATIONS);
1516 if (!nl_combis)
1517 goto nla_put_failure;
1518
1519 for (i = 0; i < wiphy->n_iface_combinations; i++) {
1520 const struct ieee80211_iface_combination *c;
1521 struct nlattr *nl_combi, *nl_limits;
1522
1523 c = &wiphy->iface_combinations[i];
1524
1525 nl_combi = nla_nest_start_noflag(msg, i + 1);
1526 if (!nl_combi)
1527 goto nla_put_failure;
1528
1529 nl_limits = nla_nest_start_noflag(msg,
1530 NL80211_IFACE_COMB_LIMITS);
1531 if (!nl_limits)
1532 goto nla_put_failure;
1533
1534 for (j = 0; j < c->n_limits; j++) {
1535 struct nlattr *nl_limit;
1536
1537 nl_limit = nla_nest_start_noflag(msg, j + 1);
1538 if (!nl_limit)
1539 goto nla_put_failure;
1540 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1541 c->limits[j].max))
1542 goto nla_put_failure;
1543 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1544 c->limits[j].types))
1545 goto nla_put_failure;
1546 nla_nest_end(msg, nl_limit);
1547 }
1548
1549 nla_nest_end(msg, nl_limits);
1550
1551 if (c->beacon_int_infra_match &&
1552 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1553 goto nla_put_failure;
1554 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1555 c->num_different_channels) ||
1556 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1557 c->max_interfaces))
1558 goto nla_put_failure;
1559 if (large &&
1560 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1561 c->radar_detect_widths) ||
1562 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1563 c->radar_detect_regions)))
1564 goto nla_put_failure;
1565 if (c->beacon_int_min_gcd &&
1566 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1567 c->beacon_int_min_gcd))
1568 goto nla_put_failure;
1569
1570 nla_nest_end(msg, nl_combi);
1571 }
1572
1573 nla_nest_end(msg, nl_combis);
1574
1575 return 0;
1576nla_put_failure:
1577 return -ENOBUFS;
1578}
1579
1580#ifdef CONFIG_PM
1581static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1582 struct sk_buff *msg)
1583{
1584 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1585 struct nlattr *nl_tcp;
1586
1587 if (!tcp)
1588 return 0;
1589
1590 nl_tcp = nla_nest_start_noflag(msg,
1591 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1592 if (!nl_tcp)
1593 return -ENOBUFS;
1594
1595 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1596 tcp->data_payload_max))
1597 return -ENOBUFS;
1598
1599 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1600 tcp->data_payload_max))
1601 return -ENOBUFS;
1602
1603 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1604 return -ENOBUFS;
1605
1606 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1607 sizeof(*tcp->tok), tcp->tok))
1608 return -ENOBUFS;
1609
1610 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1611 tcp->data_interval_max))
1612 return -ENOBUFS;
1613
1614 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1615 tcp->wake_payload_max))
1616 return -ENOBUFS;
1617
1618 nla_nest_end(msg, nl_tcp);
1619 return 0;
1620}
1621
1622static int nl80211_send_wowlan(struct sk_buff *msg,
1623 struct cfg80211_registered_device *rdev,
1624 bool large)
1625{
1626 struct nlattr *nl_wowlan;
1627
1628 if (!rdev->wiphy.wowlan)
1629 return 0;
1630
1631 nl_wowlan = nla_nest_start_noflag(msg,
1632 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1633 if (!nl_wowlan)
1634 return -ENOBUFS;
1635
1636 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1637 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1638 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1639 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1640 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1641 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1642 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1643 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1644 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1645 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1646 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1647 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1648 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1649 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1650 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1651 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1652 return -ENOBUFS;
1653
1654 if (rdev->wiphy.wowlan->n_patterns) {
1655 struct nl80211_pattern_support pat = {
1656 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1657 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1658 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1659 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1660 };
1661
1662 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1663 sizeof(pat), &pat))
1664 return -ENOBUFS;
1665 }
1666
1667 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1668 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1669 rdev->wiphy.wowlan->max_nd_match_sets))
1670 return -ENOBUFS;
1671
1672 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1673 return -ENOBUFS;
1674
1675 nla_nest_end(msg, nl_wowlan);
1676
1677 return 0;
1678}
1679#endif
1680
1681static int nl80211_send_coalesce(struct sk_buff *msg,
1682 struct cfg80211_registered_device *rdev)
1683{
1684 struct nl80211_coalesce_rule_support rule;
1685
1686 if (!rdev->wiphy.coalesce)
1687 return 0;
1688
1689 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1690 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1691 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1692 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1693 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1694 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1695
1696 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1697 return -ENOBUFS;
1698
1699 return 0;
1700}
1701
1702static int
1703nl80211_send_iftype_data(struct sk_buff *msg,
1704 const struct ieee80211_supported_band *sband,
1705 const struct ieee80211_sband_iftype_data *iftdata)
1706{
1707 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1708
1709 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1710 iftdata->types_mask))
1711 return -ENOBUFS;
1712
1713 if (he_cap->has_he) {
1714 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1715 sizeof(he_cap->he_cap_elem.mac_cap_info),
1716 he_cap->he_cap_elem.mac_cap_info) ||
1717 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1718 sizeof(he_cap->he_cap_elem.phy_cap_info),
1719 he_cap->he_cap_elem.phy_cap_info) ||
1720 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1721 sizeof(he_cap->he_mcs_nss_supp),
1722 &he_cap->he_mcs_nss_supp) ||
1723 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1724 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1725 return -ENOBUFS;
1726 }
1727
1728 if (sband->band == NL80211_BAND_6GHZ &&
1729 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
1730 sizeof(iftdata->he_6ghz_capa),
1731 &iftdata->he_6ghz_capa))
1732 return -ENOBUFS;
1733
1734 if (iftdata->vendor_elems.data && iftdata->vendor_elems.len &&
1735 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS,
1736 iftdata->vendor_elems.len, iftdata->vendor_elems.data))
1737 return -ENOBUFS;
1738
1739 return 0;
1740}
1741
1742static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1743 struct ieee80211_supported_band *sband,
1744 bool large)
1745{
1746 struct nlattr *nl_rates, *nl_rate;
1747 struct ieee80211_rate *rate;
1748 int i;
1749
1750
1751 if (sband->ht_cap.ht_supported &&
1752 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1753 sizeof(sband->ht_cap.mcs),
1754 &sband->ht_cap.mcs) ||
1755 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1756 sband->ht_cap.cap) ||
1757 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1758 sband->ht_cap.ampdu_factor) ||
1759 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1760 sband->ht_cap.ampdu_density)))
1761 return -ENOBUFS;
1762
1763
1764 if (sband->vht_cap.vht_supported &&
1765 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1766 sizeof(sband->vht_cap.vht_mcs),
1767 &sband->vht_cap.vht_mcs) ||
1768 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1769 sband->vht_cap.cap)))
1770 return -ENOBUFS;
1771
1772 if (large && sband->n_iftype_data) {
1773 struct nlattr *nl_iftype_data =
1774 nla_nest_start_noflag(msg,
1775 NL80211_BAND_ATTR_IFTYPE_DATA);
1776 int err;
1777
1778 if (!nl_iftype_data)
1779 return -ENOBUFS;
1780
1781 for (i = 0; i < sband->n_iftype_data; i++) {
1782 struct nlattr *iftdata;
1783
1784 iftdata = nla_nest_start_noflag(msg, i + 1);
1785 if (!iftdata)
1786 return -ENOBUFS;
1787
1788 err = nl80211_send_iftype_data(msg, sband,
1789 &sband->iftype_data[i]);
1790 if (err)
1791 return err;
1792
1793 nla_nest_end(msg, iftdata);
1794 }
1795
1796 nla_nest_end(msg, nl_iftype_data);
1797 }
1798
1799
1800 if (large && sband->edmg_cap.channels &&
1801 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1802 sband->edmg_cap.channels) ||
1803 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1804 sband->edmg_cap.bw_config)))
1805
1806 return -ENOBUFS;
1807
1808
1809 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1810 if (!nl_rates)
1811 return -ENOBUFS;
1812
1813 for (i = 0; i < sband->n_bitrates; i++) {
1814 nl_rate = nla_nest_start_noflag(msg, i);
1815 if (!nl_rate)
1816 return -ENOBUFS;
1817
1818 rate = &sband->bitrates[i];
1819 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1820 rate->bitrate))
1821 return -ENOBUFS;
1822 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1823 nla_put_flag(msg,
1824 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1825 return -ENOBUFS;
1826
1827 nla_nest_end(msg, nl_rate);
1828 }
1829
1830 nla_nest_end(msg, nl_rates);
1831
1832 return 0;
1833}
1834
1835static int
1836nl80211_send_mgmt_stypes(struct sk_buff *msg,
1837 const struct ieee80211_txrx_stypes *mgmt_stypes)
1838{
1839 u16 stypes;
1840 struct nlattr *nl_ftypes, *nl_ifs;
1841 enum nl80211_iftype ift;
1842 int i;
1843
1844 if (!mgmt_stypes)
1845 return 0;
1846
1847 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1848 if (!nl_ifs)
1849 return -ENOBUFS;
1850
1851 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1852 nl_ftypes = nla_nest_start_noflag(msg, ift);
1853 if (!nl_ftypes)
1854 return -ENOBUFS;
1855 i = 0;
1856 stypes = mgmt_stypes[ift].tx;
1857 while (stypes) {
1858 if ((stypes & 1) &&
1859 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1860 (i << 4) | IEEE80211_FTYPE_MGMT))
1861 return -ENOBUFS;
1862 stypes >>= 1;
1863 i++;
1864 }
1865 nla_nest_end(msg, nl_ftypes);
1866 }
1867
1868 nla_nest_end(msg, nl_ifs);
1869
1870 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1871 if (!nl_ifs)
1872 return -ENOBUFS;
1873
1874 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1875 nl_ftypes = nla_nest_start_noflag(msg, ift);
1876 if (!nl_ftypes)
1877 return -ENOBUFS;
1878 i = 0;
1879 stypes = mgmt_stypes[ift].rx;
1880 while (stypes) {
1881 if ((stypes & 1) &&
1882 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1883 (i << 4) | IEEE80211_FTYPE_MGMT))
1884 return -ENOBUFS;
1885 stypes >>= 1;
1886 i++;
1887 }
1888 nla_nest_end(msg, nl_ftypes);
1889 }
1890 nla_nest_end(msg, nl_ifs);
1891
1892 return 0;
1893}
1894
1895#define CMD(op, n) \
1896 do { \
1897 if (rdev->ops->op) { \
1898 i++; \
1899 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1900 goto nla_put_failure; \
1901 } \
1902 } while (0)
1903
1904static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1905 struct sk_buff *msg)
1906{
1907 int i = 0;
1908
1909
1910
1911
1912
1913
1914 CMD(add_virtual_intf, NEW_INTERFACE);
1915 CMD(change_virtual_intf, SET_INTERFACE);
1916 CMD(add_key, NEW_KEY);
1917 CMD(start_ap, START_AP);
1918 CMD(add_station, NEW_STATION);
1919 CMD(add_mpath, NEW_MPATH);
1920 CMD(update_mesh_config, SET_MESH_CONFIG);
1921 CMD(change_bss, SET_BSS);
1922 CMD(auth, AUTHENTICATE);
1923 CMD(assoc, ASSOCIATE);
1924 CMD(deauth, DEAUTHENTICATE);
1925 CMD(disassoc, DISASSOCIATE);
1926 CMD(join_ibss, JOIN_IBSS);
1927 CMD(join_mesh, JOIN_MESH);
1928 CMD(set_pmksa, SET_PMKSA);
1929 CMD(del_pmksa, DEL_PMKSA);
1930 CMD(flush_pmksa, FLUSH_PMKSA);
1931 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1932 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1933 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1934 CMD(mgmt_tx, FRAME);
1935 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1936 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1937 i++;
1938 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1939 goto nla_put_failure;
1940 }
1941 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1942 rdev->ops->join_mesh) {
1943 i++;
1944 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1945 goto nla_put_failure;
1946 }
1947 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1948 CMD(tdls_mgmt, TDLS_MGMT);
1949 CMD(tdls_oper, TDLS_OPER);
1950 }
1951 if (rdev->wiphy.max_sched_scan_reqs)
1952 CMD(sched_scan_start, START_SCHED_SCAN);
1953 CMD(probe_client, PROBE_CLIENT);
1954 CMD(set_noack_map, SET_NOACK_MAP);
1955 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1956 i++;
1957 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1958 goto nla_put_failure;
1959 }
1960 CMD(start_p2p_device, START_P2P_DEVICE);
1961 CMD(set_mcast_rate, SET_MCAST_RATE);
1962#ifdef CONFIG_NL80211_TESTMODE
1963 CMD(testmode_cmd, TESTMODE);
1964#endif
1965
1966 if (rdev->ops->connect || rdev->ops->auth) {
1967 i++;
1968 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1969 goto nla_put_failure;
1970 }
1971
1972 if (rdev->ops->disconnect || rdev->ops->deauth) {
1973 i++;
1974 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1975 goto nla_put_failure;
1976 }
1977
1978 return i;
1979 nla_put_failure:
1980 return -ENOBUFS;
1981}
1982
1983static int
1984nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1985 struct sk_buff *msg)
1986{
1987 struct nlattr *ftm;
1988
1989 if (!cap->ftm.supported)
1990 return 0;
1991
1992 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1993 if (!ftm)
1994 return -ENOBUFS;
1995
1996 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1997 return -ENOBUFS;
1998 if (cap->ftm.non_asap &&
1999 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
2000 return -ENOBUFS;
2001 if (cap->ftm.request_lci &&
2002 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
2003 return -ENOBUFS;
2004 if (cap->ftm.request_civicloc &&
2005 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
2006 return -ENOBUFS;
2007 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
2008 cap->ftm.preambles))
2009 return -ENOBUFS;
2010 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
2011 cap->ftm.bandwidths))
2012 return -ENOBUFS;
2013 if (cap->ftm.max_bursts_exponent >= 0 &&
2014 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
2015 cap->ftm.max_bursts_exponent))
2016 return -ENOBUFS;
2017 if (cap->ftm.max_ftms_per_burst &&
2018 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
2019 cap->ftm.max_ftms_per_burst))
2020 return -ENOBUFS;
2021 if (cap->ftm.trigger_based &&
2022 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
2023 return -ENOBUFS;
2024 if (cap->ftm.non_trigger_based &&
2025 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
2026 return -ENOBUFS;
2027
2028 nla_nest_end(msg, ftm);
2029 return 0;
2030}
2031
2032static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
2033 struct sk_buff *msg)
2034{
2035 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
2036 struct nlattr *pmsr, *caps;
2037
2038 if (!cap)
2039 return 0;
2040
2041
2042
2043
2044
2045
2046 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
2047 if (!pmsr)
2048 return -ENOBUFS;
2049
2050 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
2051 return -ENOBUFS;
2052
2053 if (cap->report_ap_tsf &&
2054 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
2055 return -ENOBUFS;
2056
2057 if (cap->randomize_mac_addr &&
2058 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
2059 return -ENOBUFS;
2060
2061 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
2062 if (!caps)
2063 return -ENOBUFS;
2064
2065 if (nl80211_send_pmsr_ftm_capa(cap, msg))
2066 return -ENOBUFS;
2067
2068 nla_nest_end(msg, caps);
2069 nla_nest_end(msg, pmsr);
2070
2071 return 0;
2072}
2073
2074static int
2075nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
2076 struct sk_buff *msg)
2077{
2078 int i;
2079 struct nlattr *nested, *nested_akms;
2080 const struct wiphy_iftype_akm_suites *iftype_akms;
2081
2082 if (!rdev->wiphy.num_iftype_akm_suites ||
2083 !rdev->wiphy.iftype_akm_suites)
2084 return 0;
2085
2086 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
2087 if (!nested)
2088 return -ENOBUFS;
2089
2090 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
2091 nested_akms = nla_nest_start(msg, i + 1);
2092 if (!nested_akms)
2093 return -ENOBUFS;
2094
2095 iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
2096
2097 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
2098 iftype_akms->iftypes_mask))
2099 return -ENOBUFS;
2100
2101 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
2102 sizeof(u32) * iftype_akms->n_akm_suites,
2103 iftype_akms->akm_suites)) {
2104 return -ENOBUFS;
2105 }
2106 nla_nest_end(msg, nested_akms);
2107 }
2108
2109 nla_nest_end(msg, nested);
2110
2111 return 0;
2112}
2113
2114static int
2115nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
2116 struct sk_buff *msg)
2117{
2118 struct nlattr *supp;
2119
2120 if (!rdev->wiphy.tid_config_support.vif &&
2121 !rdev->wiphy.tid_config_support.peer)
2122 return 0;
2123
2124 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
2125 if (!supp)
2126 return -ENOSPC;
2127
2128 if (rdev->wiphy.tid_config_support.vif &&
2129 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
2130 rdev->wiphy.tid_config_support.vif,
2131 NL80211_TID_CONFIG_ATTR_PAD))
2132 goto fail;
2133
2134 if (rdev->wiphy.tid_config_support.peer &&
2135 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
2136 rdev->wiphy.tid_config_support.peer,
2137 NL80211_TID_CONFIG_ATTR_PAD))
2138 goto fail;
2139
2140
2141 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2142 rdev->wiphy.tid_config_support.max_retry))
2143 goto fail;
2144 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2145 rdev->wiphy.tid_config_support.max_retry))
2146 goto fail;
2147
2148 nla_nest_end(msg, supp);
2149
2150 return 0;
2151fail:
2152 nla_nest_cancel(msg, supp);
2153 return -ENOBUFS;
2154}
2155
2156static int
2157nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
2158 struct sk_buff *msg)
2159{
2160 struct nlattr *sar_capa, *specs, *sub_freq_range;
2161 u8 num_freq_ranges;
2162 int i;
2163
2164 if (!rdev->wiphy.sar_capa)
2165 return 0;
2166
2167 num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
2168
2169 sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
2170 if (!sar_capa)
2171 return -ENOSPC;
2172
2173 if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
2174 goto fail;
2175
2176 specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
2177 if (!specs)
2178 goto fail;
2179
2180
2181 for (i = 0; i < num_freq_ranges; i++) {
2182 sub_freq_range = nla_nest_start(msg, i + 1);
2183 if (!sub_freq_range)
2184 goto fail;
2185
2186 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
2187 rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
2188 goto fail;
2189
2190 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
2191 rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
2192 goto fail;
2193
2194 nla_nest_end(msg, sub_freq_range);
2195 }
2196
2197 nla_nest_end(msg, specs);
2198 nla_nest_end(msg, sar_capa);
2199
2200 return 0;
2201fail:
2202 nla_nest_cancel(msg, sar_capa);
2203 return -ENOBUFS;
2204}
2205
2206struct nl80211_dump_wiphy_state {
2207 s64 filter_wiphy;
2208 long start;
2209 long split_start, band_start, chan_start, capa_start;
2210 bool split;
2211};
2212
2213static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2214 enum nl80211_commands cmd,
2215 struct sk_buff *msg, u32 portid, u32 seq,
2216 int flags, struct nl80211_dump_wiphy_state *state)
2217{
2218 void *hdr;
2219 struct nlattr *nl_bands, *nl_band;
2220 struct nlattr *nl_freqs, *nl_freq;
2221 struct nlattr *nl_cmds;
2222 enum nl80211_band band;
2223 struct ieee80211_channel *chan;
2224 int i;
2225 const struct ieee80211_txrx_stypes *mgmt_stypes =
2226 rdev->wiphy.mgmt_stypes;
2227 u32 features;
2228
2229 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2230 if (!hdr)
2231 return -ENOBUFS;
2232
2233 if (WARN_ON(!state))
2234 return -EINVAL;
2235
2236 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2237 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2238 wiphy_name(&rdev->wiphy)) ||
2239 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2240 cfg80211_rdev_list_generation))
2241 goto nla_put_failure;
2242
2243 if (cmd != NL80211_CMD_NEW_WIPHY)
2244 goto finish;
2245
2246 switch (state->split_start) {
2247 case 0:
2248 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2249 rdev->wiphy.retry_short) ||
2250 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2251 rdev->wiphy.retry_long) ||
2252 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2253 rdev->wiphy.frag_threshold) ||
2254 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2255 rdev->wiphy.rts_threshold) ||
2256 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2257 rdev->wiphy.coverage_class) ||
2258 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2259 rdev->wiphy.max_scan_ssids) ||
2260 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2261 rdev->wiphy.max_sched_scan_ssids) ||
2262 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2263 rdev->wiphy.max_scan_ie_len) ||
2264 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2265 rdev->wiphy.max_sched_scan_ie_len) ||
2266 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2267 rdev->wiphy.max_match_sets))
2268 goto nla_put_failure;
2269
2270 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2271 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2272 goto nla_put_failure;
2273 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2274 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2275 goto nla_put_failure;
2276 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2277 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2278 goto nla_put_failure;
2279 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2280 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2281 goto nla_put_failure;
2282 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2283 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2284 goto nla_put_failure;
2285 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2286 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2287 goto nla_put_failure;
2288 state->split_start++;
2289 if (state->split)
2290 break;
2291 fallthrough;
2292 case 1:
2293 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2294 sizeof(u32) * rdev->wiphy.n_cipher_suites,
2295 rdev->wiphy.cipher_suites))
2296 goto nla_put_failure;
2297
2298 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2299 rdev->wiphy.max_num_pmkids))
2300 goto nla_put_failure;
2301
2302 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2303 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2304 goto nla_put_failure;
2305
2306 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2307 rdev->wiphy.available_antennas_tx) ||
2308 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2309 rdev->wiphy.available_antennas_rx))
2310 goto nla_put_failure;
2311
2312 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2313 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2314 rdev->wiphy.probe_resp_offload))
2315 goto nla_put_failure;
2316
2317 if ((rdev->wiphy.available_antennas_tx ||
2318 rdev->wiphy.available_antennas_rx) &&
2319 rdev->ops->get_antenna) {
2320 u32 tx_ant = 0, rx_ant = 0;
2321 int res;
2322
2323 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2324 if (!res) {
2325 if (nla_put_u32(msg,
2326 NL80211_ATTR_WIPHY_ANTENNA_TX,
2327 tx_ant) ||
2328 nla_put_u32(msg,
2329 NL80211_ATTR_WIPHY_ANTENNA_RX,
2330 rx_ant))
2331 goto nla_put_failure;
2332 }
2333 }
2334
2335 state->split_start++;
2336 if (state->split)
2337 break;
2338 fallthrough;
2339 case 2:
2340 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2341 rdev->wiphy.interface_modes))
2342 goto nla_put_failure;
2343 state->split_start++;
2344 if (state->split)
2345 break;
2346 fallthrough;
2347 case 3:
2348 nl_bands = nla_nest_start_noflag(msg,
2349 NL80211_ATTR_WIPHY_BANDS);
2350 if (!nl_bands)
2351 goto nla_put_failure;
2352
2353 for (band = state->band_start;
2354 band < (state->split ?
2355 NUM_NL80211_BANDS :
2356 NL80211_BAND_60GHZ + 1);
2357 band++) {
2358 struct ieee80211_supported_band *sband;
2359
2360
2361 if (band > NL80211_BAND_5GHZ && !state->split)
2362 break;
2363
2364 sband = rdev->wiphy.bands[band];
2365
2366 if (!sband)
2367 continue;
2368
2369 nl_band = nla_nest_start_noflag(msg, band);
2370 if (!nl_band)
2371 goto nla_put_failure;
2372
2373 switch (state->chan_start) {
2374 case 0:
2375 if (nl80211_send_band_rateinfo(msg, sband,
2376 state->split))
2377 goto nla_put_failure;
2378 state->chan_start++;
2379 if (state->split)
2380 break;
2381 fallthrough;
2382 default:
2383
2384 nl_freqs = nla_nest_start_noflag(msg,
2385 NL80211_BAND_ATTR_FREQS);
2386 if (!nl_freqs)
2387 goto nla_put_failure;
2388
2389 for (i = state->chan_start - 1;
2390 i < sband->n_channels;
2391 i++) {
2392 nl_freq = nla_nest_start_noflag(msg,
2393 i);
2394 if (!nl_freq)
2395 goto nla_put_failure;
2396
2397 chan = &sband->channels[i];
2398
2399 if (nl80211_msg_put_channel(
2400 msg, &rdev->wiphy, chan,
2401 state->split))
2402 goto nla_put_failure;
2403
2404 nla_nest_end(msg, nl_freq);
2405 if (state->split)
2406 break;
2407 }
2408 if (i < sband->n_channels)
2409 state->chan_start = i + 2;
2410 else
2411 state->chan_start = 0;
2412 nla_nest_end(msg, nl_freqs);
2413 }
2414
2415 nla_nest_end(msg, nl_band);
2416
2417 if (state->split) {
2418
2419 if (state->chan_start)
2420 band--;
2421 break;
2422 }
2423 }
2424 nla_nest_end(msg, nl_bands);
2425
2426 if (band < NUM_NL80211_BANDS)
2427 state->band_start = band + 1;
2428 else
2429 state->band_start = 0;
2430
2431
2432 if (state->band_start == 0 && state->chan_start == 0)
2433 state->split_start++;
2434 if (state->split)
2435 break;
2436 fallthrough;
2437 case 4:
2438 nl_cmds = nla_nest_start_noflag(msg,
2439 NL80211_ATTR_SUPPORTED_COMMANDS);
2440 if (!nl_cmds)
2441 goto nla_put_failure;
2442
2443 i = nl80211_add_commands_unsplit(rdev, msg);
2444 if (i < 0)
2445 goto nla_put_failure;
2446 if (state->split) {
2447 CMD(crit_proto_start, CRIT_PROTOCOL_START);
2448 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2449 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2450 CMD(channel_switch, CHANNEL_SWITCH);
2451 CMD(set_qos_map, SET_QOS_MAP);
2452 if (rdev->wiphy.features &
2453 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2454 CMD(add_tx_ts, ADD_TX_TS);
2455 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2456 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2457 CMD(update_ft_ies, UPDATE_FT_IES);
2458 if (rdev->wiphy.sar_capa)
2459 CMD(set_sar_specs, SET_SAR_SPECS);
2460 }
2461#undef CMD
2462
2463 nla_nest_end(msg, nl_cmds);
2464 state->split_start++;
2465 if (state->split)
2466 break;
2467 fallthrough;
2468 case 5:
2469 if (rdev->ops->remain_on_channel &&
2470 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2471 nla_put_u32(msg,
2472 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2473 rdev->wiphy.max_remain_on_channel_duration))
2474 goto nla_put_failure;
2475
2476 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2477 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2478 goto nla_put_failure;
2479
2480 state->split_start++;
2481 if (state->split)
2482 break;
2483 fallthrough;
2484 case 6:
2485#ifdef CONFIG_PM
2486 if (nl80211_send_wowlan(msg, rdev, state->split))
2487 goto nla_put_failure;
2488 state->split_start++;
2489 if (state->split)
2490 break;
2491#else
2492 state->split_start++;
2493#endif
2494 fallthrough;
2495 case 7:
2496 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2497 rdev->wiphy.software_iftypes))
2498 goto nla_put_failure;
2499
2500 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2501 state->split))
2502 goto nla_put_failure;
2503
2504 state->split_start++;
2505 if (state->split)
2506 break;
2507 fallthrough;
2508 case 8:
2509 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2510 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2511 rdev->wiphy.ap_sme_capa))
2512 goto nla_put_failure;
2513
2514 features = rdev->wiphy.features;
2515
2516
2517
2518
2519
2520 if (state->split)
2521 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2522 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2523 goto nla_put_failure;
2524
2525 if (rdev->wiphy.ht_capa_mod_mask &&
2526 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2527 sizeof(*rdev->wiphy.ht_capa_mod_mask),
2528 rdev->wiphy.ht_capa_mod_mask))
2529 goto nla_put_failure;
2530
2531 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2532 rdev->wiphy.max_acl_mac_addrs &&
2533 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2534 rdev->wiphy.max_acl_mac_addrs))
2535 goto nla_put_failure;
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547 if (state->split)
2548 state->split_start++;
2549 else
2550 state->split_start = 0;
2551 break;
2552 case 9:
2553 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2554 goto nla_put_failure;
2555
2556 if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
2557 rdev->wiphy.max_sched_scan_plans) ||
2558 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
2559 rdev->wiphy.max_sched_scan_plan_interval) ||
2560 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
2561 rdev->wiphy.max_sched_scan_plan_iterations))
2562 goto nla_put_failure;
2563
2564 if (rdev->wiphy.extended_capabilities &&
2565 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2566 rdev->wiphy.extended_capabilities_len,
2567 rdev->wiphy.extended_capabilities) ||
2568 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2569 rdev->wiphy.extended_capabilities_len,
2570 rdev->wiphy.extended_capabilities_mask)))
2571 goto nla_put_failure;
2572
2573 if (rdev->wiphy.vht_capa_mod_mask &&
2574 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2575 sizeof(*rdev->wiphy.vht_capa_mod_mask),
2576 rdev->wiphy.vht_capa_mod_mask))
2577 goto nla_put_failure;
2578
2579 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2580 rdev->wiphy.perm_addr))
2581 goto nla_put_failure;
2582
2583 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2584 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2585 rdev->wiphy.addr_mask))
2586 goto nla_put_failure;
2587
2588 if (rdev->wiphy.n_addresses > 1) {
2589 void *attr;
2590
2591 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2592 if (!attr)
2593 goto nla_put_failure;
2594
2595 for (i = 0; i < rdev->wiphy.n_addresses; i++)
2596 if (nla_put(msg, i + 1, ETH_ALEN,
2597 rdev->wiphy.addresses[i].addr))
2598 goto nla_put_failure;
2599
2600 nla_nest_end(msg, attr);
2601 }
2602
2603 state->split_start++;
2604 break;
2605 case 10:
2606 if (nl80211_send_coalesce(msg, rdev))
2607 goto nla_put_failure;
2608
2609 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2610 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2611 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2612 goto nla_put_failure;
2613
2614 if (rdev->wiphy.max_ap_assoc_sta &&
2615 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2616 rdev->wiphy.max_ap_assoc_sta))
2617 goto nla_put_failure;
2618
2619 state->split_start++;
2620 break;
2621 case 11:
2622 if (rdev->wiphy.n_vendor_commands) {
2623 const struct nl80211_vendor_cmd_info *info;
2624 struct nlattr *nested;
2625
2626 nested = nla_nest_start_noflag(msg,
2627 NL80211_ATTR_VENDOR_DATA);
2628 if (!nested)
2629 goto nla_put_failure;
2630
2631 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2632 info = &rdev->wiphy.vendor_commands[i].info;
2633 if (nla_put(msg, i + 1, sizeof(*info), info))
2634 goto nla_put_failure;
2635 }
2636 nla_nest_end(msg, nested);
2637 }
2638
2639 if (rdev->wiphy.n_vendor_events) {
2640 const struct nl80211_vendor_cmd_info *info;
2641 struct nlattr *nested;
2642
2643 nested = nla_nest_start_noflag(msg,
2644 NL80211_ATTR_VENDOR_EVENTS);
2645 if (!nested)
2646 goto nla_put_failure;
2647
2648 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2649 info = &rdev->wiphy.vendor_events[i];
2650 if (nla_put(msg, i + 1, sizeof(*info), info))
2651 goto nla_put_failure;
2652 }
2653 nla_nest_end(msg, nested);
2654 }
2655 state->split_start++;
2656 break;
2657 case 12:
2658 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2659 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2660 rdev->wiphy.max_num_csa_counters))
2661 goto nla_put_failure;
2662
2663 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2664 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2665 goto nla_put_failure;
2666
2667 if (rdev->wiphy.max_sched_scan_reqs &&
2668 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2669 rdev->wiphy.max_sched_scan_reqs))
2670 goto nla_put_failure;
2671
2672 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2673 sizeof(rdev->wiphy.ext_features),
2674 rdev->wiphy.ext_features))
2675 goto nla_put_failure;
2676
2677 if (rdev->wiphy.bss_select_support) {
2678 struct nlattr *nested;
2679 u32 bss_select_support = rdev->wiphy.bss_select_support;
2680
2681 nested = nla_nest_start_noflag(msg,
2682 NL80211_ATTR_BSS_SELECT);
2683 if (!nested)
2684 goto nla_put_failure;
2685
2686 i = 0;
2687 while (bss_select_support) {
2688 if ((bss_select_support & 1) &&
2689 nla_put_flag(msg, i))
2690 goto nla_put_failure;
2691 i++;
2692 bss_select_support >>= 1;
2693 }
2694 nla_nest_end(msg, nested);
2695 }
2696
2697 state->split_start++;
2698 break;
2699 case 13:
2700 if (rdev->wiphy.num_iftype_ext_capab &&
2701 rdev->wiphy.iftype_ext_capab) {
2702 struct nlattr *nested_ext_capab, *nested;
2703
2704 nested = nla_nest_start_noflag(msg,
2705 NL80211_ATTR_IFTYPE_EXT_CAPA);
2706 if (!nested)
2707 goto nla_put_failure;
2708
2709 for (i = state->capa_start;
2710 i < rdev->wiphy.num_iftype_ext_capab; i++) {
2711 const struct wiphy_iftype_ext_capab *capab;
2712
2713 capab = &rdev->wiphy.iftype_ext_capab[i];
2714
2715 nested_ext_capab = nla_nest_start_noflag(msg,
2716 i);
2717 if (!nested_ext_capab ||
2718 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2719 capab->iftype) ||
2720 nla_put(msg, NL80211_ATTR_EXT_CAPA,
2721 capab->extended_capabilities_len,
2722 capab->extended_capabilities) ||
2723 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2724 capab->extended_capabilities_len,
2725 capab->extended_capabilities_mask))
2726 goto nla_put_failure;
2727
2728 nla_nest_end(msg, nested_ext_capab);
2729 if (state->split)
2730 break;
2731 }
2732 nla_nest_end(msg, nested);
2733 if (i < rdev->wiphy.num_iftype_ext_capab) {
2734 state->capa_start = i + 1;
2735 break;
2736 }
2737 }
2738
2739 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2740 rdev->wiphy.nan_supported_bands))
2741 goto nla_put_failure;
2742
2743 if (wiphy_ext_feature_isset(&rdev->wiphy,
2744 NL80211_EXT_FEATURE_TXQS)) {
2745 struct cfg80211_txq_stats txqstats = {};
2746 int res;
2747
2748 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2749 if (!res &&
2750 !nl80211_put_txq_stats(msg, &txqstats,
2751 NL80211_ATTR_TXQ_STATS))
2752 goto nla_put_failure;
2753
2754 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2755 rdev->wiphy.txq_limit))
2756 goto nla_put_failure;
2757 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2758 rdev->wiphy.txq_memory_limit))
2759 goto nla_put_failure;
2760 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2761 rdev->wiphy.txq_quantum))
2762 goto nla_put_failure;
2763 }
2764
2765 state->split_start++;
2766 break;
2767 case 14:
2768 if (nl80211_send_pmsr_capa(rdev, msg))
2769 goto nla_put_failure;
2770
2771 state->split_start++;
2772 break;
2773 case 15:
2774 if (rdev->wiphy.akm_suites &&
2775 nla_put(msg, NL80211_ATTR_AKM_SUITES,
2776 sizeof(u32) * rdev->wiphy.n_akm_suites,
2777 rdev->wiphy.akm_suites))
2778 goto nla_put_failure;
2779
2780 if (nl80211_put_iftype_akm_suites(rdev, msg))
2781 goto nla_put_failure;
2782
2783 if (nl80211_put_tid_config_support(rdev, msg))
2784 goto nla_put_failure;
2785 state->split_start++;
2786 break;
2787 case 16:
2788 if (nl80211_put_sar_specs(rdev, msg))
2789 goto nla_put_failure;
2790
2791
2792 state->split_start = 0;
2793 break;
2794 }
2795 finish:
2796 genlmsg_end(msg, hdr);
2797 return 0;
2798
2799 nla_put_failure:
2800 genlmsg_cancel(msg, hdr);
2801 return -EMSGSIZE;
2802}
2803
2804static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2805 struct netlink_callback *cb,
2806 struct nl80211_dump_wiphy_state *state)
2807{
2808 struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
2809 int ret;
2810
2811 if (!tb)
2812 return -ENOMEM;
2813
2814 ret = nlmsg_parse_deprecated(cb->nlh,
2815 GENL_HDRLEN + nl80211_fam.hdrsize,
2816 tb, nl80211_fam.maxattr,
2817 nl80211_policy, NULL);
2818
2819 if (ret) {
2820 ret = 0;
2821 goto out;
2822 }
2823
2824 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2825 if (tb[NL80211_ATTR_WIPHY])
2826 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2827 if (tb[NL80211_ATTR_WDEV])
2828 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2829 if (tb[NL80211_ATTR_IFINDEX]) {
2830 struct net_device *netdev;
2831 struct cfg80211_registered_device *rdev;
2832 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2833
2834 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2835 if (!netdev) {
2836 ret = -ENODEV;
2837 goto out;
2838 }
2839 if (netdev->ieee80211_ptr) {
2840 rdev = wiphy_to_rdev(
2841 netdev->ieee80211_ptr->wiphy);
2842 state->filter_wiphy = rdev->wiphy_idx;
2843 }
2844 }
2845
2846 ret = 0;
2847out:
2848 kfree(tb);
2849 return ret;
2850}
2851
2852static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2853{
2854 int idx = 0, ret;
2855 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2856 struct cfg80211_registered_device *rdev;
2857
2858 rtnl_lock();
2859 if (!state) {
2860 state = kzalloc(sizeof(*state), GFP_KERNEL);
2861 if (!state) {
2862 rtnl_unlock();
2863 return -ENOMEM;
2864 }
2865 state->filter_wiphy = -1;
2866 ret = nl80211_dump_wiphy_parse(skb, cb, state);
2867 if (ret) {
2868 kfree(state);
2869 rtnl_unlock();
2870 return ret;
2871 }
2872 cb->args[0] = (long)state;
2873 }
2874
2875 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2876 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2877 continue;
2878 if (++idx <= state->start)
2879 continue;
2880 if (state->filter_wiphy != -1 &&
2881 state->filter_wiphy != rdev->wiphy_idx)
2882 continue;
2883
2884 do {
2885 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2886 skb,
2887 NETLINK_CB(cb->skb).portid,
2888 cb->nlh->nlmsg_seq,
2889 NLM_F_MULTI, state);
2890 if (ret < 0) {
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2905 !skb->len && !state->split &&
2906 cb->min_dump_alloc < 4096) {
2907 cb->min_dump_alloc = 4096;
2908 state->split_start = 0;
2909 rtnl_unlock();
2910 return 1;
2911 }
2912 idx--;
2913 break;
2914 }
2915 } while (state->split_start > 0);
2916 break;
2917 }
2918 rtnl_unlock();
2919
2920 state->start = idx;
2921
2922 return skb->len;
2923}
2924
2925static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2926{
2927 kfree((void *)cb->args[0]);
2928 return 0;
2929}
2930
2931static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2932{
2933 struct sk_buff *msg;
2934 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2935 struct nl80211_dump_wiphy_state state = {};
2936
2937 msg = nlmsg_new(4096, GFP_KERNEL);
2938 if (!msg)
2939 return -ENOMEM;
2940
2941 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2942 info->snd_portid, info->snd_seq, 0,
2943 &state) < 0) {
2944 nlmsg_free(msg);
2945 return -ENOBUFS;
2946 }
2947
2948 return genlmsg_reply(msg, info);
2949}
2950
2951static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2952 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
2953 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
2954 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
2955 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
2956 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
2957};
2958
2959static int parse_txq_params(struct nlattr *tb[],
2960 struct ieee80211_txq_params *txq_params)
2961{
2962 u8 ac;
2963
2964 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2965 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2966 !tb[NL80211_TXQ_ATTR_AIFS])
2967 return -EINVAL;
2968
2969 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2970 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2971 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2972 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2973 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2974
2975 if (ac >= NL80211_NUM_ACS)
2976 return -EINVAL;
2977 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2978 return 0;
2979}
2980
2981static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2982{
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998 return !wdev ||
2999 wdev->iftype == NL80211_IFTYPE_AP ||
3000 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
3001 wdev->iftype == NL80211_IFTYPE_MONITOR ||
3002 wdev->iftype == NL80211_IFTYPE_P2P_GO;
3003}
3004
3005int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3006 struct genl_info *info,
3007 struct cfg80211_chan_def *chandef)
3008{
3009 struct netlink_ext_ack *extack = info->extack;
3010 struct nlattr **attrs = info->attrs;
3011 u32 control_freq;
3012
3013 if (!attrs[NL80211_ATTR_WIPHY_FREQ])
3014 return -EINVAL;
3015
3016 control_freq = MHZ_TO_KHZ(
3017 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3018 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
3019 control_freq +=
3020 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
3021
3022 memset(chandef, 0, sizeof(*chandef));
3023 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
3024 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
3025 chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
3026 chandef->freq1_offset = control_freq % 1000;
3027 chandef->center_freq2 = 0;
3028
3029
3030 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
3031 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3032 "Channel is disabled");
3033 return -EINVAL;
3034 }
3035
3036 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
3037 enum nl80211_channel_type chantype;
3038
3039 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
3040
3041 switch (chantype) {
3042 case NL80211_CHAN_NO_HT:
3043 case NL80211_CHAN_HT20:
3044 case NL80211_CHAN_HT40PLUS:
3045 case NL80211_CHAN_HT40MINUS:
3046 cfg80211_chandef_create(chandef, chandef->chan,
3047 chantype);
3048
3049 if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
3050 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
3051 NL_SET_ERR_MSG_ATTR(extack,
3052 attrs[NL80211_ATTR_CENTER_FREQ1],
3053 "bad center frequency 1");
3054 return -EINVAL;
3055 }
3056
3057 if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
3058 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
3059 NL_SET_ERR_MSG_ATTR(extack,
3060 attrs[NL80211_ATTR_CENTER_FREQ2],
3061 "center frequency 2 can't be used");
3062 return -EINVAL;
3063 }
3064 break;
3065 default:
3066 NL_SET_ERR_MSG_ATTR(extack,
3067 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3068 "invalid channel type");
3069 return -EINVAL;
3070 }
3071 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
3072 chandef->width =
3073 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
3074 if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
3075 chandef->center_freq1 =
3076 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
3077 if (attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET])
3078 chandef->freq1_offset = nla_get_u32(
3079 attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]);
3080 else
3081 chandef->freq1_offset = 0;
3082 }
3083 if (attrs[NL80211_ATTR_CENTER_FREQ2])
3084 chandef->center_freq2 =
3085 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
3086 }
3087
3088 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
3089 chandef->edmg.channels =
3090 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
3091
3092 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
3093 chandef->edmg.bw_config =
3094 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
3095 } else {
3096 chandef->edmg.bw_config = 0;
3097 chandef->edmg.channels = 0;
3098 }
3099
3100 if (!cfg80211_chandef_valid(chandef)) {
3101 NL_SET_ERR_MSG(extack, "invalid channel definition");
3102 return -EINVAL;
3103 }
3104
3105 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
3106 IEEE80211_CHAN_DISABLED)) {
3107 NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
3108 return -EINVAL;
3109 }
3110
3111 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
3112 chandef->width == NL80211_CHAN_WIDTH_10) &&
3113 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
3114 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
3115 return -EINVAL;
3116 }
3117
3118 return 0;
3119}
3120
3121static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
3122 struct net_device *dev,
3123 struct genl_info *info)
3124{
3125 struct cfg80211_chan_def chandef;
3126 int result;
3127 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
3128 struct wireless_dev *wdev = NULL;
3129
3130 if (dev)
3131 wdev = dev->ieee80211_ptr;
3132 if (!nl80211_can_set_dev_channel(wdev))
3133 return -EOPNOTSUPP;
3134 if (wdev)
3135 iftype = wdev->iftype;
3136
3137 result = nl80211_parse_chandef(rdev, info, &chandef);
3138 if (result)
3139 return result;
3140
3141 switch (iftype) {
3142 case NL80211_IFTYPE_AP:
3143 case NL80211_IFTYPE_P2P_GO:
3144 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
3145 iftype)) {
3146 result = -EINVAL;
3147 break;
3148 }
3149 if (wdev->beacon_interval) {
3150 if (!dev || !rdev->ops->set_ap_chanwidth ||
3151 !(rdev->wiphy.features &
3152 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
3153 result = -EBUSY;
3154 break;
3155 }
3156
3157
3158 if (chandef.chan != wdev->preset_chandef.chan) {
3159 result = -EBUSY;
3160 break;
3161 }
3162 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
3163 if (result)
3164 break;
3165 }
3166 wdev->preset_chandef = chandef;
3167 result = 0;
3168 break;
3169 case NL80211_IFTYPE_MESH_POINT:
3170 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
3171 break;
3172 case NL80211_IFTYPE_MONITOR:
3173 result = cfg80211_set_monitor_channel(rdev, &chandef);
3174 break;
3175 default:
3176 result = -EINVAL;
3177 }
3178
3179 return result;
3180}
3181
3182static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
3183{
3184 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3185 struct net_device *netdev = info->user_ptr[1];
3186
3187 return __nl80211_set_channel(rdev, netdev, info);
3188}
3189
3190static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
3191{
3192 struct cfg80211_registered_device *rdev = NULL;
3193 struct net_device *netdev = NULL;
3194 struct wireless_dev *wdev;
3195 int result = 0, rem_txq_params = 0;
3196 struct nlattr *nl_txq_params;
3197 u32 changed;
3198 u8 retry_short = 0, retry_long = 0;
3199 u32 frag_threshold = 0, rts_threshold = 0;
3200 u8 coverage_class = 0;
3201 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3202
3203 rtnl_lock();
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214 if (info->attrs[NL80211_ATTR_IFINDEX]) {
3215 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3216
3217 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3218 if (netdev && netdev->ieee80211_ptr)
3219 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3220 else
3221 netdev = NULL;
3222 }
3223
3224 if (!netdev) {
3225 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3226 info->attrs);
3227 if (IS_ERR(rdev)) {
3228 rtnl_unlock();
3229 return PTR_ERR(rdev);
3230 }
3231 wdev = NULL;
3232 netdev = NULL;
3233 result = 0;
3234 } else
3235 wdev = netdev->ieee80211_ptr;
3236
3237 wiphy_lock(&rdev->wiphy);
3238
3239
3240
3241
3242
3243
3244 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3245 result = cfg80211_dev_rename(
3246 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3247 rtnl_unlock();
3248
3249 if (result)
3250 goto out;
3251
3252 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3253 struct ieee80211_txq_params txq_params;
3254 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3255
3256 if (!rdev->ops->set_txq_params) {
3257 result = -EOPNOTSUPP;
3258 goto out;
3259 }
3260
3261 if (!netdev) {
3262 result = -EINVAL;
3263 goto out;
3264 }
3265
3266 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3267 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3268 result = -EINVAL;
3269 goto out;
3270 }
3271
3272 if (!netif_running(netdev)) {
3273 result = -ENETDOWN;
3274 goto out;
3275 }
3276
3277 nla_for_each_nested(nl_txq_params,
3278 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3279 rem_txq_params) {
3280 result = nla_parse_nested_deprecated(tb,
3281 NL80211_TXQ_ATTR_MAX,
3282 nl_txq_params,
3283 txq_params_policy,
3284 info->extack);
3285 if (result)
3286 goto out;
3287 result = parse_txq_params(tb, &txq_params);
3288 if (result)
3289 goto out;
3290
3291 result = rdev_set_txq_params(rdev, netdev,
3292 &txq_params);
3293 if (result)
3294 goto out;
3295 }
3296 }
3297
3298 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3299 result = __nl80211_set_channel(
3300 rdev,
3301 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3302 info);
3303 if (result)
3304 goto out;
3305 }
3306
3307 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3308 struct wireless_dev *txp_wdev = wdev;
3309 enum nl80211_tx_power_setting type;
3310 int idx, mbm = 0;
3311
3312 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3313 txp_wdev = NULL;
3314
3315 if (!rdev->ops->set_tx_power) {
3316 result = -EOPNOTSUPP;
3317 goto out;
3318 }
3319
3320 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3321 type = nla_get_u32(info->attrs[idx]);
3322
3323 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
3324 (type != NL80211_TX_POWER_AUTOMATIC)) {
3325 result = -EINVAL;
3326 goto out;
3327 }
3328
3329 if (type != NL80211_TX_POWER_AUTOMATIC) {
3330 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
3331 mbm = nla_get_u32(info->attrs[idx]);
3332 }
3333
3334 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
3335 if (result)
3336 goto out;
3337 }
3338
3339 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
3340 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
3341 u32 tx_ant, rx_ant;
3342
3343 if ((!rdev->wiphy.available_antennas_tx &&
3344 !rdev->wiphy.available_antennas_rx) ||
3345 !rdev->ops->set_antenna) {
3346 result = -EOPNOTSUPP;
3347 goto out;
3348 }
3349
3350 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3351 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3352
3353
3354
3355 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3356 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
3357 result = -EINVAL;
3358 goto out;
3359 }
3360
3361 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3362 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3363
3364 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3365 if (result)
3366 goto out;
3367 }
3368
3369 changed = 0;
3370
3371 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3372 retry_short = nla_get_u8(
3373 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3374
3375 changed |= WIPHY_PARAM_RETRY_SHORT;
3376 }
3377
3378 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3379 retry_long = nla_get_u8(
3380 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3381
3382 changed |= WIPHY_PARAM_RETRY_LONG;
3383 }
3384
3385 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3386 frag_threshold = nla_get_u32(
3387 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3388 if (frag_threshold < 256) {
3389 result = -EINVAL;
3390 goto out;
3391 }
3392
3393 if (frag_threshold != (u32) -1) {
3394
3395
3396
3397
3398
3399
3400 frag_threshold &= ~0x1;
3401 }
3402 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3403 }
3404
3405 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3406 rts_threshold = nla_get_u32(
3407 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3408 changed |= WIPHY_PARAM_RTS_THRESHOLD;
3409 }
3410
3411 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3412 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3413 result = -EINVAL;
3414 goto out;
3415 }
3416
3417 coverage_class = nla_get_u8(
3418 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3419 changed |= WIPHY_PARAM_COVERAGE_CLASS;
3420 }
3421
3422 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3423 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION)) {
3424 result = -EOPNOTSUPP;
3425 goto out;
3426 }
3427
3428 changed |= WIPHY_PARAM_DYN_ACK;
3429 }
3430
3431 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3432 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3433 NL80211_EXT_FEATURE_TXQS)) {
3434 result = -EOPNOTSUPP;
3435 goto out;
3436 }
3437 txq_limit = nla_get_u32(
3438 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3439 changed |= WIPHY_PARAM_TXQ_LIMIT;
3440 }
3441
3442 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3443 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3444 NL80211_EXT_FEATURE_TXQS)) {
3445 result = -EOPNOTSUPP;
3446 goto out;
3447 }
3448 txq_memory_limit = nla_get_u32(
3449 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3450 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3451 }
3452
3453 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3454 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3455 NL80211_EXT_FEATURE_TXQS)) {
3456 result = -EOPNOTSUPP;
3457 goto out;
3458 }
3459 txq_quantum = nla_get_u32(
3460 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3461 changed |= WIPHY_PARAM_TXQ_QUANTUM;
3462 }
3463
3464 if (changed) {
3465 u8 old_retry_short, old_retry_long;
3466 u32 old_frag_threshold, old_rts_threshold;
3467 u8 old_coverage_class;
3468 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3469
3470 if (!rdev->ops->set_wiphy_params) {
3471 result = -EOPNOTSUPP;
3472 goto out;
3473 }
3474
3475 old_retry_short = rdev->wiphy.retry_short;
3476 old_retry_long = rdev->wiphy.retry_long;
3477 old_frag_threshold = rdev->wiphy.frag_threshold;
3478 old_rts_threshold = rdev->wiphy.rts_threshold;
3479 old_coverage_class = rdev->wiphy.coverage_class;
3480 old_txq_limit = rdev->wiphy.txq_limit;
3481 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3482 old_txq_quantum = rdev->wiphy.txq_quantum;
3483
3484 if (changed & WIPHY_PARAM_RETRY_SHORT)
3485 rdev->wiphy.retry_short = retry_short;
3486 if (changed & WIPHY_PARAM_RETRY_LONG)
3487 rdev->wiphy.retry_long = retry_long;
3488 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3489 rdev->wiphy.frag_threshold = frag_threshold;
3490 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3491 rdev->wiphy.rts_threshold = rts_threshold;
3492 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3493 rdev->wiphy.coverage_class = coverage_class;
3494 if (changed & WIPHY_PARAM_TXQ_LIMIT)
3495 rdev->wiphy.txq_limit = txq_limit;
3496 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3497 rdev->wiphy.txq_memory_limit = txq_memory_limit;
3498 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3499 rdev->wiphy.txq_quantum = txq_quantum;
3500
3501 result = rdev_set_wiphy_params(rdev, changed);
3502 if (result) {
3503 rdev->wiphy.retry_short = old_retry_short;
3504 rdev->wiphy.retry_long = old_retry_long;
3505 rdev->wiphy.frag_threshold = old_frag_threshold;
3506 rdev->wiphy.rts_threshold = old_rts_threshold;
3507 rdev->wiphy.coverage_class = old_coverage_class;
3508 rdev->wiphy.txq_limit = old_txq_limit;
3509 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3510 rdev->wiphy.txq_quantum = old_txq_quantum;
3511 goto out;
3512 }
3513 }
3514
3515 result = 0;
3516
3517out:
3518 wiphy_unlock(&rdev->wiphy);
3519 return result;
3520}
3521
3522static int nl80211_send_chandef(struct sk_buff *msg,
3523 const struct cfg80211_chan_def *chandef)
3524{
3525 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3526 return -EINVAL;
3527
3528 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3529 chandef->chan->center_freq))
3530 return -ENOBUFS;
3531 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
3532 chandef->chan->freq_offset))
3533 return -ENOBUFS;
3534 switch (chandef->width) {
3535 case NL80211_CHAN_WIDTH_20_NOHT:
3536 case NL80211_CHAN_WIDTH_20:
3537 case NL80211_CHAN_WIDTH_40:
3538 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3539 cfg80211_get_chandef_type(chandef)))
3540 return -ENOBUFS;
3541 break;
3542 default:
3543 break;
3544 }
3545 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3546 return -ENOBUFS;
3547 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3548 return -ENOBUFS;
3549 if (chandef->center_freq2 &&
3550 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3551 return -ENOBUFS;
3552 return 0;
3553}
3554
3555static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3556 struct cfg80211_registered_device *rdev,
3557 struct wireless_dev *wdev,
3558 enum nl80211_commands cmd)
3559{
3560 struct net_device *dev = wdev->netdev;
3561 void *hdr;
3562
3563 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3564 cmd != NL80211_CMD_DEL_INTERFACE &&
3565 cmd != NL80211_CMD_SET_INTERFACE);
3566
3567 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3568 if (!hdr)
3569 return -1;
3570
3571 if (dev &&
3572 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3573 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3574 goto nla_put_failure;
3575
3576 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3577 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3578 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3579 NL80211_ATTR_PAD) ||
3580 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3581 nla_put_u32(msg, NL80211_ATTR_GENERATION,
3582 rdev->devlist_generation ^
3583 (cfg80211_rdev_list_generation << 2)) ||
3584 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3585 goto nla_put_failure;
3586
3587 if (rdev->ops->get_channel) {
3588 int ret;
3589 struct cfg80211_chan_def chandef = {};
3590
3591 ret = rdev_get_channel(rdev, wdev, &chandef);
3592 if (ret == 0) {
3593 if (nl80211_send_chandef(msg, &chandef))
3594 goto nla_put_failure;
3595 }
3596 }
3597
3598 if (rdev->ops->get_tx_power) {
3599 int dbm, ret;
3600
3601 ret = rdev_get_tx_power(rdev, wdev, &dbm);
3602 if (ret == 0 &&
3603 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3604 DBM_TO_MBM(dbm)))
3605 goto nla_put_failure;
3606 }
3607
3608 wdev_lock(wdev);
3609 switch (wdev->iftype) {
3610 case NL80211_IFTYPE_AP:
3611 if (wdev->ssid_len &&
3612 nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3613 goto nla_put_failure_locked;
3614 break;
3615 case NL80211_IFTYPE_STATION:
3616 case NL80211_IFTYPE_P2P_CLIENT:
3617 case NL80211_IFTYPE_ADHOC: {
3618 const u8 *ssid_ie;
3619 if (!wdev->current_bss)
3620 break;
3621 rcu_read_lock();
3622 ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3623 WLAN_EID_SSID);
3624 if (ssid_ie &&
3625 nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3626 goto nla_put_failure_rcu_locked;
3627 rcu_read_unlock();
3628 break;
3629 }
3630 default:
3631
3632 break;
3633 }
3634 wdev_unlock(wdev);
3635
3636 if (rdev->ops->get_txq_stats) {
3637 struct cfg80211_txq_stats txqstats = {};
3638 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3639
3640 if (ret == 0 &&
3641 !nl80211_put_txq_stats(msg, &txqstats,
3642 NL80211_ATTR_TXQ_STATS))
3643 goto nla_put_failure;
3644 }
3645
3646 genlmsg_end(msg, hdr);
3647 return 0;
3648
3649 nla_put_failure_rcu_locked:
3650 rcu_read_unlock();
3651 nla_put_failure_locked:
3652 wdev_unlock(wdev);
3653 nla_put_failure:
3654 genlmsg_cancel(msg, hdr);
3655 return -EMSGSIZE;
3656}
3657
3658static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3659{
3660 int wp_idx = 0;
3661 int if_idx = 0;
3662 int wp_start = cb->args[0];
3663 int if_start = cb->args[1];
3664 int filter_wiphy = -1;
3665 struct cfg80211_registered_device *rdev;
3666 struct wireless_dev *wdev;
3667 int ret;
3668
3669 rtnl_lock();
3670 if (!cb->args[2]) {
3671 struct nl80211_dump_wiphy_state state = {
3672 .filter_wiphy = -1,
3673 };
3674
3675 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3676 if (ret)
3677 goto out_unlock;
3678
3679 filter_wiphy = state.filter_wiphy;
3680
3681
3682
3683
3684
3685 if (filter_wiphy >= 0)
3686 cb->args[2] = filter_wiphy + 1;
3687 else
3688 cb->args[2] = -1;
3689 } else if (cb->args[2] > 0) {
3690 filter_wiphy = cb->args[2] - 1;
3691 }
3692
3693 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3694 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3695 continue;
3696 if (wp_idx < wp_start) {
3697 wp_idx++;
3698 continue;
3699 }
3700
3701 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3702 continue;
3703
3704 if_idx = 0;
3705
3706 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3707 if (if_idx < if_start) {
3708 if_idx++;
3709 continue;
3710 }
3711 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3712 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3713 rdev, wdev,
3714 NL80211_CMD_NEW_INTERFACE) < 0) {
3715 goto out;
3716 }
3717 if_idx++;
3718 }
3719
3720 wp_idx++;
3721 }
3722 out:
3723 cb->args[0] = wp_idx;
3724 cb->args[1] = if_idx;
3725
3726 ret = skb->len;
3727 out_unlock:
3728 rtnl_unlock();
3729
3730 return ret;
3731}
3732
3733static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3734{
3735 struct sk_buff *msg;
3736 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3737 struct wireless_dev *wdev = info->user_ptr[1];
3738
3739 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3740 if (!msg)
3741 return -ENOMEM;
3742
3743 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3744 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3745 nlmsg_free(msg);
3746 return -ENOBUFS;
3747 }
3748
3749 return genlmsg_reply(msg, info);
3750}
3751
3752static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3753 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3754 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3755 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3756 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3757 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3758 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3759};
3760
3761static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3762{
3763 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3764 int flag;
3765
3766 *mntrflags = 0;
3767
3768 if (!nla)
3769 return -EINVAL;
3770
3771 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3772 return -EINVAL;
3773
3774 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3775 if (flags[flag])
3776 *mntrflags |= (1<<flag);
3777
3778 *mntrflags |= MONITOR_FLAG_CHANGED;
3779
3780 return 0;
3781}
3782
3783static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3784 enum nl80211_iftype type,
3785 struct genl_info *info,
3786 struct vif_params *params)
3787{
3788 bool change = false;
3789 int err;
3790
3791 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3792 if (type != NL80211_IFTYPE_MONITOR)
3793 return -EINVAL;
3794
3795 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3796 ¶ms->flags);
3797 if (err)
3798 return err;
3799
3800 change = true;
3801 }
3802
3803 if (params->flags & MONITOR_FLAG_ACTIVE &&
3804 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3805 return -EOPNOTSUPP;
3806
3807 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3808 const u8 *mumimo_groups;
3809 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3810
3811 if (type != NL80211_IFTYPE_MONITOR)
3812 return -EINVAL;
3813
3814 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3815 return -EOPNOTSUPP;
3816
3817 mumimo_groups =
3818 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3819
3820
3821 if ((mumimo_groups[0] & BIT(0)) ||
3822 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3823 return -EINVAL;
3824
3825 params->vht_mumimo_groups = mumimo_groups;
3826 change = true;
3827 }
3828
3829 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3830 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3831
3832 if (type != NL80211_IFTYPE_MONITOR)
3833 return -EINVAL;
3834
3835 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3836 return -EOPNOTSUPP;
3837
3838 params->vht_mumimo_follow_addr =
3839 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3840 change = true;
3841 }
3842
3843 return change ? 1 : 0;
3844}
3845
3846static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3847 struct net_device *netdev, u8 use_4addr,
3848 enum nl80211_iftype iftype)
3849{
3850 if (!use_4addr) {
3851 if (netdev && netif_is_bridge_port(netdev))
3852 return -EBUSY;
3853 return 0;
3854 }
3855
3856 switch (iftype) {
3857 case NL80211_IFTYPE_AP_VLAN:
3858 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3859 return 0;
3860 break;
3861 case NL80211_IFTYPE_STATION:
3862 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3863 return 0;
3864 break;
3865 default:
3866 break;
3867 }
3868
3869 return -EOPNOTSUPP;
3870}
3871
3872static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3873{
3874 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3875 struct vif_params params;
3876 int err;
3877 enum nl80211_iftype otype, ntype;
3878 struct net_device *dev = info->user_ptr[1];
3879 bool change = false;
3880
3881 memset(¶ms, 0, sizeof(params));
3882
3883 otype = ntype = dev->ieee80211_ptr->iftype;
3884
3885 if (info->attrs[NL80211_ATTR_IFTYPE]) {
3886 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3887 if (otype != ntype)
3888 change = true;
3889 }
3890
3891 if (info->attrs[NL80211_ATTR_MESH_ID]) {
3892 struct wireless_dev *wdev = dev->ieee80211_ptr;
3893
3894 if (ntype != NL80211_IFTYPE_MESH_POINT)
3895 return -EINVAL;
3896 if (netif_running(dev))
3897 return -EBUSY;
3898
3899 wdev_lock(wdev);
3900 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3901 IEEE80211_MAX_MESH_ID_LEN);
3902 wdev->mesh_id_up_len =
3903 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3904 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3905 wdev->mesh_id_up_len);
3906 wdev_unlock(wdev);
3907 }
3908
3909 if (info->attrs[NL80211_ATTR_4ADDR]) {
3910 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3911 change = true;
3912 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3913 if (err)
3914 return err;
3915 } else {
3916 params.use_4addr = -1;
3917 }
3918
3919 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms);
3920 if (err < 0)
3921 return err;
3922 if (err > 0)
3923 change = true;
3924
3925 if (change)
3926 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms);
3927 else
3928 err = 0;
3929
3930 if (!err && params.use_4addr != -1)
3931 dev->ieee80211_ptr->use_4addr = params.use_4addr;
3932
3933 if (change && !err) {
3934 struct wireless_dev *wdev = dev->ieee80211_ptr;
3935
3936 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3937 }
3938
3939 return err;
3940}
3941
3942static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3943{
3944 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3945 struct vif_params params;
3946 struct wireless_dev *wdev;
3947 struct sk_buff *msg;
3948 int err;
3949 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3950
3951 memset(¶ms, 0, sizeof(params));
3952
3953 if (!info->attrs[NL80211_ATTR_IFNAME])
3954 return -EINVAL;
3955
3956 if (info->attrs[NL80211_ATTR_IFTYPE])
3957 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3958
3959 if (!rdev->ops->add_virtual_intf)
3960 return -EOPNOTSUPP;
3961
3962 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3963 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3964 info->attrs[NL80211_ATTR_MAC]) {
3965 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3966 ETH_ALEN);
3967 if (!is_valid_ether_addr(params.macaddr))
3968 return -EADDRNOTAVAIL;
3969 }
3970
3971 if (info->attrs[NL80211_ATTR_4ADDR]) {
3972 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3973 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3974 if (err)
3975 return err;
3976 }
3977
3978 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3979 return -EOPNOTSUPP;
3980
3981 err = nl80211_parse_mon_options(rdev, type, info, ¶ms);
3982 if (err < 0)
3983 return err;
3984
3985 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3986 if (!msg)
3987 return -ENOMEM;
3988
3989 wdev = rdev_add_virtual_intf(rdev,
3990 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3991 NET_NAME_USER, type, ¶ms);
3992 if (WARN_ON(!wdev)) {
3993 nlmsg_free(msg);
3994 return -EPROTO;
3995 } else if (IS_ERR(wdev)) {
3996 nlmsg_free(msg);
3997 return PTR_ERR(wdev);
3998 }
3999
4000 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4001 wdev->owner_nlportid = info->snd_portid;
4002
4003 switch (type) {
4004 case NL80211_IFTYPE_MESH_POINT:
4005 if (!info->attrs[NL80211_ATTR_MESH_ID])
4006 break;
4007 wdev_lock(wdev);
4008 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
4009 IEEE80211_MAX_MESH_ID_LEN);
4010 wdev->mesh_id_up_len =
4011 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4012 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4013 wdev->mesh_id_up_len);
4014 wdev_unlock(wdev);
4015 break;
4016 case NL80211_IFTYPE_NAN:
4017 case NL80211_IFTYPE_P2P_DEVICE:
4018
4019
4020
4021
4022 cfg80211_init_wdev(wdev);
4023 cfg80211_register_wdev(rdev, wdev);
4024 break;
4025 default:
4026 break;
4027 }
4028
4029 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4030 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4031 nlmsg_free(msg);
4032 return -ENOBUFS;
4033 }
4034
4035 return genlmsg_reply(msg, info);
4036}
4037
4038static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4039{
4040 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4041 int ret;
4042
4043
4044 cfg80211_destroy_ifaces(rdev);
4045
4046 wiphy_lock(&rdev->wiphy);
4047 ret = _nl80211_new_interface(skb, info);
4048 wiphy_unlock(&rdev->wiphy);
4049
4050 return ret;
4051}
4052
4053static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
4054{
4055 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4056 struct wireless_dev *wdev = info->user_ptr[1];
4057
4058 if (!rdev->ops->del_virtual_intf)
4059 return -EOPNOTSUPP;
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070 mutex_unlock(&rdev->wiphy.mtx);
4071
4072
4073
4074
4075
4076
4077
4078
4079 if (!wdev->netdev)
4080 info->user_ptr[1] = NULL;
4081 else
4082 dev_close(wdev->netdev);
4083
4084 mutex_lock(&rdev->wiphy.mtx);
4085
4086 return rdev_del_virtual_intf(rdev, wdev);
4087}
4088
4089static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
4090{
4091 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4092 struct net_device *dev = info->user_ptr[1];
4093 u16 noack_map;
4094
4095 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
4096 return -EINVAL;
4097
4098 if (!rdev->ops->set_noack_map)
4099 return -EOPNOTSUPP;
4100
4101 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
4102
4103 return rdev_set_noack_map(rdev, dev, noack_map);
4104}
4105
4106struct get_key_cookie {
4107 struct sk_buff *msg;
4108 int error;
4109 int idx;
4110};
4111
4112static void get_key_callback(void *c, struct key_params *params)
4113{
4114 struct nlattr *key;
4115 struct get_key_cookie *cookie = c;
4116
4117 if ((params->key &&
4118 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
4119 params->key_len, params->key)) ||
4120 (params->seq &&
4121 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
4122 params->seq_len, params->seq)) ||
4123 (params->cipher &&
4124 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
4125 params->cipher)))
4126 goto nla_put_failure;
4127
4128 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
4129 if (!key)
4130 goto nla_put_failure;
4131
4132 if ((params->key &&
4133 nla_put(cookie->msg, NL80211_KEY_DATA,
4134 params->key_len, params->key)) ||
4135 (params->seq &&
4136 nla_put(cookie->msg, NL80211_KEY_SEQ,
4137 params->seq_len, params->seq)) ||
4138 (params->cipher &&
4139 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
4140 params->cipher)))
4141 goto nla_put_failure;
4142
4143 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
4144 goto nla_put_failure;
4145
4146 nla_nest_end(cookie->msg, key);
4147
4148 return;
4149 nla_put_failure:
4150 cookie->error = 1;
4151}
4152
4153static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
4154{
4155 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4156 int err;
4157 struct net_device *dev = info->user_ptr[1];
4158 u8 key_idx = 0;
4159 const u8 *mac_addr = NULL;
4160 bool pairwise;
4161 struct get_key_cookie cookie = {
4162 .error = 0,
4163 };
4164 void *hdr;
4165 struct sk_buff *msg;
4166 bool bigtk_support = false;
4167
4168 if (wiphy_ext_feature_isset(&rdev->wiphy,
4169 NL80211_EXT_FEATURE_BEACON_PROTECTION))
4170 bigtk_support = true;
4171
4172 if ((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_STATION ||
4173 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
4174 wiphy_ext_feature_isset(&rdev->wiphy,
4175 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
4176 bigtk_support = true;
4177
4178 if (info->attrs[NL80211_ATTR_KEY_IDX]) {
4179 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
4180
4181 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
4182 GENL_SET_ERR_MSG(info, "BIGTK not supported");
4183 return -EINVAL;
4184 }
4185 }
4186
4187 if (info->attrs[NL80211_ATTR_MAC])
4188 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4189
4190 pairwise = !!mac_addr;
4191 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
4192 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
4193
4194 if (kt != NL80211_KEYTYPE_GROUP &&
4195 kt != NL80211_KEYTYPE_PAIRWISE)
4196 return -EINVAL;
4197 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
4198 }
4199
4200 if (!rdev->ops->get_key)
4201 return -EOPNOTSUPP;
4202
4203 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4204 return -ENOENT;
4205
4206 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4207 if (!msg)
4208 return -ENOMEM;
4209
4210 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4211 NL80211_CMD_NEW_KEY);
4212 if (!hdr)
4213 goto nla_put_failure;
4214
4215 cookie.msg = msg;
4216 cookie.idx = key_idx;
4217
4218 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4219 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
4220 goto nla_put_failure;
4221 if (mac_addr &&
4222 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
4223 goto nla_put_failure;
4224
4225 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
4226 get_key_callback);
4227
4228 if (err)
4229 goto free_msg;
4230
4231 if (cookie.error)
4232 goto nla_put_failure;
4233
4234 genlmsg_end(msg, hdr);
4235 return genlmsg_reply(msg, info);
4236
4237 nla_put_failure:
4238 err = -ENOBUFS;
4239 free_msg:
4240 nlmsg_free(msg);
4241 return err;
4242}
4243
4244static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
4245{
4246 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4247 struct key_parse key;
4248 int err;
4249 struct net_device *dev = info->user_ptr[1];
4250
4251 err = nl80211_parse_key(info, &key);
4252 if (err)
4253 return err;
4254
4255 if (key.idx < 0)
4256 return -EINVAL;
4257
4258
4259
4260
4261 if (!key.def && !key.defmgmt && !key.defbeacon &&
4262 !(key.p.mode == NL80211_KEY_SET_TX))
4263 return -EINVAL;
4264
4265 wdev_lock(dev->ieee80211_ptr);
4266
4267 if (key.def) {
4268 if (!rdev->ops->set_default_key) {
4269 err = -EOPNOTSUPP;
4270 goto out;
4271 }
4272
4273 err = nl80211_key_allowed(dev->ieee80211_ptr);
4274 if (err)
4275 goto out;
4276
4277 err = rdev_set_default_key(rdev, dev, key.idx,
4278 key.def_uni, key.def_multi);
4279
4280 if (err)
4281 goto out;
4282
4283#ifdef CONFIG_CFG80211_WEXT
4284 dev->ieee80211_ptr->wext.default_key = key.idx;
4285#endif
4286 } else if (key.defmgmt) {
4287 if (key.def_uni || !key.def_multi) {
4288 err = -EINVAL;
4289 goto out;
4290 }
4291
4292 if (!rdev->ops->set_default_mgmt_key) {
4293 err = -EOPNOTSUPP;
4294 goto out;
4295 }
4296
4297 err = nl80211_key_allowed(dev->ieee80211_ptr);
4298 if (err)
4299 goto out;
4300
4301 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
4302 if (err)
4303 goto out;
4304
4305#ifdef CONFIG_CFG80211_WEXT
4306 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
4307#endif
4308 } else if (key.defbeacon) {
4309 if (key.def_uni || !key.def_multi) {
4310 err = -EINVAL;
4311 goto out;
4312 }
4313
4314 if (!rdev->ops->set_default_beacon_key) {
4315 err = -EOPNOTSUPP;
4316 goto out;
4317 }
4318
4319 err = nl80211_key_allowed(dev->ieee80211_ptr);
4320 if (err)
4321 goto out;
4322
4323 err = rdev_set_default_beacon_key(rdev, dev, key.idx);
4324 if (err)
4325 goto out;
4326 } else if (key.p.mode == NL80211_KEY_SET_TX &&
4327 wiphy_ext_feature_isset(&rdev->wiphy,
4328 NL80211_EXT_FEATURE_EXT_KEY_ID)) {
4329 u8 *mac_addr = NULL;
4330
4331 if (info->attrs[NL80211_ATTR_MAC])
4332 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4333
4334 if (!mac_addr || key.idx < 0 || key.idx > 1) {
4335 err = -EINVAL;
4336 goto out;
4337 }
4338
4339 err = rdev_add_key(rdev, dev, key.idx,
4340 NL80211_KEYTYPE_PAIRWISE,
4341 mac_addr, &key.p);
4342 } else {
4343 err = -EINVAL;
4344 }
4345 out:
4346 wdev_unlock(dev->ieee80211_ptr);
4347
4348 return err;
4349}
4350
4351static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
4352{
4353 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4354 int err;
4355 struct net_device *dev = info->user_ptr[1];
4356 struct key_parse key;
4357 const u8 *mac_addr = NULL;
4358
4359 err = nl80211_parse_key(info, &key);
4360 if (err)
4361 return err;
4362
4363 if (!key.p.key) {
4364 GENL_SET_ERR_MSG(info, "no key");
4365 return -EINVAL;
4366 }
4367
4368 if (info->attrs[NL80211_ATTR_MAC])
4369 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4370
4371 if (key.type == -1) {
4372 if (mac_addr)
4373 key.type = NL80211_KEYTYPE_PAIRWISE;
4374 else
4375 key.type = NL80211_KEYTYPE_GROUP;
4376 }
4377
4378
4379 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4380 key.type != NL80211_KEYTYPE_GROUP) {
4381 GENL_SET_ERR_MSG(info, "key type not pairwise or group");
4382 return -EINVAL;
4383 }
4384
4385 if (key.type == NL80211_KEYTYPE_GROUP &&
4386 info->attrs[NL80211_ATTR_VLAN_ID])
4387 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
4388
4389 if (!rdev->ops->add_key)
4390 return -EOPNOTSUPP;
4391
4392 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
4393 key.type == NL80211_KEYTYPE_PAIRWISE,
4394 mac_addr)) {
4395 GENL_SET_ERR_MSG(info, "key setting validation failed");
4396 return -EINVAL;
4397 }
4398
4399 wdev_lock(dev->ieee80211_ptr);
4400 err = nl80211_key_allowed(dev->ieee80211_ptr);
4401 if (err)
4402 GENL_SET_ERR_MSG(info, "key not allowed");
4403 if (!err) {
4404 err = rdev_add_key(rdev, dev, key.idx,
4405 key.type == NL80211_KEYTYPE_PAIRWISE,
4406 mac_addr, &key.p);
4407 if (err)
4408 GENL_SET_ERR_MSG(info, "key addition failed");
4409 }
4410 wdev_unlock(dev->ieee80211_ptr);
4411
4412 return err;
4413}
4414
4415static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
4416{
4417 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4418 int err;
4419 struct net_device *dev = info->user_ptr[1];
4420 u8 *mac_addr = NULL;
4421 struct key_parse key;
4422
4423 err = nl80211_parse_key(info, &key);
4424 if (err)
4425 return err;
4426
4427 if (info->attrs[NL80211_ATTR_MAC])
4428 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4429
4430 if (key.type == -1) {
4431 if (mac_addr)
4432 key.type = NL80211_KEYTYPE_PAIRWISE;
4433 else
4434 key.type = NL80211_KEYTYPE_GROUP;
4435 }
4436
4437
4438 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4439 key.type != NL80211_KEYTYPE_GROUP)
4440 return -EINVAL;
4441
4442 if (!cfg80211_valid_key_idx(rdev, key.idx,
4443 key.type == NL80211_KEYTYPE_PAIRWISE))
4444 return -EINVAL;
4445
4446 if (!rdev->ops->del_key)
4447 return -EOPNOTSUPP;
4448
4449 wdev_lock(dev->ieee80211_ptr);
4450 err = nl80211_key_allowed(dev->ieee80211_ptr);
4451
4452 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4453 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4454 err = -ENOENT;
4455
4456 if (!err)
4457 err = rdev_del_key(rdev, dev, key.idx,
4458 key.type == NL80211_KEYTYPE_PAIRWISE,
4459 mac_addr);
4460
4461#ifdef CONFIG_CFG80211_WEXT
4462 if (!err) {
4463 if (key.idx == dev->ieee80211_ptr->wext.default_key)
4464 dev->ieee80211_ptr->wext.default_key = -1;
4465 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
4466 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
4467 }
4468#endif
4469 wdev_unlock(dev->ieee80211_ptr);
4470
4471 return err;
4472}
4473
4474
4475static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4476{
4477 struct nlattr *attr;
4478 int n_entries = 0, tmp;
4479
4480 nla_for_each_nested(attr, nl_attr, tmp) {
4481 if (nla_len(attr) != ETH_ALEN)
4482 return -EINVAL;
4483
4484 n_entries++;
4485 }
4486
4487 return n_entries;
4488}
4489
4490
4491
4492
4493
4494
4495static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
4496 struct genl_info *info)
4497{
4498 enum nl80211_acl_policy acl_policy;
4499 struct nlattr *attr;
4500 struct cfg80211_acl_data *acl;
4501 int i = 0, n_entries, tmp;
4502
4503 if (!wiphy->max_acl_mac_addrs)
4504 return ERR_PTR(-EOPNOTSUPP);
4505
4506 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
4507 return ERR_PTR(-EINVAL);
4508
4509 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
4510 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
4511 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
4512 return ERR_PTR(-EINVAL);
4513
4514 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
4515 return ERR_PTR(-EINVAL);
4516
4517 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
4518 if (n_entries < 0)
4519 return ERR_PTR(n_entries);
4520
4521 if (n_entries > wiphy->max_acl_mac_addrs)
4522 return ERR_PTR(-ENOTSUPP);
4523
4524 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
4525 if (!acl)
4526 return ERR_PTR(-ENOMEM);
4527
4528 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
4529 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
4530 i++;
4531 }
4532
4533 acl->n_acl_entries = n_entries;
4534 acl->acl_policy = acl_policy;
4535
4536 return acl;
4537}
4538
4539static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
4540{
4541 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4542 struct net_device *dev = info->user_ptr[1];
4543 struct cfg80211_acl_data *acl;
4544 int err;
4545
4546 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4547 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4548 return -EOPNOTSUPP;
4549
4550 if (!dev->ieee80211_ptr->beacon_interval)
4551 return -EINVAL;
4552
4553 acl = parse_acl_data(&rdev->wiphy, info);
4554 if (IS_ERR(acl))
4555 return PTR_ERR(acl);
4556
4557 err = rdev_set_mac_acl(rdev, dev, acl);
4558
4559 kfree(acl);
4560
4561 return err;
4562}
4563
4564static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4565 u8 *rates, u8 rates_len)
4566{
4567 u8 i;
4568 u32 mask = 0;
4569
4570 for (i = 0; i < rates_len; i++) {
4571 int rate = (rates[i] & 0x7f) * 5;
4572 int ridx;
4573
4574 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4575 struct ieee80211_rate *srate =
4576 &sband->bitrates[ridx];
4577 if (rate == srate->bitrate) {
4578 mask |= 1 << ridx;
4579 break;
4580 }
4581 }
4582 if (ridx == sband->n_bitrates)
4583 return 0;
4584 }
4585
4586 return mask;
4587}
4588
4589static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4590 u8 *rates, u8 rates_len,
4591 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4592{
4593 u8 i;
4594
4595 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4596
4597 for (i = 0; i < rates_len; i++) {
4598 int ridx, rbit;
4599
4600 ridx = rates[i] / 8;
4601 rbit = BIT(rates[i] % 8);
4602
4603
4604 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4605 return false;
4606
4607
4608 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4609 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4610 mcs[ridx] |= rbit;
4611 else
4612 return false;
4613 }
4614
4615 return true;
4616}
4617
4618static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4619{
4620 u16 mcs_mask = 0;
4621
4622 switch (vht_mcs_map) {
4623 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4624 break;
4625 case IEEE80211_VHT_MCS_SUPPORT_0_7:
4626 mcs_mask = 0x00FF;
4627 break;
4628 case IEEE80211_VHT_MCS_SUPPORT_0_8:
4629 mcs_mask = 0x01FF;
4630 break;
4631 case IEEE80211_VHT_MCS_SUPPORT_0_9:
4632 mcs_mask = 0x03FF;
4633 break;
4634 default:
4635 break;
4636 }
4637
4638 return mcs_mask;
4639}
4640
4641static void vht_build_mcs_mask(u16 vht_mcs_map,
4642 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4643{
4644 u8 nss;
4645
4646 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4647 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4648 vht_mcs_map >>= 2;
4649 }
4650}
4651
4652static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4653 struct nl80211_txrate_vht *txrate,
4654 u16 mcs[NL80211_VHT_NSS_MAX])
4655{
4656 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4657 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4658 u8 i;
4659
4660 if (!sband->vht_cap.vht_supported)
4661 return false;
4662
4663 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4664
4665
4666 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4667
4668 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4669 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4670 mcs[i] = txrate->mcs[i];
4671 else
4672 return false;
4673 }
4674
4675 return true;
4676}
4677
4678static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
4679{
4680 switch (he_mcs_map) {
4681 case IEEE80211_HE_MCS_NOT_SUPPORTED:
4682 return 0;
4683 case IEEE80211_HE_MCS_SUPPORT_0_7:
4684 return 0x00FF;
4685 case IEEE80211_HE_MCS_SUPPORT_0_9:
4686 return 0x03FF;
4687 case IEEE80211_HE_MCS_SUPPORT_0_11:
4688 return 0xFFF;
4689 default:
4690 break;
4691 }
4692 return 0;
4693}
4694
4695static void he_build_mcs_mask(u16 he_mcs_map,
4696 u16 he_mcs_mask[NL80211_HE_NSS_MAX])
4697{
4698 u8 nss;
4699
4700 for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
4701 he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
4702 he_mcs_map >>= 2;
4703 }
4704}
4705
4706static u16 he_get_txmcsmap(struct genl_info *info,
4707 const struct ieee80211_sta_he_cap *he_cap)
4708{
4709 struct net_device *dev = info->user_ptr[1];
4710 struct wireless_dev *wdev = dev->ieee80211_ptr;
4711 __le16 tx_mcs;
4712
4713 switch (wdev->chandef.width) {
4714 case NL80211_CHAN_WIDTH_80P80:
4715 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
4716 break;
4717 case NL80211_CHAN_WIDTH_160:
4718 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
4719 break;
4720 default:
4721 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
4722 break;
4723 }
4724 return le16_to_cpu(tx_mcs);
4725}
4726
4727static bool he_set_mcs_mask(struct genl_info *info,
4728 struct wireless_dev *wdev,
4729 struct ieee80211_supported_band *sband,
4730 struct nl80211_txrate_he *txrate,
4731 u16 mcs[NL80211_HE_NSS_MAX])
4732{
4733 const struct ieee80211_sta_he_cap *he_cap;
4734 u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
4735 u16 tx_mcs_map = 0;
4736 u8 i;
4737
4738 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
4739 if (!he_cap)
4740 return false;
4741
4742 memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
4743
4744 tx_mcs_map = he_get_txmcsmap(info, he_cap);
4745
4746
4747 he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4748
4749 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
4750 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4751 mcs[i] = txrate->mcs[i];
4752 else
4753 return false;
4754 }
4755
4756 return true;
4757}
4758
4759static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4760 struct nlattr *attrs[],
4761 enum nl80211_attrs attr,
4762 struct cfg80211_bitrate_mask *mask,
4763 struct net_device *dev,
4764 bool default_all_enabled)
4765{
4766 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4767 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4768 struct wireless_dev *wdev = dev->ieee80211_ptr;
4769 int rem, i;
4770 struct nlattr *tx_rates;
4771 struct ieee80211_supported_band *sband;
4772 u16 vht_tx_mcs_map, he_tx_mcs_map;
4773
4774 memset(mask, 0, sizeof(*mask));
4775
4776 for (i = 0; i < NUM_NL80211_BANDS; i++) {
4777 const struct ieee80211_sta_he_cap *he_cap;
4778
4779 if (!default_all_enabled)
4780 break;
4781
4782 sband = rdev->wiphy.bands[i];
4783
4784 if (!sband)
4785 continue;
4786
4787 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4788 memcpy(mask->control[i].ht_mcs,
4789 sband->ht_cap.mcs.rx_mask,
4790 sizeof(mask->control[i].ht_mcs));
4791
4792 if (sband->vht_cap.vht_supported) {
4793 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4794 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4795 }
4796
4797 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
4798 if (!he_cap)
4799 continue;
4800
4801 he_tx_mcs_map = he_get_txmcsmap(info, he_cap);
4802 he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
4803
4804 mask->control[i].he_gi = 0xFF;
4805 mask->control[i].he_ltf = 0xFF;
4806 }
4807
4808
4809 if (!attrs[attr])
4810 goto out;
4811
4812
4813
4814
4815 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4816 nla_for_each_nested(tx_rates, attrs[attr], rem) {
4817 enum nl80211_band band = nla_type(tx_rates);
4818 int err;
4819
4820 if (band < 0 || band >= NUM_NL80211_BANDS)
4821 return -EINVAL;
4822 sband = rdev->wiphy.bands[band];
4823 if (sband == NULL)
4824 return -EINVAL;
4825 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4826 tx_rates,
4827 nl80211_txattr_policy,
4828 info->extack);
4829 if (err)
4830 return err;
4831 if (tb[NL80211_TXRATE_LEGACY]) {
4832 mask->control[band].legacy = rateset_to_mask(
4833 sband,
4834 nla_data(tb[NL80211_TXRATE_LEGACY]),
4835 nla_len(tb[NL80211_TXRATE_LEGACY]));
4836 if ((mask->control[band].legacy == 0) &&
4837 nla_len(tb[NL80211_TXRATE_LEGACY]))
4838 return -EINVAL;
4839 }
4840 if (tb[NL80211_TXRATE_HT]) {
4841 if (!ht_rateset_to_mask(
4842 sband,
4843 nla_data(tb[NL80211_TXRATE_HT]),
4844 nla_len(tb[NL80211_TXRATE_HT]),
4845 mask->control[band].ht_mcs))
4846 return -EINVAL;
4847 }
4848
4849 if (tb[NL80211_TXRATE_VHT]) {
4850 if (!vht_set_mcs_mask(
4851 sband,
4852 nla_data(tb[NL80211_TXRATE_VHT]),
4853 mask->control[band].vht_mcs))
4854 return -EINVAL;
4855 }
4856
4857 if (tb[NL80211_TXRATE_GI]) {
4858 mask->control[band].gi =
4859 nla_get_u8(tb[NL80211_TXRATE_GI]);
4860 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4861 return -EINVAL;
4862 }
4863 if (tb[NL80211_TXRATE_HE] &&
4864 !he_set_mcs_mask(info, wdev, sband,
4865 nla_data(tb[NL80211_TXRATE_HE]),
4866 mask->control[band].he_mcs))
4867 return -EINVAL;
4868
4869 if (tb[NL80211_TXRATE_HE_GI])
4870 mask->control[band].he_gi =
4871 nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
4872 if (tb[NL80211_TXRATE_HE_LTF])
4873 mask->control[band].he_ltf =
4874 nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
4875
4876 if (mask->control[band].legacy == 0) {
4877
4878
4879
4880 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4881 rdev->wiphy.bands[band]->vht_cap.vht_supported ||
4882 ieee80211_get_he_iftype_cap(sband, wdev->iftype)))
4883 return -EINVAL;
4884
4885 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4886 if (mask->control[band].ht_mcs[i])
4887 goto out;
4888
4889 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4890 if (mask->control[band].vht_mcs[i])
4891 goto out;
4892
4893 for (i = 0; i < NL80211_HE_NSS_MAX; i++)
4894 if (mask->control[band].he_mcs[i])
4895 goto out;
4896
4897
4898 return -EINVAL;
4899 }
4900 }
4901
4902out:
4903 return 0;
4904}
4905
4906static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4907 enum nl80211_band band,
4908 struct cfg80211_bitrate_mask *beacon_rate)
4909{
4910 u32 count_ht, count_vht, count_he, i;
4911 u32 rate = beacon_rate->control[band].legacy;
4912
4913
4914 if (hweight32(rate) > 1)
4915 return -EINVAL;
4916
4917 count_ht = 0;
4918 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4919 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4920 return -EINVAL;
4921 } else if (beacon_rate->control[band].ht_mcs[i]) {
4922 count_ht++;
4923 if (count_ht > 1)
4924 return -EINVAL;
4925 }
4926 if (count_ht && rate)
4927 return -EINVAL;
4928 }
4929
4930 count_vht = 0;
4931 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4932 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4933 return -EINVAL;
4934 } else if (beacon_rate->control[band].vht_mcs[i]) {
4935 count_vht++;
4936 if (count_vht > 1)
4937 return -EINVAL;
4938 }
4939 if (count_vht && rate)
4940 return -EINVAL;
4941 }
4942
4943 count_he = 0;
4944 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
4945 if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) {
4946 return -EINVAL;
4947 } else if (beacon_rate->control[band].he_mcs[i]) {
4948 count_he++;
4949 if (count_he > 1)
4950 return -EINVAL;
4951 }
4952 if (count_he && rate)
4953 return -EINVAL;
4954 }
4955
4956 if ((count_ht && count_vht && count_he) ||
4957 (!rate && !count_ht && !count_vht && !count_he))
4958 return -EINVAL;
4959
4960 if (rate &&
4961 !wiphy_ext_feature_isset(&rdev->wiphy,
4962 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4963 return -EINVAL;
4964 if (count_ht &&
4965 !wiphy_ext_feature_isset(&rdev->wiphy,
4966 NL80211_EXT_FEATURE_BEACON_RATE_HT))
4967 return -EINVAL;
4968 if (count_vht &&
4969 !wiphy_ext_feature_isset(&rdev->wiphy,
4970 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4971 return -EINVAL;
4972 if (count_he &&
4973 !wiphy_ext_feature_isset(&rdev->wiphy,
4974 NL80211_EXT_FEATURE_BEACON_RATE_HE))
4975 return -EINVAL;
4976
4977 return 0;
4978}
4979
4980static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4981 struct nlattr *attrs[],
4982 struct cfg80211_beacon_data *bcn)
4983{
4984 bool haveinfo = false;
4985 int err;
4986
4987 memset(bcn, 0, sizeof(*bcn));
4988
4989 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4990 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4991 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4992 if (!bcn->head_len)
4993 return -EINVAL;
4994 haveinfo = true;
4995 }
4996
4997 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4998 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4999 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
5000 haveinfo = true;
5001 }
5002
5003 if (!haveinfo)
5004 return -EINVAL;
5005
5006 if (attrs[NL80211_ATTR_IE]) {
5007 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
5008 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
5009 }
5010
5011 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
5012 bcn->proberesp_ies =
5013 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5014 bcn->proberesp_ies_len =
5015 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5016 }
5017
5018 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
5019 bcn->assocresp_ies =
5020 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5021 bcn->assocresp_ies_len =
5022 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5023 }
5024
5025 if (attrs[NL80211_ATTR_PROBE_RESP]) {
5026 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
5027 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
5028 }
5029
5030 if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
5031 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
5032
5033 err = nla_parse_nested_deprecated(tb,
5034 NL80211_FTM_RESP_ATTR_MAX,
5035 attrs[NL80211_ATTR_FTM_RESPONDER],
5036 NULL, NULL);
5037 if (err)
5038 return err;
5039
5040 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
5041 wiphy_ext_feature_isset(&rdev->wiphy,
5042 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
5043 bcn->ftm_responder = 1;
5044 else
5045 return -EOPNOTSUPP;
5046
5047 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
5048 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
5049 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
5050 }
5051
5052 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
5053 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5054 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5055 }
5056 } else {
5057 bcn->ftm_responder = -1;
5058 }
5059
5060 return 0;
5061}
5062
5063static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
5064 struct ieee80211_he_obss_pd *he_obss_pd)
5065{
5066 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
5067 int err;
5068
5069 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
5070 he_obss_pd_policy, NULL);
5071 if (err)
5072 return err;
5073
5074 if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
5075 return -EINVAL;
5076
5077 he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
5078
5079 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
5080 he_obss_pd->min_offset =
5081 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
5082 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
5083 he_obss_pd->max_offset =
5084 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
5085 if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
5086 he_obss_pd->non_srg_max_offset =
5087 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
5088
5089 if (he_obss_pd->min_offset > he_obss_pd->max_offset)
5090 return -EINVAL;
5091
5092 if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
5093 memcpy(he_obss_pd->bss_color_bitmap,
5094 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
5095 sizeof(he_obss_pd->bss_color_bitmap));
5096
5097 if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
5098 memcpy(he_obss_pd->partial_bssid_bitmap,
5099 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
5100 sizeof(he_obss_pd->partial_bssid_bitmap));
5101
5102 he_obss_pd->enable = true;
5103
5104 return 0;
5105}
5106
5107static int nl80211_parse_he_bss_color(struct nlattr *attrs,
5108 struct cfg80211_he_bss_color *he_bss_color)
5109{
5110 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
5111 int err;
5112
5113 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
5114 he_bss_color_policy, NULL);
5115 if (err)
5116 return err;
5117
5118 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
5119 return -EINVAL;
5120
5121 he_bss_color->color =
5122 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
5123 he_bss_color->enabled =
5124 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
5125 he_bss_color->partial =
5126 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
5127
5128 return 0;
5129}
5130
5131static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
5132 struct nlattr *attrs,
5133 struct cfg80211_ap_settings *params)
5134{
5135 struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
5136 int ret;
5137 struct cfg80211_fils_discovery *fd = ¶ms->fils_discovery;
5138
5139 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5140 NL80211_EXT_FEATURE_FILS_DISCOVERY))
5141 return -EINVAL;
5142
5143 ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
5144 NULL, NULL);
5145 if (ret)
5146 return ret;
5147
5148 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] ||
5149 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] ||
5150 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
5151 return -EINVAL;
5152
5153 fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5154 fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5155 fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
5156 fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
5157
5158 return 0;
5159}
5160
5161static int
5162nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
5163 struct nlattr *attrs,
5164 struct cfg80211_ap_settings *params)
5165{
5166 struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
5167 int ret;
5168 struct cfg80211_unsol_bcast_probe_resp *presp =
5169 ¶ms->unsol_bcast_probe_resp;
5170
5171 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5172 NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
5173 return -EINVAL;
5174
5175 ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
5176 attrs, NULL, NULL);
5177 if (ret)
5178 return ret;
5179
5180 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] ||
5181 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
5182 return -EINVAL;
5183
5184 presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5185 presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5186 presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
5187 return 0;
5188}
5189
5190static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
5191 const u8 *rates)
5192{
5193 int i;
5194
5195 if (!rates)
5196 return;
5197
5198 for (i = 0; i < rates[1]; i++) {
5199 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
5200 params->ht_required = true;
5201 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
5202 params->vht_required = true;
5203 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
5204 params->he_required = true;
5205 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E)
5206 params->sae_h2e_required = true;
5207 }
5208}
5209
5210
5211
5212
5213
5214
5215static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
5216{
5217 const struct cfg80211_beacon_data *bcn = ¶ms->beacon;
5218 size_t ies_len = bcn->tail_len;
5219 const u8 *ies = bcn->tail;
5220 const u8 *rates;
5221 const u8 *cap;
5222
5223 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
5224 nl80211_check_ap_rate_selectors(params, rates);
5225
5226 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
5227 nl80211_check_ap_rate_selectors(params, rates);
5228
5229 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
5230 if (cap && cap[1] >= sizeof(*params->ht_cap))
5231 params->ht_cap = (void *)(cap + 2);
5232 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
5233 if (cap && cap[1] >= sizeof(*params->vht_cap))
5234 params->vht_cap = (void *)(cap + 2);
5235 cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
5236 if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
5237 params->he_cap = (void *)(cap + 3);
5238 cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
5239 if (cap && cap[1] >= sizeof(*params->he_oper) + 1)
5240 params->he_oper = (void *)(cap + 3);
5241}
5242
5243static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
5244 struct cfg80211_ap_settings *params)
5245{
5246 struct wireless_dev *wdev;
5247 bool ret = false;
5248
5249 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
5250 if (wdev->iftype != NL80211_IFTYPE_AP &&
5251 wdev->iftype != NL80211_IFTYPE_P2P_GO)
5252 continue;
5253
5254 if (!wdev->preset_chandef.chan)
5255 continue;
5256
5257 params->chandef = wdev->preset_chandef;
5258 ret = true;
5259 break;
5260 }
5261
5262 return ret;
5263}
5264
5265static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
5266 enum nl80211_auth_type auth_type,
5267 enum nl80211_commands cmd)
5268{
5269 if (auth_type > NL80211_AUTHTYPE_MAX)
5270 return false;
5271
5272 switch (cmd) {
5273 case NL80211_CMD_AUTHENTICATE:
5274 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5275 auth_type == NL80211_AUTHTYPE_SAE)
5276 return false;
5277 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5278 NL80211_EXT_FEATURE_FILS_STA) &&
5279 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5280 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5281 auth_type == NL80211_AUTHTYPE_FILS_PK))
5282 return false;
5283 return true;
5284 case NL80211_CMD_CONNECT:
5285 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5286 !wiphy_ext_feature_isset(&rdev->wiphy,
5287 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
5288 auth_type == NL80211_AUTHTYPE_SAE)
5289 return false;
5290
5291
5292 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5293 auth_type == NL80211_AUTHTYPE_FILS_PK)
5294 return false;
5295 if (!wiphy_ext_feature_isset(
5296 &rdev->wiphy,
5297 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
5298 auth_type == NL80211_AUTHTYPE_FILS_SK)
5299 return false;
5300 return true;
5301 case NL80211_CMD_START_AP:
5302 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5303 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
5304 auth_type == NL80211_AUTHTYPE_SAE)
5305 return false;
5306
5307 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5308 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5309 auth_type == NL80211_AUTHTYPE_FILS_PK)
5310 return false;
5311 return true;
5312 default:
5313 return false;
5314 }
5315}
5316
5317static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
5318{
5319 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5320 struct net_device *dev = info->user_ptr[1];
5321 struct wireless_dev *wdev = dev->ieee80211_ptr;
5322 struct cfg80211_ap_settings params;
5323 int err;
5324
5325 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5326 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5327 return -EOPNOTSUPP;
5328
5329 if (!rdev->ops->start_ap)
5330 return -EOPNOTSUPP;
5331
5332 if (wdev->beacon_interval)
5333 return -EALREADY;
5334
5335 memset(¶ms, 0, sizeof(params));
5336
5337
5338 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
5339 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
5340 !info->attrs[NL80211_ATTR_BEACON_HEAD])
5341 return -EINVAL;
5342
5343 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon);
5344 if (err)
5345 return err;
5346
5347 params.beacon_interval =
5348 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
5349 params.dtim_period =
5350 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
5351
5352 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
5353 params.beacon_interval);
5354 if (err)
5355 return err;
5356
5357
5358
5359
5360
5361
5362
5363
5364 if (info->attrs[NL80211_ATTR_SSID]) {
5365 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5366 params.ssid_len =
5367 nla_len(info->attrs[NL80211_ATTR_SSID]);
5368 if (params.ssid_len == 0)
5369 return -EINVAL;
5370 }
5371
5372 if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
5373 params.hidden_ssid = nla_get_u32(
5374 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
5375
5376 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
5377
5378 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
5379 params.auth_type = nla_get_u32(
5380 info->attrs[NL80211_ATTR_AUTH_TYPE]);
5381 if (!nl80211_valid_auth_type(rdev, params.auth_type,
5382 NL80211_CMD_START_AP))
5383 return -EINVAL;
5384 } else
5385 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
5386
5387 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto,
5388 NL80211_MAX_NR_CIPHER_SUITES);
5389 if (err)
5390 return err;
5391
5392 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
5393 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
5394 return -EOPNOTSUPP;
5395 params.inactivity_timeout = nla_get_u16(
5396 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
5397 }
5398
5399 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
5400 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5401 return -EINVAL;
5402 params.p2p_ctwindow =
5403 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
5404 if (params.p2p_ctwindow != 0 &&
5405 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
5406 return -EINVAL;
5407 }
5408
5409 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
5410 u8 tmp;
5411
5412 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5413 return -EINVAL;
5414 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
5415 params.p2p_opp_ps = tmp;
5416 if (params.p2p_opp_ps != 0 &&
5417 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
5418 return -EINVAL;
5419 }
5420
5421 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
5422 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
5423 if (err)
5424 return err;
5425 } else if (wdev->preset_chandef.chan) {
5426 params.chandef = wdev->preset_chandef;
5427 } else if (!nl80211_get_ap_channel(rdev, ¶ms))
5428 return -EINVAL;
5429
5430 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
5431 wdev->iftype))
5432 return -EINVAL;
5433
5434 if (info->attrs[NL80211_ATTR_TX_RATES]) {
5435 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
5436 NL80211_ATTR_TX_RATES,
5437 ¶ms.beacon_rate,
5438 dev, false);
5439 if (err)
5440 return err;
5441
5442 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
5443 ¶ms.beacon_rate);
5444 if (err)
5445 return err;
5446 }
5447
5448 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
5449 params.smps_mode =
5450 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
5451 switch (params.smps_mode) {
5452 case NL80211_SMPS_OFF:
5453 break;
5454 case NL80211_SMPS_STATIC:
5455 if (!(rdev->wiphy.features &
5456 NL80211_FEATURE_STATIC_SMPS))
5457 return -EINVAL;
5458 break;
5459 case NL80211_SMPS_DYNAMIC:
5460 if (!(rdev->wiphy.features &
5461 NL80211_FEATURE_DYNAMIC_SMPS))
5462 return -EINVAL;
5463 break;
5464 default:
5465 return -EINVAL;
5466 }
5467 } else {
5468 params.smps_mode = NL80211_SMPS_OFF;
5469 }
5470
5471 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
5472 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
5473 return -EOPNOTSUPP;
5474
5475 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
5476 params.acl = parse_acl_data(&rdev->wiphy, info);
5477 if (IS_ERR(params.acl))
5478 return PTR_ERR(params.acl);
5479 }
5480
5481 params.twt_responder =
5482 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
5483
5484 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
5485 err = nl80211_parse_he_obss_pd(
5486 info->attrs[NL80211_ATTR_HE_OBSS_PD],
5487 ¶ms.he_obss_pd);
5488 if (err)
5489 goto out;
5490 }
5491
5492 if (info->attrs[NL80211_ATTR_HE_BSS_COLOR]) {
5493 err = nl80211_parse_he_bss_color(
5494 info->attrs[NL80211_ATTR_HE_BSS_COLOR],
5495 ¶ms.he_bss_color);
5496 if (err)
5497 goto out;
5498 }
5499
5500 if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
5501 err = nl80211_parse_fils_discovery(rdev,
5502 info->attrs[NL80211_ATTR_FILS_DISCOVERY],
5503 ¶ms);
5504 if (err)
5505 goto out;
5506 }
5507
5508 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
5509 err = nl80211_parse_unsol_bcast_probe_resp(
5510 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
5511 ¶ms);
5512 if (err)
5513 goto out;
5514 }
5515
5516 nl80211_calculate_ap_params(¶ms);
5517
5518 if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
5519 params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
5520
5521 wdev_lock(wdev);
5522 err = rdev_start_ap(rdev, dev, ¶ms);
5523 if (!err) {
5524 wdev->preset_chandef = params.chandef;
5525 wdev->beacon_interval = params.beacon_interval;
5526 wdev->chandef = params.chandef;
5527 wdev->ssid_len = params.ssid_len;
5528 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
5529
5530 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
5531 wdev->conn_owner_nlportid = info->snd_portid;
5532 }
5533 wdev_unlock(wdev);
5534
5535out:
5536 kfree(params.acl);
5537
5538 return err;
5539}
5540
5541static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
5542{
5543 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5544 struct net_device *dev = info->user_ptr[1];
5545 struct wireless_dev *wdev = dev->ieee80211_ptr;
5546 struct cfg80211_beacon_data params;
5547 int err;
5548
5549 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5550 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5551 return -EOPNOTSUPP;
5552
5553 if (!rdev->ops->change_beacon)
5554 return -EOPNOTSUPP;
5555
5556 if (!wdev->beacon_interval)
5557 return -EINVAL;
5558
5559 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms);
5560 if (err)
5561 return err;
5562
5563 wdev_lock(wdev);
5564 err = rdev_change_beacon(rdev, dev, ¶ms);
5565 wdev_unlock(wdev);
5566
5567 return err;
5568}
5569
5570static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
5571{
5572 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5573 struct net_device *dev = info->user_ptr[1];
5574
5575 return cfg80211_stop_ap(rdev, dev, false);
5576}
5577
5578static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
5579 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
5580 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
5581 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
5582 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
5583 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
5584 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
5585};
5586
5587static int parse_station_flags(struct genl_info *info,
5588 enum nl80211_iftype iftype,
5589 struct station_parameters *params)
5590{
5591 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
5592 struct nlattr *nla;
5593 int flag;
5594
5595
5596
5597
5598
5599 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
5600 if (nla) {
5601 struct nl80211_sta_flag_update *sta_flags;
5602
5603 sta_flags = nla_data(nla);
5604 params->sta_flags_mask = sta_flags->mask;
5605 params->sta_flags_set = sta_flags->set;
5606 params->sta_flags_set &= params->sta_flags_mask;
5607 if ((params->sta_flags_mask |
5608 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
5609 return -EINVAL;
5610 return 0;
5611 }
5612
5613
5614
5615 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
5616 if (!nla)
5617 return 0;
5618
5619 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
5620 return -EINVAL;
5621
5622
5623
5624
5625
5626
5627
5628 switch (iftype) {
5629 case NL80211_IFTYPE_AP:
5630 case NL80211_IFTYPE_AP_VLAN:
5631 case NL80211_IFTYPE_P2P_GO:
5632 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5633 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5634 BIT(NL80211_STA_FLAG_WME) |
5635 BIT(NL80211_STA_FLAG_MFP);
5636 break;
5637 case NL80211_IFTYPE_P2P_CLIENT:
5638 case NL80211_IFTYPE_STATION:
5639 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5640 BIT(NL80211_STA_FLAG_TDLS_PEER);
5641 break;
5642 case NL80211_IFTYPE_MESH_POINT:
5643 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5644 BIT(NL80211_STA_FLAG_MFP) |
5645 BIT(NL80211_STA_FLAG_AUTHORIZED);
5646 break;
5647 default:
5648 return -EINVAL;
5649 }
5650
5651 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
5652 if (flags[flag]) {
5653 params->sta_flags_set |= (1<<flag);
5654
5655
5656 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
5657 return -EINVAL;
5658 }
5659 }
5660
5661 return 0;
5662}
5663
5664bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
5665{
5666 struct nlattr *rate;
5667 u32 bitrate;
5668 u16 bitrate_compat;
5669 enum nl80211_rate_info rate_flg;
5670
5671 rate = nla_nest_start_noflag(msg, attr);
5672 if (!rate)
5673 return false;
5674
5675
5676 bitrate = cfg80211_calculate_bitrate(info);
5677
5678 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
5679 if (bitrate > 0 &&
5680 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
5681 return false;
5682 if (bitrate_compat > 0 &&
5683 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
5684 return false;
5685
5686 switch (info->bw) {
5687 case RATE_INFO_BW_5:
5688 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
5689 break;
5690 case RATE_INFO_BW_10:
5691 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
5692 break;
5693 default:
5694 WARN_ON(1);
5695 fallthrough;
5696 case RATE_INFO_BW_20:
5697 rate_flg = 0;
5698 break;
5699 case RATE_INFO_BW_40:
5700 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
5701 break;
5702 case RATE_INFO_BW_80:
5703 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
5704 break;
5705 case RATE_INFO_BW_160:
5706 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
5707 break;
5708 case RATE_INFO_BW_HE_RU:
5709 rate_flg = 0;
5710 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
5711 }
5712
5713 if (rate_flg && nla_put_flag(msg, rate_flg))
5714 return false;
5715
5716 if (info->flags & RATE_INFO_FLAGS_MCS) {
5717 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
5718 return false;
5719 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5720 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5721 return false;
5722 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
5723 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
5724 return false;
5725 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
5726 return false;
5727 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5728 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5729 return false;
5730 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
5731 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
5732 return false;
5733 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
5734 return false;
5735 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
5736 return false;
5737 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
5738 return false;
5739 if (info->bw == RATE_INFO_BW_HE_RU &&
5740 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
5741 info->he_ru_alloc))
5742 return false;
5743 }
5744
5745 nla_nest_end(msg, rate);
5746 return true;
5747}
5748
5749static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
5750 int id)
5751{
5752 void *attr;
5753 int i = 0;
5754
5755 if (!mask)
5756 return true;
5757
5758 attr = nla_nest_start_noflag(msg, id);
5759 if (!attr)
5760 return false;
5761
5762 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
5763 if (!(mask & BIT(i)))
5764 continue;
5765
5766 if (nla_put_u8(msg, i, signal[i]))
5767 return false;
5768 }
5769
5770 nla_nest_end(msg, attr);
5771
5772 return true;
5773}
5774
5775static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
5776 u32 seq, int flags,
5777 struct cfg80211_registered_device *rdev,
5778 struct net_device *dev,
5779 const u8 *mac_addr, struct station_info *sinfo)
5780{
5781 void *hdr;
5782 struct nlattr *sinfoattr, *bss_param;
5783
5784 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
5785 if (!hdr) {
5786 cfg80211_sinfo_release_content(sinfo);
5787 return -1;
5788 }
5789
5790 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5791 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
5792 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
5793 goto nla_put_failure;
5794
5795 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
5796 if (!sinfoattr)
5797 goto nla_put_failure;
5798
5799#define PUT_SINFO(attr, memb, type) do { \
5800 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
5801 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
5802 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
5803 sinfo->memb)) \
5804 goto nla_put_failure; \
5805 } while (0)
5806#define PUT_SINFO_U64(attr, memb) do { \
5807 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
5808 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
5809 sinfo->memb, NL80211_STA_INFO_PAD)) \
5810 goto nla_put_failure; \
5811 } while (0)
5812
5813 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
5814 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
5815 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
5816
5817 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
5818 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
5819 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
5820 (u32)sinfo->rx_bytes))
5821 goto nla_put_failure;
5822
5823 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
5824 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
5825 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
5826 (u32)sinfo->tx_bytes))
5827 goto nla_put_failure;
5828
5829 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
5830 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
5831 PUT_SINFO(LLID, llid, u16);
5832 PUT_SINFO(PLID, plid, u16);
5833 PUT_SINFO(PLINK_STATE, plink_state, u8);
5834 PUT_SINFO_U64(RX_DURATION, rx_duration);
5835 PUT_SINFO_U64(TX_DURATION, tx_duration);
5836
5837 if (wiphy_ext_feature_isset(&rdev->wiphy,
5838 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5839 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
5840
5841 switch (rdev->wiphy.signal_type) {
5842 case CFG80211_SIGNAL_TYPE_MBM:
5843 PUT_SINFO(SIGNAL, signal, u8);
5844 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
5845 break;
5846 default:
5847 break;
5848 }
5849 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
5850 if (!nl80211_put_signal(msg, sinfo->chains,
5851 sinfo->chain_signal,
5852 NL80211_STA_INFO_CHAIN_SIGNAL))
5853 goto nla_put_failure;
5854 }
5855 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
5856 if (!nl80211_put_signal(msg, sinfo->chains,
5857 sinfo->chain_signal_avg,
5858 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
5859 goto nla_put_failure;
5860 }
5861 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
5862 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
5863 NL80211_STA_INFO_TX_BITRATE))
5864 goto nla_put_failure;
5865 }
5866 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
5867 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
5868 NL80211_STA_INFO_RX_BITRATE))
5869 goto nla_put_failure;
5870 }
5871
5872 PUT_SINFO(RX_PACKETS, rx_packets, u32);
5873 PUT_SINFO(TX_PACKETS, tx_packets, u32);
5874 PUT_SINFO(TX_RETRIES, tx_retries, u32);
5875 PUT_SINFO(TX_FAILED, tx_failed, u32);
5876 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
5877 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
5878 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
5879 PUT_SINFO(LOCAL_PM, local_pm, u32);
5880 PUT_SINFO(PEER_PM, peer_pm, u32);
5881 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
5882 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
5883 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
5884
5885 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5886 bss_param = nla_nest_start_noflag(msg,
5887 NL80211_STA_INFO_BSS_PARAM);
5888 if (!bss_param)
5889 goto nla_put_failure;
5890
5891 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5892 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5893 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5894 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5895 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5896 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5897 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5898 sinfo->bss_param.dtim_period) ||
5899 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5900 sinfo->bss_param.beacon_interval))
5901 goto nla_put_failure;
5902
5903 nla_nest_end(msg, bss_param);
5904 }
5905 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5906 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5907 sizeof(struct nl80211_sta_flag_update),
5908 &sinfo->sta_flags))
5909 goto nla_put_failure;
5910
5911 PUT_SINFO_U64(T_OFFSET, t_offset);
5912 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5913 PUT_SINFO_U64(BEACON_RX, rx_beacon);
5914 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5915 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5916 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5917 if (wiphy_ext_feature_isset(&rdev->wiphy,
5918 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5919 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5920 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5921 }
5922
5923#undef PUT_SINFO
5924#undef PUT_SINFO_U64
5925
5926 if (sinfo->pertid) {
5927 struct nlattr *tidsattr;
5928 int tid;
5929
5930 tidsattr = nla_nest_start_noflag(msg,
5931 NL80211_STA_INFO_TID_STATS);
5932 if (!tidsattr)
5933 goto nla_put_failure;
5934
5935 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5936 struct cfg80211_tid_stats *tidstats;
5937 struct nlattr *tidattr;
5938
5939 tidstats = &sinfo->pertid[tid];
5940
5941 if (!tidstats->filled)
5942 continue;
5943
5944 tidattr = nla_nest_start_noflag(msg, tid + 1);
5945 if (!tidattr)
5946 goto nla_put_failure;
5947
5948#define PUT_TIDVAL_U64(attr, memb) do { \
5949 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
5950 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
5951 tidstats->memb, NL80211_TID_STATS_PAD)) \
5952 goto nla_put_failure; \
5953 } while (0)
5954
5955 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5956 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5957 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5958 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5959
5960#undef PUT_TIDVAL_U64
5961 if ((tidstats->filled &
5962 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5963 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5964 NL80211_TID_STATS_TXQ_STATS))
5965 goto nla_put_failure;
5966
5967 nla_nest_end(msg, tidattr);
5968 }
5969
5970 nla_nest_end(msg, tidsattr);
5971 }
5972
5973 nla_nest_end(msg, sinfoattr);
5974
5975 if (sinfo->assoc_req_ies_len &&
5976 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5977 sinfo->assoc_req_ies))
5978 goto nla_put_failure;
5979
5980 cfg80211_sinfo_release_content(sinfo);
5981 genlmsg_end(msg, hdr);
5982 return 0;
5983
5984 nla_put_failure:
5985 cfg80211_sinfo_release_content(sinfo);
5986 genlmsg_cancel(msg, hdr);
5987 return -EMSGSIZE;
5988}
5989
5990static int nl80211_dump_station(struct sk_buff *skb,
5991 struct netlink_callback *cb)
5992{
5993 struct station_info sinfo;
5994 struct cfg80211_registered_device *rdev;
5995 struct wireless_dev *wdev;
5996 u8 mac_addr[ETH_ALEN];
5997 int sta_idx = cb->args[2];
5998 int err;
5999
6000 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6001 if (err)
6002 return err;
6003
6004 __acquire(&rdev->wiphy.mtx);
6005
6006 if (!wdev->netdev) {
6007 err = -EINVAL;
6008 goto out_err;
6009 }
6010
6011 if (!rdev->ops->dump_station) {
6012 err = -EOPNOTSUPP;
6013 goto out_err;
6014 }
6015
6016 while (1) {
6017 memset(&sinfo, 0, sizeof(sinfo));
6018 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
6019 mac_addr, &sinfo);
6020 if (err == -ENOENT)
6021 break;
6022 if (err)
6023 goto out_err;
6024
6025 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
6026 NETLINK_CB(cb->skb).portid,
6027 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6028 rdev, wdev->netdev, mac_addr,
6029 &sinfo) < 0)
6030 goto out;
6031
6032 sta_idx++;
6033 }
6034
6035 out:
6036 cb->args[2] = sta_idx;
6037 err = skb->len;
6038 out_err:
6039 wiphy_unlock(&rdev->wiphy);
6040
6041 return err;
6042}
6043
6044static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
6045{
6046 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6047 struct net_device *dev = info->user_ptr[1];
6048 struct station_info sinfo;
6049 struct sk_buff *msg;
6050 u8 *mac_addr = NULL;
6051 int err;
6052
6053 memset(&sinfo, 0, sizeof(sinfo));
6054
6055 if (!info->attrs[NL80211_ATTR_MAC])
6056 return -EINVAL;
6057
6058 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6059
6060 if (!rdev->ops->get_station)
6061 return -EOPNOTSUPP;
6062
6063 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
6064 if (err)
6065 return err;
6066
6067 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6068 if (!msg) {
6069 cfg80211_sinfo_release_content(&sinfo);
6070 return -ENOMEM;
6071 }
6072
6073 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
6074 info->snd_portid, info->snd_seq, 0,
6075 rdev, dev, mac_addr, &sinfo) < 0) {
6076 nlmsg_free(msg);
6077 return -ENOBUFS;
6078 }
6079
6080 return genlmsg_reply(msg, info);
6081}
6082
6083int cfg80211_check_station_change(struct wiphy *wiphy,
6084 struct station_parameters *params,
6085 enum cfg80211_station_type statype)
6086{
6087 if (params->listen_interval != -1 &&
6088 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6089 return -EINVAL;
6090
6091 if (params->support_p2p_ps != -1 &&
6092 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6093 return -EINVAL;
6094
6095 if (params->aid &&
6096 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
6097 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6098 return -EINVAL;
6099
6100
6101 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
6102
6103 switch (statype) {
6104 case CFG80211_STA_MESH_PEER_KERNEL:
6105 case CFG80211_STA_MESH_PEER_USER:
6106
6107
6108
6109
6110
6111 if (params->sta_flags_mask &
6112 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6113 BIT(NL80211_STA_FLAG_MFP) |
6114 BIT(NL80211_STA_FLAG_AUTHORIZED)))
6115 return -EINVAL;
6116 break;
6117 case CFG80211_STA_TDLS_PEER_SETUP:
6118 case CFG80211_STA_TDLS_PEER_ACTIVE:
6119 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6120 return -EINVAL;
6121
6122 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6123 break;
6124 default:
6125
6126 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
6127 return -EINVAL;
6128 if (params->local_pm)
6129 return -EINVAL;
6130 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
6131 return -EINVAL;
6132 }
6133
6134 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
6135 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
6136
6137 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
6138 return -EINVAL;
6139
6140
6141
6142
6143
6144 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6145 }
6146
6147 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
6148 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
6149
6150 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
6151 return -EINVAL;
6152 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
6153 return -EINVAL;
6154 if (params->supported_rates)
6155 return -EINVAL;
6156 if (params->ext_capab || params->ht_capa || params->vht_capa ||
6157 params->he_capa)
6158 return -EINVAL;
6159 }
6160
6161 if (statype != CFG80211_STA_AP_CLIENT &&
6162 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
6163 if (params->vlan)
6164 return -EINVAL;
6165 }
6166
6167 switch (statype) {
6168 case CFG80211_STA_AP_MLME_CLIENT:
6169
6170 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
6171 return -EOPNOTSUPP;
6172 break;
6173 case CFG80211_STA_AP_CLIENT:
6174 case CFG80211_STA_AP_CLIENT_UNASSOC:
6175
6176 if (params->sta_flags_mask &
6177 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
6178 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6179 BIT(NL80211_STA_FLAG_ASSOCIATED) |
6180 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
6181 BIT(NL80211_STA_FLAG_WME) |
6182 BIT(NL80211_STA_FLAG_MFP)))
6183 return -EINVAL;
6184
6185
6186 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6187 params->sta_flags_mask &
6188 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6189 BIT(NL80211_STA_FLAG_ASSOCIATED)))
6190 return -EINVAL;
6191 break;
6192 case CFG80211_STA_IBSS:
6193 case CFG80211_STA_AP_STA:
6194
6195 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
6196 return -EINVAL;
6197 break;
6198 case CFG80211_STA_TDLS_PEER_SETUP:
6199
6200 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
6201 BIT(NL80211_STA_FLAG_WME)))
6202 return -EINVAL;
6203
6204 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
6205 !params->supported_rates)
6206 return -EINVAL;
6207 break;
6208 case CFG80211_STA_TDLS_PEER_ACTIVE:
6209
6210 return -EINVAL;
6211 case CFG80211_STA_MESH_PEER_KERNEL:
6212 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
6213 return -EINVAL;
6214 break;
6215 case CFG80211_STA_MESH_PEER_USER:
6216 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
6217 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
6218 return -EINVAL;
6219 break;
6220 }
6221
6222
6223
6224
6225
6226
6227 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
6228 statype != CFG80211_STA_TDLS_PEER_SETUP)
6229 params->opmode_notif_used = false;
6230
6231 return 0;
6232}
6233EXPORT_SYMBOL(cfg80211_check_station_change);
6234
6235
6236
6237
6238static struct net_device *get_vlan(struct genl_info *info,
6239 struct cfg80211_registered_device *rdev)
6240{
6241 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
6242 struct net_device *v;
6243 int ret;
6244
6245 if (!vlanattr)
6246 return NULL;
6247
6248 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
6249 if (!v)
6250 return ERR_PTR(-ENODEV);
6251
6252 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
6253 ret = -EINVAL;
6254 goto error;
6255 }
6256
6257 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
6258 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6259 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6260 ret = -EINVAL;
6261 goto error;
6262 }
6263
6264 if (!netif_running(v)) {
6265 ret = -ENETDOWN;
6266 goto error;
6267 }
6268
6269 return v;
6270 error:
6271 dev_put(v);
6272 return ERR_PTR(ret);
6273}
6274
6275static const struct nla_policy
6276nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
6277 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
6278 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
6279};
6280
6281static int nl80211_parse_sta_wme(struct genl_info *info,
6282 struct station_parameters *params)
6283{
6284 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
6285 struct nlattr *nla;
6286 int err;
6287
6288
6289 if (!info->attrs[NL80211_ATTR_STA_WME])
6290 return 0;
6291
6292 nla = info->attrs[NL80211_ATTR_STA_WME];
6293 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
6294 nl80211_sta_wme_policy,
6295 info->extack);
6296 if (err)
6297 return err;
6298
6299 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
6300 params->uapsd_queues = nla_get_u8(
6301 tb[NL80211_STA_WME_UAPSD_QUEUES]);
6302 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
6303 return -EINVAL;
6304
6305 if (tb[NL80211_STA_WME_MAX_SP])
6306 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
6307
6308 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
6309 return -EINVAL;
6310
6311 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
6312
6313 return 0;
6314}
6315
6316static int nl80211_parse_sta_channel_info(struct genl_info *info,
6317 struct station_parameters *params)
6318{
6319 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
6320 params->supported_channels =
6321 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
6322 params->supported_channels_len =
6323 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
6324
6325
6326
6327
6328
6329 if (params->supported_channels_len % 2)
6330 return -EINVAL;
6331 }
6332
6333 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
6334 params->supported_oper_classes =
6335 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
6336 params->supported_oper_classes_len =
6337 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
6338 }
6339 return 0;
6340}
6341
6342static int nl80211_set_station_tdls(struct genl_info *info,
6343 struct station_parameters *params)
6344{
6345 int err;
6346
6347 if (info->attrs[NL80211_ATTR_PEER_AID])
6348 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
6349 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
6350 params->ht_capa =
6351 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
6352 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
6353 params->vht_capa =
6354 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
6355 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
6356 params->he_capa =
6357 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6358 params->he_capa_len =
6359 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6360 }
6361
6362 err = nl80211_parse_sta_channel_info(info, params);
6363 if (err)
6364 return err;
6365
6366 return nl80211_parse_sta_wme(info, params);
6367}
6368
6369static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
6370 struct station_parameters *params)
6371{
6372 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6373 int idx;
6374
6375 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
6376 if (!rdev->ops->set_tx_power ||
6377 !wiphy_ext_feature_isset(&rdev->wiphy,
6378 NL80211_EXT_FEATURE_STA_TX_PWR))
6379 return -EOPNOTSUPP;
6380
6381 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
6382 params->txpwr.type = nla_get_u8(info->attrs[idx]);
6383
6384 if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
6385 idx = NL80211_ATTR_STA_TX_POWER;
6386
6387 if (info->attrs[idx])
6388 params->txpwr.power =
6389 nla_get_s16(info->attrs[idx]);
6390 else
6391 return -EINVAL;
6392 }
6393 params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
6394 }
6395
6396 return 0;
6397}
6398
6399static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
6400{
6401 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6402 struct net_device *dev = info->user_ptr[1];
6403 struct station_parameters params;
6404 u8 *mac_addr;
6405 int err;
6406
6407 memset(¶ms, 0, sizeof(params));
6408
6409 if (!rdev->ops->change_station)
6410 return -EOPNOTSUPP;
6411
6412
6413
6414
6415
6416
6417 if (info->attrs[NL80211_ATTR_STA_AID])
6418 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
6419
6420 if (info->attrs[NL80211_ATTR_VLAN_ID])
6421 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
6422
6423 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
6424 params.listen_interval =
6425 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
6426 else
6427 params.listen_interval = -1;
6428
6429 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
6430 params.support_p2p_ps =
6431 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
6432 else
6433 params.support_p2p_ps = -1;
6434
6435 if (!info->attrs[NL80211_ATTR_MAC])
6436 return -EINVAL;
6437
6438 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6439
6440 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
6441 params.supported_rates =
6442 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6443 params.supported_rates_len =
6444 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6445 }
6446
6447 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
6448 params.capability =
6449 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
6450 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
6451 }
6452
6453 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
6454 params.ext_capab =
6455 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6456 params.ext_capab_len =
6457 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6458 }
6459
6460 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
6461 return -EINVAL;
6462
6463 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
6464 params.plink_action =
6465 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
6466
6467 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
6468 params.plink_state =
6469 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
6470 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
6471 params.peer_aid = nla_get_u16(
6472 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
6473 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
6474 }
6475
6476 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
6477 params.local_pm = nla_get_u32(
6478 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
6479
6480 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6481 params.opmode_notif_used = true;
6482 params.opmode_notif =
6483 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6484 }
6485
6486 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
6487 params.he_6ghz_capa =
6488 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
6489
6490 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6491 params.airtime_weight =
6492 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6493
6494 if (params.airtime_weight &&
6495 !wiphy_ext_feature_isset(&rdev->wiphy,
6496 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6497 return -EOPNOTSUPP;
6498
6499 err = nl80211_parse_sta_txpower_setting(info, ¶ms);
6500 if (err)
6501 return err;
6502
6503
6504 err = nl80211_set_station_tdls(info, ¶ms);
6505 if (err)
6506 return err;
6507
6508 params.vlan = get_vlan(info, rdev);
6509 if (IS_ERR(params.vlan))
6510 return PTR_ERR(params.vlan);
6511
6512 switch (dev->ieee80211_ptr->iftype) {
6513 case NL80211_IFTYPE_AP:
6514 case NL80211_IFTYPE_AP_VLAN:
6515 case NL80211_IFTYPE_P2P_GO:
6516 case NL80211_IFTYPE_P2P_CLIENT:
6517 case NL80211_IFTYPE_STATION:
6518 case NL80211_IFTYPE_ADHOC:
6519 case NL80211_IFTYPE_MESH_POINT:
6520 break;
6521 default:
6522 err = -EOPNOTSUPP;
6523 goto out_put_vlan;
6524 }
6525
6526
6527 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
6528
6529 out_put_vlan:
6530 if (params.vlan)
6531 dev_put(params.vlan);
6532
6533 return err;
6534}
6535
6536static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
6537{
6538 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6539 int err;
6540 struct net_device *dev = info->user_ptr[1];
6541 struct station_parameters params;
6542 u8 *mac_addr = NULL;
6543 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6544 BIT(NL80211_STA_FLAG_ASSOCIATED);
6545
6546 memset(¶ms, 0, sizeof(params));
6547
6548 if (!rdev->ops->add_station)
6549 return -EOPNOTSUPP;
6550
6551 if (!info->attrs[NL80211_ATTR_MAC])
6552 return -EINVAL;
6553
6554 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
6555 return -EINVAL;
6556
6557 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
6558 return -EINVAL;
6559
6560 if (!info->attrs[NL80211_ATTR_STA_AID] &&
6561 !info->attrs[NL80211_ATTR_PEER_AID])
6562 return -EINVAL;
6563
6564 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6565 params.supported_rates =
6566 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6567 params.supported_rates_len =
6568 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6569 params.listen_interval =
6570 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
6571
6572 if (info->attrs[NL80211_ATTR_VLAN_ID])
6573 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
6574
6575 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
6576 params.support_p2p_ps =
6577 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
6578 } else {
6579
6580
6581
6582
6583 params.support_p2p_ps =
6584 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
6585 }
6586
6587 if (info->attrs[NL80211_ATTR_PEER_AID])
6588 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
6589 else
6590 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
6591
6592 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
6593 params.capability =
6594 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
6595 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
6596 }
6597
6598 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
6599 params.ext_capab =
6600 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6601 params.ext_capab_len =
6602 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6603 }
6604
6605 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
6606 params.ht_capa =
6607 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
6608
6609 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
6610 params.vht_capa =
6611 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
6612
6613 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
6614 params.he_capa =
6615 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6616 params.he_capa_len =
6617 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6618 }
6619
6620 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
6621 params.he_6ghz_capa =
6622 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
6623
6624 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6625 params.opmode_notif_used = true;
6626 params.opmode_notif =
6627 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6628 }
6629
6630 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
6631 params.plink_action =
6632 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
6633
6634 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6635 params.airtime_weight =
6636 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6637
6638 if (params.airtime_weight &&
6639 !wiphy_ext_feature_isset(&rdev->wiphy,
6640 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6641 return -EOPNOTSUPP;
6642
6643 err = nl80211_parse_sta_txpower_setting(info, ¶ms);
6644 if (err)
6645 return err;
6646
6647 err = nl80211_parse_sta_channel_info(info, ¶ms);
6648 if (err)
6649 return err;
6650
6651 err = nl80211_parse_sta_wme(info, ¶ms);
6652 if (err)
6653 return err;
6654
6655 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
6656 return -EINVAL;
6657
6658
6659
6660
6661
6662
6663 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
6664 params.ht_capa = NULL;
6665 params.vht_capa = NULL;
6666
6667
6668 if (params.he_capa_len || params.he_6ghz_capa)
6669 return -EINVAL;
6670 }
6671
6672
6673 if (params.he_6ghz_capa && (params.ht_capa || params.vht_capa))
6674 return -EINVAL;
6675
6676
6677 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
6678
6679 switch (dev->ieee80211_ptr->iftype) {
6680 case NL80211_IFTYPE_AP:
6681 case NL80211_IFTYPE_AP_VLAN:
6682 case NL80211_IFTYPE_P2P_GO:
6683
6684 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
6685 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
6686 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6687
6688
6689 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6690 info->attrs[NL80211_ATTR_PEER_AID])
6691 return -EINVAL;
6692
6693 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6694
6695
6696 if (!(rdev->wiphy.features &
6697 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6698 params.sta_flags_mask & auth_assoc)
6699 return -EINVAL;
6700
6701
6702
6703
6704
6705
6706
6707
6708
6709
6710
6711 if (!(params.sta_flags_mask & auth_assoc)) {
6712 params.sta_flags_mask |= auth_assoc;
6713 params.sta_flags_set |= auth_assoc;
6714 }
6715
6716
6717 params.vlan = get_vlan(info, rdev);
6718 if (IS_ERR(params.vlan))
6719 return PTR_ERR(params.vlan);
6720 break;
6721 case NL80211_IFTYPE_MESH_POINT:
6722
6723 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6724
6725
6726 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
6727 return -EINVAL;
6728
6729 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6730 info->attrs[NL80211_ATTR_PEER_AID])
6731 return -EINVAL;
6732 break;
6733 case NL80211_IFTYPE_STATION:
6734 case NL80211_IFTYPE_P2P_CLIENT:
6735
6736 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6737
6738
6739 if (params.sta_flags_mask &
6740 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
6741 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
6742 return -EINVAL;
6743
6744 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6745 return -EINVAL;
6746
6747 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
6748 return -EOPNOTSUPP;
6749
6750 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
6751 return -EOPNOTSUPP;
6752
6753
6754
6755
6756 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
6757 break;
6758 default:
6759 return -EOPNOTSUPP;
6760 }
6761
6762
6763
6764 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
6765
6766 if (params.vlan)
6767 dev_put(params.vlan);
6768 return err;
6769}
6770
6771static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
6772{
6773 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6774 struct net_device *dev = info->user_ptr[1];
6775 struct station_del_parameters params;
6776
6777 memset(¶ms, 0, sizeof(params));
6778
6779 if (info->attrs[NL80211_ATTR_MAC])
6780 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
6781
6782 switch (dev->ieee80211_ptr->iftype) {
6783 case NL80211_IFTYPE_AP:
6784 case NL80211_IFTYPE_AP_VLAN:
6785 case NL80211_IFTYPE_MESH_POINT:
6786 case NL80211_IFTYPE_P2P_GO:
6787
6788 break;
6789 case NL80211_IFTYPE_ADHOC:
6790
6791 if (wiphy_ext_feature_isset(&rdev->wiphy,
6792 NL80211_EXT_FEATURE_DEL_IBSS_STA))
6793 break;
6794 return -EINVAL;
6795 default:
6796 return -EINVAL;
6797 }
6798
6799 if (!rdev->ops->del_station)
6800 return -EOPNOTSUPP;
6801
6802 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
6803 params.subtype =
6804 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
6805 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
6806 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
6807 return -EINVAL;
6808 } else {
6809
6810 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
6811 }
6812
6813 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
6814 params.reason_code =
6815 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6816 if (params.reason_code == 0)
6817 return -EINVAL;
6818 } else {
6819
6820 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
6821 }
6822
6823 return rdev_del_station(rdev, dev, ¶ms);
6824}
6825
6826static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
6827 int flags, struct net_device *dev,
6828 u8 *dst, u8 *next_hop,
6829 struct mpath_info *pinfo)
6830{
6831 void *hdr;
6832 struct nlattr *pinfoattr;
6833
6834 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
6835 if (!hdr)
6836 return -1;
6837
6838 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6839 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
6840 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
6841 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
6842 goto nla_put_failure;
6843
6844 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
6845 if (!pinfoattr)
6846 goto nla_put_failure;
6847 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
6848 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
6849 pinfo->frame_qlen))
6850 goto nla_put_failure;
6851 if (((pinfo->filled & MPATH_INFO_SN) &&
6852 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
6853 ((pinfo->filled & MPATH_INFO_METRIC) &&
6854 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
6855 pinfo->metric)) ||
6856 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
6857 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
6858 pinfo->exptime)) ||
6859 ((pinfo->filled & MPATH_INFO_FLAGS) &&
6860 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
6861 pinfo->flags)) ||
6862 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
6863 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
6864 pinfo->discovery_timeout)) ||
6865 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
6866 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
6867 pinfo->discovery_retries)) ||
6868 ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
6869 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
6870 pinfo->hop_count)) ||
6871 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
6872 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
6873 pinfo->path_change_count)))
6874 goto nla_put_failure;
6875
6876 nla_nest_end(msg, pinfoattr);
6877
6878 genlmsg_end(msg, hdr);
6879 return 0;
6880
6881 nla_put_failure:
6882 genlmsg_cancel(msg, hdr);
6883 return -EMSGSIZE;
6884}
6885
6886static int nl80211_dump_mpath(struct sk_buff *skb,
6887 struct netlink_callback *cb)
6888{
6889 struct mpath_info pinfo;
6890 struct cfg80211_registered_device *rdev;
6891 struct wireless_dev *wdev;
6892 u8 dst[ETH_ALEN];
6893 u8 next_hop[ETH_ALEN];
6894 int path_idx = cb->args[2];
6895 int err;
6896
6897 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6898 if (err)
6899 return err;
6900
6901 __acquire(&rdev->wiphy.mtx);
6902
6903 if (!rdev->ops->dump_mpath) {
6904 err = -EOPNOTSUPP;
6905 goto out_err;
6906 }
6907
6908 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6909 err = -EOPNOTSUPP;
6910 goto out_err;
6911 }
6912
6913 while (1) {
6914 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6915 next_hop, &pinfo);
6916 if (err == -ENOENT)
6917 break;
6918 if (err)
6919 goto out_err;
6920
6921 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6922 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6923 wdev->netdev, dst, next_hop,
6924 &pinfo) < 0)
6925 goto out;
6926
6927 path_idx++;
6928 }
6929
6930 out:
6931 cb->args[2] = path_idx;
6932 err = skb->len;
6933 out_err:
6934 wiphy_unlock(&rdev->wiphy);
6935 return err;
6936}
6937
6938static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6939{
6940 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6941 int err;
6942 struct net_device *dev = info->user_ptr[1];
6943 struct mpath_info pinfo;
6944 struct sk_buff *msg;
6945 u8 *dst = NULL;
6946 u8 next_hop[ETH_ALEN];
6947
6948 memset(&pinfo, 0, sizeof(pinfo));
6949
6950 if (!info->attrs[NL80211_ATTR_MAC])
6951 return -EINVAL;
6952
6953 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6954
6955 if (!rdev->ops->get_mpath)
6956 return -EOPNOTSUPP;
6957
6958 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6959 return -EOPNOTSUPP;
6960
6961 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6962 if (err)
6963 return err;
6964
6965 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6966 if (!msg)
6967 return -ENOMEM;
6968
6969 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6970 dev, dst, next_hop, &pinfo) < 0) {
6971 nlmsg_free(msg);
6972 return -ENOBUFS;
6973 }
6974
6975 return genlmsg_reply(msg, info);
6976}
6977
6978static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6979{
6980 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6981 struct net_device *dev = info->user_ptr[1];
6982 u8 *dst = NULL;
6983 u8 *next_hop = NULL;
6984
6985 if (!info->attrs[NL80211_ATTR_MAC])
6986 return -EINVAL;
6987
6988 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6989 return -EINVAL;
6990
6991 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6992 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6993
6994 if (!rdev->ops->change_mpath)
6995 return -EOPNOTSUPP;
6996
6997 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6998 return -EOPNOTSUPP;
6999
7000 return rdev_change_mpath(rdev, dev, dst, next_hop);
7001}
7002
7003static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
7004{
7005 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7006 struct net_device *dev = info->user_ptr[1];
7007 u8 *dst = NULL;
7008 u8 *next_hop = NULL;
7009
7010 if (!info->attrs[NL80211_ATTR_MAC])
7011 return -EINVAL;
7012
7013 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
7014 return -EINVAL;
7015
7016 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7017 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
7018
7019 if (!rdev->ops->add_mpath)
7020 return -EOPNOTSUPP;
7021
7022 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7023 return -EOPNOTSUPP;
7024
7025 return rdev_add_mpath(rdev, dev, dst, next_hop);
7026}
7027
7028static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
7029{
7030 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7031 struct net_device *dev = info->user_ptr[1];
7032 u8 *dst = NULL;
7033
7034 if (info->attrs[NL80211_ATTR_MAC])
7035 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7036
7037 if (!rdev->ops->del_mpath)
7038 return -EOPNOTSUPP;
7039
7040 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7041 return -EOPNOTSUPP;
7042
7043 return rdev_del_mpath(rdev, dev, dst);
7044}
7045
7046static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
7047{
7048 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7049 int err;
7050 struct net_device *dev = info->user_ptr[1];
7051 struct mpath_info pinfo;
7052 struct sk_buff *msg;
7053 u8 *dst = NULL;
7054 u8 mpp[ETH_ALEN];
7055
7056 memset(&pinfo, 0, sizeof(pinfo));
7057
7058 if (!info->attrs[NL80211_ATTR_MAC])
7059 return -EINVAL;
7060
7061 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7062
7063 if (!rdev->ops->get_mpp)
7064 return -EOPNOTSUPP;
7065
7066 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7067 return -EOPNOTSUPP;
7068
7069 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
7070 if (err)
7071 return err;
7072
7073 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7074 if (!msg)
7075 return -ENOMEM;
7076
7077 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
7078 dev, dst, mpp, &pinfo) < 0) {
7079 nlmsg_free(msg);
7080 return -ENOBUFS;
7081 }
7082
7083 return genlmsg_reply(msg, info);
7084}
7085
7086static int nl80211_dump_mpp(struct sk_buff *skb,
7087 struct netlink_callback *cb)
7088{
7089 struct mpath_info pinfo;
7090 struct cfg80211_registered_device *rdev;
7091 struct wireless_dev *wdev;
7092 u8 dst[ETH_ALEN];
7093 u8 mpp[ETH_ALEN];
7094 int path_idx = cb->args[2];
7095 int err;
7096
7097 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
7098 if (err)
7099 return err;
7100
7101 __acquire(&rdev->wiphy.mtx);
7102
7103 if (!rdev->ops->dump_mpp) {
7104 err = -EOPNOTSUPP;
7105 goto out_err;
7106 }
7107
7108 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
7109 err = -EOPNOTSUPP;
7110 goto out_err;
7111 }
7112
7113 while (1) {
7114 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
7115 mpp, &pinfo);
7116 if (err == -ENOENT)
7117 break;
7118 if (err)
7119 goto out_err;
7120
7121 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
7122 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7123 wdev->netdev, dst, mpp,
7124 &pinfo) < 0)
7125 goto out;
7126
7127 path_idx++;
7128 }
7129
7130 out:
7131 cb->args[2] = path_idx;
7132 err = skb->len;
7133 out_err:
7134 wiphy_unlock(&rdev->wiphy);
7135 return err;
7136}
7137
7138static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
7139{
7140 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7141 struct net_device *dev = info->user_ptr[1];
7142 struct wireless_dev *wdev = dev->ieee80211_ptr;
7143 struct bss_parameters params;
7144 int err;
7145
7146 memset(¶ms, 0, sizeof(params));
7147
7148 params.use_cts_prot = -1;
7149 params.use_short_preamble = -1;
7150 params.use_short_slot_time = -1;
7151 params.ap_isolate = -1;
7152 params.ht_opmode = -1;
7153 params.p2p_ctwindow = -1;
7154 params.p2p_opp_ps = -1;
7155
7156 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
7157 params.use_cts_prot =
7158 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
7159 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
7160 params.use_short_preamble =
7161 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
7162 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
7163 params.use_short_slot_time =
7164 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
7165 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
7166 params.basic_rates =
7167 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7168 params.basic_rates_len =
7169 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7170 }
7171 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
7172 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
7173 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
7174 params.ht_opmode =
7175 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
7176
7177 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
7178 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7179 return -EINVAL;
7180 params.p2p_ctwindow =
7181 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
7182 if (params.p2p_ctwindow != 0 &&
7183 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
7184 return -EINVAL;
7185 }
7186
7187 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
7188 u8 tmp;
7189
7190 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7191 return -EINVAL;
7192 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
7193 params.p2p_opp_ps = tmp;
7194 if (params.p2p_opp_ps &&
7195 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
7196 return -EINVAL;
7197 }
7198
7199 if (!rdev->ops->change_bss)
7200 return -EOPNOTSUPP;
7201
7202 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
7203 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7204 return -EOPNOTSUPP;
7205
7206 wdev_lock(wdev);
7207 err = rdev_change_bss(rdev, dev, ¶ms);
7208 wdev_unlock(wdev);
7209
7210 return err;
7211}
7212
7213static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
7214{
7215 char *data = NULL;
7216 bool is_indoor;
7217 enum nl80211_user_reg_hint_type user_reg_hint_type;
7218 u32 owner_nlportid;
7219
7220
7221
7222
7223
7224
7225
7226 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
7227 return -EINPROGRESS;
7228
7229 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
7230 user_reg_hint_type =
7231 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
7232 else
7233 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
7234
7235 switch (user_reg_hint_type) {
7236 case NL80211_USER_REG_HINT_USER:
7237 case NL80211_USER_REG_HINT_CELL_BASE:
7238 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7239 return -EINVAL;
7240
7241 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7242 return regulatory_hint_user(data, user_reg_hint_type);
7243 case NL80211_USER_REG_HINT_INDOOR:
7244 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
7245 owner_nlportid = info->snd_portid;
7246 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
7247 } else {
7248 owner_nlportid = 0;
7249 is_indoor = true;
7250 }
7251
7252 return regulatory_hint_indoor(is_indoor, owner_nlportid);
7253 default:
7254 return -EINVAL;
7255 }
7256}
7257
7258static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
7259{
7260 return reg_reload_regdb();
7261}
7262
7263static int nl80211_get_mesh_config(struct sk_buff *skb,
7264 struct genl_info *info)
7265{
7266 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7267 struct net_device *dev = info->user_ptr[1];
7268 struct wireless_dev *wdev = dev->ieee80211_ptr;
7269 struct mesh_config cur_params;
7270 int err = 0;
7271 void *hdr;
7272 struct nlattr *pinfoattr;
7273 struct sk_buff *msg;
7274
7275 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
7276 return -EOPNOTSUPP;
7277
7278 if (!rdev->ops->get_mesh_config)
7279 return -EOPNOTSUPP;
7280
7281 wdev_lock(wdev);
7282
7283 if (!wdev->mesh_id_len)
7284 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
7285 else
7286 err = rdev_get_mesh_config(rdev, dev, &cur_params);
7287 wdev_unlock(wdev);
7288
7289 if (err)
7290 return err;
7291
7292
7293 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7294 if (!msg)
7295 return -ENOMEM;
7296 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7297 NL80211_CMD_GET_MESH_CONFIG);
7298 if (!hdr)
7299 goto out;
7300 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
7301 if (!pinfoattr)
7302 goto nla_put_failure;
7303 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7304 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
7305 cur_params.dot11MeshRetryTimeout) ||
7306 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
7307 cur_params.dot11MeshConfirmTimeout) ||
7308 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
7309 cur_params.dot11MeshHoldingTimeout) ||
7310 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
7311 cur_params.dot11MeshMaxPeerLinks) ||
7312 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
7313 cur_params.dot11MeshMaxRetries) ||
7314 nla_put_u8(msg, NL80211_MESHCONF_TTL,
7315 cur_params.dot11MeshTTL) ||
7316 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
7317 cur_params.element_ttl) ||
7318 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
7319 cur_params.auto_open_plinks) ||
7320 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
7321 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
7322 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
7323 cur_params.dot11MeshHWMPmaxPREQretries) ||
7324 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
7325 cur_params.path_refresh_time) ||
7326 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
7327 cur_params.min_discovery_timeout) ||
7328 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
7329 cur_params.dot11MeshHWMPactivePathTimeout) ||
7330 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
7331 cur_params.dot11MeshHWMPpreqMinInterval) ||
7332 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
7333 cur_params.dot11MeshHWMPperrMinInterval) ||
7334 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
7335 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
7336 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
7337 cur_params.dot11MeshHWMPRootMode) ||
7338 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
7339 cur_params.dot11MeshHWMPRannInterval) ||
7340 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
7341 cur_params.dot11MeshGateAnnouncementProtocol) ||
7342 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
7343 cur_params.dot11MeshForwarding) ||
7344 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
7345 cur_params.rssi_threshold) ||
7346 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
7347 cur_params.ht_opmode) ||
7348 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
7349 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
7350 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
7351 cur_params.dot11MeshHWMProotInterval) ||
7352 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
7353 cur_params.dot11MeshHWMPconfirmationInterval) ||
7354 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
7355 cur_params.power_mode) ||
7356 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
7357 cur_params.dot11MeshAwakeWindowDuration) ||
7358 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
7359 cur_params.plink_timeout) ||
7360 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
7361 cur_params.dot11MeshConnectedToMeshGate) ||
7362 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
7363 cur_params.dot11MeshNolearn) ||
7364 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
7365 cur_params.dot11MeshConnectedToAuthServer))
7366 goto nla_put_failure;
7367 nla_nest_end(msg, pinfoattr);
7368 genlmsg_end(msg, hdr);
7369 return genlmsg_reply(msg, info);
7370
7371 nla_put_failure:
7372 out:
7373 nlmsg_free(msg);
7374 return -ENOBUFS;
7375}
7376
7377static const struct nla_policy
7378nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
7379 [NL80211_MESHCONF_RETRY_TIMEOUT] =
7380 NLA_POLICY_RANGE(NLA_U16, 1, 255),
7381 [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
7382 NLA_POLICY_RANGE(NLA_U16, 1, 255),
7383 [NL80211_MESHCONF_HOLDING_TIMEOUT] =
7384 NLA_POLICY_RANGE(NLA_U16, 1, 255),
7385 [NL80211_MESHCONF_MAX_PEER_LINKS] =
7386 NLA_POLICY_RANGE(NLA_U16, 0, 255),
7387 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
7388 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
7389 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
7390 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
7391 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
7392 NLA_POLICY_RANGE(NLA_U32, 1, 255),
7393 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
7394 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
7395 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
7396 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
7397 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
7398 NLA_POLICY_MIN(NLA_U16, 1),
7399 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
7400 NLA_POLICY_MIN(NLA_U16, 1),
7401 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
7402 NLA_POLICY_MIN(NLA_U16, 1),
7403 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
7404 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
7405 NLA_POLICY_MIN(NLA_U16, 1),
7406 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
7407 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
7408 [NL80211_MESHCONF_RSSI_THRESHOLD] =
7409 NLA_POLICY_RANGE(NLA_S32, -255, 0),
7410 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
7411 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
7412 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
7413 NLA_POLICY_MIN(NLA_U16, 1),
7414 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
7415 NLA_POLICY_MIN(NLA_U16, 1),
7416 [NL80211_MESHCONF_POWER_MODE] =
7417 NLA_POLICY_RANGE(NLA_U32,
7418 NL80211_MESH_POWER_ACTIVE,
7419 NL80211_MESH_POWER_MAX),
7420 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
7421 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
7422 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7423 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7424 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7425};
7426
7427static const struct nla_policy
7428 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
7429 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
7430 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
7431 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
7432 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
7433 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
7434 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
7435 [NL80211_MESH_SETUP_IE] =
7436 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
7437 IEEE80211_MAX_DATA_LEN),
7438 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
7439};
7440
7441static int nl80211_parse_mesh_config(struct genl_info *info,
7442 struct mesh_config *cfg,
7443 u32 *mask_out)
7444{
7445 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
7446 u32 mask = 0;
7447 u16 ht_opmode;
7448
7449#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
7450do { \
7451 if (tb[attr]) { \
7452 cfg->param = fn(tb[attr]); \
7453 mask |= BIT((attr) - 1); \
7454 } \
7455} while (0)
7456
7457 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
7458 return -EINVAL;
7459 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
7460 return -EINVAL;
7461
7462
7463
7464 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
7465
7466
7467 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
7468 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
7469 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
7470 NL80211_MESHCONF_CONFIRM_TIMEOUT,
7471 nla_get_u16);
7472 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
7473 NL80211_MESHCONF_HOLDING_TIMEOUT,
7474 nla_get_u16);
7475 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
7476 NL80211_MESHCONF_MAX_PEER_LINKS,
7477 nla_get_u16);
7478 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
7479 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
7480 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
7481 NL80211_MESHCONF_TTL, nla_get_u8);
7482 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
7483 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
7484 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
7485 NL80211_MESHCONF_AUTO_OPEN_PLINKS,
7486 nla_get_u8);
7487 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
7488 mask,
7489 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
7490 nla_get_u32);
7491 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
7492 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
7493 nla_get_u8);
7494 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
7495 NL80211_MESHCONF_PATH_REFRESH_TIME,
7496 nla_get_u32);
7497 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
7498 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
7499 return -EINVAL;
7500 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
7501 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
7502 nla_get_u16);
7503 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
7504 mask,
7505 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
7506 nla_get_u32);
7507 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
7508 (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
7509 cfg->dot11MeshHWMPactivePathTimeout > 65535))
7510 return -EINVAL;
7511 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
7512 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
7513 nla_get_u16);
7514 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
7515 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
7516 nla_get_u16);
7517 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7518 dot11MeshHWMPnetDiameterTraversalTime, mask,
7519 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
7520 nla_get_u16);
7521 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
7522 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
7523 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
7524 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
7525 nla_get_u16);
7526 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
7527 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
7528 nla_get_u8);
7529 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
7530 NL80211_MESHCONF_FORWARDING, nla_get_u8);
7531 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
7532 NL80211_MESHCONF_RSSI_THRESHOLD,
7533 nla_get_s32);
7534 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
7535 NL80211_MESHCONF_CONNECTED_TO_GATE,
7536 nla_get_u8);
7537 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
7538 NL80211_MESHCONF_CONNECTED_TO_AS,
7539 nla_get_u8);
7540
7541
7542
7543
7544 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
7545 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
7546
7547 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
7548 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
7549 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
7550 return -EINVAL;
7551
7552
7553 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
7554
7555 cfg->ht_opmode = ht_opmode;
7556 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
7557 }
7558 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7559 dot11MeshHWMPactivePathToRootTimeout, mask,
7560 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
7561 nla_get_u32);
7562 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
7563 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
7564 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
7565 return -EINVAL;
7566 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
7567 NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
7568 nla_get_u16);
7569 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
7570 mask,
7571 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
7572 nla_get_u16);
7573 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
7574 NL80211_MESHCONF_POWER_MODE, nla_get_u32);
7575 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
7576 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
7577 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
7578 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
7579 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
7580 NL80211_MESHCONF_NOLEARN, nla_get_u8);
7581 if (mask_out)
7582 *mask_out = mask;
7583
7584 return 0;
7585
7586#undef FILL_IN_MESH_PARAM_IF_SET
7587}
7588
7589static int nl80211_parse_mesh_setup(struct genl_info *info,
7590 struct mesh_setup *setup)
7591{
7592 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7593 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
7594
7595 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
7596 return -EINVAL;
7597 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
7598 return -EINVAL;
7599
7600 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
7601 setup->sync_method =
7602 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
7603 IEEE80211_SYNC_METHOD_VENDOR :
7604 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
7605
7606 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
7607 setup->path_sel_proto =
7608 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
7609 IEEE80211_PATH_PROTOCOL_VENDOR :
7610 IEEE80211_PATH_PROTOCOL_HWMP;
7611
7612 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
7613 setup->path_metric =
7614 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
7615 IEEE80211_PATH_METRIC_VENDOR :
7616 IEEE80211_PATH_METRIC_AIRTIME;
7617
7618 if (tb[NL80211_MESH_SETUP_IE]) {
7619 struct nlattr *ieattr =
7620 tb[NL80211_MESH_SETUP_IE];
7621 setup->ie = nla_data(ieattr);
7622 setup->ie_len = nla_len(ieattr);
7623 }
7624 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
7625 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
7626 return -EINVAL;
7627 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
7628 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
7629 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
7630 if (setup->is_secure)
7631 setup->user_mpm = true;
7632
7633 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
7634 if (!setup->user_mpm)
7635 return -EINVAL;
7636 setup->auth_id =
7637 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
7638 }
7639
7640 return 0;
7641}
7642
7643static int nl80211_update_mesh_config(struct sk_buff *skb,
7644 struct genl_info *info)
7645{
7646 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7647 struct net_device *dev = info->user_ptr[1];
7648 struct wireless_dev *wdev = dev->ieee80211_ptr;
7649 struct mesh_config cfg;
7650 u32 mask;
7651 int err;
7652
7653 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
7654 return -EOPNOTSUPP;
7655
7656 if (!rdev->ops->update_mesh_config)
7657 return -EOPNOTSUPP;
7658
7659 err = nl80211_parse_mesh_config(info, &cfg, &mask);
7660 if (err)
7661 return err;
7662
7663 wdev_lock(wdev);
7664 if (!wdev->mesh_id_len)
7665 err = -ENOLINK;
7666
7667 if (!err)
7668 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
7669
7670 wdev_unlock(wdev);
7671
7672 return err;
7673}
7674
7675static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
7676 struct sk_buff *msg)
7677{
7678 struct nlattr *nl_reg_rules;
7679 unsigned int i;
7680
7681 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
7682 (regdom->dfs_region &&
7683 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
7684 goto nla_put_failure;
7685
7686 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
7687 if (!nl_reg_rules)
7688 goto nla_put_failure;
7689
7690 for (i = 0; i < regdom->n_reg_rules; i++) {
7691 struct nlattr *nl_reg_rule;
7692 const struct ieee80211_reg_rule *reg_rule;
7693 const struct ieee80211_freq_range *freq_range;
7694 const struct ieee80211_power_rule *power_rule;
7695 unsigned int max_bandwidth_khz;
7696
7697 reg_rule = ®dom->reg_rules[i];
7698 freq_range = ®_rule->freq_range;
7699 power_rule = ®_rule->power_rule;
7700
7701 nl_reg_rule = nla_nest_start_noflag(msg, i);
7702 if (!nl_reg_rule)
7703 goto nla_put_failure;
7704
7705 max_bandwidth_khz = freq_range->max_bandwidth_khz;
7706 if (!max_bandwidth_khz)
7707 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
7708 reg_rule);
7709
7710 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
7711 reg_rule->flags) ||
7712 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
7713 freq_range->start_freq_khz) ||
7714 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
7715 freq_range->end_freq_khz) ||
7716 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
7717 max_bandwidth_khz) ||
7718 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
7719 power_rule->max_antenna_gain) ||
7720 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
7721 power_rule->max_eirp) ||
7722 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
7723 reg_rule->dfs_cac_ms))
7724 goto nla_put_failure;
7725
7726 nla_nest_end(msg, nl_reg_rule);
7727 }
7728
7729 nla_nest_end(msg, nl_reg_rules);
7730 return 0;
7731
7732nla_put_failure:
7733 return -EMSGSIZE;
7734}
7735
7736static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
7737{
7738 const struct ieee80211_regdomain *regdom = NULL;
7739 struct cfg80211_registered_device *rdev;
7740 struct wiphy *wiphy = NULL;
7741 struct sk_buff *msg;
7742 void *hdr;
7743
7744 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7745 if (!msg)
7746 return -ENOBUFS;
7747
7748 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7749 NL80211_CMD_GET_REG);
7750 if (!hdr)
7751 goto put_failure;
7752
7753 rtnl_lock();
7754
7755 if (info->attrs[NL80211_ATTR_WIPHY]) {
7756 bool self_managed;
7757
7758 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
7759 if (IS_ERR(rdev)) {
7760 nlmsg_free(msg);
7761 rtnl_unlock();
7762 return PTR_ERR(rdev);
7763 }
7764
7765 wiphy = &rdev->wiphy;
7766 self_managed = wiphy->regulatory_flags &
7767 REGULATORY_WIPHY_SELF_MANAGED;
7768 regdom = get_wiphy_regdom(wiphy);
7769
7770
7771 if (WARN_ON(!regdom && self_managed)) {
7772 nlmsg_free(msg);
7773 rtnl_unlock();
7774 return -EINVAL;
7775 }
7776
7777 if (regdom &&
7778 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7779 goto nla_put_failure;
7780 }
7781
7782 if (!wiphy && reg_last_request_cell_base() &&
7783 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7784 NL80211_USER_REG_HINT_CELL_BASE))
7785 goto nla_put_failure;
7786
7787 rcu_read_lock();
7788
7789 if (!regdom)
7790 regdom = rcu_dereference(cfg80211_regdomain);
7791
7792 if (nl80211_put_regdom(regdom, msg))
7793 goto nla_put_failure_rcu;
7794
7795 rcu_read_unlock();
7796
7797 genlmsg_end(msg, hdr);
7798 rtnl_unlock();
7799 return genlmsg_reply(msg, info);
7800
7801nla_put_failure_rcu:
7802 rcu_read_unlock();
7803nla_put_failure:
7804 rtnl_unlock();
7805put_failure:
7806 nlmsg_free(msg);
7807 return -EMSGSIZE;
7808}
7809
7810static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
7811 u32 seq, int flags, struct wiphy *wiphy,
7812 const struct ieee80211_regdomain *regdom)
7813{
7814 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7815 NL80211_CMD_GET_REG);
7816
7817 if (!hdr)
7818 return -1;
7819
7820 genl_dump_check_consistent(cb, hdr);
7821
7822 if (nl80211_put_regdom(regdom, msg))
7823 goto nla_put_failure;
7824
7825 if (!wiphy && reg_last_request_cell_base() &&
7826 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7827 NL80211_USER_REG_HINT_CELL_BASE))
7828 goto nla_put_failure;
7829
7830 if (wiphy &&
7831 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7832 goto nla_put_failure;
7833
7834 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
7835 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
7836 goto nla_put_failure;
7837
7838 genlmsg_end(msg, hdr);
7839 return 0;
7840
7841nla_put_failure:
7842 genlmsg_cancel(msg, hdr);
7843 return -EMSGSIZE;
7844}
7845
7846static int nl80211_get_reg_dump(struct sk_buff *skb,
7847 struct netlink_callback *cb)
7848{
7849 const struct ieee80211_regdomain *regdom = NULL;
7850 struct cfg80211_registered_device *rdev;
7851 int err, reg_idx, start = cb->args[2];
7852
7853 rtnl_lock();
7854
7855 if (cfg80211_regdomain && start == 0) {
7856 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7857 NLM_F_MULTI, NULL,
7858 rtnl_dereference(cfg80211_regdomain));
7859 if (err < 0)
7860 goto out_err;
7861 }
7862
7863
7864 reg_idx = 1;
7865 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
7866 regdom = get_wiphy_regdom(&rdev->wiphy);
7867 if (!regdom)
7868 continue;
7869
7870 if (++reg_idx <= start)
7871 continue;
7872
7873 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7874 NLM_F_MULTI, &rdev->wiphy, regdom);
7875 if (err < 0) {
7876 reg_idx--;
7877 break;
7878 }
7879 }
7880
7881 cb->args[2] = reg_idx;
7882 err = skb->len;
7883out_err:
7884 rtnl_unlock();
7885 return err;
7886}
7887
7888#ifdef CONFIG_CFG80211_CRDA_SUPPORT
7889static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
7890 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
7891 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
7892 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
7893 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
7894 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
7895 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
7896 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
7897};
7898
7899static int parse_reg_rule(struct nlattr *tb[],
7900 struct ieee80211_reg_rule *reg_rule)
7901{
7902 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
7903 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
7904
7905 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
7906 return -EINVAL;
7907 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
7908 return -EINVAL;
7909 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
7910 return -EINVAL;
7911 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
7912 return -EINVAL;
7913 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
7914 return -EINVAL;
7915
7916 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
7917
7918 freq_range->start_freq_khz =
7919 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
7920 freq_range->end_freq_khz =
7921 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7922 freq_range->max_bandwidth_khz =
7923 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7924
7925 power_rule->max_eirp =
7926 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7927
7928 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7929 power_rule->max_antenna_gain =
7930 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7931
7932 if (tb[NL80211_ATTR_DFS_CAC_TIME])
7933 reg_rule->dfs_cac_ms =
7934 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7935
7936 return 0;
7937}
7938
7939static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7940{
7941 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7942 struct nlattr *nl_reg_rule;
7943 char *alpha2;
7944 int rem_reg_rules, r;
7945 u32 num_rules = 0, rule_idx = 0;
7946 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7947 struct ieee80211_regdomain *rd;
7948
7949 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7950 return -EINVAL;
7951
7952 if (!info->attrs[NL80211_ATTR_REG_RULES])
7953 return -EINVAL;
7954
7955 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7956
7957 if (info->attrs[NL80211_ATTR_DFS_REGION])
7958 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7959
7960 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7961 rem_reg_rules) {
7962 num_rules++;
7963 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7964 return -EINVAL;
7965 }
7966
7967 rtnl_lock();
7968 if (!reg_is_valid_request(alpha2)) {
7969 r = -EINVAL;
7970 goto out;
7971 }
7972
7973 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7974 if (!rd) {
7975 r = -ENOMEM;
7976 goto out;
7977 }
7978
7979 rd->n_reg_rules = num_rules;
7980 rd->alpha2[0] = alpha2[0];
7981 rd->alpha2[1] = alpha2[1];
7982
7983
7984
7985
7986
7987 if (reg_supported_dfs_region(dfs_region))
7988 rd->dfs_region = dfs_region;
7989
7990 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7991 rem_reg_rules) {
7992 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7993 nl_reg_rule, reg_rule_policy,
7994 info->extack);
7995 if (r)
7996 goto bad_reg;
7997 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
7998 if (r)
7999 goto bad_reg;
8000
8001 rule_idx++;
8002
8003 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
8004 r = -EINVAL;
8005 goto bad_reg;
8006 }
8007 }
8008
8009 r = set_regdom(rd, REGD_SOURCE_CRDA);
8010
8011 rd = NULL;
8012 bad_reg:
8013 kfree(rd);
8014 out:
8015 rtnl_unlock();
8016 return r;
8017}
8018#endif
8019
8020static int validate_scan_freqs(struct nlattr *freqs)
8021{
8022 struct nlattr *attr1, *attr2;
8023 int n_channels = 0, tmp1, tmp2;
8024
8025 nla_for_each_nested(attr1, freqs, tmp1)
8026 if (nla_len(attr1) != sizeof(u32))
8027 return 0;
8028
8029 nla_for_each_nested(attr1, freqs, tmp1) {
8030 n_channels++;
8031
8032
8033
8034
8035
8036
8037
8038
8039
8040 nla_for_each_nested(attr2, freqs, tmp2)
8041 if (attr1 != attr2 &&
8042 nla_get_u32(attr1) == nla_get_u32(attr2))
8043 return 0;
8044 }
8045
8046 return n_channels;
8047}
8048
8049static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
8050{
8051 return b < NUM_NL80211_BANDS && wiphy->bands[b];
8052}
8053
8054static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
8055 struct cfg80211_bss_selection *bss_select)
8056{
8057 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
8058 struct nlattr *nest;
8059 int err;
8060 bool found = false;
8061 int i;
8062
8063
8064 nest = nla_data(nla);
8065 if (!nla_ok(nest, nla_len(nest)))
8066 return -EINVAL;
8067
8068 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
8069 nest, nl80211_bss_select_policy,
8070 NULL);
8071 if (err)
8072 return err;
8073
8074
8075 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
8076 if (attr[i]) {
8077 if (found)
8078 return -EINVAL;
8079 found = true;
8080 }
8081 }
8082
8083 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
8084
8085 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
8086 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
8087
8088 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
8089 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
8090 bss_select->param.band_pref =
8091 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
8092 if (!is_band_valid(wiphy, bss_select->param.band_pref))
8093 return -EINVAL;
8094 }
8095
8096 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
8097 struct nl80211_bss_select_rssi_adjust *adj_param;
8098
8099 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
8100 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
8101 bss_select->param.adjust.band = adj_param->band;
8102 bss_select->param.adjust.delta = adj_param->delta;
8103 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
8104 return -EINVAL;
8105 }
8106
8107
8108 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
8109 return -EINVAL;
8110
8111 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
8112 return -EINVAL;
8113
8114 return 0;
8115}
8116
8117int nl80211_parse_random_mac(struct nlattr **attrs,
8118 u8 *mac_addr, u8 *mac_addr_mask)
8119{
8120 int i;
8121
8122 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
8123 eth_zero_addr(mac_addr);
8124 eth_zero_addr(mac_addr_mask);
8125 mac_addr[0] = 0x2;
8126 mac_addr_mask[0] = 0x3;
8127
8128 return 0;
8129 }
8130
8131
8132 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
8133 return -EINVAL;
8134
8135 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
8136 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
8137
8138
8139 if (!is_multicast_ether_addr(mac_addr_mask) ||
8140 is_multicast_ether_addr(mac_addr))
8141 return -EINVAL;
8142
8143
8144
8145
8146
8147
8148 for (i = 0; i < ETH_ALEN; i++)
8149 mac_addr[i] &= mac_addr_mask[i];
8150
8151 return 0;
8152}
8153
8154static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
8155{
8156 ASSERT_WDEV_LOCK(wdev);
8157
8158 if (!cfg80211_beaconing_iface_active(wdev))
8159 return true;
8160
8161 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
8162 return true;
8163
8164 return regulatory_pre_cac_allowed(wdev->wiphy);
8165}
8166
8167static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
8168 enum nl80211_ext_feature_index feat)
8169{
8170 if (!(flags & flag))
8171 return true;
8172 if (wiphy_ext_feature_isset(wiphy, feat))
8173 return true;
8174 return false;
8175}
8176
8177static int
8178nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
8179 void *request, struct nlattr **attrs,
8180 bool is_sched_scan)
8181{
8182 u8 *mac_addr, *mac_addr_mask;
8183 u32 *flags;
8184 enum nl80211_feature_flags randomness_flag;
8185
8186 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
8187 return 0;
8188
8189 if (is_sched_scan) {
8190 struct cfg80211_sched_scan_request *req = request;
8191
8192 randomness_flag = wdev ?
8193 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
8194 NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
8195 flags = &req->flags;
8196 mac_addr = req->mac_addr;
8197 mac_addr_mask = req->mac_addr_mask;
8198 } else {
8199 struct cfg80211_scan_request *req = request;
8200
8201 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
8202 flags = &req->flags;
8203 mac_addr = req->mac_addr;
8204 mac_addr_mask = req->mac_addr_mask;
8205 }
8206
8207 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
8208
8209 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
8210 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
8211 !nl80211_check_scan_feat(wiphy, *flags,
8212 NL80211_SCAN_FLAG_LOW_SPAN,
8213 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
8214 !nl80211_check_scan_feat(wiphy, *flags,
8215 NL80211_SCAN_FLAG_LOW_POWER,
8216 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
8217 !nl80211_check_scan_feat(wiphy, *flags,
8218 NL80211_SCAN_FLAG_HIGH_ACCURACY,
8219 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
8220 !nl80211_check_scan_feat(wiphy, *flags,
8221 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
8222 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
8223 !nl80211_check_scan_feat(wiphy, *flags,
8224 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
8225 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
8226 !nl80211_check_scan_feat(wiphy, *flags,
8227 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
8228 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
8229 !nl80211_check_scan_feat(wiphy, *flags,
8230 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
8231 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
8232 !nl80211_check_scan_feat(wiphy, *flags,
8233 NL80211_SCAN_FLAG_RANDOM_SN,
8234 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
8235 !nl80211_check_scan_feat(wiphy, *flags,
8236 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
8237 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
8238 return -EOPNOTSUPP;
8239
8240 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
8241 int err;
8242
8243 if (!(wiphy->features & randomness_flag) ||
8244 (wdev && wdev->current_bss))
8245 return -EOPNOTSUPP;
8246
8247 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
8248 if (err)
8249 return err;
8250 }
8251
8252 return 0;
8253}
8254
8255static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
8256{
8257 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8258 struct wireless_dev *wdev = info->user_ptr[1];
8259 struct cfg80211_scan_request *request;
8260 struct nlattr *scan_freqs = NULL;
8261 bool scan_freqs_khz = false;
8262 struct nlattr *attr;
8263 struct wiphy *wiphy;
8264 int err, tmp, n_ssids = 0, n_channels, i;
8265 size_t ie_len;
8266
8267 wiphy = &rdev->wiphy;
8268
8269 if (wdev->iftype == NL80211_IFTYPE_NAN)
8270 return -EOPNOTSUPP;
8271
8272 if (!rdev->ops->scan)
8273 return -EOPNOTSUPP;
8274
8275 if (rdev->scan_req || rdev->scan_msg)
8276 return -EBUSY;
8277
8278 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
8279 if (!wiphy_ext_feature_isset(wiphy,
8280 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
8281 return -EOPNOTSUPP;
8282 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
8283 scan_freqs_khz = true;
8284 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
8285 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
8286
8287 if (scan_freqs) {
8288 n_channels = validate_scan_freqs(scan_freqs);
8289 if (!n_channels)
8290 return -EINVAL;
8291 } else {
8292 n_channels = ieee80211_get_num_supported_channels(wiphy);
8293 }
8294
8295 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
8296 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
8297 n_ssids++;
8298
8299 if (n_ssids > wiphy->max_scan_ssids)
8300 return -EINVAL;
8301
8302 if (info->attrs[NL80211_ATTR_IE])
8303 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8304 else
8305 ie_len = 0;
8306
8307 if (ie_len > wiphy->max_scan_ie_len)
8308 return -EINVAL;
8309
8310 request = kzalloc(sizeof(*request)
8311 + sizeof(*request->ssids) * n_ssids
8312 + sizeof(*request->channels) * n_channels
8313 + ie_len, GFP_KERNEL);
8314 if (!request)
8315 return -ENOMEM;
8316
8317 if (n_ssids)
8318 request->ssids = (void *)&request->channels[n_channels];
8319 request->n_ssids = n_ssids;
8320 if (ie_len) {
8321 if (n_ssids)
8322 request->ie = (void *)(request->ssids + n_ssids);
8323 else
8324 request->ie = (void *)(request->channels + n_channels);
8325 }
8326
8327 i = 0;
8328 if (scan_freqs) {
8329
8330 nla_for_each_nested(attr, scan_freqs, tmp) {
8331 struct ieee80211_channel *chan;
8332 int freq = nla_get_u32(attr);
8333
8334 if (!scan_freqs_khz)
8335 freq = MHZ_TO_KHZ(freq);
8336
8337 chan = ieee80211_get_channel_khz(wiphy, freq);
8338 if (!chan) {
8339 err = -EINVAL;
8340 goto out_free;
8341 }
8342
8343
8344 if (chan->flags & IEEE80211_CHAN_DISABLED)
8345 continue;
8346
8347 request->channels[i] = chan;
8348 i++;
8349 }
8350 } else {
8351 enum nl80211_band band;
8352
8353
8354 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8355 int j;
8356
8357 if (!wiphy->bands[band])
8358 continue;
8359 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8360 struct ieee80211_channel *chan;
8361
8362 chan = &wiphy->bands[band]->channels[j];
8363
8364 if (chan->flags & IEEE80211_CHAN_DISABLED)
8365 continue;
8366
8367 request->channels[i] = chan;
8368 i++;
8369 }
8370 }
8371 }
8372
8373 if (!i) {
8374 err = -EINVAL;
8375 goto out_free;
8376 }
8377
8378 request->n_channels = i;
8379
8380 wdev_lock(wdev);
8381 if (!cfg80211_off_channel_oper_allowed(wdev)) {
8382 struct ieee80211_channel *chan;
8383
8384 if (request->n_channels != 1) {
8385 wdev_unlock(wdev);
8386 err = -EBUSY;
8387 goto out_free;
8388 }
8389
8390 chan = request->channels[0];
8391 if (chan->center_freq != wdev->chandef.chan->center_freq) {
8392 wdev_unlock(wdev);
8393 err = -EBUSY;
8394 goto out_free;
8395 }
8396 }
8397 wdev_unlock(wdev);
8398
8399 i = 0;
8400 if (n_ssids) {
8401 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
8402 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8403 err = -EINVAL;
8404 goto out_free;
8405 }
8406 request->ssids[i].ssid_len = nla_len(attr);
8407 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
8408 i++;
8409 }
8410 }
8411
8412 if (info->attrs[NL80211_ATTR_IE]) {
8413 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8414 memcpy((void *)request->ie,
8415 nla_data(info->attrs[NL80211_ATTR_IE]),
8416 request->ie_len);
8417 }
8418
8419 for (i = 0; i < NUM_NL80211_BANDS; i++)
8420 if (wiphy->bands[i])
8421 request->rates[i] =
8422 (1 << wiphy->bands[i]->n_bitrates) - 1;
8423
8424 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
8425 nla_for_each_nested(attr,
8426 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
8427 tmp) {
8428 enum nl80211_band band = nla_type(attr);
8429
8430 if (band < 0 || band >= NUM_NL80211_BANDS) {
8431 err = -EINVAL;
8432 goto out_free;
8433 }
8434
8435 if (!wiphy->bands[band])
8436 continue;
8437
8438 err = ieee80211_get_ratemask(wiphy->bands[band],
8439 nla_data(attr),
8440 nla_len(attr),
8441 &request->rates[band]);
8442 if (err)
8443 goto out_free;
8444 }
8445 }
8446
8447 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
8448 request->duration =
8449 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
8450 request->duration_mandatory =
8451 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
8452 }
8453
8454 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
8455 false);
8456 if (err)
8457 goto out_free;
8458
8459 request->no_cck =
8460 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
8461
8462
8463
8464
8465
8466
8467
8468
8469
8470
8471 if (info->attrs[NL80211_ATTR_BSSID])
8472 memcpy(request->bssid,
8473 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
8474 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
8475 info->attrs[NL80211_ATTR_MAC])
8476 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
8477 ETH_ALEN);
8478 else
8479 eth_broadcast_addr(request->bssid);
8480
8481 request->wdev = wdev;
8482 request->wiphy = &rdev->wiphy;
8483 request->scan_start = jiffies;
8484
8485 rdev->scan_req = request;
8486 err = cfg80211_scan(rdev);
8487
8488 if (err)
8489 goto out_free;
8490
8491 nl80211_send_scan_start(rdev, wdev);
8492 if (wdev->netdev)
8493 dev_hold(wdev->netdev);
8494
8495 return 0;
8496
8497 out_free:
8498 rdev->scan_req = NULL;
8499 kfree(request);
8500
8501 return err;
8502}
8503
8504static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
8505{
8506 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8507 struct wireless_dev *wdev = info->user_ptr[1];
8508
8509 if (!rdev->ops->abort_scan)
8510 return -EOPNOTSUPP;
8511
8512 if (rdev->scan_msg)
8513 return 0;
8514
8515 if (!rdev->scan_req)
8516 return -ENOENT;
8517
8518 rdev_abort_scan(rdev, wdev);
8519 return 0;
8520}
8521
8522static int
8523nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
8524 struct cfg80211_sched_scan_request *request,
8525 struct nlattr **attrs)
8526{
8527 int tmp, err, i = 0;
8528 struct nlattr *attr;
8529
8530 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8531 u32 interval;
8532
8533
8534
8535
8536
8537
8538
8539 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
8540 if (!interval)
8541 return -EINVAL;
8542
8543 request->scan_plans[0].interval =
8544 DIV_ROUND_UP(interval, MSEC_PER_SEC);
8545 if (!request->scan_plans[0].interval)
8546 return -EINVAL;
8547
8548 if (request->scan_plans[0].interval >
8549 wiphy->max_sched_scan_plan_interval)
8550 request->scan_plans[0].interval =
8551 wiphy->max_sched_scan_plan_interval;
8552
8553 return 0;
8554 }
8555
8556 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
8557 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
8558
8559 if (WARN_ON(i >= n_plans))
8560 return -EINVAL;
8561
8562 err = nla_parse_nested_deprecated(plan,
8563 NL80211_SCHED_SCAN_PLAN_MAX,
8564 attr, nl80211_plan_policy,
8565 NULL);
8566 if (err)
8567 return err;
8568
8569 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
8570 return -EINVAL;
8571
8572 request->scan_plans[i].interval =
8573 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
8574 if (!request->scan_plans[i].interval ||
8575 request->scan_plans[i].interval >
8576 wiphy->max_sched_scan_plan_interval)
8577 return -EINVAL;
8578
8579 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
8580 request->scan_plans[i].iterations =
8581 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
8582 if (!request->scan_plans[i].iterations ||
8583 (request->scan_plans[i].iterations >
8584 wiphy->max_sched_scan_plan_iterations))
8585 return -EINVAL;
8586 } else if (i < n_plans - 1) {
8587
8588
8589
8590
8591 return -EINVAL;
8592 }
8593
8594 i++;
8595 }
8596
8597
8598
8599
8600
8601 if (request->scan_plans[n_plans - 1].iterations)
8602 return -EINVAL;
8603
8604 return 0;
8605}
8606
8607static int
8608nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
8609 struct cfg80211_match_set *match_sets,
8610 struct nlattr *tb_band_rssi,
8611 s32 rssi_thold)
8612{
8613 struct nlattr *attr;
8614 int i, tmp, ret = 0;
8615
8616 if (!wiphy_ext_feature_isset(wiphy,
8617 NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
8618 if (tb_band_rssi)
8619 ret = -EOPNOTSUPP;
8620 else
8621 for (i = 0; i < NUM_NL80211_BANDS; i++)
8622 match_sets->per_band_rssi_thold[i] =
8623 NL80211_SCAN_RSSI_THOLD_OFF;
8624 return ret;
8625 }
8626
8627 for (i = 0; i < NUM_NL80211_BANDS; i++)
8628 match_sets->per_band_rssi_thold[i] = rssi_thold;
8629
8630 nla_for_each_nested(attr, tb_band_rssi, tmp) {
8631 enum nl80211_band band = nla_type(attr);
8632
8633 if (band < 0 || band >= NUM_NL80211_BANDS)
8634 return -EINVAL;
8635
8636 match_sets->per_band_rssi_thold[band] = nla_get_s32(attr);
8637 }
8638
8639 return 0;
8640}
8641
8642static struct cfg80211_sched_scan_request *
8643nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
8644 struct nlattr **attrs, int max_match_sets)
8645{
8646 struct cfg80211_sched_scan_request *request;
8647 struct nlattr *attr;
8648 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
8649 enum nl80211_band band;
8650 size_t ie_len;
8651 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
8652 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
8653
8654 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8655 n_channels = validate_scan_freqs(
8656 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
8657 if (!n_channels)
8658 return ERR_PTR(-EINVAL);
8659 } else {
8660 n_channels = ieee80211_get_num_supported_channels(wiphy);
8661 }
8662
8663 if (attrs[NL80211_ATTR_SCAN_SSIDS])
8664 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8665 tmp)
8666 n_ssids++;
8667
8668 if (n_ssids > wiphy->max_sched_scan_ssids)
8669 return ERR_PTR(-EINVAL);
8670
8671
8672
8673
8674
8675
8676
8677
8678
8679
8680 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8681 nla_for_each_nested(attr,
8682 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8683 tmp) {
8684 struct nlattr *rssi;
8685
8686 err = nla_parse_nested_deprecated(tb,
8687 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8688 attr,
8689 nl80211_match_policy,
8690 NULL);
8691 if (err)
8692 return ERR_PTR(err);
8693
8694
8695 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
8696 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
8697 return ERR_PTR(-EINVAL);
8698
8699
8700 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
8701 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
8702 n_match_sets++;
8703 continue;
8704 }
8705 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8706 if (rssi)
8707 default_match_rssi = nla_get_s32(rssi);
8708 }
8709 }
8710
8711
8712 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
8713 n_match_sets = 1;
8714
8715 if (n_match_sets > max_match_sets)
8716 return ERR_PTR(-EINVAL);
8717
8718 if (attrs[NL80211_ATTR_IE])
8719 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
8720 else
8721 ie_len = 0;
8722
8723 if (ie_len > wiphy->max_sched_scan_ie_len)
8724 return ERR_PTR(-EINVAL);
8725
8726 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8727
8728
8729
8730
8731 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8732 return ERR_PTR(-EINVAL);
8733
8734 nla_for_each_nested(attr,
8735 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
8736 n_plans++;
8737 } else {
8738
8739
8740
8741
8742
8743
8744 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8745 return ERR_PTR(-EINVAL);
8746
8747 n_plans = 1;
8748 }
8749
8750 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
8751 return ERR_PTR(-EINVAL);
8752
8753 if (!wiphy_ext_feature_isset(
8754 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
8755 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
8756 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
8757 return ERR_PTR(-EINVAL);
8758
8759 request = kzalloc(sizeof(*request)
8760 + sizeof(*request->ssids) * n_ssids
8761 + sizeof(*request->match_sets) * n_match_sets
8762 + sizeof(*request->scan_plans) * n_plans
8763 + sizeof(*request->channels) * n_channels
8764 + ie_len, GFP_KERNEL);
8765 if (!request)
8766 return ERR_PTR(-ENOMEM);
8767
8768 if (n_ssids)
8769 request->ssids = (void *)&request->channels[n_channels];
8770 request->n_ssids = n_ssids;
8771 if (ie_len) {
8772 if (n_ssids)
8773 request->ie = (void *)(request->ssids + n_ssids);
8774 else
8775 request->ie = (void *)(request->channels + n_channels);
8776 }
8777
8778 if (n_match_sets) {
8779 if (request->ie)
8780 request->match_sets = (void *)(request->ie + ie_len);
8781 else if (n_ssids)
8782 request->match_sets =
8783 (void *)(request->ssids + n_ssids);
8784 else
8785 request->match_sets =
8786 (void *)(request->channels + n_channels);
8787 }
8788 request->n_match_sets = n_match_sets;
8789
8790 if (n_match_sets)
8791 request->scan_plans = (void *)(request->match_sets +
8792 n_match_sets);
8793 else if (request->ie)
8794 request->scan_plans = (void *)(request->ie + ie_len);
8795 else if (n_ssids)
8796 request->scan_plans = (void *)(request->ssids + n_ssids);
8797 else
8798 request->scan_plans = (void *)(request->channels + n_channels);
8799
8800 request->n_scan_plans = n_plans;
8801
8802 i = 0;
8803 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8804
8805 nla_for_each_nested(attr,
8806 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
8807 tmp) {
8808 struct ieee80211_channel *chan;
8809
8810 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
8811
8812 if (!chan) {
8813 err = -EINVAL;
8814 goto out_free;
8815 }
8816
8817
8818 if (chan->flags & IEEE80211_CHAN_DISABLED)
8819 continue;
8820
8821 request->channels[i] = chan;
8822 i++;
8823 }
8824 } else {
8825
8826 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8827 int j;
8828
8829 if (!wiphy->bands[band])
8830 continue;
8831 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8832 struct ieee80211_channel *chan;
8833
8834 chan = &wiphy->bands[band]->channels[j];
8835
8836 if (chan->flags & IEEE80211_CHAN_DISABLED)
8837 continue;
8838
8839 request->channels[i] = chan;
8840 i++;
8841 }
8842 }
8843 }
8844
8845 if (!i) {
8846 err = -EINVAL;
8847 goto out_free;
8848 }
8849
8850 request->n_channels = i;
8851
8852 i = 0;
8853 if (n_ssids) {
8854 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8855 tmp) {
8856 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8857 err = -EINVAL;
8858 goto out_free;
8859 }
8860 request->ssids[i].ssid_len = nla_len(attr);
8861 memcpy(request->ssids[i].ssid, nla_data(attr),
8862 nla_len(attr));
8863 i++;
8864 }
8865 }
8866
8867 i = 0;
8868 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8869 nla_for_each_nested(attr,
8870 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8871 tmp) {
8872 struct nlattr *ssid, *bssid, *rssi;
8873
8874 err = nla_parse_nested_deprecated(tb,
8875 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8876 attr,
8877 nl80211_match_policy,
8878 NULL);
8879 if (err)
8880 goto out_free;
8881 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
8882 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
8883
8884 if (!ssid && !bssid) {
8885 i++;
8886 continue;
8887 }
8888
8889 if (WARN_ON(i >= n_match_sets)) {
8890
8891
8892
8893
8894 err = -EINVAL;
8895 goto out_free;
8896 }
8897
8898 if (ssid) {
8899 memcpy(request->match_sets[i].ssid.ssid,
8900 nla_data(ssid), nla_len(ssid));
8901 request->match_sets[i].ssid.ssid_len =
8902 nla_len(ssid);
8903 }
8904 if (bssid)
8905 memcpy(request->match_sets[i].bssid,
8906 nla_data(bssid), ETH_ALEN);
8907
8908
8909 request->match_sets[i].rssi_thold = default_match_rssi;
8910 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8911 if (rssi)
8912 request->match_sets[i].rssi_thold =
8913 nla_get_s32(rssi);
8914
8915
8916 err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
8917 &request->match_sets[i],
8918 tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
8919 request->match_sets[i].rssi_thold);
8920 if (err)
8921 goto out_free;
8922
8923 i++;
8924 }
8925
8926
8927 if (i == 0 && n_match_sets)
8928 request->match_sets[0].rssi_thold = default_match_rssi;
8929
8930 request->min_rssi_thold = INT_MAX;
8931 for (i = 0; i < n_match_sets; i++)
8932 request->min_rssi_thold =
8933 min(request->match_sets[i].rssi_thold,
8934 request->min_rssi_thold);
8935 } else {
8936 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8937 }
8938
8939 if (ie_len) {
8940 request->ie_len = ie_len;
8941 memcpy((void *)request->ie,
8942 nla_data(attrs[NL80211_ATTR_IE]),
8943 request->ie_len);
8944 }
8945
8946 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8947 if (err)
8948 goto out_free;
8949
8950 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8951 request->delay =
8952 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8953
8954 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8955 request->relative_rssi = nla_get_s8(
8956 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8957 request->relative_rssi_set = true;
8958 }
8959
8960 if (request->relative_rssi_set &&
8961 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8962 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8963
8964 rssi_adjust = nla_data(
8965 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8966 request->rssi_adjust.band = rssi_adjust->band;
8967 request->rssi_adjust.delta = rssi_adjust->delta;
8968 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8969 err = -EINVAL;
8970 goto out_free;
8971 }
8972 }
8973
8974 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8975 if (err)
8976 goto out_free;
8977
8978 request->scan_start = jiffies;
8979
8980 return request;
8981
8982out_free:
8983 kfree(request);
8984 return ERR_PTR(err);
8985}
8986
8987static int nl80211_start_sched_scan(struct sk_buff *skb,
8988 struct genl_info *info)
8989{
8990 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8991 struct net_device *dev = info->user_ptr[1];
8992 struct wireless_dev *wdev = dev->ieee80211_ptr;
8993 struct cfg80211_sched_scan_request *sched_scan_req;
8994 bool want_multi;
8995 int err;
8996
8997 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8998 return -EOPNOTSUPP;
8999
9000 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
9001 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
9002 if (err)
9003 return err;
9004
9005 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
9006 info->attrs,
9007 rdev->wiphy.max_match_sets);
9008
9009 err = PTR_ERR_OR_ZERO(sched_scan_req);
9010 if (err)
9011 goto out_err;
9012
9013
9014
9015
9016 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
9017 sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
9018
9019 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
9020 if (err)
9021 goto out_free;
9022
9023 sched_scan_req->dev = dev;
9024 sched_scan_req->wiphy = &rdev->wiphy;
9025
9026 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9027 sched_scan_req->owner_nlportid = info->snd_portid;
9028
9029 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
9030
9031 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
9032 return 0;
9033
9034out_free:
9035 kfree(sched_scan_req);
9036out_err:
9037 return err;
9038}
9039
9040static int nl80211_stop_sched_scan(struct sk_buff *skb,
9041 struct genl_info *info)
9042{
9043 struct cfg80211_sched_scan_request *req;
9044 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9045 u64 cookie;
9046
9047 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
9048 return -EOPNOTSUPP;
9049
9050 if (info->attrs[NL80211_ATTR_COOKIE]) {
9051 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9052 return __cfg80211_stop_sched_scan(rdev, cookie, false);
9053 }
9054
9055 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
9056 struct cfg80211_sched_scan_request,
9057 list);
9058 if (!req || req->reqid ||
9059 (req->owner_nlportid &&
9060 req->owner_nlportid != info->snd_portid))
9061 return -ENOENT;
9062
9063 return cfg80211_stop_sched_scan_req(rdev, req, false);
9064}
9065
9066static int nl80211_start_radar_detection(struct sk_buff *skb,
9067 struct genl_info *info)
9068{
9069 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9070 struct net_device *dev = info->user_ptr[1];
9071 struct wireless_dev *wdev = dev->ieee80211_ptr;
9072 struct wiphy *wiphy = wdev->wiphy;
9073 struct cfg80211_chan_def chandef;
9074 enum nl80211_dfs_regions dfs_region;
9075 unsigned int cac_time_ms;
9076 int err;
9077
9078 dfs_region = reg_get_dfs_region(wiphy);
9079 if (dfs_region == NL80211_DFS_UNSET)
9080 return -EINVAL;
9081
9082 err = nl80211_parse_chandef(rdev, info, &chandef);
9083 if (err)
9084 return err;
9085
9086 if (netif_carrier_ok(dev))
9087 return -EBUSY;
9088
9089 if (wdev->cac_started)
9090 return -EBUSY;
9091
9092 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
9093 if (err < 0)
9094 return err;
9095
9096 if (err == 0)
9097 return -EINVAL;
9098
9099 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
9100 return -EINVAL;
9101
9102
9103 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
9104 return -EOPNOTSUPP;
9105
9106 if (!rdev->ops->start_radar_detection)
9107 return -EOPNOTSUPP;
9108
9109 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
9110 if (WARN_ON(!cac_time_ms))
9111 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
9112
9113 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
9114 if (!err) {
9115 wdev->chandef = chandef;
9116 wdev->cac_started = true;
9117 wdev->cac_start_time = jiffies;
9118 wdev->cac_time_ms = cac_time_ms;
9119 }
9120 return err;
9121}
9122
9123static int nl80211_notify_radar_detection(struct sk_buff *skb,
9124 struct genl_info *info)
9125{
9126 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9127 struct net_device *dev = info->user_ptr[1];
9128 struct wireless_dev *wdev = dev->ieee80211_ptr;
9129 struct wiphy *wiphy = wdev->wiphy;
9130 struct cfg80211_chan_def chandef;
9131 enum nl80211_dfs_regions dfs_region;
9132 int err;
9133
9134 dfs_region = reg_get_dfs_region(wiphy);
9135 if (dfs_region == NL80211_DFS_UNSET) {
9136 GENL_SET_ERR_MSG(info,
9137 "DFS Region is not set. Unexpected Radar indication");
9138 return -EINVAL;
9139 }
9140
9141 err = nl80211_parse_chandef(rdev, info, &chandef);
9142 if (err) {
9143 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
9144 return err;
9145 }
9146
9147 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
9148 if (err < 0) {
9149 GENL_SET_ERR_MSG(info, "chandef is invalid");
9150 return err;
9151 }
9152
9153 if (err == 0) {
9154 GENL_SET_ERR_MSG(info,
9155 "Unexpected Radar indication for chandef/iftype");
9156 return -EINVAL;
9157 }
9158
9159
9160
9161
9162 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
9163 return 0;
9164
9165 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
9166
9167 cfg80211_sched_dfs_chan_update(rdev);
9168
9169 rdev->radar_chandef = chandef;
9170
9171
9172 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
9173
9174 return 0;
9175}
9176
9177static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
9178{
9179 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9180 struct net_device *dev = info->user_ptr[1];
9181 struct wireless_dev *wdev = dev->ieee80211_ptr;
9182 struct cfg80211_csa_settings params;
9183 struct nlattr **csa_attrs = NULL;
9184 int err;
9185 bool need_new_beacon = false;
9186 bool need_handle_dfs_flag = true;
9187 int len, i;
9188 u32 cs_count;
9189
9190 if (!rdev->ops->channel_switch ||
9191 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
9192 return -EOPNOTSUPP;
9193
9194 switch (dev->ieee80211_ptr->iftype) {
9195 case NL80211_IFTYPE_AP:
9196 case NL80211_IFTYPE_P2P_GO:
9197 need_new_beacon = true;
9198
9199
9200
9201
9202
9203 need_handle_dfs_flag = false;
9204
9205
9206 if (!wdev->beacon_interval)
9207 return -ENOTCONN;
9208 break;
9209 case NL80211_IFTYPE_ADHOC:
9210 if (!wdev->ssid_len)
9211 return -ENOTCONN;
9212 break;
9213 case NL80211_IFTYPE_MESH_POINT:
9214 if (!wdev->mesh_id_len)
9215 return -ENOTCONN;
9216 break;
9217 default:
9218 return -EOPNOTSUPP;
9219 }
9220
9221 memset(¶ms, 0, sizeof(params));
9222 params.beacon_csa.ftm_responder = -1;
9223
9224 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
9225 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
9226 return -EINVAL;
9227
9228
9229 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
9230 return -EINVAL;
9231
9232
9233
9234
9235 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
9236 if (cs_count > 255)
9237 return -EINVAL;
9238
9239 params.count = cs_count;
9240
9241 if (!need_new_beacon)
9242 goto skip_beacons;
9243
9244 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_after);
9245 if (err)
9246 return err;
9247
9248 csa_attrs = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*csa_attrs),
9249 GFP_KERNEL);
9250 if (!csa_attrs)
9251 return -ENOMEM;
9252
9253 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
9254 info->attrs[NL80211_ATTR_CSA_IES],
9255 nl80211_policy, info->extack);
9256 if (err)
9257 goto free;
9258
9259 err = nl80211_parse_beacon(rdev, csa_attrs, ¶ms.beacon_csa);
9260 if (err)
9261 goto free;
9262
9263 if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
9264 err = -EINVAL;
9265 goto free;
9266 }
9267
9268 len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
9269 if (!len || (len % sizeof(u16))) {
9270 err = -EINVAL;
9271 goto free;
9272 }
9273
9274 params.n_counter_offsets_beacon = len / sizeof(u16);
9275 if (rdev->wiphy.max_num_csa_counters &&
9276 (params.n_counter_offsets_beacon >
9277 rdev->wiphy.max_num_csa_counters)) {
9278 err = -EINVAL;
9279 goto free;
9280 }
9281
9282 params.counter_offsets_beacon =
9283 nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
9284
9285
9286 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
9287 u16 offset = params.counter_offsets_beacon[i];
9288
9289 if (offset >= params.beacon_csa.tail_len) {
9290 err = -EINVAL;
9291 goto free;
9292 }
9293
9294 if (params.beacon_csa.tail[offset] != params.count) {
9295 err = -EINVAL;
9296 goto free;
9297 }
9298 }
9299
9300 if (csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
9301 len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
9302 if (!len || (len % sizeof(u16))) {
9303 err = -EINVAL;
9304 goto free;
9305 }
9306
9307 params.n_counter_offsets_presp = len / sizeof(u16);
9308 if (rdev->wiphy.max_num_csa_counters &&
9309 (params.n_counter_offsets_presp >
9310 rdev->wiphy.max_num_csa_counters)) {
9311 err = -EINVAL;
9312 goto free;
9313 }
9314
9315 params.counter_offsets_presp =
9316 nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
9317
9318
9319 for (i = 0; i < params.n_counter_offsets_presp; i++) {
9320 u16 offset = params.counter_offsets_presp[i];
9321
9322 if (offset >= params.beacon_csa.probe_resp_len) {
9323 err = -EINVAL;
9324 goto free;
9325 }
9326
9327 if (params.beacon_csa.probe_resp[offset] !=
9328 params.count) {
9329 err = -EINVAL;
9330 goto free;
9331 }
9332 }
9333 }
9334
9335skip_beacons:
9336 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
9337 if (err)
9338 goto free;
9339
9340 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
9341 wdev->iftype)) {
9342 err = -EINVAL;
9343 goto free;
9344 }
9345
9346 err = cfg80211_chandef_dfs_required(wdev->wiphy,
9347 ¶ms.chandef,
9348 wdev->iftype);
9349 if (err < 0)
9350 goto free;
9351
9352 if (err > 0) {
9353 params.radar_required = true;
9354 if (need_handle_dfs_flag &&
9355 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
9356 err = -EINVAL;
9357 goto free;
9358 }
9359 }
9360
9361 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
9362 params.block_tx = true;
9363
9364 wdev_lock(wdev);
9365 err = rdev_channel_switch(rdev, dev, ¶ms);
9366 wdev_unlock(wdev);
9367
9368free:
9369 kfree(csa_attrs);
9370 return err;
9371}
9372
9373static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
9374 u32 seq, int flags,
9375 struct cfg80211_registered_device *rdev,
9376 struct wireless_dev *wdev,
9377 struct cfg80211_internal_bss *intbss)
9378{
9379 struct cfg80211_bss *res = &intbss->pub;
9380 const struct cfg80211_bss_ies *ies;
9381 void *hdr;
9382 struct nlattr *bss;
9383
9384 ASSERT_WDEV_LOCK(wdev);
9385
9386 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
9387 NL80211_CMD_NEW_SCAN_RESULTS);
9388 if (!hdr)
9389 return -1;
9390
9391 genl_dump_check_consistent(cb, hdr);
9392
9393 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
9394 goto nla_put_failure;
9395 if (wdev->netdev &&
9396 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
9397 goto nla_put_failure;
9398 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
9399 NL80211_ATTR_PAD))
9400 goto nla_put_failure;
9401
9402 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
9403 if (!bss)
9404 goto nla_put_failure;
9405 if ((!is_zero_ether_addr(res->bssid) &&
9406 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
9407 goto nla_put_failure;
9408
9409 rcu_read_lock();
9410
9411 if (rcu_access_pointer(res->proberesp_ies) &&
9412 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
9413 goto fail_unlock_rcu;
9414
9415
9416
9417
9418 ies = rcu_dereference(res->ies);
9419 if (ies) {
9420 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
9421 NL80211_BSS_PAD))
9422 goto fail_unlock_rcu;
9423 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
9424 ies->len, ies->data))
9425 goto fail_unlock_rcu;
9426 }
9427
9428
9429 ies = rcu_dereference(res->beacon_ies);
9430 if (ies && ies->from_beacon) {
9431 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
9432 NL80211_BSS_PAD))
9433 goto fail_unlock_rcu;
9434 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
9435 ies->len, ies->data))
9436 goto fail_unlock_rcu;
9437 }
9438 rcu_read_unlock();
9439
9440 if (res->beacon_interval &&
9441 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
9442 goto nla_put_failure;
9443 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
9444 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
9445 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
9446 res->channel->freq_offset) ||
9447 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
9448 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
9449 jiffies_to_msecs(jiffies - intbss->ts)))
9450 goto nla_put_failure;
9451
9452 if (intbss->parent_tsf &&
9453 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
9454 intbss->parent_tsf, NL80211_BSS_PAD) ||
9455 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
9456 intbss->parent_bssid)))
9457 goto nla_put_failure;
9458
9459 if (intbss->ts_boottime &&
9460 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
9461 intbss->ts_boottime, NL80211_BSS_PAD))
9462 goto nla_put_failure;
9463
9464 if (!nl80211_put_signal(msg, intbss->pub.chains,
9465 intbss->pub.chain_signal,
9466 NL80211_BSS_CHAIN_SIGNAL))
9467 goto nla_put_failure;
9468
9469 switch (rdev->wiphy.signal_type) {
9470 case CFG80211_SIGNAL_TYPE_MBM:
9471 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
9472 goto nla_put_failure;
9473 break;
9474 case CFG80211_SIGNAL_TYPE_UNSPEC:
9475 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
9476 goto nla_put_failure;
9477 break;
9478 default:
9479 break;
9480 }
9481
9482 switch (wdev->iftype) {
9483 case NL80211_IFTYPE_P2P_CLIENT:
9484 case NL80211_IFTYPE_STATION:
9485 if (intbss == wdev->current_bss &&
9486 nla_put_u32(msg, NL80211_BSS_STATUS,
9487 NL80211_BSS_STATUS_ASSOCIATED))
9488 goto nla_put_failure;
9489 break;
9490 case NL80211_IFTYPE_ADHOC:
9491 if (intbss == wdev->current_bss &&
9492 nla_put_u32(msg, NL80211_BSS_STATUS,
9493 NL80211_BSS_STATUS_IBSS_JOINED))
9494 goto nla_put_failure;
9495 break;
9496 default:
9497 break;
9498 }
9499
9500 nla_nest_end(msg, bss);
9501
9502 genlmsg_end(msg, hdr);
9503 return 0;
9504
9505 fail_unlock_rcu:
9506 rcu_read_unlock();
9507 nla_put_failure:
9508 genlmsg_cancel(msg, hdr);
9509 return -EMSGSIZE;
9510}
9511
9512static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
9513{
9514 struct cfg80211_registered_device *rdev;
9515 struct cfg80211_internal_bss *scan;
9516 struct wireless_dev *wdev;
9517 int start = cb->args[2], idx = 0;
9518 int err;
9519
9520 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9521 if (err)
9522 return err;
9523
9524 __acquire(&rdev->wiphy.mtx);
9525
9526 wdev_lock(wdev);
9527 spin_lock_bh(&rdev->bss_lock);
9528
9529
9530
9531
9532
9533
9534
9535 if (start == 0)
9536 cfg80211_bss_expire(rdev);
9537
9538 cb->seq = rdev->bss_generation;
9539
9540 list_for_each_entry(scan, &rdev->bss_list, list) {
9541 if (++idx <= start)
9542 continue;
9543 if (nl80211_send_bss(skb, cb,
9544 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9545 rdev, wdev, scan) < 0) {
9546 idx--;
9547 break;
9548 }
9549 }
9550
9551 spin_unlock_bh(&rdev->bss_lock);
9552 wdev_unlock(wdev);
9553
9554 cb->args[2] = idx;
9555 wiphy_unlock(&rdev->wiphy);
9556
9557 return skb->len;
9558}
9559
9560static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
9561 int flags, struct net_device *dev,
9562 bool allow_radio_stats,
9563 struct survey_info *survey)
9564{
9565 void *hdr;
9566 struct nlattr *infoattr;
9567
9568
9569 if (!survey->channel && !allow_radio_stats)
9570 return 0;
9571
9572 hdr = nl80211hdr_put(msg, portid, seq, flags,
9573 NL80211_CMD_NEW_SURVEY_RESULTS);
9574 if (!hdr)
9575 return -ENOMEM;
9576
9577 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
9578 goto nla_put_failure;
9579
9580 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
9581 if (!infoattr)
9582 goto nla_put_failure;
9583
9584 if (survey->channel &&
9585 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
9586 survey->channel->center_freq))
9587 goto nla_put_failure;
9588
9589 if (survey->channel && survey->channel->freq_offset &&
9590 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
9591 survey->channel->freq_offset))
9592 goto nla_put_failure;
9593
9594 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
9595 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
9596 goto nla_put_failure;
9597 if ((survey->filled & SURVEY_INFO_IN_USE) &&
9598 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
9599 goto nla_put_failure;
9600 if ((survey->filled & SURVEY_INFO_TIME) &&
9601 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
9602 survey->time, NL80211_SURVEY_INFO_PAD))
9603 goto nla_put_failure;
9604 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
9605 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
9606 survey->time_busy, NL80211_SURVEY_INFO_PAD))
9607 goto nla_put_failure;
9608 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
9609 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
9610 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
9611 goto nla_put_failure;
9612 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
9613 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
9614 survey->time_rx, NL80211_SURVEY_INFO_PAD))
9615 goto nla_put_failure;
9616 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
9617 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
9618 survey->time_tx, NL80211_SURVEY_INFO_PAD))
9619 goto nla_put_failure;
9620 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
9621 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
9622 survey->time_scan, NL80211_SURVEY_INFO_PAD))
9623 goto nla_put_failure;
9624 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
9625 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
9626 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
9627 goto nla_put_failure;
9628
9629 nla_nest_end(msg, infoattr);
9630
9631 genlmsg_end(msg, hdr);
9632 return 0;
9633
9634 nla_put_failure:
9635 genlmsg_cancel(msg, hdr);
9636 return -EMSGSIZE;
9637}
9638
9639static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
9640{
9641 struct nlattr **attrbuf;
9642 struct survey_info survey;
9643 struct cfg80211_registered_device *rdev;
9644 struct wireless_dev *wdev;
9645 int survey_idx = cb->args[2];
9646 int res;
9647 bool radio_stats;
9648
9649 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
9650 if (!attrbuf)
9651 return -ENOMEM;
9652
9653 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9654 if (res) {
9655 kfree(attrbuf);
9656 return res;
9657 }
9658
9659 __acquire(&rdev->wiphy.mtx);
9660
9661
9662 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
9663
9664 if (!wdev->netdev) {
9665 res = -EINVAL;
9666 goto out_err;
9667 }
9668
9669 if (!rdev->ops->dump_survey) {
9670 res = -EOPNOTSUPP;
9671 goto out_err;
9672 }
9673
9674 while (1) {
9675 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
9676 if (res == -ENOENT)
9677 break;
9678 if (res)
9679 goto out_err;
9680
9681
9682 if (survey.channel &&
9683 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
9684 survey_idx++;
9685 continue;
9686 }
9687
9688 if (nl80211_send_survey(skb,
9689 NETLINK_CB(cb->skb).portid,
9690 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9691 wdev->netdev, radio_stats, &survey) < 0)
9692 goto out;
9693 survey_idx++;
9694 }
9695
9696 out:
9697 cb->args[2] = survey_idx;
9698 res = skb->len;
9699 out_err:
9700 kfree(attrbuf);
9701 wiphy_unlock(&rdev->wiphy);
9702 return res;
9703}
9704
9705static bool nl80211_valid_wpa_versions(u32 wpa_versions)
9706{
9707 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
9708 NL80211_WPA_VERSION_2 |
9709 NL80211_WPA_VERSION_3));
9710}
9711
9712static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
9713{
9714 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9715 struct net_device *dev = info->user_ptr[1];
9716 struct ieee80211_channel *chan;
9717 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
9718 int err, ssid_len, ie_len = 0, auth_data_len = 0;
9719 enum nl80211_auth_type auth_type;
9720 struct key_parse key;
9721 bool local_state_change;
9722 u32 freq;
9723
9724 if (!info->attrs[NL80211_ATTR_MAC])
9725 return -EINVAL;
9726
9727 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
9728 return -EINVAL;
9729
9730 if (!info->attrs[NL80211_ATTR_SSID])
9731 return -EINVAL;
9732
9733 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9734 return -EINVAL;
9735
9736 err = nl80211_parse_key(info, &key);
9737 if (err)
9738 return err;
9739
9740 if (key.idx >= 0) {
9741 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
9742 return -EINVAL;
9743 if (!key.p.key || !key.p.key_len)
9744 return -EINVAL;
9745 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
9746 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
9747 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
9748 key.p.key_len != WLAN_KEY_LEN_WEP104))
9749 return -EINVAL;
9750 if (key.idx > 3)
9751 return -EINVAL;
9752 } else {
9753 key.p.key_len = 0;
9754 key.p.key = NULL;
9755 }
9756
9757 if (key.idx >= 0) {
9758 int i;
9759 bool ok = false;
9760
9761 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
9762 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
9763 ok = true;
9764 break;
9765 }
9766 }
9767 if (!ok)
9768 return -EINVAL;
9769 }
9770
9771 if (!rdev->ops->auth)
9772 return -EOPNOTSUPP;
9773
9774 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9775 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9776 return -EOPNOTSUPP;
9777
9778 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9779 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
9780 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
9781 freq +=
9782 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
9783
9784 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
9785 if (!chan)
9786 return -EINVAL;
9787
9788 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9789 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9790
9791 if (info->attrs[NL80211_ATTR_IE]) {
9792 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9793 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9794 }
9795
9796 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9797 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
9798 return -EINVAL;
9799
9800 if ((auth_type == NL80211_AUTHTYPE_SAE ||
9801 auth_type == NL80211_AUTHTYPE_FILS_SK ||
9802 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
9803 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
9804 !info->attrs[NL80211_ATTR_AUTH_DATA])
9805 return -EINVAL;
9806
9807 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
9808 if (auth_type != NL80211_AUTHTYPE_SAE &&
9809 auth_type != NL80211_AUTHTYPE_FILS_SK &&
9810 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
9811 auth_type != NL80211_AUTHTYPE_FILS_PK)
9812 return -EINVAL;
9813 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
9814 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
9815 }
9816
9817 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9818
9819
9820
9821
9822
9823 if (local_state_change)
9824 return 0;
9825
9826 wdev_lock(dev->ieee80211_ptr);
9827 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
9828 ssid, ssid_len, ie, ie_len,
9829 key.p.key, key.p.key_len, key.idx,
9830 auth_data, auth_data_len);
9831 wdev_unlock(dev->ieee80211_ptr);
9832 return err;
9833}
9834
9835static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
9836 struct genl_info *info)
9837{
9838 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9839 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
9840 return -EINVAL;
9841 }
9842
9843 if (!rdev->ops->tx_control_port ||
9844 !wiphy_ext_feature_isset(&rdev->wiphy,
9845 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
9846 return -EOPNOTSUPP;
9847
9848 return 0;
9849}
9850
9851static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
9852 struct genl_info *info,
9853 struct cfg80211_crypto_settings *settings,
9854 int cipher_limit)
9855{
9856 memset(settings, 0, sizeof(*settings));
9857
9858 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
9859
9860 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
9861 u16 proto;
9862
9863 proto = nla_get_u16(
9864 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
9865 settings->control_port_ethertype = cpu_to_be16(proto);
9866 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
9867 proto != ETH_P_PAE)
9868 return -EINVAL;
9869 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
9870 settings->control_port_no_encrypt = true;
9871 } else
9872 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
9873
9874 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9875 int r = validate_pae_over_nl80211(rdev, info);
9876
9877 if (r < 0)
9878 return r;
9879
9880 settings->control_port_over_nl80211 = true;
9881
9882 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
9883 settings->control_port_no_preauth = true;
9884 }
9885
9886 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
9887 void *data;
9888 int len, i;
9889
9890 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9891 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9892 settings->n_ciphers_pairwise = len / sizeof(u32);
9893
9894 if (len % sizeof(u32))
9895 return -EINVAL;
9896
9897 if (settings->n_ciphers_pairwise > cipher_limit)
9898 return -EINVAL;
9899
9900 memcpy(settings->ciphers_pairwise, data, len);
9901
9902 for (i = 0; i < settings->n_ciphers_pairwise; i++)
9903 if (!cfg80211_supported_cipher_suite(
9904 &rdev->wiphy,
9905 settings->ciphers_pairwise[i]))
9906 return -EINVAL;
9907 }
9908
9909 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
9910 settings->cipher_group =
9911 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
9912 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
9913 settings->cipher_group))
9914 return -EINVAL;
9915 }
9916
9917 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
9918 settings->wpa_versions =
9919 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
9920 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
9921 return -EINVAL;
9922 }
9923
9924 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
9925 void *data;
9926 int len;
9927
9928 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
9929 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
9930 settings->n_akm_suites = len / sizeof(u32);
9931
9932 if (len % sizeof(u32))
9933 return -EINVAL;
9934
9935 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
9936 return -EINVAL;
9937
9938 memcpy(settings->akm_suites, data, len);
9939 }
9940
9941 if (info->attrs[NL80211_ATTR_PMK]) {
9942 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
9943 return -EINVAL;
9944 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9945 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
9946 !wiphy_ext_feature_isset(&rdev->wiphy,
9947 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
9948 return -EINVAL;
9949 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9950 }
9951
9952 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
9953 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9954 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
9955 !wiphy_ext_feature_isset(&rdev->wiphy,
9956 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
9957 return -EINVAL;
9958 settings->sae_pwd =
9959 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9960 settings->sae_pwd_len =
9961 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9962 }
9963
9964 if (info->attrs[NL80211_ATTR_SAE_PWE])
9965 settings->sae_pwe =
9966 nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
9967 else
9968 settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
9969
9970 return 0;
9971}
9972
9973static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
9974{
9975 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9976 struct net_device *dev = info->user_ptr[1];
9977 struct ieee80211_channel *chan;
9978 struct cfg80211_assoc_request req = {};
9979 const u8 *bssid, *ssid;
9980 int err, ssid_len = 0;
9981 u32 freq;
9982
9983 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9984 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9985 return -EPERM;
9986
9987 if (!info->attrs[NL80211_ATTR_MAC] ||
9988 !info->attrs[NL80211_ATTR_SSID] ||
9989 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9990 return -EINVAL;
9991
9992 if (!rdev->ops->assoc)
9993 return -EOPNOTSUPP;
9994
9995 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9996 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9997 return -EOPNOTSUPP;
9998
9999 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10000
10001 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
10002 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
10003 freq +=
10004 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
10005 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
10006 if (!chan)
10007 return -EINVAL;
10008
10009 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10010 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10011
10012 if (info->attrs[NL80211_ATTR_IE]) {
10013 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10014 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10015 }
10016
10017 if (info->attrs[NL80211_ATTR_USE_MFP]) {
10018 enum nl80211_mfp mfp =
10019 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
10020 if (mfp == NL80211_MFP_REQUIRED)
10021 req.use_mfp = true;
10022 else if (mfp != NL80211_MFP_NO)
10023 return -EINVAL;
10024 }
10025
10026 if (info->attrs[NL80211_ATTR_PREV_BSSID])
10027 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
10028
10029 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
10030 req.flags |= ASSOC_REQ_DISABLE_HT;
10031
10032 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10033 memcpy(&req.ht_capa_mask,
10034 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10035 sizeof(req.ht_capa_mask));
10036
10037 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10038 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10039 return -EINVAL;
10040 memcpy(&req.ht_capa,
10041 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10042 sizeof(req.ht_capa));
10043 }
10044
10045 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10046 req.flags |= ASSOC_REQ_DISABLE_VHT;
10047
10048 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
10049 req.flags |= ASSOC_REQ_DISABLE_HE;
10050
10051 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10052 memcpy(&req.vht_capa_mask,
10053 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10054 sizeof(req.vht_capa_mask));
10055
10056 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10057 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10058 return -EINVAL;
10059 memcpy(&req.vht_capa,
10060 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10061 sizeof(req.vht_capa));
10062 }
10063
10064 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10065 if (!((rdev->wiphy.features &
10066 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10067 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10068 !wiphy_ext_feature_isset(&rdev->wiphy,
10069 NL80211_EXT_FEATURE_RRM))
10070 return -EINVAL;
10071 req.flags |= ASSOC_REQ_USE_RRM;
10072 }
10073
10074 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
10075 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
10076 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
10077 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
10078 return -EINVAL;
10079 req.fils_nonces =
10080 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
10081 }
10082
10083 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
10084 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
10085 return -EINVAL;
10086 memcpy(&req.s1g_capa_mask,
10087 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
10088 sizeof(req.s1g_capa_mask));
10089 }
10090
10091 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
10092 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
10093 return -EINVAL;
10094 memcpy(&req.s1g_capa,
10095 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
10096 sizeof(req.s1g_capa));
10097 }
10098
10099 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
10100 if (!err) {
10101 wdev_lock(dev->ieee80211_ptr);
10102
10103 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
10104 ssid, ssid_len, &req);
10105
10106 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10107 dev->ieee80211_ptr->conn_owner_nlportid =
10108 info->snd_portid;
10109 memcpy(dev->ieee80211_ptr->disconnect_bssid,
10110 bssid, ETH_ALEN);
10111 }
10112
10113 wdev_unlock(dev->ieee80211_ptr);
10114 }
10115
10116 return err;
10117}
10118
10119static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
10120{
10121 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10122 struct net_device *dev = info->user_ptr[1];
10123 const u8 *ie = NULL, *bssid;
10124 int ie_len = 0, err;
10125 u16 reason_code;
10126 bool local_state_change;
10127
10128 if (dev->ieee80211_ptr->conn_owner_nlportid &&
10129 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10130 return -EPERM;
10131
10132 if (!info->attrs[NL80211_ATTR_MAC])
10133 return -EINVAL;
10134
10135 if (!info->attrs[NL80211_ATTR_REASON_CODE])
10136 return -EINVAL;
10137
10138 if (!rdev->ops->deauth)
10139 return -EOPNOTSUPP;
10140
10141 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10142 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10143 return -EOPNOTSUPP;
10144
10145 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10146
10147 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10148 if (reason_code == 0) {
10149
10150 return -EINVAL;
10151 }
10152
10153 if (info->attrs[NL80211_ATTR_IE]) {
10154 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10155 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10156 }
10157
10158 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
10159
10160 wdev_lock(dev->ieee80211_ptr);
10161 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
10162 local_state_change);
10163 wdev_unlock(dev->ieee80211_ptr);
10164 return err;
10165}
10166
10167static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
10168{
10169 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10170 struct net_device *dev = info->user_ptr[1];
10171 const u8 *ie = NULL, *bssid;
10172 int ie_len = 0, err;
10173 u16 reason_code;
10174 bool local_state_change;
10175
10176 if (dev->ieee80211_ptr->conn_owner_nlportid &&
10177 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10178 return -EPERM;
10179
10180 if (!info->attrs[NL80211_ATTR_MAC])
10181 return -EINVAL;
10182
10183 if (!info->attrs[NL80211_ATTR_REASON_CODE])
10184 return -EINVAL;
10185
10186 if (!rdev->ops->disassoc)
10187 return -EOPNOTSUPP;
10188
10189 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10190 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10191 return -EOPNOTSUPP;
10192
10193 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10194
10195 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10196 if (reason_code == 0) {
10197
10198 return -EINVAL;
10199 }
10200
10201 if (info->attrs[NL80211_ATTR_IE]) {
10202 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10203 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10204 }
10205
10206 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
10207
10208 wdev_lock(dev->ieee80211_ptr);
10209 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
10210 local_state_change);
10211 wdev_unlock(dev->ieee80211_ptr);
10212 return err;
10213}
10214
10215static bool
10216nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
10217 int mcast_rate[NUM_NL80211_BANDS],
10218 int rateval)
10219{
10220 struct wiphy *wiphy = &rdev->wiphy;
10221 bool found = false;
10222 int band, i;
10223
10224 for (band = 0; band < NUM_NL80211_BANDS; band++) {
10225 struct ieee80211_supported_band *sband;
10226
10227 sband = wiphy->bands[band];
10228 if (!sband)
10229 continue;
10230
10231 for (i = 0; i < sband->n_bitrates; i++) {
10232 if (sband->bitrates[i].bitrate == rateval) {
10233 mcast_rate[band] = i + 1;
10234 found = true;
10235 break;
10236 }
10237 }
10238 }
10239
10240 return found;
10241}
10242
10243static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
10244{
10245 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10246 struct net_device *dev = info->user_ptr[1];
10247 struct cfg80211_ibss_params ibss;
10248 struct wiphy *wiphy;
10249 struct cfg80211_cached_keys *connkeys = NULL;
10250 int err;
10251
10252 memset(&ibss, 0, sizeof(ibss));
10253
10254 if (!info->attrs[NL80211_ATTR_SSID] ||
10255 !nla_len(info->attrs[NL80211_ATTR_SSID]))
10256 return -EINVAL;
10257
10258 ibss.beacon_interval = 100;
10259
10260 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
10261 ibss.beacon_interval =
10262 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10263
10264 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
10265 ibss.beacon_interval);
10266 if (err)
10267 return err;
10268
10269 if (!rdev->ops->join_ibss)
10270 return -EOPNOTSUPP;
10271
10272 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
10273 return -EOPNOTSUPP;
10274
10275 wiphy = &rdev->wiphy;
10276
10277 if (info->attrs[NL80211_ATTR_MAC]) {
10278 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10279
10280 if (!is_valid_ether_addr(ibss.bssid))
10281 return -EINVAL;
10282 }
10283 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10284 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10285
10286 if (info->attrs[NL80211_ATTR_IE]) {
10287 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10288 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10289 }
10290
10291 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
10292 if (err)
10293 return err;
10294
10295 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
10296 NL80211_IFTYPE_ADHOC))
10297 return -EINVAL;
10298
10299 switch (ibss.chandef.width) {
10300 case NL80211_CHAN_WIDTH_5:
10301 case NL80211_CHAN_WIDTH_10:
10302 case NL80211_CHAN_WIDTH_20_NOHT:
10303 break;
10304 case NL80211_CHAN_WIDTH_20:
10305 case NL80211_CHAN_WIDTH_40:
10306 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
10307 return -EINVAL;
10308 break;
10309 case NL80211_CHAN_WIDTH_80:
10310 case NL80211_CHAN_WIDTH_80P80:
10311 case NL80211_CHAN_WIDTH_160:
10312 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
10313 return -EINVAL;
10314 if (!wiphy_ext_feature_isset(&rdev->wiphy,
10315 NL80211_EXT_FEATURE_VHT_IBSS))
10316 return -EINVAL;
10317 break;
10318 default:
10319 return -EINVAL;
10320 }
10321
10322 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
10323 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
10324
10325 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10326 u8 *rates =
10327 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10328 int n_rates =
10329 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10330 struct ieee80211_supported_band *sband =
10331 wiphy->bands[ibss.chandef.chan->band];
10332
10333 err = ieee80211_get_ratemask(sband, rates, n_rates,
10334 &ibss.basic_rates);
10335 if (err)
10336 return err;
10337 }
10338
10339 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10340 memcpy(&ibss.ht_capa_mask,
10341 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10342 sizeof(ibss.ht_capa_mask));
10343
10344 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10345 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10346 return -EINVAL;
10347 memcpy(&ibss.ht_capa,
10348 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10349 sizeof(ibss.ht_capa));
10350 }
10351
10352 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
10353 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
10354 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10355 return -EINVAL;
10356
10357 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
10358 bool no_ht = false;
10359
10360 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
10361 if (IS_ERR(connkeys))
10362 return PTR_ERR(connkeys);
10363
10364 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
10365 no_ht) {
10366 kfree_sensitive(connkeys);
10367 return -EINVAL;
10368 }
10369 }
10370
10371 ibss.control_port =
10372 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
10373
10374 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10375 int r = validate_pae_over_nl80211(rdev, info);
10376
10377 if (r < 0) {
10378 kfree_sensitive(connkeys);
10379 return r;
10380 }
10381
10382 ibss.control_port_over_nl80211 = true;
10383 }
10384
10385 ibss.userspace_handles_dfs =
10386 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10387
10388 wdev_lock(dev->ieee80211_ptr);
10389 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
10390 if (err)
10391 kfree_sensitive(connkeys);
10392 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
10393 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10394 wdev_unlock(dev->ieee80211_ptr);
10395
10396 return err;
10397}
10398
10399static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
10400{
10401 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10402 struct net_device *dev = info->user_ptr[1];
10403
10404 if (!rdev->ops->leave_ibss)
10405 return -EOPNOTSUPP;
10406
10407 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
10408 return -EOPNOTSUPP;
10409
10410 return cfg80211_leave_ibss(rdev, dev, false);
10411}
10412
10413static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
10414{
10415 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10416 struct net_device *dev = info->user_ptr[1];
10417 int mcast_rate[NUM_NL80211_BANDS];
10418 u32 nla_rate;
10419 int err;
10420
10421 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
10422 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
10423 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
10424 return -EOPNOTSUPP;
10425
10426 if (!rdev->ops->set_mcast_rate)
10427 return -EOPNOTSUPP;
10428
10429 memset(mcast_rate, 0, sizeof(mcast_rate));
10430
10431 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
10432 return -EINVAL;
10433
10434 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
10435 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
10436 return -EINVAL;
10437
10438 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
10439
10440 return err;
10441}
10442
10443static struct sk_buff *
10444__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
10445 struct wireless_dev *wdev, int approxlen,
10446 u32 portid, u32 seq, enum nl80211_commands cmd,
10447 enum nl80211_attrs attr,
10448 const struct nl80211_vendor_cmd_info *info,
10449 gfp_t gfp)
10450{
10451 struct sk_buff *skb;
10452 void *hdr;
10453 struct nlattr *data;
10454
10455 skb = nlmsg_new(approxlen + 100, gfp);
10456 if (!skb)
10457 return NULL;
10458
10459 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
10460 if (!hdr) {
10461 kfree_skb(skb);
10462 return NULL;
10463 }
10464
10465 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
10466 goto nla_put_failure;
10467
10468 if (info) {
10469 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
10470 info->vendor_id))
10471 goto nla_put_failure;
10472 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
10473 info->subcmd))
10474 goto nla_put_failure;
10475 }
10476
10477 if (wdev) {
10478 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
10479 wdev_id(wdev), NL80211_ATTR_PAD))
10480 goto nla_put_failure;
10481 if (wdev->netdev &&
10482 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
10483 wdev->netdev->ifindex))
10484 goto nla_put_failure;
10485 }
10486
10487 data = nla_nest_start_noflag(skb, attr);
10488 if (!data)
10489 goto nla_put_failure;
10490
10491 ((void **)skb->cb)[0] = rdev;
10492 ((void **)skb->cb)[1] = hdr;
10493 ((void **)skb->cb)[2] = data;
10494
10495 return skb;
10496
10497 nla_put_failure:
10498 kfree_skb(skb);
10499 return NULL;
10500}
10501
10502struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
10503 struct wireless_dev *wdev,
10504 enum nl80211_commands cmd,
10505 enum nl80211_attrs attr,
10506 unsigned int portid,
10507 int vendor_event_idx,
10508 int approxlen, gfp_t gfp)
10509{
10510 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10511 const struct nl80211_vendor_cmd_info *info;
10512
10513 switch (cmd) {
10514 case NL80211_CMD_TESTMODE:
10515 if (WARN_ON(vendor_event_idx != -1))
10516 return NULL;
10517 info = NULL;
10518 break;
10519 case NL80211_CMD_VENDOR:
10520 if (WARN_ON(vendor_event_idx < 0 ||
10521 vendor_event_idx >= wiphy->n_vendor_events))
10522 return NULL;
10523 info = &wiphy->vendor_events[vendor_event_idx];
10524 break;
10525 default:
10526 WARN_ON(1);
10527 return NULL;
10528 }
10529
10530 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
10531 cmd, attr, info, gfp);
10532}
10533EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
10534
10535void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
10536{
10537 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
10538 void *hdr = ((void **)skb->cb)[1];
10539 struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
10540 struct nlattr *data = ((void **)skb->cb)[2];
10541 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
10542
10543
10544 memset(skb->cb, 0, sizeof(skb->cb));
10545
10546 nla_nest_end(skb, data);
10547 genlmsg_end(skb, hdr);
10548
10549 if (nlhdr->nlmsg_pid) {
10550 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
10551 nlhdr->nlmsg_pid);
10552 } else {
10553 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
10554 mcgrp = NL80211_MCGRP_VENDOR;
10555
10556 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
10557 skb, 0, mcgrp, gfp);
10558 }
10559}
10560EXPORT_SYMBOL(__cfg80211_send_event_skb);
10561
10562#ifdef CONFIG_NL80211_TESTMODE
10563static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
10564{
10565 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10566 struct wireless_dev *wdev;
10567 int err;
10568
10569 lockdep_assert_held(&rdev->wiphy.mtx);
10570
10571 wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
10572 info->attrs);
10573
10574 if (!rdev->ops->testmode_cmd)
10575 return -EOPNOTSUPP;
10576
10577 if (IS_ERR(wdev)) {
10578 err = PTR_ERR(wdev);
10579 if (err != -EINVAL)
10580 return err;
10581 wdev = NULL;
10582 } else if (wdev->wiphy != &rdev->wiphy) {
10583 return -EINVAL;
10584 }
10585
10586 if (!info->attrs[NL80211_ATTR_TESTDATA])
10587 return -EINVAL;
10588
10589 rdev->cur_cmd_info = info;
10590 err = rdev_testmode_cmd(rdev, wdev,
10591 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
10592 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
10593 rdev->cur_cmd_info = NULL;
10594
10595 return err;
10596}
10597
10598static int nl80211_testmode_dump(struct sk_buff *skb,
10599 struct netlink_callback *cb)
10600{
10601 struct cfg80211_registered_device *rdev;
10602 struct nlattr **attrbuf = NULL;
10603 int err;
10604 long phy_idx;
10605 void *data = NULL;
10606 int data_len = 0;
10607
10608 rtnl_lock();
10609
10610 if (cb->args[0]) {
10611
10612
10613
10614
10615 phy_idx = cb->args[0] - 1;
10616
10617 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
10618 if (!rdev) {
10619 err = -ENOENT;
10620 goto out_err;
10621 }
10622 } else {
10623 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
10624 GFP_KERNEL);
10625 if (!attrbuf) {
10626 err = -ENOMEM;
10627 goto out_err;
10628 }
10629
10630 err = nlmsg_parse_deprecated(cb->nlh,
10631 GENL_HDRLEN + nl80211_fam.hdrsize,
10632 attrbuf, nl80211_fam.maxattr,
10633 nl80211_policy, NULL);
10634 if (err)
10635 goto out_err;
10636
10637 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
10638 if (IS_ERR(rdev)) {
10639 err = PTR_ERR(rdev);
10640 goto out_err;
10641 }
10642 phy_idx = rdev->wiphy_idx;
10643
10644 if (attrbuf[NL80211_ATTR_TESTDATA])
10645 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
10646 }
10647
10648 if (cb->args[1]) {
10649 data = nla_data((void *)cb->args[1]);
10650 data_len = nla_len((void *)cb->args[1]);
10651 }
10652
10653 if (!rdev->ops->testmode_dump) {
10654 err = -EOPNOTSUPP;
10655 goto out_err;
10656 }
10657
10658 while (1) {
10659 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
10660 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10661 NL80211_CMD_TESTMODE);
10662 struct nlattr *tmdata;
10663
10664 if (!hdr)
10665 break;
10666
10667 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
10668 genlmsg_cancel(skb, hdr);
10669 break;
10670 }
10671
10672 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
10673 if (!tmdata) {
10674 genlmsg_cancel(skb, hdr);
10675 break;
10676 }
10677 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
10678 nla_nest_end(skb, tmdata);
10679
10680 if (err == -ENOBUFS || err == -ENOENT) {
10681 genlmsg_cancel(skb, hdr);
10682 break;
10683 } else if (err) {
10684 genlmsg_cancel(skb, hdr);
10685 goto out_err;
10686 }
10687
10688 genlmsg_end(skb, hdr);
10689 }
10690
10691 err = skb->len;
10692
10693 cb->args[0] = phy_idx + 1;
10694 out_err:
10695 kfree(attrbuf);
10696 rtnl_unlock();
10697 return err;
10698}
10699#endif
10700
10701static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
10702{
10703 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10704 struct net_device *dev = info->user_ptr[1];
10705 struct cfg80211_connect_params connect;
10706 struct wiphy *wiphy;
10707 struct cfg80211_cached_keys *connkeys = NULL;
10708 u32 freq = 0;
10709 int err;
10710
10711 memset(&connect, 0, sizeof(connect));
10712
10713 if (!info->attrs[NL80211_ATTR_SSID] ||
10714 !nla_len(info->attrs[NL80211_ATTR_SSID]))
10715 return -EINVAL;
10716
10717 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10718 connect.auth_type =
10719 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10720 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
10721 NL80211_CMD_CONNECT))
10722 return -EINVAL;
10723 } else
10724 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
10725
10726 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
10727
10728 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
10729 !wiphy_ext_feature_isset(&rdev->wiphy,
10730 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
10731 return -EINVAL;
10732 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
10733
10734 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
10735 NL80211_MAX_NR_CIPHER_SUITES);
10736 if (err)
10737 return err;
10738
10739 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10740 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10741 return -EOPNOTSUPP;
10742
10743 wiphy = &rdev->wiphy;
10744
10745 connect.bg_scan_period = -1;
10746 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
10747 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
10748 connect.bg_scan_period =
10749 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
10750 }
10751
10752 if (info->attrs[NL80211_ATTR_MAC])
10753 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10754 else if (info->attrs[NL80211_ATTR_MAC_HINT])
10755 connect.bssid_hint =
10756 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
10757 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10758 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10759
10760 if (info->attrs[NL80211_ATTR_IE]) {
10761 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10762 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10763 }
10764
10765 if (info->attrs[NL80211_ATTR_USE_MFP]) {
10766 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
10767 if (connect.mfp == NL80211_MFP_OPTIONAL &&
10768 !wiphy_ext_feature_isset(&rdev->wiphy,
10769 NL80211_EXT_FEATURE_MFP_OPTIONAL))
10770 return -EOPNOTSUPP;
10771 } else {
10772 connect.mfp = NL80211_MFP_NO;
10773 }
10774
10775 if (info->attrs[NL80211_ATTR_PREV_BSSID])
10776 connect.prev_bssid =
10777 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
10778
10779 if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
10780 freq = MHZ_TO_KHZ(nla_get_u32(
10781 info->attrs[NL80211_ATTR_WIPHY_FREQ]));
10782 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
10783 freq +=
10784 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
10785
10786 if (freq) {
10787 connect.channel = nl80211_get_valid_chan(wiphy, freq);
10788 if (!connect.channel)
10789 return -EINVAL;
10790 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
10791 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
10792 freq = MHZ_TO_KHZ(freq);
10793 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
10794 if (!connect.channel_hint)
10795 return -EINVAL;
10796 }
10797
10798 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
10799 connect.edmg.channels =
10800 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
10801
10802 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
10803 connect.edmg.bw_config =
10804 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
10805 }
10806
10807 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
10808 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
10809 if (IS_ERR(connkeys))
10810 return PTR_ERR(connkeys);
10811 }
10812
10813 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
10814 connect.flags |= ASSOC_REQ_DISABLE_HT;
10815
10816 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10817 memcpy(&connect.ht_capa_mask,
10818 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10819 sizeof(connect.ht_capa_mask));
10820
10821 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10822 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
10823 kfree_sensitive(connkeys);
10824 return -EINVAL;
10825 }
10826 memcpy(&connect.ht_capa,
10827 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10828 sizeof(connect.ht_capa));
10829 }
10830
10831 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10832 connect.flags |= ASSOC_REQ_DISABLE_VHT;
10833
10834 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
10835 connect.flags |= ASSOC_REQ_DISABLE_HE;
10836
10837 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10838 memcpy(&connect.vht_capa_mask,
10839 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10840 sizeof(connect.vht_capa_mask));
10841
10842 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10843 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
10844 kfree_sensitive(connkeys);
10845 return -EINVAL;
10846 }
10847 memcpy(&connect.vht_capa,
10848 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10849 sizeof(connect.vht_capa));
10850 }
10851
10852 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10853 if (!((rdev->wiphy.features &
10854 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10855 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10856 !wiphy_ext_feature_isset(&rdev->wiphy,
10857 NL80211_EXT_FEATURE_RRM)) {
10858 kfree_sensitive(connkeys);
10859 return -EINVAL;
10860 }
10861 connect.flags |= ASSOC_REQ_USE_RRM;
10862 }
10863
10864 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
10865 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
10866 kfree_sensitive(connkeys);
10867 return -EOPNOTSUPP;
10868 }
10869
10870 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
10871
10872 if (connect.bssid) {
10873 kfree_sensitive(connkeys);
10874 return -EINVAL;
10875 }
10876
10877 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
10878 wiphy, &connect.bss_select);
10879 if (err) {
10880 kfree_sensitive(connkeys);
10881 return err;
10882 }
10883 }
10884
10885 if (wiphy_ext_feature_isset(&rdev->wiphy,
10886 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
10887 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10888 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10889 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10890 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10891 connect.fils_erp_username =
10892 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10893 connect.fils_erp_username_len =
10894 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10895 connect.fils_erp_realm =
10896 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10897 connect.fils_erp_realm_len =
10898 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10899 connect.fils_erp_next_seq_num =
10900 nla_get_u16(
10901 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10902 connect.fils_erp_rrk =
10903 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10904 connect.fils_erp_rrk_len =
10905 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10906 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10907 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10908 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10909 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10910 kfree_sensitive(connkeys);
10911 return -EINVAL;
10912 }
10913
10914 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
10915 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10916 kfree_sensitive(connkeys);
10917 GENL_SET_ERR_MSG(info,
10918 "external auth requires connection ownership");
10919 return -EINVAL;
10920 }
10921 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
10922 }
10923
10924 wdev_lock(dev->ieee80211_ptr);
10925
10926 err = cfg80211_connect(rdev, dev, &connect, connkeys,
10927 connect.prev_bssid);
10928 if (err)
10929 kfree_sensitive(connkeys);
10930
10931 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10932 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10933 if (connect.bssid)
10934 memcpy(dev->ieee80211_ptr->disconnect_bssid,
10935 connect.bssid, ETH_ALEN);
10936 else
10937 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
10938 }
10939
10940 wdev_unlock(dev->ieee80211_ptr);
10941
10942 return err;
10943}
10944
10945static int nl80211_update_connect_params(struct sk_buff *skb,
10946 struct genl_info *info)
10947{
10948 struct cfg80211_connect_params connect = {};
10949 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10950 struct net_device *dev = info->user_ptr[1];
10951 struct wireless_dev *wdev = dev->ieee80211_ptr;
10952 bool fils_sk_offload;
10953 u32 auth_type;
10954 u32 changed = 0;
10955 int ret;
10956
10957 if (!rdev->ops->update_connect_params)
10958 return -EOPNOTSUPP;
10959
10960 if (info->attrs[NL80211_ATTR_IE]) {
10961 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10962 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10963 changed |= UPDATE_ASSOC_IES;
10964 }
10965
10966 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
10967 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
10968
10969
10970
10971
10972
10973
10974 if (fils_sk_offload &&
10975 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10976 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10977 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10978 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10979 connect.fils_erp_username =
10980 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10981 connect.fils_erp_username_len =
10982 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10983 connect.fils_erp_realm =
10984 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10985 connect.fils_erp_realm_len =
10986 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10987 connect.fils_erp_next_seq_num =
10988 nla_get_u16(
10989 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10990 connect.fils_erp_rrk =
10991 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10992 connect.fils_erp_rrk_len =
10993 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10994 changed |= UPDATE_FILS_ERP_INFO;
10995 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10996 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10997 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10998 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10999 return -EINVAL;
11000 }
11001
11002 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
11003 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
11004 if (!nl80211_valid_auth_type(rdev, auth_type,
11005 NL80211_CMD_CONNECT))
11006 return -EINVAL;
11007
11008 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
11009 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
11010 return -EINVAL;
11011
11012 connect.auth_type = auth_type;
11013 changed |= UPDATE_AUTH_TYPE;
11014 }
11015
11016 wdev_lock(dev->ieee80211_ptr);
11017 if (!wdev->current_bss)
11018 ret = -ENOLINK;
11019 else
11020 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
11021 wdev_unlock(dev->ieee80211_ptr);
11022
11023 return ret;
11024}
11025
11026static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
11027{
11028 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11029 struct net_device *dev = info->user_ptr[1];
11030 u16 reason;
11031 int ret;
11032
11033 if (dev->ieee80211_ptr->conn_owner_nlportid &&
11034 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11035 return -EPERM;
11036
11037 if (!info->attrs[NL80211_ATTR_REASON_CODE])
11038 reason = WLAN_REASON_DEAUTH_LEAVING;
11039 else
11040 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
11041
11042 if (reason == 0)
11043 return -EINVAL;
11044
11045 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11046 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11047 return -EOPNOTSUPP;
11048
11049 wdev_lock(dev->ieee80211_ptr);
11050 ret = cfg80211_disconnect(rdev, dev, reason, true);
11051 wdev_unlock(dev->ieee80211_ptr);
11052 return ret;
11053}
11054
11055static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
11056{
11057 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11058 struct net *net;
11059 int err;
11060
11061 if (info->attrs[NL80211_ATTR_PID]) {
11062 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
11063
11064 net = get_net_ns_by_pid(pid);
11065 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
11066 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
11067
11068 net = get_net_ns_by_fd(fd);
11069 } else {
11070 return -EINVAL;
11071 }
11072
11073 if (IS_ERR(net))
11074 return PTR_ERR(net);
11075
11076 err = 0;
11077
11078
11079 if (!net_eq(wiphy_net(&rdev->wiphy), net))
11080 err = cfg80211_switch_netns(rdev, net);
11081
11082 put_net(net);
11083 return err;
11084}
11085
11086static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
11087{
11088 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11089 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
11090 struct cfg80211_pmksa *pmksa) = NULL;
11091 struct net_device *dev = info->user_ptr[1];
11092 struct cfg80211_pmksa pmksa;
11093
11094 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
11095
11096 if (!info->attrs[NL80211_ATTR_PMKID])
11097 return -EINVAL;
11098
11099 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
11100
11101 if (info->attrs[NL80211_ATTR_MAC]) {
11102 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11103 } else if (info->attrs[NL80211_ATTR_SSID] &&
11104 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
11105 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
11106 info->attrs[NL80211_ATTR_PMK])) {
11107 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11108 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11109 pmksa.cache_id =
11110 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
11111 } else {
11112 return -EINVAL;
11113 }
11114 if (info->attrs[NL80211_ATTR_PMK]) {
11115 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
11116 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
11117 }
11118
11119 if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
11120 pmksa.pmk_lifetime =
11121 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
11122
11123 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
11124 pmksa.pmk_reauth_threshold =
11125 nla_get_u8(
11126 info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
11127
11128 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11129 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
11130 !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
11131 wiphy_ext_feature_isset(&rdev->wiphy,
11132 NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
11133 return -EOPNOTSUPP;
11134
11135 switch (info->genlhdr->cmd) {
11136 case NL80211_CMD_SET_PMKSA:
11137 rdev_ops = rdev->ops->set_pmksa;
11138 break;
11139 case NL80211_CMD_DEL_PMKSA:
11140 rdev_ops = rdev->ops->del_pmksa;
11141 break;
11142 default:
11143 WARN_ON(1);
11144 break;
11145 }
11146
11147 if (!rdev_ops)
11148 return -EOPNOTSUPP;
11149
11150 return rdev_ops(&rdev->wiphy, dev, &pmksa);
11151}
11152
11153static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
11154{
11155 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11156 struct net_device *dev = info->user_ptr[1];
11157
11158 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11159 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11160 return -EOPNOTSUPP;
11161
11162 if (!rdev->ops->flush_pmksa)
11163 return -EOPNOTSUPP;
11164
11165 return rdev_flush_pmksa(rdev, dev);
11166}
11167
11168static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
11169{
11170 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11171 struct net_device *dev = info->user_ptr[1];
11172 u8 action_code, dialog_token;
11173 u32 peer_capability = 0;
11174 u16 status_code;
11175 u8 *peer;
11176 bool initiator;
11177
11178 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
11179 !rdev->ops->tdls_mgmt)
11180 return -EOPNOTSUPP;
11181
11182 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
11183 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
11184 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
11185 !info->attrs[NL80211_ATTR_IE] ||
11186 !info->attrs[NL80211_ATTR_MAC])
11187 return -EINVAL;
11188
11189 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
11190 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
11191 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
11192 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
11193 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
11194 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
11195 peer_capability =
11196 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
11197
11198 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
11199 dialog_token, status_code, peer_capability,
11200 initiator,
11201 nla_data(info->attrs[NL80211_ATTR_IE]),
11202 nla_len(info->attrs[NL80211_ATTR_IE]));
11203}
11204
11205static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
11206{
11207 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11208 struct net_device *dev = info->user_ptr[1];
11209 enum nl80211_tdls_operation operation;
11210 u8 *peer;
11211
11212 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
11213 !rdev->ops->tdls_oper)
11214 return -EOPNOTSUPP;
11215
11216 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
11217 !info->attrs[NL80211_ATTR_MAC])
11218 return -EINVAL;
11219
11220 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
11221 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
11222
11223 return rdev_tdls_oper(rdev, dev, peer, operation);
11224}
11225
11226static int nl80211_remain_on_channel(struct sk_buff *skb,
11227 struct genl_info *info)
11228{
11229 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11230 struct wireless_dev *wdev = info->user_ptr[1];
11231 struct cfg80211_chan_def chandef;
11232 const struct cfg80211_chan_def *compat_chandef;
11233 struct sk_buff *msg;
11234 void *hdr;
11235 u64 cookie;
11236 u32 duration;
11237 int err;
11238
11239 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
11240 !info->attrs[NL80211_ATTR_DURATION])
11241 return -EINVAL;
11242
11243 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
11244
11245 if (!rdev->ops->remain_on_channel ||
11246 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
11247 return -EOPNOTSUPP;
11248
11249
11250
11251
11252
11253 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
11254 duration > rdev->wiphy.max_remain_on_channel_duration)
11255 return -EINVAL;
11256
11257 err = nl80211_parse_chandef(rdev, info, &chandef);
11258 if (err)
11259 return err;
11260
11261 wdev_lock(wdev);
11262 if (!cfg80211_off_channel_oper_allowed(wdev) &&
11263 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
11264 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
11265 &chandef);
11266 if (compat_chandef != &chandef) {
11267 wdev_unlock(wdev);
11268 return -EBUSY;
11269 }
11270 }
11271 wdev_unlock(wdev);
11272
11273 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11274 if (!msg)
11275 return -ENOMEM;
11276
11277 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11278 NL80211_CMD_REMAIN_ON_CHANNEL);
11279 if (!hdr) {
11280 err = -ENOBUFS;
11281 goto free_msg;
11282 }
11283
11284 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
11285 duration, &cookie);
11286
11287 if (err)
11288 goto free_msg;
11289
11290 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11291 NL80211_ATTR_PAD))
11292 goto nla_put_failure;
11293
11294 genlmsg_end(msg, hdr);
11295
11296 return genlmsg_reply(msg, info);
11297
11298 nla_put_failure:
11299 err = -ENOBUFS;
11300 free_msg:
11301 nlmsg_free(msg);
11302 return err;
11303}
11304
11305static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
11306 struct genl_info *info)
11307{
11308 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11309 struct wireless_dev *wdev = info->user_ptr[1];
11310 u64 cookie;
11311
11312 if (!info->attrs[NL80211_ATTR_COOKIE])
11313 return -EINVAL;
11314
11315 if (!rdev->ops->cancel_remain_on_channel)
11316 return -EOPNOTSUPP;
11317
11318 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11319
11320 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
11321}
11322
11323static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
11324 struct genl_info *info)
11325{
11326 struct cfg80211_bitrate_mask mask;
11327 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11328 struct net_device *dev = info->user_ptr[1];
11329 int err;
11330
11331 if (!rdev->ops->set_bitrate_mask)
11332 return -EOPNOTSUPP;
11333
11334 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
11335 NL80211_ATTR_TX_RATES, &mask,
11336 dev, true);
11337 if (err)
11338 return err;
11339
11340 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
11341}
11342
11343static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
11344{
11345 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11346 struct wireless_dev *wdev = info->user_ptr[1];
11347 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
11348
11349 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
11350 return -EINVAL;
11351
11352 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
11353 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
11354
11355 switch (wdev->iftype) {
11356 case NL80211_IFTYPE_STATION:
11357 case NL80211_IFTYPE_ADHOC:
11358 case NL80211_IFTYPE_P2P_CLIENT:
11359 case NL80211_IFTYPE_AP:
11360 case NL80211_IFTYPE_AP_VLAN:
11361 case NL80211_IFTYPE_MESH_POINT:
11362 case NL80211_IFTYPE_P2P_GO:
11363 case NL80211_IFTYPE_P2P_DEVICE:
11364 break;
11365 case NL80211_IFTYPE_NAN:
11366 default:
11367 return -EOPNOTSUPP;
11368 }
11369
11370
11371 if (!rdev->ops->mgmt_tx)
11372 return -EOPNOTSUPP;
11373
11374 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
11375 !wiphy_ext_feature_isset(&rdev->wiphy,
11376 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
11377 GENL_SET_ERR_MSG(info,
11378 "multicast RX registrations are not supported");
11379 return -EOPNOTSUPP;
11380 }
11381
11382 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
11383 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
11384 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
11385 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
11386 info->extack);
11387}
11388
11389static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
11390{
11391 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11392 struct wireless_dev *wdev = info->user_ptr[1];
11393 struct cfg80211_chan_def chandef;
11394 int err;
11395 void *hdr = NULL;
11396 u64 cookie;
11397 struct sk_buff *msg = NULL;
11398 struct cfg80211_mgmt_tx_params params = {
11399 .dont_wait_for_ack =
11400 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
11401 };
11402
11403 if (!info->attrs[NL80211_ATTR_FRAME])
11404 return -EINVAL;
11405
11406 if (!rdev->ops->mgmt_tx)
11407 return -EOPNOTSUPP;
11408
11409 switch (wdev->iftype) {
11410 case NL80211_IFTYPE_P2P_DEVICE:
11411 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
11412 return -EINVAL;
11413 break;
11414 case NL80211_IFTYPE_STATION:
11415 case NL80211_IFTYPE_ADHOC:
11416 case NL80211_IFTYPE_P2P_CLIENT:
11417 case NL80211_IFTYPE_AP:
11418 case NL80211_IFTYPE_AP_VLAN:
11419 case NL80211_IFTYPE_MESH_POINT:
11420 case NL80211_IFTYPE_P2P_GO:
11421 break;
11422 case NL80211_IFTYPE_NAN:
11423 default:
11424 return -EOPNOTSUPP;
11425 }
11426
11427 if (info->attrs[NL80211_ATTR_DURATION]) {
11428 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
11429 return -EINVAL;
11430 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
11431
11432
11433
11434
11435
11436 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
11437 params.wait > rdev->wiphy.max_remain_on_channel_duration)
11438 return -EINVAL;
11439 }
11440
11441 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
11442
11443 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
11444 return -EINVAL;
11445
11446 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
11447
11448
11449
11450
11451 chandef.chan = NULL;
11452 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11453 err = nl80211_parse_chandef(rdev, info, &chandef);
11454 if (err)
11455 return err;
11456 }
11457
11458 if (!chandef.chan && params.offchan)
11459 return -EINVAL;
11460
11461 wdev_lock(wdev);
11462 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
11463 wdev_unlock(wdev);
11464 return -EBUSY;
11465 }
11466 wdev_unlock(wdev);
11467
11468 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
11469 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
11470
11471 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
11472 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
11473 int i;
11474
11475 if (len % sizeof(u16))
11476 return -EINVAL;
11477
11478 params.n_csa_offsets = len / sizeof(u16);
11479 params.csa_offsets =
11480 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
11481
11482
11483 for (i = 0; i < params.n_csa_offsets; i++) {
11484 if (params.csa_offsets[i] >= params.len)
11485 return -EINVAL;
11486 }
11487 }
11488
11489 if (!params.dont_wait_for_ack) {
11490 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11491 if (!msg)
11492 return -ENOMEM;
11493
11494 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11495 NL80211_CMD_FRAME);
11496 if (!hdr) {
11497 err = -ENOBUFS;
11498 goto free_msg;
11499 }
11500 }
11501
11502 params.chan = chandef.chan;
11503 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie);
11504 if (err)
11505 goto free_msg;
11506
11507 if (msg) {
11508 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11509 NL80211_ATTR_PAD))
11510 goto nla_put_failure;
11511
11512 genlmsg_end(msg, hdr);
11513 return genlmsg_reply(msg, info);
11514 }
11515
11516 return 0;
11517
11518 nla_put_failure:
11519 err = -ENOBUFS;
11520 free_msg:
11521 nlmsg_free(msg);
11522 return err;
11523}
11524
11525static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
11526{
11527 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11528 struct wireless_dev *wdev = info->user_ptr[1];
11529 u64 cookie;
11530
11531 if (!info->attrs[NL80211_ATTR_COOKIE])
11532 return -EINVAL;
11533
11534 if (!rdev->ops->mgmt_tx_cancel_wait)
11535 return -EOPNOTSUPP;
11536
11537 switch (wdev->iftype) {
11538 case NL80211_IFTYPE_STATION:
11539 case NL80211_IFTYPE_ADHOC:
11540 case NL80211_IFTYPE_P2P_CLIENT:
11541 case NL80211_IFTYPE_AP:
11542 case NL80211_IFTYPE_AP_VLAN:
11543 case NL80211_IFTYPE_P2P_GO:
11544 case NL80211_IFTYPE_P2P_DEVICE:
11545 break;
11546 case NL80211_IFTYPE_NAN:
11547 default:
11548 return -EOPNOTSUPP;
11549 }
11550
11551 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11552
11553 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
11554}
11555
11556static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
11557{
11558 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11559 struct wireless_dev *wdev;
11560 struct net_device *dev = info->user_ptr[1];
11561 u8 ps_state;
11562 bool state;
11563 int err;
11564
11565 if (!info->attrs[NL80211_ATTR_PS_STATE])
11566 return -EINVAL;
11567
11568 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
11569
11570 wdev = dev->ieee80211_ptr;
11571
11572 if (!rdev->ops->set_power_mgmt)
11573 return -EOPNOTSUPP;
11574
11575 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
11576
11577 if (state == wdev->ps)
11578 return 0;
11579
11580 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
11581 if (!err)
11582 wdev->ps = state;
11583 return err;
11584}
11585
11586static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
11587{
11588 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11589 enum nl80211_ps_state ps_state;
11590 struct wireless_dev *wdev;
11591 struct net_device *dev = info->user_ptr[1];
11592 struct sk_buff *msg;
11593 void *hdr;
11594 int err;
11595
11596 wdev = dev->ieee80211_ptr;
11597
11598 if (!rdev->ops->set_power_mgmt)
11599 return -EOPNOTSUPP;
11600
11601 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11602 if (!msg)
11603 return -ENOMEM;
11604
11605 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11606 NL80211_CMD_GET_POWER_SAVE);
11607 if (!hdr) {
11608 err = -ENOBUFS;
11609 goto free_msg;
11610 }
11611
11612 if (wdev->ps)
11613 ps_state = NL80211_PS_ENABLED;
11614 else
11615 ps_state = NL80211_PS_DISABLED;
11616
11617 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
11618 goto nla_put_failure;
11619
11620 genlmsg_end(msg, hdr);
11621 return genlmsg_reply(msg, info);
11622
11623 nla_put_failure:
11624 err = -ENOBUFS;
11625 free_msg:
11626 nlmsg_free(msg);
11627 return err;
11628}
11629
11630static const struct nla_policy
11631nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
11632 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
11633 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
11634 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
11635 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
11636 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
11637 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
11638 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
11639};
11640
11641static int nl80211_set_cqm_txe(struct genl_info *info,
11642 u32 rate, u32 pkts, u32 intvl)
11643{
11644 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11645 struct net_device *dev = info->user_ptr[1];
11646 struct wireless_dev *wdev = dev->ieee80211_ptr;
11647
11648 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
11649 return -EINVAL;
11650
11651 if (!rdev->ops->set_cqm_txe_config)
11652 return -EOPNOTSUPP;
11653
11654 if (wdev->iftype != NL80211_IFTYPE_STATION &&
11655 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11656 return -EOPNOTSUPP;
11657
11658 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
11659}
11660
11661static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
11662 struct net_device *dev)
11663{
11664 struct wireless_dev *wdev = dev->ieee80211_ptr;
11665 s32 last, low, high;
11666 u32 hyst;
11667 int i, n, low_index;
11668 int err;
11669
11670
11671 if (!wdev->cqm_config)
11672 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
11673
11674
11675
11676
11677
11678
11679
11680 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
11681 rdev->ops->get_station) {
11682 struct station_info sinfo = {};
11683 u8 *mac_addr;
11684
11685 mac_addr = wdev->current_bss->pub.bssid;
11686
11687 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
11688 if (err)
11689 return err;
11690
11691 cfg80211_sinfo_release_content(&sinfo);
11692 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
11693 wdev->cqm_config->last_rssi_event_value =
11694 (s8) sinfo.rx_beacon_signal_avg;
11695 }
11696
11697 last = wdev->cqm_config->last_rssi_event_value;
11698 hyst = wdev->cqm_config->rssi_hyst;
11699 n = wdev->cqm_config->n_rssi_thresholds;
11700
11701 for (i = 0; i < n; i++) {
11702 i = array_index_nospec(i, n);
11703 if (last < wdev->cqm_config->rssi_thresholds[i])
11704 break;
11705 }
11706
11707 low_index = i - 1;
11708 if (low_index >= 0) {
11709 low_index = array_index_nospec(low_index, n);
11710 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
11711 } else {
11712 low = S32_MIN;
11713 }
11714 if (i < n) {
11715 i = array_index_nospec(i, n);
11716 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
11717 } else {
11718 high = S32_MAX;
11719 }
11720
11721 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
11722}
11723
11724static int nl80211_set_cqm_rssi(struct genl_info *info,
11725 const s32 *thresholds, int n_thresholds,
11726 u32 hysteresis)
11727{
11728 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11729 struct net_device *dev = info->user_ptr[1];
11730 struct wireless_dev *wdev = dev->ieee80211_ptr;
11731 int i, err;
11732 s32 prev = S32_MIN;
11733
11734
11735 for (i = 0; i < n_thresholds; i++) {
11736 if (thresholds[i] > 0 || thresholds[i] <= prev)
11737 return -EINVAL;
11738
11739 prev = thresholds[i];
11740 }
11741
11742 if (wdev->iftype != NL80211_IFTYPE_STATION &&
11743 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11744 return -EOPNOTSUPP;
11745
11746 wdev_lock(wdev);
11747 cfg80211_cqm_config_free(wdev);
11748 wdev_unlock(wdev);
11749
11750 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
11751 if (n_thresholds == 0 || thresholds[0] == 0)
11752 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
11753
11754 return rdev_set_cqm_rssi_config(rdev, dev,
11755 thresholds[0], hysteresis);
11756 }
11757
11758 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11759 NL80211_EXT_FEATURE_CQM_RSSI_LIST))
11760 return -EOPNOTSUPP;
11761
11762 if (n_thresholds == 1 && thresholds[0] == 0)
11763 n_thresholds = 0;
11764
11765 wdev_lock(wdev);
11766 if (n_thresholds) {
11767 struct cfg80211_cqm_config *cqm_config;
11768
11769 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
11770 n_thresholds * sizeof(s32), GFP_KERNEL);
11771 if (!cqm_config) {
11772 err = -ENOMEM;
11773 goto unlock;
11774 }
11775
11776 cqm_config->rssi_hyst = hysteresis;
11777 cqm_config->n_rssi_thresholds = n_thresholds;
11778 memcpy(cqm_config->rssi_thresholds, thresholds,
11779 n_thresholds * sizeof(s32));
11780
11781 wdev->cqm_config = cqm_config;
11782 }
11783
11784 err = cfg80211_cqm_rssi_update(rdev, dev);
11785
11786unlock:
11787 wdev_unlock(wdev);
11788
11789 return err;
11790}
11791
11792static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
11793{
11794 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
11795 struct nlattr *cqm;
11796 int err;
11797
11798 cqm = info->attrs[NL80211_ATTR_CQM];
11799 if (!cqm)
11800 return -EINVAL;
11801
11802 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
11803 nl80211_attr_cqm_policy,
11804 info->extack);
11805 if (err)
11806 return err;
11807
11808 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
11809 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
11810 const s32 *thresholds =
11811 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11812 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11813 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
11814
11815 if (len % 4)
11816 return -EINVAL;
11817
11818 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
11819 hysteresis);
11820 }
11821
11822 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
11823 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
11824 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
11825 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
11826 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
11827 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
11828
11829 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
11830 }
11831
11832 return -EINVAL;
11833}
11834
11835static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
11836{
11837 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11838 struct net_device *dev = info->user_ptr[1];
11839 struct ocb_setup setup = {};
11840 int err;
11841
11842 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11843 if (err)
11844 return err;
11845
11846 return cfg80211_join_ocb(rdev, dev, &setup);
11847}
11848
11849static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
11850{
11851 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11852 struct net_device *dev = info->user_ptr[1];
11853
11854 return cfg80211_leave_ocb(rdev, dev);
11855}
11856
11857static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
11858{
11859 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11860 struct net_device *dev = info->user_ptr[1];
11861 struct mesh_config cfg;
11862 struct mesh_setup setup;
11863 int err;
11864
11865
11866 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
11867 memcpy(&setup, &default_mesh_setup, sizeof(setup));
11868
11869 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
11870
11871 err = nl80211_parse_mesh_config(info, &cfg, NULL);
11872 if (err)
11873 return err;
11874 }
11875
11876 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
11877 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
11878 return -EINVAL;
11879
11880 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
11881 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
11882
11883 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11884 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
11885 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11886 return -EINVAL;
11887
11888 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
11889 setup.beacon_interval =
11890 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11891
11892 err = cfg80211_validate_beacon_int(rdev,
11893 NL80211_IFTYPE_MESH_POINT,
11894 setup.beacon_interval);
11895 if (err)
11896 return err;
11897 }
11898
11899 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
11900 setup.dtim_period =
11901 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
11902 if (setup.dtim_period < 1 || setup.dtim_period > 100)
11903 return -EINVAL;
11904 }
11905
11906 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
11907
11908 err = nl80211_parse_mesh_setup(info, &setup);
11909 if (err)
11910 return err;
11911 }
11912
11913 if (setup.user_mpm)
11914 cfg.auto_open_plinks = false;
11915
11916 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11917 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11918 if (err)
11919 return err;
11920 } else {
11921
11922 setup.chandef.chan = NULL;
11923 }
11924
11925 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11926 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11927 int n_rates =
11928 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11929 struct ieee80211_supported_band *sband;
11930
11931 if (!setup.chandef.chan)
11932 return -EINVAL;
11933
11934 sband = rdev->wiphy.bands[setup.chandef.chan->band];
11935
11936 err = ieee80211_get_ratemask(sband, rates, n_rates,
11937 &setup.basic_rates);
11938 if (err)
11939 return err;
11940 }
11941
11942 if (info->attrs[NL80211_ATTR_TX_RATES]) {
11943 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
11944 NL80211_ATTR_TX_RATES,
11945 &setup.beacon_rate,
11946 dev, false);
11947 if (err)
11948 return err;
11949
11950 if (!setup.chandef.chan)
11951 return -EINVAL;
11952
11953 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
11954 &setup.beacon_rate);
11955 if (err)
11956 return err;
11957 }
11958
11959 setup.userspace_handles_dfs =
11960 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11961
11962 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11963 int r = validate_pae_over_nl80211(rdev, info);
11964
11965 if (r < 0)
11966 return r;
11967
11968 setup.control_port_over_nl80211 = true;
11969 }
11970
11971 wdev_lock(dev->ieee80211_ptr);
11972 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
11973 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
11974 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11975 wdev_unlock(dev->ieee80211_ptr);
11976
11977 return err;
11978}
11979
11980static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
11981{
11982 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11983 struct net_device *dev = info->user_ptr[1];
11984
11985 return cfg80211_leave_mesh(rdev, dev);
11986}
11987
11988#ifdef CONFIG_PM
11989static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
11990 struct cfg80211_registered_device *rdev)
11991{
11992 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
11993 struct nlattr *nl_pats, *nl_pat;
11994 int i, pat_len;
11995
11996 if (!wowlan->n_patterns)
11997 return 0;
11998
11999 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
12000 if (!nl_pats)
12001 return -ENOBUFS;
12002
12003 for (i = 0; i < wowlan->n_patterns; i++) {
12004 nl_pat = nla_nest_start_noflag(msg, i + 1);
12005 if (!nl_pat)
12006 return -ENOBUFS;
12007 pat_len = wowlan->patterns[i].pattern_len;
12008 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
12009 wowlan->patterns[i].mask) ||
12010 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
12011 wowlan->patterns[i].pattern) ||
12012 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
12013 wowlan->patterns[i].pkt_offset))
12014 return -ENOBUFS;
12015 nla_nest_end(msg, nl_pat);
12016 }
12017 nla_nest_end(msg, nl_pats);
12018
12019 return 0;
12020}
12021
12022static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
12023 struct cfg80211_wowlan_tcp *tcp)
12024{
12025 struct nlattr *nl_tcp;
12026
12027 if (!tcp)
12028 return 0;
12029
12030 nl_tcp = nla_nest_start_noflag(msg,
12031 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
12032 if (!nl_tcp)
12033 return -ENOBUFS;
12034
12035 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
12036 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
12037 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
12038 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
12039 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
12040 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
12041 tcp->payload_len, tcp->payload) ||
12042 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
12043 tcp->data_interval) ||
12044 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
12045 tcp->wake_len, tcp->wake_data) ||
12046 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
12047 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
12048 return -ENOBUFS;
12049
12050 if (tcp->payload_seq.len &&
12051 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
12052 sizeof(tcp->payload_seq), &tcp->payload_seq))
12053 return -ENOBUFS;
12054
12055 if (tcp->payload_tok.len &&
12056 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
12057 sizeof(tcp->payload_tok) + tcp->tokens_size,
12058 &tcp->payload_tok))
12059 return -ENOBUFS;
12060
12061 nla_nest_end(msg, nl_tcp);
12062
12063 return 0;
12064}
12065
12066static int nl80211_send_wowlan_nd(struct sk_buff *msg,
12067 struct cfg80211_sched_scan_request *req)
12068{
12069 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
12070 int i;
12071
12072 if (!req)
12073 return 0;
12074
12075 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
12076 if (!nd)
12077 return -ENOBUFS;
12078
12079 if (req->n_scan_plans == 1 &&
12080 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
12081 req->scan_plans[0].interval * 1000))
12082 return -ENOBUFS;
12083
12084 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
12085 return -ENOBUFS;
12086
12087 if (req->relative_rssi_set) {
12088 struct nl80211_bss_select_rssi_adjust rssi_adjust;
12089
12090 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
12091 req->relative_rssi))
12092 return -ENOBUFS;
12093
12094 rssi_adjust.band = req->rssi_adjust.band;
12095 rssi_adjust.delta = req->rssi_adjust.delta;
12096 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
12097 sizeof(rssi_adjust), &rssi_adjust))
12098 return -ENOBUFS;
12099 }
12100
12101 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
12102 if (!freqs)
12103 return -ENOBUFS;
12104
12105 for (i = 0; i < req->n_channels; i++) {
12106 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
12107 return -ENOBUFS;
12108 }
12109
12110 nla_nest_end(msg, freqs);
12111
12112 if (req->n_match_sets) {
12113 matches = nla_nest_start_noflag(msg,
12114 NL80211_ATTR_SCHED_SCAN_MATCH);
12115 if (!matches)
12116 return -ENOBUFS;
12117
12118 for (i = 0; i < req->n_match_sets; i++) {
12119 match = nla_nest_start_noflag(msg, i);
12120 if (!match)
12121 return -ENOBUFS;
12122
12123 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
12124 req->match_sets[i].ssid.ssid_len,
12125 req->match_sets[i].ssid.ssid))
12126 return -ENOBUFS;
12127 nla_nest_end(msg, match);
12128 }
12129 nla_nest_end(msg, matches);
12130 }
12131
12132 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
12133 if (!scan_plans)
12134 return -ENOBUFS;
12135
12136 for (i = 0; i < req->n_scan_plans; i++) {
12137 scan_plan = nla_nest_start_noflag(msg, i + 1);
12138 if (!scan_plan)
12139 return -ENOBUFS;
12140
12141 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
12142 req->scan_plans[i].interval) ||
12143 (req->scan_plans[i].iterations &&
12144 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
12145 req->scan_plans[i].iterations)))
12146 return -ENOBUFS;
12147 nla_nest_end(msg, scan_plan);
12148 }
12149 nla_nest_end(msg, scan_plans);
12150
12151 nla_nest_end(msg, nd);
12152
12153 return 0;
12154}
12155
12156static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
12157{
12158 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12159 struct sk_buff *msg;
12160 void *hdr;
12161 u32 size = NLMSG_DEFAULT_SIZE;
12162
12163 if (!rdev->wiphy.wowlan)
12164 return -EOPNOTSUPP;
12165
12166 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
12167
12168 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
12169 rdev->wiphy.wowlan_config->tcp->payload_len +
12170 rdev->wiphy.wowlan_config->tcp->wake_len +
12171 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
12172 }
12173
12174 msg = nlmsg_new(size, GFP_KERNEL);
12175 if (!msg)
12176 return -ENOMEM;
12177
12178 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12179 NL80211_CMD_GET_WOWLAN);
12180 if (!hdr)
12181 goto nla_put_failure;
12182
12183 if (rdev->wiphy.wowlan_config) {
12184 struct nlattr *nl_wowlan;
12185
12186 nl_wowlan = nla_nest_start_noflag(msg,
12187 NL80211_ATTR_WOWLAN_TRIGGERS);
12188 if (!nl_wowlan)
12189 goto nla_put_failure;
12190
12191 if ((rdev->wiphy.wowlan_config->any &&
12192 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
12193 (rdev->wiphy.wowlan_config->disconnect &&
12194 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
12195 (rdev->wiphy.wowlan_config->magic_pkt &&
12196 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
12197 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
12198 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
12199 (rdev->wiphy.wowlan_config->eap_identity_req &&
12200 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
12201 (rdev->wiphy.wowlan_config->four_way_handshake &&
12202 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
12203 (rdev->wiphy.wowlan_config->rfkill_release &&
12204 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
12205 goto nla_put_failure;
12206
12207 if (nl80211_send_wowlan_patterns(msg, rdev))
12208 goto nla_put_failure;
12209
12210 if (nl80211_send_wowlan_tcp(msg,
12211 rdev->wiphy.wowlan_config->tcp))
12212 goto nla_put_failure;
12213
12214 if (nl80211_send_wowlan_nd(
12215 msg,
12216 rdev->wiphy.wowlan_config->nd_config))
12217 goto nla_put_failure;
12218
12219 nla_nest_end(msg, nl_wowlan);
12220 }
12221
12222 genlmsg_end(msg, hdr);
12223 return genlmsg_reply(msg, info);
12224
12225nla_put_failure:
12226 nlmsg_free(msg);
12227 return -ENOBUFS;
12228}
12229
12230static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
12231 struct nlattr *attr,
12232 struct cfg80211_wowlan *trig)
12233{
12234 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
12235 struct cfg80211_wowlan_tcp *cfg;
12236 struct nl80211_wowlan_tcp_data_token *tok = NULL;
12237 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
12238 u32 size;
12239 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
12240 int err, port;
12241
12242 if (!rdev->wiphy.wowlan->tcp)
12243 return -EINVAL;
12244
12245 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
12246 nl80211_wowlan_tcp_policy, NULL);
12247 if (err)
12248 return err;
12249
12250 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
12251 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
12252 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
12253 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
12254 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
12255 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
12256 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
12257 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
12258 return -EINVAL;
12259
12260 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
12261 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
12262 return -EINVAL;
12263
12264 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
12265 rdev->wiphy.wowlan->tcp->data_interval_max ||
12266 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
12267 return -EINVAL;
12268
12269 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
12270 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
12271 return -EINVAL;
12272
12273 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
12274 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
12275 return -EINVAL;
12276
12277 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
12278 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
12279
12280 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
12281 tokens_size = tokln - sizeof(*tok);
12282
12283 if (!tok->len || tokens_size % tok->len)
12284 return -EINVAL;
12285 if (!rdev->wiphy.wowlan->tcp->tok)
12286 return -EINVAL;
12287 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
12288 return -EINVAL;
12289 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
12290 return -EINVAL;
12291 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
12292 return -EINVAL;
12293 if (tok->offset + tok->len > data_size)
12294 return -EINVAL;
12295 }
12296
12297 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
12298 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
12299 if (!rdev->wiphy.wowlan->tcp->seq)
12300 return -EINVAL;
12301 if (seq->len == 0 || seq->len > 4)
12302 return -EINVAL;
12303 if (seq->len + seq->offset > data_size)
12304 return -EINVAL;
12305 }
12306
12307 size = sizeof(*cfg);
12308 size += data_size;
12309 size += wake_size + wake_mask_size;
12310 size += tokens_size;
12311
12312 cfg = kzalloc(size, GFP_KERNEL);
12313 if (!cfg)
12314 return -ENOMEM;
12315 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
12316 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
12317 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
12318 ETH_ALEN);
12319 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
12320 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
12321 else
12322 port = 0;
12323#ifdef CONFIG_INET
12324
12325 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
12326 IPPROTO_TCP, &cfg->sock, 1);
12327 if (err) {
12328 kfree(cfg);
12329 return err;
12330 }
12331 if (inet_csk_get_port(cfg->sock->sk, port)) {
12332 sock_release(cfg->sock);
12333 kfree(cfg);
12334 return -EADDRINUSE;
12335 }
12336 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
12337#else
12338 if (!port) {
12339 kfree(cfg);
12340 return -EINVAL;
12341 }
12342 cfg->src_port = port;
12343#endif
12344
12345 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
12346 cfg->payload_len = data_size;
12347 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
12348 memcpy((void *)cfg->payload,
12349 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
12350 data_size);
12351 if (seq)
12352 cfg->payload_seq = *seq;
12353 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
12354 cfg->wake_len = wake_size;
12355 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
12356 memcpy((void *)cfg->wake_data,
12357 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
12358 wake_size);
12359 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
12360 data_size + wake_size;
12361 memcpy((void *)cfg->wake_mask,
12362 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
12363 wake_mask_size);
12364 if (tok) {
12365 cfg->tokens_size = tokens_size;
12366 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
12367 }
12368
12369 trig->tcp = cfg;
12370
12371 return 0;
12372}
12373
12374static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
12375 const struct wiphy_wowlan_support *wowlan,
12376 struct nlattr *attr,
12377 struct cfg80211_wowlan *trig)
12378{
12379 struct nlattr **tb;
12380 int err;
12381
12382 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
12383 if (!tb)
12384 return -ENOMEM;
12385
12386 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
12387 err = -EOPNOTSUPP;
12388 goto out;
12389 }
12390
12391 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
12392 nl80211_policy, NULL);
12393 if (err)
12394 goto out;
12395
12396 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
12397 wowlan->max_nd_match_sets);
12398 err = PTR_ERR_OR_ZERO(trig->nd_config);
12399 if (err)
12400 trig->nd_config = NULL;
12401
12402out:
12403 kfree(tb);
12404 return err;
12405}
12406
12407static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
12408{
12409 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12410 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
12411 struct cfg80211_wowlan new_triggers = {};
12412 struct cfg80211_wowlan *ntrig;
12413 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
12414 int err, i;
12415 bool prev_enabled = rdev->wiphy.wowlan_config;
12416 bool regular = false;
12417
12418 if (!wowlan)
12419 return -EOPNOTSUPP;
12420
12421 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
12422 cfg80211_rdev_free_wowlan(rdev);
12423 rdev->wiphy.wowlan_config = NULL;
12424 goto set_wakeup;
12425 }
12426
12427 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
12428 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
12429 nl80211_wowlan_policy, info->extack);
12430 if (err)
12431 return err;
12432
12433 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
12434 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
12435 return -EINVAL;
12436 new_triggers.any = true;
12437 }
12438
12439 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
12440 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
12441 return -EINVAL;
12442 new_triggers.disconnect = true;
12443 regular = true;
12444 }
12445
12446 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
12447 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
12448 return -EINVAL;
12449 new_triggers.magic_pkt = true;
12450 regular = true;
12451 }
12452
12453 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
12454 return -EINVAL;
12455
12456 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
12457 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
12458 return -EINVAL;
12459 new_triggers.gtk_rekey_failure = true;
12460 regular = true;
12461 }
12462
12463 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
12464 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
12465 return -EINVAL;
12466 new_triggers.eap_identity_req = true;
12467 regular = true;
12468 }
12469
12470 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
12471 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
12472 return -EINVAL;
12473 new_triggers.four_way_handshake = true;
12474 regular = true;
12475 }
12476
12477 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
12478 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
12479 return -EINVAL;
12480 new_triggers.rfkill_release = true;
12481 regular = true;
12482 }
12483
12484 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
12485 struct nlattr *pat;
12486 int n_patterns = 0;
12487 int rem, pat_len, mask_len, pkt_offset;
12488 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
12489
12490 regular = true;
12491
12492 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
12493 rem)
12494 n_patterns++;
12495 if (n_patterns > wowlan->n_patterns)
12496 return -EINVAL;
12497
12498 new_triggers.patterns = kcalloc(n_patterns,
12499 sizeof(new_triggers.patterns[0]),
12500 GFP_KERNEL);
12501 if (!new_triggers.patterns)
12502 return -ENOMEM;
12503
12504 new_triggers.n_patterns = n_patterns;
12505 i = 0;
12506
12507 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
12508 rem) {
12509 u8 *mask_pat;
12510
12511 err = nla_parse_nested_deprecated(pat_tb,
12512 MAX_NL80211_PKTPAT,
12513 pat,
12514 nl80211_packet_pattern_policy,
12515 info->extack);
12516 if (err)
12517 goto error;
12518
12519 err = -EINVAL;
12520 if (!pat_tb[NL80211_PKTPAT_MASK] ||
12521 !pat_tb[NL80211_PKTPAT_PATTERN])
12522 goto error;
12523 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
12524 mask_len = DIV_ROUND_UP(pat_len, 8);
12525 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
12526 goto error;
12527 if (pat_len > wowlan->pattern_max_len ||
12528 pat_len < wowlan->pattern_min_len)
12529 goto error;
12530
12531 if (!pat_tb[NL80211_PKTPAT_OFFSET])
12532 pkt_offset = 0;
12533 else
12534 pkt_offset = nla_get_u32(
12535 pat_tb[NL80211_PKTPAT_OFFSET]);
12536 if (pkt_offset > wowlan->max_pkt_offset)
12537 goto error;
12538 new_triggers.patterns[i].pkt_offset = pkt_offset;
12539
12540 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12541 if (!mask_pat) {
12542 err = -ENOMEM;
12543 goto error;
12544 }
12545 new_triggers.patterns[i].mask = mask_pat;
12546 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12547 mask_len);
12548 mask_pat += mask_len;
12549 new_triggers.patterns[i].pattern = mask_pat;
12550 new_triggers.patterns[i].pattern_len = pat_len;
12551 memcpy(mask_pat,
12552 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12553 pat_len);
12554 i++;
12555 }
12556 }
12557
12558 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
12559 regular = true;
12560 err = nl80211_parse_wowlan_tcp(
12561 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
12562 &new_triggers);
12563 if (err)
12564 goto error;
12565 }
12566
12567 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
12568 regular = true;
12569 err = nl80211_parse_wowlan_nd(
12570 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
12571 &new_triggers);
12572 if (err)
12573 goto error;
12574 }
12575
12576
12577
12578
12579
12580
12581
12582 if (new_triggers.any && regular) {
12583 err = -EINVAL;
12584 goto error;
12585 }
12586
12587 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
12588 if (!ntrig) {
12589 err = -ENOMEM;
12590 goto error;
12591 }
12592 cfg80211_rdev_free_wowlan(rdev);
12593 rdev->wiphy.wowlan_config = ntrig;
12594
12595 set_wakeup:
12596 if (rdev->ops->set_wakeup &&
12597 prev_enabled != !!rdev->wiphy.wowlan_config)
12598 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
12599
12600 return 0;
12601 error:
12602 for (i = 0; i < new_triggers.n_patterns; i++)
12603 kfree(new_triggers.patterns[i].mask);
12604 kfree(new_triggers.patterns);
12605 if (new_triggers.tcp && new_triggers.tcp->sock)
12606 sock_release(new_triggers.tcp->sock);
12607 kfree(new_triggers.tcp);
12608 kfree(new_triggers.nd_config);
12609 return err;
12610}
12611#endif
12612
12613static int nl80211_send_coalesce_rules(struct sk_buff *msg,
12614 struct cfg80211_registered_device *rdev)
12615{
12616 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
12617 int i, j, pat_len;
12618 struct cfg80211_coalesce_rules *rule;
12619
12620 if (!rdev->coalesce->n_rules)
12621 return 0;
12622
12623 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
12624 if (!nl_rules)
12625 return -ENOBUFS;
12626
12627 for (i = 0; i < rdev->coalesce->n_rules; i++) {
12628 nl_rule = nla_nest_start_noflag(msg, i + 1);
12629 if (!nl_rule)
12630 return -ENOBUFS;
12631
12632 rule = &rdev->coalesce->rules[i];
12633 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
12634 rule->delay))
12635 return -ENOBUFS;
12636
12637 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
12638 rule->condition))
12639 return -ENOBUFS;
12640
12641 nl_pats = nla_nest_start_noflag(msg,
12642 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
12643 if (!nl_pats)
12644 return -ENOBUFS;
12645
12646 for (j = 0; j < rule->n_patterns; j++) {
12647 nl_pat = nla_nest_start_noflag(msg, j + 1);
12648 if (!nl_pat)
12649 return -ENOBUFS;
12650 pat_len = rule->patterns[j].pattern_len;
12651 if (nla_put(msg, NL80211_PKTPAT_MASK,
12652 DIV_ROUND_UP(pat_len, 8),
12653 rule->patterns[j].mask) ||
12654 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
12655 rule->patterns[j].pattern) ||
12656 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
12657 rule->patterns[j].pkt_offset))
12658 return -ENOBUFS;
12659 nla_nest_end(msg, nl_pat);
12660 }
12661 nla_nest_end(msg, nl_pats);
12662 nla_nest_end(msg, nl_rule);
12663 }
12664 nla_nest_end(msg, nl_rules);
12665
12666 return 0;
12667}
12668
12669static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
12670{
12671 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12672 struct sk_buff *msg;
12673 void *hdr;
12674
12675 if (!rdev->wiphy.coalesce)
12676 return -EOPNOTSUPP;
12677
12678 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12679 if (!msg)
12680 return -ENOMEM;
12681
12682 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12683 NL80211_CMD_GET_COALESCE);
12684 if (!hdr)
12685 goto nla_put_failure;
12686
12687 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
12688 goto nla_put_failure;
12689
12690 genlmsg_end(msg, hdr);
12691 return genlmsg_reply(msg, info);
12692
12693nla_put_failure:
12694 nlmsg_free(msg);
12695 return -ENOBUFS;
12696}
12697
12698void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
12699{
12700 struct cfg80211_coalesce *coalesce = rdev->coalesce;
12701 int i, j;
12702 struct cfg80211_coalesce_rules *rule;
12703
12704 if (!coalesce)
12705 return;
12706
12707 for (i = 0; i < coalesce->n_rules; i++) {
12708 rule = &coalesce->rules[i];
12709 for (j = 0; j < rule->n_patterns; j++)
12710 kfree(rule->patterns[j].mask);
12711 kfree(rule->patterns);
12712 }
12713 kfree(coalesce->rules);
12714 kfree(coalesce);
12715 rdev->coalesce = NULL;
12716}
12717
12718static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
12719 struct nlattr *rule,
12720 struct cfg80211_coalesce_rules *new_rule)
12721{
12722 int err, i;
12723 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12724 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
12725 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
12726 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
12727
12728 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
12729 rule, nl80211_coalesce_policy, NULL);
12730 if (err)
12731 return err;
12732
12733 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
12734 new_rule->delay =
12735 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
12736 if (new_rule->delay > coalesce->max_delay)
12737 return -EINVAL;
12738
12739 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
12740 new_rule->condition =
12741 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
12742
12743 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
12744 return -EINVAL;
12745
12746 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12747 rem)
12748 n_patterns++;
12749 if (n_patterns > coalesce->n_patterns)
12750 return -EINVAL;
12751
12752 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
12753 GFP_KERNEL);
12754 if (!new_rule->patterns)
12755 return -ENOMEM;
12756
12757 new_rule->n_patterns = n_patterns;
12758 i = 0;
12759
12760 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12761 rem) {
12762 u8 *mask_pat;
12763
12764 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
12765 pat,
12766 nl80211_packet_pattern_policy,
12767 NULL);
12768 if (err)
12769 return err;
12770
12771 if (!pat_tb[NL80211_PKTPAT_MASK] ||
12772 !pat_tb[NL80211_PKTPAT_PATTERN])
12773 return -EINVAL;
12774 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
12775 mask_len = DIV_ROUND_UP(pat_len, 8);
12776 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
12777 return -EINVAL;
12778 if (pat_len > coalesce->pattern_max_len ||
12779 pat_len < coalesce->pattern_min_len)
12780 return -EINVAL;
12781
12782 if (!pat_tb[NL80211_PKTPAT_OFFSET])
12783 pkt_offset = 0;
12784 else
12785 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
12786 if (pkt_offset > coalesce->max_pkt_offset)
12787 return -EINVAL;
12788 new_rule->patterns[i].pkt_offset = pkt_offset;
12789
12790 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12791 if (!mask_pat)
12792 return -ENOMEM;
12793
12794 new_rule->patterns[i].mask = mask_pat;
12795 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12796 mask_len);
12797
12798 mask_pat += mask_len;
12799 new_rule->patterns[i].pattern = mask_pat;
12800 new_rule->patterns[i].pattern_len = pat_len;
12801 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12802 pat_len);
12803 i++;
12804 }
12805
12806 return 0;
12807}
12808
12809static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
12810{
12811 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12812 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12813 struct cfg80211_coalesce new_coalesce = {};
12814 struct cfg80211_coalesce *n_coalesce;
12815 int err, rem_rule, n_rules = 0, i, j;
12816 struct nlattr *rule;
12817 struct cfg80211_coalesce_rules *tmp_rule;
12818
12819 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
12820 return -EOPNOTSUPP;
12821
12822 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
12823 cfg80211_rdev_free_coalesce(rdev);
12824 rdev_set_coalesce(rdev, NULL);
12825 return 0;
12826 }
12827
12828 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12829 rem_rule)
12830 n_rules++;
12831 if (n_rules > coalesce->n_rules)
12832 return -EINVAL;
12833
12834 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
12835 GFP_KERNEL);
12836 if (!new_coalesce.rules)
12837 return -ENOMEM;
12838
12839 new_coalesce.n_rules = n_rules;
12840 i = 0;
12841
12842 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12843 rem_rule) {
12844 err = nl80211_parse_coalesce_rule(rdev, rule,
12845 &new_coalesce.rules[i]);
12846 if (err)
12847 goto error;
12848
12849 i++;
12850 }
12851
12852 err = rdev_set_coalesce(rdev, &new_coalesce);
12853 if (err)
12854 goto error;
12855
12856 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
12857 if (!n_coalesce) {
12858 err = -ENOMEM;
12859 goto error;
12860 }
12861 cfg80211_rdev_free_coalesce(rdev);
12862 rdev->coalesce = n_coalesce;
12863
12864 return 0;
12865error:
12866 for (i = 0; i < new_coalesce.n_rules; i++) {
12867 tmp_rule = &new_coalesce.rules[i];
12868 for (j = 0; j < tmp_rule->n_patterns; j++)
12869 kfree(tmp_rule->patterns[j].mask);
12870 kfree(tmp_rule->patterns);
12871 }
12872 kfree(new_coalesce.rules);
12873
12874 return err;
12875}
12876
12877static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
12878{
12879 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12880 struct net_device *dev = info->user_ptr[1];
12881 struct wireless_dev *wdev = dev->ieee80211_ptr;
12882 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
12883 struct cfg80211_gtk_rekey_data rekey_data = {};
12884 int err;
12885
12886 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
12887 return -EINVAL;
12888
12889 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
12890 info->attrs[NL80211_ATTR_REKEY_DATA],
12891 nl80211_rekey_policy, info->extack);
12892 if (err)
12893 return err;
12894
12895 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
12896 !tb[NL80211_REKEY_DATA_KCK])
12897 return -EINVAL;
12898 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
12899 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
12900 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
12901 return -ERANGE;
12902 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
12903 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
12904 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KCK_EXT_LEN))
12905 return -ERANGE;
12906
12907 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
12908 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
12909 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
12910 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
12911 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
12912 if (tb[NL80211_REKEY_DATA_AKM])
12913 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
12914
12915 wdev_lock(wdev);
12916 if (!wdev->current_bss) {
12917 err = -ENOTCONN;
12918 goto out;
12919 }
12920
12921 if (!rdev->ops->set_rekey_data) {
12922 err = -EOPNOTSUPP;
12923 goto out;
12924 }
12925
12926 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
12927 out:
12928 wdev_unlock(wdev);
12929 return err;
12930}
12931
12932static int nl80211_register_unexpected_frame(struct sk_buff *skb,
12933 struct genl_info *info)
12934{
12935 struct net_device *dev = info->user_ptr[1];
12936 struct wireless_dev *wdev = dev->ieee80211_ptr;
12937
12938 if (wdev->iftype != NL80211_IFTYPE_AP &&
12939 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12940 return -EINVAL;
12941
12942 if (wdev->ap_unexpected_nlportid)
12943 return -EBUSY;
12944
12945 wdev->ap_unexpected_nlportid = info->snd_portid;
12946 return 0;
12947}
12948
12949static int nl80211_probe_client(struct sk_buff *skb,
12950 struct genl_info *info)
12951{
12952 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12953 struct net_device *dev = info->user_ptr[1];
12954 struct wireless_dev *wdev = dev->ieee80211_ptr;
12955 struct sk_buff *msg;
12956 void *hdr;
12957 const u8 *addr;
12958 u64 cookie;
12959 int err;
12960
12961 if (wdev->iftype != NL80211_IFTYPE_AP &&
12962 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12963 return -EOPNOTSUPP;
12964
12965 if (!info->attrs[NL80211_ATTR_MAC])
12966 return -EINVAL;
12967
12968 if (!rdev->ops->probe_client)
12969 return -EOPNOTSUPP;
12970
12971 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12972 if (!msg)
12973 return -ENOMEM;
12974
12975 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12976 NL80211_CMD_PROBE_CLIENT);
12977 if (!hdr) {
12978 err = -ENOBUFS;
12979 goto free_msg;
12980 }
12981
12982 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12983
12984 err = rdev_probe_client(rdev, dev, addr, &cookie);
12985 if (err)
12986 goto free_msg;
12987
12988 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12989 NL80211_ATTR_PAD))
12990 goto nla_put_failure;
12991
12992 genlmsg_end(msg, hdr);
12993
12994 return genlmsg_reply(msg, info);
12995
12996 nla_put_failure:
12997 err = -ENOBUFS;
12998 free_msg:
12999 nlmsg_free(msg);
13000 return err;
13001}
13002
13003static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
13004{
13005 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13006 struct cfg80211_beacon_registration *reg, *nreg;
13007 int rv;
13008
13009 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
13010 return -EOPNOTSUPP;
13011
13012 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
13013 if (!nreg)
13014 return -ENOMEM;
13015
13016
13017 spin_lock_bh(&rdev->beacon_registrations_lock);
13018 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
13019 if (reg->nlportid == info->snd_portid) {
13020 rv = -EALREADY;
13021 goto out_err;
13022 }
13023 }
13024
13025 nreg->nlportid = info->snd_portid;
13026 list_add(&nreg->list, &rdev->beacon_registrations);
13027
13028 spin_unlock_bh(&rdev->beacon_registrations_lock);
13029
13030 return 0;
13031out_err:
13032 spin_unlock_bh(&rdev->beacon_registrations_lock);
13033 kfree(nreg);
13034 return rv;
13035}
13036
13037static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
13038{
13039 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13040 struct wireless_dev *wdev = info->user_ptr[1];
13041 int err;
13042
13043 if (!rdev->ops->start_p2p_device)
13044 return -EOPNOTSUPP;
13045
13046 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
13047 return -EOPNOTSUPP;
13048
13049 if (wdev_running(wdev))
13050 return 0;
13051
13052 if (rfkill_blocked(rdev->wiphy.rfkill))
13053 return -ERFKILL;
13054
13055 err = rdev_start_p2p_device(rdev, wdev);
13056 if (err)
13057 return err;
13058
13059 wdev->is_running = true;
13060 rdev->opencount++;
13061
13062 return 0;
13063}
13064
13065static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
13066{
13067 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13068 struct wireless_dev *wdev = info->user_ptr[1];
13069
13070 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
13071 return -EOPNOTSUPP;
13072
13073 if (!rdev->ops->stop_p2p_device)
13074 return -EOPNOTSUPP;
13075
13076 cfg80211_stop_p2p_device(rdev, wdev);
13077
13078 return 0;
13079}
13080
13081static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
13082{
13083 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13084 struct wireless_dev *wdev = info->user_ptr[1];
13085 struct cfg80211_nan_conf conf = {};
13086 int err;
13087
13088 if (wdev->iftype != NL80211_IFTYPE_NAN)
13089 return -EOPNOTSUPP;
13090
13091 if (wdev_running(wdev))
13092 return -EEXIST;
13093
13094 if (rfkill_blocked(rdev->wiphy.rfkill))
13095 return -ERFKILL;
13096
13097 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
13098 return -EINVAL;
13099
13100 conf.master_pref =
13101 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
13102
13103 if (info->attrs[NL80211_ATTR_BANDS]) {
13104 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
13105
13106 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
13107 return -EOPNOTSUPP;
13108
13109 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
13110 return -EINVAL;
13111
13112 conf.bands = bands;
13113 }
13114
13115 err = rdev_start_nan(rdev, wdev, &conf);
13116 if (err)
13117 return err;
13118
13119 wdev->is_running = true;
13120 rdev->opencount++;
13121
13122 return 0;
13123}
13124
13125static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
13126{
13127 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13128 struct wireless_dev *wdev = info->user_ptr[1];
13129
13130 if (wdev->iftype != NL80211_IFTYPE_NAN)
13131 return -EOPNOTSUPP;
13132
13133 cfg80211_stop_nan(rdev, wdev);
13134
13135 return 0;
13136}
13137
13138static int validate_nan_filter(struct nlattr *filter_attr)
13139{
13140 struct nlattr *attr;
13141 int len = 0, n_entries = 0, rem;
13142
13143 nla_for_each_nested(attr, filter_attr, rem) {
13144 len += nla_len(attr);
13145 n_entries++;
13146 }
13147
13148 if (len >= U8_MAX)
13149 return -EINVAL;
13150
13151 return n_entries;
13152}
13153
13154static int handle_nan_filter(struct nlattr *attr_filter,
13155 struct cfg80211_nan_func *func,
13156 bool tx)
13157{
13158 struct nlattr *attr;
13159 int n_entries, rem, i;
13160 struct cfg80211_nan_func_filter *filter;
13161
13162 n_entries = validate_nan_filter(attr_filter);
13163 if (n_entries < 0)
13164 return n_entries;
13165
13166 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
13167
13168 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
13169 if (!filter)
13170 return -ENOMEM;
13171
13172 i = 0;
13173 nla_for_each_nested(attr, attr_filter, rem) {
13174 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
13175 filter[i].len = nla_len(attr);
13176 i++;
13177 }
13178 if (tx) {
13179 func->num_tx_filters = n_entries;
13180 func->tx_filters = filter;
13181 } else {
13182 func->num_rx_filters = n_entries;
13183 func->rx_filters = filter;
13184 }
13185
13186 return 0;
13187}
13188
13189static int nl80211_nan_add_func(struct sk_buff *skb,
13190 struct genl_info *info)
13191{
13192 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13193 struct wireless_dev *wdev = info->user_ptr[1];
13194 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
13195 struct cfg80211_nan_func *func;
13196 struct sk_buff *msg = NULL;
13197 void *hdr = NULL;
13198 int err = 0;
13199
13200 if (wdev->iftype != NL80211_IFTYPE_NAN)
13201 return -EOPNOTSUPP;
13202
13203 if (!wdev_running(wdev))
13204 return -ENOTCONN;
13205
13206 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
13207 return -EINVAL;
13208
13209 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
13210 info->attrs[NL80211_ATTR_NAN_FUNC],
13211 nl80211_nan_func_policy,
13212 info->extack);
13213 if (err)
13214 return err;
13215
13216 func = kzalloc(sizeof(*func), GFP_KERNEL);
13217 if (!func)
13218 return -ENOMEM;
13219
13220 func->cookie = cfg80211_assign_cookie(rdev);
13221
13222 if (!tb[NL80211_NAN_FUNC_TYPE]) {
13223 err = -EINVAL;
13224 goto out;
13225 }
13226
13227
13228 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
13229
13230 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
13231 err = -EINVAL;
13232 goto out;
13233 }
13234
13235 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
13236 sizeof(func->service_id));
13237
13238 func->close_range =
13239 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
13240
13241 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
13242 func->serv_spec_info_len =
13243 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
13244 func->serv_spec_info =
13245 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
13246 func->serv_spec_info_len,
13247 GFP_KERNEL);
13248 if (!func->serv_spec_info) {
13249 err = -ENOMEM;
13250 goto out;
13251 }
13252 }
13253
13254 if (tb[NL80211_NAN_FUNC_TTL])
13255 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
13256
13257 switch (func->type) {
13258 case NL80211_NAN_FUNC_PUBLISH:
13259 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
13260 err = -EINVAL;
13261 goto out;
13262 }
13263
13264 func->publish_type =
13265 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
13266 func->publish_bcast =
13267 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
13268
13269 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
13270 func->publish_bcast) {
13271 err = -EINVAL;
13272 goto out;
13273 }
13274 break;
13275 case NL80211_NAN_FUNC_SUBSCRIBE:
13276 func->subscribe_active =
13277 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
13278 break;
13279 case NL80211_NAN_FUNC_FOLLOW_UP:
13280 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
13281 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
13282 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
13283 err = -EINVAL;
13284 goto out;
13285 }
13286
13287 func->followup_id =
13288 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
13289 func->followup_reqid =
13290 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
13291 memcpy(func->followup_dest.addr,
13292 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
13293 sizeof(func->followup_dest.addr));
13294 if (func->ttl) {
13295 err = -EINVAL;
13296 goto out;
13297 }
13298 break;
13299 default:
13300 err = -EINVAL;
13301 goto out;
13302 }
13303
13304 if (tb[NL80211_NAN_FUNC_SRF]) {
13305 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
13306
13307 err = nla_parse_nested_deprecated(srf_tb,
13308 NL80211_NAN_SRF_ATTR_MAX,
13309 tb[NL80211_NAN_FUNC_SRF],
13310 nl80211_nan_srf_policy,
13311 info->extack);
13312 if (err)
13313 goto out;
13314
13315 func->srf_include =
13316 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
13317
13318 if (srf_tb[NL80211_NAN_SRF_BF]) {
13319 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
13320 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
13321 err = -EINVAL;
13322 goto out;
13323 }
13324
13325 func->srf_bf_len =
13326 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
13327 func->srf_bf =
13328 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
13329 func->srf_bf_len, GFP_KERNEL);
13330 if (!func->srf_bf) {
13331 err = -ENOMEM;
13332 goto out;
13333 }
13334
13335 func->srf_bf_idx =
13336 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
13337 } else {
13338 struct nlattr *attr, *mac_attr =
13339 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
13340 int n_entries, rem, i = 0;
13341
13342 if (!mac_attr) {
13343 err = -EINVAL;
13344 goto out;
13345 }
13346
13347 n_entries = validate_acl_mac_addrs(mac_attr);
13348 if (n_entries <= 0) {
13349 err = -EINVAL;
13350 goto out;
13351 }
13352
13353 func->srf_num_macs = n_entries;
13354 func->srf_macs =
13355 kcalloc(n_entries, sizeof(*func->srf_macs),
13356 GFP_KERNEL);
13357 if (!func->srf_macs) {
13358 err = -ENOMEM;
13359 goto out;
13360 }
13361
13362 nla_for_each_nested(attr, mac_attr, rem)
13363 memcpy(func->srf_macs[i++].addr, nla_data(attr),
13364 sizeof(*func->srf_macs));
13365 }
13366 }
13367
13368 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
13369 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
13370 func, true);
13371 if (err)
13372 goto out;
13373 }
13374
13375 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
13376 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
13377 func, false);
13378 if (err)
13379 goto out;
13380 }
13381
13382 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13383 if (!msg) {
13384 err = -ENOMEM;
13385 goto out;
13386 }
13387
13388 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13389 NL80211_CMD_ADD_NAN_FUNCTION);
13390
13391 if (WARN_ON(!hdr)) {
13392 err = -ENOMEM;
13393 goto out;
13394 }
13395
13396 err = rdev_add_nan_func(rdev, wdev, func);
13397out:
13398 if (err < 0) {
13399 cfg80211_free_nan_func(func);
13400 nlmsg_free(msg);
13401 return err;
13402 }
13403
13404
13405 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
13406 NL80211_ATTR_PAD))
13407 goto nla_put_failure;
13408
13409 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
13410 if (!func_attr)
13411 goto nla_put_failure;
13412
13413 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
13414 func->instance_id))
13415 goto nla_put_failure;
13416
13417 nla_nest_end(msg, func_attr);
13418
13419 genlmsg_end(msg, hdr);
13420 return genlmsg_reply(msg, info);
13421
13422nla_put_failure:
13423 nlmsg_free(msg);
13424 return -ENOBUFS;
13425}
13426
13427static int nl80211_nan_del_func(struct sk_buff *skb,
13428 struct genl_info *info)
13429{
13430 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13431 struct wireless_dev *wdev = info->user_ptr[1];
13432 u64 cookie;
13433
13434 if (wdev->iftype != NL80211_IFTYPE_NAN)
13435 return -EOPNOTSUPP;
13436
13437 if (!wdev_running(wdev))
13438 return -ENOTCONN;
13439
13440 if (!info->attrs[NL80211_ATTR_COOKIE])
13441 return -EINVAL;
13442
13443 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
13444
13445 rdev_del_nan_func(rdev, wdev, cookie);
13446
13447 return 0;
13448}
13449
13450static int nl80211_nan_change_config(struct sk_buff *skb,
13451 struct genl_info *info)
13452{
13453 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13454 struct wireless_dev *wdev = info->user_ptr[1];
13455 struct cfg80211_nan_conf conf = {};
13456 u32 changed = 0;
13457
13458 if (wdev->iftype != NL80211_IFTYPE_NAN)
13459 return -EOPNOTSUPP;
13460
13461 if (!wdev_running(wdev))
13462 return -ENOTCONN;
13463
13464 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
13465 conf.master_pref =
13466 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
13467 if (conf.master_pref <= 1 || conf.master_pref == 255)
13468 return -EINVAL;
13469
13470 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
13471 }
13472
13473 if (info->attrs[NL80211_ATTR_BANDS]) {
13474 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
13475
13476 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
13477 return -EOPNOTSUPP;
13478
13479 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
13480 return -EINVAL;
13481
13482 conf.bands = bands;
13483 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
13484 }
13485
13486 if (!changed)
13487 return -EINVAL;
13488
13489 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
13490}
13491
13492void cfg80211_nan_match(struct wireless_dev *wdev,
13493 struct cfg80211_nan_match_params *match, gfp_t gfp)
13494{
13495 struct wiphy *wiphy = wdev->wiphy;
13496 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13497 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
13498 struct sk_buff *msg;
13499 void *hdr;
13500
13501 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
13502 return;
13503
13504 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13505 if (!msg)
13506 return;
13507
13508 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
13509 if (!hdr) {
13510 nlmsg_free(msg);
13511 return;
13512 }
13513
13514 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13515 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13516 wdev->netdev->ifindex)) ||
13517 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13518 NL80211_ATTR_PAD))
13519 goto nla_put_failure;
13520
13521 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
13522 NL80211_ATTR_PAD) ||
13523 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
13524 goto nla_put_failure;
13525
13526 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
13527 if (!match_attr)
13528 goto nla_put_failure;
13529
13530 local_func_attr = nla_nest_start_noflag(msg,
13531 NL80211_NAN_MATCH_FUNC_LOCAL);
13532 if (!local_func_attr)
13533 goto nla_put_failure;
13534
13535 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
13536 goto nla_put_failure;
13537
13538 nla_nest_end(msg, local_func_attr);
13539
13540 peer_func_attr = nla_nest_start_noflag(msg,
13541 NL80211_NAN_MATCH_FUNC_PEER);
13542 if (!peer_func_attr)
13543 goto nla_put_failure;
13544
13545 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
13546 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
13547 goto nla_put_failure;
13548
13549 if (match->info && match->info_len &&
13550 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
13551 match->info))
13552 goto nla_put_failure;
13553
13554 nla_nest_end(msg, peer_func_attr);
13555 nla_nest_end(msg, match_attr);
13556 genlmsg_end(msg, hdr);
13557
13558 if (!wdev->owner_nlportid)
13559 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13560 msg, 0, NL80211_MCGRP_NAN, gfp);
13561 else
13562 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
13563 wdev->owner_nlportid);
13564
13565 return;
13566
13567nla_put_failure:
13568 nlmsg_free(msg);
13569}
13570EXPORT_SYMBOL(cfg80211_nan_match);
13571
13572void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
13573 u8 inst_id,
13574 enum nl80211_nan_func_term_reason reason,
13575 u64 cookie, gfp_t gfp)
13576{
13577 struct wiphy *wiphy = wdev->wiphy;
13578 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13579 struct sk_buff *msg;
13580 struct nlattr *func_attr;
13581 void *hdr;
13582
13583 if (WARN_ON(!inst_id))
13584 return;
13585
13586 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13587 if (!msg)
13588 return;
13589
13590 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
13591 if (!hdr) {
13592 nlmsg_free(msg);
13593 return;
13594 }
13595
13596 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13597 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13598 wdev->netdev->ifindex)) ||
13599 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13600 NL80211_ATTR_PAD))
13601 goto nla_put_failure;
13602
13603 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
13604 NL80211_ATTR_PAD))
13605 goto nla_put_failure;
13606
13607 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
13608 if (!func_attr)
13609 goto nla_put_failure;
13610
13611 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
13612 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
13613 goto nla_put_failure;
13614
13615 nla_nest_end(msg, func_attr);
13616 genlmsg_end(msg, hdr);
13617
13618 if (!wdev->owner_nlportid)
13619 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13620 msg, 0, NL80211_MCGRP_NAN, gfp);
13621 else
13622 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
13623 wdev->owner_nlportid);
13624
13625 return;
13626
13627nla_put_failure:
13628 nlmsg_free(msg);
13629}
13630EXPORT_SYMBOL(cfg80211_nan_func_terminated);
13631
13632static int nl80211_get_protocol_features(struct sk_buff *skb,
13633 struct genl_info *info)
13634{
13635 void *hdr;
13636 struct sk_buff *msg;
13637
13638 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13639 if (!msg)
13640 return -ENOMEM;
13641
13642 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13643 NL80211_CMD_GET_PROTOCOL_FEATURES);
13644 if (!hdr)
13645 goto nla_put_failure;
13646
13647 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
13648 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
13649 goto nla_put_failure;
13650
13651 genlmsg_end(msg, hdr);
13652 return genlmsg_reply(msg, info);
13653
13654 nla_put_failure:
13655 kfree_skb(msg);
13656 return -ENOBUFS;
13657}
13658
13659static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
13660{
13661 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13662 struct cfg80211_update_ft_ies_params ft_params;
13663 struct net_device *dev = info->user_ptr[1];
13664
13665 if (!rdev->ops->update_ft_ies)
13666 return -EOPNOTSUPP;
13667
13668 if (!info->attrs[NL80211_ATTR_MDID] ||
13669 !info->attrs[NL80211_ATTR_IE])
13670 return -EINVAL;
13671
13672 memset(&ft_params, 0, sizeof(ft_params));
13673 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
13674 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13675 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13676
13677 return rdev_update_ft_ies(rdev, dev, &ft_params);
13678}
13679
13680static int nl80211_crit_protocol_start(struct sk_buff *skb,
13681 struct genl_info *info)
13682{
13683 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13684 struct wireless_dev *wdev = info->user_ptr[1];
13685 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
13686 u16 duration;
13687 int ret;
13688
13689 if (!rdev->ops->crit_proto_start)
13690 return -EOPNOTSUPP;
13691
13692 if (WARN_ON(!rdev->ops->crit_proto_stop))
13693 return -EINVAL;
13694
13695 if (rdev->crit_proto_nlportid)
13696 return -EBUSY;
13697
13698
13699 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
13700 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
13701
13702 if (proto >= NUM_NL80211_CRIT_PROTO)
13703 return -EINVAL;
13704
13705
13706 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
13707 return -EINVAL;
13708
13709 duration =
13710 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
13711
13712 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
13713 if (!ret)
13714 rdev->crit_proto_nlportid = info->snd_portid;
13715
13716 return ret;
13717}
13718
13719static int nl80211_crit_protocol_stop(struct sk_buff *skb,
13720 struct genl_info *info)
13721{
13722 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13723 struct wireless_dev *wdev = info->user_ptr[1];
13724
13725 if (!rdev->ops->crit_proto_stop)
13726 return -EOPNOTSUPP;
13727
13728 if (rdev->crit_proto_nlportid) {
13729 rdev->crit_proto_nlportid = 0;
13730 rdev_crit_proto_stop(rdev, wdev);
13731 }
13732 return 0;
13733}
13734
13735static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
13736 struct nlattr *attr,
13737 struct netlink_ext_ack *extack)
13738{
13739 if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
13740 if (attr->nla_type & NLA_F_NESTED) {
13741 NL_SET_ERR_MSG_ATTR(extack, attr,
13742 "unexpected nested data");
13743 return -EINVAL;
13744 }
13745
13746 return 0;
13747 }
13748
13749 if (!(attr->nla_type & NLA_F_NESTED)) {
13750 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
13751 return -EINVAL;
13752 }
13753
13754 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
13755}
13756
13757static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
13758{
13759 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13760 struct wireless_dev *wdev =
13761 __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
13762 info->attrs);
13763 int i, err;
13764 u32 vid, subcmd;
13765
13766 if (!rdev->wiphy.vendor_commands)
13767 return -EOPNOTSUPP;
13768
13769 if (IS_ERR(wdev)) {
13770 err = PTR_ERR(wdev);
13771 if (err != -EINVAL)
13772 return err;
13773 wdev = NULL;
13774 } else if (wdev->wiphy != &rdev->wiphy) {
13775 return -EINVAL;
13776 }
13777
13778 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
13779 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
13780 return -EINVAL;
13781
13782 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
13783 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
13784 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
13785 const struct wiphy_vendor_command *vcmd;
13786 void *data = NULL;
13787 int len = 0;
13788
13789 vcmd = &rdev->wiphy.vendor_commands[i];
13790
13791 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13792 continue;
13793
13794 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13795 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13796 if (!wdev)
13797 return -EINVAL;
13798 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13799 !wdev->netdev)
13800 return -EINVAL;
13801
13802 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13803 if (!wdev_running(wdev))
13804 return -ENETDOWN;
13805 }
13806 } else {
13807 wdev = NULL;
13808 }
13809
13810 if (!vcmd->doit)
13811 return -EOPNOTSUPP;
13812
13813 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
13814 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13815 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13816
13817 err = nl80211_vendor_check_policy(vcmd,
13818 info->attrs[NL80211_ATTR_VENDOR_DATA],
13819 info->extack);
13820 if (err)
13821 return err;
13822 }
13823
13824 rdev->cur_cmd_info = info;
13825 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
13826 rdev->cur_cmd_info = NULL;
13827 return err;
13828 }
13829
13830 return -EOPNOTSUPP;
13831}
13832
13833static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
13834 struct netlink_callback *cb,
13835 struct cfg80211_registered_device **rdev,
13836 struct wireless_dev **wdev)
13837{
13838 struct nlattr **attrbuf;
13839 u32 vid, subcmd;
13840 unsigned int i;
13841 int vcmd_idx = -1;
13842 int err;
13843 void *data = NULL;
13844 unsigned int data_len = 0;
13845
13846 if (cb->args[0]) {
13847
13848 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
13849 struct wireless_dev *tmp;
13850
13851 if (!wiphy)
13852 return -ENODEV;
13853 *rdev = wiphy_to_rdev(wiphy);
13854 *wdev = NULL;
13855
13856 if (cb->args[1]) {
13857 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
13858 if (tmp->identifier == cb->args[1] - 1) {
13859 *wdev = tmp;
13860 break;
13861 }
13862 }
13863 }
13864
13865
13866 return 0;
13867 }
13868
13869 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
13870 if (!attrbuf)
13871 return -ENOMEM;
13872
13873 err = nlmsg_parse_deprecated(cb->nlh,
13874 GENL_HDRLEN + nl80211_fam.hdrsize,
13875 attrbuf, nl80211_fam.maxattr,
13876 nl80211_policy, NULL);
13877 if (err)
13878 goto out;
13879
13880 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
13881 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
13882 err = -EINVAL;
13883 goto out;
13884 }
13885
13886 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf);
13887 if (IS_ERR(*wdev))
13888 *wdev = NULL;
13889
13890 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
13891 if (IS_ERR(*rdev)) {
13892 err = PTR_ERR(*rdev);
13893 goto out;
13894 }
13895
13896 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
13897 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
13898
13899 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
13900 const struct wiphy_vendor_command *vcmd;
13901
13902 vcmd = &(*rdev)->wiphy.vendor_commands[i];
13903
13904 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13905 continue;
13906
13907 if (!vcmd->dumpit) {
13908 err = -EOPNOTSUPP;
13909 goto out;
13910 }
13911
13912 vcmd_idx = i;
13913 break;
13914 }
13915
13916 if (vcmd_idx < 0) {
13917 err = -EOPNOTSUPP;
13918 goto out;
13919 }
13920
13921 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
13922 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13923 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13924
13925 err = nl80211_vendor_check_policy(
13926 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
13927 attrbuf[NL80211_ATTR_VENDOR_DATA],
13928 cb->extack);
13929 if (err)
13930 goto out;
13931 }
13932
13933
13934 cb->args[0] = (*rdev)->wiphy_idx + 1;
13935
13936 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
13937 cb->args[2] = vcmd_idx;
13938 cb->args[3] = (unsigned long)data;
13939 cb->args[4] = data_len;
13940
13941
13942 err = 0;
13943out:
13944 kfree(attrbuf);
13945 return err;
13946}
13947
13948static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
13949 struct netlink_callback *cb)
13950{
13951 struct cfg80211_registered_device *rdev;
13952 struct wireless_dev *wdev;
13953 unsigned int vcmd_idx;
13954 const struct wiphy_vendor_command *vcmd;
13955 void *data;
13956 int data_len;
13957 int err;
13958 struct nlattr *vendor_data;
13959
13960 rtnl_lock();
13961 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
13962 if (err)
13963 goto out;
13964
13965 vcmd_idx = cb->args[2];
13966 data = (void *)cb->args[3];
13967 data_len = cb->args[4];
13968 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
13969
13970 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13971 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13972 if (!wdev) {
13973 err = -EINVAL;
13974 goto out;
13975 }
13976 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13977 !wdev->netdev) {
13978 err = -EINVAL;
13979 goto out;
13980 }
13981
13982 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13983 if (!wdev_running(wdev)) {
13984 err = -ENETDOWN;
13985 goto out;
13986 }
13987 }
13988 }
13989
13990 while (1) {
13991 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13992 cb->nlh->nlmsg_seq, NLM_F_MULTI,
13993 NL80211_CMD_VENDOR);
13994 if (!hdr)
13995 break;
13996
13997 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13998 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
13999 wdev_id(wdev),
14000 NL80211_ATTR_PAD))) {
14001 genlmsg_cancel(skb, hdr);
14002 break;
14003 }
14004
14005 vendor_data = nla_nest_start_noflag(skb,
14006 NL80211_ATTR_VENDOR_DATA);
14007 if (!vendor_data) {
14008 genlmsg_cancel(skb, hdr);
14009 break;
14010 }
14011
14012 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
14013 (unsigned long *)&cb->args[5]);
14014 nla_nest_end(skb, vendor_data);
14015
14016 if (err == -ENOBUFS || err == -ENOENT) {
14017 genlmsg_cancel(skb, hdr);
14018 break;
14019 } else if (err <= 0) {
14020 genlmsg_cancel(skb, hdr);
14021 goto out;
14022 }
14023
14024 genlmsg_end(skb, hdr);
14025 }
14026
14027 err = skb->len;
14028 out:
14029 rtnl_unlock();
14030 return err;
14031}
14032
14033struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
14034 enum nl80211_commands cmd,
14035 enum nl80211_attrs attr,
14036 int approxlen)
14037{
14038 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14039
14040 if (WARN_ON(!rdev->cur_cmd_info))
14041 return NULL;
14042
14043 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
14044 rdev->cur_cmd_info->snd_portid,
14045 rdev->cur_cmd_info->snd_seq,
14046 cmd, attr, NULL, GFP_KERNEL);
14047}
14048EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
14049
14050int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
14051{
14052 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
14053 void *hdr = ((void **)skb->cb)[1];
14054 struct nlattr *data = ((void **)skb->cb)[2];
14055
14056
14057 memset(skb->cb, 0, sizeof(skb->cb));
14058
14059 if (WARN_ON(!rdev->cur_cmd_info)) {
14060 kfree_skb(skb);
14061 return -EINVAL;
14062 }
14063
14064 nla_nest_end(skb, data);
14065 genlmsg_end(skb, hdr);
14066 return genlmsg_reply(skb, rdev->cur_cmd_info);
14067}
14068EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
14069
14070unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
14071{
14072 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14073
14074 if (WARN_ON(!rdev->cur_cmd_info))
14075 return 0;
14076
14077 return rdev->cur_cmd_info->snd_portid;
14078}
14079EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
14080
14081static int nl80211_set_qos_map(struct sk_buff *skb,
14082 struct genl_info *info)
14083{
14084 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14085 struct cfg80211_qos_map *qos_map = NULL;
14086 struct net_device *dev = info->user_ptr[1];
14087 u8 *pos, len, num_des, des_len, des;
14088 int ret;
14089
14090 if (!rdev->ops->set_qos_map)
14091 return -EOPNOTSUPP;
14092
14093 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
14094 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
14095 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
14096
14097 if (len % 2)
14098 return -EINVAL;
14099
14100 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
14101 if (!qos_map)
14102 return -ENOMEM;
14103
14104 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
14105 if (num_des) {
14106 des_len = num_des *
14107 sizeof(struct cfg80211_dscp_exception);
14108 memcpy(qos_map->dscp_exception, pos, des_len);
14109 qos_map->num_des = num_des;
14110 for (des = 0; des < num_des; des++) {
14111 if (qos_map->dscp_exception[des].up > 7) {
14112 kfree(qos_map);
14113 return -EINVAL;
14114 }
14115 }
14116 pos += des_len;
14117 }
14118 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
14119 }
14120
14121 wdev_lock(dev->ieee80211_ptr);
14122 ret = nl80211_key_allowed(dev->ieee80211_ptr);
14123 if (!ret)
14124 ret = rdev_set_qos_map(rdev, dev, qos_map);
14125 wdev_unlock(dev->ieee80211_ptr);
14126
14127 kfree(qos_map);
14128 return ret;
14129}
14130
14131static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
14132{
14133 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14134 struct net_device *dev = info->user_ptr[1];
14135 struct wireless_dev *wdev = dev->ieee80211_ptr;
14136 const u8 *peer;
14137 u8 tsid, up;
14138 u16 admitted_time = 0;
14139 int err;
14140
14141 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
14142 return -EOPNOTSUPP;
14143
14144 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
14145 !info->attrs[NL80211_ATTR_USER_PRIO])
14146 return -EINVAL;
14147
14148 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
14149 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
14150
14151
14152 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
14153
14154
14155
14156
14157 return -EINVAL;
14158 }
14159
14160 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14161
14162 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
14163 admitted_time =
14164 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
14165 if (!admitted_time)
14166 return -EINVAL;
14167 }
14168
14169 wdev_lock(wdev);
14170 switch (wdev->iftype) {
14171 case NL80211_IFTYPE_STATION:
14172 case NL80211_IFTYPE_P2P_CLIENT:
14173 if (wdev->current_bss)
14174 break;
14175 err = -ENOTCONN;
14176 goto out;
14177 default:
14178 err = -EOPNOTSUPP;
14179 goto out;
14180 }
14181
14182 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
14183
14184 out:
14185 wdev_unlock(wdev);
14186 return err;
14187}
14188
14189static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
14190{
14191 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14192 struct net_device *dev = info->user_ptr[1];
14193 struct wireless_dev *wdev = dev->ieee80211_ptr;
14194 const u8 *peer;
14195 u8 tsid;
14196 int err;
14197
14198 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
14199 return -EINVAL;
14200
14201 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
14202 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14203
14204 wdev_lock(wdev);
14205 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
14206 wdev_unlock(wdev);
14207
14208 return err;
14209}
14210
14211static int nl80211_tdls_channel_switch(struct sk_buff *skb,
14212 struct genl_info *info)
14213{
14214 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14215 struct net_device *dev = info->user_ptr[1];
14216 struct wireless_dev *wdev = dev->ieee80211_ptr;
14217 struct cfg80211_chan_def chandef = {};
14218 const u8 *addr;
14219 u8 oper_class;
14220 int err;
14221
14222 if (!rdev->ops->tdls_channel_switch ||
14223 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
14224 return -EOPNOTSUPP;
14225
14226 switch (dev->ieee80211_ptr->iftype) {
14227 case NL80211_IFTYPE_STATION:
14228 case NL80211_IFTYPE_P2P_CLIENT:
14229 break;
14230 default:
14231 return -EOPNOTSUPP;
14232 }
14233
14234 if (!info->attrs[NL80211_ATTR_MAC] ||
14235 !info->attrs[NL80211_ATTR_OPER_CLASS])
14236 return -EINVAL;
14237
14238 err = nl80211_parse_chandef(rdev, info, &chandef);
14239 if (err)
14240 return err;
14241
14242
14243
14244
14245
14246
14247 if (chandef.chan->band == NL80211_BAND_2GHZ &&
14248 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
14249 chandef.width != NL80211_CHAN_WIDTH_20)
14250 return -EINVAL;
14251
14252
14253 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
14254 wdev->iftype))
14255 return -EINVAL;
14256
14257
14258 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
14259 return -EINVAL;
14260
14261 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14262 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
14263
14264 wdev_lock(wdev);
14265 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
14266 wdev_unlock(wdev);
14267
14268 return err;
14269}
14270
14271static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
14272 struct genl_info *info)
14273{
14274 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14275 struct net_device *dev = info->user_ptr[1];
14276 struct wireless_dev *wdev = dev->ieee80211_ptr;
14277 const u8 *addr;
14278
14279 if (!rdev->ops->tdls_channel_switch ||
14280 !rdev->ops->tdls_cancel_channel_switch ||
14281 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
14282 return -EOPNOTSUPP;
14283
14284 switch (dev->ieee80211_ptr->iftype) {
14285 case NL80211_IFTYPE_STATION:
14286 case NL80211_IFTYPE_P2P_CLIENT:
14287 break;
14288 default:
14289 return -EOPNOTSUPP;
14290 }
14291
14292 if (!info->attrs[NL80211_ATTR_MAC])
14293 return -EINVAL;
14294
14295 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14296
14297 wdev_lock(wdev);
14298 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
14299 wdev_unlock(wdev);
14300
14301 return 0;
14302}
14303
14304static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
14305 struct genl_info *info)
14306{
14307 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14308 struct net_device *dev = info->user_ptr[1];
14309 struct wireless_dev *wdev = dev->ieee80211_ptr;
14310 const struct nlattr *nla;
14311 bool enabled;
14312
14313 if (!rdev->ops->set_multicast_to_unicast)
14314 return -EOPNOTSUPP;
14315
14316 if (wdev->iftype != NL80211_IFTYPE_AP &&
14317 wdev->iftype != NL80211_IFTYPE_P2P_GO)
14318 return -EOPNOTSUPP;
14319
14320 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
14321 enabled = nla_get_flag(nla);
14322
14323 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
14324}
14325
14326static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
14327{
14328 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14329 struct net_device *dev = info->user_ptr[1];
14330 struct wireless_dev *wdev = dev->ieee80211_ptr;
14331 struct cfg80211_pmk_conf pmk_conf = {};
14332 int ret;
14333
14334 if (wdev->iftype != NL80211_IFTYPE_STATION &&
14335 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14336 return -EOPNOTSUPP;
14337
14338 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14339 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
14340 return -EOPNOTSUPP;
14341
14342 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
14343 return -EINVAL;
14344
14345 wdev_lock(wdev);
14346 if (!wdev->current_bss) {
14347 ret = -ENOTCONN;
14348 goto out;
14349 }
14350
14351 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
14352 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
14353 ret = -EINVAL;
14354 goto out;
14355 }
14356
14357 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
14358 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
14359 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
14360 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
14361 ret = -EINVAL;
14362 goto out;
14363 }
14364
14365 if (info->attrs[NL80211_ATTR_PMKR0_NAME])
14366 pmk_conf.pmk_r0_name =
14367 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
14368
14369 ret = rdev_set_pmk(rdev, dev, &pmk_conf);
14370out:
14371 wdev_unlock(wdev);
14372 return ret;
14373}
14374
14375static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
14376{
14377 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14378 struct net_device *dev = info->user_ptr[1];
14379 struct wireless_dev *wdev = dev->ieee80211_ptr;
14380 const u8 *aa;
14381 int ret;
14382
14383 if (wdev->iftype != NL80211_IFTYPE_STATION &&
14384 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14385 return -EOPNOTSUPP;
14386
14387 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14388 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
14389 return -EOPNOTSUPP;
14390
14391 if (!info->attrs[NL80211_ATTR_MAC])
14392 return -EINVAL;
14393
14394 wdev_lock(wdev);
14395 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
14396 ret = rdev_del_pmk(rdev, dev, aa);
14397 wdev_unlock(wdev);
14398
14399 return ret;
14400}
14401
14402static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
14403{
14404 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14405 struct net_device *dev = info->user_ptr[1];
14406 struct cfg80211_external_auth_params params;
14407
14408 if (!rdev->ops->external_auth)
14409 return -EOPNOTSUPP;
14410
14411 if (!info->attrs[NL80211_ATTR_SSID] &&
14412 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
14413 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
14414 return -EINVAL;
14415
14416 if (!info->attrs[NL80211_ATTR_BSSID])
14417 return -EINVAL;
14418
14419 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
14420 return -EINVAL;
14421
14422 memset(¶ms, 0, sizeof(params));
14423
14424 if (info->attrs[NL80211_ATTR_SSID]) {
14425 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
14426 if (params.ssid.ssid_len == 0)
14427 return -EINVAL;
14428 memcpy(params.ssid.ssid,
14429 nla_data(info->attrs[NL80211_ATTR_SSID]),
14430 params.ssid.ssid_len);
14431 }
14432
14433 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
14434 ETH_ALEN);
14435
14436 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
14437
14438 if (info->attrs[NL80211_ATTR_PMKID])
14439 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
14440
14441 return rdev_external_auth(rdev, dev, ¶ms);
14442}
14443
14444static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
14445{
14446 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
14447 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14448 struct net_device *dev = info->user_ptr[1];
14449 struct wireless_dev *wdev = dev->ieee80211_ptr;
14450 const u8 *buf;
14451 size_t len;
14452 u8 *dest;
14453 u16 proto;
14454 bool noencrypt;
14455 u64 cookie = 0;
14456 int err;
14457
14458 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14459 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
14460 return -EOPNOTSUPP;
14461
14462 if (!rdev->ops->tx_control_port)
14463 return -EOPNOTSUPP;
14464
14465 if (!info->attrs[NL80211_ATTR_FRAME] ||
14466 !info->attrs[NL80211_ATTR_MAC] ||
14467 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
14468 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
14469 return -EINVAL;
14470 }
14471
14472 wdev_lock(wdev);
14473
14474 switch (wdev->iftype) {
14475 case NL80211_IFTYPE_AP:
14476 case NL80211_IFTYPE_P2P_GO:
14477 case NL80211_IFTYPE_MESH_POINT:
14478 break;
14479 case NL80211_IFTYPE_ADHOC:
14480 case NL80211_IFTYPE_STATION:
14481 case NL80211_IFTYPE_P2P_CLIENT:
14482 if (wdev->current_bss)
14483 break;
14484 err = -ENOTCONN;
14485 goto out;
14486 default:
14487 err = -EOPNOTSUPP;
14488 goto out;
14489 }
14490
14491 wdev_unlock(wdev);
14492
14493 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14494 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14495 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
14496 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
14497 noencrypt =
14498 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
14499
14500 err = rdev_tx_control_port(rdev, dev, buf, len,
14501 dest, cpu_to_be16(proto), noencrypt,
14502 dont_wait_for_ack ? NULL : &cookie);
14503 if (!err && !dont_wait_for_ack)
14504 nl_set_extack_cookie_u64(info->extack, cookie);
14505 return err;
14506 out:
14507 wdev_unlock(wdev);
14508 return err;
14509}
14510
14511static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
14512 struct genl_info *info)
14513{
14514 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14515 struct net_device *dev = info->user_ptr[1];
14516 struct wireless_dev *wdev = dev->ieee80211_ptr;
14517 struct cfg80211_ftm_responder_stats ftm_stats = {};
14518 struct sk_buff *msg;
14519 void *hdr;
14520 struct nlattr *ftm_stats_attr;
14521 int err;
14522
14523 if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
14524 return -EOPNOTSUPP;
14525
14526 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
14527 if (err)
14528 return err;
14529
14530 if (!ftm_stats.filled)
14531 return -ENODATA;
14532
14533 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14534 if (!msg)
14535 return -ENOMEM;
14536
14537 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14538 NL80211_CMD_GET_FTM_RESPONDER_STATS);
14539 if (!hdr)
14540 goto nla_put_failure;
14541
14542 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
14543 goto nla_put_failure;
14544
14545 ftm_stats_attr = nla_nest_start_noflag(msg,
14546 NL80211_ATTR_FTM_RESPONDER_STATS);
14547 if (!ftm_stats_attr)
14548 goto nla_put_failure;
14549
14550#define SET_FTM(field, name, type) \
14551 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
14552 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
14553 ftm_stats.field)) \
14554 goto nla_put_failure; } while (0)
14555#define SET_FTM_U64(field, name) \
14556 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
14557 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
14558 ftm_stats.field, NL80211_FTM_STATS_PAD)) \
14559 goto nla_put_failure; } while (0)
14560
14561 SET_FTM(success_num, SUCCESS_NUM, u32);
14562 SET_FTM(partial_num, PARTIAL_NUM, u32);
14563 SET_FTM(failed_num, FAILED_NUM, u32);
14564 SET_FTM(asap_num, ASAP_NUM, u32);
14565 SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
14566 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
14567 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
14568 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
14569 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
14570#undef SET_FTM
14571
14572 nla_nest_end(msg, ftm_stats_attr);
14573
14574 genlmsg_end(msg, hdr);
14575 return genlmsg_reply(msg, info);
14576
14577nla_put_failure:
14578 nlmsg_free(msg);
14579 return -ENOBUFS;
14580}
14581
14582static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
14583{
14584 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14585 struct cfg80211_update_owe_info owe_info;
14586 struct net_device *dev = info->user_ptr[1];
14587
14588 if (!rdev->ops->update_owe_info)
14589 return -EOPNOTSUPP;
14590
14591 if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
14592 !info->attrs[NL80211_ATTR_MAC])
14593 return -EINVAL;
14594
14595 memset(&owe_info, 0, sizeof(owe_info));
14596 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
14597 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
14598
14599 if (info->attrs[NL80211_ATTR_IE]) {
14600 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
14601 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
14602 }
14603
14604 return rdev_update_owe_info(rdev, dev, &owe_info);
14605}
14606
14607static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
14608{
14609 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14610 struct net_device *dev = info->user_ptr[1];
14611 struct wireless_dev *wdev = dev->ieee80211_ptr;
14612 struct station_info sinfo = {};
14613 const u8 *buf;
14614 size_t len;
14615 u8 *dest;
14616 int err;
14617
14618 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
14619 return -EOPNOTSUPP;
14620
14621 if (!info->attrs[NL80211_ATTR_MAC] ||
14622 !info->attrs[NL80211_ATTR_FRAME]) {
14623 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
14624 return -EINVAL;
14625 }
14626
14627 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
14628 return -EOPNOTSUPP;
14629
14630 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
14631 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14632 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14633
14634 if (len < sizeof(struct ethhdr))
14635 return -EINVAL;
14636
14637 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
14638 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
14639 return -EINVAL;
14640
14641 err = rdev_get_station(rdev, dev, dest, &sinfo);
14642 if (err)
14643 return err;
14644
14645 cfg80211_sinfo_release_content(&sinfo);
14646
14647 return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
14648}
14649
14650static int parse_tid_conf(struct cfg80211_registered_device *rdev,
14651 struct nlattr *attrs[], struct net_device *dev,
14652 struct cfg80211_tid_cfg *tid_conf,
14653 struct genl_info *info, const u8 *peer)
14654{
14655 struct netlink_ext_ack *extack = info->extack;
14656 u64 mask;
14657 int err;
14658
14659 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
14660 return -EINVAL;
14661
14662 tid_conf->config_override =
14663 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
14664 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
14665
14666 if (tid_conf->config_override) {
14667 if (rdev->ops->reset_tid_config) {
14668 err = rdev_reset_tid_config(rdev, dev, peer,
14669 tid_conf->tids);
14670 if (err)
14671 return err;
14672 } else {
14673 return -EINVAL;
14674 }
14675 }
14676
14677 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
14678 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
14679 tid_conf->noack =
14680 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
14681 }
14682
14683 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
14684 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
14685 tid_conf->retry_short =
14686 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
14687
14688 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
14689 return -EINVAL;
14690 }
14691
14692 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
14693 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
14694 tid_conf->retry_long =
14695 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
14696
14697 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
14698 return -EINVAL;
14699 }
14700
14701 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
14702 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
14703 tid_conf->ampdu =
14704 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
14705 }
14706
14707 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
14708 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
14709 tid_conf->rtscts =
14710 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
14711 }
14712
14713 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
14714 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
14715 tid_conf->amsdu =
14716 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
14717 }
14718
14719 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
14720 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
14721
14722 tid_conf->txrate_type = nla_get_u8(attrs[idx]);
14723
14724 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
14725 attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
14726 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
14727 &tid_conf->txrate_mask, dev,
14728 true);
14729 if (err)
14730 return err;
14731
14732 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
14733 }
14734 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
14735 }
14736
14737 if (peer)
14738 mask = rdev->wiphy.tid_config_support.peer;
14739 else
14740 mask = rdev->wiphy.tid_config_support.vif;
14741
14742 if (tid_conf->mask & ~mask) {
14743 NL_SET_ERR_MSG(extack, "unsupported TID configuration");
14744 return -ENOTSUPP;
14745 }
14746
14747 return 0;
14748}
14749
14750static int nl80211_set_tid_config(struct sk_buff *skb,
14751 struct genl_info *info)
14752{
14753 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14754 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
14755 struct net_device *dev = info->user_ptr[1];
14756 struct cfg80211_tid_config *tid_config;
14757 struct nlattr *tid;
14758 int conf_idx = 0, rem_conf;
14759 int ret = -EINVAL;
14760 u32 num_conf = 0;
14761
14762 if (!info->attrs[NL80211_ATTR_TID_CONFIG])
14763 return -EINVAL;
14764
14765 if (!rdev->ops->set_tid_config)
14766 return -EOPNOTSUPP;
14767
14768 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14769 rem_conf)
14770 num_conf++;
14771
14772 tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
14773 GFP_KERNEL);
14774 if (!tid_config)
14775 return -ENOMEM;
14776
14777 tid_config->n_tid_conf = num_conf;
14778
14779 if (info->attrs[NL80211_ATTR_MAC])
14780 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14781
14782 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14783 rem_conf) {
14784 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
14785 tid, NULL, NULL);
14786
14787 if (ret)
14788 goto bad_tid_conf;
14789
14790 ret = parse_tid_conf(rdev, attrs, dev,
14791 &tid_config->tid_conf[conf_idx],
14792 info, tid_config->peer);
14793 if (ret)
14794 goto bad_tid_conf;
14795
14796 conf_idx++;
14797 }
14798
14799 ret = rdev_set_tid_config(rdev, dev, tid_config);
14800
14801bad_tid_conf:
14802 kfree(tid_config);
14803 return ret;
14804}
14805
14806#define NL80211_FLAG_NEED_WIPHY 0x01
14807#define NL80211_FLAG_NEED_NETDEV 0x02
14808#define NL80211_FLAG_NEED_RTNL 0x04
14809#define NL80211_FLAG_CHECK_NETDEV_UP 0x08
14810#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
14811 NL80211_FLAG_CHECK_NETDEV_UP)
14812#define NL80211_FLAG_NEED_WDEV 0x10
14813
14814#define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
14815 NL80211_FLAG_CHECK_NETDEV_UP)
14816#define NL80211_FLAG_CLEAR_SKB 0x20
14817#define NL80211_FLAG_NO_WIPHY_MTX 0x40
14818
14819static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
14820 struct genl_info *info)
14821{
14822 struct cfg80211_registered_device *rdev = NULL;
14823 struct wireless_dev *wdev;
14824 struct net_device *dev;
14825
14826 rtnl_lock();
14827 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
14828 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
14829 if (IS_ERR(rdev)) {
14830 rtnl_unlock();
14831 return PTR_ERR(rdev);
14832 }
14833 info->user_ptr[0] = rdev;
14834 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
14835 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14836 wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info),
14837 info->attrs);
14838 if (IS_ERR(wdev)) {
14839 rtnl_unlock();
14840 return PTR_ERR(wdev);
14841 }
14842
14843 dev = wdev->netdev;
14844 rdev = wiphy_to_rdev(wdev->wiphy);
14845
14846 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
14847 if (!dev) {
14848 rtnl_unlock();
14849 return -EINVAL;
14850 }
14851
14852 info->user_ptr[1] = dev;
14853 } else {
14854 info->user_ptr[1] = wdev;
14855 }
14856
14857 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
14858 !wdev_running(wdev)) {
14859 rtnl_unlock();
14860 return -ENETDOWN;
14861 }
14862
14863 if (dev)
14864 dev_hold(dev);
14865
14866 info->user_ptr[0] = rdev;
14867 }
14868
14869 if (rdev && !(ops->internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
14870 wiphy_lock(&rdev->wiphy);
14871
14872 __release(&rdev->wiphy.mtx);
14873 }
14874 if (!(ops->internal_flags & NL80211_FLAG_NEED_RTNL))
14875 rtnl_unlock();
14876
14877 return 0;
14878}
14879
14880static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
14881 struct genl_info *info)
14882{
14883 if (info->user_ptr[1]) {
14884 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14885 struct wireless_dev *wdev = info->user_ptr[1];
14886
14887 if (wdev->netdev)
14888 dev_put(wdev->netdev);
14889 } else {
14890 dev_put(info->user_ptr[1]);
14891 }
14892 }
14893
14894 if (info->user_ptr[0] &&
14895 !(ops->internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
14896 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14897
14898
14899 __acquire(&rdev->wiphy.mtx);
14900 wiphy_unlock(&rdev->wiphy);
14901 }
14902
14903 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
14904 rtnl_unlock();
14905
14906
14907
14908
14909
14910
14911 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
14912 struct nlmsghdr *nlh = nlmsg_hdr(skb);
14913
14914 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
14915 }
14916}
14917
14918static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
14919 struct cfg80211_sar_specs *sar_specs,
14920 struct nlattr *spec[], int index)
14921{
14922 u32 range_index, i;
14923
14924 if (!sar_specs || !spec)
14925 return -EINVAL;
14926
14927 if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
14928 !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
14929 return -EINVAL;
14930
14931 range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
14932
14933
14934 if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
14935 return -EINVAL;
14936
14937
14938 for (i = 0; i < index; i++) {
14939 if (sar_specs->sub_specs[i].freq_range_index == range_index)
14940 return -EINVAL;
14941 }
14942
14943 sar_specs->sub_specs[index].power =
14944 nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
14945
14946 sar_specs->sub_specs[index].freq_range_index = range_index;
14947
14948 return 0;
14949}
14950
14951static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
14952{
14953 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14954 struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
14955 struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
14956 struct cfg80211_sar_specs *sar_spec;
14957 enum nl80211_sar_type type;
14958 struct nlattr *spec_list;
14959 u32 specs;
14960 int rem, err;
14961
14962 if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
14963 return -EOPNOTSUPP;
14964
14965 if (!info->attrs[NL80211_ATTR_SAR_SPEC])
14966 return -EINVAL;
14967
14968 nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
14969 info->attrs[NL80211_ATTR_SAR_SPEC],
14970 NULL, NULL);
14971
14972 if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
14973 return -EINVAL;
14974
14975 type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
14976 if (type != rdev->wiphy.sar_capa->type)
14977 return -EINVAL;
14978
14979 specs = 0;
14980 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
14981 specs++;
14982
14983 if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
14984 return -EINVAL;
14985
14986 sar_spec = kzalloc(sizeof(*sar_spec) +
14987 specs * sizeof(struct cfg80211_sar_sub_specs),
14988 GFP_KERNEL);
14989 if (!sar_spec)
14990 return -ENOMEM;
14991
14992 sar_spec->type = type;
14993 specs = 0;
14994 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
14995 nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
14996 spec_list, NULL, NULL);
14997
14998 switch (type) {
14999 case NL80211_SAR_TYPE_POWER:
15000 if (nl80211_set_sar_sub_specs(rdev, sar_spec,
15001 spec, specs)) {
15002 err = -EINVAL;
15003 goto error;
15004 }
15005 break;
15006 default:
15007 err = -EINVAL;
15008 goto error;
15009 }
15010 specs++;
15011 }
15012
15013 sar_spec->num_sub_specs = specs;
15014
15015 rdev->cur_cmd_info = info;
15016 err = rdev_set_sar_specs(rdev, sar_spec);
15017 rdev->cur_cmd_info = NULL;
15018error:
15019 kfree(sar_spec);
15020 return err;
15021}
15022
15023static const struct genl_ops nl80211_ops[] = {
15024 {
15025 .cmd = NL80211_CMD_GET_WIPHY,
15026 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15027 .doit = nl80211_get_wiphy,
15028 .dumpit = nl80211_dump_wiphy,
15029 .done = nl80211_dump_wiphy_done,
15030
15031 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15032 },
15033};
15034
15035static const struct genl_small_ops nl80211_small_ops[] = {
15036 {
15037 .cmd = NL80211_CMD_SET_WIPHY,
15038 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15039 .doit = nl80211_set_wiphy,
15040 .flags = GENL_UNS_ADMIN_PERM,
15041 },
15042 {
15043 .cmd = NL80211_CMD_GET_INTERFACE,
15044 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15045 .doit = nl80211_get_interface,
15046 .dumpit = nl80211_dump_interface,
15047
15048 .internal_flags = NL80211_FLAG_NEED_WDEV,
15049 },
15050 {
15051 .cmd = NL80211_CMD_SET_INTERFACE,
15052 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15053 .doit = nl80211_set_interface,
15054 .flags = GENL_UNS_ADMIN_PERM,
15055 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15056 NL80211_FLAG_NEED_RTNL,
15057 },
15058 {
15059 .cmd = NL80211_CMD_NEW_INTERFACE,
15060 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15061 .doit = nl80211_new_interface,
15062 .flags = GENL_UNS_ADMIN_PERM,
15063 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15064 NL80211_FLAG_NEED_RTNL |
15065
15066 NL80211_FLAG_NO_WIPHY_MTX,
15067 },
15068 {
15069 .cmd = NL80211_CMD_DEL_INTERFACE,
15070 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15071 .doit = nl80211_del_interface,
15072 .flags = GENL_UNS_ADMIN_PERM,
15073 .internal_flags = NL80211_FLAG_NEED_WDEV |
15074 NL80211_FLAG_NEED_RTNL,
15075 },
15076 {
15077 .cmd = NL80211_CMD_GET_KEY,
15078 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15079 .doit = nl80211_get_key,
15080 .flags = GENL_UNS_ADMIN_PERM,
15081 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15082 },
15083 {
15084 .cmd = NL80211_CMD_SET_KEY,
15085 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15086 .doit = nl80211_set_key,
15087 .flags = GENL_UNS_ADMIN_PERM,
15088 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15089 NL80211_FLAG_CLEAR_SKB,
15090 },
15091 {
15092 .cmd = NL80211_CMD_NEW_KEY,
15093 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15094 .doit = nl80211_new_key,
15095 .flags = GENL_UNS_ADMIN_PERM,
15096 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15097 NL80211_FLAG_CLEAR_SKB,
15098 },
15099 {
15100 .cmd = NL80211_CMD_DEL_KEY,
15101 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15102 .doit = nl80211_del_key,
15103 .flags = GENL_UNS_ADMIN_PERM,
15104 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15105 },
15106 {
15107 .cmd = NL80211_CMD_SET_BEACON,
15108 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15109 .flags = GENL_UNS_ADMIN_PERM,
15110 .doit = nl80211_set_beacon,
15111 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15112 },
15113 {
15114 .cmd = NL80211_CMD_START_AP,
15115 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15116 .flags = GENL_UNS_ADMIN_PERM,
15117 .doit = nl80211_start_ap,
15118 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15119 },
15120 {
15121 .cmd = NL80211_CMD_STOP_AP,
15122 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15123 .flags = GENL_UNS_ADMIN_PERM,
15124 .doit = nl80211_stop_ap,
15125 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15126 },
15127 {
15128 .cmd = NL80211_CMD_GET_STATION,
15129 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15130 .doit = nl80211_get_station,
15131 .dumpit = nl80211_dump_station,
15132 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15133 },
15134 {
15135 .cmd = NL80211_CMD_SET_STATION,
15136 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15137 .doit = nl80211_set_station,
15138 .flags = GENL_UNS_ADMIN_PERM,
15139 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15140 },
15141 {
15142 .cmd = NL80211_CMD_NEW_STATION,
15143 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15144 .doit = nl80211_new_station,
15145 .flags = GENL_UNS_ADMIN_PERM,
15146 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15147 },
15148 {
15149 .cmd = NL80211_CMD_DEL_STATION,
15150 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15151 .doit = nl80211_del_station,
15152 .flags = GENL_UNS_ADMIN_PERM,
15153 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15154 },
15155 {
15156 .cmd = NL80211_CMD_GET_MPATH,
15157 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15158 .doit = nl80211_get_mpath,
15159 .dumpit = nl80211_dump_mpath,
15160 .flags = GENL_UNS_ADMIN_PERM,
15161 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15162 },
15163 {
15164 .cmd = NL80211_CMD_GET_MPP,
15165 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15166 .doit = nl80211_get_mpp,
15167 .dumpit = nl80211_dump_mpp,
15168 .flags = GENL_UNS_ADMIN_PERM,
15169 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15170 },
15171 {
15172 .cmd = NL80211_CMD_SET_MPATH,
15173 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15174 .doit = nl80211_set_mpath,
15175 .flags = GENL_UNS_ADMIN_PERM,
15176 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15177 },
15178 {
15179 .cmd = NL80211_CMD_NEW_MPATH,
15180 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15181 .doit = nl80211_new_mpath,
15182 .flags = GENL_UNS_ADMIN_PERM,
15183 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15184 },
15185 {
15186 .cmd = NL80211_CMD_DEL_MPATH,
15187 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15188 .doit = nl80211_del_mpath,
15189 .flags = GENL_UNS_ADMIN_PERM,
15190 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15191 },
15192 {
15193 .cmd = NL80211_CMD_SET_BSS,
15194 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15195 .doit = nl80211_set_bss,
15196 .flags = GENL_UNS_ADMIN_PERM,
15197 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15198 },
15199 {
15200 .cmd = NL80211_CMD_GET_REG,
15201 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15202 .doit = nl80211_get_reg_do,
15203 .dumpit = nl80211_get_reg_dump,
15204 .internal_flags = 0,
15205
15206 },
15207#ifdef CONFIG_CFG80211_CRDA_SUPPORT
15208 {
15209 .cmd = NL80211_CMD_SET_REG,
15210 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15211 .doit = nl80211_set_reg,
15212 .flags = GENL_ADMIN_PERM,
15213 .internal_flags = 0,
15214 },
15215#endif
15216 {
15217 .cmd = NL80211_CMD_REQ_SET_REG,
15218 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15219 .doit = nl80211_req_set_reg,
15220 .flags = GENL_ADMIN_PERM,
15221 },
15222 {
15223 .cmd = NL80211_CMD_RELOAD_REGDB,
15224 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15225 .doit = nl80211_reload_regdb,
15226 .flags = GENL_ADMIN_PERM,
15227 },
15228 {
15229 .cmd = NL80211_CMD_GET_MESH_CONFIG,
15230 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15231 .doit = nl80211_get_mesh_config,
15232
15233 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15234 },
15235 {
15236 .cmd = NL80211_CMD_SET_MESH_CONFIG,
15237 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15238 .doit = nl80211_update_mesh_config,
15239 .flags = GENL_UNS_ADMIN_PERM,
15240 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15241 },
15242 {
15243 .cmd = NL80211_CMD_TRIGGER_SCAN,
15244 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15245 .doit = nl80211_trigger_scan,
15246 .flags = GENL_UNS_ADMIN_PERM,
15247 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15248 },
15249 {
15250 .cmd = NL80211_CMD_ABORT_SCAN,
15251 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15252 .doit = nl80211_abort_scan,
15253 .flags = GENL_UNS_ADMIN_PERM,
15254 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15255 },
15256 {
15257 .cmd = NL80211_CMD_GET_SCAN,
15258 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15259 .dumpit = nl80211_dump_scan,
15260 },
15261 {
15262 .cmd = NL80211_CMD_START_SCHED_SCAN,
15263 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15264 .doit = nl80211_start_sched_scan,
15265 .flags = GENL_UNS_ADMIN_PERM,
15266 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15267 },
15268 {
15269 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
15270 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15271 .doit = nl80211_stop_sched_scan,
15272 .flags = GENL_UNS_ADMIN_PERM,
15273 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15274 },
15275 {
15276 .cmd = NL80211_CMD_AUTHENTICATE,
15277 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15278 .doit = nl80211_authenticate,
15279 .flags = GENL_UNS_ADMIN_PERM,
15280 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15281 0 |
15282 NL80211_FLAG_CLEAR_SKB,
15283 },
15284 {
15285 .cmd = NL80211_CMD_ASSOCIATE,
15286 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15287 .doit = nl80211_associate,
15288 .flags = GENL_UNS_ADMIN_PERM,
15289 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15290 0 |
15291 NL80211_FLAG_CLEAR_SKB,
15292 },
15293 {
15294 .cmd = NL80211_CMD_DEAUTHENTICATE,
15295 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15296 .doit = nl80211_deauthenticate,
15297 .flags = GENL_UNS_ADMIN_PERM,
15298 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15299 },
15300 {
15301 .cmd = NL80211_CMD_DISASSOCIATE,
15302 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15303 .doit = nl80211_disassociate,
15304 .flags = GENL_UNS_ADMIN_PERM,
15305 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15306 },
15307 {
15308 .cmd = NL80211_CMD_JOIN_IBSS,
15309 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15310 .doit = nl80211_join_ibss,
15311 .flags = GENL_UNS_ADMIN_PERM,
15312 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15313 },
15314 {
15315 .cmd = NL80211_CMD_LEAVE_IBSS,
15316 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15317 .doit = nl80211_leave_ibss,
15318 .flags = GENL_UNS_ADMIN_PERM,
15319 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15320 },
15321#ifdef CONFIG_NL80211_TESTMODE
15322 {
15323 .cmd = NL80211_CMD_TESTMODE,
15324 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15325 .doit = nl80211_testmode_do,
15326 .dumpit = nl80211_testmode_dump,
15327 .flags = GENL_UNS_ADMIN_PERM,
15328 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15329 },
15330#endif
15331 {
15332 .cmd = NL80211_CMD_CONNECT,
15333 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15334 .doit = nl80211_connect,
15335 .flags = GENL_UNS_ADMIN_PERM,
15336 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15337 0 |
15338 NL80211_FLAG_CLEAR_SKB,
15339 },
15340 {
15341 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
15342 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15343 .doit = nl80211_update_connect_params,
15344 .flags = GENL_ADMIN_PERM,
15345 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15346 0 |
15347 NL80211_FLAG_CLEAR_SKB,
15348 },
15349 {
15350 .cmd = NL80211_CMD_DISCONNECT,
15351 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15352 .doit = nl80211_disconnect,
15353 .flags = GENL_UNS_ADMIN_PERM,
15354 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15355 },
15356 {
15357 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
15358 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15359 .doit = nl80211_wiphy_netns,
15360 .flags = GENL_UNS_ADMIN_PERM,
15361 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15362 NL80211_FLAG_NEED_RTNL |
15363 NL80211_FLAG_NO_WIPHY_MTX,
15364 },
15365 {
15366 .cmd = NL80211_CMD_GET_SURVEY,
15367 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15368 .dumpit = nl80211_dump_survey,
15369 },
15370 {
15371 .cmd = NL80211_CMD_SET_PMKSA,
15372 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15373 .doit = nl80211_setdel_pmksa,
15374 .flags = GENL_UNS_ADMIN_PERM,
15375 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15376 0 |
15377 NL80211_FLAG_CLEAR_SKB,
15378 },
15379 {
15380 .cmd = NL80211_CMD_DEL_PMKSA,
15381 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15382 .doit = nl80211_setdel_pmksa,
15383 .flags = GENL_UNS_ADMIN_PERM,
15384 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15385 },
15386 {
15387 .cmd = NL80211_CMD_FLUSH_PMKSA,
15388 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15389 .doit = nl80211_flush_pmksa,
15390 .flags = GENL_UNS_ADMIN_PERM,
15391 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15392 },
15393 {
15394 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
15395 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15396 .doit = nl80211_remain_on_channel,
15397 .flags = GENL_UNS_ADMIN_PERM,
15398 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15399 },
15400 {
15401 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15402 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15403 .doit = nl80211_cancel_remain_on_channel,
15404 .flags = GENL_UNS_ADMIN_PERM,
15405 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15406 },
15407 {
15408 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
15409 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15410 .doit = nl80211_set_tx_bitrate_mask,
15411 .flags = GENL_UNS_ADMIN_PERM,
15412 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15413 },
15414 {
15415 .cmd = NL80211_CMD_REGISTER_FRAME,
15416 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15417 .doit = nl80211_register_mgmt,
15418 .flags = GENL_UNS_ADMIN_PERM,
15419 .internal_flags = NL80211_FLAG_NEED_WDEV,
15420 },
15421 {
15422 .cmd = NL80211_CMD_FRAME,
15423 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15424 .doit = nl80211_tx_mgmt,
15425 .flags = GENL_UNS_ADMIN_PERM,
15426 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15427 },
15428 {
15429 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
15430 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15431 .doit = nl80211_tx_mgmt_cancel_wait,
15432 .flags = GENL_UNS_ADMIN_PERM,
15433 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15434 },
15435 {
15436 .cmd = NL80211_CMD_SET_POWER_SAVE,
15437 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15438 .doit = nl80211_set_power_save,
15439 .flags = GENL_UNS_ADMIN_PERM,
15440 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15441 },
15442 {
15443 .cmd = NL80211_CMD_GET_POWER_SAVE,
15444 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15445 .doit = nl80211_get_power_save,
15446
15447 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15448 },
15449 {
15450 .cmd = NL80211_CMD_SET_CQM,
15451 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15452 .doit = nl80211_set_cqm,
15453 .flags = GENL_UNS_ADMIN_PERM,
15454 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15455 },
15456 {
15457 .cmd = NL80211_CMD_SET_CHANNEL,
15458 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15459 .doit = nl80211_set_channel,
15460 .flags = GENL_UNS_ADMIN_PERM,
15461 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15462 },
15463 {
15464 .cmd = NL80211_CMD_JOIN_MESH,
15465 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15466 .doit = nl80211_join_mesh,
15467 .flags = GENL_UNS_ADMIN_PERM,
15468 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15469 },
15470 {
15471 .cmd = NL80211_CMD_LEAVE_MESH,
15472 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15473 .doit = nl80211_leave_mesh,
15474 .flags = GENL_UNS_ADMIN_PERM,
15475 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15476 },
15477 {
15478 .cmd = NL80211_CMD_JOIN_OCB,
15479 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15480 .doit = nl80211_join_ocb,
15481 .flags = GENL_UNS_ADMIN_PERM,
15482 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15483 },
15484 {
15485 .cmd = NL80211_CMD_LEAVE_OCB,
15486 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15487 .doit = nl80211_leave_ocb,
15488 .flags = GENL_UNS_ADMIN_PERM,
15489 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15490 },
15491#ifdef CONFIG_PM
15492 {
15493 .cmd = NL80211_CMD_GET_WOWLAN,
15494 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15495 .doit = nl80211_get_wowlan,
15496
15497 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15498 },
15499 {
15500 .cmd = NL80211_CMD_SET_WOWLAN,
15501 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15502 .doit = nl80211_set_wowlan,
15503 .flags = GENL_UNS_ADMIN_PERM,
15504 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15505 },
15506#endif
15507 {
15508 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
15509 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15510 .doit = nl80211_set_rekey_data,
15511 .flags = GENL_UNS_ADMIN_PERM,
15512 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15513 0 |
15514 NL80211_FLAG_CLEAR_SKB,
15515 },
15516 {
15517 .cmd = NL80211_CMD_TDLS_MGMT,
15518 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15519 .doit = nl80211_tdls_mgmt,
15520 .flags = GENL_UNS_ADMIN_PERM,
15521 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15522 },
15523 {
15524 .cmd = NL80211_CMD_TDLS_OPER,
15525 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15526 .doit = nl80211_tdls_oper,
15527 .flags = GENL_UNS_ADMIN_PERM,
15528 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15529 },
15530 {
15531 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
15532 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15533 .doit = nl80211_register_unexpected_frame,
15534 .flags = GENL_UNS_ADMIN_PERM,
15535 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15536 },
15537 {
15538 .cmd = NL80211_CMD_PROBE_CLIENT,
15539 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15540 .doit = nl80211_probe_client,
15541 .flags = GENL_UNS_ADMIN_PERM,
15542 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15543 },
15544 {
15545 .cmd = NL80211_CMD_REGISTER_BEACONS,
15546 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15547 .doit = nl80211_register_beacons,
15548 .flags = GENL_UNS_ADMIN_PERM,
15549 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15550 },
15551 {
15552 .cmd = NL80211_CMD_SET_NOACK_MAP,
15553 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15554 .doit = nl80211_set_noack_map,
15555 .flags = GENL_UNS_ADMIN_PERM,
15556 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15557 },
15558 {
15559 .cmd = NL80211_CMD_START_P2P_DEVICE,
15560 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15561 .doit = nl80211_start_p2p_device,
15562 .flags = GENL_UNS_ADMIN_PERM,
15563 .internal_flags = NL80211_FLAG_NEED_WDEV |
15564 NL80211_FLAG_NEED_RTNL,
15565 },
15566 {
15567 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
15568 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15569 .doit = nl80211_stop_p2p_device,
15570 .flags = GENL_UNS_ADMIN_PERM,
15571 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15572 NL80211_FLAG_NEED_RTNL,
15573 },
15574 {
15575 .cmd = NL80211_CMD_START_NAN,
15576 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15577 .doit = nl80211_start_nan,
15578 .flags = GENL_ADMIN_PERM,
15579 .internal_flags = NL80211_FLAG_NEED_WDEV |
15580 NL80211_FLAG_NEED_RTNL,
15581 },
15582 {
15583 .cmd = NL80211_CMD_STOP_NAN,
15584 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15585 .doit = nl80211_stop_nan,
15586 .flags = GENL_ADMIN_PERM,
15587 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15588 NL80211_FLAG_NEED_RTNL,
15589 },
15590 {
15591 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
15592 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15593 .doit = nl80211_nan_add_func,
15594 .flags = GENL_ADMIN_PERM,
15595 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15596 },
15597 {
15598 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
15599 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15600 .doit = nl80211_nan_del_func,
15601 .flags = GENL_ADMIN_PERM,
15602 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15603 },
15604 {
15605 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
15606 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15607 .doit = nl80211_nan_change_config,
15608 .flags = GENL_ADMIN_PERM,
15609 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15610 },
15611 {
15612 .cmd = NL80211_CMD_SET_MCAST_RATE,
15613 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15614 .doit = nl80211_set_mcast_rate,
15615 .flags = GENL_UNS_ADMIN_PERM,
15616 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15617 },
15618 {
15619 .cmd = NL80211_CMD_SET_MAC_ACL,
15620 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15621 .doit = nl80211_set_mac_acl,
15622 .flags = GENL_UNS_ADMIN_PERM,
15623 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15624 },
15625 {
15626 .cmd = NL80211_CMD_RADAR_DETECT,
15627 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15628 .doit = nl80211_start_radar_detection,
15629 .flags = GENL_UNS_ADMIN_PERM,
15630 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15631 },
15632 {
15633 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
15634 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15635 .doit = nl80211_get_protocol_features,
15636 },
15637 {
15638 .cmd = NL80211_CMD_UPDATE_FT_IES,
15639 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15640 .doit = nl80211_update_ft_ies,
15641 .flags = GENL_UNS_ADMIN_PERM,
15642 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15643 },
15644 {
15645 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
15646 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15647 .doit = nl80211_crit_protocol_start,
15648 .flags = GENL_UNS_ADMIN_PERM,
15649 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15650 },
15651 {
15652 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
15653 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15654 .doit = nl80211_crit_protocol_stop,
15655 .flags = GENL_UNS_ADMIN_PERM,
15656 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15657 },
15658 {
15659 .cmd = NL80211_CMD_GET_COALESCE,
15660 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15661 .doit = nl80211_get_coalesce,
15662 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15663 },
15664 {
15665 .cmd = NL80211_CMD_SET_COALESCE,
15666 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15667 .doit = nl80211_set_coalesce,
15668 .flags = GENL_UNS_ADMIN_PERM,
15669 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15670 },
15671 {
15672 .cmd = NL80211_CMD_CHANNEL_SWITCH,
15673 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15674 .doit = nl80211_channel_switch,
15675 .flags = GENL_UNS_ADMIN_PERM,
15676 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15677 },
15678 {
15679 .cmd = NL80211_CMD_VENDOR,
15680 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15681 .doit = nl80211_vendor_cmd,
15682 .dumpit = nl80211_vendor_cmd_dump,
15683 .flags = GENL_UNS_ADMIN_PERM,
15684 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15685 0 |
15686 NL80211_FLAG_CLEAR_SKB,
15687 },
15688 {
15689 .cmd = NL80211_CMD_SET_QOS_MAP,
15690 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15691 .doit = nl80211_set_qos_map,
15692 .flags = GENL_UNS_ADMIN_PERM,
15693 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15694 },
15695 {
15696 .cmd = NL80211_CMD_ADD_TX_TS,
15697 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15698 .doit = nl80211_add_tx_ts,
15699 .flags = GENL_UNS_ADMIN_PERM,
15700 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15701 },
15702 {
15703 .cmd = NL80211_CMD_DEL_TX_TS,
15704 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15705 .doit = nl80211_del_tx_ts,
15706 .flags = GENL_UNS_ADMIN_PERM,
15707 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15708 },
15709 {
15710 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
15711 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15712 .doit = nl80211_tdls_channel_switch,
15713 .flags = GENL_UNS_ADMIN_PERM,
15714 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15715 },
15716 {
15717 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
15718 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15719 .doit = nl80211_tdls_cancel_channel_switch,
15720 .flags = GENL_UNS_ADMIN_PERM,
15721 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15722 },
15723 {
15724 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
15725 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15726 .doit = nl80211_set_multicast_to_unicast,
15727 .flags = GENL_UNS_ADMIN_PERM,
15728 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15729 },
15730 {
15731 .cmd = NL80211_CMD_SET_PMK,
15732 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15733 .doit = nl80211_set_pmk,
15734 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15735 0 |
15736 NL80211_FLAG_CLEAR_SKB,
15737 },
15738 {
15739 .cmd = NL80211_CMD_DEL_PMK,
15740 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15741 .doit = nl80211_del_pmk,
15742 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15743 },
15744 {
15745 .cmd = NL80211_CMD_EXTERNAL_AUTH,
15746 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15747 .doit = nl80211_external_auth,
15748 .flags = GENL_ADMIN_PERM,
15749 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15750 },
15751 {
15752 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
15753 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15754 .doit = nl80211_tx_control_port,
15755 .flags = GENL_UNS_ADMIN_PERM,
15756 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15757 },
15758 {
15759 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
15760 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15761 .doit = nl80211_get_ftm_responder_stats,
15762 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15763 },
15764 {
15765 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
15766 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15767 .doit = nl80211_pmsr_start,
15768 .flags = GENL_UNS_ADMIN_PERM,
15769 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15770 },
15771 {
15772 .cmd = NL80211_CMD_NOTIFY_RADAR,
15773 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15774 .doit = nl80211_notify_radar_detection,
15775 .flags = GENL_UNS_ADMIN_PERM,
15776 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15777 },
15778 {
15779 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
15780 .doit = nl80211_update_owe_info,
15781 .flags = GENL_ADMIN_PERM,
15782 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15783 },
15784 {
15785 .cmd = NL80211_CMD_PROBE_MESH_LINK,
15786 .doit = nl80211_probe_mesh_link,
15787 .flags = GENL_UNS_ADMIN_PERM,
15788 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15789 },
15790 {
15791 .cmd = NL80211_CMD_SET_TID_CONFIG,
15792 .doit = nl80211_set_tid_config,
15793 .flags = GENL_UNS_ADMIN_PERM,
15794 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15795 },
15796 {
15797 .cmd = NL80211_CMD_SET_SAR_SPECS,
15798 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15799 .doit = nl80211_set_sar_specs,
15800 .flags = GENL_UNS_ADMIN_PERM,
15801 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15802 NL80211_FLAG_NEED_RTNL,
15803 },
15804};
15805
15806static struct genl_family nl80211_fam __ro_after_init = {
15807 .name = NL80211_GENL_NAME,
15808 .hdrsize = 0,
15809 .version = 1,
15810 .maxattr = NL80211_ATTR_MAX,
15811 .policy = nl80211_policy,
15812 .netnsok = true,
15813 .pre_doit = nl80211_pre_doit,
15814 .post_doit = nl80211_post_doit,
15815 .module = THIS_MODULE,
15816 .ops = nl80211_ops,
15817 .n_ops = ARRAY_SIZE(nl80211_ops),
15818 .small_ops = nl80211_small_ops,
15819 .n_small_ops = ARRAY_SIZE(nl80211_small_ops),
15820 .mcgrps = nl80211_mcgrps,
15821 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
15822 .parallel_ops = true,
15823};
15824
15825
15826
15827void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
15828 enum nl80211_commands cmd)
15829{
15830 struct sk_buff *msg;
15831 struct nl80211_dump_wiphy_state state = {};
15832
15833 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
15834 cmd != NL80211_CMD_DEL_WIPHY);
15835
15836 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15837 if (!msg)
15838 return;
15839
15840 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
15841 nlmsg_free(msg);
15842 return;
15843 }
15844
15845 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15846 NL80211_MCGRP_CONFIG, GFP_KERNEL);
15847}
15848
15849void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
15850 struct wireless_dev *wdev,
15851 enum nl80211_commands cmd)
15852{
15853 struct sk_buff *msg;
15854
15855 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15856 if (!msg)
15857 return;
15858
15859 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
15860 nlmsg_free(msg);
15861 return;
15862 }
15863
15864 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15865 NL80211_MCGRP_CONFIG, GFP_KERNEL);
15866}
15867
15868static int nl80211_add_scan_req(struct sk_buff *msg,
15869 struct cfg80211_registered_device *rdev)
15870{
15871 struct cfg80211_scan_request *req = rdev->scan_req;
15872 struct nlattr *nest;
15873 int i;
15874 struct cfg80211_scan_info *info;
15875
15876 if (WARN_ON(!req))
15877 return 0;
15878
15879 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
15880 if (!nest)
15881 goto nla_put_failure;
15882 for (i = 0; i < req->n_ssids; i++) {
15883 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
15884 goto nla_put_failure;
15885 }
15886 nla_nest_end(msg, nest);
15887
15888 if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
15889 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
15890 if (!nest)
15891 goto nla_put_failure;
15892 for (i = 0; i < req->n_channels; i++) {
15893 if (nla_put_u32(msg, i,
15894 ieee80211_channel_to_khz(req->channels[i])))
15895 goto nla_put_failure;
15896 }
15897 nla_nest_end(msg, nest);
15898 } else {
15899 nest = nla_nest_start_noflag(msg,
15900 NL80211_ATTR_SCAN_FREQUENCIES);
15901 if (!nest)
15902 goto nla_put_failure;
15903 for (i = 0; i < req->n_channels; i++) {
15904 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
15905 goto nla_put_failure;
15906 }
15907 nla_nest_end(msg, nest);
15908 }
15909
15910 if (req->ie &&
15911 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
15912 goto nla_put_failure;
15913
15914 if (req->flags &&
15915 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
15916 goto nla_put_failure;
15917
15918 info = rdev->int_scan_req ? &rdev->int_scan_req->info :
15919 &rdev->scan_req->info;
15920 if (info->scan_start_tsf &&
15921 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
15922 info->scan_start_tsf, NL80211_BSS_PAD) ||
15923 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
15924 info->tsf_bssid)))
15925 goto nla_put_failure;
15926
15927 return 0;
15928 nla_put_failure:
15929 return -ENOBUFS;
15930}
15931
15932static int nl80211_prep_scan_msg(struct sk_buff *msg,
15933 struct cfg80211_registered_device *rdev,
15934 struct wireless_dev *wdev,
15935 u32 portid, u32 seq, int flags,
15936 u32 cmd)
15937{
15938 void *hdr;
15939
15940 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
15941 if (!hdr)
15942 return -1;
15943
15944 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15945 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15946 wdev->netdev->ifindex)) ||
15947 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15948 NL80211_ATTR_PAD))
15949 goto nla_put_failure;
15950
15951
15952 nl80211_add_scan_req(msg, rdev);
15953
15954 genlmsg_end(msg, hdr);
15955 return 0;
15956
15957 nla_put_failure:
15958 genlmsg_cancel(msg, hdr);
15959 return -EMSGSIZE;
15960}
15961
15962static int
15963nl80211_prep_sched_scan_msg(struct sk_buff *msg,
15964 struct cfg80211_sched_scan_request *req, u32 cmd)
15965{
15966 void *hdr;
15967
15968 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15969 if (!hdr)
15970 return -1;
15971
15972 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
15973 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
15974 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
15975 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
15976 NL80211_ATTR_PAD))
15977 goto nla_put_failure;
15978
15979 genlmsg_end(msg, hdr);
15980 return 0;
15981
15982 nla_put_failure:
15983 genlmsg_cancel(msg, hdr);
15984 return -EMSGSIZE;
15985}
15986
15987void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
15988 struct wireless_dev *wdev)
15989{
15990 struct sk_buff *msg;
15991
15992 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15993 if (!msg)
15994 return;
15995
15996 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
15997 NL80211_CMD_TRIGGER_SCAN) < 0) {
15998 nlmsg_free(msg);
15999 return;
16000 }
16001
16002 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16003 NL80211_MCGRP_SCAN, GFP_KERNEL);
16004}
16005
16006struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
16007 struct wireless_dev *wdev, bool aborted)
16008{
16009 struct sk_buff *msg;
16010
16011 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16012 if (!msg)
16013 return NULL;
16014
16015 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
16016 aborted ? NL80211_CMD_SCAN_ABORTED :
16017 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
16018 nlmsg_free(msg);
16019 return NULL;
16020 }
16021
16022 return msg;
16023}
16024
16025
16026void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
16027 struct sk_buff *msg)
16028{
16029 if (!msg)
16030 return;
16031
16032 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16033 NL80211_MCGRP_SCAN, GFP_KERNEL);
16034}
16035
16036void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
16037{
16038 struct sk_buff *msg;
16039
16040 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16041 if (!msg)
16042 return;
16043
16044 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
16045 nlmsg_free(msg);
16046 return;
16047 }
16048
16049 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
16050 NL80211_MCGRP_SCAN, GFP_KERNEL);
16051}
16052
16053static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
16054 struct regulatory_request *request)
16055{
16056
16057 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
16058 goto nla_put_failure;
16059
16060 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
16061 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16062 NL80211_REGDOM_TYPE_WORLD))
16063 goto nla_put_failure;
16064 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
16065 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16066 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
16067 goto nla_put_failure;
16068 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
16069 request->intersect) {
16070 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16071 NL80211_REGDOM_TYPE_INTERSECTION))
16072 goto nla_put_failure;
16073 } else {
16074 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16075 NL80211_REGDOM_TYPE_COUNTRY) ||
16076 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
16077 request->alpha2))
16078 goto nla_put_failure;
16079 }
16080
16081 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
16082 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
16083
16084 if (wiphy &&
16085 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
16086 goto nla_put_failure;
16087
16088 if (wiphy &&
16089 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
16090 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
16091 goto nla_put_failure;
16092 }
16093
16094 return true;
16095
16096nla_put_failure:
16097 return false;
16098}
16099
16100
16101
16102
16103
16104void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
16105 struct regulatory_request *request)
16106{
16107 struct sk_buff *msg;
16108 void *hdr;
16109
16110 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16111 if (!msg)
16112 return;
16113
16114 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
16115 if (!hdr)
16116 goto nla_put_failure;
16117
16118 if (!nl80211_reg_change_event_fill(msg, request))
16119 goto nla_put_failure;
16120
16121 genlmsg_end(msg, hdr);
16122
16123 rcu_read_lock();
16124 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
16125 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
16126 rcu_read_unlock();
16127
16128 return;
16129
16130nla_put_failure:
16131 nlmsg_free(msg);
16132}
16133
16134static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
16135 struct net_device *netdev,
16136 const u8 *buf, size_t len,
16137 enum nl80211_commands cmd, gfp_t gfp,
16138 int uapsd_queues, const u8 *req_ies,
16139 size_t req_ies_len, bool reconnect)
16140{
16141 struct sk_buff *msg;
16142 void *hdr;
16143
16144 msg = nlmsg_new(100 + len + req_ies_len, gfp);
16145 if (!msg)
16146 return;
16147
16148 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16149 if (!hdr) {
16150 nlmsg_free(msg);
16151 return;
16152 }
16153
16154 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16155 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16156 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16157 (req_ies &&
16158 nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
16159 goto nla_put_failure;
16160
16161 if (reconnect && nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED))
16162 goto nla_put_failure;
16163
16164 if (uapsd_queues >= 0) {
16165 struct nlattr *nla_wmm =
16166 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
16167 if (!nla_wmm)
16168 goto nla_put_failure;
16169
16170 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
16171 uapsd_queues))
16172 goto nla_put_failure;
16173
16174 nla_nest_end(msg, nla_wmm);
16175 }
16176
16177 genlmsg_end(msg, hdr);
16178
16179 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16180 NL80211_MCGRP_MLME, gfp);
16181 return;
16182
16183 nla_put_failure:
16184 nlmsg_free(msg);
16185}
16186
16187void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
16188 struct net_device *netdev, const u8 *buf,
16189 size_t len, gfp_t gfp)
16190{
16191 nl80211_send_mlme_event(rdev, netdev, buf, len,
16192 NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0,
16193 false);
16194}
16195
16196void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
16197 struct net_device *netdev, const u8 *buf,
16198 size_t len, gfp_t gfp, int uapsd_queues,
16199 const u8 *req_ies, size_t req_ies_len)
16200{
16201 nl80211_send_mlme_event(rdev, netdev, buf, len,
16202 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
16203 req_ies, req_ies_len, false);
16204}
16205
16206void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
16207 struct net_device *netdev, const u8 *buf,
16208 size_t len, bool reconnect, gfp_t gfp)
16209{
16210 nl80211_send_mlme_event(rdev, netdev, buf, len,
16211 NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0,
16212 reconnect);
16213}
16214
16215void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
16216 struct net_device *netdev, const u8 *buf,
16217 size_t len, bool reconnect, gfp_t gfp)
16218{
16219 nl80211_send_mlme_event(rdev, netdev, buf, len,
16220 NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0,
16221 reconnect);
16222}
16223
16224void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
16225 size_t len)
16226{
16227 struct wireless_dev *wdev = dev->ieee80211_ptr;
16228 struct wiphy *wiphy = wdev->wiphy;
16229 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16230 const struct ieee80211_mgmt *mgmt = (void *)buf;
16231 u32 cmd;
16232
16233 if (WARN_ON(len < 2))
16234 return;
16235
16236 if (ieee80211_is_deauth(mgmt->frame_control)) {
16237 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
16238 } else if (ieee80211_is_disassoc(mgmt->frame_control)) {
16239 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
16240 } else if (ieee80211_is_beacon(mgmt->frame_control)) {
16241 if (wdev->unprot_beacon_reported &&
16242 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
16243 return;
16244 cmd = NL80211_CMD_UNPROT_BEACON;
16245 wdev->unprot_beacon_reported = jiffies;
16246 } else {
16247 return;
16248 }
16249
16250 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
16251 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
16252 NULL, 0, false);
16253}
16254EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
16255
16256static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
16257 struct net_device *netdev, int cmd,
16258 const u8 *addr, gfp_t gfp)
16259{
16260 struct sk_buff *msg;
16261 void *hdr;
16262
16263 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16264 if (!msg)
16265 return;
16266
16267 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16268 if (!hdr) {
16269 nlmsg_free(msg);
16270 return;
16271 }
16272
16273 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16274 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16275 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
16276 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
16277 goto nla_put_failure;
16278
16279 genlmsg_end(msg, hdr);
16280
16281 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16282 NL80211_MCGRP_MLME, gfp);
16283 return;
16284
16285 nla_put_failure:
16286 nlmsg_free(msg);
16287}
16288
16289void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
16290 struct net_device *netdev, const u8 *addr,
16291 gfp_t gfp)
16292{
16293 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
16294 addr, gfp);
16295}
16296
16297void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
16298 struct net_device *netdev, const u8 *addr,
16299 gfp_t gfp)
16300{
16301 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
16302 addr, gfp);
16303}
16304
16305void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
16306 struct net_device *netdev,
16307 struct cfg80211_connect_resp_params *cr,
16308 gfp_t gfp)
16309{
16310 struct sk_buff *msg;
16311 void *hdr;
16312
16313 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
16314 cr->fils.kek_len + cr->fils.pmk_len +
16315 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
16316 if (!msg)
16317 return;
16318
16319 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
16320 if (!hdr) {
16321 nlmsg_free(msg);
16322 return;
16323 }
16324
16325 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16326 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16327 (cr->bssid &&
16328 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
16329 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
16330 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
16331 cr->status) ||
16332 (cr->status < 0 &&
16333 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
16334 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
16335 cr->timeout_reason))) ||
16336 (cr->req_ie &&
16337 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
16338 (cr->resp_ie &&
16339 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
16340 cr->resp_ie)) ||
16341 (cr->fils.update_erp_next_seq_num &&
16342 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
16343 cr->fils.erp_next_seq_num)) ||
16344 (cr->status == WLAN_STATUS_SUCCESS &&
16345 ((cr->fils.kek &&
16346 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
16347 cr->fils.kek)) ||
16348 (cr->fils.pmk &&
16349 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
16350 (cr->fils.pmkid &&
16351 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
16352 goto nla_put_failure;
16353
16354 genlmsg_end(msg, hdr);
16355
16356 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16357 NL80211_MCGRP_MLME, gfp);
16358 return;
16359
16360 nla_put_failure:
16361 nlmsg_free(msg);
16362}
16363
16364void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
16365 struct net_device *netdev,
16366 struct cfg80211_roam_info *info, gfp_t gfp)
16367{
16368 struct sk_buff *msg;
16369 void *hdr;
16370 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
16371
16372 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
16373 info->fils.kek_len + info->fils.pmk_len +
16374 (info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
16375 if (!msg)
16376 return;
16377
16378 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
16379 if (!hdr) {
16380 nlmsg_free(msg);
16381 return;
16382 }
16383
16384 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16385 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16386 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
16387 (info->req_ie &&
16388 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
16389 info->req_ie)) ||
16390 (info->resp_ie &&
16391 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
16392 info->resp_ie)) ||
16393 (info->fils.update_erp_next_seq_num &&
16394 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
16395 info->fils.erp_next_seq_num)) ||
16396 (info->fils.kek &&
16397 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
16398 info->fils.kek)) ||
16399 (info->fils.pmk &&
16400 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
16401 (info->fils.pmkid &&
16402 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
16403 goto nla_put_failure;
16404
16405 genlmsg_end(msg, hdr);
16406
16407 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16408 NL80211_MCGRP_MLME, gfp);
16409 return;
16410
16411 nla_put_failure:
16412 nlmsg_free(msg);
16413}
16414
16415void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
16416 struct net_device *netdev, const u8 *bssid)
16417{
16418 struct sk_buff *msg;
16419 void *hdr;
16420
16421 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16422 if (!msg)
16423 return;
16424
16425 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
16426 if (!hdr) {
16427 nlmsg_free(msg);
16428 return;
16429 }
16430
16431 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16432 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16433 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16434 goto nla_put_failure;
16435
16436 genlmsg_end(msg, hdr);
16437
16438 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16439 NL80211_MCGRP_MLME, GFP_KERNEL);
16440 return;
16441
16442 nla_put_failure:
16443 nlmsg_free(msg);
16444}
16445
16446void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
16447 struct net_device *netdev, u16 reason,
16448 const u8 *ie, size_t ie_len, bool from_ap)
16449{
16450 struct sk_buff *msg;
16451 void *hdr;
16452
16453 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
16454 if (!msg)
16455 return;
16456
16457 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
16458 if (!hdr) {
16459 nlmsg_free(msg);
16460 return;
16461 }
16462
16463 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16464 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16465 (reason &&
16466 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
16467 (from_ap &&
16468 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
16469 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
16470 goto nla_put_failure;
16471
16472 genlmsg_end(msg, hdr);
16473
16474 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16475 NL80211_MCGRP_MLME, GFP_KERNEL);
16476 return;
16477
16478 nla_put_failure:
16479 nlmsg_free(msg);
16480}
16481
16482void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
16483 struct net_device *netdev, const u8 *bssid,
16484 gfp_t gfp)
16485{
16486 struct sk_buff *msg;
16487 void *hdr;
16488
16489 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16490 if (!msg)
16491 return;
16492
16493 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
16494 if (!hdr) {
16495 nlmsg_free(msg);
16496 return;
16497 }
16498
16499 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16500 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16501 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16502 goto nla_put_failure;
16503
16504 genlmsg_end(msg, hdr);
16505
16506 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16507 NL80211_MCGRP_MLME, gfp);
16508 return;
16509
16510 nla_put_failure:
16511 nlmsg_free(msg);
16512}
16513
16514void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
16515 const u8 *ie, u8 ie_len,
16516 int sig_dbm, gfp_t gfp)
16517{
16518 struct wireless_dev *wdev = dev->ieee80211_ptr;
16519 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16520 struct sk_buff *msg;
16521 void *hdr;
16522
16523 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
16524 return;
16525
16526 trace_cfg80211_notify_new_peer_candidate(dev, addr);
16527
16528 msg = nlmsg_new(100 + ie_len, gfp);
16529 if (!msg)
16530 return;
16531
16532 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
16533 if (!hdr) {
16534 nlmsg_free(msg);
16535 return;
16536 }
16537
16538 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16539 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16540 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16541 (ie_len && ie &&
16542 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
16543 (sig_dbm &&
16544 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
16545 goto nla_put_failure;
16546
16547 genlmsg_end(msg, hdr);
16548
16549 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16550 NL80211_MCGRP_MLME, gfp);
16551 return;
16552
16553 nla_put_failure:
16554 nlmsg_free(msg);
16555}
16556EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
16557
16558void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
16559 struct net_device *netdev, const u8 *addr,
16560 enum nl80211_key_type key_type, int key_id,
16561 const u8 *tsc, gfp_t gfp)
16562{
16563 struct sk_buff *msg;
16564 void *hdr;
16565
16566 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16567 if (!msg)
16568 return;
16569
16570 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
16571 if (!hdr) {
16572 nlmsg_free(msg);
16573 return;
16574 }
16575
16576 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16577 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16578 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
16579 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
16580 (key_id != -1 &&
16581 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
16582 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
16583 goto nla_put_failure;
16584
16585 genlmsg_end(msg, hdr);
16586
16587 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16588 NL80211_MCGRP_MLME, gfp);
16589 return;
16590
16591 nla_put_failure:
16592 nlmsg_free(msg);
16593}
16594
16595void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
16596 struct ieee80211_channel *channel_before,
16597 struct ieee80211_channel *channel_after)
16598{
16599 struct sk_buff *msg;
16600 void *hdr;
16601 struct nlattr *nl_freq;
16602
16603 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
16604 if (!msg)
16605 return;
16606
16607 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
16608 if (!hdr) {
16609 nlmsg_free(msg);
16610 return;
16611 }
16612
16613
16614
16615
16616
16617 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
16618 goto nla_put_failure;
16619
16620
16621 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
16622 if (!nl_freq)
16623 goto nla_put_failure;
16624
16625 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
16626 goto nla_put_failure;
16627 nla_nest_end(msg, nl_freq);
16628
16629
16630 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
16631 if (!nl_freq)
16632 goto nla_put_failure;
16633
16634 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
16635 goto nla_put_failure;
16636 nla_nest_end(msg, nl_freq);
16637
16638 genlmsg_end(msg, hdr);
16639
16640 rcu_read_lock();
16641 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
16642 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
16643 rcu_read_unlock();
16644
16645 return;
16646
16647nla_put_failure:
16648 nlmsg_free(msg);
16649}
16650
16651static void nl80211_send_remain_on_chan_event(
16652 int cmd, struct cfg80211_registered_device *rdev,
16653 struct wireless_dev *wdev, u64 cookie,
16654 struct ieee80211_channel *chan,
16655 unsigned int duration, gfp_t gfp)
16656{
16657 struct sk_buff *msg;
16658 void *hdr;
16659
16660 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16661 if (!msg)
16662 return;
16663
16664 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16665 if (!hdr) {
16666 nlmsg_free(msg);
16667 return;
16668 }
16669
16670 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16671 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16672 wdev->netdev->ifindex)) ||
16673 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16674 NL80211_ATTR_PAD) ||
16675 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
16676 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
16677 NL80211_CHAN_NO_HT) ||
16678 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16679 NL80211_ATTR_PAD))
16680 goto nla_put_failure;
16681
16682 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
16683 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
16684 goto nla_put_failure;
16685
16686 genlmsg_end(msg, hdr);
16687
16688 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16689 NL80211_MCGRP_MLME, gfp);
16690 return;
16691
16692 nla_put_failure:
16693 nlmsg_free(msg);
16694}
16695
16696void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
16697 struct ieee80211_channel *chan,
16698 unsigned int duration, gfp_t gfp)
16699{
16700 struct wiphy *wiphy = wdev->wiphy;
16701 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16702
16703 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
16704 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
16705 rdev, wdev, cookie, chan,
16706 duration, gfp);
16707}
16708EXPORT_SYMBOL(cfg80211_ready_on_channel);
16709
16710void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
16711 struct ieee80211_channel *chan,
16712 gfp_t gfp)
16713{
16714 struct wiphy *wiphy = wdev->wiphy;
16715 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16716
16717 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
16718 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
16719 rdev, wdev, cookie, chan, 0, gfp);
16720}
16721EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
16722
16723void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
16724 struct ieee80211_channel *chan,
16725 gfp_t gfp)
16726{
16727 struct wiphy *wiphy = wdev->wiphy;
16728 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16729
16730 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
16731 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
16732 rdev, wdev, cookie, chan, 0, gfp);
16733}
16734EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
16735
16736void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
16737 struct station_info *sinfo, gfp_t gfp)
16738{
16739 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16740 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16741 struct sk_buff *msg;
16742
16743 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
16744
16745 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16746 if (!msg)
16747 return;
16748
16749 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
16750 rdev, dev, mac_addr, sinfo) < 0) {
16751 nlmsg_free(msg);
16752 return;
16753 }
16754
16755 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16756 NL80211_MCGRP_MLME, gfp);
16757}
16758EXPORT_SYMBOL(cfg80211_new_sta);
16759
16760void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
16761 struct station_info *sinfo, gfp_t gfp)
16762{
16763 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16764 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16765 struct sk_buff *msg;
16766 struct station_info empty_sinfo = {};
16767
16768 if (!sinfo)
16769 sinfo = &empty_sinfo;
16770
16771 trace_cfg80211_del_sta(dev, mac_addr);
16772
16773 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16774 if (!msg) {
16775 cfg80211_sinfo_release_content(sinfo);
16776 return;
16777 }
16778
16779 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
16780 rdev, dev, mac_addr, sinfo) < 0) {
16781 nlmsg_free(msg);
16782 return;
16783 }
16784
16785 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16786 NL80211_MCGRP_MLME, gfp);
16787}
16788EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
16789
16790void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
16791 enum nl80211_connect_failed_reason reason,
16792 gfp_t gfp)
16793{
16794 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16795 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16796 struct sk_buff *msg;
16797 void *hdr;
16798
16799 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
16800 if (!msg)
16801 return;
16802
16803 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
16804 if (!hdr) {
16805 nlmsg_free(msg);
16806 return;
16807 }
16808
16809 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16810 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
16811 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
16812 goto nla_put_failure;
16813
16814 genlmsg_end(msg, hdr);
16815
16816 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16817 NL80211_MCGRP_MLME, gfp);
16818 return;
16819
16820 nla_put_failure:
16821 nlmsg_free(msg);
16822}
16823EXPORT_SYMBOL(cfg80211_conn_failed);
16824
16825static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
16826 const u8 *addr, gfp_t gfp)
16827{
16828 struct wireless_dev *wdev = dev->ieee80211_ptr;
16829 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16830 struct sk_buff *msg;
16831 void *hdr;
16832 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
16833
16834 if (!nlportid)
16835 return false;
16836
16837 msg = nlmsg_new(100, gfp);
16838 if (!msg)
16839 return true;
16840
16841 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16842 if (!hdr) {
16843 nlmsg_free(msg);
16844 return true;
16845 }
16846
16847 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16848 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16849 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
16850 goto nla_put_failure;
16851
16852 genlmsg_end(msg, hdr);
16853 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16854 return true;
16855
16856 nla_put_failure:
16857 nlmsg_free(msg);
16858 return true;
16859}
16860
16861bool cfg80211_rx_spurious_frame(struct net_device *dev,
16862 const u8 *addr, gfp_t gfp)
16863{
16864 struct wireless_dev *wdev = dev->ieee80211_ptr;
16865 bool ret;
16866
16867 trace_cfg80211_rx_spurious_frame(dev, addr);
16868
16869 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16870 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
16871 trace_cfg80211_return_bool(false);
16872 return false;
16873 }
16874 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
16875 addr, gfp);
16876 trace_cfg80211_return_bool(ret);
16877 return ret;
16878}
16879EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
16880
16881bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
16882 const u8 *addr, gfp_t gfp)
16883{
16884 struct wireless_dev *wdev = dev->ieee80211_ptr;
16885 bool ret;
16886
16887 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
16888
16889 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16890 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
16891 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
16892 trace_cfg80211_return_bool(false);
16893 return false;
16894 }
16895 ret = __nl80211_unexpected_frame(dev,
16896 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
16897 addr, gfp);
16898 trace_cfg80211_return_bool(ret);
16899 return ret;
16900}
16901EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
16902
16903int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
16904 struct wireless_dev *wdev, u32 nlportid,
16905 int freq, int sig_dbm,
16906 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
16907{
16908 struct net_device *netdev = wdev->netdev;
16909 struct sk_buff *msg;
16910 void *hdr;
16911
16912 msg = nlmsg_new(100 + len, gfp);
16913 if (!msg)
16914 return -ENOMEM;
16915
16916 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16917 if (!hdr) {
16918 nlmsg_free(msg);
16919 return -ENOMEM;
16920 }
16921
16922 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16923 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16924 netdev->ifindex)) ||
16925 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16926 NL80211_ATTR_PAD) ||
16927 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(freq)) ||
16928 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, freq % 1000) ||
16929 (sig_dbm &&
16930 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16931 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16932 (flags &&
16933 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
16934 goto nla_put_failure;
16935
16936 genlmsg_end(msg, hdr);
16937
16938 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16939
16940 nla_put_failure:
16941 nlmsg_free(msg);
16942 return -ENOBUFS;
16943}
16944
16945static void nl80211_frame_tx_status(struct wireless_dev *wdev, u64 cookie,
16946 const u8 *buf, size_t len, bool ack,
16947 gfp_t gfp, enum nl80211_commands command)
16948{
16949 struct wiphy *wiphy = wdev->wiphy;
16950 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16951 struct net_device *netdev = wdev->netdev;
16952 struct sk_buff *msg;
16953 void *hdr;
16954
16955 if (command == NL80211_CMD_FRAME_TX_STATUS)
16956 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
16957 else
16958 trace_cfg80211_control_port_tx_status(wdev, cookie, ack);
16959
16960 msg = nlmsg_new(100 + len, gfp);
16961 if (!msg)
16962 return;
16963
16964 hdr = nl80211hdr_put(msg, 0, 0, 0, command);
16965 if (!hdr) {
16966 nlmsg_free(msg);
16967 return;
16968 }
16969
16970 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16971 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16972 netdev->ifindex)) ||
16973 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16974 NL80211_ATTR_PAD) ||
16975 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16976 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16977 NL80211_ATTR_PAD) ||
16978 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
16979 goto nla_put_failure;
16980
16981 genlmsg_end(msg, hdr);
16982
16983 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16984 NL80211_MCGRP_MLME, gfp);
16985 return;
16986
16987nla_put_failure:
16988 nlmsg_free(msg);
16989}
16990
16991void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
16992 const u8 *buf, size_t len, bool ack,
16993 gfp_t gfp)
16994{
16995 nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
16996 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
16997}
16998EXPORT_SYMBOL(cfg80211_control_port_tx_status);
16999
17000void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
17001 const u8 *buf, size_t len, bool ack, gfp_t gfp)
17002{
17003 nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
17004 NL80211_CMD_FRAME_TX_STATUS);
17005}
17006EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
17007
17008static int __nl80211_rx_control_port(struct net_device *dev,
17009 struct sk_buff *skb,
17010 bool unencrypted, gfp_t gfp)
17011{
17012 struct wireless_dev *wdev = dev->ieee80211_ptr;
17013 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17014 struct ethhdr *ehdr = eth_hdr(skb);
17015 const u8 *addr = ehdr->h_source;
17016 u16 proto = be16_to_cpu(skb->protocol);
17017 struct sk_buff *msg;
17018 void *hdr;
17019 struct nlattr *frame;
17020
17021 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
17022
17023 if (!nlportid)
17024 return -ENOENT;
17025
17026 msg = nlmsg_new(100 + skb->len, gfp);
17027 if (!msg)
17028 return -ENOMEM;
17029
17030 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
17031 if (!hdr) {
17032 nlmsg_free(msg);
17033 return -ENOBUFS;
17034 }
17035
17036 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17037 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17038 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17039 NL80211_ATTR_PAD) ||
17040 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
17041 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
17042 (unencrypted && nla_put_flag(msg,
17043 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
17044 goto nla_put_failure;
17045
17046 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
17047 if (!frame)
17048 goto nla_put_failure;
17049
17050 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
17051 genlmsg_end(msg, hdr);
17052
17053 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
17054
17055 nla_put_failure:
17056 nlmsg_free(msg);
17057 return -ENOBUFS;
17058}
17059
17060bool cfg80211_rx_control_port(struct net_device *dev,
17061 struct sk_buff *skb, bool unencrypted)
17062{
17063 int ret;
17064
17065 trace_cfg80211_rx_control_port(dev, skb, unencrypted);
17066 ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
17067 trace_cfg80211_return_bool(ret == 0);
17068 return ret == 0;
17069}
17070EXPORT_SYMBOL(cfg80211_rx_control_port);
17071
17072static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
17073 const char *mac, gfp_t gfp)
17074{
17075 struct wireless_dev *wdev = dev->ieee80211_ptr;
17076 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17077 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17078 void **cb;
17079
17080 if (!msg)
17081 return NULL;
17082
17083 cb = (void **)msg->cb;
17084
17085 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
17086 if (!cb[0]) {
17087 nlmsg_free(msg);
17088 return NULL;
17089 }
17090
17091 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17092 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
17093 goto nla_put_failure;
17094
17095 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
17096 goto nla_put_failure;
17097
17098 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
17099 if (!cb[1])
17100 goto nla_put_failure;
17101
17102 cb[2] = rdev;
17103
17104 return msg;
17105 nla_put_failure:
17106 nlmsg_free(msg);
17107 return NULL;
17108}
17109
17110static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
17111{
17112 void **cb = (void **)msg->cb;
17113 struct cfg80211_registered_device *rdev = cb[2];
17114
17115 nla_nest_end(msg, cb[1]);
17116 genlmsg_end(msg, cb[0]);
17117
17118 memset(msg->cb, 0, sizeof(msg->cb));
17119
17120 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17121 NL80211_MCGRP_MLME, gfp);
17122}
17123
17124void cfg80211_cqm_rssi_notify(struct net_device *dev,
17125 enum nl80211_cqm_rssi_threshold_event rssi_event,
17126 s32 rssi_level, gfp_t gfp)
17127{
17128 struct sk_buff *msg;
17129 struct wireless_dev *wdev = dev->ieee80211_ptr;
17130 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17131
17132 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
17133
17134 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
17135 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
17136 return;
17137
17138 if (wdev->cqm_config) {
17139 wdev->cqm_config->last_rssi_event_value = rssi_level;
17140
17141 cfg80211_cqm_rssi_update(rdev, dev);
17142
17143 if (rssi_level == 0)
17144 rssi_level = wdev->cqm_config->last_rssi_event_value;
17145 }
17146
17147 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
17148 if (!msg)
17149 return;
17150
17151 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
17152 rssi_event))
17153 goto nla_put_failure;
17154
17155 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
17156 rssi_level))
17157 goto nla_put_failure;
17158
17159 cfg80211_send_cqm(msg, gfp);
17160
17161 return;
17162
17163 nla_put_failure:
17164 nlmsg_free(msg);
17165}
17166EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
17167
17168void cfg80211_cqm_txe_notify(struct net_device *dev,
17169 const u8 *peer, u32 num_packets,
17170 u32 rate, u32 intvl, gfp_t gfp)
17171{
17172 struct sk_buff *msg;
17173
17174 msg = cfg80211_prepare_cqm(dev, peer, gfp);
17175 if (!msg)
17176 return;
17177
17178 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
17179 goto nla_put_failure;
17180
17181 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
17182 goto nla_put_failure;
17183
17184 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
17185 goto nla_put_failure;
17186
17187 cfg80211_send_cqm(msg, gfp);
17188 return;
17189
17190 nla_put_failure:
17191 nlmsg_free(msg);
17192}
17193EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
17194
17195void cfg80211_cqm_pktloss_notify(struct net_device *dev,
17196 const u8 *peer, u32 num_packets, gfp_t gfp)
17197{
17198 struct sk_buff *msg;
17199
17200 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
17201
17202 msg = cfg80211_prepare_cqm(dev, peer, gfp);
17203 if (!msg)
17204 return;
17205
17206 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
17207 goto nla_put_failure;
17208
17209 cfg80211_send_cqm(msg, gfp);
17210 return;
17211
17212 nla_put_failure:
17213 nlmsg_free(msg);
17214}
17215EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
17216
17217void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
17218{
17219 struct sk_buff *msg;
17220
17221 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
17222 if (!msg)
17223 return;
17224
17225 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
17226 goto nla_put_failure;
17227
17228 cfg80211_send_cqm(msg, gfp);
17229 return;
17230
17231 nla_put_failure:
17232 nlmsg_free(msg);
17233}
17234EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
17235
17236static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
17237 struct net_device *netdev, const u8 *bssid,
17238 const u8 *replay_ctr, gfp_t gfp)
17239{
17240 struct sk_buff *msg;
17241 struct nlattr *rekey_attr;
17242 void *hdr;
17243
17244 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17245 if (!msg)
17246 return;
17247
17248 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
17249 if (!hdr) {
17250 nlmsg_free(msg);
17251 return;
17252 }
17253
17254 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17255 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17256 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
17257 goto nla_put_failure;
17258
17259 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
17260 if (!rekey_attr)
17261 goto nla_put_failure;
17262
17263 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
17264 NL80211_REPLAY_CTR_LEN, replay_ctr))
17265 goto nla_put_failure;
17266
17267 nla_nest_end(msg, rekey_attr);
17268
17269 genlmsg_end(msg, hdr);
17270
17271 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17272 NL80211_MCGRP_MLME, gfp);
17273 return;
17274
17275 nla_put_failure:
17276 nlmsg_free(msg);
17277}
17278
17279void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
17280 const u8 *replay_ctr, gfp_t gfp)
17281{
17282 struct wireless_dev *wdev = dev->ieee80211_ptr;
17283 struct wiphy *wiphy = wdev->wiphy;
17284 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17285
17286 trace_cfg80211_gtk_rekey_notify(dev, bssid);
17287 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
17288}
17289EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
17290
17291static void
17292nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
17293 struct net_device *netdev, int index,
17294 const u8 *bssid, bool preauth, gfp_t gfp)
17295{
17296 struct sk_buff *msg;
17297 struct nlattr *attr;
17298 void *hdr;
17299
17300 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17301 if (!msg)
17302 return;
17303
17304 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
17305 if (!hdr) {
17306 nlmsg_free(msg);
17307 return;
17308 }
17309
17310 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17311 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
17312 goto nla_put_failure;
17313
17314 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
17315 if (!attr)
17316 goto nla_put_failure;
17317
17318 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
17319 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
17320 (preauth &&
17321 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
17322 goto nla_put_failure;
17323
17324 nla_nest_end(msg, attr);
17325
17326 genlmsg_end(msg, hdr);
17327
17328 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17329 NL80211_MCGRP_MLME, gfp);
17330 return;
17331
17332 nla_put_failure:
17333 nlmsg_free(msg);
17334}
17335
17336void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
17337 const u8 *bssid, bool preauth, gfp_t gfp)
17338{
17339 struct wireless_dev *wdev = dev->ieee80211_ptr;
17340 struct wiphy *wiphy = wdev->wiphy;
17341 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17342
17343 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
17344 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
17345}
17346EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
17347
17348static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
17349 struct net_device *netdev,
17350 struct cfg80211_chan_def *chandef,
17351 gfp_t gfp,
17352 enum nl80211_commands notif,
17353 u8 count, bool quiet)
17354{
17355 struct sk_buff *msg;
17356 void *hdr;
17357
17358 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17359 if (!msg)
17360 return;
17361
17362 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
17363 if (!hdr) {
17364 nlmsg_free(msg);
17365 return;
17366 }
17367
17368 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
17369 goto nla_put_failure;
17370
17371 if (nl80211_send_chandef(msg, chandef))
17372 goto nla_put_failure;
17373
17374 if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) {
17375 if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))
17376 goto nla_put_failure;
17377 if (quiet &&
17378 nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX))
17379 goto nla_put_failure;
17380 }
17381
17382 genlmsg_end(msg, hdr);
17383
17384 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17385 NL80211_MCGRP_MLME, gfp);
17386 return;
17387
17388 nla_put_failure:
17389 nlmsg_free(msg);
17390}
17391
17392void cfg80211_ch_switch_notify(struct net_device *dev,
17393 struct cfg80211_chan_def *chandef)
17394{
17395 struct wireless_dev *wdev = dev->ieee80211_ptr;
17396 struct wiphy *wiphy = wdev->wiphy;
17397 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17398
17399 ASSERT_WDEV_LOCK(wdev);
17400
17401 trace_cfg80211_ch_switch_notify(dev, chandef);
17402
17403 wdev->chandef = *chandef;
17404 wdev->preset_chandef = *chandef;
17405
17406 if (wdev->iftype == NL80211_IFTYPE_STATION &&
17407 !WARN_ON(!wdev->current_bss))
17408 cfg80211_update_assoc_bss_entry(wdev, chandef->chan);
17409
17410 cfg80211_sched_dfs_chan_update(rdev);
17411
17412 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
17413 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false);
17414}
17415EXPORT_SYMBOL(cfg80211_ch_switch_notify);
17416
17417void cfg80211_ch_switch_started_notify(struct net_device *dev,
17418 struct cfg80211_chan_def *chandef,
17419 u8 count, bool quiet)
17420{
17421 struct wireless_dev *wdev = dev->ieee80211_ptr;
17422 struct wiphy *wiphy = wdev->wiphy;
17423 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17424
17425 trace_cfg80211_ch_switch_started_notify(dev, chandef);
17426
17427 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
17428 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY,
17429 count, quiet);
17430}
17431EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
17432
17433void
17434nl80211_radar_notify(struct cfg80211_registered_device *rdev,
17435 const struct cfg80211_chan_def *chandef,
17436 enum nl80211_radar_event event,
17437 struct net_device *netdev, gfp_t gfp)
17438{
17439 struct sk_buff *msg;
17440 void *hdr;
17441
17442 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17443 if (!msg)
17444 return;
17445
17446 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
17447 if (!hdr) {
17448 nlmsg_free(msg);
17449 return;
17450 }
17451
17452 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
17453 goto nla_put_failure;
17454
17455
17456 if (netdev) {
17457 struct wireless_dev *wdev = netdev->ieee80211_ptr;
17458
17459 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17460 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17461 NL80211_ATTR_PAD))
17462 goto nla_put_failure;
17463 }
17464
17465 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
17466 goto nla_put_failure;
17467
17468 if (nl80211_send_chandef(msg, chandef))
17469 goto nla_put_failure;
17470
17471 genlmsg_end(msg, hdr);
17472
17473 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17474 NL80211_MCGRP_MLME, gfp);
17475 return;
17476
17477 nla_put_failure:
17478 nlmsg_free(msg);
17479}
17480
17481void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
17482 struct sta_opmode_info *sta_opmode,
17483 gfp_t gfp)
17484{
17485 struct sk_buff *msg;
17486 struct wireless_dev *wdev = dev->ieee80211_ptr;
17487 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17488 void *hdr;
17489
17490 if (WARN_ON(!mac))
17491 return;
17492
17493 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17494 if (!msg)
17495 return;
17496
17497 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
17498 if (!hdr) {
17499 nlmsg_free(msg);
17500 return;
17501 }
17502
17503 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
17504 goto nla_put_failure;
17505
17506 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
17507 goto nla_put_failure;
17508
17509 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
17510 goto nla_put_failure;
17511
17512 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
17513 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
17514 goto nla_put_failure;
17515
17516 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
17517 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
17518 goto nla_put_failure;
17519
17520 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
17521 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
17522 goto nla_put_failure;
17523
17524 genlmsg_end(msg, hdr);
17525
17526 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17527 NL80211_MCGRP_MLME, gfp);
17528
17529 return;
17530
17531nla_put_failure:
17532 nlmsg_free(msg);
17533}
17534EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
17535
17536void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
17537 u64 cookie, bool acked, s32 ack_signal,
17538 bool is_valid_ack_signal, gfp_t gfp)
17539{
17540 struct wireless_dev *wdev = dev->ieee80211_ptr;
17541 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17542 struct sk_buff *msg;
17543 void *hdr;
17544
17545 trace_cfg80211_probe_status(dev, addr, cookie, acked);
17546
17547 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17548
17549 if (!msg)
17550 return;
17551
17552 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
17553 if (!hdr) {
17554 nlmsg_free(msg);
17555 return;
17556 }
17557
17558 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17559 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17560 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
17561 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
17562 NL80211_ATTR_PAD) ||
17563 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
17564 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
17565 ack_signal)))
17566 goto nla_put_failure;
17567
17568 genlmsg_end(msg, hdr);
17569
17570 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17571 NL80211_MCGRP_MLME, gfp);
17572 return;
17573
17574 nla_put_failure:
17575 nlmsg_free(msg);
17576}
17577EXPORT_SYMBOL(cfg80211_probe_status);
17578
17579void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
17580 size_t len, int freq, int sig_dbm)
17581{
17582 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17583 struct sk_buff *msg;
17584 void *hdr;
17585 struct cfg80211_beacon_registration *reg;
17586
17587 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
17588
17589 spin_lock_bh(&rdev->beacon_registrations_lock);
17590 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
17591 msg = nlmsg_new(len + 100, GFP_ATOMIC);
17592 if (!msg) {
17593 spin_unlock_bh(&rdev->beacon_registrations_lock);
17594 return;
17595 }
17596
17597 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
17598 if (!hdr)
17599 goto nla_put_failure;
17600
17601 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17602 (freq &&
17603 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
17604 KHZ_TO_MHZ(freq)) ||
17605 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
17606 freq % 1000))) ||
17607 (sig_dbm &&
17608 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
17609 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
17610 goto nla_put_failure;
17611
17612 genlmsg_end(msg, hdr);
17613
17614 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
17615 }
17616 spin_unlock_bh(&rdev->beacon_registrations_lock);
17617 return;
17618
17619 nla_put_failure:
17620 spin_unlock_bh(&rdev->beacon_registrations_lock);
17621 nlmsg_free(msg);
17622}
17623EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
17624
17625#ifdef CONFIG_PM
17626static int cfg80211_net_detect_results(struct sk_buff *msg,
17627 struct cfg80211_wowlan_wakeup *wakeup)
17628{
17629 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
17630 struct nlattr *nl_results, *nl_match, *nl_freqs;
17631 int i, j;
17632
17633 nl_results = nla_nest_start_noflag(msg,
17634 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
17635 if (!nl_results)
17636 return -EMSGSIZE;
17637
17638 for (i = 0; i < nd->n_matches; i++) {
17639 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
17640
17641 nl_match = nla_nest_start_noflag(msg, i);
17642 if (!nl_match)
17643 break;
17644
17645
17646
17647
17648
17649
17650
17651
17652 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
17653 match->ssid.ssid)) {
17654 nla_nest_cancel(msg, nl_match);
17655 goto out;
17656 }
17657
17658 if (match->n_channels) {
17659 nl_freqs = nla_nest_start_noflag(msg,
17660 NL80211_ATTR_SCAN_FREQUENCIES);
17661 if (!nl_freqs) {
17662 nla_nest_cancel(msg, nl_match);
17663 goto out;
17664 }
17665
17666 for (j = 0; j < match->n_channels; j++) {
17667 if (nla_put_u32(msg, j, match->channels[j])) {
17668 nla_nest_cancel(msg, nl_freqs);
17669 nla_nest_cancel(msg, nl_match);
17670 goto out;
17671 }
17672 }
17673
17674 nla_nest_end(msg, nl_freqs);
17675 }
17676
17677 nla_nest_end(msg, nl_match);
17678 }
17679
17680out:
17681 nla_nest_end(msg, nl_results);
17682 return 0;
17683}
17684
17685void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
17686 struct cfg80211_wowlan_wakeup *wakeup,
17687 gfp_t gfp)
17688{
17689 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17690 struct sk_buff *msg;
17691 void *hdr;
17692 int size = 200;
17693
17694 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
17695
17696 if (wakeup)
17697 size += wakeup->packet_present_len;
17698
17699 msg = nlmsg_new(size, gfp);
17700 if (!msg)
17701 return;
17702
17703 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
17704 if (!hdr)
17705 goto free_msg;
17706
17707 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17708 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17709 NL80211_ATTR_PAD))
17710 goto free_msg;
17711
17712 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
17713 wdev->netdev->ifindex))
17714 goto free_msg;
17715
17716 if (wakeup) {
17717 struct nlattr *reasons;
17718
17719 reasons = nla_nest_start_noflag(msg,
17720 NL80211_ATTR_WOWLAN_TRIGGERS);
17721 if (!reasons)
17722 goto free_msg;
17723
17724 if (wakeup->disconnect &&
17725 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
17726 goto free_msg;
17727 if (wakeup->magic_pkt &&
17728 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
17729 goto free_msg;
17730 if (wakeup->gtk_rekey_failure &&
17731 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
17732 goto free_msg;
17733 if (wakeup->eap_identity_req &&
17734 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
17735 goto free_msg;
17736 if (wakeup->four_way_handshake &&
17737 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
17738 goto free_msg;
17739 if (wakeup->rfkill_release &&
17740 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
17741 goto free_msg;
17742
17743 if (wakeup->pattern_idx >= 0 &&
17744 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
17745 wakeup->pattern_idx))
17746 goto free_msg;
17747
17748 if (wakeup->tcp_match &&
17749 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
17750 goto free_msg;
17751
17752 if (wakeup->tcp_connlost &&
17753 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
17754 goto free_msg;
17755
17756 if (wakeup->tcp_nomoretokens &&
17757 nla_put_flag(msg,
17758 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
17759 goto free_msg;
17760
17761 if (wakeup->packet) {
17762 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
17763 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
17764
17765 if (!wakeup->packet_80211) {
17766 pkt_attr =
17767 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
17768 len_attr =
17769 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
17770 }
17771
17772 if (wakeup->packet_len &&
17773 nla_put_u32(msg, len_attr, wakeup->packet_len))
17774 goto free_msg;
17775
17776 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
17777 wakeup->packet))
17778 goto free_msg;
17779 }
17780
17781 if (wakeup->net_detect &&
17782 cfg80211_net_detect_results(msg, wakeup))
17783 goto free_msg;
17784
17785 nla_nest_end(msg, reasons);
17786 }
17787
17788 genlmsg_end(msg, hdr);
17789
17790 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17791 NL80211_MCGRP_MLME, gfp);
17792 return;
17793
17794 free_msg:
17795 nlmsg_free(msg);
17796}
17797EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
17798#endif
17799
17800void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
17801 enum nl80211_tdls_operation oper,
17802 u16 reason_code, gfp_t gfp)
17803{
17804 struct wireless_dev *wdev = dev->ieee80211_ptr;
17805 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17806 struct sk_buff *msg;
17807 void *hdr;
17808
17809 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
17810 reason_code);
17811
17812 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17813 if (!msg)
17814 return;
17815
17816 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
17817 if (!hdr) {
17818 nlmsg_free(msg);
17819 return;
17820 }
17821
17822 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17823 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17824 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
17825 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
17826 (reason_code > 0 &&
17827 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
17828 goto nla_put_failure;
17829
17830 genlmsg_end(msg, hdr);
17831
17832 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17833 NL80211_MCGRP_MLME, gfp);
17834 return;
17835
17836 nla_put_failure:
17837 nlmsg_free(msg);
17838}
17839EXPORT_SYMBOL(cfg80211_tdls_oper_request);
17840
17841static int nl80211_netlink_notify(struct notifier_block * nb,
17842 unsigned long state,
17843 void *_notify)
17844{
17845 struct netlink_notify *notify = _notify;
17846 struct cfg80211_registered_device *rdev;
17847 struct wireless_dev *wdev;
17848 struct cfg80211_beacon_registration *reg, *tmp;
17849
17850 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
17851 return NOTIFY_DONE;
17852
17853 rcu_read_lock();
17854
17855 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
17856 struct cfg80211_sched_scan_request *sched_scan_req;
17857
17858 list_for_each_entry_rcu(sched_scan_req,
17859 &rdev->sched_scan_req_list,
17860 list) {
17861 if (sched_scan_req->owner_nlportid == notify->portid) {
17862 sched_scan_req->nl_owner_dead = true;
17863 schedule_work(&rdev->sched_scan_stop_wk);
17864 }
17865 }
17866
17867 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
17868 cfg80211_mlme_unregister_socket(wdev, notify->portid);
17869
17870 if (wdev->owner_nlportid == notify->portid) {
17871 wdev->nl_owner_dead = true;
17872 schedule_work(&rdev->destroy_work);
17873 } else if (wdev->conn_owner_nlportid == notify->portid) {
17874 schedule_work(&wdev->disconnect_wk);
17875 }
17876
17877 cfg80211_release_pmsr(wdev, notify->portid);
17878 }
17879
17880 spin_lock_bh(&rdev->beacon_registrations_lock);
17881 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
17882 list) {
17883 if (reg->nlportid == notify->portid) {
17884 list_del(®->list);
17885 kfree(reg);
17886 break;
17887 }
17888 }
17889 spin_unlock_bh(&rdev->beacon_registrations_lock);
17890 }
17891
17892 rcu_read_unlock();
17893
17894
17895
17896
17897
17898 regulatory_netlink_notify(notify->portid);
17899 return NOTIFY_OK;
17900}
17901
17902static struct notifier_block nl80211_netlink_notifier = {
17903 .notifier_call = nl80211_netlink_notify,
17904};
17905
17906void cfg80211_ft_event(struct net_device *netdev,
17907 struct cfg80211_ft_event_params *ft_event)
17908{
17909 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
17910 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17911 struct sk_buff *msg;
17912 void *hdr;
17913
17914 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
17915
17916 if (!ft_event->target_ap)
17917 return;
17918
17919 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
17920 GFP_KERNEL);
17921 if (!msg)
17922 return;
17923
17924 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
17925 if (!hdr)
17926 goto out;
17927
17928 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17929 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17930 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
17931 goto out;
17932
17933 if (ft_event->ies &&
17934 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
17935 goto out;
17936 if (ft_event->ric_ies &&
17937 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
17938 ft_event->ric_ies))
17939 goto out;
17940
17941 genlmsg_end(msg, hdr);
17942
17943 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17944 NL80211_MCGRP_MLME, GFP_KERNEL);
17945 return;
17946 out:
17947 nlmsg_free(msg);
17948}
17949EXPORT_SYMBOL(cfg80211_ft_event);
17950
17951void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
17952{
17953 struct cfg80211_registered_device *rdev;
17954 struct sk_buff *msg;
17955 void *hdr;
17956 u32 nlportid;
17957
17958 rdev = wiphy_to_rdev(wdev->wiphy);
17959 if (!rdev->crit_proto_nlportid)
17960 return;
17961
17962 nlportid = rdev->crit_proto_nlportid;
17963 rdev->crit_proto_nlportid = 0;
17964
17965 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17966 if (!msg)
17967 return;
17968
17969 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
17970 if (!hdr)
17971 goto nla_put_failure;
17972
17973 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17974 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17975 NL80211_ATTR_PAD))
17976 goto nla_put_failure;
17977
17978 genlmsg_end(msg, hdr);
17979
17980 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
17981 return;
17982
17983 nla_put_failure:
17984 nlmsg_free(msg);
17985}
17986EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
17987
17988void nl80211_send_ap_stopped(struct wireless_dev *wdev)
17989{
17990 struct wiphy *wiphy = wdev->wiphy;
17991 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17992 struct sk_buff *msg;
17993 void *hdr;
17994
17995 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17996 if (!msg)
17997 return;
17998
17999 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
18000 if (!hdr)
18001 goto out;
18002
18003 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18004 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
18005 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
18006 NL80211_ATTR_PAD))
18007 goto out;
18008
18009 genlmsg_end(msg, hdr);
18010
18011 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
18012 NL80211_MCGRP_MLME, GFP_KERNEL);
18013 return;
18014 out:
18015 nlmsg_free(msg);
18016}
18017
18018int cfg80211_external_auth_request(struct net_device *dev,
18019 struct cfg80211_external_auth_params *params,
18020 gfp_t gfp)
18021{
18022 struct wireless_dev *wdev = dev->ieee80211_ptr;
18023 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
18024 struct sk_buff *msg;
18025 void *hdr;
18026
18027 if (!wdev->conn_owner_nlportid)
18028 return -EINVAL;
18029
18030 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18031 if (!msg)
18032 return -ENOMEM;
18033
18034 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
18035 if (!hdr)
18036 goto nla_put_failure;
18037
18038 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18039 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18040 nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
18041 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
18042 params->action) ||
18043 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
18044 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
18045 params->ssid.ssid))
18046 goto nla_put_failure;
18047
18048 genlmsg_end(msg, hdr);
18049 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
18050 wdev->conn_owner_nlportid);
18051 return 0;
18052
18053 nla_put_failure:
18054 nlmsg_free(msg);
18055 return -ENOBUFS;
18056}
18057EXPORT_SYMBOL(cfg80211_external_auth_request);
18058
18059void cfg80211_update_owe_info_event(struct net_device *netdev,
18060 struct cfg80211_update_owe_info *owe_info,
18061 gfp_t gfp)
18062{
18063 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
18064 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18065 struct sk_buff *msg;
18066 void *hdr;
18067
18068 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
18069
18070 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18071 if (!msg)
18072 return;
18073
18074 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
18075 if (!hdr)
18076 goto nla_put_failure;
18077
18078 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18079 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18080 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
18081 goto nla_put_failure;
18082
18083 if (!owe_info->ie_len ||
18084 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
18085 goto nla_put_failure;
18086
18087 genlmsg_end(msg, hdr);
18088
18089 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18090 NL80211_MCGRP_MLME, gfp);
18091 return;
18092
18093nla_put_failure:
18094 genlmsg_cancel(msg, hdr);
18095 nlmsg_free(msg);
18096}
18097EXPORT_SYMBOL(cfg80211_update_owe_info_event);
18098
18099
18100
18101int __init nl80211_init(void)
18102{
18103 int err;
18104
18105 err = genl_register_family(&nl80211_fam);
18106 if (err)
18107 return err;
18108
18109 err = netlink_register_notifier(&nl80211_netlink_notifier);
18110 if (err)
18111 goto err_out;
18112
18113 return 0;
18114 err_out:
18115 genl_unregister_family(&nl80211_fam);
18116 return err;
18117}
18118
18119void nl80211_exit(void)
18120{
18121 netlink_unregister_notifier(&nl80211_netlink_notifier);
18122 genl_unregister_family(&nl80211_fam);
18123}
18124
