1
2
3
4
5
6
7
8
9
10
11#include <linux/if.h>
12#include <linux/module.h>
13#include <linux/err.h>
14#include <linux/slab.h>
15#include <linux/list.h>
16#include <linux/if_ether.h>
17#include <linux/ieee80211.h>
18#include <linux/nl80211.h>
19#include <linux/rtnetlink.h>
20#include <linux/netlink.h>
21#include <linux/nospec.h>
22#include <linux/etherdevice.h>
23#include <net/net_namespace.h>
24#include <net/genetlink.h>
25#include <net/cfg80211.h>
26#include <net/sock.h>
27#include <net/inet_connection_sock.h>
28#include "core.h"
29#include "nl80211.h"
30#include "reg.h"
31#include "rdev-ops.h"
32
33static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
34 struct genl_info *info,
35 struct cfg80211_crypto_settings *settings,
36 int cipher_limit);
37
38
39static struct genl_family nl80211_fam;
40
41
42enum nl80211_multicast_groups {
43 NL80211_MCGRP_CONFIG,
44 NL80211_MCGRP_SCAN,
45 NL80211_MCGRP_REGULATORY,
46 NL80211_MCGRP_MLME,
47 NL80211_MCGRP_VENDOR,
48 NL80211_MCGRP_NAN,
49 NL80211_MCGRP_TESTMODE
50};
51
52static const struct genl_multicast_group nl80211_mcgrps[] = {
53 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
54 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
55 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
56 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
57 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
58 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
59#ifdef CONFIG_NL80211_TESTMODE
60 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
61#endif
62};
63
64
65static struct wireless_dev *
66__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
67{
68 struct cfg80211_registered_device *rdev;
69 struct wireless_dev *result = NULL;
70 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
71 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
72 u64 wdev_id;
73 int wiphy_idx = -1;
74 int ifidx = -1;
75
76 ASSERT_RTNL();
77
78 if (!have_ifidx && !have_wdev_id)
79 return ERR_PTR(-EINVAL);
80
81 if (have_ifidx)
82 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
83 if (have_wdev_id) {
84 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
85 wiphy_idx = wdev_id >> 32;
86 }
87
88 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
89 struct wireless_dev *wdev;
90
91 if (wiphy_net(&rdev->wiphy) != netns)
92 continue;
93
94 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
95 continue;
96
97 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
98 if (have_ifidx && wdev->netdev &&
99 wdev->netdev->ifindex == ifidx) {
100 result = wdev;
101 break;
102 }
103 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
104 result = wdev;
105 break;
106 }
107 }
108
109 if (result)
110 break;
111 }
112
113 if (result)
114 return result;
115 return ERR_PTR(-ENODEV);
116}
117
118static struct cfg80211_registered_device *
119__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
120{
121 struct cfg80211_registered_device *rdev = NULL, *tmp;
122 struct net_device *netdev;
123
124 ASSERT_RTNL();
125
126 if (!attrs[NL80211_ATTR_WIPHY] &&
127 !attrs[NL80211_ATTR_IFINDEX] &&
128 !attrs[NL80211_ATTR_WDEV])
129 return ERR_PTR(-EINVAL);
130
131 if (attrs[NL80211_ATTR_WIPHY])
132 rdev = cfg80211_rdev_by_wiphy_idx(
133 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
134
135 if (attrs[NL80211_ATTR_WDEV]) {
136 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
137 struct wireless_dev *wdev;
138 bool found = false;
139
140 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
141 if (tmp) {
142
143 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
144 if (wdev->identifier != (u32)wdev_id)
145 continue;
146 found = true;
147 break;
148 }
149
150 if (!found)
151 tmp = NULL;
152
153 if (rdev && tmp != rdev)
154 return ERR_PTR(-EINVAL);
155 rdev = tmp;
156 }
157 }
158
159 if (attrs[NL80211_ATTR_IFINDEX]) {
160 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
161
162 netdev = __dev_get_by_index(netns, ifindex);
163 if (netdev) {
164 if (netdev->ieee80211_ptr)
165 tmp = wiphy_to_rdev(
166 netdev->ieee80211_ptr->wiphy);
167 else
168 tmp = NULL;
169
170
171 if (!tmp)
172 return ERR_PTR(-EINVAL);
173
174
175 if (rdev && tmp != rdev)
176 return ERR_PTR(-EINVAL);
177
178 rdev = tmp;
179 }
180 }
181
182 if (!rdev)
183 return ERR_PTR(-ENODEV);
184
185 if (netns != wiphy_net(&rdev->wiphy))
186 return ERR_PTR(-ENODEV);
187
188 return rdev;
189}
190
191
192
193
194
195
196
197
198static struct cfg80211_registered_device *
199cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
200{
201 return __cfg80211_rdev_from_attrs(netns, info->attrs);
202}
203
204static int validate_ie_attr(const struct nlattr *attr,
205 struct netlink_ext_ack *extack)
206{
207 const u8 *data = nla_data(attr);
208 unsigned int len = nla_len(attr);
209 const struct element *elem;
210
211 for_each_element(elem, data, len) {
212
213 }
214
215 if (for_each_element_completed(elem, data, len))
216 return 0;
217
218 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
219 return -EINVAL;
220}
221
222
223static const struct nla_policy
224nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
225 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
226 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
227 .len = U8_MAX },
228 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
229 .len = U8_MAX },
230};
231
232static const struct nla_policy
233nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
234 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
235 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
236 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
237 NLA_POLICY_MAX(NLA_U8, 15),
238 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
239 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
240 NLA_POLICY_MAX(NLA_U8, 15),
241 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
242 NLA_POLICY_MAX(NLA_U8, 31),
243 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
244 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
245 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
246};
247
248static const struct nla_policy
249nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
250 [NL80211_PMSR_TYPE_FTM] =
251 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
252};
253
254static const struct nla_policy
255nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
256 [NL80211_PMSR_REQ_ATTR_DATA] =
257 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
258 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
259};
260
261static const struct nla_policy
262nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
263 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
264
265
266
267
268 [NL80211_PMSR_PEER_ATTR_CHAN] = { .type = NLA_NESTED },
269 [NL80211_PMSR_PEER_ATTR_REQ] =
270 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
271 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
272};
273
274static const struct nla_policy
275nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
276 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
277 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
278 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
279 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
280 [NL80211_PMSR_ATTR_PEERS] =
281 NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
282};
283
284const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
285 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
286 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
287 .len = 20-1 },
288 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
289
290 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
291 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
292 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
293 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
294 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
295
296 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
297 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
298 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
299 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
300 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
301 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
302
303 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
304 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
305 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
306
307 [NL80211_ATTR_MAC] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
308 [NL80211_ATTR_PREV_BSSID] = {
309 .type = NLA_EXACT_LEN_WARN,
310 .len = ETH_ALEN
311 },
312
313 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
314 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
315 .len = WLAN_MAX_KEY_LEN },
316 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 5),
317 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
318 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
319 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
320 [NL80211_ATTR_KEY_TYPE] =
321 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
322
323 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
324 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
325 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
326 .len = IEEE80211_MAX_DATA_LEN },
327 [NL80211_ATTR_BEACON_TAIL] =
328 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
329 IEEE80211_MAX_DATA_LEN),
330 [NL80211_ATTR_STA_AID] =
331 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
332 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
333 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
334 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
335 .len = NL80211_MAX_SUPP_RATES },
336 [NL80211_ATTR_STA_PLINK_ACTION] =
337 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
338 [NL80211_ATTR_STA_TX_POWER_SETTING] =
339 NLA_POLICY_RANGE(NLA_U8,
340 NL80211_TX_POWER_AUTOMATIC,
341 NL80211_TX_POWER_FIXED),
342 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
343 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
344 [NL80211_ATTR_MNTR_FLAGS] = { },
345 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
346 .len = IEEE80211_MAX_MESH_ID_LEN },
347 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
348
349 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
350 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
351
352 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
353 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
354 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
355 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
356 .len = NL80211_MAX_SUPP_RATES },
357 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
358
359 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
360 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
361
362 [NL80211_ATTR_HT_CAPABILITY] = {
363 .type = NLA_EXACT_LEN_WARN,
364 .len = NL80211_HT_CAPABILITY_LEN
365 },
366
367 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
368 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
369 validate_ie_attr,
370 IEEE80211_MAX_DATA_LEN),
371 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
372 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
373
374 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
375 .len = IEEE80211_MAX_SSID_LEN },
376 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
377 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
378 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
379 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
380 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
381 NL80211_MFP_NO,
382 NL80211_MFP_OPTIONAL),
383 [NL80211_ATTR_STA_FLAGS2] = {
384 .len = sizeof(struct nl80211_sta_flag_update),
385 },
386 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
387 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
388 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
389 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
390 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
391 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
392 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
393 [NL80211_ATTR_PID] = { .type = NLA_U32 },
394 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
395 [NL80211_ATTR_PMKID] = {
396 .type = NLA_EXACT_LEN_WARN,
397 .len = WLAN_PMKID_LEN
398 },
399 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
400 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
401 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
402 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
403 .len = IEEE80211_MAX_DATA_LEN },
404 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
405 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
406 NL80211_PS_DISABLED,
407 NL80211_PS_ENABLED),
408 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
409 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
410 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
411 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
412 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
413 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
414 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
415 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
416 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
417 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
418 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
419 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
420 [NL80211_ATTR_STA_PLINK_STATE] =
421 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
422 [NL80211_ATTR_MESH_PEER_AID] =
423 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
424 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
425 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
426 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
427 [NL80211_ATTR_HIDDEN_SSID] =
428 NLA_POLICY_RANGE(NLA_U32,
429 NL80211_HIDDEN_SSID_NOT_IN_USE,
430 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
431 [NL80211_ATTR_IE_PROBE_RESP] =
432 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
433 IEEE80211_MAX_DATA_LEN),
434 [NL80211_ATTR_IE_ASSOC_RESP] =
435 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
436 IEEE80211_MAX_DATA_LEN),
437 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
438 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
439 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
440 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
441 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
442 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
443 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
444 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
445 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
446 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
447 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
448 .len = IEEE80211_MAX_DATA_LEN },
449 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
450 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
451 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
452 .len = NL80211_HT_CAPABILITY_LEN
453 },
454 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
455 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
456 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
457 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
458 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
459 [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
460 [NL80211_ATTR_VHT_CAPABILITY] = {
461 .type = NLA_EXACT_LEN_WARN,
462 .len = NL80211_VHT_CAPABILITY_LEN
463 },
464 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
465 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
466 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
467 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
468 NLA_POLICY_RANGE(NLA_U32,
469 NL80211_MESH_POWER_UNKNOWN + 1,
470 NL80211_MESH_POWER_MAX),
471 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
472 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
473 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
474 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
475 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
476 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
477 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
478 .len = NL80211_VHT_CAPABILITY_LEN,
479 },
480 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
481 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
482 .len = IEEE80211_MAX_DATA_LEN },
483 [NL80211_ATTR_PEER_AID] =
484 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
485 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
486 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
487 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
488 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
489 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
490 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
491 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
492 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
493 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
494 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
495 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
496 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
497 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
498 .len = IEEE80211_QOS_MAP_LEN_MAX },
499 [NL80211_ATTR_MAC_HINT] = {
500 .type = NLA_EXACT_LEN_WARN,
501 .len = ETH_ALEN
502 },
503 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
504 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
505 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
506 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
507 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
508 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
509 [NL80211_ATTR_USER_PRIO] =
510 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
511 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
512 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
513 [NL80211_ATTR_MAC_MASK] = {
514 .type = NLA_EXACT_LEN_WARN,
515 .len = ETH_ALEN
516 },
517 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
518 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
519 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
520 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
521 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
522 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
523 [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
524 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
525 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
526 .len = VHT_MUMIMO_GROUPS_DATA_LEN
527 },
528 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = {
529 .type = NLA_EXACT_LEN_WARN,
530 .len = ETH_ALEN
531 },
532 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
533 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
534 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
535 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
536 .len = FILS_MAX_KEK_LEN },
537 [NL80211_ATTR_FILS_NONCES] = {
538 .type = NLA_EXACT_LEN_WARN,
539 .len = 2 * FILS_NONCE_LEN
540 },
541 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
542 [NL80211_ATTR_BSSID] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
543 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
544 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
545 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
546 },
547 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
548 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
549 .len = FILS_ERP_MAX_USERNAME_LEN },
550 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
551 .len = FILS_ERP_MAX_REALM_LEN },
552 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
553 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
554 .len = FILS_ERP_MAX_RRK_LEN },
555 [NL80211_ATTR_FILS_CACHE_ID] = { .type = NLA_EXACT_LEN_WARN, .len = 2 },
556 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
557 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
558 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
559
560 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
561 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
562 [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
563 [NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
564 .len = NL80211_HE_MAX_CAPABILITY_LEN },
565
566 [NL80211_ATTR_FTM_RESPONDER] = {
567 .type = NLA_NESTED,
568 .validation_data = nl80211_ftm_responder_policy,
569 },
570 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
571 [NL80211_ATTR_PEER_MEASUREMENTS] =
572 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
573 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
574 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
575 .len = SAE_PASSWORD_MAX_LEN },
576 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
577};
578
579
580static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
581 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
582 [NL80211_KEY_IDX] = { .type = NLA_U8 },
583 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
584 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
585 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
586 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
587 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
588 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
589 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
590};
591
592
593static const struct nla_policy
594nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
595 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
596 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
597};
598
599#ifdef CONFIG_PM
600
601static const struct nla_policy
602nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
603 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
604 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
605 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
606 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
607 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
608 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
609 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
610 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
611 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
612 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
613};
614
615static const struct nla_policy
616nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
617 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
618 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
619 [NL80211_WOWLAN_TCP_DST_MAC] = {
620 .type = NLA_EXACT_LEN_WARN,
621 .len = ETH_ALEN
622 },
623 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
624 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
625 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
626 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
627 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
628 },
629 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
630 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
631 },
632 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
633 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
634 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .type = NLA_MIN_LEN, .len = 1 },
635};
636#endif
637
638
639static const struct nla_policy
640nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
641 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
642 [NL80211_ATTR_COALESCE_RULE_CONDITION] =
643 NLA_POLICY_RANGE(NLA_U32,
644 NL80211_COALESCE_CONDITION_MATCH,
645 NL80211_COALESCE_CONDITION_NO_MATCH),
646 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
647};
648
649
650static const struct nla_policy
651nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
652 [NL80211_REKEY_DATA_KEK] = {
653 .type = NLA_EXACT_LEN_WARN,
654 .len = NL80211_KEK_LEN,
655 },
656 [NL80211_REKEY_DATA_KCK] = {
657 .type = NLA_EXACT_LEN_WARN,
658 .len = NL80211_KCK_LEN,
659 },
660 [NL80211_REKEY_DATA_REPLAY_CTR] = {
661 .type = NLA_EXACT_LEN_WARN,
662 .len = NL80211_REPLAY_CTR_LEN
663 },
664};
665
666static const struct nla_policy
667nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
668 [NL80211_BAND_2GHZ] = { .type = NLA_S32 },
669 [NL80211_BAND_5GHZ] = { .type = NLA_S32 },
670 [NL80211_BAND_60GHZ] = { .type = NLA_S32 },
671};
672
673static const struct nla_policy
674nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
675 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
676 .len = IEEE80211_MAX_SSID_LEN },
677 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = {
678 .type = NLA_EXACT_LEN_WARN,
679 .len = ETH_ALEN
680 },
681 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
682 [NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
683 NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
684};
685
686static const struct nla_policy
687nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
688 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
689 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
690};
691
692static const struct nla_policy
693nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
694 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
695 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
696 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
697 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
698 },
699};
700
701
702static const struct nla_policy
703nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
704 [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
705 [NL80211_NAN_FUNC_SERVICE_ID] = {
706 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
707 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
708 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
709 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
710 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
711 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
712 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = {
713 .type = NLA_EXACT_LEN_WARN,
714 .len = ETH_ALEN
715 },
716 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
717 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
718 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
719 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
720 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
721 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
722 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
723 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
724 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
725};
726
727
728static const struct nla_policy
729nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
730 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
731 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
732 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
733 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
734 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
735};
736
737
738static const struct nla_policy
739nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
740 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
741 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
742 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
743};
744
745int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
746 struct cfg80211_registered_device **rdev,
747 struct wireless_dev **wdev)
748{
749 int err;
750
751 if (!cb->args[0]) {
752 err = nlmsg_parse_deprecated(cb->nlh,
753 GENL_HDRLEN + nl80211_fam.hdrsize,
754 genl_family_attrbuf(&nl80211_fam),
755 nl80211_fam.maxattr,
756 nl80211_policy, NULL);
757 if (err)
758 return err;
759
760 *wdev = __cfg80211_wdev_from_attrs(
761 sock_net(cb->skb->sk),
762 genl_family_attrbuf(&nl80211_fam));
763 if (IS_ERR(*wdev))
764 return PTR_ERR(*wdev);
765 *rdev = wiphy_to_rdev((*wdev)->wiphy);
766
767 cb->args[0] = (*rdev)->wiphy_idx + 1;
768 cb->args[1] = (*wdev)->identifier;
769 } else {
770
771 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
772 struct wireless_dev *tmp;
773
774 if (!wiphy)
775 return -ENODEV;
776 *rdev = wiphy_to_rdev(wiphy);
777 *wdev = NULL;
778
779 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
780 if (tmp->identifier == cb->args[1]) {
781 *wdev = tmp;
782 break;
783 }
784 }
785
786 if (!*wdev)
787 return -ENODEV;
788 }
789
790 return 0;
791}
792
793
794void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
795 int flags, u8 cmd)
796{
797
798 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
799}
800
801static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
802 const struct ieee80211_reg_rule *rule)
803{
804 int j;
805 struct nlattr *nl_wmm_rules =
806 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
807
808 if (!nl_wmm_rules)
809 goto nla_put_failure;
810
811 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
812 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
813
814 if (!nl_wmm_rule)
815 goto nla_put_failure;
816
817 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
818 rule->wmm_rule.client[j].cw_min) ||
819 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
820 rule->wmm_rule.client[j].cw_max) ||
821 nla_put_u8(msg, NL80211_WMMR_AIFSN,
822 rule->wmm_rule.client[j].aifsn) ||
823 nla_put_u16(msg, NL80211_WMMR_TXOP,
824 rule->wmm_rule.client[j].cot))
825 goto nla_put_failure;
826
827 nla_nest_end(msg, nl_wmm_rule);
828 }
829 nla_nest_end(msg, nl_wmm_rules);
830
831 return 0;
832
833nla_put_failure:
834 return -ENOBUFS;
835}
836
837static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
838 struct ieee80211_channel *chan,
839 bool large)
840{
841
842
843
844 if (!large && chan->flags &
845 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
846 return 0;
847
848 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
849 chan->center_freq))
850 goto nla_put_failure;
851
852 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
853 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
854 goto nla_put_failure;
855 if (chan->flags & IEEE80211_CHAN_NO_IR) {
856 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
857 goto nla_put_failure;
858 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
859 goto nla_put_failure;
860 }
861 if (chan->flags & IEEE80211_CHAN_RADAR) {
862 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
863 goto nla_put_failure;
864 if (large) {
865 u32 time;
866
867 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
868
869 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
870 chan->dfs_state))
871 goto nla_put_failure;
872 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
873 time))
874 goto nla_put_failure;
875 if (nla_put_u32(msg,
876 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
877 chan->dfs_cac_ms))
878 goto nla_put_failure;
879 }
880 }
881
882 if (large) {
883 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
884 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
885 goto nla_put_failure;
886 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
887 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
888 goto nla_put_failure;
889 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
890 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
891 goto nla_put_failure;
892 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
893 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
894 goto nla_put_failure;
895 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
896 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
897 goto nla_put_failure;
898 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
899 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
900 goto nla_put_failure;
901 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
902 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
903 goto nla_put_failure;
904 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
905 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
906 goto nla_put_failure;
907 }
908
909 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
910 DBM_TO_MBM(chan->max_power)))
911 goto nla_put_failure;
912
913 if (large) {
914 const struct ieee80211_reg_rule *rule =
915 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
916
917 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
918 if (nl80211_msg_put_wmm_rules(msg, rule))
919 goto nla_put_failure;
920 }
921 }
922
923 return 0;
924
925 nla_put_failure:
926 return -ENOBUFS;
927}
928
929static bool nl80211_put_txq_stats(struct sk_buff *msg,
930 struct cfg80211_txq_stats *txqstats,
931 int attrtype)
932{
933 struct nlattr *txqattr;
934
935#define PUT_TXQVAL_U32(attr, memb) do { \
936 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
937 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
938 return false; \
939 } while (0)
940
941 txqattr = nla_nest_start_noflag(msg, attrtype);
942 if (!txqattr)
943 return false;
944
945 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
946 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
947 PUT_TXQVAL_U32(FLOWS, flows);
948 PUT_TXQVAL_U32(DROPS, drops);
949 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
950 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
951 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
952 PUT_TXQVAL_U32(COLLISIONS, collisions);
953 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
954 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
955 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
956 nla_nest_end(msg, txqattr);
957
958#undef PUT_TXQVAL_U32
959 return true;
960}
961
962
963
964struct key_parse {
965 struct key_params p;
966 int idx;
967 int type;
968 bool def, defmgmt;
969 bool def_uni, def_multi;
970};
971
972static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
973 struct key_parse *k)
974{
975 struct nlattr *tb[NL80211_KEY_MAX + 1];
976 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
977 nl80211_key_policy,
978 info->extack);
979 if (err)
980 return err;
981
982 k->def = !!tb[NL80211_KEY_DEFAULT];
983 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
984
985 if (k->def) {
986 k->def_uni = true;
987 k->def_multi = true;
988 }
989 if (k->defmgmt)
990 k->def_multi = true;
991
992 if (tb[NL80211_KEY_IDX])
993 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
994
995 if (tb[NL80211_KEY_DATA]) {
996 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
997 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
998 }
999
1000 if (tb[NL80211_KEY_SEQ]) {
1001 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1002 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1003 }
1004
1005 if (tb[NL80211_KEY_CIPHER])
1006 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1007
1008 if (tb[NL80211_KEY_TYPE])
1009 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1010
1011 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1012 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1013
1014 err = nla_parse_nested_deprecated(kdt,
1015 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1016 tb[NL80211_KEY_DEFAULT_TYPES],
1017 nl80211_key_default_policy,
1018 info->extack);
1019 if (err)
1020 return err;
1021
1022 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1023 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1024 }
1025
1026 if (tb[NL80211_KEY_MODE])
1027 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1028
1029 return 0;
1030}
1031
1032static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1033{
1034 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1035 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1036 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1037 }
1038
1039 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1040 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1041 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1042 }
1043
1044 if (info->attrs[NL80211_ATTR_KEY_IDX])
1045 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1046
1047 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1048 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1049
1050 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1051 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1052
1053 if (k->def) {
1054 k->def_uni = true;
1055 k->def_multi = true;
1056 }
1057 if (k->defmgmt)
1058 k->def_multi = true;
1059
1060 if (info->attrs[NL80211_ATTR_KEY_TYPE])
1061 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1062
1063 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1064 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1065 int err = nla_parse_nested_deprecated(kdt,
1066 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1067 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1068 nl80211_key_default_policy,
1069 info->extack);
1070 if (err)
1071 return err;
1072
1073 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1074 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1075 }
1076
1077 return 0;
1078}
1079
1080static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1081{
1082 int err;
1083
1084 memset(k, 0, sizeof(*k));
1085 k->idx = -1;
1086 k->type = -1;
1087
1088 if (info->attrs[NL80211_ATTR_KEY])
1089 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1090 else
1091 err = nl80211_parse_key_old(info, k);
1092
1093 if (err)
1094 return err;
1095
1096 if (k->def && k->defmgmt) {
1097 GENL_SET_ERR_MSG(info, "key with def && defmgmt is invalid");
1098 return -EINVAL;
1099 }
1100
1101 if (k->defmgmt) {
1102 if (k->def_uni || !k->def_multi) {
1103 GENL_SET_ERR_MSG(info, "defmgmt key must be mcast");
1104 return -EINVAL;
1105 }
1106 }
1107
1108 if (k->idx != -1) {
1109 if (k->defmgmt) {
1110 if (k->idx < 4 || k->idx > 5) {
1111 GENL_SET_ERR_MSG(info,
1112 "defmgmt key idx not 4 or 5");
1113 return -EINVAL;
1114 }
1115 } else if (k->def) {
1116 if (k->idx < 0 || k->idx > 3) {
1117 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1118 return -EINVAL;
1119 }
1120 } else {
1121 if (k->idx < 0 || k->idx > 5) {
1122 GENL_SET_ERR_MSG(info, "key idx not 0-5");
1123 return -EINVAL;
1124 }
1125 }
1126 }
1127
1128 return 0;
1129}
1130
1131static struct cfg80211_cached_keys *
1132nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1133 struct genl_info *info, bool *no_ht)
1134{
1135 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1136 struct key_parse parse;
1137 struct nlattr *key;
1138 struct cfg80211_cached_keys *result;
1139 int rem, err, def = 0;
1140 bool have_key = false;
1141
1142 nla_for_each_nested(key, keys, rem) {
1143 have_key = true;
1144 break;
1145 }
1146
1147 if (!have_key)
1148 return NULL;
1149
1150 result = kzalloc(sizeof(*result), GFP_KERNEL);
1151 if (!result)
1152 return ERR_PTR(-ENOMEM);
1153
1154 result->def = -1;
1155
1156 nla_for_each_nested(key, keys, rem) {
1157 memset(&parse, 0, sizeof(parse));
1158 parse.idx = -1;
1159
1160 err = nl80211_parse_key_new(info, key, &parse);
1161 if (err)
1162 goto error;
1163 err = -EINVAL;
1164 if (!parse.p.key)
1165 goto error;
1166 if (parse.idx < 0 || parse.idx > 3) {
1167 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1168 goto error;
1169 }
1170 if (parse.def) {
1171 if (def) {
1172 GENL_SET_ERR_MSG(info,
1173 "only one key can be default");
1174 goto error;
1175 }
1176 def = 1;
1177 result->def = parse.idx;
1178 if (!parse.def_uni || !parse.def_multi)
1179 goto error;
1180 } else if (parse.defmgmt)
1181 goto error;
1182 err = cfg80211_validate_key_settings(rdev, &parse.p,
1183 parse.idx, false, NULL);
1184 if (err)
1185 goto error;
1186 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1187 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1188 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1189 err = -EINVAL;
1190 goto error;
1191 }
1192 result->params[parse.idx].cipher = parse.p.cipher;
1193 result->params[parse.idx].key_len = parse.p.key_len;
1194 result->params[parse.idx].key = result->data[parse.idx];
1195 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1196
1197
1198 if (no_ht)
1199 *no_ht = true;
1200 }
1201
1202 if (result->def < 0) {
1203 err = -EINVAL;
1204 GENL_SET_ERR_MSG(info, "need a default/TX key");
1205 goto error;
1206 }
1207
1208 return result;
1209 error:
1210 kfree(result);
1211 return ERR_PTR(err);
1212}
1213
1214static int nl80211_key_allowed(struct wireless_dev *wdev)
1215{
1216 ASSERT_WDEV_LOCK(wdev);
1217
1218 switch (wdev->iftype) {
1219 case NL80211_IFTYPE_AP:
1220 case NL80211_IFTYPE_AP_VLAN:
1221 case NL80211_IFTYPE_P2P_GO:
1222 case NL80211_IFTYPE_MESH_POINT:
1223 break;
1224 case NL80211_IFTYPE_ADHOC:
1225 case NL80211_IFTYPE_STATION:
1226 case NL80211_IFTYPE_P2P_CLIENT:
1227 if (!wdev->current_bss)
1228 return -ENOLINK;
1229 break;
1230 case NL80211_IFTYPE_UNSPECIFIED:
1231 case NL80211_IFTYPE_OCB:
1232 case NL80211_IFTYPE_MONITOR:
1233 case NL80211_IFTYPE_NAN:
1234 case NL80211_IFTYPE_P2P_DEVICE:
1235 case NL80211_IFTYPE_WDS:
1236 case NUM_NL80211_IFTYPES:
1237 return -EINVAL;
1238 }
1239
1240 return 0;
1241}
1242
1243static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1244 struct nlattr *tb)
1245{
1246 struct ieee80211_channel *chan;
1247
1248 if (tb == NULL)
1249 return NULL;
1250 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1251 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1252 return NULL;
1253 return chan;
1254}
1255
1256static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1257{
1258 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1259 int i;
1260
1261 if (!nl_modes)
1262 goto nla_put_failure;
1263
1264 i = 0;
1265 while (ifmodes) {
1266 if ((ifmodes & 1) && nla_put_flag(msg, i))
1267 goto nla_put_failure;
1268 ifmodes >>= 1;
1269 i++;
1270 }
1271
1272 nla_nest_end(msg, nl_modes);
1273 return 0;
1274
1275nla_put_failure:
1276 return -ENOBUFS;
1277}
1278
1279static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1280 struct sk_buff *msg,
1281 bool large)
1282{
1283 struct nlattr *nl_combis;
1284 int i, j;
1285
1286 nl_combis = nla_nest_start_noflag(msg,
1287 NL80211_ATTR_INTERFACE_COMBINATIONS);
1288 if (!nl_combis)
1289 goto nla_put_failure;
1290
1291 for (i = 0; i < wiphy->n_iface_combinations; i++) {
1292 const struct ieee80211_iface_combination *c;
1293 struct nlattr *nl_combi, *nl_limits;
1294
1295 c = &wiphy->iface_combinations[i];
1296
1297 nl_combi = nla_nest_start_noflag(msg, i + 1);
1298 if (!nl_combi)
1299 goto nla_put_failure;
1300
1301 nl_limits = nla_nest_start_noflag(msg,
1302 NL80211_IFACE_COMB_LIMITS);
1303 if (!nl_limits)
1304 goto nla_put_failure;
1305
1306 for (j = 0; j < c->n_limits; j++) {
1307 struct nlattr *nl_limit;
1308
1309 nl_limit = nla_nest_start_noflag(msg, j + 1);
1310 if (!nl_limit)
1311 goto nla_put_failure;
1312 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1313 c->limits[j].max))
1314 goto nla_put_failure;
1315 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1316 c->limits[j].types))
1317 goto nla_put_failure;
1318 nla_nest_end(msg, nl_limit);
1319 }
1320
1321 nla_nest_end(msg, nl_limits);
1322
1323 if (c->beacon_int_infra_match &&
1324 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1325 goto nla_put_failure;
1326 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1327 c->num_different_channels) ||
1328 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1329 c->max_interfaces))
1330 goto nla_put_failure;
1331 if (large &&
1332 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1333 c->radar_detect_widths) ||
1334 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1335 c->radar_detect_regions)))
1336 goto nla_put_failure;
1337 if (c->beacon_int_min_gcd &&
1338 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1339 c->beacon_int_min_gcd))
1340 goto nla_put_failure;
1341
1342 nla_nest_end(msg, nl_combi);
1343 }
1344
1345 nla_nest_end(msg, nl_combis);
1346
1347 return 0;
1348nla_put_failure:
1349 return -ENOBUFS;
1350}
1351
1352#ifdef CONFIG_PM
1353static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1354 struct sk_buff *msg)
1355{
1356 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1357 struct nlattr *nl_tcp;
1358
1359 if (!tcp)
1360 return 0;
1361
1362 nl_tcp = nla_nest_start_noflag(msg,
1363 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1364 if (!nl_tcp)
1365 return -ENOBUFS;
1366
1367 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1368 tcp->data_payload_max))
1369 return -ENOBUFS;
1370
1371 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1372 tcp->data_payload_max))
1373 return -ENOBUFS;
1374
1375 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1376 return -ENOBUFS;
1377
1378 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1379 sizeof(*tcp->tok), tcp->tok))
1380 return -ENOBUFS;
1381
1382 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1383 tcp->data_interval_max))
1384 return -ENOBUFS;
1385
1386 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1387 tcp->wake_payload_max))
1388 return -ENOBUFS;
1389
1390 nla_nest_end(msg, nl_tcp);
1391 return 0;
1392}
1393
1394static int nl80211_send_wowlan(struct sk_buff *msg,
1395 struct cfg80211_registered_device *rdev,
1396 bool large)
1397{
1398 struct nlattr *nl_wowlan;
1399
1400 if (!rdev->wiphy.wowlan)
1401 return 0;
1402
1403 nl_wowlan = nla_nest_start_noflag(msg,
1404 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1405 if (!nl_wowlan)
1406 return -ENOBUFS;
1407
1408 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1409 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1410 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1411 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1412 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1413 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1414 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1415 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1416 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1417 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1418 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1419 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1420 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1421 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1422 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1423 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1424 return -ENOBUFS;
1425
1426 if (rdev->wiphy.wowlan->n_patterns) {
1427 struct nl80211_pattern_support pat = {
1428 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1429 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1430 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1431 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1432 };
1433
1434 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1435 sizeof(pat), &pat))
1436 return -ENOBUFS;
1437 }
1438
1439 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1440 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1441 rdev->wiphy.wowlan->max_nd_match_sets))
1442 return -ENOBUFS;
1443
1444 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1445 return -ENOBUFS;
1446
1447 nla_nest_end(msg, nl_wowlan);
1448
1449 return 0;
1450}
1451#endif
1452
1453static int nl80211_send_coalesce(struct sk_buff *msg,
1454 struct cfg80211_registered_device *rdev)
1455{
1456 struct nl80211_coalesce_rule_support rule;
1457
1458 if (!rdev->wiphy.coalesce)
1459 return 0;
1460
1461 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1462 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1463 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1464 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1465 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1466 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1467
1468 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1469 return -ENOBUFS;
1470
1471 return 0;
1472}
1473
1474static int
1475nl80211_send_iftype_data(struct sk_buff *msg,
1476 const struct ieee80211_sband_iftype_data *iftdata)
1477{
1478 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1479
1480 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1481 iftdata->types_mask))
1482 return -ENOBUFS;
1483
1484 if (he_cap->has_he) {
1485 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1486 sizeof(he_cap->he_cap_elem.mac_cap_info),
1487 he_cap->he_cap_elem.mac_cap_info) ||
1488 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1489 sizeof(he_cap->he_cap_elem.phy_cap_info),
1490 he_cap->he_cap_elem.phy_cap_info) ||
1491 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1492 sizeof(he_cap->he_mcs_nss_supp),
1493 &he_cap->he_mcs_nss_supp) ||
1494 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1495 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1496 return -ENOBUFS;
1497 }
1498
1499 return 0;
1500}
1501
1502static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1503 struct ieee80211_supported_band *sband)
1504{
1505 struct nlattr *nl_rates, *nl_rate;
1506 struct ieee80211_rate *rate;
1507 int i;
1508
1509
1510 if (sband->ht_cap.ht_supported &&
1511 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1512 sizeof(sband->ht_cap.mcs),
1513 &sband->ht_cap.mcs) ||
1514 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1515 sband->ht_cap.cap) ||
1516 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1517 sband->ht_cap.ampdu_factor) ||
1518 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1519 sband->ht_cap.ampdu_density)))
1520 return -ENOBUFS;
1521
1522
1523 if (sband->vht_cap.vht_supported &&
1524 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1525 sizeof(sband->vht_cap.vht_mcs),
1526 &sband->vht_cap.vht_mcs) ||
1527 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1528 sband->vht_cap.cap)))
1529 return -ENOBUFS;
1530
1531 if (sband->n_iftype_data) {
1532 struct nlattr *nl_iftype_data =
1533 nla_nest_start_noflag(msg,
1534 NL80211_BAND_ATTR_IFTYPE_DATA);
1535 int err;
1536
1537 if (!nl_iftype_data)
1538 return -ENOBUFS;
1539
1540 for (i = 0; i < sband->n_iftype_data; i++) {
1541 struct nlattr *iftdata;
1542
1543 iftdata = nla_nest_start_noflag(msg, i + 1);
1544 if (!iftdata)
1545 return -ENOBUFS;
1546
1547 err = nl80211_send_iftype_data(msg,
1548 &sband->iftype_data[i]);
1549 if (err)
1550 return err;
1551
1552 nla_nest_end(msg, iftdata);
1553 }
1554
1555 nla_nest_end(msg, nl_iftype_data);
1556 }
1557
1558
1559 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1560 if (!nl_rates)
1561 return -ENOBUFS;
1562
1563 for (i = 0; i < sband->n_bitrates; i++) {
1564 nl_rate = nla_nest_start_noflag(msg, i);
1565 if (!nl_rate)
1566 return -ENOBUFS;
1567
1568 rate = &sband->bitrates[i];
1569 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1570 rate->bitrate))
1571 return -ENOBUFS;
1572 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1573 nla_put_flag(msg,
1574 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1575 return -ENOBUFS;
1576
1577 nla_nest_end(msg, nl_rate);
1578 }
1579
1580 nla_nest_end(msg, nl_rates);
1581
1582 return 0;
1583}
1584
1585static int
1586nl80211_send_mgmt_stypes(struct sk_buff *msg,
1587 const struct ieee80211_txrx_stypes *mgmt_stypes)
1588{
1589 u16 stypes;
1590 struct nlattr *nl_ftypes, *nl_ifs;
1591 enum nl80211_iftype ift;
1592 int i;
1593
1594 if (!mgmt_stypes)
1595 return 0;
1596
1597 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1598 if (!nl_ifs)
1599 return -ENOBUFS;
1600
1601 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1602 nl_ftypes = nla_nest_start_noflag(msg, ift);
1603 if (!nl_ftypes)
1604 return -ENOBUFS;
1605 i = 0;
1606 stypes = mgmt_stypes[ift].tx;
1607 while (stypes) {
1608 if ((stypes & 1) &&
1609 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1610 (i << 4) | IEEE80211_FTYPE_MGMT))
1611 return -ENOBUFS;
1612 stypes >>= 1;
1613 i++;
1614 }
1615 nla_nest_end(msg, nl_ftypes);
1616 }
1617
1618 nla_nest_end(msg, nl_ifs);
1619
1620 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1621 if (!nl_ifs)
1622 return -ENOBUFS;
1623
1624 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1625 nl_ftypes = nla_nest_start_noflag(msg, ift);
1626 if (!nl_ftypes)
1627 return -ENOBUFS;
1628 i = 0;
1629 stypes = mgmt_stypes[ift].rx;
1630 while (stypes) {
1631 if ((stypes & 1) &&
1632 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1633 (i << 4) | IEEE80211_FTYPE_MGMT))
1634 return -ENOBUFS;
1635 stypes >>= 1;
1636 i++;
1637 }
1638 nla_nest_end(msg, nl_ftypes);
1639 }
1640 nla_nest_end(msg, nl_ifs);
1641
1642 return 0;
1643}
1644
1645#define CMD(op, n) \
1646 do { \
1647 if (rdev->ops->op) { \
1648 i++; \
1649 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1650 goto nla_put_failure; \
1651 } \
1652 } while (0)
1653
1654static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1655 struct sk_buff *msg)
1656{
1657 int i = 0;
1658
1659
1660
1661
1662
1663
1664 CMD(add_virtual_intf, NEW_INTERFACE);
1665 CMD(change_virtual_intf, SET_INTERFACE);
1666 CMD(add_key, NEW_KEY);
1667 CMD(start_ap, START_AP);
1668 CMD(add_station, NEW_STATION);
1669 CMD(add_mpath, NEW_MPATH);
1670 CMD(update_mesh_config, SET_MESH_CONFIG);
1671 CMD(change_bss, SET_BSS);
1672 CMD(auth, AUTHENTICATE);
1673 CMD(assoc, ASSOCIATE);
1674 CMD(deauth, DEAUTHENTICATE);
1675 CMD(disassoc, DISASSOCIATE);
1676 CMD(join_ibss, JOIN_IBSS);
1677 CMD(join_mesh, JOIN_MESH);
1678 CMD(set_pmksa, SET_PMKSA);
1679 CMD(del_pmksa, DEL_PMKSA);
1680 CMD(flush_pmksa, FLUSH_PMKSA);
1681 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1682 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1683 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1684 CMD(mgmt_tx, FRAME);
1685 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1686 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1687 i++;
1688 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1689 goto nla_put_failure;
1690 }
1691 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1692 rdev->ops->join_mesh) {
1693 i++;
1694 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1695 goto nla_put_failure;
1696 }
1697 CMD(set_wds_peer, SET_WDS_PEER);
1698 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1699 CMD(tdls_mgmt, TDLS_MGMT);
1700 CMD(tdls_oper, TDLS_OPER);
1701 }
1702 if (rdev->wiphy.max_sched_scan_reqs)
1703 CMD(sched_scan_start, START_SCHED_SCAN);
1704 CMD(probe_client, PROBE_CLIENT);
1705 CMD(set_noack_map, SET_NOACK_MAP);
1706 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1707 i++;
1708 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1709 goto nla_put_failure;
1710 }
1711 CMD(start_p2p_device, START_P2P_DEVICE);
1712 CMD(set_mcast_rate, SET_MCAST_RATE);
1713#ifdef CONFIG_NL80211_TESTMODE
1714 CMD(testmode_cmd, TESTMODE);
1715#endif
1716
1717 if (rdev->ops->connect || rdev->ops->auth) {
1718 i++;
1719 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1720 goto nla_put_failure;
1721 }
1722
1723 if (rdev->ops->disconnect || rdev->ops->deauth) {
1724 i++;
1725 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1726 goto nla_put_failure;
1727 }
1728
1729 return i;
1730 nla_put_failure:
1731 return -ENOBUFS;
1732}
1733
1734static int
1735nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1736 struct sk_buff *msg)
1737{
1738 struct nlattr *ftm;
1739
1740 if (!cap->ftm.supported)
1741 return 0;
1742
1743 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1744 if (!ftm)
1745 return -ENOBUFS;
1746
1747 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1748 return -ENOBUFS;
1749 if (cap->ftm.non_asap &&
1750 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
1751 return -ENOBUFS;
1752 if (cap->ftm.request_lci &&
1753 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
1754 return -ENOBUFS;
1755 if (cap->ftm.request_civicloc &&
1756 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
1757 return -ENOBUFS;
1758 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
1759 cap->ftm.preambles))
1760 return -ENOBUFS;
1761 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
1762 cap->ftm.bandwidths))
1763 return -ENOBUFS;
1764 if (cap->ftm.max_bursts_exponent >= 0 &&
1765 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
1766 cap->ftm.max_bursts_exponent))
1767 return -ENOBUFS;
1768 if (cap->ftm.max_ftms_per_burst &&
1769 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
1770 cap->ftm.max_ftms_per_burst))
1771 return -ENOBUFS;
1772
1773 nla_nest_end(msg, ftm);
1774 return 0;
1775}
1776
1777static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
1778 struct sk_buff *msg)
1779{
1780 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
1781 struct nlattr *pmsr, *caps;
1782
1783 if (!cap)
1784 return 0;
1785
1786
1787
1788
1789
1790
1791 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
1792 if (!pmsr)
1793 return -ENOBUFS;
1794
1795 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
1796 return -ENOBUFS;
1797
1798 if (cap->report_ap_tsf &&
1799 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
1800 return -ENOBUFS;
1801
1802 if (cap->randomize_mac_addr &&
1803 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
1804 return -ENOBUFS;
1805
1806 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
1807 if (!caps)
1808 return -ENOBUFS;
1809
1810 if (nl80211_send_pmsr_ftm_capa(cap, msg))
1811 return -ENOBUFS;
1812
1813 nla_nest_end(msg, caps);
1814 nla_nest_end(msg, pmsr);
1815
1816 return 0;
1817}
1818
1819struct nl80211_dump_wiphy_state {
1820 s64 filter_wiphy;
1821 long start;
1822 long split_start, band_start, chan_start, capa_start;
1823 bool split;
1824};
1825
1826static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1827 enum nl80211_commands cmd,
1828 struct sk_buff *msg, u32 portid, u32 seq,
1829 int flags, struct nl80211_dump_wiphy_state *state)
1830{
1831 void *hdr;
1832 struct nlattr *nl_bands, *nl_band;
1833 struct nlattr *nl_freqs, *nl_freq;
1834 struct nlattr *nl_cmds;
1835 enum nl80211_band band;
1836 struct ieee80211_channel *chan;
1837 int i;
1838 const struct ieee80211_txrx_stypes *mgmt_stypes =
1839 rdev->wiphy.mgmt_stypes;
1840 u32 features;
1841
1842 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1843 if (!hdr)
1844 return -ENOBUFS;
1845
1846 if (WARN_ON(!state))
1847 return -EINVAL;
1848
1849 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1850 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1851 wiphy_name(&rdev->wiphy)) ||
1852 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1853 cfg80211_rdev_list_generation))
1854 goto nla_put_failure;
1855
1856 if (cmd != NL80211_CMD_NEW_WIPHY)
1857 goto finish;
1858
1859 switch (state->split_start) {
1860 case 0:
1861 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1862 rdev->wiphy.retry_short) ||
1863 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1864 rdev->wiphy.retry_long) ||
1865 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1866 rdev->wiphy.frag_threshold) ||
1867 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1868 rdev->wiphy.rts_threshold) ||
1869 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1870 rdev->wiphy.coverage_class) ||
1871 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1872 rdev->wiphy.max_scan_ssids) ||
1873 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1874 rdev->wiphy.max_sched_scan_ssids) ||
1875 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1876 rdev->wiphy.max_scan_ie_len) ||
1877 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1878 rdev->wiphy.max_sched_scan_ie_len) ||
1879 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1880 rdev->wiphy.max_match_sets) ||
1881 nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1882 rdev->wiphy.max_sched_scan_plans) ||
1883 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1884 rdev->wiphy.max_sched_scan_plan_interval) ||
1885 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1886 rdev->wiphy.max_sched_scan_plan_iterations))
1887 goto nla_put_failure;
1888
1889 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1890 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1891 goto nla_put_failure;
1892 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1893 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1894 goto nla_put_failure;
1895 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1896 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1897 goto nla_put_failure;
1898 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1899 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1900 goto nla_put_failure;
1901 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1902 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1903 goto nla_put_failure;
1904 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1905 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1906 goto nla_put_failure;
1907 state->split_start++;
1908 if (state->split)
1909 break;
1910
1911 case 1:
1912 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1913 sizeof(u32) * rdev->wiphy.n_cipher_suites,
1914 rdev->wiphy.cipher_suites))
1915 goto nla_put_failure;
1916
1917 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1918 rdev->wiphy.max_num_pmkids))
1919 goto nla_put_failure;
1920
1921 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1922 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1923 goto nla_put_failure;
1924
1925 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1926 rdev->wiphy.available_antennas_tx) ||
1927 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1928 rdev->wiphy.available_antennas_rx))
1929 goto nla_put_failure;
1930
1931 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1932 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1933 rdev->wiphy.probe_resp_offload))
1934 goto nla_put_failure;
1935
1936 if ((rdev->wiphy.available_antennas_tx ||
1937 rdev->wiphy.available_antennas_rx) &&
1938 rdev->ops->get_antenna) {
1939 u32 tx_ant = 0, rx_ant = 0;
1940 int res;
1941
1942 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1943 if (!res) {
1944 if (nla_put_u32(msg,
1945 NL80211_ATTR_WIPHY_ANTENNA_TX,
1946 tx_ant) ||
1947 nla_put_u32(msg,
1948 NL80211_ATTR_WIPHY_ANTENNA_RX,
1949 rx_ant))
1950 goto nla_put_failure;
1951 }
1952 }
1953
1954 state->split_start++;
1955 if (state->split)
1956 break;
1957
1958 case 2:
1959 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1960 rdev->wiphy.interface_modes))
1961 goto nla_put_failure;
1962 state->split_start++;
1963 if (state->split)
1964 break;
1965
1966 case 3:
1967 nl_bands = nla_nest_start_noflag(msg,
1968 NL80211_ATTR_WIPHY_BANDS);
1969 if (!nl_bands)
1970 goto nla_put_failure;
1971
1972 for (band = state->band_start;
1973 band < NUM_NL80211_BANDS; band++) {
1974 struct ieee80211_supported_band *sband;
1975
1976 sband = rdev->wiphy.bands[band];
1977
1978 if (!sband)
1979 continue;
1980
1981 nl_band = nla_nest_start_noflag(msg, band);
1982 if (!nl_band)
1983 goto nla_put_failure;
1984
1985 switch (state->chan_start) {
1986 case 0:
1987 if (nl80211_send_band_rateinfo(msg, sband))
1988 goto nla_put_failure;
1989 state->chan_start++;
1990 if (state->split)
1991 break;
1992
1993 default:
1994
1995 nl_freqs = nla_nest_start_noflag(msg,
1996 NL80211_BAND_ATTR_FREQS);
1997 if (!nl_freqs)
1998 goto nla_put_failure;
1999
2000 for (i = state->chan_start - 1;
2001 i < sband->n_channels;
2002 i++) {
2003 nl_freq = nla_nest_start_noflag(msg,
2004 i);
2005 if (!nl_freq)
2006 goto nla_put_failure;
2007
2008 chan = &sband->channels[i];
2009
2010 if (nl80211_msg_put_channel(
2011 msg, &rdev->wiphy, chan,
2012 state->split))
2013 goto nla_put_failure;
2014
2015 nla_nest_end(msg, nl_freq);
2016 if (state->split)
2017 break;
2018 }
2019 if (i < sband->n_channels)
2020 state->chan_start = i + 2;
2021 else
2022 state->chan_start = 0;
2023 nla_nest_end(msg, nl_freqs);
2024 }
2025
2026 nla_nest_end(msg, nl_band);
2027
2028 if (state->split) {
2029
2030 if (state->chan_start)
2031 band--;
2032 break;
2033 }
2034 }
2035 nla_nest_end(msg, nl_bands);
2036
2037 if (band < NUM_NL80211_BANDS)
2038 state->band_start = band + 1;
2039 else
2040 state->band_start = 0;
2041
2042
2043 if (state->band_start == 0 && state->chan_start == 0)
2044 state->split_start++;
2045 if (state->split)
2046 break;
2047
2048 case 4:
2049 nl_cmds = nla_nest_start_noflag(msg,
2050 NL80211_ATTR_SUPPORTED_COMMANDS);
2051 if (!nl_cmds)
2052 goto nla_put_failure;
2053
2054 i = nl80211_add_commands_unsplit(rdev, msg);
2055 if (i < 0)
2056 goto nla_put_failure;
2057 if (state->split) {
2058 CMD(crit_proto_start, CRIT_PROTOCOL_START);
2059 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2060 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2061 CMD(channel_switch, CHANNEL_SWITCH);
2062 CMD(set_qos_map, SET_QOS_MAP);
2063 if (rdev->wiphy.features &
2064 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2065 CMD(add_tx_ts, ADD_TX_TS);
2066 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2067 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2068 }
2069#undef CMD
2070
2071 nla_nest_end(msg, nl_cmds);
2072 state->split_start++;
2073 if (state->split)
2074 break;
2075
2076 case 5:
2077 if (rdev->ops->remain_on_channel &&
2078 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2079 nla_put_u32(msg,
2080 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2081 rdev->wiphy.max_remain_on_channel_duration))
2082 goto nla_put_failure;
2083
2084 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2085 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2086 goto nla_put_failure;
2087
2088 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2089 goto nla_put_failure;
2090 state->split_start++;
2091 if (state->split)
2092 break;
2093
2094 case 6:
2095#ifdef CONFIG_PM
2096 if (nl80211_send_wowlan(msg, rdev, state->split))
2097 goto nla_put_failure;
2098 state->split_start++;
2099 if (state->split)
2100 break;
2101#else
2102 state->split_start++;
2103#endif
2104
2105 case 7:
2106 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2107 rdev->wiphy.software_iftypes))
2108 goto nla_put_failure;
2109
2110 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2111 state->split))
2112 goto nla_put_failure;
2113
2114 state->split_start++;
2115 if (state->split)
2116 break;
2117
2118 case 8:
2119 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2120 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2121 rdev->wiphy.ap_sme_capa))
2122 goto nla_put_failure;
2123
2124 features = rdev->wiphy.features;
2125
2126
2127
2128
2129
2130 if (state->split)
2131 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2132 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2133 goto nla_put_failure;
2134
2135 if (rdev->wiphy.ht_capa_mod_mask &&
2136 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2137 sizeof(*rdev->wiphy.ht_capa_mod_mask),
2138 rdev->wiphy.ht_capa_mod_mask))
2139 goto nla_put_failure;
2140
2141 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2142 rdev->wiphy.max_acl_mac_addrs &&
2143 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2144 rdev->wiphy.max_acl_mac_addrs))
2145 goto nla_put_failure;
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157 state->split_start++;
2158 break;
2159 case 9:
2160 if (rdev->wiphy.extended_capabilities &&
2161 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2162 rdev->wiphy.extended_capabilities_len,
2163 rdev->wiphy.extended_capabilities) ||
2164 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2165 rdev->wiphy.extended_capabilities_len,
2166 rdev->wiphy.extended_capabilities_mask)))
2167 goto nla_put_failure;
2168
2169 if (rdev->wiphy.vht_capa_mod_mask &&
2170 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2171 sizeof(*rdev->wiphy.vht_capa_mod_mask),
2172 rdev->wiphy.vht_capa_mod_mask))
2173 goto nla_put_failure;
2174
2175 state->split_start++;
2176 break;
2177 case 10:
2178 if (nl80211_send_coalesce(msg, rdev))
2179 goto nla_put_failure;
2180
2181 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2182 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2183 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2184 goto nla_put_failure;
2185
2186 if (rdev->wiphy.max_ap_assoc_sta &&
2187 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2188 rdev->wiphy.max_ap_assoc_sta))
2189 goto nla_put_failure;
2190
2191 state->split_start++;
2192 break;
2193 case 11:
2194 if (rdev->wiphy.n_vendor_commands) {
2195 const struct nl80211_vendor_cmd_info *info;
2196 struct nlattr *nested;
2197
2198 nested = nla_nest_start_noflag(msg,
2199 NL80211_ATTR_VENDOR_DATA);
2200 if (!nested)
2201 goto nla_put_failure;
2202
2203 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2204 info = &rdev->wiphy.vendor_commands[i].info;
2205 if (nla_put(msg, i + 1, sizeof(*info), info))
2206 goto nla_put_failure;
2207 }
2208 nla_nest_end(msg, nested);
2209 }
2210
2211 if (rdev->wiphy.n_vendor_events) {
2212 const struct nl80211_vendor_cmd_info *info;
2213 struct nlattr *nested;
2214
2215 nested = nla_nest_start_noflag(msg,
2216 NL80211_ATTR_VENDOR_EVENTS);
2217 if (!nested)
2218 goto nla_put_failure;
2219
2220 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2221 info = &rdev->wiphy.vendor_events[i];
2222 if (nla_put(msg, i + 1, sizeof(*info), info))
2223 goto nla_put_failure;
2224 }
2225 nla_nest_end(msg, nested);
2226 }
2227 state->split_start++;
2228 break;
2229 case 12:
2230 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2231 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2232 rdev->wiphy.max_num_csa_counters))
2233 goto nla_put_failure;
2234
2235 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2236 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2237 goto nla_put_failure;
2238
2239 if (rdev->wiphy.max_sched_scan_reqs &&
2240 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2241 rdev->wiphy.max_sched_scan_reqs))
2242 goto nla_put_failure;
2243
2244 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2245 sizeof(rdev->wiphy.ext_features),
2246 rdev->wiphy.ext_features))
2247 goto nla_put_failure;
2248
2249 if (rdev->wiphy.bss_select_support) {
2250 struct nlattr *nested;
2251 u32 bss_select_support = rdev->wiphy.bss_select_support;
2252
2253 nested = nla_nest_start_noflag(msg,
2254 NL80211_ATTR_BSS_SELECT);
2255 if (!nested)
2256 goto nla_put_failure;
2257
2258 i = 0;
2259 while (bss_select_support) {
2260 if ((bss_select_support & 1) &&
2261 nla_put_flag(msg, i))
2262 goto nla_put_failure;
2263 i++;
2264 bss_select_support >>= 1;
2265 }
2266 nla_nest_end(msg, nested);
2267 }
2268
2269 state->split_start++;
2270 break;
2271 case 13:
2272 if (rdev->wiphy.num_iftype_ext_capab &&
2273 rdev->wiphy.iftype_ext_capab) {
2274 struct nlattr *nested_ext_capab, *nested;
2275
2276 nested = nla_nest_start_noflag(msg,
2277 NL80211_ATTR_IFTYPE_EXT_CAPA);
2278 if (!nested)
2279 goto nla_put_failure;
2280
2281 for (i = state->capa_start;
2282 i < rdev->wiphy.num_iftype_ext_capab; i++) {
2283 const struct wiphy_iftype_ext_capab *capab;
2284
2285 capab = &rdev->wiphy.iftype_ext_capab[i];
2286
2287 nested_ext_capab = nla_nest_start_noflag(msg,
2288 i);
2289 if (!nested_ext_capab ||
2290 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2291 capab->iftype) ||
2292 nla_put(msg, NL80211_ATTR_EXT_CAPA,
2293 capab->extended_capabilities_len,
2294 capab->extended_capabilities) ||
2295 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2296 capab->extended_capabilities_len,
2297 capab->extended_capabilities_mask))
2298 goto nla_put_failure;
2299
2300 nla_nest_end(msg, nested_ext_capab);
2301 if (state->split)
2302 break;
2303 }
2304 nla_nest_end(msg, nested);
2305 if (i < rdev->wiphy.num_iftype_ext_capab) {
2306 state->capa_start = i + 1;
2307 break;
2308 }
2309 }
2310
2311 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2312 rdev->wiphy.nan_supported_bands))
2313 goto nla_put_failure;
2314
2315 if (wiphy_ext_feature_isset(&rdev->wiphy,
2316 NL80211_EXT_FEATURE_TXQS)) {
2317 struct cfg80211_txq_stats txqstats = {};
2318 int res;
2319
2320 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2321 if (!res &&
2322 !nl80211_put_txq_stats(msg, &txqstats,
2323 NL80211_ATTR_TXQ_STATS))
2324 goto nla_put_failure;
2325
2326 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2327 rdev->wiphy.txq_limit))
2328 goto nla_put_failure;
2329 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2330 rdev->wiphy.txq_memory_limit))
2331 goto nla_put_failure;
2332 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2333 rdev->wiphy.txq_quantum))
2334 goto nla_put_failure;
2335 }
2336
2337 state->split_start++;
2338 break;
2339 case 14:
2340 if (nl80211_send_pmsr_capa(rdev, msg))
2341 goto nla_put_failure;
2342
2343 state->split_start++;
2344 break;
2345 case 15:
2346 if (rdev->wiphy.akm_suites &&
2347 nla_put(msg, NL80211_ATTR_AKM_SUITES,
2348 sizeof(u32) * rdev->wiphy.n_akm_suites,
2349 rdev->wiphy.akm_suites))
2350 goto nla_put_failure;
2351
2352
2353 state->split_start = 0;
2354 break;
2355 }
2356 finish:
2357 genlmsg_end(msg, hdr);
2358 return 0;
2359
2360 nla_put_failure:
2361 genlmsg_cancel(msg, hdr);
2362 return -EMSGSIZE;
2363}
2364
2365static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2366 struct netlink_callback *cb,
2367 struct nl80211_dump_wiphy_state *state)
2368{
2369 struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
2370 int ret = nlmsg_parse_deprecated(cb->nlh,
2371 GENL_HDRLEN + nl80211_fam.hdrsize,
2372 tb, nl80211_fam.maxattr,
2373 nl80211_policy, NULL);
2374
2375 if (ret)
2376 return 0;
2377
2378 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2379 if (tb[NL80211_ATTR_WIPHY])
2380 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2381 if (tb[NL80211_ATTR_WDEV])
2382 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2383 if (tb[NL80211_ATTR_IFINDEX]) {
2384 struct net_device *netdev;
2385 struct cfg80211_registered_device *rdev;
2386 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2387
2388 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2389 if (!netdev)
2390 return -ENODEV;
2391 if (netdev->ieee80211_ptr) {
2392 rdev = wiphy_to_rdev(
2393 netdev->ieee80211_ptr->wiphy);
2394 state->filter_wiphy = rdev->wiphy_idx;
2395 }
2396 }
2397
2398 return 0;
2399}
2400
2401static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2402{
2403 int idx = 0, ret;
2404 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2405 struct cfg80211_registered_device *rdev;
2406
2407 rtnl_lock();
2408 if (!state) {
2409 state = kzalloc(sizeof(*state), GFP_KERNEL);
2410 if (!state) {
2411 rtnl_unlock();
2412 return -ENOMEM;
2413 }
2414 state->filter_wiphy = -1;
2415 ret = nl80211_dump_wiphy_parse(skb, cb, state);
2416 if (ret) {
2417 kfree(state);
2418 rtnl_unlock();
2419 return ret;
2420 }
2421 cb->args[0] = (long)state;
2422 }
2423
2424 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2425 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2426 continue;
2427 if (++idx <= state->start)
2428 continue;
2429 if (state->filter_wiphy != -1 &&
2430 state->filter_wiphy != rdev->wiphy_idx)
2431 continue;
2432
2433 do {
2434 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2435 skb,
2436 NETLINK_CB(cb->skb).portid,
2437 cb->nlh->nlmsg_seq,
2438 NLM_F_MULTI, state);
2439 if (ret < 0) {
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2454 !skb->len && !state->split &&
2455 cb->min_dump_alloc < 4096) {
2456 cb->min_dump_alloc = 4096;
2457 state->split_start = 0;
2458 rtnl_unlock();
2459 return 1;
2460 }
2461 idx--;
2462 break;
2463 }
2464 } while (state->split_start > 0);
2465 break;
2466 }
2467 rtnl_unlock();
2468
2469 state->start = idx;
2470
2471 return skb->len;
2472}
2473
2474static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2475{
2476 kfree((void *)cb->args[0]);
2477 return 0;
2478}
2479
2480static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2481{
2482 struct sk_buff *msg;
2483 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2484 struct nl80211_dump_wiphy_state state = {};
2485
2486 msg = nlmsg_new(4096, GFP_KERNEL);
2487 if (!msg)
2488 return -ENOMEM;
2489
2490 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2491 info->snd_portid, info->snd_seq, 0,
2492 &state) < 0) {
2493 nlmsg_free(msg);
2494 return -ENOBUFS;
2495 }
2496
2497 return genlmsg_reply(msg, info);
2498}
2499
2500static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2501 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
2502 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
2503 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
2504 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
2505 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
2506};
2507
2508static int parse_txq_params(struct nlattr *tb[],
2509 struct ieee80211_txq_params *txq_params)
2510{
2511 u8 ac;
2512
2513 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2514 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2515 !tb[NL80211_TXQ_ATTR_AIFS])
2516 return -EINVAL;
2517
2518 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2519 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2520 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2521 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2522 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2523
2524 if (ac >= NL80211_NUM_ACS)
2525 return -EINVAL;
2526 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2527 return 0;
2528}
2529
2530static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2531{
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547 return !wdev ||
2548 wdev->iftype == NL80211_IFTYPE_AP ||
2549 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2550 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2551 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2552}
2553
2554int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2555 struct genl_info *info,
2556 struct cfg80211_chan_def *chandef)
2557{
2558 struct netlink_ext_ack *extack = info->extack;
2559 struct nlattr **attrs = info->attrs;
2560 u32 control_freq;
2561
2562 if (!attrs[NL80211_ATTR_WIPHY_FREQ])
2563 return -EINVAL;
2564
2565 control_freq = nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]);
2566
2567 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2568 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2569 chandef->center_freq1 = control_freq;
2570 chandef->center_freq2 = 0;
2571
2572
2573 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
2574 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
2575 "Channel is disabled");
2576 return -EINVAL;
2577 }
2578
2579 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2580 enum nl80211_channel_type chantype;
2581
2582 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2583
2584 switch (chantype) {
2585 case NL80211_CHAN_NO_HT:
2586 case NL80211_CHAN_HT20:
2587 case NL80211_CHAN_HT40PLUS:
2588 case NL80211_CHAN_HT40MINUS:
2589 cfg80211_chandef_create(chandef, chandef->chan,
2590 chantype);
2591
2592 if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
2593 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
2594 NL_SET_ERR_MSG_ATTR(extack,
2595 attrs[NL80211_ATTR_CENTER_FREQ1],
2596 "bad center frequency 1");
2597 return -EINVAL;
2598 }
2599
2600 if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
2601 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
2602 NL_SET_ERR_MSG_ATTR(extack,
2603 attrs[NL80211_ATTR_CENTER_FREQ2],
2604 "center frequency 2 can't be used");
2605 return -EINVAL;
2606 }
2607 break;
2608 default:
2609 NL_SET_ERR_MSG_ATTR(extack,
2610 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
2611 "invalid channel type");
2612 return -EINVAL;
2613 }
2614 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2615 chandef->width =
2616 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2617 if (attrs[NL80211_ATTR_CENTER_FREQ1])
2618 chandef->center_freq1 =
2619 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
2620 if (attrs[NL80211_ATTR_CENTER_FREQ2])
2621 chandef->center_freq2 =
2622 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
2623 }
2624
2625 if (!cfg80211_chandef_valid(chandef)) {
2626 NL_SET_ERR_MSG(extack, "invalid channel definition");
2627 return -EINVAL;
2628 }
2629
2630 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2631 IEEE80211_CHAN_DISABLED)) {
2632 NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
2633 return -EINVAL;
2634 }
2635
2636 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2637 chandef->width == NL80211_CHAN_WIDTH_10) &&
2638 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
2639 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
2640 return -EINVAL;
2641 }
2642
2643 return 0;
2644}
2645
2646static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2647 struct net_device *dev,
2648 struct genl_info *info)
2649{
2650 struct cfg80211_chan_def chandef;
2651 int result;
2652 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2653 struct wireless_dev *wdev = NULL;
2654
2655 if (dev)
2656 wdev = dev->ieee80211_ptr;
2657 if (!nl80211_can_set_dev_channel(wdev))
2658 return -EOPNOTSUPP;
2659 if (wdev)
2660 iftype = wdev->iftype;
2661
2662 result = nl80211_parse_chandef(rdev, info, &chandef);
2663 if (result)
2664 return result;
2665
2666 switch (iftype) {
2667 case NL80211_IFTYPE_AP:
2668 case NL80211_IFTYPE_P2P_GO:
2669 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2670 iftype)) {
2671 result = -EINVAL;
2672 break;
2673 }
2674 if (wdev->beacon_interval) {
2675 if (!dev || !rdev->ops->set_ap_chanwidth ||
2676 !(rdev->wiphy.features &
2677 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2678 result = -EBUSY;
2679 break;
2680 }
2681
2682
2683 if (chandef.chan != wdev->preset_chandef.chan) {
2684 result = -EBUSY;
2685 break;
2686 }
2687 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2688 if (result)
2689 break;
2690 }
2691 wdev->preset_chandef = chandef;
2692 result = 0;
2693 break;
2694 case NL80211_IFTYPE_MESH_POINT:
2695 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2696 break;
2697 case NL80211_IFTYPE_MONITOR:
2698 result = cfg80211_set_monitor_channel(rdev, &chandef);
2699 break;
2700 default:
2701 result = -EINVAL;
2702 }
2703
2704 return result;
2705}
2706
2707static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2708{
2709 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2710 struct net_device *netdev = info->user_ptr[1];
2711
2712 return __nl80211_set_channel(rdev, netdev, info);
2713}
2714
2715static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2716{
2717 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2718 struct net_device *dev = info->user_ptr[1];
2719 struct wireless_dev *wdev = dev->ieee80211_ptr;
2720 const u8 *bssid;
2721
2722 if (!info->attrs[NL80211_ATTR_MAC])
2723 return -EINVAL;
2724
2725 if (netif_running(dev))
2726 return -EBUSY;
2727
2728 if (!rdev->ops->set_wds_peer)
2729 return -EOPNOTSUPP;
2730
2731 if (wdev->iftype != NL80211_IFTYPE_WDS)
2732 return -EOPNOTSUPP;
2733
2734 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2735 return rdev_set_wds_peer(rdev, dev, bssid);
2736}
2737
2738static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2739{
2740 struct cfg80211_registered_device *rdev;
2741 struct net_device *netdev = NULL;
2742 struct wireless_dev *wdev;
2743 int result = 0, rem_txq_params = 0;
2744 struct nlattr *nl_txq_params;
2745 u32 changed;
2746 u8 retry_short = 0, retry_long = 0;
2747 u32 frag_threshold = 0, rts_threshold = 0;
2748 u8 coverage_class = 0;
2749 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
2750
2751 ASSERT_RTNL();
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763 if (info->attrs[NL80211_ATTR_IFINDEX]) {
2764 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2765
2766 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2767 if (netdev && netdev->ieee80211_ptr)
2768 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2769 else
2770 netdev = NULL;
2771 }
2772
2773 if (!netdev) {
2774 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2775 info->attrs);
2776 if (IS_ERR(rdev))
2777 return PTR_ERR(rdev);
2778 wdev = NULL;
2779 netdev = NULL;
2780 result = 0;
2781 } else
2782 wdev = netdev->ieee80211_ptr;
2783
2784
2785
2786
2787
2788
2789 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2790 result = cfg80211_dev_rename(
2791 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2792
2793 if (result)
2794 return result;
2795
2796 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2797 struct ieee80211_txq_params txq_params;
2798 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2799
2800 if (!rdev->ops->set_txq_params)
2801 return -EOPNOTSUPP;
2802
2803 if (!netdev)
2804 return -EINVAL;
2805
2806 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2807 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2808 return -EINVAL;
2809
2810 if (!netif_running(netdev))
2811 return -ENETDOWN;
2812
2813 nla_for_each_nested(nl_txq_params,
2814 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2815 rem_txq_params) {
2816 result = nla_parse_nested_deprecated(tb,
2817 NL80211_TXQ_ATTR_MAX,
2818 nl_txq_params,
2819 txq_params_policy,
2820 info->extack);
2821 if (result)
2822 return result;
2823 result = parse_txq_params(tb, &txq_params);
2824 if (result)
2825 return result;
2826
2827 result = rdev_set_txq_params(rdev, netdev,
2828 &txq_params);
2829 if (result)
2830 return result;
2831 }
2832 }
2833
2834 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2835 result = __nl80211_set_channel(
2836 rdev,
2837 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2838 info);
2839 if (result)
2840 return result;
2841 }
2842
2843 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2844 struct wireless_dev *txp_wdev = wdev;
2845 enum nl80211_tx_power_setting type;
2846 int idx, mbm = 0;
2847
2848 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2849 txp_wdev = NULL;
2850
2851 if (!rdev->ops->set_tx_power)
2852 return -EOPNOTSUPP;
2853
2854 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2855 type = nla_get_u32(info->attrs[idx]);
2856
2857 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2858 (type != NL80211_TX_POWER_AUTOMATIC))
2859 return -EINVAL;
2860
2861 if (type != NL80211_TX_POWER_AUTOMATIC) {
2862 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2863 mbm = nla_get_u32(info->attrs[idx]);
2864 }
2865
2866 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2867 if (result)
2868 return result;
2869 }
2870
2871 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2872 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2873 u32 tx_ant, rx_ant;
2874
2875 if ((!rdev->wiphy.available_antennas_tx &&
2876 !rdev->wiphy.available_antennas_rx) ||
2877 !rdev->ops->set_antenna)
2878 return -EOPNOTSUPP;
2879
2880 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2881 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2882
2883
2884
2885 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2886 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2887 return -EINVAL;
2888
2889 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2890 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2891
2892 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2893 if (result)
2894 return result;
2895 }
2896
2897 changed = 0;
2898
2899 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2900 retry_short = nla_get_u8(
2901 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2902
2903 changed |= WIPHY_PARAM_RETRY_SHORT;
2904 }
2905
2906 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2907 retry_long = nla_get_u8(
2908 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2909
2910 changed |= WIPHY_PARAM_RETRY_LONG;
2911 }
2912
2913 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2914 frag_threshold = nla_get_u32(
2915 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2916 if (frag_threshold < 256)
2917 return -EINVAL;
2918
2919 if (frag_threshold != (u32) -1) {
2920
2921
2922
2923
2924
2925
2926 frag_threshold &= ~0x1;
2927 }
2928 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2929 }
2930
2931 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2932 rts_threshold = nla_get_u32(
2933 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2934 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2935 }
2936
2937 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2938 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2939 return -EINVAL;
2940
2941 coverage_class = nla_get_u8(
2942 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2943 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2944 }
2945
2946 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2947 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2948 return -EOPNOTSUPP;
2949
2950 changed |= WIPHY_PARAM_DYN_ACK;
2951 }
2952
2953 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
2954 if (!wiphy_ext_feature_isset(&rdev->wiphy,
2955 NL80211_EXT_FEATURE_TXQS))
2956 return -EOPNOTSUPP;
2957 txq_limit = nla_get_u32(
2958 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
2959 changed |= WIPHY_PARAM_TXQ_LIMIT;
2960 }
2961
2962 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
2963 if (!wiphy_ext_feature_isset(&rdev->wiphy,
2964 NL80211_EXT_FEATURE_TXQS))
2965 return -EOPNOTSUPP;
2966 txq_memory_limit = nla_get_u32(
2967 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
2968 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
2969 }
2970
2971 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
2972 if (!wiphy_ext_feature_isset(&rdev->wiphy,
2973 NL80211_EXT_FEATURE_TXQS))
2974 return -EOPNOTSUPP;
2975 txq_quantum = nla_get_u32(
2976 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
2977 changed |= WIPHY_PARAM_TXQ_QUANTUM;
2978 }
2979
2980 if (changed) {
2981 u8 old_retry_short, old_retry_long;
2982 u32 old_frag_threshold, old_rts_threshold;
2983 u8 old_coverage_class;
2984 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
2985
2986 if (!rdev->ops->set_wiphy_params)
2987 return -EOPNOTSUPP;
2988
2989 old_retry_short = rdev->wiphy.retry_short;
2990 old_retry_long = rdev->wiphy.retry_long;
2991 old_frag_threshold = rdev->wiphy.frag_threshold;
2992 old_rts_threshold = rdev->wiphy.rts_threshold;
2993 old_coverage_class = rdev->wiphy.coverage_class;
2994 old_txq_limit = rdev->wiphy.txq_limit;
2995 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
2996 old_txq_quantum = rdev->wiphy.txq_quantum;
2997
2998 if (changed & WIPHY_PARAM_RETRY_SHORT)
2999 rdev->wiphy.retry_short = retry_short;
3000 if (changed & WIPHY_PARAM_RETRY_LONG)
3001 rdev->wiphy.retry_long = retry_long;
3002 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3003 rdev->wiphy.frag_threshold = frag_threshold;
3004 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3005 rdev->wiphy.rts_threshold = rts_threshold;
3006 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3007 rdev->wiphy.coverage_class = coverage_class;
3008 if (changed & WIPHY_PARAM_TXQ_LIMIT)
3009 rdev->wiphy.txq_limit = txq_limit;
3010 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3011 rdev->wiphy.txq_memory_limit = txq_memory_limit;
3012 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3013 rdev->wiphy.txq_quantum = txq_quantum;
3014
3015 result = rdev_set_wiphy_params(rdev, changed);
3016 if (result) {
3017 rdev->wiphy.retry_short = old_retry_short;
3018 rdev->wiphy.retry_long = old_retry_long;
3019 rdev->wiphy.frag_threshold = old_frag_threshold;
3020 rdev->wiphy.rts_threshold = old_rts_threshold;
3021 rdev->wiphy.coverage_class = old_coverage_class;
3022 rdev->wiphy.txq_limit = old_txq_limit;
3023 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3024 rdev->wiphy.txq_quantum = old_txq_quantum;
3025 return result;
3026 }
3027 }
3028 return 0;
3029}
3030
3031static int nl80211_send_chandef(struct sk_buff *msg,
3032 const struct cfg80211_chan_def *chandef)
3033{
3034 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3035 return -EINVAL;
3036
3037 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3038 chandef->chan->center_freq))
3039 return -ENOBUFS;
3040 switch (chandef->width) {
3041 case NL80211_CHAN_WIDTH_20_NOHT:
3042 case NL80211_CHAN_WIDTH_20:
3043 case NL80211_CHAN_WIDTH_40:
3044 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3045 cfg80211_get_chandef_type(chandef)))
3046 return -ENOBUFS;
3047 break;
3048 default:
3049 break;
3050 }
3051 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3052 return -ENOBUFS;
3053 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3054 return -ENOBUFS;
3055 if (chandef->center_freq2 &&
3056 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3057 return -ENOBUFS;
3058 return 0;
3059}
3060
3061static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3062 struct cfg80211_registered_device *rdev,
3063 struct wireless_dev *wdev,
3064 enum nl80211_commands cmd)
3065{
3066 struct net_device *dev = wdev->netdev;
3067 void *hdr;
3068
3069 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3070 cmd != NL80211_CMD_DEL_INTERFACE &&
3071 cmd != NL80211_CMD_SET_INTERFACE);
3072
3073 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3074 if (!hdr)
3075 return -1;
3076
3077 if (dev &&
3078 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3079 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3080 goto nla_put_failure;
3081
3082 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3083 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3084 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3085 NL80211_ATTR_PAD) ||
3086 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3087 nla_put_u32(msg, NL80211_ATTR_GENERATION,
3088 rdev->devlist_generation ^
3089 (cfg80211_rdev_list_generation << 2)) ||
3090 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3091 goto nla_put_failure;
3092
3093 if (rdev->ops->get_channel) {
3094 int ret;
3095 struct cfg80211_chan_def chandef;
3096
3097 ret = rdev_get_channel(rdev, wdev, &chandef);
3098 if (ret == 0) {
3099 if (nl80211_send_chandef(msg, &chandef))
3100 goto nla_put_failure;
3101 }
3102 }
3103
3104 if (rdev->ops->get_tx_power) {
3105 int dbm, ret;
3106
3107 ret = rdev_get_tx_power(rdev, wdev, &dbm);
3108 if (ret == 0 &&
3109 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3110 DBM_TO_MBM(dbm)))
3111 goto nla_put_failure;
3112 }
3113
3114 wdev_lock(wdev);
3115 switch (wdev->iftype) {
3116 case NL80211_IFTYPE_AP:
3117 if (wdev->ssid_len &&
3118 nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3119 goto nla_put_failure_locked;
3120 break;
3121 case NL80211_IFTYPE_STATION:
3122 case NL80211_IFTYPE_P2P_CLIENT:
3123 case NL80211_IFTYPE_ADHOC: {
3124 const u8 *ssid_ie;
3125 if (!wdev->current_bss)
3126 break;
3127 rcu_read_lock();
3128 ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3129 WLAN_EID_SSID);
3130 if (ssid_ie &&
3131 nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3132 goto nla_put_failure_rcu_locked;
3133 rcu_read_unlock();
3134 break;
3135 }
3136 default:
3137
3138 break;
3139 }
3140 wdev_unlock(wdev);
3141
3142 if (rdev->ops->get_txq_stats) {
3143 struct cfg80211_txq_stats txqstats = {};
3144 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3145
3146 if (ret == 0 &&
3147 !nl80211_put_txq_stats(msg, &txqstats,
3148 NL80211_ATTR_TXQ_STATS))
3149 goto nla_put_failure;
3150 }
3151
3152 genlmsg_end(msg, hdr);
3153 return 0;
3154
3155 nla_put_failure_rcu_locked:
3156 rcu_read_unlock();
3157 nla_put_failure_locked:
3158 wdev_unlock(wdev);
3159 nla_put_failure:
3160 genlmsg_cancel(msg, hdr);
3161 return -EMSGSIZE;
3162}
3163
3164static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3165{
3166 int wp_idx = 0;
3167 int if_idx = 0;
3168 int wp_start = cb->args[0];
3169 int if_start = cb->args[1];
3170 int filter_wiphy = -1;
3171 struct cfg80211_registered_device *rdev;
3172 struct wireless_dev *wdev;
3173 int ret;
3174
3175 rtnl_lock();
3176 if (!cb->args[2]) {
3177 struct nl80211_dump_wiphy_state state = {
3178 .filter_wiphy = -1,
3179 };
3180
3181 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3182 if (ret)
3183 goto out_unlock;
3184
3185 filter_wiphy = state.filter_wiphy;
3186
3187
3188
3189
3190
3191 if (filter_wiphy >= 0)
3192 cb->args[2] = filter_wiphy + 1;
3193 else
3194 cb->args[2] = -1;
3195 } else if (cb->args[2] > 0) {
3196 filter_wiphy = cb->args[2] - 1;
3197 }
3198
3199 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3200 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3201 continue;
3202 if (wp_idx < wp_start) {
3203 wp_idx++;
3204 continue;
3205 }
3206
3207 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3208 continue;
3209
3210 if_idx = 0;
3211
3212 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3213 if (if_idx < if_start) {
3214 if_idx++;
3215 continue;
3216 }
3217 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3218 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3219 rdev, wdev,
3220 NL80211_CMD_NEW_INTERFACE) < 0) {
3221 goto out;
3222 }
3223 if_idx++;
3224 }
3225
3226 wp_idx++;
3227 }
3228 out:
3229 cb->args[0] = wp_idx;
3230 cb->args[1] = if_idx;
3231
3232 ret = skb->len;
3233 out_unlock:
3234 rtnl_unlock();
3235
3236 return ret;
3237}
3238
3239static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3240{
3241 struct sk_buff *msg;
3242 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3243 struct wireless_dev *wdev = info->user_ptr[1];
3244
3245 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3246 if (!msg)
3247 return -ENOMEM;
3248
3249 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3250 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3251 nlmsg_free(msg);
3252 return -ENOBUFS;
3253 }
3254
3255 return genlmsg_reply(msg, info);
3256}
3257
3258static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3259 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3260 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3261 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3262 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3263 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3264 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3265};
3266
3267static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3268{
3269 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3270 int flag;
3271
3272 *mntrflags = 0;
3273
3274 if (!nla)
3275 return -EINVAL;
3276
3277 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3278 return -EINVAL;
3279
3280 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3281 if (flags[flag])
3282 *mntrflags |= (1<<flag);
3283
3284 *mntrflags |= MONITOR_FLAG_CHANGED;
3285
3286 return 0;
3287}
3288
3289static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3290 enum nl80211_iftype type,
3291 struct genl_info *info,
3292 struct vif_params *params)
3293{
3294 bool change = false;
3295 int err;
3296
3297 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3298 if (type != NL80211_IFTYPE_MONITOR)
3299 return -EINVAL;
3300
3301 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3302 ¶ms->flags);
3303 if (err)
3304 return err;
3305
3306 change = true;
3307 }
3308
3309 if (params->flags & MONITOR_FLAG_ACTIVE &&
3310 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3311 return -EOPNOTSUPP;
3312
3313 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3314 const u8 *mumimo_groups;
3315 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3316
3317 if (type != NL80211_IFTYPE_MONITOR)
3318 return -EINVAL;
3319
3320 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3321 return -EOPNOTSUPP;
3322
3323 mumimo_groups =
3324 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3325
3326
3327 if ((mumimo_groups[0] & BIT(0)) ||
3328 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3329 return -EINVAL;
3330
3331 params->vht_mumimo_groups = mumimo_groups;
3332 change = true;
3333 }
3334
3335 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3336 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3337
3338 if (type != NL80211_IFTYPE_MONITOR)
3339 return -EINVAL;
3340
3341 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3342 return -EOPNOTSUPP;
3343
3344 params->vht_mumimo_follow_addr =
3345 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3346 change = true;
3347 }
3348
3349 return change ? 1 : 0;
3350}
3351
3352static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3353 struct net_device *netdev, u8 use_4addr,
3354 enum nl80211_iftype iftype)
3355{
3356 if (!use_4addr) {
3357 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
3358 return -EBUSY;
3359 return 0;
3360 }
3361
3362 switch (iftype) {
3363 case NL80211_IFTYPE_AP_VLAN:
3364 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3365 return 0;
3366 break;
3367 case NL80211_IFTYPE_STATION:
3368 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3369 return 0;
3370 break;
3371 default:
3372 break;
3373 }
3374
3375 return -EOPNOTSUPP;
3376}
3377
3378static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3379{
3380 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3381 struct vif_params params;
3382 int err;
3383 enum nl80211_iftype otype, ntype;
3384 struct net_device *dev = info->user_ptr[1];
3385 bool change = false;
3386
3387 memset(¶ms, 0, sizeof(params));
3388
3389 otype = ntype = dev->ieee80211_ptr->iftype;
3390
3391 if (info->attrs[NL80211_ATTR_IFTYPE]) {
3392 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3393 if (otype != ntype)
3394 change = true;
3395 }
3396
3397 if (info->attrs[NL80211_ATTR_MESH_ID]) {
3398 struct wireless_dev *wdev = dev->ieee80211_ptr;
3399
3400 if (ntype != NL80211_IFTYPE_MESH_POINT)
3401 return -EINVAL;
3402 if (netif_running(dev))
3403 return -EBUSY;
3404
3405 wdev_lock(wdev);
3406 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3407 IEEE80211_MAX_MESH_ID_LEN);
3408 wdev->mesh_id_up_len =
3409 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3410 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3411 wdev->mesh_id_up_len);
3412 wdev_unlock(wdev);
3413 }
3414
3415 if (info->attrs[NL80211_ATTR_4ADDR]) {
3416 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3417 change = true;
3418 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3419 if (err)
3420 return err;
3421 } else {
3422 params.use_4addr = -1;
3423 }
3424
3425 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms);
3426 if (err < 0)
3427 return err;
3428 if (err > 0)
3429 change = true;
3430
3431 if (change)
3432 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms);
3433 else
3434 err = 0;
3435
3436 if (!err && params.use_4addr != -1)
3437 dev->ieee80211_ptr->use_4addr = params.use_4addr;
3438
3439 if (change && !err) {
3440 struct wireless_dev *wdev = dev->ieee80211_ptr;
3441
3442 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3443 }
3444
3445 return err;
3446}
3447
3448static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3449{
3450 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3451 struct vif_params params;
3452 struct wireless_dev *wdev;
3453 struct sk_buff *msg;
3454 int err;
3455 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3456
3457
3458 cfg80211_destroy_ifaces(rdev);
3459
3460 memset(¶ms, 0, sizeof(params));
3461
3462 if (!info->attrs[NL80211_ATTR_IFNAME])
3463 return -EINVAL;
3464
3465 if (info->attrs[NL80211_ATTR_IFTYPE])
3466 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3467
3468 if (!rdev->ops->add_virtual_intf)
3469 return -EOPNOTSUPP;
3470
3471 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3472 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3473 info->attrs[NL80211_ATTR_MAC]) {
3474 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3475 ETH_ALEN);
3476 if (!is_valid_ether_addr(params.macaddr))
3477 return -EADDRNOTAVAIL;
3478 }
3479
3480 if (info->attrs[NL80211_ATTR_4ADDR]) {
3481 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3482 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3483 if (err)
3484 return err;
3485 }
3486
3487 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3488 return -EOPNOTSUPP;
3489
3490 err = nl80211_parse_mon_options(rdev, type, info, ¶ms);
3491 if (err < 0)
3492 return err;
3493
3494 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3495 if (!msg)
3496 return -ENOMEM;
3497
3498 wdev = rdev_add_virtual_intf(rdev,
3499 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3500 NET_NAME_USER, type, ¶ms);
3501 if (WARN_ON(!wdev)) {
3502 nlmsg_free(msg);
3503 return -EPROTO;
3504 } else if (IS_ERR(wdev)) {
3505 nlmsg_free(msg);
3506 return PTR_ERR(wdev);
3507 }
3508
3509 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3510 wdev->owner_nlportid = info->snd_portid;
3511
3512 switch (type) {
3513 case NL80211_IFTYPE_MESH_POINT:
3514 if (!info->attrs[NL80211_ATTR_MESH_ID])
3515 break;
3516 wdev_lock(wdev);
3517 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3518 IEEE80211_MAX_MESH_ID_LEN);
3519 wdev->mesh_id_up_len =
3520 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3521 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3522 wdev->mesh_id_up_len);
3523 wdev_unlock(wdev);
3524 break;
3525 case NL80211_IFTYPE_NAN:
3526 case NL80211_IFTYPE_P2P_DEVICE:
3527
3528
3529
3530
3531 cfg80211_init_wdev(rdev, wdev);
3532 break;
3533 default:
3534 break;
3535 }
3536
3537 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3538 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3539 nlmsg_free(msg);
3540 return -ENOBUFS;
3541 }
3542
3543 return genlmsg_reply(msg, info);
3544}
3545
3546static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3547{
3548 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3549 struct wireless_dev *wdev = info->user_ptr[1];
3550
3551 if (!rdev->ops->del_virtual_intf)
3552 return -EOPNOTSUPP;
3553
3554
3555
3556
3557
3558
3559
3560
3561 if (!wdev->netdev)
3562 info->user_ptr[1] = NULL;
3563
3564 return rdev_del_virtual_intf(rdev, wdev);
3565}
3566
3567static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3568{
3569 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3570 struct net_device *dev = info->user_ptr[1];
3571 u16 noack_map;
3572
3573 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3574 return -EINVAL;
3575
3576 if (!rdev->ops->set_noack_map)
3577 return -EOPNOTSUPP;
3578
3579 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3580
3581 return rdev_set_noack_map(rdev, dev, noack_map);
3582}
3583
3584struct get_key_cookie {
3585 struct sk_buff *msg;
3586 int error;
3587 int idx;
3588};
3589
3590static void get_key_callback(void *c, struct key_params *params)
3591{
3592 struct nlattr *key;
3593 struct get_key_cookie *cookie = c;
3594
3595 if ((params->key &&
3596 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3597 params->key_len, params->key)) ||
3598 (params->seq &&
3599 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3600 params->seq_len, params->seq)) ||
3601 (params->cipher &&
3602 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3603 params->cipher)))
3604 goto nla_put_failure;
3605
3606 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
3607 if (!key)
3608 goto nla_put_failure;
3609
3610 if ((params->key &&
3611 nla_put(cookie->msg, NL80211_KEY_DATA,
3612 params->key_len, params->key)) ||
3613 (params->seq &&
3614 nla_put(cookie->msg, NL80211_KEY_SEQ,
3615 params->seq_len, params->seq)) ||
3616 (params->cipher &&
3617 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3618 params->cipher)))
3619 goto nla_put_failure;
3620
3621 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
3622 goto nla_put_failure;
3623
3624 nla_nest_end(cookie->msg, key);
3625
3626 return;
3627 nla_put_failure:
3628 cookie->error = 1;
3629}
3630
3631static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3632{
3633 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3634 int err;
3635 struct net_device *dev = info->user_ptr[1];
3636 u8 key_idx = 0;
3637 const u8 *mac_addr = NULL;
3638 bool pairwise;
3639 struct get_key_cookie cookie = {
3640 .error = 0,
3641 };
3642 void *hdr;
3643 struct sk_buff *msg;
3644
3645 if (info->attrs[NL80211_ATTR_KEY_IDX])
3646 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3647
3648 if (info->attrs[NL80211_ATTR_MAC])
3649 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3650
3651 pairwise = !!mac_addr;
3652 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3653 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3654
3655 if (kt != NL80211_KEYTYPE_GROUP &&
3656 kt != NL80211_KEYTYPE_PAIRWISE)
3657 return -EINVAL;
3658 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3659 }
3660
3661 if (!rdev->ops->get_key)
3662 return -EOPNOTSUPP;
3663
3664 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3665 return -ENOENT;
3666
3667 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3668 if (!msg)
3669 return -ENOMEM;
3670
3671 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3672 NL80211_CMD_NEW_KEY);
3673 if (!hdr)
3674 goto nla_put_failure;
3675
3676 cookie.msg = msg;
3677 cookie.idx = key_idx;
3678
3679 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3680 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3681 goto nla_put_failure;
3682 if (mac_addr &&
3683 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3684 goto nla_put_failure;
3685
3686 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3687 get_key_callback);
3688
3689 if (err)
3690 goto free_msg;
3691
3692 if (cookie.error)
3693 goto nla_put_failure;
3694
3695 genlmsg_end(msg, hdr);
3696 return genlmsg_reply(msg, info);
3697
3698 nla_put_failure:
3699 err = -ENOBUFS;
3700 free_msg:
3701 nlmsg_free(msg);
3702 return err;
3703}
3704
3705static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3706{
3707 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3708 struct key_parse key;
3709 int err;
3710 struct net_device *dev = info->user_ptr[1];
3711
3712 err = nl80211_parse_key(info, &key);
3713 if (err)
3714 return err;
3715
3716 if (key.idx < 0)
3717 return -EINVAL;
3718
3719
3720
3721
3722 if (!key.def && !key.defmgmt &&
3723 !(key.p.mode == NL80211_KEY_SET_TX))
3724 return -EINVAL;
3725
3726 wdev_lock(dev->ieee80211_ptr);
3727
3728 if (key.def) {
3729 if (!rdev->ops->set_default_key) {
3730 err = -EOPNOTSUPP;
3731 goto out;
3732 }
3733
3734 err = nl80211_key_allowed(dev->ieee80211_ptr);
3735 if (err)
3736 goto out;
3737
3738 err = rdev_set_default_key(rdev, dev, key.idx,
3739 key.def_uni, key.def_multi);
3740
3741 if (err)
3742 goto out;
3743
3744#ifdef CONFIG_CFG80211_WEXT
3745 dev->ieee80211_ptr->wext.default_key = key.idx;
3746#endif
3747 } else if (key.defmgmt) {
3748 if (key.def_uni || !key.def_multi) {
3749 err = -EINVAL;
3750 goto out;
3751 }
3752
3753 if (!rdev->ops->set_default_mgmt_key) {
3754 err = -EOPNOTSUPP;
3755 goto out;
3756 }
3757
3758 err = nl80211_key_allowed(dev->ieee80211_ptr);
3759 if (err)
3760 goto out;
3761
3762 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3763 if (err)
3764 goto out;
3765
3766#ifdef CONFIG_CFG80211_WEXT
3767 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3768#endif
3769 } else if (key.p.mode == NL80211_KEY_SET_TX &&
3770 wiphy_ext_feature_isset(&rdev->wiphy,
3771 NL80211_EXT_FEATURE_EXT_KEY_ID)) {
3772 u8 *mac_addr = NULL;
3773
3774 if (info->attrs[NL80211_ATTR_MAC])
3775 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3776
3777 if (!mac_addr || key.idx < 0 || key.idx > 1) {
3778 err = -EINVAL;
3779 goto out;
3780 }
3781
3782 err = rdev_add_key(rdev, dev, key.idx,
3783 NL80211_KEYTYPE_PAIRWISE,
3784 mac_addr, &key.p);
3785 } else {
3786 err = -EINVAL;
3787 }
3788 out:
3789 wdev_unlock(dev->ieee80211_ptr);
3790
3791 return err;
3792}
3793
3794static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3795{
3796 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3797 int err;
3798 struct net_device *dev = info->user_ptr[1];
3799 struct key_parse key;
3800 const u8 *mac_addr = NULL;
3801
3802 err = nl80211_parse_key(info, &key);
3803 if (err)
3804 return err;
3805
3806 if (!key.p.key)
3807 return -EINVAL;
3808
3809 if (info->attrs[NL80211_ATTR_MAC])
3810 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3811
3812 if (key.type == -1) {
3813 if (mac_addr)
3814 key.type = NL80211_KEYTYPE_PAIRWISE;
3815 else
3816 key.type = NL80211_KEYTYPE_GROUP;
3817 }
3818
3819
3820 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3821 key.type != NL80211_KEYTYPE_GROUP)
3822 return -EINVAL;
3823
3824 if (!rdev->ops->add_key)
3825 return -EOPNOTSUPP;
3826
3827 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3828 key.type == NL80211_KEYTYPE_PAIRWISE,
3829 mac_addr))
3830 return -EINVAL;
3831
3832 wdev_lock(dev->ieee80211_ptr);
3833 err = nl80211_key_allowed(dev->ieee80211_ptr);
3834 if (!err)
3835 err = rdev_add_key(rdev, dev, key.idx,
3836 key.type == NL80211_KEYTYPE_PAIRWISE,
3837 mac_addr, &key.p);
3838 wdev_unlock(dev->ieee80211_ptr);
3839
3840 return err;
3841}
3842
3843static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3844{
3845 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3846 int err;
3847 struct net_device *dev = info->user_ptr[1];
3848 u8 *mac_addr = NULL;
3849 struct key_parse key;
3850
3851 err = nl80211_parse_key(info, &key);
3852 if (err)
3853 return err;
3854
3855 if (info->attrs[NL80211_ATTR_MAC])
3856 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3857
3858 if (key.type == -1) {
3859 if (mac_addr)
3860 key.type = NL80211_KEYTYPE_PAIRWISE;
3861 else
3862 key.type = NL80211_KEYTYPE_GROUP;
3863 }
3864
3865
3866 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3867 key.type != NL80211_KEYTYPE_GROUP)
3868 return -EINVAL;
3869
3870 if (!rdev->ops->del_key)
3871 return -EOPNOTSUPP;
3872
3873 wdev_lock(dev->ieee80211_ptr);
3874 err = nl80211_key_allowed(dev->ieee80211_ptr);
3875
3876 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3877 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3878 err = -ENOENT;
3879
3880 if (!err)
3881 err = rdev_del_key(rdev, dev, key.idx,
3882 key.type == NL80211_KEYTYPE_PAIRWISE,
3883 mac_addr);
3884
3885#ifdef CONFIG_CFG80211_WEXT
3886 if (!err) {
3887 if (key.idx == dev->ieee80211_ptr->wext.default_key)
3888 dev->ieee80211_ptr->wext.default_key = -1;
3889 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3890 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3891 }
3892#endif
3893 wdev_unlock(dev->ieee80211_ptr);
3894
3895 return err;
3896}
3897
3898
3899static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3900{
3901 struct nlattr *attr;
3902 int n_entries = 0, tmp;
3903
3904 nla_for_each_nested(attr, nl_attr, tmp) {
3905 if (nla_len(attr) != ETH_ALEN)
3906 return -EINVAL;
3907
3908 n_entries++;
3909 }
3910
3911 return n_entries;
3912}
3913
3914
3915
3916
3917
3918
3919static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3920 struct genl_info *info)
3921{
3922 enum nl80211_acl_policy acl_policy;
3923 struct nlattr *attr;
3924 struct cfg80211_acl_data *acl;
3925 int i = 0, n_entries, tmp;
3926
3927 if (!wiphy->max_acl_mac_addrs)
3928 return ERR_PTR(-EOPNOTSUPP);
3929
3930 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3931 return ERR_PTR(-EINVAL);
3932
3933 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3934 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3935 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3936 return ERR_PTR(-EINVAL);
3937
3938 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3939 return ERR_PTR(-EINVAL);
3940
3941 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3942 if (n_entries < 0)
3943 return ERR_PTR(n_entries);
3944
3945 if (n_entries > wiphy->max_acl_mac_addrs)
3946 return ERR_PTR(-ENOTSUPP);
3947
3948 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
3949 if (!acl)
3950 return ERR_PTR(-ENOMEM);
3951
3952 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3953 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3954 i++;
3955 }
3956
3957 acl->n_acl_entries = n_entries;
3958 acl->acl_policy = acl_policy;
3959
3960 return acl;
3961}
3962
3963static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3964{
3965 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3966 struct net_device *dev = info->user_ptr[1];
3967 struct cfg80211_acl_data *acl;
3968 int err;
3969
3970 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3971 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3972 return -EOPNOTSUPP;
3973
3974 if (!dev->ieee80211_ptr->beacon_interval)
3975 return -EINVAL;
3976
3977 acl = parse_acl_data(&rdev->wiphy, info);
3978 if (IS_ERR(acl))
3979 return PTR_ERR(acl);
3980
3981 err = rdev_set_mac_acl(rdev, dev, acl);
3982
3983 kfree(acl);
3984
3985 return err;
3986}
3987
3988static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
3989 u8 *rates, u8 rates_len)
3990{
3991 u8 i;
3992 u32 mask = 0;
3993
3994 for (i = 0; i < rates_len; i++) {
3995 int rate = (rates[i] & 0x7f) * 5;
3996 int ridx;
3997
3998 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
3999 struct ieee80211_rate *srate =
4000 &sband->bitrates[ridx];
4001 if (rate == srate->bitrate) {
4002 mask |= 1 << ridx;
4003 break;
4004 }
4005 }
4006 if (ridx == sband->n_bitrates)
4007 return 0;
4008 }
4009
4010 return mask;
4011}
4012
4013static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4014 u8 *rates, u8 rates_len,
4015 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4016{
4017 u8 i;
4018
4019 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4020
4021 for (i = 0; i < rates_len; i++) {
4022 int ridx, rbit;
4023
4024 ridx = rates[i] / 8;
4025 rbit = BIT(rates[i] % 8);
4026
4027
4028 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4029 return false;
4030
4031
4032 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4033 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4034 mcs[ridx] |= rbit;
4035 else
4036 return false;
4037 }
4038
4039 return true;
4040}
4041
4042static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4043{
4044 u16 mcs_mask = 0;
4045
4046 switch (vht_mcs_map) {
4047 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4048 break;
4049 case IEEE80211_VHT_MCS_SUPPORT_0_7:
4050 mcs_mask = 0x00FF;
4051 break;
4052 case IEEE80211_VHT_MCS_SUPPORT_0_8:
4053 mcs_mask = 0x01FF;
4054 break;
4055 case IEEE80211_VHT_MCS_SUPPORT_0_9:
4056 mcs_mask = 0x03FF;
4057 break;
4058 default:
4059 break;
4060 }
4061
4062 return mcs_mask;
4063}
4064
4065static void vht_build_mcs_mask(u16 vht_mcs_map,
4066 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4067{
4068 u8 nss;
4069
4070 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4071 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4072 vht_mcs_map >>= 2;
4073 }
4074}
4075
4076static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4077 struct nl80211_txrate_vht *txrate,
4078 u16 mcs[NL80211_VHT_NSS_MAX])
4079{
4080 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4081 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4082 u8 i;
4083
4084 if (!sband->vht_cap.vht_supported)
4085 return false;
4086
4087 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4088
4089
4090 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4091
4092 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4093 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4094 mcs[i] = txrate->mcs[i];
4095 else
4096 return false;
4097 }
4098
4099 return true;
4100}
4101
4102static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4103 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4104 .len = NL80211_MAX_SUPP_RATES },
4105 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
4106 .len = NL80211_MAX_SUPP_HT_RATES },
4107 [NL80211_TXRATE_VHT] = {
4108 .type = NLA_EXACT_LEN_WARN,
4109 .len = sizeof(struct nl80211_txrate_vht),
4110 },
4111 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
4112};
4113
4114static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4115 struct cfg80211_bitrate_mask *mask)
4116{
4117 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4118 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4119 int rem, i;
4120 struct nlattr *tx_rates;
4121 struct ieee80211_supported_band *sband;
4122 u16 vht_tx_mcs_map;
4123
4124 memset(mask, 0, sizeof(*mask));
4125
4126 for (i = 0; i < NUM_NL80211_BANDS; i++) {
4127 sband = rdev->wiphy.bands[i];
4128
4129 if (!sband)
4130 continue;
4131
4132 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4133 memcpy(mask->control[i].ht_mcs,
4134 sband->ht_cap.mcs.rx_mask,
4135 sizeof(mask->control[i].ht_mcs));
4136
4137 if (!sband->vht_cap.vht_supported)
4138 continue;
4139
4140 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4141 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4142 }
4143
4144
4145 if (!info->attrs[NL80211_ATTR_TX_RATES])
4146 goto out;
4147
4148
4149
4150
4151 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4152 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
4153 enum nl80211_band band = nla_type(tx_rates);
4154 int err;
4155
4156 if (band < 0 || band >= NUM_NL80211_BANDS)
4157 return -EINVAL;
4158 sband = rdev->wiphy.bands[band];
4159 if (sband == NULL)
4160 return -EINVAL;
4161 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4162 tx_rates,
4163 nl80211_txattr_policy,
4164 info->extack);
4165 if (err)
4166 return err;
4167 if (tb[NL80211_TXRATE_LEGACY]) {
4168 mask->control[band].legacy = rateset_to_mask(
4169 sband,
4170 nla_data(tb[NL80211_TXRATE_LEGACY]),
4171 nla_len(tb[NL80211_TXRATE_LEGACY]));
4172 if ((mask->control[band].legacy == 0) &&
4173 nla_len(tb[NL80211_TXRATE_LEGACY]))
4174 return -EINVAL;
4175 }
4176 if (tb[NL80211_TXRATE_HT]) {
4177 if (!ht_rateset_to_mask(
4178 sband,
4179 nla_data(tb[NL80211_TXRATE_HT]),
4180 nla_len(tb[NL80211_TXRATE_HT]),
4181 mask->control[band].ht_mcs))
4182 return -EINVAL;
4183 }
4184 if (tb[NL80211_TXRATE_VHT]) {
4185 if (!vht_set_mcs_mask(
4186 sband,
4187 nla_data(tb[NL80211_TXRATE_VHT]),
4188 mask->control[band].vht_mcs))
4189 return -EINVAL;
4190 }
4191 if (tb[NL80211_TXRATE_GI]) {
4192 mask->control[band].gi =
4193 nla_get_u8(tb[NL80211_TXRATE_GI]);
4194 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4195 return -EINVAL;
4196 }
4197
4198 if (mask->control[band].legacy == 0) {
4199
4200
4201
4202 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4203 rdev->wiphy.bands[band]->vht_cap.vht_supported))
4204 return -EINVAL;
4205
4206 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4207 if (mask->control[band].ht_mcs[i])
4208 goto out;
4209
4210 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4211 if (mask->control[band].vht_mcs[i])
4212 goto out;
4213
4214
4215 return -EINVAL;
4216 }
4217 }
4218
4219out:
4220 return 0;
4221}
4222
4223static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4224 enum nl80211_band band,
4225 struct cfg80211_bitrate_mask *beacon_rate)
4226{
4227 u32 count_ht, count_vht, i;
4228 u32 rate = beacon_rate->control[band].legacy;
4229
4230
4231 if (hweight32(rate) > 1)
4232 return -EINVAL;
4233
4234 count_ht = 0;
4235 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4236 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4237 return -EINVAL;
4238 } else if (beacon_rate->control[band].ht_mcs[i]) {
4239 count_ht++;
4240 if (count_ht > 1)
4241 return -EINVAL;
4242 }
4243 if (count_ht && rate)
4244 return -EINVAL;
4245 }
4246
4247 count_vht = 0;
4248 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4249 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4250 return -EINVAL;
4251 } else if (beacon_rate->control[band].vht_mcs[i]) {
4252 count_vht++;
4253 if (count_vht > 1)
4254 return -EINVAL;
4255 }
4256 if (count_vht && rate)
4257 return -EINVAL;
4258 }
4259
4260 if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
4261 return -EINVAL;
4262
4263 if (rate &&
4264 !wiphy_ext_feature_isset(&rdev->wiphy,
4265 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4266 return -EINVAL;
4267 if (count_ht &&
4268 !wiphy_ext_feature_isset(&rdev->wiphy,
4269 NL80211_EXT_FEATURE_BEACON_RATE_HT))
4270 return -EINVAL;
4271 if (count_vht &&
4272 !wiphy_ext_feature_isset(&rdev->wiphy,
4273 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4274 return -EINVAL;
4275
4276 return 0;
4277}
4278
4279static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4280 struct nlattr *attrs[],
4281 struct cfg80211_beacon_data *bcn)
4282{
4283 bool haveinfo = false;
4284 int err;
4285
4286 memset(bcn, 0, sizeof(*bcn));
4287
4288 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4289 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4290 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4291 if (!bcn->head_len)
4292 return -EINVAL;
4293 haveinfo = true;
4294 }
4295
4296 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4297 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4298 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4299 haveinfo = true;
4300 }
4301
4302 if (!haveinfo)
4303 return -EINVAL;
4304
4305 if (attrs[NL80211_ATTR_IE]) {
4306 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
4307 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
4308 }
4309
4310 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
4311 bcn->proberesp_ies =
4312 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4313 bcn->proberesp_ies_len =
4314 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4315 }
4316
4317 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
4318 bcn->assocresp_ies =
4319 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4320 bcn->assocresp_ies_len =
4321 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4322 }
4323
4324 if (attrs[NL80211_ATTR_PROBE_RESP]) {
4325 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
4326 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
4327 }
4328
4329 if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
4330 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
4331
4332 err = nla_parse_nested_deprecated(tb,
4333 NL80211_FTM_RESP_ATTR_MAX,
4334 attrs[NL80211_ATTR_FTM_RESPONDER],
4335 NULL, NULL);
4336 if (err)
4337 return err;
4338
4339 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
4340 wiphy_ext_feature_isset(&rdev->wiphy,
4341 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
4342 bcn->ftm_responder = 1;
4343 else
4344 return -EOPNOTSUPP;
4345
4346 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
4347 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
4348 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
4349 }
4350
4351 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
4352 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4353 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4354 }
4355 } else {
4356 bcn->ftm_responder = -1;
4357 }
4358
4359 return 0;
4360}
4361
4362static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
4363 const u8 *rates)
4364{
4365 int i;
4366
4367 if (!rates)
4368 return;
4369
4370 for (i = 0; i < rates[1]; i++) {
4371 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
4372 params->ht_required = true;
4373 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
4374 params->vht_required = true;
4375 }
4376}
4377
4378
4379
4380
4381
4382
4383static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
4384{
4385 const struct cfg80211_beacon_data *bcn = ¶ms->beacon;
4386 size_t ies_len = bcn->tail_len;
4387 const u8 *ies = bcn->tail;
4388 const u8 *rates;
4389 const u8 *cap;
4390
4391 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
4392 nl80211_check_ap_rate_selectors(params, rates);
4393
4394 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
4395 nl80211_check_ap_rate_selectors(params, rates);
4396
4397 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
4398 if (cap && cap[1] >= sizeof(*params->ht_cap))
4399 params->ht_cap = (void *)(cap + 2);
4400 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
4401 if (cap && cap[1] >= sizeof(*params->vht_cap))
4402 params->vht_cap = (void *)(cap + 2);
4403 cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
4404 if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
4405 params->he_cap = (void *)(cap + 3);
4406}
4407
4408static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
4409 struct cfg80211_ap_settings *params)
4410{
4411 struct wireless_dev *wdev;
4412 bool ret = false;
4413
4414 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4415 if (wdev->iftype != NL80211_IFTYPE_AP &&
4416 wdev->iftype != NL80211_IFTYPE_P2P_GO)
4417 continue;
4418
4419 if (!wdev->preset_chandef.chan)
4420 continue;
4421
4422 params->chandef = wdev->preset_chandef;
4423 ret = true;
4424 break;
4425 }
4426
4427 return ret;
4428}
4429
4430static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
4431 enum nl80211_auth_type auth_type,
4432 enum nl80211_commands cmd)
4433{
4434 if (auth_type > NL80211_AUTHTYPE_MAX)
4435 return false;
4436
4437 switch (cmd) {
4438 case NL80211_CMD_AUTHENTICATE:
4439 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4440 auth_type == NL80211_AUTHTYPE_SAE)
4441 return false;
4442 if (!wiphy_ext_feature_isset(&rdev->wiphy,
4443 NL80211_EXT_FEATURE_FILS_STA) &&
4444 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4445 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4446 auth_type == NL80211_AUTHTYPE_FILS_PK))
4447 return false;
4448 return true;
4449 case NL80211_CMD_CONNECT:
4450 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4451 !wiphy_ext_feature_isset(&rdev->wiphy,
4452 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
4453 auth_type == NL80211_AUTHTYPE_SAE)
4454 return false;
4455
4456
4457 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4458 auth_type == NL80211_AUTHTYPE_FILS_PK)
4459 return false;
4460 if (!wiphy_ext_feature_isset(
4461 &rdev->wiphy,
4462 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
4463 auth_type == NL80211_AUTHTYPE_FILS_SK)
4464 return false;
4465 return true;
4466 case NL80211_CMD_START_AP:
4467
4468 if (auth_type == NL80211_AUTHTYPE_SAE)
4469 return false;
4470
4471 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4472 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4473 auth_type == NL80211_AUTHTYPE_FILS_PK)
4474 return false;
4475 return true;
4476 default:
4477 return false;
4478 }
4479}
4480
4481static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
4482{
4483 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4484 struct net_device *dev = info->user_ptr[1];
4485 struct wireless_dev *wdev = dev->ieee80211_ptr;
4486 struct cfg80211_ap_settings params;
4487 int err;
4488
4489 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4490 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4491 return -EOPNOTSUPP;
4492
4493 if (!rdev->ops->start_ap)
4494 return -EOPNOTSUPP;
4495
4496 if (wdev->beacon_interval)
4497 return -EALREADY;
4498
4499 memset(¶ms, 0, sizeof(params));
4500
4501
4502 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
4503 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
4504 !info->attrs[NL80211_ATTR_BEACON_HEAD])
4505 return -EINVAL;
4506
4507 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon);
4508 if (err)
4509 return err;
4510
4511 params.beacon_interval =
4512 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4513 params.dtim_period =
4514 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
4515
4516 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
4517 params.beacon_interval);
4518 if (err)
4519 return err;
4520
4521
4522
4523
4524
4525
4526
4527
4528 if (info->attrs[NL80211_ATTR_SSID]) {
4529 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4530 params.ssid_len =
4531 nla_len(info->attrs[NL80211_ATTR_SSID]);
4532 if (params.ssid_len == 0 ||
4533 params.ssid_len > IEEE80211_MAX_SSID_LEN)
4534 return -EINVAL;
4535 }
4536
4537 if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
4538 params.hidden_ssid = nla_get_u32(
4539 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4540
4541 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4542
4543 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4544 params.auth_type = nla_get_u32(
4545 info->attrs[NL80211_ATTR_AUTH_TYPE]);
4546 if (!nl80211_valid_auth_type(rdev, params.auth_type,
4547 NL80211_CMD_START_AP))
4548 return -EINVAL;
4549 } else
4550 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4551
4552 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto,
4553 NL80211_MAX_NR_CIPHER_SUITES);
4554 if (err)
4555 return err;
4556
4557 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4558 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4559 return -EOPNOTSUPP;
4560 params.inactivity_timeout = nla_get_u16(
4561 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4562 }
4563
4564 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4565 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4566 return -EINVAL;
4567 params.p2p_ctwindow =
4568 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4569 if (params.p2p_ctwindow != 0 &&
4570 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4571 return -EINVAL;
4572 }
4573
4574 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4575 u8 tmp;
4576
4577 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4578 return -EINVAL;
4579 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4580 params.p2p_opp_ps = tmp;
4581 if (params.p2p_opp_ps != 0 &&
4582 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4583 return -EINVAL;
4584 }
4585
4586 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4587 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
4588 if (err)
4589 return err;
4590 } else if (wdev->preset_chandef.chan) {
4591 params.chandef = wdev->preset_chandef;
4592 } else if (!nl80211_get_ap_channel(rdev, ¶ms))
4593 return -EINVAL;
4594
4595 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
4596 wdev->iftype))
4597 return -EINVAL;
4598
4599 if (info->attrs[NL80211_ATTR_TX_RATES]) {
4600 err = nl80211_parse_tx_bitrate_mask(info, ¶ms.beacon_rate);
4601 if (err)
4602 return err;
4603
4604 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4605 ¶ms.beacon_rate);
4606 if (err)
4607 return err;
4608 }
4609
4610 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4611 params.smps_mode =
4612 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4613 switch (params.smps_mode) {
4614 case NL80211_SMPS_OFF:
4615 break;
4616 case NL80211_SMPS_STATIC:
4617 if (!(rdev->wiphy.features &
4618 NL80211_FEATURE_STATIC_SMPS))
4619 return -EINVAL;
4620 break;
4621 case NL80211_SMPS_DYNAMIC:
4622 if (!(rdev->wiphy.features &
4623 NL80211_FEATURE_DYNAMIC_SMPS))
4624 return -EINVAL;
4625 break;
4626 default:
4627 return -EINVAL;
4628 }
4629 } else {
4630 params.smps_mode = NL80211_SMPS_OFF;
4631 }
4632
4633 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4634 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4635 return -EOPNOTSUPP;
4636
4637 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4638 params.acl = parse_acl_data(&rdev->wiphy, info);
4639 if (IS_ERR(params.acl))
4640 return PTR_ERR(params.acl);
4641 }
4642
4643 params.twt_responder =
4644 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
4645
4646 nl80211_calculate_ap_params(¶ms);
4647
4648 if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
4649 params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
4650
4651 wdev_lock(wdev);
4652 err = rdev_start_ap(rdev, dev, ¶ms);
4653 if (!err) {
4654 wdev->preset_chandef = params.chandef;
4655 wdev->beacon_interval = params.beacon_interval;
4656 wdev->chandef = params.chandef;
4657 wdev->ssid_len = params.ssid_len;
4658 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4659
4660 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4661 wdev->conn_owner_nlportid = info->snd_portid;
4662 }
4663 wdev_unlock(wdev);
4664
4665 kfree(params.acl);
4666
4667 return err;
4668}
4669
4670static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4671{
4672 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4673 struct net_device *dev = info->user_ptr[1];
4674 struct wireless_dev *wdev = dev->ieee80211_ptr;
4675 struct cfg80211_beacon_data params;
4676 int err;
4677
4678 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4679 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4680 return -EOPNOTSUPP;
4681
4682 if (!rdev->ops->change_beacon)
4683 return -EOPNOTSUPP;
4684
4685 if (!wdev->beacon_interval)
4686 return -EINVAL;
4687
4688 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms);
4689 if (err)
4690 return err;
4691
4692 wdev_lock(wdev);
4693 err = rdev_change_beacon(rdev, dev, ¶ms);
4694 wdev_unlock(wdev);
4695
4696 return err;
4697}
4698
4699static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4700{
4701 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4702 struct net_device *dev = info->user_ptr[1];
4703
4704 return cfg80211_stop_ap(rdev, dev, false);
4705}
4706
4707static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4708 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4709 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4710 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4711 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4712 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4713 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4714};
4715
4716static int parse_station_flags(struct genl_info *info,
4717 enum nl80211_iftype iftype,
4718 struct station_parameters *params)
4719{
4720 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4721 struct nlattr *nla;
4722 int flag;
4723
4724
4725
4726
4727
4728 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4729 if (nla) {
4730 struct nl80211_sta_flag_update *sta_flags;
4731
4732 sta_flags = nla_data(nla);
4733 params->sta_flags_mask = sta_flags->mask;
4734 params->sta_flags_set = sta_flags->set;
4735 params->sta_flags_set &= params->sta_flags_mask;
4736 if ((params->sta_flags_mask |
4737 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4738 return -EINVAL;
4739 return 0;
4740 }
4741
4742
4743
4744 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4745 if (!nla)
4746 return 0;
4747
4748 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
4749 return -EINVAL;
4750
4751
4752
4753
4754
4755
4756
4757 switch (iftype) {
4758 case NL80211_IFTYPE_AP:
4759 case NL80211_IFTYPE_AP_VLAN:
4760 case NL80211_IFTYPE_P2P_GO:
4761 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4762 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4763 BIT(NL80211_STA_FLAG_WME) |
4764 BIT(NL80211_STA_FLAG_MFP);
4765 break;
4766 case NL80211_IFTYPE_P2P_CLIENT:
4767 case NL80211_IFTYPE_STATION:
4768 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4769 BIT(NL80211_STA_FLAG_TDLS_PEER);
4770 break;
4771 case NL80211_IFTYPE_MESH_POINT:
4772 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4773 BIT(NL80211_STA_FLAG_MFP) |
4774 BIT(NL80211_STA_FLAG_AUTHORIZED);
4775 break;
4776 default:
4777 return -EINVAL;
4778 }
4779
4780 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4781 if (flags[flag]) {
4782 params->sta_flags_set |= (1<<flag);
4783
4784
4785 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4786 return -EINVAL;
4787 }
4788 }
4789
4790 return 0;
4791}
4792
4793bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
4794{
4795 struct nlattr *rate;
4796 u32 bitrate;
4797 u16 bitrate_compat;
4798 enum nl80211_rate_info rate_flg;
4799
4800 rate = nla_nest_start_noflag(msg, attr);
4801 if (!rate)
4802 return false;
4803
4804
4805 bitrate = cfg80211_calculate_bitrate(info);
4806
4807 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4808 if (bitrate > 0 &&
4809 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4810 return false;
4811 if (bitrate_compat > 0 &&
4812 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4813 return false;
4814
4815 switch (info->bw) {
4816 case RATE_INFO_BW_5:
4817 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4818 break;
4819 case RATE_INFO_BW_10:
4820 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4821 break;
4822 default:
4823 WARN_ON(1);
4824
4825 case RATE_INFO_BW_20:
4826 rate_flg = 0;
4827 break;
4828 case RATE_INFO_BW_40:
4829 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4830 break;
4831 case RATE_INFO_BW_80:
4832 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4833 break;
4834 case RATE_INFO_BW_160:
4835 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4836 break;
4837 case RATE_INFO_BW_HE_RU:
4838 rate_flg = 0;
4839 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
4840 }
4841
4842 if (rate_flg && nla_put_flag(msg, rate_flg))
4843 return false;
4844
4845 if (info->flags & RATE_INFO_FLAGS_MCS) {
4846 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
4847 return false;
4848 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4849 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4850 return false;
4851 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
4852 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
4853 return false;
4854 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
4855 return false;
4856 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4857 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4858 return false;
4859 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
4860 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
4861 return false;
4862 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
4863 return false;
4864 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
4865 return false;
4866 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
4867 return false;
4868 if (info->bw == RATE_INFO_BW_HE_RU &&
4869 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
4870 info->he_ru_alloc))
4871 return false;
4872 }
4873
4874 nla_nest_end(msg, rate);
4875 return true;
4876}
4877
4878static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
4879 int id)
4880{
4881 void *attr;
4882 int i = 0;
4883
4884 if (!mask)
4885 return true;
4886
4887 attr = nla_nest_start_noflag(msg, id);
4888 if (!attr)
4889 return false;
4890
4891 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
4892 if (!(mask & BIT(i)))
4893 continue;
4894
4895 if (nla_put_u8(msg, i, signal[i]))
4896 return false;
4897 }
4898
4899 nla_nest_end(msg, attr);
4900
4901 return true;
4902}
4903
4904static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
4905 u32 seq, int flags,
4906 struct cfg80211_registered_device *rdev,
4907 struct net_device *dev,
4908 const u8 *mac_addr, struct station_info *sinfo)
4909{
4910 void *hdr;
4911 struct nlattr *sinfoattr, *bss_param;
4912
4913 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4914 if (!hdr) {
4915 cfg80211_sinfo_release_content(sinfo);
4916 return -1;
4917 }
4918
4919 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4920 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
4921 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
4922 goto nla_put_failure;
4923
4924 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
4925 if (!sinfoattr)
4926 goto nla_put_failure;
4927
4928#define PUT_SINFO(attr, memb, type) do { \
4929 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
4930 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
4931 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
4932 sinfo->memb)) \
4933 goto nla_put_failure; \
4934 } while (0)
4935#define PUT_SINFO_U64(attr, memb) do { \
4936 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
4937 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
4938 sinfo->memb, NL80211_STA_INFO_PAD)) \
4939 goto nla_put_failure; \
4940 } while (0)
4941
4942 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
4943 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
4944
4945 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
4946 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
4947 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
4948 (u32)sinfo->rx_bytes))
4949 goto nla_put_failure;
4950
4951 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
4952 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
4953 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
4954 (u32)sinfo->tx_bytes))
4955 goto nla_put_failure;
4956
4957 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
4958 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
4959 PUT_SINFO(LLID, llid, u16);
4960 PUT_SINFO(PLID, plid, u16);
4961 PUT_SINFO(PLINK_STATE, plink_state, u8);
4962 PUT_SINFO_U64(RX_DURATION, rx_duration);
4963 PUT_SINFO_U64(TX_DURATION, tx_duration);
4964
4965 if (wiphy_ext_feature_isset(&rdev->wiphy,
4966 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
4967 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
4968
4969 switch (rdev->wiphy.signal_type) {
4970 case CFG80211_SIGNAL_TYPE_MBM:
4971 PUT_SINFO(SIGNAL, signal, u8);
4972 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
4973 break;
4974 default:
4975 break;
4976 }
4977 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
4978 if (!nl80211_put_signal(msg, sinfo->chains,
4979 sinfo->chain_signal,
4980 NL80211_STA_INFO_CHAIN_SIGNAL))
4981 goto nla_put_failure;
4982 }
4983 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
4984 if (!nl80211_put_signal(msg, sinfo->chains,
4985 sinfo->chain_signal_avg,
4986 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
4987 goto nla_put_failure;
4988 }
4989 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
4990 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
4991 NL80211_STA_INFO_TX_BITRATE))
4992 goto nla_put_failure;
4993 }
4994 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
4995 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
4996 NL80211_STA_INFO_RX_BITRATE))
4997 goto nla_put_failure;
4998 }
4999
5000 PUT_SINFO(RX_PACKETS, rx_packets, u32);
5001 PUT_SINFO(TX_PACKETS, tx_packets, u32);
5002 PUT_SINFO(TX_RETRIES, tx_retries, u32);
5003 PUT_SINFO(TX_FAILED, tx_failed, u32);
5004 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
5005 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
5006 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
5007 PUT_SINFO(LOCAL_PM, local_pm, u32);
5008 PUT_SINFO(PEER_PM, peer_pm, u32);
5009 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
5010 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
5011
5012 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5013 bss_param = nla_nest_start_noflag(msg,
5014 NL80211_STA_INFO_BSS_PARAM);
5015 if (!bss_param)
5016 goto nla_put_failure;
5017
5018 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5019 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5020 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5021 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5022 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5023 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5024 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5025 sinfo->bss_param.dtim_period) ||
5026 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5027 sinfo->bss_param.beacon_interval))
5028 goto nla_put_failure;
5029
5030 nla_nest_end(msg, bss_param);
5031 }
5032 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5033 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5034 sizeof(struct nl80211_sta_flag_update),
5035 &sinfo->sta_flags))
5036 goto nla_put_failure;
5037
5038 PUT_SINFO_U64(T_OFFSET, t_offset);
5039 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5040 PUT_SINFO_U64(BEACON_RX, rx_beacon);
5041 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5042 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5043 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5044 if (wiphy_ext_feature_isset(&rdev->wiphy,
5045 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5046 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5047 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5048 }
5049
5050#undef PUT_SINFO
5051#undef PUT_SINFO_U64
5052
5053 if (sinfo->pertid) {
5054 struct nlattr *tidsattr;
5055 int tid;
5056
5057 tidsattr = nla_nest_start_noflag(msg,
5058 NL80211_STA_INFO_TID_STATS);
5059 if (!tidsattr)
5060 goto nla_put_failure;
5061
5062 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5063 struct cfg80211_tid_stats *tidstats;
5064 struct nlattr *tidattr;
5065
5066 tidstats = &sinfo->pertid[tid];
5067
5068 if (!tidstats->filled)
5069 continue;
5070
5071 tidattr = nla_nest_start_noflag(msg, tid + 1);
5072 if (!tidattr)
5073 goto nla_put_failure;
5074
5075#define PUT_TIDVAL_U64(attr, memb) do { \
5076 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
5077 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
5078 tidstats->memb, NL80211_TID_STATS_PAD)) \
5079 goto nla_put_failure; \
5080 } while (0)
5081
5082 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5083 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5084 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5085 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5086
5087#undef PUT_TIDVAL_U64
5088 if ((tidstats->filled &
5089 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5090 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5091 NL80211_TID_STATS_TXQ_STATS))
5092 goto nla_put_failure;
5093
5094 nla_nest_end(msg, tidattr);
5095 }
5096
5097 nla_nest_end(msg, tidsattr);
5098 }
5099
5100 nla_nest_end(msg, sinfoattr);
5101
5102 if (sinfo->assoc_req_ies_len &&
5103 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5104 sinfo->assoc_req_ies))
5105 goto nla_put_failure;
5106
5107 cfg80211_sinfo_release_content(sinfo);
5108 genlmsg_end(msg, hdr);
5109 return 0;
5110
5111 nla_put_failure:
5112 cfg80211_sinfo_release_content(sinfo);
5113 genlmsg_cancel(msg, hdr);
5114 return -EMSGSIZE;
5115}
5116
5117static int nl80211_dump_station(struct sk_buff *skb,
5118 struct netlink_callback *cb)
5119{
5120 struct station_info sinfo;
5121 struct cfg80211_registered_device *rdev;
5122 struct wireless_dev *wdev;
5123 u8 mac_addr[ETH_ALEN];
5124 int sta_idx = cb->args[2];
5125 int err;
5126
5127 rtnl_lock();
5128 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5129 if (err)
5130 goto out_err;
5131
5132 if (!wdev->netdev) {
5133 err = -EINVAL;
5134 goto out_err;
5135 }
5136
5137 if (!rdev->ops->dump_station) {
5138 err = -EOPNOTSUPP;
5139 goto out_err;
5140 }
5141
5142 while (1) {
5143 memset(&sinfo, 0, sizeof(sinfo));
5144 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
5145 mac_addr, &sinfo);
5146 if (err == -ENOENT)
5147 break;
5148 if (err)
5149 goto out_err;
5150
5151 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
5152 NETLINK_CB(cb->skb).portid,
5153 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5154 rdev, wdev->netdev, mac_addr,
5155 &sinfo) < 0)
5156 goto out;
5157
5158 sta_idx++;
5159 }
5160
5161 out:
5162 cb->args[2] = sta_idx;
5163 err = skb->len;
5164 out_err:
5165 rtnl_unlock();
5166
5167 return err;
5168}
5169
5170static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
5171{
5172 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5173 struct net_device *dev = info->user_ptr[1];
5174 struct station_info sinfo;
5175 struct sk_buff *msg;
5176 u8 *mac_addr = NULL;
5177 int err;
5178
5179 memset(&sinfo, 0, sizeof(sinfo));
5180
5181 if (!info->attrs[NL80211_ATTR_MAC])
5182 return -EINVAL;
5183
5184 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5185
5186 if (!rdev->ops->get_station)
5187 return -EOPNOTSUPP;
5188
5189 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
5190 if (err)
5191 return err;
5192
5193 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5194 if (!msg) {
5195 cfg80211_sinfo_release_content(&sinfo);
5196 return -ENOMEM;
5197 }
5198
5199 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
5200 info->snd_portid, info->snd_seq, 0,
5201 rdev, dev, mac_addr, &sinfo) < 0) {
5202 nlmsg_free(msg);
5203 return -ENOBUFS;
5204 }
5205
5206 return genlmsg_reply(msg, info);
5207}
5208
5209int cfg80211_check_station_change(struct wiphy *wiphy,
5210 struct station_parameters *params,
5211 enum cfg80211_station_type statype)
5212{
5213 if (params->listen_interval != -1 &&
5214 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5215 return -EINVAL;
5216
5217 if (params->support_p2p_ps != -1 &&
5218 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5219 return -EINVAL;
5220
5221 if (params->aid &&
5222 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
5223 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5224 return -EINVAL;
5225
5226
5227 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5228
5229 switch (statype) {
5230 case CFG80211_STA_MESH_PEER_KERNEL:
5231 case CFG80211_STA_MESH_PEER_USER:
5232
5233
5234
5235
5236
5237 if (params->sta_flags_mask &
5238 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5239 BIT(NL80211_STA_FLAG_MFP) |
5240 BIT(NL80211_STA_FLAG_AUTHORIZED)))
5241 return -EINVAL;
5242 break;
5243 case CFG80211_STA_TDLS_PEER_SETUP:
5244 case CFG80211_STA_TDLS_PEER_ACTIVE:
5245 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5246 return -EINVAL;
5247
5248 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5249 break;
5250 default:
5251
5252 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
5253 return -EINVAL;
5254 if (params->local_pm)
5255 return -EINVAL;
5256 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5257 return -EINVAL;
5258 }
5259
5260 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5261 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
5262
5263 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
5264 return -EINVAL;
5265
5266
5267
5268
5269
5270 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5271 }
5272
5273 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5274 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5275
5276 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
5277 return -EINVAL;
5278 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
5279 return -EINVAL;
5280 if (params->supported_rates)
5281 return -EINVAL;
5282 if (params->ext_capab || params->ht_capa || params->vht_capa ||
5283 params->he_capa)
5284 return -EINVAL;
5285 }
5286
5287 if (statype != CFG80211_STA_AP_CLIENT &&
5288 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5289 if (params->vlan)
5290 return -EINVAL;
5291 }
5292
5293 switch (statype) {
5294 case CFG80211_STA_AP_MLME_CLIENT:
5295
5296 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5297 return -EOPNOTSUPP;
5298 break;
5299 case CFG80211_STA_AP_CLIENT:
5300 case CFG80211_STA_AP_CLIENT_UNASSOC:
5301
5302 if (params->sta_flags_mask &
5303 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5304 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5305 BIT(NL80211_STA_FLAG_ASSOCIATED) |
5306 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5307 BIT(NL80211_STA_FLAG_WME) |
5308 BIT(NL80211_STA_FLAG_MFP)))
5309 return -EINVAL;
5310
5311
5312 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5313 params->sta_flags_mask &
5314 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5315 BIT(NL80211_STA_FLAG_ASSOCIATED)))
5316 return -EINVAL;
5317 break;
5318 case CFG80211_STA_IBSS:
5319 case CFG80211_STA_AP_STA:
5320
5321 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
5322 return -EINVAL;
5323 break;
5324 case CFG80211_STA_TDLS_PEER_SETUP:
5325
5326 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5327 BIT(NL80211_STA_FLAG_WME)))
5328 return -EINVAL;
5329
5330 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
5331 !params->supported_rates)
5332 return -EINVAL;
5333 break;
5334 case CFG80211_STA_TDLS_PEER_ACTIVE:
5335
5336 return -EINVAL;
5337 case CFG80211_STA_MESH_PEER_KERNEL:
5338 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5339 return -EINVAL;
5340 break;
5341 case CFG80211_STA_MESH_PEER_USER:
5342 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
5343 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
5344 return -EINVAL;
5345 break;
5346 }
5347
5348
5349
5350
5351
5352
5353 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
5354 statype != CFG80211_STA_TDLS_PEER_SETUP)
5355 params->opmode_notif_used = false;
5356
5357 return 0;
5358}
5359EXPORT_SYMBOL(cfg80211_check_station_change);
5360
5361
5362
5363
5364static struct net_device *get_vlan(struct genl_info *info,
5365 struct cfg80211_registered_device *rdev)
5366{
5367 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
5368 struct net_device *v;
5369 int ret;
5370
5371 if (!vlanattr)
5372 return NULL;
5373
5374 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
5375 if (!v)
5376 return ERR_PTR(-ENODEV);
5377
5378 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
5379 ret = -EINVAL;
5380 goto error;
5381 }
5382
5383 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5384 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5385 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
5386 ret = -EINVAL;
5387 goto error;
5388 }
5389
5390 if (!netif_running(v)) {
5391 ret = -ENETDOWN;
5392 goto error;
5393 }
5394
5395 return v;
5396 error:
5397 dev_put(v);
5398 return ERR_PTR(ret);
5399}
5400
5401static const struct nla_policy
5402nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
5403 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
5404 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
5405};
5406
5407static int nl80211_parse_sta_wme(struct genl_info *info,
5408 struct station_parameters *params)
5409{
5410 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
5411 struct nlattr *nla;
5412 int err;
5413
5414
5415 if (!info->attrs[NL80211_ATTR_STA_WME])
5416 return 0;
5417
5418 nla = info->attrs[NL80211_ATTR_STA_WME];
5419 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
5420 nl80211_sta_wme_policy,
5421 info->extack);
5422 if (err)
5423 return err;
5424
5425 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
5426 params->uapsd_queues = nla_get_u8(
5427 tb[NL80211_STA_WME_UAPSD_QUEUES]);
5428 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
5429 return -EINVAL;
5430
5431 if (tb[NL80211_STA_WME_MAX_SP])
5432 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
5433
5434 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
5435 return -EINVAL;
5436
5437 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
5438
5439 return 0;
5440}
5441
5442static int nl80211_parse_sta_channel_info(struct genl_info *info,
5443 struct station_parameters *params)
5444{
5445 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
5446 params->supported_channels =
5447 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5448 params->supported_channels_len =
5449 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5450
5451
5452
5453
5454
5455 if (params->supported_channels_len < 2)
5456 return -EINVAL;
5457 if (params->supported_channels_len % 2)
5458 return -EINVAL;
5459 }
5460
5461 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
5462 params->supported_oper_classes =
5463 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5464 params->supported_oper_classes_len =
5465 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5466
5467
5468
5469
5470 if (params->supported_oper_classes_len < 2 ||
5471 params->supported_oper_classes_len > 253)
5472 return -EINVAL;
5473 }
5474 return 0;
5475}
5476
5477static int nl80211_set_station_tdls(struct genl_info *info,
5478 struct station_parameters *params)
5479{
5480 int err;
5481
5482 if (info->attrs[NL80211_ATTR_PEER_AID])
5483 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5484 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5485 params->ht_capa =
5486 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5487 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5488 params->vht_capa =
5489 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5490 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5491 params->he_capa =
5492 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5493 params->he_capa_len =
5494 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5495
5496 if (params->he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5497 return -EINVAL;
5498 }
5499
5500 err = nl80211_parse_sta_channel_info(info, params);
5501 if (err)
5502 return err;
5503
5504 return nl80211_parse_sta_wme(info, params);
5505}
5506
5507static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
5508 struct station_parameters *params)
5509{
5510 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5511 int idx;
5512
5513 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
5514 if (!rdev->ops->set_tx_power ||
5515 !wiphy_ext_feature_isset(&rdev->wiphy,
5516 NL80211_EXT_FEATURE_STA_TX_PWR))
5517 return -EOPNOTSUPP;
5518
5519 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
5520 params->txpwr.type = nla_get_u8(info->attrs[idx]);
5521
5522 if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
5523 idx = NL80211_ATTR_STA_TX_POWER;
5524
5525 if (info->attrs[idx])
5526 params->txpwr.power =
5527 nla_get_s16(info->attrs[idx]);
5528 else
5529 return -EINVAL;
5530 }
5531 params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
5532 }
5533
5534 return 0;
5535}
5536
5537static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
5538{
5539 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5540 struct net_device *dev = info->user_ptr[1];
5541 struct station_parameters params;
5542 u8 *mac_addr;
5543 int err;
5544
5545 memset(¶ms, 0, sizeof(params));
5546
5547 if (!rdev->ops->change_station)
5548 return -EOPNOTSUPP;
5549
5550
5551
5552
5553
5554
5555 if (info->attrs[NL80211_ATTR_STA_AID])
5556 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5557
5558 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5559 params.listen_interval =
5560 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5561 else
5562 params.listen_interval = -1;
5563
5564 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
5565 params.support_p2p_ps =
5566 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5567 else
5568 params.support_p2p_ps = -1;
5569
5570 if (!info->attrs[NL80211_ATTR_MAC])
5571 return -EINVAL;
5572
5573 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5574
5575 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
5576 params.supported_rates =
5577 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5578 params.supported_rates_len =
5579 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5580 }
5581
5582 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5583 params.capability =
5584 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5585 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5586 }
5587
5588 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5589 params.ext_capab =
5590 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5591 params.ext_capab_len =
5592 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5593 }
5594
5595 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
5596 return -EINVAL;
5597
5598 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5599 params.plink_action =
5600 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5601
5602 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
5603 params.plink_state =
5604 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
5605 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
5606 params.peer_aid = nla_get_u16(
5607 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
5608 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
5609 }
5610
5611 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
5612 params.local_pm = nla_get_u32(
5613 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5614
5615 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5616 params.opmode_notif_used = true;
5617 params.opmode_notif =
5618 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5619 }
5620
5621 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5622 params.airtime_weight =
5623 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5624
5625 if (params.airtime_weight &&
5626 !wiphy_ext_feature_isset(&rdev->wiphy,
5627 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5628 return -EOPNOTSUPP;
5629
5630 err = nl80211_parse_sta_txpower_setting(info, ¶ms);
5631 if (err)
5632 return err;
5633
5634
5635 err = nl80211_set_station_tdls(info, ¶ms);
5636 if (err)
5637 return err;
5638
5639 params.vlan = get_vlan(info, rdev);
5640 if (IS_ERR(params.vlan))
5641 return PTR_ERR(params.vlan);
5642
5643 switch (dev->ieee80211_ptr->iftype) {
5644 case NL80211_IFTYPE_AP:
5645 case NL80211_IFTYPE_AP_VLAN:
5646 case NL80211_IFTYPE_P2P_GO:
5647 case NL80211_IFTYPE_P2P_CLIENT:
5648 case NL80211_IFTYPE_STATION:
5649 case NL80211_IFTYPE_ADHOC:
5650 case NL80211_IFTYPE_MESH_POINT:
5651 break;
5652 default:
5653 err = -EOPNOTSUPP;
5654 goto out_put_vlan;
5655 }
5656
5657
5658 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
5659
5660 out_put_vlan:
5661 if (params.vlan)
5662 dev_put(params.vlan);
5663
5664 return err;
5665}
5666
5667static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5668{
5669 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5670 int err;
5671 struct net_device *dev = info->user_ptr[1];
5672 struct station_parameters params;
5673 u8 *mac_addr = NULL;
5674 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5675 BIT(NL80211_STA_FLAG_ASSOCIATED);
5676
5677 memset(¶ms, 0, sizeof(params));
5678
5679 if (!rdev->ops->add_station)
5680 return -EOPNOTSUPP;
5681
5682 if (!info->attrs[NL80211_ATTR_MAC])
5683 return -EINVAL;
5684
5685 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5686 return -EINVAL;
5687
5688 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5689 return -EINVAL;
5690
5691 if (!info->attrs[NL80211_ATTR_STA_AID] &&
5692 !info->attrs[NL80211_ATTR_PEER_AID])
5693 return -EINVAL;
5694
5695 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5696 params.supported_rates =
5697 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5698 params.supported_rates_len =
5699 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5700 params.listen_interval =
5701 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5702
5703 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5704 params.support_p2p_ps =
5705 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5706 } else {
5707
5708
5709
5710
5711 params.support_p2p_ps =
5712 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5713 }
5714
5715 if (info->attrs[NL80211_ATTR_PEER_AID])
5716 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5717 else
5718 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5719
5720 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5721 params.capability =
5722 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5723 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5724 }
5725
5726 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5727 params.ext_capab =
5728 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5729 params.ext_capab_len =
5730 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5731 }
5732
5733 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5734 params.ht_capa =
5735 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5736
5737 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5738 params.vht_capa =
5739 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5740
5741 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5742 params.he_capa =
5743 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5744 params.he_capa_len =
5745 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5746
5747
5748 if (params.he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5749 return -EINVAL;
5750 }
5751
5752 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5753 params.opmode_notif_used = true;
5754 params.opmode_notif =
5755 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5756 }
5757
5758 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5759 params.plink_action =
5760 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5761
5762 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5763 params.airtime_weight =
5764 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5765
5766 if (params.airtime_weight &&
5767 !wiphy_ext_feature_isset(&rdev->wiphy,
5768 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5769 return -EOPNOTSUPP;
5770
5771 err = nl80211_parse_sta_txpower_setting(info, ¶ms);
5772 if (err)
5773 return err;
5774
5775 err = nl80211_parse_sta_channel_info(info, ¶ms);
5776 if (err)
5777 return err;
5778
5779 err = nl80211_parse_sta_wme(info, ¶ms);
5780 if (err)
5781 return err;
5782
5783 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
5784 return -EINVAL;
5785
5786
5787
5788
5789
5790
5791 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5792 params.ht_capa = NULL;
5793 params.vht_capa = NULL;
5794
5795
5796 if (params.he_capa_len)
5797 return -EINVAL;
5798 }
5799
5800
5801 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5802
5803 switch (dev->ieee80211_ptr->iftype) {
5804 case NL80211_IFTYPE_AP:
5805 case NL80211_IFTYPE_AP_VLAN:
5806 case NL80211_IFTYPE_P2P_GO:
5807
5808 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5809 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5810 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5811
5812
5813 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5814 info->attrs[NL80211_ATTR_PEER_AID])
5815 return -EINVAL;
5816
5817 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5818
5819
5820 if (!(rdev->wiphy.features &
5821 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5822 params.sta_flags_mask & auth_assoc)
5823 return -EINVAL;
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
5834
5835 if (!(params.sta_flags_mask & auth_assoc)) {
5836 params.sta_flags_mask |= auth_assoc;
5837 params.sta_flags_set |= auth_assoc;
5838 }
5839
5840
5841 params.vlan = get_vlan(info, rdev);
5842 if (IS_ERR(params.vlan))
5843 return PTR_ERR(params.vlan);
5844 break;
5845 case NL80211_IFTYPE_MESH_POINT:
5846
5847 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5848
5849
5850 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
5851 return -EINVAL;
5852
5853 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5854 info->attrs[NL80211_ATTR_PEER_AID])
5855 return -EINVAL;
5856 break;
5857 case NL80211_IFTYPE_STATION:
5858 case NL80211_IFTYPE_P2P_CLIENT:
5859
5860 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5861
5862
5863 if (params.sta_flags_mask &
5864 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
5865 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
5866 return -EINVAL;
5867
5868 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5869 return -EINVAL;
5870
5871 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
5872 return -EOPNOTSUPP;
5873
5874 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
5875 return -EOPNOTSUPP;
5876
5877
5878
5879
5880 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
5881 break;
5882 default:
5883 return -EOPNOTSUPP;
5884 }
5885
5886
5887
5888 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
5889
5890 if (params.vlan)
5891 dev_put(params.vlan);
5892 return err;
5893}
5894
5895static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
5896{
5897 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5898 struct net_device *dev = info->user_ptr[1];
5899 struct station_del_parameters params;
5900
5901 memset(¶ms, 0, sizeof(params));
5902
5903 if (info->attrs[NL80211_ATTR_MAC])
5904 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
5905
5906 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5907 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5908 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5909 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5910 return -EINVAL;
5911
5912 if (!rdev->ops->del_station)
5913 return -EOPNOTSUPP;
5914
5915 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
5916 params.subtype =
5917 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
5918 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
5919 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
5920 return -EINVAL;
5921 } else {
5922
5923 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
5924 }
5925
5926 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
5927 params.reason_code =
5928 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5929 if (params.reason_code == 0)
5930 return -EINVAL;
5931 } else {
5932
5933 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
5934 }
5935
5936 return rdev_del_station(rdev, dev, ¶ms);
5937}
5938
5939static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
5940 int flags, struct net_device *dev,
5941 u8 *dst, u8 *next_hop,
5942 struct mpath_info *pinfo)
5943{
5944 void *hdr;
5945 struct nlattr *pinfoattr;
5946
5947 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
5948 if (!hdr)
5949 return -1;
5950
5951 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5952 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
5953 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
5954 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
5955 goto nla_put_failure;
5956
5957 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
5958 if (!pinfoattr)
5959 goto nla_put_failure;
5960 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
5961 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
5962 pinfo->frame_qlen))
5963 goto nla_put_failure;
5964 if (((pinfo->filled & MPATH_INFO_SN) &&
5965 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
5966 ((pinfo->filled & MPATH_INFO_METRIC) &&
5967 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
5968 pinfo->metric)) ||
5969 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
5970 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
5971 pinfo->exptime)) ||
5972 ((pinfo->filled & MPATH_INFO_FLAGS) &&
5973 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
5974 pinfo->flags)) ||
5975 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
5976 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
5977 pinfo->discovery_timeout)) ||
5978 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
5979 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
5980 pinfo->discovery_retries)) ||
5981 ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
5982 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
5983 pinfo->hop_count)) ||
5984 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
5985 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
5986 pinfo->path_change_count)))
5987 goto nla_put_failure;
5988
5989 nla_nest_end(msg, pinfoattr);
5990
5991 genlmsg_end(msg, hdr);
5992 return 0;
5993
5994 nla_put_failure:
5995 genlmsg_cancel(msg, hdr);
5996 return -EMSGSIZE;
5997}
5998
5999static int nl80211_dump_mpath(struct sk_buff *skb,
6000 struct netlink_callback *cb)
6001{
6002 struct mpath_info pinfo;
6003 struct cfg80211_registered_device *rdev;
6004 struct wireless_dev *wdev;
6005 u8 dst[ETH_ALEN];
6006 u8 next_hop[ETH_ALEN];
6007 int path_idx = cb->args[2];
6008 int err;
6009
6010 rtnl_lock();
6011 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6012 if (err)
6013 goto out_err;
6014
6015 if (!rdev->ops->dump_mpath) {
6016 err = -EOPNOTSUPP;
6017 goto out_err;
6018 }
6019
6020 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6021 err = -EOPNOTSUPP;
6022 goto out_err;
6023 }
6024
6025 while (1) {
6026 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6027 next_hop, &pinfo);
6028 if (err == -ENOENT)
6029 break;
6030 if (err)
6031 goto out_err;
6032
6033 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6034 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6035 wdev->netdev, dst, next_hop,
6036 &pinfo) < 0)
6037 goto out;
6038
6039 path_idx++;
6040 }
6041
6042 out:
6043 cb->args[2] = path_idx;
6044 err = skb->len;
6045 out_err:
6046 rtnl_unlock();
6047 return err;
6048}
6049
6050static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6051{
6052 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6053 int err;
6054 struct net_device *dev = info->user_ptr[1];
6055 struct mpath_info pinfo;
6056 struct sk_buff *msg;
6057 u8 *dst = NULL;
6058 u8 next_hop[ETH_ALEN];
6059
6060 memset(&pinfo, 0, sizeof(pinfo));
6061
6062 if (!info->attrs[NL80211_ATTR_MAC])
6063 return -EINVAL;
6064
6065 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6066
6067 if (!rdev->ops->get_mpath)
6068 return -EOPNOTSUPP;
6069
6070 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6071 return -EOPNOTSUPP;
6072
6073 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6074 if (err)
6075 return err;
6076
6077 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6078 if (!msg)
6079 return -ENOMEM;
6080
6081 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6082 dev, dst, next_hop, &pinfo) < 0) {
6083 nlmsg_free(msg);
6084 return -ENOBUFS;
6085 }
6086
6087 return genlmsg_reply(msg, info);
6088}
6089
6090static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6091{
6092 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6093 struct net_device *dev = info->user_ptr[1];
6094 u8 *dst = NULL;
6095 u8 *next_hop = NULL;
6096
6097 if (!info->attrs[NL80211_ATTR_MAC])
6098 return -EINVAL;
6099
6100 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6101 return -EINVAL;
6102
6103 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6104 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6105
6106 if (!rdev->ops->change_mpath)
6107 return -EOPNOTSUPP;
6108
6109 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6110 return -EOPNOTSUPP;
6111
6112 return rdev_change_mpath(rdev, dev, dst, next_hop);
6113}
6114
6115static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
6116{
6117 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6118 struct net_device *dev = info->user_ptr[1];
6119 u8 *dst = NULL;
6120 u8 *next_hop = NULL;
6121
6122 if (!info->attrs[NL80211_ATTR_MAC])
6123 return -EINVAL;
6124
6125 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6126 return -EINVAL;
6127
6128 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6129 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6130
6131 if (!rdev->ops->add_mpath)
6132 return -EOPNOTSUPP;
6133
6134 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6135 return -EOPNOTSUPP;
6136
6137 return rdev_add_mpath(rdev, dev, dst, next_hop);
6138}
6139
6140static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
6141{
6142 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6143 struct net_device *dev = info->user_ptr[1];
6144 u8 *dst = NULL;
6145
6146 if (info->attrs[NL80211_ATTR_MAC])
6147 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6148
6149 if (!rdev->ops->del_mpath)
6150 return -EOPNOTSUPP;
6151
6152 return rdev_del_mpath(rdev, dev, dst);
6153}
6154
6155static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
6156{
6157 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6158 int err;
6159 struct net_device *dev = info->user_ptr[1];
6160 struct mpath_info pinfo;
6161 struct sk_buff *msg;
6162 u8 *dst = NULL;
6163 u8 mpp[ETH_ALEN];
6164
6165 memset(&pinfo, 0, sizeof(pinfo));
6166
6167 if (!info->attrs[NL80211_ATTR_MAC])
6168 return -EINVAL;
6169
6170 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6171
6172 if (!rdev->ops->get_mpp)
6173 return -EOPNOTSUPP;
6174
6175 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6176 return -EOPNOTSUPP;
6177
6178 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
6179 if (err)
6180 return err;
6181
6182 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6183 if (!msg)
6184 return -ENOMEM;
6185
6186 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6187 dev, dst, mpp, &pinfo) < 0) {
6188 nlmsg_free(msg);
6189 return -ENOBUFS;
6190 }
6191
6192 return genlmsg_reply(msg, info);
6193}
6194
6195static int nl80211_dump_mpp(struct sk_buff *skb,
6196 struct netlink_callback *cb)
6197{
6198 struct mpath_info pinfo;
6199 struct cfg80211_registered_device *rdev;
6200 struct wireless_dev *wdev;
6201 u8 dst[ETH_ALEN];
6202 u8 mpp[ETH_ALEN];
6203 int path_idx = cb->args[2];
6204 int err;
6205
6206 rtnl_lock();
6207 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6208 if (err)
6209 goto out_err;
6210
6211 if (!rdev->ops->dump_mpp) {
6212 err = -EOPNOTSUPP;
6213 goto out_err;
6214 }
6215
6216 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6217 err = -EOPNOTSUPP;
6218 goto out_err;
6219 }
6220
6221 while (1) {
6222 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
6223 mpp, &pinfo);
6224 if (err == -ENOENT)
6225 break;
6226 if (err)
6227 goto out_err;
6228
6229 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6230 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6231 wdev->netdev, dst, mpp,
6232 &pinfo) < 0)
6233 goto out;
6234
6235 path_idx++;
6236 }
6237
6238 out:
6239 cb->args[2] = path_idx;
6240 err = skb->len;
6241 out_err:
6242 rtnl_unlock();
6243 return err;
6244}
6245
6246static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
6247{
6248 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6249 struct net_device *dev = info->user_ptr[1];
6250 struct wireless_dev *wdev = dev->ieee80211_ptr;
6251 struct bss_parameters params;
6252 int err;
6253
6254 memset(¶ms, 0, sizeof(params));
6255
6256 params.use_cts_prot = -1;
6257 params.use_short_preamble = -1;
6258 params.use_short_slot_time = -1;
6259 params.ap_isolate = -1;
6260 params.ht_opmode = -1;
6261 params.p2p_ctwindow = -1;
6262 params.p2p_opp_ps = -1;
6263
6264 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
6265 params.use_cts_prot =
6266 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
6267 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
6268 params.use_short_preamble =
6269 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
6270 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
6271 params.use_short_slot_time =
6272 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
6273 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6274 params.basic_rates =
6275 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6276 params.basic_rates_len =
6277 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6278 }
6279 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
6280 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
6281 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
6282 params.ht_opmode =
6283 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
6284
6285 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6286 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6287 return -EINVAL;
6288 params.p2p_ctwindow =
6289 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6290 if (params.p2p_ctwindow != 0 &&
6291 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
6292 return -EINVAL;
6293 }
6294
6295 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6296 u8 tmp;
6297
6298 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6299 return -EINVAL;
6300 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6301 params.p2p_opp_ps = tmp;
6302 if (params.p2p_opp_ps &&
6303 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
6304 return -EINVAL;
6305 }
6306
6307 if (!rdev->ops->change_bss)
6308 return -EOPNOTSUPP;
6309
6310 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6311 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6312 return -EOPNOTSUPP;
6313
6314 wdev_lock(wdev);
6315 err = rdev_change_bss(rdev, dev, ¶ms);
6316 wdev_unlock(wdev);
6317
6318 return err;
6319}
6320
6321static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
6322{
6323 char *data = NULL;
6324 bool is_indoor;
6325 enum nl80211_user_reg_hint_type user_reg_hint_type;
6326 u32 owner_nlportid;
6327
6328
6329
6330
6331
6332
6333
6334 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
6335 return -EINPROGRESS;
6336
6337 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
6338 user_reg_hint_type =
6339 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
6340 else
6341 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
6342
6343 switch (user_reg_hint_type) {
6344 case NL80211_USER_REG_HINT_USER:
6345 case NL80211_USER_REG_HINT_CELL_BASE:
6346 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6347 return -EINVAL;
6348
6349 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6350 return regulatory_hint_user(data, user_reg_hint_type);
6351 case NL80211_USER_REG_HINT_INDOOR:
6352 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
6353 owner_nlportid = info->snd_portid;
6354 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
6355 } else {
6356 owner_nlportid = 0;
6357 is_indoor = true;
6358 }
6359
6360 return regulatory_hint_indoor(is_indoor, owner_nlportid);
6361 default:
6362 return -EINVAL;
6363 }
6364}
6365
6366static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
6367{
6368 return reg_reload_regdb();
6369}
6370
6371static int nl80211_get_mesh_config(struct sk_buff *skb,
6372 struct genl_info *info)
6373{
6374 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6375 struct net_device *dev = info->user_ptr[1];
6376 struct wireless_dev *wdev = dev->ieee80211_ptr;
6377 struct mesh_config cur_params;
6378 int err = 0;
6379 void *hdr;
6380 struct nlattr *pinfoattr;
6381 struct sk_buff *msg;
6382
6383 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6384 return -EOPNOTSUPP;
6385
6386 if (!rdev->ops->get_mesh_config)
6387 return -EOPNOTSUPP;
6388
6389 wdev_lock(wdev);
6390
6391 if (!wdev->mesh_id_len)
6392 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
6393 else
6394 err = rdev_get_mesh_config(rdev, dev, &cur_params);
6395 wdev_unlock(wdev);
6396
6397 if (err)
6398 return err;
6399
6400
6401 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6402 if (!msg)
6403 return -ENOMEM;
6404 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6405 NL80211_CMD_GET_MESH_CONFIG);
6406 if (!hdr)
6407 goto out;
6408 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
6409 if (!pinfoattr)
6410 goto nla_put_failure;
6411 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6412 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
6413 cur_params.dot11MeshRetryTimeout) ||
6414 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
6415 cur_params.dot11MeshConfirmTimeout) ||
6416 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
6417 cur_params.dot11MeshHoldingTimeout) ||
6418 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
6419 cur_params.dot11MeshMaxPeerLinks) ||
6420 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
6421 cur_params.dot11MeshMaxRetries) ||
6422 nla_put_u8(msg, NL80211_MESHCONF_TTL,
6423 cur_params.dot11MeshTTL) ||
6424 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
6425 cur_params.element_ttl) ||
6426 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6427 cur_params.auto_open_plinks) ||
6428 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6429 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
6430 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6431 cur_params.dot11MeshHWMPmaxPREQretries) ||
6432 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
6433 cur_params.path_refresh_time) ||
6434 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6435 cur_params.min_discovery_timeout) ||
6436 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6437 cur_params.dot11MeshHWMPactivePathTimeout) ||
6438 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6439 cur_params.dot11MeshHWMPpreqMinInterval) ||
6440 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6441 cur_params.dot11MeshHWMPperrMinInterval) ||
6442 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6443 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
6444 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
6445 cur_params.dot11MeshHWMPRootMode) ||
6446 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6447 cur_params.dot11MeshHWMPRannInterval) ||
6448 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6449 cur_params.dot11MeshGateAnnouncementProtocol) ||
6450 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
6451 cur_params.dot11MeshForwarding) ||
6452 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
6453 cur_params.rssi_threshold) ||
6454 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
6455 cur_params.ht_opmode) ||
6456 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6457 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
6458 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6459 cur_params.dot11MeshHWMProotInterval) ||
6460 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6461 cur_params.dot11MeshHWMPconfirmationInterval) ||
6462 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
6463 cur_params.power_mode) ||
6464 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
6465 cur_params.dot11MeshAwakeWindowDuration) ||
6466 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
6467 cur_params.plink_timeout) ||
6468 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
6469 cur_params.dot11MeshConnectedToMeshGate))
6470 goto nla_put_failure;
6471 nla_nest_end(msg, pinfoattr);
6472 genlmsg_end(msg, hdr);
6473 return genlmsg_reply(msg, info);
6474
6475 nla_put_failure:
6476 out:
6477 nlmsg_free(msg);
6478 return -ENOBUFS;
6479}
6480
6481static const struct nla_policy
6482nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
6483 [NL80211_MESHCONF_RETRY_TIMEOUT] =
6484 NLA_POLICY_RANGE(NLA_U16, 1, 255),
6485 [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
6486 NLA_POLICY_RANGE(NLA_U16, 1, 255),
6487 [NL80211_MESHCONF_HOLDING_TIMEOUT] =
6488 NLA_POLICY_RANGE(NLA_U16, 1, 255),
6489 [NL80211_MESHCONF_MAX_PEER_LINKS] =
6490 NLA_POLICY_RANGE(NLA_U16, 0, 255),
6491 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
6492 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6493 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6494 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
6495 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
6496 NLA_POLICY_RANGE(NLA_U32, 1, 255),
6497 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
6498 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
6499 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
6500 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
6501 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
6502 NLA_POLICY_MIN(NLA_U16, 1),
6503 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
6504 NLA_POLICY_MIN(NLA_U16, 1),
6505 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
6506 NLA_POLICY_MIN(NLA_U16, 1),
6507 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
6508 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
6509 NLA_POLICY_MIN(NLA_U16, 1),
6510 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
6511 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
6512 [NL80211_MESHCONF_RSSI_THRESHOLD] =
6513 NLA_POLICY_RANGE(NLA_S32, -255, 0),
6514 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
6515 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
6516 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
6517 NLA_POLICY_MIN(NLA_U16, 1),
6518 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
6519 NLA_POLICY_MIN(NLA_U16, 1),
6520 [NL80211_MESHCONF_POWER_MODE] =
6521 NLA_POLICY_RANGE(NLA_U32,
6522 NL80211_MESH_POWER_ACTIVE,
6523 NL80211_MESH_POWER_MAX),
6524 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
6525 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
6526 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
6527};
6528
6529static const struct nla_policy
6530 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
6531 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
6532 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
6533 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
6534 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
6535 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
6536 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
6537 [NL80211_MESH_SETUP_IE] =
6538 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
6539 IEEE80211_MAX_DATA_LEN),
6540 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
6541};
6542
6543static int nl80211_parse_mesh_config(struct genl_info *info,
6544 struct mesh_config *cfg,
6545 u32 *mask_out)
6546{
6547 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
6548 u32 mask = 0;
6549 u16 ht_opmode;
6550
6551#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
6552do { \
6553 if (tb[attr]) { \
6554 cfg->param = fn(tb[attr]); \
6555 mask |= BIT((attr) - 1); \
6556 } \
6557} while (0)
6558
6559 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
6560 return -EINVAL;
6561 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
6562 return -EINVAL;
6563
6564
6565
6566 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
6567
6568
6569 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
6570 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
6571 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
6572 NL80211_MESHCONF_CONFIRM_TIMEOUT,
6573 nla_get_u16);
6574 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
6575 NL80211_MESHCONF_HOLDING_TIMEOUT,
6576 nla_get_u16);
6577 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
6578 NL80211_MESHCONF_MAX_PEER_LINKS,
6579 nla_get_u16);
6580 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
6581 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
6582 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
6583 NL80211_MESHCONF_TTL, nla_get_u8);
6584 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
6585 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
6586 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
6587 NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6588 nla_get_u8);
6589 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
6590 mask,
6591 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6592 nla_get_u32);
6593 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
6594 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6595 nla_get_u8);
6596 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
6597 NL80211_MESHCONF_PATH_REFRESH_TIME,
6598 nla_get_u32);
6599 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
6600 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
6601 return -EINVAL;
6602 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
6603 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6604 nla_get_u16);
6605 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6606 mask,
6607 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6608 nla_get_u32);
6609 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
6610 (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
6611 cfg->dot11MeshHWMPactivePathTimeout > 65535))
6612 return -EINVAL;
6613 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
6614 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6615 nla_get_u16);
6616 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
6617 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6618 nla_get_u16);
6619 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6620 dot11MeshHWMPnetDiameterTraversalTime, mask,
6621 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6622 nla_get_u16);
6623 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
6624 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
6625 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
6626 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6627 nla_get_u16);
6628 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
6629 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6630 nla_get_u8);
6631 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
6632 NL80211_MESHCONF_FORWARDING, nla_get_u8);
6633 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
6634 NL80211_MESHCONF_RSSI_THRESHOLD,
6635 nla_get_s32);
6636 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
6637 NL80211_MESHCONF_CONNECTED_TO_GATE,
6638 nla_get_u8);
6639
6640
6641
6642
6643 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
6644 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
6645
6646 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
6647 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
6648 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6649 return -EINVAL;
6650
6651
6652 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
6653
6654 cfg->ht_opmode = ht_opmode;
6655 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6656 }
6657 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6658 dot11MeshHWMPactivePathToRootTimeout, mask,
6659 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6660 nla_get_u32);
6661 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
6662 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
6663 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
6664 return -EINVAL;
6665 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
6666 NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6667 nla_get_u16);
6668 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
6669 mask,
6670 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6671 nla_get_u16);
6672 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
6673 NL80211_MESHCONF_POWER_MODE, nla_get_u32);
6674 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
6675 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
6676 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
6677 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
6678 if (mask_out)
6679 *mask_out = mask;
6680
6681 return 0;
6682
6683#undef FILL_IN_MESH_PARAM_IF_SET
6684}
6685
6686static int nl80211_parse_mesh_setup(struct genl_info *info,
6687 struct mesh_setup *setup)
6688{
6689 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6690 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6691
6692 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6693 return -EINVAL;
6694 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
6695 return -EINVAL;
6696
6697 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6698 setup->sync_method =
6699 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6700 IEEE80211_SYNC_METHOD_VENDOR :
6701 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6702
6703 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6704 setup->path_sel_proto =
6705 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6706 IEEE80211_PATH_PROTOCOL_VENDOR :
6707 IEEE80211_PATH_PROTOCOL_HWMP;
6708
6709 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6710 setup->path_metric =
6711 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6712 IEEE80211_PATH_METRIC_VENDOR :
6713 IEEE80211_PATH_METRIC_AIRTIME;
6714
6715 if (tb[NL80211_MESH_SETUP_IE]) {
6716 struct nlattr *ieattr =
6717 tb[NL80211_MESH_SETUP_IE];
6718 setup->ie = nla_data(ieattr);
6719 setup->ie_len = nla_len(ieattr);
6720 }
6721 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6722 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6723 return -EINVAL;
6724 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6725 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6726 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6727 if (setup->is_secure)
6728 setup->user_mpm = true;
6729
6730 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6731 if (!setup->user_mpm)
6732 return -EINVAL;
6733 setup->auth_id =
6734 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6735 }
6736
6737 return 0;
6738}
6739
6740static int nl80211_update_mesh_config(struct sk_buff *skb,
6741 struct genl_info *info)
6742{
6743 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6744 struct net_device *dev = info->user_ptr[1];
6745 struct wireless_dev *wdev = dev->ieee80211_ptr;
6746 struct mesh_config cfg;
6747 u32 mask;
6748 int err;
6749
6750 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6751 return -EOPNOTSUPP;
6752
6753 if (!rdev->ops->update_mesh_config)
6754 return -EOPNOTSUPP;
6755
6756 err = nl80211_parse_mesh_config(info, &cfg, &mask);
6757 if (err)
6758 return err;
6759
6760 wdev_lock(wdev);
6761 if (!wdev->mesh_id_len)
6762 err = -ENOLINK;
6763
6764 if (!err)
6765 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6766
6767 wdev_unlock(wdev);
6768
6769 return err;
6770}
6771
6772static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6773 struct sk_buff *msg)
6774{
6775 struct nlattr *nl_reg_rules;
6776 unsigned int i;
6777
6778 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6779 (regdom->dfs_region &&
6780 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6781 goto nla_put_failure;
6782
6783 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
6784 if (!nl_reg_rules)
6785 goto nla_put_failure;
6786
6787 for (i = 0; i < regdom->n_reg_rules; i++) {
6788 struct nlattr *nl_reg_rule;
6789 const struct ieee80211_reg_rule *reg_rule;
6790 const struct ieee80211_freq_range *freq_range;
6791 const struct ieee80211_power_rule *power_rule;
6792 unsigned int max_bandwidth_khz;
6793
6794 reg_rule = ®dom->reg_rules[i];
6795 freq_range = ®_rule->freq_range;
6796 power_rule = ®_rule->power_rule;
6797
6798 nl_reg_rule = nla_nest_start_noflag(msg, i);
6799 if (!nl_reg_rule)
6800 goto nla_put_failure;
6801
6802 max_bandwidth_khz = freq_range->max_bandwidth_khz;
6803 if (!max_bandwidth_khz)
6804 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6805 reg_rule);
6806
6807 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6808 reg_rule->flags) ||
6809 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6810 freq_range->start_freq_khz) ||
6811 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6812 freq_range->end_freq_khz) ||
6813 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6814 max_bandwidth_khz) ||
6815 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6816 power_rule->max_antenna_gain) ||
6817 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6818 power_rule->max_eirp) ||
6819 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6820 reg_rule->dfs_cac_ms))
6821 goto nla_put_failure;
6822
6823 nla_nest_end(msg, nl_reg_rule);
6824 }
6825
6826 nla_nest_end(msg, nl_reg_rules);
6827 return 0;
6828
6829nla_put_failure:
6830 return -EMSGSIZE;
6831}
6832
6833static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
6834{
6835 const struct ieee80211_regdomain *regdom = NULL;
6836 struct cfg80211_registered_device *rdev;
6837 struct wiphy *wiphy = NULL;
6838 struct sk_buff *msg;
6839 void *hdr;
6840
6841 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6842 if (!msg)
6843 return -ENOBUFS;
6844
6845 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6846 NL80211_CMD_GET_REG);
6847 if (!hdr)
6848 goto put_failure;
6849
6850 if (info->attrs[NL80211_ATTR_WIPHY]) {
6851 bool self_managed;
6852
6853 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
6854 if (IS_ERR(rdev)) {
6855 nlmsg_free(msg);
6856 return PTR_ERR(rdev);
6857 }
6858
6859 wiphy = &rdev->wiphy;
6860 self_managed = wiphy->regulatory_flags &
6861 REGULATORY_WIPHY_SELF_MANAGED;
6862 regdom = get_wiphy_regdom(wiphy);
6863
6864
6865 if (WARN_ON(!regdom && self_managed)) {
6866 nlmsg_free(msg);
6867 return -EINVAL;
6868 }
6869
6870 if (regdom &&
6871 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6872 goto nla_put_failure;
6873 }
6874
6875 if (!wiphy && reg_last_request_cell_base() &&
6876 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6877 NL80211_USER_REG_HINT_CELL_BASE))
6878 goto nla_put_failure;
6879
6880 rcu_read_lock();
6881
6882 if (!regdom)
6883 regdom = rcu_dereference(cfg80211_regdomain);
6884
6885 if (nl80211_put_regdom(regdom, msg))
6886 goto nla_put_failure_rcu;
6887
6888 rcu_read_unlock();
6889
6890 genlmsg_end(msg, hdr);
6891 return genlmsg_reply(msg, info);
6892
6893nla_put_failure_rcu:
6894 rcu_read_unlock();
6895nla_put_failure:
6896put_failure:
6897 nlmsg_free(msg);
6898 return -EMSGSIZE;
6899}
6900
6901static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
6902 u32 seq, int flags, struct wiphy *wiphy,
6903 const struct ieee80211_regdomain *regdom)
6904{
6905 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6906 NL80211_CMD_GET_REG);
6907
6908 if (!hdr)
6909 return -1;
6910
6911 genl_dump_check_consistent(cb, hdr);
6912
6913 if (nl80211_put_regdom(regdom, msg))
6914 goto nla_put_failure;
6915
6916 if (!wiphy && reg_last_request_cell_base() &&
6917 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6918 NL80211_USER_REG_HINT_CELL_BASE))
6919 goto nla_put_failure;
6920
6921 if (wiphy &&
6922 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6923 goto nla_put_failure;
6924
6925 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
6926 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
6927 goto nla_put_failure;
6928
6929 genlmsg_end(msg, hdr);
6930 return 0;
6931
6932nla_put_failure:
6933 genlmsg_cancel(msg, hdr);
6934 return -EMSGSIZE;
6935}
6936
6937static int nl80211_get_reg_dump(struct sk_buff *skb,
6938 struct netlink_callback *cb)
6939{
6940 const struct ieee80211_regdomain *regdom = NULL;
6941 struct cfg80211_registered_device *rdev;
6942 int err, reg_idx, start = cb->args[2];
6943
6944 rtnl_lock();
6945
6946 if (cfg80211_regdomain && start == 0) {
6947 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6948 NLM_F_MULTI, NULL,
6949 rtnl_dereference(cfg80211_regdomain));
6950 if (err < 0)
6951 goto out_err;
6952 }
6953
6954
6955 reg_idx = 1;
6956 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
6957 regdom = get_wiphy_regdom(&rdev->wiphy);
6958 if (!regdom)
6959 continue;
6960
6961 if (++reg_idx <= start)
6962 continue;
6963
6964 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6965 NLM_F_MULTI, &rdev->wiphy, regdom);
6966 if (err < 0) {
6967 reg_idx--;
6968 break;
6969 }
6970 }
6971
6972 cb->args[2] = reg_idx;
6973 err = skb->len;
6974out_err:
6975 rtnl_unlock();
6976 return err;
6977}
6978
6979#ifdef CONFIG_CFG80211_CRDA_SUPPORT
6980static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
6981 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
6982 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
6983 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
6984 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
6985 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
6986 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
6987 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
6988};
6989
6990static int parse_reg_rule(struct nlattr *tb[],
6991 struct ieee80211_reg_rule *reg_rule)
6992{
6993 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
6994 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
6995
6996 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
6997 return -EINVAL;
6998 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
6999 return -EINVAL;
7000 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
7001 return -EINVAL;
7002 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
7003 return -EINVAL;
7004 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
7005 return -EINVAL;
7006
7007 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
7008
7009 freq_range->start_freq_khz =
7010 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
7011 freq_range->end_freq_khz =
7012 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7013 freq_range->max_bandwidth_khz =
7014 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7015
7016 power_rule->max_eirp =
7017 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7018
7019 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7020 power_rule->max_antenna_gain =
7021 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7022
7023 if (tb[NL80211_ATTR_DFS_CAC_TIME])
7024 reg_rule->dfs_cac_ms =
7025 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7026
7027 return 0;
7028}
7029
7030static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7031{
7032 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7033 struct nlattr *nl_reg_rule;
7034 char *alpha2;
7035 int rem_reg_rules, r;
7036 u32 num_rules = 0, rule_idx = 0;
7037 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7038 struct ieee80211_regdomain *rd;
7039
7040 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7041 return -EINVAL;
7042
7043 if (!info->attrs[NL80211_ATTR_REG_RULES])
7044 return -EINVAL;
7045
7046 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7047
7048 if (info->attrs[NL80211_ATTR_DFS_REGION])
7049 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7050
7051 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7052 rem_reg_rules) {
7053 num_rules++;
7054 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7055 return -EINVAL;
7056 }
7057
7058 if (!reg_is_valid_request(alpha2))
7059 return -EINVAL;
7060
7061 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7062 if (!rd)
7063 return -ENOMEM;
7064
7065 rd->n_reg_rules = num_rules;
7066 rd->alpha2[0] = alpha2[0];
7067 rd->alpha2[1] = alpha2[1];
7068
7069
7070
7071
7072
7073 if (reg_supported_dfs_region(dfs_region))
7074 rd->dfs_region = dfs_region;
7075
7076 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7077 rem_reg_rules) {
7078 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7079 nl_reg_rule, reg_rule_policy,
7080 info->extack);
7081 if (r)
7082 goto bad_reg;
7083 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
7084 if (r)
7085 goto bad_reg;
7086
7087 rule_idx++;
7088
7089 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
7090 r = -EINVAL;
7091 goto bad_reg;
7092 }
7093 }
7094
7095
7096 return set_regdom(rd, REGD_SOURCE_CRDA);
7097 bad_reg:
7098 kfree(rd);
7099 return r;
7100}
7101#endif
7102
7103static int validate_scan_freqs(struct nlattr *freqs)
7104{
7105 struct nlattr *attr1, *attr2;
7106 int n_channels = 0, tmp1, tmp2;
7107
7108 nla_for_each_nested(attr1, freqs, tmp1)
7109 if (nla_len(attr1) != sizeof(u32))
7110 return 0;
7111
7112 nla_for_each_nested(attr1, freqs, tmp1) {
7113 n_channels++;
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123 nla_for_each_nested(attr2, freqs, tmp2)
7124 if (attr1 != attr2 &&
7125 nla_get_u32(attr1) == nla_get_u32(attr2))
7126 return 0;
7127 }
7128
7129 return n_channels;
7130}
7131
7132static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
7133{
7134 return b < NUM_NL80211_BANDS && wiphy->bands[b];
7135}
7136
7137static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
7138 struct cfg80211_bss_selection *bss_select)
7139{
7140 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
7141 struct nlattr *nest;
7142 int err;
7143 bool found = false;
7144 int i;
7145
7146
7147 nest = nla_data(nla);
7148 if (!nla_ok(nest, nla_len(nest)))
7149 return -EINVAL;
7150
7151 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
7152 nest, nl80211_bss_select_policy,
7153 NULL);
7154 if (err)
7155 return err;
7156
7157
7158 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
7159 if (attr[i]) {
7160 if (found)
7161 return -EINVAL;
7162 found = true;
7163 }
7164 }
7165
7166 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
7167
7168 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
7169 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
7170
7171 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
7172 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
7173 bss_select->param.band_pref =
7174 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
7175 if (!is_band_valid(wiphy, bss_select->param.band_pref))
7176 return -EINVAL;
7177 }
7178
7179 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
7180 struct nl80211_bss_select_rssi_adjust *adj_param;
7181
7182 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
7183 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
7184 bss_select->param.adjust.band = adj_param->band;
7185 bss_select->param.adjust.delta = adj_param->delta;
7186 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
7187 return -EINVAL;
7188 }
7189
7190
7191 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
7192 return -EINVAL;
7193
7194 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
7195 return -EINVAL;
7196
7197 return 0;
7198}
7199
7200int nl80211_parse_random_mac(struct nlattr **attrs,
7201 u8 *mac_addr, u8 *mac_addr_mask)
7202{
7203 int i;
7204
7205 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
7206 eth_zero_addr(mac_addr);
7207 eth_zero_addr(mac_addr_mask);
7208 mac_addr[0] = 0x2;
7209 mac_addr_mask[0] = 0x3;
7210
7211 return 0;
7212 }
7213
7214
7215 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
7216 return -EINVAL;
7217
7218 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
7219 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
7220
7221
7222 if (!is_multicast_ether_addr(mac_addr_mask) ||
7223 is_multicast_ether_addr(mac_addr))
7224 return -EINVAL;
7225
7226
7227
7228
7229
7230
7231 for (i = 0; i < ETH_ALEN; i++)
7232 mac_addr[i] &= mac_addr_mask[i];
7233
7234 return 0;
7235}
7236
7237static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
7238{
7239 ASSERT_WDEV_LOCK(wdev);
7240
7241 if (!cfg80211_beaconing_iface_active(wdev))
7242 return true;
7243
7244 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
7245 return true;
7246
7247 return regulatory_pre_cac_allowed(wdev->wiphy);
7248}
7249
7250static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
7251 enum nl80211_ext_feature_index feat)
7252{
7253 if (!(flags & flag))
7254 return true;
7255 if (wiphy_ext_feature_isset(wiphy, feat))
7256 return true;
7257 return false;
7258}
7259
7260static int
7261nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
7262 void *request, struct nlattr **attrs,
7263 bool is_sched_scan)
7264{
7265 u8 *mac_addr, *mac_addr_mask;
7266 u32 *flags;
7267 enum nl80211_feature_flags randomness_flag;
7268
7269 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
7270 return 0;
7271
7272 if (is_sched_scan) {
7273 struct cfg80211_sched_scan_request *req = request;
7274
7275 randomness_flag = wdev ?
7276 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
7277 NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7278 flags = &req->flags;
7279 mac_addr = req->mac_addr;
7280 mac_addr_mask = req->mac_addr_mask;
7281 } else {
7282 struct cfg80211_scan_request *req = request;
7283
7284 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
7285 flags = &req->flags;
7286 mac_addr = req->mac_addr;
7287 mac_addr_mask = req->mac_addr_mask;
7288 }
7289
7290 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
7291
7292 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7293 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
7294 !nl80211_check_scan_feat(wiphy, *flags,
7295 NL80211_SCAN_FLAG_LOW_SPAN,
7296 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
7297 !nl80211_check_scan_feat(wiphy, *flags,
7298 NL80211_SCAN_FLAG_LOW_POWER,
7299 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
7300 !nl80211_check_scan_feat(wiphy, *flags,
7301 NL80211_SCAN_FLAG_HIGH_ACCURACY,
7302 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
7303 !nl80211_check_scan_feat(wiphy, *flags,
7304 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
7305 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
7306 !nl80211_check_scan_feat(wiphy, *flags,
7307 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
7308 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
7309 !nl80211_check_scan_feat(wiphy, *flags,
7310 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
7311 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
7312 !nl80211_check_scan_feat(wiphy, *flags,
7313 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
7314 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
7315 !nl80211_check_scan_feat(wiphy, *flags,
7316 NL80211_SCAN_FLAG_RANDOM_SN,
7317 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
7318 !nl80211_check_scan_feat(wiphy, *flags,
7319 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
7320 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
7321 return -EOPNOTSUPP;
7322
7323 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7324 int err;
7325
7326 if (!(wiphy->features & randomness_flag) ||
7327 (wdev && wdev->current_bss))
7328 return -EOPNOTSUPP;
7329
7330 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
7331 if (err)
7332 return err;
7333 }
7334
7335 return 0;
7336}
7337
7338static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
7339{
7340 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7341 struct wireless_dev *wdev = info->user_ptr[1];
7342 struct cfg80211_scan_request *request;
7343 struct nlattr *attr;
7344 struct wiphy *wiphy;
7345 int err, tmp, n_ssids = 0, n_channels, i;
7346 size_t ie_len;
7347
7348 wiphy = &rdev->wiphy;
7349
7350 if (wdev->iftype == NL80211_IFTYPE_NAN)
7351 return -EOPNOTSUPP;
7352
7353 if (!rdev->ops->scan)
7354 return -EOPNOTSUPP;
7355
7356 if (rdev->scan_req || rdev->scan_msg) {
7357 err = -EBUSY;
7358 goto unlock;
7359 }
7360
7361 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7362 n_channels = validate_scan_freqs(
7363 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7364 if (!n_channels) {
7365 err = -EINVAL;
7366 goto unlock;
7367 }
7368 } else {
7369 n_channels = ieee80211_get_num_supported_channels(wiphy);
7370 }
7371
7372 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
7373 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
7374 n_ssids++;
7375
7376 if (n_ssids > wiphy->max_scan_ssids) {
7377 err = -EINVAL;
7378 goto unlock;
7379 }
7380
7381 if (info->attrs[NL80211_ATTR_IE])
7382 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7383 else
7384 ie_len = 0;
7385
7386 if (ie_len > wiphy->max_scan_ie_len) {
7387 err = -EINVAL;
7388 goto unlock;
7389 }
7390
7391 request = kzalloc(sizeof(*request)
7392 + sizeof(*request->ssids) * n_ssids
7393 + sizeof(*request->channels) * n_channels
7394 + ie_len, GFP_KERNEL);
7395 if (!request) {
7396 err = -ENOMEM;
7397 goto unlock;
7398 }
7399
7400 if (n_ssids)
7401 request->ssids = (void *)&request->channels[n_channels];
7402 request->n_ssids = n_ssids;
7403 if (ie_len) {
7404 if (n_ssids)
7405 request->ie = (void *)(request->ssids + n_ssids);
7406 else
7407 request->ie = (void *)(request->channels + n_channels);
7408 }
7409
7410 i = 0;
7411 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7412
7413 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
7414 struct ieee80211_channel *chan;
7415
7416 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7417
7418 if (!chan) {
7419 err = -EINVAL;
7420 goto out_free;
7421 }
7422
7423
7424 if (chan->flags & IEEE80211_CHAN_DISABLED)
7425 continue;
7426
7427 request->channels[i] = chan;
7428 i++;
7429 }
7430 } else {
7431 enum nl80211_band band;
7432
7433
7434 for (band = 0; band < NUM_NL80211_BANDS; band++) {
7435 int j;
7436
7437 if (!wiphy->bands[band])
7438 continue;
7439 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7440 struct ieee80211_channel *chan;
7441
7442 chan = &wiphy->bands[band]->channels[j];
7443
7444 if (chan->flags & IEEE80211_CHAN_DISABLED)
7445 continue;
7446
7447 request->channels[i] = chan;
7448 i++;
7449 }
7450 }
7451 }
7452
7453 if (!i) {
7454 err = -EINVAL;
7455 goto out_free;
7456 }
7457
7458 request->n_channels = i;
7459
7460 wdev_lock(wdev);
7461 if (!cfg80211_off_channel_oper_allowed(wdev)) {
7462 struct ieee80211_channel *chan;
7463
7464 if (request->n_channels != 1) {
7465 wdev_unlock(wdev);
7466 err = -EBUSY;
7467 goto out_free;
7468 }
7469
7470 chan = request->channels[0];
7471 if (chan->center_freq != wdev->chandef.chan->center_freq) {
7472 wdev_unlock(wdev);
7473 err = -EBUSY;
7474 goto out_free;
7475 }
7476 }
7477 wdev_unlock(wdev);
7478
7479 i = 0;
7480 if (n_ssids) {
7481 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
7482 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7483 err = -EINVAL;
7484 goto out_free;
7485 }
7486 request->ssids[i].ssid_len = nla_len(attr);
7487 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
7488 i++;
7489 }
7490 }
7491
7492 if (info->attrs[NL80211_ATTR_IE]) {
7493 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7494 memcpy((void *)request->ie,
7495 nla_data(info->attrs[NL80211_ATTR_IE]),
7496 request->ie_len);
7497 }
7498
7499 for (i = 0; i < NUM_NL80211_BANDS; i++)
7500 if (wiphy->bands[i])
7501 request->rates[i] =
7502 (1 << wiphy->bands[i]->n_bitrates) - 1;
7503
7504 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
7505 nla_for_each_nested(attr,
7506 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
7507 tmp) {
7508 enum nl80211_band band = nla_type(attr);
7509
7510 if (band < 0 || band >= NUM_NL80211_BANDS) {
7511 err = -EINVAL;
7512 goto out_free;
7513 }
7514
7515 if (!wiphy->bands[band])
7516 continue;
7517
7518 err = ieee80211_get_ratemask(wiphy->bands[band],
7519 nla_data(attr),
7520 nla_len(attr),
7521 &request->rates[band]);
7522 if (err)
7523 goto out_free;
7524 }
7525 }
7526
7527 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
7528 if (!wiphy_ext_feature_isset(wiphy,
7529 NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
7530 err = -EOPNOTSUPP;
7531 goto out_free;
7532 }
7533
7534 request->duration =
7535 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
7536 request->duration_mandatory =
7537 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
7538 }
7539
7540 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
7541 false);
7542 if (err)
7543 goto out_free;
7544
7545 request->no_cck =
7546 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7547
7548
7549
7550
7551
7552
7553
7554
7555
7556
7557 if (info->attrs[NL80211_ATTR_BSSID])
7558 memcpy(request->bssid,
7559 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
7560 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
7561 info->attrs[NL80211_ATTR_MAC])
7562 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
7563 ETH_ALEN);
7564 else
7565 eth_broadcast_addr(request->bssid);
7566
7567 request->wdev = wdev;
7568 request->wiphy = &rdev->wiphy;
7569 request->scan_start = jiffies;
7570
7571 rdev->scan_req = request;
7572 err = rdev_scan(rdev, request);
7573
7574 if (!err) {
7575 nl80211_send_scan_start(rdev, wdev);
7576 if (wdev->netdev)
7577 dev_hold(wdev->netdev);
7578 } else {
7579 out_free:
7580 rdev->scan_req = NULL;
7581 kfree(request);
7582 }
7583
7584 unlock:
7585 return err;
7586}
7587
7588static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
7589{
7590 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7591 struct wireless_dev *wdev = info->user_ptr[1];
7592
7593 if (!rdev->ops->abort_scan)
7594 return -EOPNOTSUPP;
7595
7596 if (rdev->scan_msg)
7597 return 0;
7598
7599 if (!rdev->scan_req)
7600 return -ENOENT;
7601
7602 rdev_abort_scan(rdev, wdev);
7603 return 0;
7604}
7605
7606static int
7607nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
7608 struct cfg80211_sched_scan_request *request,
7609 struct nlattr **attrs)
7610{
7611 int tmp, err, i = 0;
7612 struct nlattr *attr;
7613
7614 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7615 u32 interval;
7616
7617
7618
7619
7620
7621
7622
7623 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
7624 if (!interval)
7625 return -EINVAL;
7626
7627 request->scan_plans[0].interval =
7628 DIV_ROUND_UP(interval, MSEC_PER_SEC);
7629 if (!request->scan_plans[0].interval)
7630 return -EINVAL;
7631
7632 if (request->scan_plans[0].interval >
7633 wiphy->max_sched_scan_plan_interval)
7634 request->scan_plans[0].interval =
7635 wiphy->max_sched_scan_plan_interval;
7636
7637 return 0;
7638 }
7639
7640 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
7641 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
7642
7643 if (WARN_ON(i >= n_plans))
7644 return -EINVAL;
7645
7646 err = nla_parse_nested_deprecated(plan,
7647 NL80211_SCHED_SCAN_PLAN_MAX,
7648 attr, nl80211_plan_policy,
7649 NULL);
7650 if (err)
7651 return err;
7652
7653 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
7654 return -EINVAL;
7655
7656 request->scan_plans[i].interval =
7657 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
7658 if (!request->scan_plans[i].interval ||
7659 request->scan_plans[i].interval >
7660 wiphy->max_sched_scan_plan_interval)
7661 return -EINVAL;
7662
7663 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
7664 request->scan_plans[i].iterations =
7665 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
7666 if (!request->scan_plans[i].iterations ||
7667 (request->scan_plans[i].iterations >
7668 wiphy->max_sched_scan_plan_iterations))
7669 return -EINVAL;
7670 } else if (i < n_plans - 1) {
7671
7672
7673
7674
7675 return -EINVAL;
7676 }
7677
7678 i++;
7679 }
7680
7681
7682
7683
7684
7685 if (request->scan_plans[n_plans - 1].iterations)
7686 return -EINVAL;
7687
7688 return 0;
7689}
7690
7691static int
7692nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
7693 struct cfg80211_match_set *match_sets,
7694 struct nlattr *tb_band_rssi,
7695 s32 rssi_thold)
7696{
7697 struct nlattr *attr;
7698 int i, tmp, ret = 0;
7699
7700 if (!wiphy_ext_feature_isset(wiphy,
7701 NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
7702 if (tb_band_rssi)
7703 ret = -EOPNOTSUPP;
7704 else
7705 for (i = 0; i < NUM_NL80211_BANDS; i++)
7706 match_sets->per_band_rssi_thold[i] =
7707 NL80211_SCAN_RSSI_THOLD_OFF;
7708 return ret;
7709 }
7710
7711 for (i = 0; i < NUM_NL80211_BANDS; i++)
7712 match_sets->per_band_rssi_thold[i] = rssi_thold;
7713
7714 nla_for_each_nested(attr, tb_band_rssi, tmp) {
7715 enum nl80211_band band = nla_type(attr);
7716
7717 if (band < 0 || band >= NUM_NL80211_BANDS)
7718 return -EINVAL;
7719
7720 match_sets->per_band_rssi_thold[band] = nla_get_s32(attr);
7721 }
7722
7723 return 0;
7724}
7725
7726static struct cfg80211_sched_scan_request *
7727nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
7728 struct nlattr **attrs, int max_match_sets)
7729{
7730 struct cfg80211_sched_scan_request *request;
7731 struct nlattr *attr;
7732 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7733 enum nl80211_band band;
7734 size_t ie_len;
7735 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7736 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7737
7738 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7739 n_channels = validate_scan_freqs(
7740 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7741 if (!n_channels)
7742 return ERR_PTR(-EINVAL);
7743 } else {
7744 n_channels = ieee80211_get_num_supported_channels(wiphy);
7745 }
7746
7747 if (attrs[NL80211_ATTR_SCAN_SSIDS])
7748 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7749 tmp)
7750 n_ssids++;
7751
7752 if (n_ssids > wiphy->max_sched_scan_ssids)
7753 return ERR_PTR(-EINVAL);
7754
7755
7756
7757
7758
7759
7760
7761
7762
7763
7764 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7765 nla_for_each_nested(attr,
7766 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7767 tmp) {
7768 struct nlattr *rssi;
7769
7770 err = nla_parse_nested_deprecated(tb,
7771 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7772 attr,
7773 nl80211_match_policy,
7774 NULL);
7775 if (err)
7776 return ERR_PTR(err);
7777
7778
7779 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7780 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7781 return ERR_PTR(-EINVAL);
7782
7783
7784 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7785 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7786 n_match_sets++;
7787 continue;
7788 }
7789 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7790 if (rssi)
7791 default_match_rssi = nla_get_s32(rssi);
7792 }
7793 }
7794
7795
7796 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7797 n_match_sets = 1;
7798
7799 if (n_match_sets > max_match_sets)
7800 return ERR_PTR(-EINVAL);
7801
7802 if (attrs[NL80211_ATTR_IE])
7803 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7804 else
7805 ie_len = 0;
7806
7807 if (ie_len > wiphy->max_sched_scan_ie_len)
7808 return ERR_PTR(-EINVAL);
7809
7810 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7811
7812
7813
7814
7815 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7816 return ERR_PTR(-EINVAL);
7817
7818 nla_for_each_nested(attr,
7819 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7820 n_plans++;
7821 } else {
7822
7823
7824
7825
7826
7827
7828 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7829 return ERR_PTR(-EINVAL);
7830
7831 n_plans = 1;
7832 }
7833
7834 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
7835 return ERR_PTR(-EINVAL);
7836
7837 if (!wiphy_ext_feature_isset(
7838 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
7839 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
7840 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
7841 return ERR_PTR(-EINVAL);
7842
7843 request = kzalloc(sizeof(*request)
7844 + sizeof(*request->ssids) * n_ssids
7845 + sizeof(*request->match_sets) * n_match_sets
7846 + sizeof(*request->scan_plans) * n_plans
7847 + sizeof(*request->channels) * n_channels
7848 + ie_len, GFP_KERNEL);
7849 if (!request)
7850 return ERR_PTR(-ENOMEM);
7851
7852 if (n_ssids)
7853 request->ssids = (void *)&request->channels[n_channels];
7854 request->n_ssids = n_ssids;
7855 if (ie_len) {
7856 if (n_ssids)
7857 request->ie = (void *)(request->ssids + n_ssids);
7858 else
7859 request->ie = (void *)(request->channels + n_channels);
7860 }
7861
7862 if (n_match_sets) {
7863 if (request->ie)
7864 request->match_sets = (void *)(request->ie + ie_len);
7865 else if (n_ssids)
7866 request->match_sets =
7867 (void *)(request->ssids + n_ssids);
7868 else
7869 request->match_sets =
7870 (void *)(request->channels + n_channels);
7871 }
7872 request->n_match_sets = n_match_sets;
7873
7874 if (n_match_sets)
7875 request->scan_plans = (void *)(request->match_sets +
7876 n_match_sets);
7877 else if (request->ie)
7878 request->scan_plans = (void *)(request->ie + ie_len);
7879 else if (n_ssids)
7880 request->scan_plans = (void *)(request->ssids + n_ssids);
7881 else
7882 request->scan_plans = (void *)(request->channels + n_channels);
7883
7884 request->n_scan_plans = n_plans;
7885
7886 i = 0;
7887 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7888
7889 nla_for_each_nested(attr,
7890 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
7891 tmp) {
7892 struct ieee80211_channel *chan;
7893
7894 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7895
7896 if (!chan) {
7897 err = -EINVAL;
7898 goto out_free;
7899 }
7900
7901
7902 if (chan->flags & IEEE80211_CHAN_DISABLED)
7903 continue;
7904
7905 request->channels[i] = chan;
7906 i++;
7907 }
7908 } else {
7909
7910 for (band = 0; band < NUM_NL80211_BANDS; band++) {
7911 int j;
7912
7913 if (!wiphy->bands[band])
7914 continue;
7915 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7916 struct ieee80211_channel *chan;
7917
7918 chan = &wiphy->bands[band]->channels[j];
7919
7920 if (chan->flags & IEEE80211_CHAN_DISABLED)
7921 continue;
7922
7923 request->channels[i] = chan;
7924 i++;
7925 }
7926 }
7927 }
7928
7929 if (!i) {
7930 err = -EINVAL;
7931 goto out_free;
7932 }
7933
7934 request->n_channels = i;
7935
7936 i = 0;
7937 if (n_ssids) {
7938 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7939 tmp) {
7940 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7941 err = -EINVAL;
7942 goto out_free;
7943 }
7944 request->ssids[i].ssid_len = nla_len(attr);
7945 memcpy(request->ssids[i].ssid, nla_data(attr),
7946 nla_len(attr));
7947 i++;
7948 }
7949 }
7950
7951 i = 0;
7952 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7953 nla_for_each_nested(attr,
7954 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7955 tmp) {
7956 struct nlattr *ssid, *bssid, *rssi;
7957
7958 err = nla_parse_nested_deprecated(tb,
7959 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7960 attr,
7961 nl80211_match_policy,
7962 NULL);
7963 if (err)
7964 goto out_free;
7965 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
7966 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
7967
7968 if (!ssid && !bssid) {
7969 i++;
7970 continue;
7971 }
7972
7973 if (WARN_ON(i >= n_match_sets)) {
7974
7975
7976
7977
7978 err = -EINVAL;
7979 goto out_free;
7980 }
7981
7982 if (ssid) {
7983 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
7984 err = -EINVAL;
7985 goto out_free;
7986 }
7987 memcpy(request->match_sets[i].ssid.ssid,
7988 nla_data(ssid), nla_len(ssid));
7989 request->match_sets[i].ssid.ssid_len =
7990 nla_len(ssid);
7991 }
7992 if (bssid) {
7993 if (nla_len(bssid) != ETH_ALEN) {
7994 err = -EINVAL;
7995 goto out_free;
7996 }
7997 memcpy(request->match_sets[i].bssid,
7998 nla_data(bssid), ETH_ALEN);
7999 }
8000
8001
8002 request->match_sets[i].rssi_thold = default_match_rssi;
8003 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8004 if (rssi)
8005 request->match_sets[i].rssi_thold =
8006 nla_get_s32(rssi);
8007
8008
8009 err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
8010 &request->match_sets[i],
8011 tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
8012 request->match_sets[i].rssi_thold);
8013 if (err)
8014 goto out_free;
8015
8016 i++;
8017 }
8018
8019
8020 if (i == 0 && n_match_sets)
8021 request->match_sets[0].rssi_thold = default_match_rssi;
8022
8023 request->min_rssi_thold = INT_MAX;
8024 for (i = 0; i < n_match_sets; i++)
8025 request->min_rssi_thold =
8026 min(request->match_sets[i].rssi_thold,
8027 request->min_rssi_thold);
8028 } else {
8029 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8030 }
8031
8032 if (ie_len) {
8033 request->ie_len = ie_len;
8034 memcpy((void *)request->ie,
8035 nla_data(attrs[NL80211_ATTR_IE]),
8036 request->ie_len);
8037 }
8038
8039 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8040 if (err)
8041 goto out_free;
8042
8043 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8044 request->delay =
8045 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8046
8047 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8048 request->relative_rssi = nla_get_s8(
8049 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8050 request->relative_rssi_set = true;
8051 }
8052
8053 if (request->relative_rssi_set &&
8054 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8055 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8056
8057 rssi_adjust = nla_data(
8058 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8059 request->rssi_adjust.band = rssi_adjust->band;
8060 request->rssi_adjust.delta = rssi_adjust->delta;
8061 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8062 err = -EINVAL;
8063 goto out_free;
8064 }
8065 }
8066
8067 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8068 if (err)
8069 goto out_free;
8070
8071 request->scan_start = jiffies;
8072
8073 return request;
8074
8075out_free:
8076 kfree(request);
8077 return ERR_PTR(err);
8078}
8079
8080static int nl80211_start_sched_scan(struct sk_buff *skb,
8081 struct genl_info *info)
8082{
8083 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8084 struct net_device *dev = info->user_ptr[1];
8085 struct wireless_dev *wdev = dev->ieee80211_ptr;
8086 struct cfg80211_sched_scan_request *sched_scan_req;
8087 bool want_multi;
8088 int err;
8089
8090 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8091 return -EOPNOTSUPP;
8092
8093 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
8094 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
8095 if (err)
8096 return err;
8097
8098 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
8099 info->attrs,
8100 rdev->wiphy.max_match_sets);
8101
8102 err = PTR_ERR_OR_ZERO(sched_scan_req);
8103 if (err)
8104 goto out_err;
8105
8106
8107
8108
8109 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
8110 while (!sched_scan_req->reqid)
8111 sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
8112 }
8113
8114 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
8115 if (err)
8116 goto out_free;
8117
8118 sched_scan_req->dev = dev;
8119 sched_scan_req->wiphy = &rdev->wiphy;
8120
8121 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
8122 sched_scan_req->owner_nlportid = info->snd_portid;
8123
8124 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
8125
8126 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
8127 return 0;
8128
8129out_free:
8130 kfree(sched_scan_req);
8131out_err:
8132 return err;
8133}
8134
8135static int nl80211_stop_sched_scan(struct sk_buff *skb,
8136 struct genl_info *info)
8137{
8138 struct cfg80211_sched_scan_request *req;
8139 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8140 u64 cookie;
8141
8142 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
8143 return -EOPNOTSUPP;
8144
8145 if (info->attrs[NL80211_ATTR_COOKIE]) {
8146 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8147 return __cfg80211_stop_sched_scan(rdev, cookie, false);
8148 }
8149
8150 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
8151 struct cfg80211_sched_scan_request,
8152 list);
8153 if (!req || req->reqid ||
8154 (req->owner_nlportid &&
8155 req->owner_nlportid != info->snd_portid))
8156 return -ENOENT;
8157
8158 return cfg80211_stop_sched_scan_req(rdev, req, false);
8159}
8160
8161static int nl80211_start_radar_detection(struct sk_buff *skb,
8162 struct genl_info *info)
8163{
8164 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8165 struct net_device *dev = info->user_ptr[1];
8166 struct wireless_dev *wdev = dev->ieee80211_ptr;
8167 struct wiphy *wiphy = wdev->wiphy;
8168 struct cfg80211_chan_def chandef;
8169 enum nl80211_dfs_regions dfs_region;
8170 unsigned int cac_time_ms;
8171 int err;
8172
8173 dfs_region = reg_get_dfs_region(wiphy);
8174 if (dfs_region == NL80211_DFS_UNSET)
8175 return -EINVAL;
8176
8177 err = nl80211_parse_chandef(rdev, info, &chandef);
8178 if (err)
8179 return err;
8180
8181 if (netif_carrier_ok(dev))
8182 return -EBUSY;
8183
8184 if (wdev->cac_started)
8185 return -EBUSY;
8186
8187 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8188 if (err < 0)
8189 return err;
8190
8191 if (err == 0)
8192 return -EINVAL;
8193
8194 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
8195 return -EINVAL;
8196
8197
8198 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
8199 return -EOPNOTSUPP;
8200
8201 if (!rdev->ops->start_radar_detection)
8202 return -EOPNOTSUPP;
8203
8204 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
8205 if (WARN_ON(!cac_time_ms))
8206 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
8207
8208 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
8209 if (!err) {
8210 wdev->chandef = chandef;
8211 wdev->cac_started = true;
8212 wdev->cac_start_time = jiffies;
8213 wdev->cac_time_ms = cac_time_ms;
8214 }
8215 return err;
8216}
8217
8218static int nl80211_notify_radar_detection(struct sk_buff *skb,
8219 struct genl_info *info)
8220{
8221 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8222 struct net_device *dev = info->user_ptr[1];
8223 struct wireless_dev *wdev = dev->ieee80211_ptr;
8224 struct wiphy *wiphy = wdev->wiphy;
8225 struct cfg80211_chan_def chandef;
8226 enum nl80211_dfs_regions dfs_region;
8227 int err;
8228
8229 dfs_region = reg_get_dfs_region(wiphy);
8230 if (dfs_region == NL80211_DFS_UNSET) {
8231 GENL_SET_ERR_MSG(info,
8232 "DFS Region is not set. Unexpected Radar indication");
8233 return -EINVAL;
8234 }
8235
8236 err = nl80211_parse_chandef(rdev, info, &chandef);
8237 if (err) {
8238 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
8239 return err;
8240 }
8241
8242 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8243 if (err < 0) {
8244 GENL_SET_ERR_MSG(info, "chandef is invalid");
8245 return err;
8246 }
8247
8248 if (err == 0) {
8249 GENL_SET_ERR_MSG(info,
8250 "Unexpected Radar indication for chandef/iftype");
8251 return -EINVAL;
8252 }
8253
8254
8255
8256
8257 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
8258 return 0;
8259
8260 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
8261
8262 cfg80211_sched_dfs_chan_update(rdev);
8263
8264 rdev->radar_chandef = chandef;
8265
8266
8267 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
8268
8269 return 0;
8270}
8271
8272static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
8273{
8274 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8275 struct net_device *dev = info->user_ptr[1];
8276 struct wireless_dev *wdev = dev->ieee80211_ptr;
8277 struct cfg80211_csa_settings params;
8278
8279
8280
8281 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
8282 int err;
8283 bool need_new_beacon = false;
8284 bool need_handle_dfs_flag = true;
8285 int len, i;
8286 u32 cs_count;
8287
8288 if (!rdev->ops->channel_switch ||
8289 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
8290 return -EOPNOTSUPP;
8291
8292 switch (dev->ieee80211_ptr->iftype) {
8293 case NL80211_IFTYPE_AP:
8294 case NL80211_IFTYPE_P2P_GO:
8295 need_new_beacon = true;
8296
8297
8298
8299
8300
8301 need_handle_dfs_flag = false;
8302
8303
8304 if (!wdev->beacon_interval)
8305 return -ENOTCONN;
8306 break;
8307 case NL80211_IFTYPE_ADHOC:
8308 if (!wdev->ssid_len)
8309 return -ENOTCONN;
8310 break;
8311 case NL80211_IFTYPE_MESH_POINT:
8312 if (!wdev->mesh_id_len)
8313 return -ENOTCONN;
8314 break;
8315 default:
8316 return -EOPNOTSUPP;
8317 }
8318
8319 memset(¶ms, 0, sizeof(params));
8320 params.beacon_csa.ftm_responder = -1;
8321
8322 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8323 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
8324 return -EINVAL;
8325
8326
8327 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
8328 return -EINVAL;
8329
8330
8331
8332
8333 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
8334 if (cs_count > 255)
8335 return -EINVAL;
8336
8337 params.count = cs_count;
8338
8339 if (!need_new_beacon)
8340 goto skip_beacons;
8341
8342 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_after);
8343 if (err)
8344 return err;
8345
8346 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
8347 info->attrs[NL80211_ATTR_CSA_IES],
8348 nl80211_policy, info->extack);
8349 if (err)
8350 return err;
8351
8352 err = nl80211_parse_beacon(rdev, csa_attrs, ¶ms.beacon_csa);
8353 if (err)
8354 return err;
8355
8356 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
8357 return -EINVAL;
8358
8359 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8360 if (!len || (len % sizeof(u16)))
8361 return -EINVAL;
8362
8363 params.n_counter_offsets_beacon = len / sizeof(u16);
8364 if (rdev->wiphy.max_num_csa_counters &&
8365 (params.n_counter_offsets_beacon >
8366 rdev->wiphy.max_num_csa_counters))
8367 return -EINVAL;
8368
8369 params.counter_offsets_beacon =
8370 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8371
8372
8373 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
8374 u16 offset = params.counter_offsets_beacon[i];
8375
8376 if (offset >= params.beacon_csa.tail_len)
8377 return -EINVAL;
8378
8379 if (params.beacon_csa.tail[offset] != params.count)
8380 return -EINVAL;
8381 }
8382
8383 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
8384 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8385 if (!len || (len % sizeof(u16)))
8386 return -EINVAL;
8387
8388 params.n_counter_offsets_presp = len / sizeof(u16);
8389 if (rdev->wiphy.max_num_csa_counters &&
8390 (params.n_counter_offsets_presp >
8391 rdev->wiphy.max_num_csa_counters))
8392 return -EINVAL;
8393
8394 params.counter_offsets_presp =
8395 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8396
8397
8398 for (i = 0; i < params.n_counter_offsets_presp; i++) {
8399 u16 offset = params.counter_offsets_presp[i];
8400
8401 if (offset >= params.beacon_csa.probe_resp_len)
8402 return -EINVAL;
8403
8404 if (params.beacon_csa.probe_resp[offset] !=
8405 params.count)
8406 return -EINVAL;
8407 }
8408 }
8409
8410skip_beacons:
8411 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
8412 if (err)
8413 return err;
8414
8415 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
8416 wdev->iftype))
8417 return -EINVAL;
8418
8419 err = cfg80211_chandef_dfs_required(wdev->wiphy,
8420 ¶ms.chandef,
8421 wdev->iftype);
8422 if (err < 0)
8423 return err;
8424
8425 if (err > 0) {
8426 params.radar_required = true;
8427 if (need_handle_dfs_flag &&
8428 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
8429 return -EINVAL;
8430 }
8431 }
8432
8433 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
8434 params.block_tx = true;
8435
8436 wdev_lock(wdev);
8437 err = rdev_channel_switch(rdev, dev, ¶ms);
8438 wdev_unlock(wdev);
8439
8440 return err;
8441}
8442
8443static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
8444 u32 seq, int flags,
8445 struct cfg80211_registered_device *rdev,
8446 struct wireless_dev *wdev,
8447 struct cfg80211_internal_bss *intbss)
8448{
8449 struct cfg80211_bss *res = &intbss->pub;
8450 const struct cfg80211_bss_ies *ies;
8451 void *hdr;
8452 struct nlattr *bss;
8453
8454 ASSERT_WDEV_LOCK(wdev);
8455
8456 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8457 NL80211_CMD_NEW_SCAN_RESULTS);
8458 if (!hdr)
8459 return -1;
8460
8461 genl_dump_check_consistent(cb, hdr);
8462
8463 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
8464 goto nla_put_failure;
8465 if (wdev->netdev &&
8466 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
8467 goto nla_put_failure;
8468 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
8469 NL80211_ATTR_PAD))
8470 goto nla_put_failure;
8471
8472 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
8473 if (!bss)
8474 goto nla_put_failure;
8475 if ((!is_zero_ether_addr(res->bssid) &&
8476 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
8477 goto nla_put_failure;
8478
8479 rcu_read_lock();
8480
8481 if (rcu_access_pointer(res->proberesp_ies) &&
8482 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
8483 goto fail_unlock_rcu;
8484
8485
8486
8487
8488 ies = rcu_dereference(res->ies);
8489 if (ies) {
8490 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
8491 NL80211_BSS_PAD))
8492 goto fail_unlock_rcu;
8493 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
8494 ies->len, ies->data))
8495 goto fail_unlock_rcu;
8496 }
8497
8498
8499 ies = rcu_dereference(res->beacon_ies);
8500 if (ies && ies->from_beacon) {
8501 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
8502 NL80211_BSS_PAD))
8503 goto fail_unlock_rcu;
8504 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
8505 ies->len, ies->data))
8506 goto fail_unlock_rcu;
8507 }
8508 rcu_read_unlock();
8509
8510 if (res->beacon_interval &&
8511 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
8512 goto nla_put_failure;
8513 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
8514 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
8515 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
8516 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
8517 jiffies_to_msecs(jiffies - intbss->ts)))
8518 goto nla_put_failure;
8519
8520 if (intbss->parent_tsf &&
8521 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
8522 intbss->parent_tsf, NL80211_BSS_PAD) ||
8523 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
8524 intbss->parent_bssid)))
8525 goto nla_put_failure;
8526
8527 if (intbss->ts_boottime &&
8528 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
8529 intbss->ts_boottime, NL80211_BSS_PAD))
8530 goto nla_put_failure;
8531
8532 if (!nl80211_put_signal(msg, intbss->pub.chains,
8533 intbss->pub.chain_signal,
8534 NL80211_BSS_CHAIN_SIGNAL))
8535 goto nla_put_failure;
8536
8537 switch (rdev->wiphy.signal_type) {
8538 case CFG80211_SIGNAL_TYPE_MBM:
8539 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
8540 goto nla_put_failure;
8541 break;
8542 case CFG80211_SIGNAL_TYPE_UNSPEC:
8543 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
8544 goto nla_put_failure;
8545 break;
8546 default:
8547 break;
8548 }
8549
8550 switch (wdev->iftype) {
8551 case NL80211_IFTYPE_P2P_CLIENT:
8552 case NL80211_IFTYPE_STATION:
8553 if (intbss == wdev->current_bss &&
8554 nla_put_u32(msg, NL80211_BSS_STATUS,
8555 NL80211_BSS_STATUS_ASSOCIATED))
8556 goto nla_put_failure;
8557 break;
8558 case NL80211_IFTYPE_ADHOC:
8559 if (intbss == wdev->current_bss &&
8560 nla_put_u32(msg, NL80211_BSS_STATUS,
8561 NL80211_BSS_STATUS_IBSS_JOINED))
8562 goto nla_put_failure;
8563 break;
8564 default:
8565 break;
8566 }
8567
8568 nla_nest_end(msg, bss);
8569
8570 genlmsg_end(msg, hdr);
8571 return 0;
8572
8573 fail_unlock_rcu:
8574 rcu_read_unlock();
8575 nla_put_failure:
8576 genlmsg_cancel(msg, hdr);
8577 return -EMSGSIZE;
8578}
8579
8580static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
8581{
8582 struct cfg80211_registered_device *rdev;
8583 struct cfg80211_internal_bss *scan;
8584 struct wireless_dev *wdev;
8585 int start = cb->args[2], idx = 0;
8586 int err;
8587
8588 rtnl_lock();
8589 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8590 if (err) {
8591 rtnl_unlock();
8592 return err;
8593 }
8594
8595 wdev_lock(wdev);
8596 spin_lock_bh(&rdev->bss_lock);
8597
8598
8599
8600
8601
8602
8603
8604 if (start == 0)
8605 cfg80211_bss_expire(rdev);
8606
8607 cb->seq = rdev->bss_generation;
8608
8609 list_for_each_entry(scan, &rdev->bss_list, list) {
8610 if (++idx <= start)
8611 continue;
8612 if (nl80211_send_bss(skb, cb,
8613 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8614 rdev, wdev, scan) < 0) {
8615 idx--;
8616 break;
8617 }
8618 }
8619
8620 spin_unlock_bh(&rdev->bss_lock);
8621 wdev_unlock(wdev);
8622
8623 cb->args[2] = idx;
8624 rtnl_unlock();
8625
8626 return skb->len;
8627}
8628
8629static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
8630 int flags, struct net_device *dev,
8631 bool allow_radio_stats,
8632 struct survey_info *survey)
8633{
8634 void *hdr;
8635 struct nlattr *infoattr;
8636
8637
8638 if (!survey->channel && !allow_radio_stats)
8639 return 0;
8640
8641 hdr = nl80211hdr_put(msg, portid, seq, flags,
8642 NL80211_CMD_NEW_SURVEY_RESULTS);
8643 if (!hdr)
8644 return -ENOMEM;
8645
8646 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
8647 goto nla_put_failure;
8648
8649 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
8650 if (!infoattr)
8651 goto nla_put_failure;
8652
8653 if (survey->channel &&
8654 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
8655 survey->channel->center_freq))
8656 goto nla_put_failure;
8657
8658 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
8659 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
8660 goto nla_put_failure;
8661 if ((survey->filled & SURVEY_INFO_IN_USE) &&
8662 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
8663 goto nla_put_failure;
8664 if ((survey->filled & SURVEY_INFO_TIME) &&
8665 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
8666 survey->time, NL80211_SURVEY_INFO_PAD))
8667 goto nla_put_failure;
8668 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
8669 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
8670 survey->time_busy, NL80211_SURVEY_INFO_PAD))
8671 goto nla_put_failure;
8672 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
8673 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
8674 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
8675 goto nla_put_failure;
8676 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
8677 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
8678 survey->time_rx, NL80211_SURVEY_INFO_PAD))
8679 goto nla_put_failure;
8680 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
8681 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
8682 survey->time_tx, NL80211_SURVEY_INFO_PAD))
8683 goto nla_put_failure;
8684 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
8685 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
8686 survey->time_scan, NL80211_SURVEY_INFO_PAD))
8687 goto nla_put_failure;
8688
8689 nla_nest_end(msg, infoattr);
8690
8691 genlmsg_end(msg, hdr);
8692 return 0;
8693
8694 nla_put_failure:
8695 genlmsg_cancel(msg, hdr);
8696 return -EMSGSIZE;
8697}
8698
8699static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
8700{
8701 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
8702 struct survey_info survey;
8703 struct cfg80211_registered_device *rdev;
8704 struct wireless_dev *wdev;
8705 int survey_idx = cb->args[2];
8706 int res;
8707 bool radio_stats;
8708
8709 rtnl_lock();
8710 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8711 if (res)
8712 goto out_err;
8713
8714
8715 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
8716
8717 if (!wdev->netdev) {
8718 res = -EINVAL;
8719 goto out_err;
8720 }
8721
8722 if (!rdev->ops->dump_survey) {
8723 res = -EOPNOTSUPP;
8724 goto out_err;
8725 }
8726
8727 while (1) {
8728 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
8729 if (res == -ENOENT)
8730 break;
8731 if (res)
8732 goto out_err;
8733
8734
8735 if (survey.channel &&
8736 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
8737 survey_idx++;
8738 continue;
8739 }
8740
8741 if (nl80211_send_survey(skb,
8742 NETLINK_CB(cb->skb).portid,
8743 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8744 wdev->netdev, radio_stats, &survey) < 0)
8745 goto out;
8746 survey_idx++;
8747 }
8748
8749 out:
8750 cb->args[2] = survey_idx;
8751 res = skb->len;
8752 out_err:
8753 rtnl_unlock();
8754 return res;
8755}
8756
8757static bool nl80211_valid_wpa_versions(u32 wpa_versions)
8758{
8759 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
8760 NL80211_WPA_VERSION_2 |
8761 NL80211_WPA_VERSION_3));
8762}
8763
8764static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
8765{
8766 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8767 struct net_device *dev = info->user_ptr[1];
8768 struct ieee80211_channel *chan;
8769 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
8770 int err, ssid_len, ie_len = 0, auth_data_len = 0;
8771 enum nl80211_auth_type auth_type;
8772 struct key_parse key;
8773 bool local_state_change;
8774
8775 if (!info->attrs[NL80211_ATTR_MAC])
8776 return -EINVAL;
8777
8778 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
8779 return -EINVAL;
8780
8781 if (!info->attrs[NL80211_ATTR_SSID])
8782 return -EINVAL;
8783
8784 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8785 return -EINVAL;
8786
8787 err = nl80211_parse_key(info, &key);
8788 if (err)
8789 return err;
8790
8791 if (key.idx >= 0) {
8792 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8793 return -EINVAL;
8794 if (!key.p.key || !key.p.key_len)
8795 return -EINVAL;
8796 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8797 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8798 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8799 key.p.key_len != WLAN_KEY_LEN_WEP104))
8800 return -EINVAL;
8801 if (key.idx > 3)
8802 return -EINVAL;
8803 } else {
8804 key.p.key_len = 0;
8805 key.p.key = NULL;
8806 }
8807
8808 if (key.idx >= 0) {
8809 int i;
8810 bool ok = false;
8811
8812 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8813 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8814 ok = true;
8815 break;
8816 }
8817 }
8818 if (!ok)
8819 return -EINVAL;
8820 }
8821
8822 if (!rdev->ops->auth)
8823 return -EOPNOTSUPP;
8824
8825 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8826 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8827 return -EOPNOTSUPP;
8828
8829 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8830 chan = nl80211_get_valid_chan(&rdev->wiphy,
8831 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8832 if (!chan)
8833 return -EINVAL;
8834
8835 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8836 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8837
8838 if (info->attrs[NL80211_ATTR_IE]) {
8839 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8840 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8841 }
8842
8843 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8844 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
8845 return -EINVAL;
8846
8847 if ((auth_type == NL80211_AUTHTYPE_SAE ||
8848 auth_type == NL80211_AUTHTYPE_FILS_SK ||
8849 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
8850 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
8851 !info->attrs[NL80211_ATTR_AUTH_DATA])
8852 return -EINVAL;
8853
8854 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
8855 if (auth_type != NL80211_AUTHTYPE_SAE &&
8856 auth_type != NL80211_AUTHTYPE_FILS_SK &&
8857 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
8858 auth_type != NL80211_AUTHTYPE_FILS_PK)
8859 return -EINVAL;
8860 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
8861 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
8862
8863 if (auth_data_len < 4)
8864 return -EINVAL;
8865 }
8866
8867 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8868
8869
8870
8871
8872
8873 if (local_state_change)
8874 return 0;
8875
8876 wdev_lock(dev->ieee80211_ptr);
8877 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
8878 ssid, ssid_len, ie, ie_len,
8879 key.p.key, key.p.key_len, key.idx,
8880 auth_data, auth_data_len);
8881 wdev_unlock(dev->ieee80211_ptr);
8882 return err;
8883}
8884
8885static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
8886 struct genl_info *info)
8887{
8888 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8889 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
8890 return -EINVAL;
8891 }
8892
8893 if (!rdev->ops->tx_control_port ||
8894 !wiphy_ext_feature_isset(&rdev->wiphy,
8895 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
8896 return -EOPNOTSUPP;
8897
8898 return 0;
8899}
8900
8901static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
8902 struct genl_info *info,
8903 struct cfg80211_crypto_settings *settings,
8904 int cipher_limit)
8905{
8906 memset(settings, 0, sizeof(*settings));
8907
8908 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
8909
8910 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
8911 u16 proto;
8912
8913 proto = nla_get_u16(
8914 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
8915 settings->control_port_ethertype = cpu_to_be16(proto);
8916 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
8917 proto != ETH_P_PAE)
8918 return -EINVAL;
8919 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
8920 settings->control_port_no_encrypt = true;
8921 } else
8922 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
8923
8924 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
8925 int r = validate_pae_over_nl80211(rdev, info);
8926
8927 if (r < 0)
8928 return r;
8929
8930 settings->control_port_over_nl80211 = true;
8931 }
8932
8933 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
8934 void *data;
8935 int len, i;
8936
8937 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8938 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8939 settings->n_ciphers_pairwise = len / sizeof(u32);
8940
8941 if (len % sizeof(u32))
8942 return -EINVAL;
8943
8944 if (settings->n_ciphers_pairwise > cipher_limit)
8945 return -EINVAL;
8946
8947 memcpy(settings->ciphers_pairwise, data, len);
8948
8949 for (i = 0; i < settings->n_ciphers_pairwise; i++)
8950 if (!cfg80211_supported_cipher_suite(
8951 &rdev->wiphy,
8952 settings->ciphers_pairwise[i]))
8953 return -EINVAL;
8954 }
8955
8956 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
8957 settings->cipher_group =
8958 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
8959 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
8960 settings->cipher_group))
8961 return -EINVAL;
8962 }
8963
8964 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
8965 settings->wpa_versions =
8966 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
8967 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
8968 return -EINVAL;
8969 }
8970
8971 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
8972 void *data;
8973 int len;
8974
8975 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
8976 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
8977 settings->n_akm_suites = len / sizeof(u32);
8978
8979 if (len % sizeof(u32))
8980 return -EINVAL;
8981
8982 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
8983 return -EINVAL;
8984
8985 memcpy(settings->akm_suites, data, len);
8986 }
8987
8988 if (info->attrs[NL80211_ATTR_PMK]) {
8989 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
8990 return -EINVAL;
8991 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8992 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
8993 return -EINVAL;
8994 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
8995 }
8996
8997 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
8998 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8999 NL80211_EXT_FEATURE_SAE_OFFLOAD))
9000 return -EINVAL;
9001 settings->sae_pwd =
9002 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9003 settings->sae_pwd_len =
9004 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9005 }
9006
9007 return 0;
9008}
9009
9010static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
9011{
9012 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9013 struct net_device *dev = info->user_ptr[1];
9014 struct ieee80211_channel *chan;
9015 struct cfg80211_assoc_request req = {};
9016 const u8 *bssid, *ssid;
9017 int err, ssid_len = 0;
9018
9019 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9020 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9021 return -EPERM;
9022
9023 if (!info->attrs[NL80211_ATTR_MAC] ||
9024 !info->attrs[NL80211_ATTR_SSID] ||
9025 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9026 return -EINVAL;
9027
9028 if (!rdev->ops->assoc)
9029 return -EOPNOTSUPP;
9030
9031 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9032 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9033 return -EOPNOTSUPP;
9034
9035 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9036
9037 chan = nl80211_get_valid_chan(&rdev->wiphy,
9038 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9039 if (!chan)
9040 return -EINVAL;
9041
9042 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9043 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9044
9045 if (info->attrs[NL80211_ATTR_IE]) {
9046 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9047 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9048 }
9049
9050 if (info->attrs[NL80211_ATTR_USE_MFP]) {
9051 enum nl80211_mfp mfp =
9052 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9053 if (mfp == NL80211_MFP_REQUIRED)
9054 req.use_mfp = true;
9055 else if (mfp != NL80211_MFP_NO)
9056 return -EINVAL;
9057 }
9058
9059 if (info->attrs[NL80211_ATTR_PREV_BSSID])
9060 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9061
9062 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9063 req.flags |= ASSOC_REQ_DISABLE_HT;
9064
9065 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9066 memcpy(&req.ht_capa_mask,
9067 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9068 sizeof(req.ht_capa_mask));
9069
9070 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9071 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9072 return -EINVAL;
9073 memcpy(&req.ht_capa,
9074 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9075 sizeof(req.ht_capa));
9076 }
9077
9078 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9079 req.flags |= ASSOC_REQ_DISABLE_VHT;
9080
9081 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9082 memcpy(&req.vht_capa_mask,
9083 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9084 sizeof(req.vht_capa_mask));
9085
9086 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9087 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9088 return -EINVAL;
9089 memcpy(&req.vht_capa,
9090 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9091 sizeof(req.vht_capa));
9092 }
9093
9094 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9095 if (!((rdev->wiphy.features &
9096 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9097 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9098 !wiphy_ext_feature_isset(&rdev->wiphy,
9099 NL80211_EXT_FEATURE_RRM))
9100 return -EINVAL;
9101 req.flags |= ASSOC_REQ_USE_RRM;
9102 }
9103
9104 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
9105 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
9106 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
9107 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
9108 return -EINVAL;
9109 req.fils_nonces =
9110 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
9111 }
9112
9113 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
9114 if (!err) {
9115 wdev_lock(dev->ieee80211_ptr);
9116
9117 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
9118 ssid, ssid_len, &req);
9119
9120 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9121 dev->ieee80211_ptr->conn_owner_nlportid =
9122 info->snd_portid;
9123 memcpy(dev->ieee80211_ptr->disconnect_bssid,
9124 bssid, ETH_ALEN);
9125 }
9126
9127 wdev_unlock(dev->ieee80211_ptr);
9128 }
9129
9130 return err;
9131}
9132
9133static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
9134{
9135 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9136 struct net_device *dev = info->user_ptr[1];
9137 const u8 *ie = NULL, *bssid;
9138 int ie_len = 0, err;
9139 u16 reason_code;
9140 bool local_state_change;
9141
9142 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9143 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9144 return -EPERM;
9145
9146 if (!info->attrs[NL80211_ATTR_MAC])
9147 return -EINVAL;
9148
9149 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9150 return -EINVAL;
9151
9152 if (!rdev->ops->deauth)
9153 return -EOPNOTSUPP;
9154
9155 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9156 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9157 return -EOPNOTSUPP;
9158
9159 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9160
9161 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9162 if (reason_code == 0) {
9163
9164 return -EINVAL;
9165 }
9166
9167 if (info->attrs[NL80211_ATTR_IE]) {
9168 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9169 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9170 }
9171
9172 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9173
9174 wdev_lock(dev->ieee80211_ptr);
9175 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
9176 local_state_change);
9177 wdev_unlock(dev->ieee80211_ptr);
9178 return err;
9179}
9180
9181static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
9182{
9183 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9184 struct net_device *dev = info->user_ptr[1];
9185 const u8 *ie = NULL, *bssid;
9186 int ie_len = 0, err;
9187 u16 reason_code;
9188 bool local_state_change;
9189
9190 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9191 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9192 return -EPERM;
9193
9194 if (!info->attrs[NL80211_ATTR_MAC])
9195 return -EINVAL;
9196
9197 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9198 return -EINVAL;
9199
9200 if (!rdev->ops->disassoc)
9201 return -EOPNOTSUPP;
9202
9203 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9204 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9205 return -EOPNOTSUPP;
9206
9207 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9208
9209 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9210 if (reason_code == 0) {
9211
9212 return -EINVAL;
9213 }
9214
9215 if (info->attrs[NL80211_ATTR_IE]) {
9216 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9217 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9218 }
9219
9220 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9221
9222 wdev_lock(dev->ieee80211_ptr);
9223 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
9224 local_state_change);
9225 wdev_unlock(dev->ieee80211_ptr);
9226 return err;
9227}
9228
9229static bool
9230nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
9231 int mcast_rate[NUM_NL80211_BANDS],
9232 int rateval)
9233{
9234 struct wiphy *wiphy = &rdev->wiphy;
9235 bool found = false;
9236 int band, i;
9237
9238 for (band = 0; band < NUM_NL80211_BANDS; band++) {
9239 struct ieee80211_supported_band *sband;
9240
9241 sband = wiphy->bands[band];
9242 if (!sband)
9243 continue;
9244
9245 for (i = 0; i < sband->n_bitrates; i++) {
9246 if (sband->bitrates[i].bitrate == rateval) {
9247 mcast_rate[band] = i + 1;
9248 found = true;
9249 break;
9250 }
9251 }
9252 }
9253
9254 return found;
9255}
9256
9257static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
9258{
9259 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9260 struct net_device *dev = info->user_ptr[1];
9261 struct cfg80211_ibss_params ibss;
9262 struct wiphy *wiphy;
9263 struct cfg80211_cached_keys *connkeys = NULL;
9264 int err;
9265
9266 memset(&ibss, 0, sizeof(ibss));
9267
9268 if (!info->attrs[NL80211_ATTR_SSID] ||
9269 !nla_len(info->attrs[NL80211_ATTR_SSID]))
9270 return -EINVAL;
9271
9272 ibss.beacon_interval = 100;
9273
9274 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
9275 ibss.beacon_interval =
9276 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9277
9278 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
9279 ibss.beacon_interval);
9280 if (err)
9281 return err;
9282
9283 if (!rdev->ops->join_ibss)
9284 return -EOPNOTSUPP;
9285
9286 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9287 return -EOPNOTSUPP;
9288
9289 wiphy = &rdev->wiphy;
9290
9291 if (info->attrs[NL80211_ATTR_MAC]) {
9292 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9293
9294 if (!is_valid_ether_addr(ibss.bssid))
9295 return -EINVAL;
9296 }
9297 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9298 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9299
9300 if (info->attrs[NL80211_ATTR_IE]) {
9301 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9302 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9303 }
9304
9305 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
9306 if (err)
9307 return err;
9308
9309 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
9310 NL80211_IFTYPE_ADHOC))
9311 return -EINVAL;
9312
9313 switch (ibss.chandef.width) {
9314 case NL80211_CHAN_WIDTH_5:
9315 case NL80211_CHAN_WIDTH_10:
9316 case NL80211_CHAN_WIDTH_20_NOHT:
9317 break;
9318 case NL80211_CHAN_WIDTH_20:
9319 case NL80211_CHAN_WIDTH_40:
9320 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9321 return -EINVAL;
9322 break;
9323 case NL80211_CHAN_WIDTH_80:
9324 case NL80211_CHAN_WIDTH_80P80:
9325 case NL80211_CHAN_WIDTH_160:
9326 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9327 return -EINVAL;
9328 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9329 NL80211_EXT_FEATURE_VHT_IBSS))
9330 return -EINVAL;
9331 break;
9332 default:
9333 return -EINVAL;
9334 }
9335
9336 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
9337 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
9338
9339 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9340 u8 *rates =
9341 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9342 int n_rates =
9343 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9344 struct ieee80211_supported_band *sband =
9345 wiphy->bands[ibss.chandef.chan->band];
9346
9347 err = ieee80211_get_ratemask(sband, rates, n_rates,
9348 &ibss.basic_rates);
9349 if (err)
9350 return err;
9351 }
9352
9353 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9354 memcpy(&ibss.ht_capa_mask,
9355 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9356 sizeof(ibss.ht_capa_mask));
9357
9358 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9359 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9360 return -EINVAL;
9361 memcpy(&ibss.ht_capa,
9362 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9363 sizeof(ibss.ht_capa));
9364 }
9365
9366 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9367 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
9368 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9369 return -EINVAL;
9370
9371 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9372 bool no_ht = false;
9373
9374 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
9375 if (IS_ERR(connkeys))
9376 return PTR_ERR(connkeys);
9377
9378 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
9379 no_ht) {
9380 kzfree(connkeys);
9381 return -EINVAL;
9382 }
9383 }
9384
9385 ibss.control_port =
9386 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
9387
9388 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9389 int r = validate_pae_over_nl80211(rdev, info);
9390
9391 if (r < 0) {
9392 kzfree(connkeys);
9393 return r;
9394 }
9395
9396 ibss.control_port_over_nl80211 = true;
9397 }
9398
9399 ibss.userspace_handles_dfs =
9400 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
9401
9402 wdev_lock(dev->ieee80211_ptr);
9403 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
9404 if (err)
9405 kzfree(connkeys);
9406 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9407 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9408 wdev_unlock(dev->ieee80211_ptr);
9409
9410 return err;
9411}
9412
9413static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
9414{
9415 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9416 struct net_device *dev = info->user_ptr[1];
9417
9418 if (!rdev->ops->leave_ibss)
9419 return -EOPNOTSUPP;
9420
9421 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9422 return -EOPNOTSUPP;
9423
9424 return cfg80211_leave_ibss(rdev, dev, false);
9425}
9426
9427static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
9428{
9429 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9430 struct net_device *dev = info->user_ptr[1];
9431 int mcast_rate[NUM_NL80211_BANDS];
9432 u32 nla_rate;
9433 int err;
9434
9435 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
9436 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
9437 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
9438 return -EOPNOTSUPP;
9439
9440 if (!rdev->ops->set_mcast_rate)
9441 return -EOPNOTSUPP;
9442
9443 memset(mcast_rate, 0, sizeof(mcast_rate));
9444
9445 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
9446 return -EINVAL;
9447
9448 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
9449 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
9450 return -EINVAL;
9451
9452 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
9453
9454 return err;
9455}
9456
9457static struct sk_buff *
9458__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
9459 struct wireless_dev *wdev, int approxlen,
9460 u32 portid, u32 seq, enum nl80211_commands cmd,
9461 enum nl80211_attrs attr,
9462 const struct nl80211_vendor_cmd_info *info,
9463 gfp_t gfp)
9464{
9465 struct sk_buff *skb;
9466 void *hdr;
9467 struct nlattr *data;
9468
9469 skb = nlmsg_new(approxlen + 100, gfp);
9470 if (!skb)
9471 return NULL;
9472
9473 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
9474 if (!hdr) {
9475 kfree_skb(skb);
9476 return NULL;
9477 }
9478
9479 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
9480 goto nla_put_failure;
9481
9482 if (info) {
9483 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
9484 info->vendor_id))
9485 goto nla_put_failure;
9486 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
9487 info->subcmd))
9488 goto nla_put_failure;
9489 }
9490
9491 if (wdev) {
9492 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
9493 wdev_id(wdev), NL80211_ATTR_PAD))
9494 goto nla_put_failure;
9495 if (wdev->netdev &&
9496 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
9497 wdev->netdev->ifindex))
9498 goto nla_put_failure;
9499 }
9500
9501 data = nla_nest_start_noflag(skb, attr);
9502 if (!data)
9503 goto nla_put_failure;
9504
9505 ((void **)skb->cb)[0] = rdev;
9506 ((void **)skb->cb)[1] = hdr;
9507 ((void **)skb->cb)[2] = data;
9508
9509 return skb;
9510
9511 nla_put_failure:
9512 kfree_skb(skb);
9513 return NULL;
9514}
9515
9516struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
9517 struct wireless_dev *wdev,
9518 enum nl80211_commands cmd,
9519 enum nl80211_attrs attr,
9520 unsigned int portid,
9521 int vendor_event_idx,
9522 int approxlen, gfp_t gfp)
9523{
9524 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9525 const struct nl80211_vendor_cmd_info *info;
9526
9527 switch (cmd) {
9528 case NL80211_CMD_TESTMODE:
9529 if (WARN_ON(vendor_event_idx != -1))
9530 return NULL;
9531 info = NULL;
9532 break;
9533 case NL80211_CMD_VENDOR:
9534 if (WARN_ON(vendor_event_idx < 0 ||
9535 vendor_event_idx >= wiphy->n_vendor_events))
9536 return NULL;
9537 info = &wiphy->vendor_events[vendor_event_idx];
9538 break;
9539 default:
9540 WARN_ON(1);
9541 return NULL;
9542 }
9543
9544 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
9545 cmd, attr, info, gfp);
9546}
9547EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
9548
9549void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
9550{
9551 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9552 void *hdr = ((void **)skb->cb)[1];
9553 struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
9554 struct nlattr *data = ((void **)skb->cb)[2];
9555 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
9556
9557
9558 memset(skb->cb, 0, sizeof(skb->cb));
9559
9560 nla_nest_end(skb, data);
9561 genlmsg_end(skb, hdr);
9562
9563 if (nlhdr->nlmsg_pid) {
9564 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
9565 nlhdr->nlmsg_pid);
9566 } else {
9567 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
9568 mcgrp = NL80211_MCGRP_VENDOR;
9569
9570 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
9571 skb, 0, mcgrp, gfp);
9572 }
9573}
9574EXPORT_SYMBOL(__cfg80211_send_event_skb);
9575
9576#ifdef CONFIG_NL80211_TESTMODE
9577static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
9578{
9579 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9580 struct wireless_dev *wdev =
9581 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9582 int err;
9583
9584 if (!rdev->ops->testmode_cmd)
9585 return -EOPNOTSUPP;
9586
9587 if (IS_ERR(wdev)) {
9588 err = PTR_ERR(wdev);
9589 if (err != -EINVAL)
9590 return err;
9591 wdev = NULL;
9592 } else if (wdev->wiphy != &rdev->wiphy) {
9593 return -EINVAL;
9594 }
9595
9596 if (!info->attrs[NL80211_ATTR_TESTDATA])
9597 return -EINVAL;
9598
9599 rdev->cur_cmd_info = info;
9600 err = rdev_testmode_cmd(rdev, wdev,
9601 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
9602 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
9603 rdev->cur_cmd_info = NULL;
9604
9605 return err;
9606}
9607
9608static int nl80211_testmode_dump(struct sk_buff *skb,
9609 struct netlink_callback *cb)
9610{
9611 struct cfg80211_registered_device *rdev;
9612 int err;
9613 long phy_idx;
9614 void *data = NULL;
9615 int data_len = 0;
9616
9617 rtnl_lock();
9618
9619 if (cb->args[0]) {
9620
9621
9622
9623
9624 phy_idx = cb->args[0] - 1;
9625
9626 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
9627 if (!rdev) {
9628 err = -ENOENT;
9629 goto out_err;
9630 }
9631 } else {
9632 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
9633
9634 err = nlmsg_parse_deprecated(cb->nlh,
9635 GENL_HDRLEN + nl80211_fam.hdrsize,
9636 attrbuf, nl80211_fam.maxattr,
9637 nl80211_policy, NULL);
9638 if (err)
9639 goto out_err;
9640
9641 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
9642 if (IS_ERR(rdev)) {
9643 err = PTR_ERR(rdev);
9644 goto out_err;
9645 }
9646 phy_idx = rdev->wiphy_idx;
9647
9648 if (attrbuf[NL80211_ATTR_TESTDATA])
9649 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
9650 }
9651
9652 if (cb->args[1]) {
9653 data = nla_data((void *)cb->args[1]);
9654 data_len = nla_len((void *)cb->args[1]);
9655 }
9656
9657 if (!rdev->ops->testmode_dump) {
9658 err = -EOPNOTSUPP;
9659 goto out_err;
9660 }
9661
9662 while (1) {
9663 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
9664 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9665 NL80211_CMD_TESTMODE);
9666 struct nlattr *tmdata;
9667
9668 if (!hdr)
9669 break;
9670
9671 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
9672 genlmsg_cancel(skb, hdr);
9673 break;
9674 }
9675
9676 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
9677 if (!tmdata) {
9678 genlmsg_cancel(skb, hdr);
9679 break;
9680 }
9681 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
9682 nla_nest_end(skb, tmdata);
9683
9684 if (err == -ENOBUFS || err == -ENOENT) {
9685 genlmsg_cancel(skb, hdr);
9686 break;
9687 } else if (err) {
9688 genlmsg_cancel(skb, hdr);
9689 goto out_err;
9690 }
9691
9692 genlmsg_end(skb, hdr);
9693 }
9694
9695 err = skb->len;
9696
9697 cb->args[0] = phy_idx + 1;
9698 out_err:
9699 rtnl_unlock();
9700 return err;
9701}
9702#endif
9703
9704static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
9705{
9706 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9707 struct net_device *dev = info->user_ptr[1];
9708 struct cfg80211_connect_params connect;
9709 struct wiphy *wiphy;
9710 struct cfg80211_cached_keys *connkeys = NULL;
9711 int err;
9712
9713 memset(&connect, 0, sizeof(connect));
9714
9715 if (!info->attrs[NL80211_ATTR_SSID] ||
9716 !nla_len(info->attrs[NL80211_ATTR_SSID]))
9717 return -EINVAL;
9718
9719 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
9720 connect.auth_type =
9721 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9722 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
9723 NL80211_CMD_CONNECT))
9724 return -EINVAL;
9725 } else
9726 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
9727
9728 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
9729
9730 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
9731 !wiphy_ext_feature_isset(&rdev->wiphy,
9732 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
9733 return -EINVAL;
9734 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
9735
9736 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
9737 NL80211_MAX_NR_CIPHER_SUITES);
9738 if (err)
9739 return err;
9740
9741 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9742 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9743 return -EOPNOTSUPP;
9744
9745 wiphy = &rdev->wiphy;
9746
9747 connect.bg_scan_period = -1;
9748 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
9749 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
9750 connect.bg_scan_period =
9751 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
9752 }
9753
9754 if (info->attrs[NL80211_ATTR_MAC])
9755 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9756 else if (info->attrs[NL80211_ATTR_MAC_HINT])
9757 connect.bssid_hint =
9758 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
9759 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9760 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9761
9762 if (info->attrs[NL80211_ATTR_IE]) {
9763 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9764 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9765 }
9766
9767 if (info->attrs[NL80211_ATTR_USE_MFP]) {
9768 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9769 if (connect.mfp == NL80211_MFP_OPTIONAL &&
9770 !wiphy_ext_feature_isset(&rdev->wiphy,
9771 NL80211_EXT_FEATURE_MFP_OPTIONAL))
9772 return -EOPNOTSUPP;
9773 } else {
9774 connect.mfp = NL80211_MFP_NO;
9775 }
9776
9777 if (info->attrs[NL80211_ATTR_PREV_BSSID])
9778 connect.prev_bssid =
9779 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9780
9781 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9782 connect.channel = nl80211_get_valid_chan(
9783 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9784 if (!connect.channel)
9785 return -EINVAL;
9786 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
9787 connect.channel_hint = nl80211_get_valid_chan(
9788 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
9789 if (!connect.channel_hint)
9790 return -EINVAL;
9791 }
9792
9793 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9794 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
9795 if (IS_ERR(connkeys))
9796 return PTR_ERR(connkeys);
9797 }
9798
9799 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9800 connect.flags |= ASSOC_REQ_DISABLE_HT;
9801
9802 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9803 memcpy(&connect.ht_capa_mask,
9804 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9805 sizeof(connect.ht_capa_mask));
9806
9807 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9808 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
9809 kzfree(connkeys);
9810 return -EINVAL;
9811 }
9812 memcpy(&connect.ht_capa,
9813 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9814 sizeof(connect.ht_capa));
9815 }
9816
9817 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9818 connect.flags |= ASSOC_REQ_DISABLE_VHT;
9819
9820 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9821 memcpy(&connect.vht_capa_mask,
9822 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9823 sizeof(connect.vht_capa_mask));
9824
9825 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9826 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
9827 kzfree(connkeys);
9828 return -EINVAL;
9829 }
9830 memcpy(&connect.vht_capa,
9831 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9832 sizeof(connect.vht_capa));
9833 }
9834
9835 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9836 if (!((rdev->wiphy.features &
9837 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9838 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9839 !wiphy_ext_feature_isset(&rdev->wiphy,
9840 NL80211_EXT_FEATURE_RRM)) {
9841 kzfree(connkeys);
9842 return -EINVAL;
9843 }
9844 connect.flags |= ASSOC_REQ_USE_RRM;
9845 }
9846
9847 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
9848 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
9849 kzfree(connkeys);
9850 return -EOPNOTSUPP;
9851 }
9852
9853 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
9854
9855 if (connect.bssid) {
9856 kzfree(connkeys);
9857 return -EINVAL;
9858 }
9859
9860 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
9861 wiphy, &connect.bss_select);
9862 if (err) {
9863 kzfree(connkeys);
9864 return err;
9865 }
9866 }
9867
9868 if (wiphy_ext_feature_isset(&rdev->wiphy,
9869 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
9870 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9871 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9872 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9873 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9874 connect.fils_erp_username =
9875 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9876 connect.fils_erp_username_len =
9877 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9878 connect.fils_erp_realm =
9879 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9880 connect.fils_erp_realm_len =
9881 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9882 connect.fils_erp_next_seq_num =
9883 nla_get_u16(
9884 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9885 connect.fils_erp_rrk =
9886 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9887 connect.fils_erp_rrk_len =
9888 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9889 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9890 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9891 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9892 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9893 kzfree(connkeys);
9894 return -EINVAL;
9895 }
9896
9897 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
9898 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9899 kzfree(connkeys);
9900 GENL_SET_ERR_MSG(info,
9901 "external auth requires connection ownership");
9902 return -EINVAL;
9903 }
9904 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
9905 }
9906
9907 wdev_lock(dev->ieee80211_ptr);
9908
9909 err = cfg80211_connect(rdev, dev, &connect, connkeys,
9910 connect.prev_bssid);
9911 if (err)
9912 kzfree(connkeys);
9913
9914 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9915 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9916 if (connect.bssid)
9917 memcpy(dev->ieee80211_ptr->disconnect_bssid,
9918 connect.bssid, ETH_ALEN);
9919 else
9920 memset(dev->ieee80211_ptr->disconnect_bssid,
9921 0, ETH_ALEN);
9922 }
9923
9924 wdev_unlock(dev->ieee80211_ptr);
9925
9926 return err;
9927}
9928
9929static int nl80211_update_connect_params(struct sk_buff *skb,
9930 struct genl_info *info)
9931{
9932 struct cfg80211_connect_params connect = {};
9933 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9934 struct net_device *dev = info->user_ptr[1];
9935 struct wireless_dev *wdev = dev->ieee80211_ptr;
9936 bool fils_sk_offload;
9937 u32 auth_type;
9938 u32 changed = 0;
9939 int ret;
9940
9941 if (!rdev->ops->update_connect_params)
9942 return -EOPNOTSUPP;
9943
9944 if (info->attrs[NL80211_ATTR_IE]) {
9945 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9946 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9947 changed |= UPDATE_ASSOC_IES;
9948 }
9949
9950 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
9951 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
9952
9953
9954
9955
9956
9957
9958 if (fils_sk_offload &&
9959 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9960 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9961 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9962 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9963 connect.fils_erp_username =
9964 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9965 connect.fils_erp_username_len =
9966 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9967 connect.fils_erp_realm =
9968 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9969 connect.fils_erp_realm_len =
9970 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9971 connect.fils_erp_next_seq_num =
9972 nla_get_u16(
9973 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9974 connect.fils_erp_rrk =
9975 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9976 connect.fils_erp_rrk_len =
9977 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9978 changed |= UPDATE_FILS_ERP_INFO;
9979 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9980 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9981 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9982 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9983 return -EINVAL;
9984 }
9985
9986 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
9987 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9988 if (!nl80211_valid_auth_type(rdev, auth_type,
9989 NL80211_CMD_CONNECT))
9990 return -EINVAL;
9991
9992 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
9993 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
9994 return -EINVAL;
9995
9996 connect.auth_type = auth_type;
9997 changed |= UPDATE_AUTH_TYPE;
9998 }
9999
10000 wdev_lock(dev->ieee80211_ptr);
10001 if (!wdev->current_bss)
10002 ret = -ENOLINK;
10003 else
10004 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
10005 wdev_unlock(dev->ieee80211_ptr);
10006
10007 return ret;
10008}
10009
10010static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
10011{
10012 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10013 struct net_device *dev = info->user_ptr[1];
10014 u16 reason;
10015 int ret;
10016
10017 if (dev->ieee80211_ptr->conn_owner_nlportid &&
10018 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10019 return -EPERM;
10020
10021 if (!info->attrs[NL80211_ATTR_REASON_CODE])
10022 reason = WLAN_REASON_DEAUTH_LEAVING;
10023 else
10024 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10025
10026 if (reason == 0)
10027 return -EINVAL;
10028
10029 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10030 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10031 return -EOPNOTSUPP;
10032
10033 wdev_lock(dev->ieee80211_ptr);
10034 ret = cfg80211_disconnect(rdev, dev, reason, true);
10035 wdev_unlock(dev->ieee80211_ptr);
10036 return ret;
10037}
10038
10039static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
10040{
10041 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10042 struct net *net;
10043 int err;
10044
10045 if (info->attrs[NL80211_ATTR_PID]) {
10046 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
10047
10048 net = get_net_ns_by_pid(pid);
10049 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
10050 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
10051
10052 net = get_net_ns_by_fd(fd);
10053 } else {
10054 return -EINVAL;
10055 }
10056
10057 if (IS_ERR(net))
10058 return PTR_ERR(net);
10059
10060 err = 0;
10061
10062
10063 if (!net_eq(wiphy_net(&rdev->wiphy), net))
10064 err = cfg80211_switch_netns(rdev, net);
10065
10066 put_net(net);
10067 return err;
10068}
10069
10070static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
10071{
10072 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10073 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
10074 struct cfg80211_pmksa *pmksa) = NULL;
10075 struct net_device *dev = info->user_ptr[1];
10076 struct cfg80211_pmksa pmksa;
10077
10078 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
10079
10080 if (!info->attrs[NL80211_ATTR_PMKID])
10081 return -EINVAL;
10082
10083 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
10084
10085 if (info->attrs[NL80211_ATTR_MAC]) {
10086 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10087 } else if (info->attrs[NL80211_ATTR_SSID] &&
10088 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
10089 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
10090 info->attrs[NL80211_ATTR_PMK])) {
10091 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10092 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10093 pmksa.cache_id =
10094 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
10095 } else {
10096 return -EINVAL;
10097 }
10098 if (info->attrs[NL80211_ATTR_PMK]) {
10099 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
10100 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
10101 }
10102
10103 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10104 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
10105 !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
10106 wiphy_ext_feature_isset(&rdev->wiphy,
10107 NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
10108 return -EOPNOTSUPP;
10109
10110 switch (info->genlhdr->cmd) {
10111 case NL80211_CMD_SET_PMKSA:
10112 rdev_ops = rdev->ops->set_pmksa;
10113 break;
10114 case NL80211_CMD_DEL_PMKSA:
10115 rdev_ops = rdev->ops->del_pmksa;
10116 break;
10117 default:
10118 WARN_ON(1);
10119 break;
10120 }
10121
10122 if (!rdev_ops)
10123 return -EOPNOTSUPP;
10124
10125 return rdev_ops(&rdev->wiphy, dev, &pmksa);
10126}
10127
10128static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
10129{
10130 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10131 struct net_device *dev = info->user_ptr[1];
10132
10133 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10134 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10135 return -EOPNOTSUPP;
10136
10137 if (!rdev->ops->flush_pmksa)
10138 return -EOPNOTSUPP;
10139
10140 return rdev_flush_pmksa(rdev, dev);
10141}
10142
10143static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
10144{
10145 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10146 struct net_device *dev = info->user_ptr[1];
10147 u8 action_code, dialog_token;
10148 u32 peer_capability = 0;
10149 u16 status_code;
10150 u8 *peer;
10151 bool initiator;
10152
10153 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10154 !rdev->ops->tdls_mgmt)
10155 return -EOPNOTSUPP;
10156
10157 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
10158 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
10159 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
10160 !info->attrs[NL80211_ATTR_IE] ||
10161 !info->attrs[NL80211_ATTR_MAC])
10162 return -EINVAL;
10163
10164 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10165 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
10166 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
10167 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
10168 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
10169 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
10170 peer_capability =
10171 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
10172
10173 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
10174 dialog_token, status_code, peer_capability,
10175 initiator,
10176 nla_data(info->attrs[NL80211_ATTR_IE]),
10177 nla_len(info->attrs[NL80211_ATTR_IE]));
10178}
10179
10180static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
10181{
10182 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10183 struct net_device *dev = info->user_ptr[1];
10184 enum nl80211_tdls_operation operation;
10185 u8 *peer;
10186
10187 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10188 !rdev->ops->tdls_oper)
10189 return -EOPNOTSUPP;
10190
10191 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
10192 !info->attrs[NL80211_ATTR_MAC])
10193 return -EINVAL;
10194
10195 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
10196 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10197
10198 return rdev_tdls_oper(rdev, dev, peer, operation);
10199}
10200
10201static int nl80211_remain_on_channel(struct sk_buff *skb,
10202 struct genl_info *info)
10203{
10204 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10205 struct wireless_dev *wdev = info->user_ptr[1];
10206 struct cfg80211_chan_def chandef;
10207 const struct cfg80211_chan_def *compat_chandef;
10208 struct sk_buff *msg;
10209 void *hdr;
10210 u64 cookie;
10211 u32 duration;
10212 int err;
10213
10214 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10215 !info->attrs[NL80211_ATTR_DURATION])
10216 return -EINVAL;
10217
10218 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10219
10220 if (!rdev->ops->remain_on_channel ||
10221 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
10222 return -EOPNOTSUPP;
10223
10224
10225
10226
10227
10228 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10229 duration > rdev->wiphy.max_remain_on_channel_duration)
10230 return -EINVAL;
10231
10232 err = nl80211_parse_chandef(rdev, info, &chandef);
10233 if (err)
10234 return err;
10235
10236 wdev_lock(wdev);
10237 if (!cfg80211_off_channel_oper_allowed(wdev) &&
10238 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
10239 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
10240 &chandef);
10241 if (compat_chandef != &chandef) {
10242 wdev_unlock(wdev);
10243 return -EBUSY;
10244 }
10245 }
10246 wdev_unlock(wdev);
10247
10248 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10249 if (!msg)
10250 return -ENOMEM;
10251
10252 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10253 NL80211_CMD_REMAIN_ON_CHANNEL);
10254 if (!hdr) {
10255 err = -ENOBUFS;
10256 goto free_msg;
10257 }
10258
10259 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
10260 duration, &cookie);
10261
10262 if (err)
10263 goto free_msg;
10264
10265 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10266 NL80211_ATTR_PAD))
10267 goto nla_put_failure;
10268
10269 genlmsg_end(msg, hdr);
10270
10271 return genlmsg_reply(msg, info);
10272
10273 nla_put_failure:
10274 err = -ENOBUFS;
10275 free_msg:
10276 nlmsg_free(msg);
10277 return err;
10278}
10279
10280static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
10281 struct genl_info *info)
10282{
10283 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10284 struct wireless_dev *wdev = info->user_ptr[1];
10285 u64 cookie;
10286
10287 if (!info->attrs[NL80211_ATTR_COOKIE])
10288 return -EINVAL;
10289
10290 if (!rdev->ops->cancel_remain_on_channel)
10291 return -EOPNOTSUPP;
10292
10293 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10294
10295 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
10296}
10297
10298static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
10299 struct genl_info *info)
10300{
10301 struct cfg80211_bitrate_mask mask;
10302 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10303 struct net_device *dev = info->user_ptr[1];
10304 int err;
10305
10306 if (!rdev->ops->set_bitrate_mask)
10307 return -EOPNOTSUPP;
10308
10309 err = nl80211_parse_tx_bitrate_mask(info, &mask);
10310 if (err)
10311 return err;
10312
10313 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
10314}
10315
10316static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
10317{
10318 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10319 struct wireless_dev *wdev = info->user_ptr[1];
10320 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
10321
10322 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
10323 return -EINVAL;
10324
10325 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
10326 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
10327
10328 switch (wdev->iftype) {
10329 case NL80211_IFTYPE_STATION:
10330 case NL80211_IFTYPE_ADHOC:
10331 case NL80211_IFTYPE_P2P_CLIENT:
10332 case NL80211_IFTYPE_AP:
10333 case NL80211_IFTYPE_AP_VLAN:
10334 case NL80211_IFTYPE_MESH_POINT:
10335 case NL80211_IFTYPE_P2P_GO:
10336 case NL80211_IFTYPE_P2P_DEVICE:
10337 break;
10338 case NL80211_IFTYPE_NAN:
10339 default:
10340 return -EOPNOTSUPP;
10341 }
10342
10343
10344 if (!rdev->ops->mgmt_tx)
10345 return -EOPNOTSUPP;
10346
10347 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
10348 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10349 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
10350}
10351
10352static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
10353{
10354 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10355 struct wireless_dev *wdev = info->user_ptr[1];
10356 struct cfg80211_chan_def chandef;
10357 int err;
10358 void *hdr = NULL;
10359 u64 cookie;
10360 struct sk_buff *msg = NULL;
10361 struct cfg80211_mgmt_tx_params params = {
10362 .dont_wait_for_ack =
10363 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
10364 };
10365
10366 if (!info->attrs[NL80211_ATTR_FRAME])
10367 return -EINVAL;
10368
10369 if (!rdev->ops->mgmt_tx)
10370 return -EOPNOTSUPP;
10371
10372 switch (wdev->iftype) {
10373 case NL80211_IFTYPE_P2P_DEVICE:
10374 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10375 return -EINVAL;
10376 case NL80211_IFTYPE_STATION:
10377 case NL80211_IFTYPE_ADHOC:
10378 case NL80211_IFTYPE_P2P_CLIENT:
10379 case NL80211_IFTYPE_AP:
10380 case NL80211_IFTYPE_AP_VLAN:
10381 case NL80211_IFTYPE_MESH_POINT:
10382 case NL80211_IFTYPE_P2P_GO:
10383 break;
10384 case NL80211_IFTYPE_NAN:
10385 default:
10386 return -EOPNOTSUPP;
10387 }
10388
10389 if (info->attrs[NL80211_ATTR_DURATION]) {
10390 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10391 return -EINVAL;
10392 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10393
10394
10395
10396
10397
10398 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10399 params.wait > rdev->wiphy.max_remain_on_channel_duration)
10400 return -EINVAL;
10401 }
10402
10403 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
10404
10405 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10406 return -EINVAL;
10407
10408 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
10409
10410
10411
10412
10413 chandef.chan = NULL;
10414 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10415 err = nl80211_parse_chandef(rdev, info, &chandef);
10416 if (err)
10417 return err;
10418 }
10419
10420 if (!chandef.chan && params.offchan)
10421 return -EINVAL;
10422
10423 wdev_lock(wdev);
10424 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
10425 wdev_unlock(wdev);
10426 return -EBUSY;
10427 }
10428 wdev_unlock(wdev);
10429
10430 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
10431 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
10432
10433 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
10434 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10435 int i;
10436
10437 if (len % sizeof(u16))
10438 return -EINVAL;
10439
10440 params.n_csa_offsets = len / sizeof(u16);
10441 params.csa_offsets =
10442 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10443
10444
10445 for (i = 0; i < params.n_csa_offsets; i++) {
10446 if (params.csa_offsets[i] >= params.len)
10447 return -EINVAL;
10448 }
10449 }
10450
10451 if (!params.dont_wait_for_ack) {
10452 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10453 if (!msg)
10454 return -ENOMEM;
10455
10456 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10457 NL80211_CMD_FRAME);
10458 if (!hdr) {
10459 err = -ENOBUFS;
10460 goto free_msg;
10461 }
10462 }
10463
10464 params.chan = chandef.chan;
10465 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie);
10466 if (err)
10467 goto free_msg;
10468
10469 if (msg) {
10470 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10471 NL80211_ATTR_PAD))
10472 goto nla_put_failure;
10473
10474 genlmsg_end(msg, hdr);
10475 return genlmsg_reply(msg, info);
10476 }
10477
10478 return 0;
10479
10480 nla_put_failure:
10481 err = -ENOBUFS;
10482 free_msg:
10483 nlmsg_free(msg);
10484 return err;
10485}
10486
10487static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
10488{
10489 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10490 struct wireless_dev *wdev = info->user_ptr[1];
10491 u64 cookie;
10492
10493 if (!info->attrs[NL80211_ATTR_COOKIE])
10494 return -EINVAL;
10495
10496 if (!rdev->ops->mgmt_tx_cancel_wait)
10497 return -EOPNOTSUPP;
10498
10499 switch (wdev->iftype) {
10500 case NL80211_IFTYPE_STATION:
10501 case NL80211_IFTYPE_ADHOC:
10502 case NL80211_IFTYPE_P2P_CLIENT:
10503 case NL80211_IFTYPE_AP:
10504 case NL80211_IFTYPE_AP_VLAN:
10505 case NL80211_IFTYPE_P2P_GO:
10506 case NL80211_IFTYPE_P2P_DEVICE:
10507 break;
10508 case NL80211_IFTYPE_NAN:
10509 default:
10510 return -EOPNOTSUPP;
10511 }
10512
10513 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10514
10515 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
10516}
10517
10518static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
10519{
10520 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10521 struct wireless_dev *wdev;
10522 struct net_device *dev = info->user_ptr[1];
10523 u8 ps_state;
10524 bool state;
10525 int err;
10526
10527 if (!info->attrs[NL80211_ATTR_PS_STATE])
10528 return -EINVAL;
10529
10530 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
10531
10532 wdev = dev->ieee80211_ptr;
10533
10534 if (!rdev->ops->set_power_mgmt)
10535 return -EOPNOTSUPP;
10536
10537 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
10538
10539 if (state == wdev->ps)
10540 return 0;
10541
10542 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
10543 if (!err)
10544 wdev->ps = state;
10545 return err;
10546}
10547
10548static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
10549{
10550 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10551 enum nl80211_ps_state ps_state;
10552 struct wireless_dev *wdev;
10553 struct net_device *dev = info->user_ptr[1];
10554 struct sk_buff *msg;
10555 void *hdr;
10556 int err;
10557
10558 wdev = dev->ieee80211_ptr;
10559
10560 if (!rdev->ops->set_power_mgmt)
10561 return -EOPNOTSUPP;
10562
10563 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10564 if (!msg)
10565 return -ENOMEM;
10566
10567 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10568 NL80211_CMD_GET_POWER_SAVE);
10569 if (!hdr) {
10570 err = -ENOBUFS;
10571 goto free_msg;
10572 }
10573
10574 if (wdev->ps)
10575 ps_state = NL80211_PS_ENABLED;
10576 else
10577 ps_state = NL80211_PS_DISABLED;
10578
10579 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
10580 goto nla_put_failure;
10581
10582 genlmsg_end(msg, hdr);
10583 return genlmsg_reply(msg, info);
10584
10585 nla_put_failure:
10586 err = -ENOBUFS;
10587 free_msg:
10588 nlmsg_free(msg);
10589 return err;
10590}
10591
10592static const struct nla_policy
10593nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
10594 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
10595 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
10596 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
10597 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
10598 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
10599 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
10600 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
10601};
10602
10603static int nl80211_set_cqm_txe(struct genl_info *info,
10604 u32 rate, u32 pkts, u32 intvl)
10605{
10606 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10607 struct net_device *dev = info->user_ptr[1];
10608 struct wireless_dev *wdev = dev->ieee80211_ptr;
10609
10610 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
10611 return -EINVAL;
10612
10613 if (!rdev->ops->set_cqm_txe_config)
10614 return -EOPNOTSUPP;
10615
10616 if (wdev->iftype != NL80211_IFTYPE_STATION &&
10617 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10618 return -EOPNOTSUPP;
10619
10620 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
10621}
10622
10623static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
10624 struct net_device *dev)
10625{
10626 struct wireless_dev *wdev = dev->ieee80211_ptr;
10627 s32 last, low, high;
10628 u32 hyst;
10629 int i, n, low_index;
10630 int err;
10631
10632
10633 if (!wdev->cqm_config)
10634 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
10635
10636
10637
10638
10639
10640
10641
10642 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
10643 rdev->ops->get_station) {
10644 struct station_info sinfo = {};
10645 u8 *mac_addr;
10646
10647 mac_addr = wdev->current_bss->pub.bssid;
10648
10649 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
10650 if (err)
10651 return err;
10652
10653 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
10654 wdev->cqm_config->last_rssi_event_value =
10655 (s8) sinfo.rx_beacon_signal_avg;
10656 }
10657
10658 last = wdev->cqm_config->last_rssi_event_value;
10659 hyst = wdev->cqm_config->rssi_hyst;
10660 n = wdev->cqm_config->n_rssi_thresholds;
10661
10662 for (i = 0; i < n; i++)
10663 if (last < wdev->cqm_config->rssi_thresholds[i])
10664 break;
10665
10666 low_index = i - 1;
10667 if (low_index >= 0) {
10668 low_index = array_index_nospec(low_index, n);
10669 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
10670 } else {
10671 low = S32_MIN;
10672 }
10673 if (i < n) {
10674 i = array_index_nospec(i, n);
10675 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
10676 } else {
10677 high = S32_MAX;
10678 }
10679
10680 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
10681}
10682
10683static int nl80211_set_cqm_rssi(struct genl_info *info,
10684 const s32 *thresholds, int n_thresholds,
10685 u32 hysteresis)
10686{
10687 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10688 struct net_device *dev = info->user_ptr[1];
10689 struct wireless_dev *wdev = dev->ieee80211_ptr;
10690 int i, err;
10691 s32 prev = S32_MIN;
10692
10693
10694 for (i = 0; i < n_thresholds; i++) {
10695 if (thresholds[i] > 0 || thresholds[i] <= prev)
10696 return -EINVAL;
10697
10698 prev = thresholds[i];
10699 }
10700
10701 if (wdev->iftype != NL80211_IFTYPE_STATION &&
10702 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10703 return -EOPNOTSUPP;
10704
10705 wdev_lock(wdev);
10706 cfg80211_cqm_config_free(wdev);
10707 wdev_unlock(wdev);
10708
10709 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
10710 if (n_thresholds == 0 || thresholds[0] == 0)
10711 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
10712
10713 return rdev_set_cqm_rssi_config(rdev, dev,
10714 thresholds[0], hysteresis);
10715 }
10716
10717 if (!wiphy_ext_feature_isset(&rdev->wiphy,
10718 NL80211_EXT_FEATURE_CQM_RSSI_LIST))
10719 return -EOPNOTSUPP;
10720
10721 if (n_thresholds == 1 && thresholds[0] == 0)
10722 n_thresholds = 0;
10723
10724 wdev_lock(wdev);
10725 if (n_thresholds) {
10726 struct cfg80211_cqm_config *cqm_config;
10727
10728 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
10729 n_thresholds * sizeof(s32), GFP_KERNEL);
10730 if (!cqm_config) {
10731 err = -ENOMEM;
10732 goto unlock;
10733 }
10734
10735 cqm_config->rssi_hyst = hysteresis;
10736 cqm_config->n_rssi_thresholds = n_thresholds;
10737 memcpy(cqm_config->rssi_thresholds, thresholds,
10738 n_thresholds * sizeof(s32));
10739
10740 wdev->cqm_config = cqm_config;
10741 }
10742
10743 err = cfg80211_cqm_rssi_update(rdev, dev);
10744
10745unlock:
10746 wdev_unlock(wdev);
10747
10748 return err;
10749}
10750
10751static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
10752{
10753 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
10754 struct nlattr *cqm;
10755 int err;
10756
10757 cqm = info->attrs[NL80211_ATTR_CQM];
10758 if (!cqm)
10759 return -EINVAL;
10760
10761 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
10762 nl80211_attr_cqm_policy,
10763 info->extack);
10764 if (err)
10765 return err;
10766
10767 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
10768 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
10769 const s32 *thresholds =
10770 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10771 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10772 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
10773
10774 if (len % 4)
10775 return -EINVAL;
10776
10777 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
10778 hysteresis);
10779 }
10780
10781 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
10782 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
10783 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
10784 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
10785 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
10786 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
10787
10788 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
10789 }
10790
10791 return -EINVAL;
10792}
10793
10794static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
10795{
10796 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10797 struct net_device *dev = info->user_ptr[1];
10798 struct ocb_setup setup = {};
10799 int err;
10800
10801 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10802 if (err)
10803 return err;
10804
10805 return cfg80211_join_ocb(rdev, dev, &setup);
10806}
10807
10808static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
10809{
10810 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10811 struct net_device *dev = info->user_ptr[1];
10812
10813 return cfg80211_leave_ocb(rdev, dev);
10814}
10815
10816static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
10817{
10818 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10819 struct net_device *dev = info->user_ptr[1];
10820 struct mesh_config cfg;
10821 struct mesh_setup setup;
10822 int err;
10823
10824
10825 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
10826 memcpy(&setup, &default_mesh_setup, sizeof(setup));
10827
10828 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
10829
10830 err = nl80211_parse_mesh_config(info, &cfg, NULL);
10831 if (err)
10832 return err;
10833 }
10834
10835 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
10836 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
10837 return -EINVAL;
10838
10839 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
10840 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
10841
10842 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
10843 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
10844 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10845 return -EINVAL;
10846
10847 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
10848 setup.beacon_interval =
10849 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10850
10851 err = cfg80211_validate_beacon_int(rdev,
10852 NL80211_IFTYPE_MESH_POINT,
10853 setup.beacon_interval);
10854 if (err)
10855 return err;
10856 }
10857
10858 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
10859 setup.dtim_period =
10860 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
10861 if (setup.dtim_period < 1 || setup.dtim_period > 100)
10862 return -EINVAL;
10863 }
10864
10865 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
10866
10867 err = nl80211_parse_mesh_setup(info, &setup);
10868 if (err)
10869 return err;
10870 }
10871
10872 if (setup.user_mpm)
10873 cfg.auto_open_plinks = false;
10874
10875 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10876 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10877 if (err)
10878 return err;
10879 } else {
10880
10881 setup.chandef.chan = NULL;
10882 }
10883
10884 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10885 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10886 int n_rates =
10887 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10888 struct ieee80211_supported_band *sband;
10889
10890 if (!setup.chandef.chan)
10891 return -EINVAL;
10892
10893 sband = rdev->wiphy.bands[setup.chandef.chan->band];
10894
10895 err = ieee80211_get_ratemask(sband, rates, n_rates,
10896 &setup.basic_rates);
10897 if (err)
10898 return err;
10899 }
10900
10901 if (info->attrs[NL80211_ATTR_TX_RATES]) {
10902 err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
10903 if (err)
10904 return err;
10905
10906 if (!setup.chandef.chan)
10907 return -EINVAL;
10908
10909 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
10910 &setup.beacon_rate);
10911 if (err)
10912 return err;
10913 }
10914
10915 setup.userspace_handles_dfs =
10916 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10917
10918 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10919 int r = validate_pae_over_nl80211(rdev, info);
10920
10921 if (r < 0)
10922 return r;
10923
10924 setup.control_port_over_nl80211 = true;
10925 }
10926
10927 wdev_lock(dev->ieee80211_ptr);
10928 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
10929 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
10930 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10931 wdev_unlock(dev->ieee80211_ptr);
10932
10933 return err;
10934}
10935
10936static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
10937{
10938 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10939 struct net_device *dev = info->user_ptr[1];
10940
10941 return cfg80211_leave_mesh(rdev, dev);
10942}
10943
10944#ifdef CONFIG_PM
10945static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
10946 struct cfg80211_registered_device *rdev)
10947{
10948 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
10949 struct nlattr *nl_pats, *nl_pat;
10950 int i, pat_len;
10951
10952 if (!wowlan->n_patterns)
10953 return 0;
10954
10955 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
10956 if (!nl_pats)
10957 return -ENOBUFS;
10958
10959 for (i = 0; i < wowlan->n_patterns; i++) {
10960 nl_pat = nla_nest_start_noflag(msg, i + 1);
10961 if (!nl_pat)
10962 return -ENOBUFS;
10963 pat_len = wowlan->patterns[i].pattern_len;
10964 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
10965 wowlan->patterns[i].mask) ||
10966 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10967 wowlan->patterns[i].pattern) ||
10968 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10969 wowlan->patterns[i].pkt_offset))
10970 return -ENOBUFS;
10971 nla_nest_end(msg, nl_pat);
10972 }
10973 nla_nest_end(msg, nl_pats);
10974
10975 return 0;
10976}
10977
10978static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
10979 struct cfg80211_wowlan_tcp *tcp)
10980{
10981 struct nlattr *nl_tcp;
10982
10983 if (!tcp)
10984 return 0;
10985
10986 nl_tcp = nla_nest_start_noflag(msg,
10987 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
10988 if (!nl_tcp)
10989 return -ENOBUFS;
10990
10991 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
10992 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
10993 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
10994 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
10995 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
10996 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
10997 tcp->payload_len, tcp->payload) ||
10998 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
10999 tcp->data_interval) ||
11000 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
11001 tcp->wake_len, tcp->wake_data) ||
11002 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
11003 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
11004 return -ENOBUFS;
11005
11006 if (tcp->payload_seq.len &&
11007 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
11008 sizeof(tcp->payload_seq), &tcp->payload_seq))
11009 return -ENOBUFS;
11010
11011 if (tcp->payload_tok.len &&
11012 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
11013 sizeof(tcp->payload_tok) + tcp->tokens_size,
11014 &tcp->payload_tok))
11015 return -ENOBUFS;
11016
11017 nla_nest_end(msg, nl_tcp);
11018
11019 return 0;
11020}
11021
11022static int nl80211_send_wowlan_nd(struct sk_buff *msg,
11023 struct cfg80211_sched_scan_request *req)
11024{
11025 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
11026 int i;
11027
11028 if (!req)
11029 return 0;
11030
11031 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
11032 if (!nd)
11033 return -ENOBUFS;
11034
11035 if (req->n_scan_plans == 1 &&
11036 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
11037 req->scan_plans[0].interval * 1000))
11038 return -ENOBUFS;
11039
11040 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
11041 return -ENOBUFS;
11042
11043 if (req->relative_rssi_set) {
11044 struct nl80211_bss_select_rssi_adjust rssi_adjust;
11045
11046 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
11047 req->relative_rssi))
11048 return -ENOBUFS;
11049
11050 rssi_adjust.band = req->rssi_adjust.band;
11051 rssi_adjust.delta = req->rssi_adjust.delta;
11052 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
11053 sizeof(rssi_adjust), &rssi_adjust))
11054 return -ENOBUFS;
11055 }
11056
11057 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11058 if (!freqs)
11059 return -ENOBUFS;
11060
11061 for (i = 0; i < req->n_channels; i++) {
11062 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11063 return -ENOBUFS;
11064 }
11065
11066 nla_nest_end(msg, freqs);
11067
11068 if (req->n_match_sets) {
11069 matches = nla_nest_start_noflag(msg,
11070 NL80211_ATTR_SCHED_SCAN_MATCH);
11071 if (!matches)
11072 return -ENOBUFS;
11073
11074 for (i = 0; i < req->n_match_sets; i++) {
11075 match = nla_nest_start_noflag(msg, i);
11076 if (!match)
11077 return -ENOBUFS;
11078
11079 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
11080 req->match_sets[i].ssid.ssid_len,
11081 req->match_sets[i].ssid.ssid))
11082 return -ENOBUFS;
11083 nla_nest_end(msg, match);
11084 }
11085 nla_nest_end(msg, matches);
11086 }
11087
11088 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
11089 if (!scan_plans)
11090 return -ENOBUFS;
11091
11092 for (i = 0; i < req->n_scan_plans; i++) {
11093 scan_plan = nla_nest_start_noflag(msg, i + 1);
11094 if (!scan_plan)
11095 return -ENOBUFS;
11096
11097 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
11098 req->scan_plans[i].interval) ||
11099 (req->scan_plans[i].iterations &&
11100 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
11101 req->scan_plans[i].iterations)))
11102 return -ENOBUFS;
11103 nla_nest_end(msg, scan_plan);
11104 }
11105 nla_nest_end(msg, scan_plans);
11106
11107 nla_nest_end(msg, nd);
11108
11109 return 0;
11110}
11111
11112static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
11113{
11114 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11115 struct sk_buff *msg;
11116 void *hdr;
11117 u32 size = NLMSG_DEFAULT_SIZE;
11118
11119 if (!rdev->wiphy.wowlan)
11120 return -EOPNOTSUPP;
11121
11122 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
11123
11124 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
11125 rdev->wiphy.wowlan_config->tcp->payload_len +
11126 rdev->wiphy.wowlan_config->tcp->wake_len +
11127 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
11128 }
11129
11130 msg = nlmsg_new(size, GFP_KERNEL);
11131 if (!msg)
11132 return -ENOMEM;
11133
11134 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11135 NL80211_CMD_GET_WOWLAN);
11136 if (!hdr)
11137 goto nla_put_failure;
11138
11139 if (rdev->wiphy.wowlan_config) {
11140 struct nlattr *nl_wowlan;
11141
11142 nl_wowlan = nla_nest_start_noflag(msg,
11143 NL80211_ATTR_WOWLAN_TRIGGERS);
11144 if (!nl_wowlan)
11145 goto nla_put_failure;
11146
11147 if ((rdev->wiphy.wowlan_config->any &&
11148 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
11149 (rdev->wiphy.wowlan_config->disconnect &&
11150 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
11151 (rdev->wiphy.wowlan_config->magic_pkt &&
11152 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
11153 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
11154 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
11155 (rdev->wiphy.wowlan_config->eap_identity_req &&
11156 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
11157 (rdev->wiphy.wowlan_config->four_way_handshake &&
11158 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
11159 (rdev->wiphy.wowlan_config->rfkill_release &&
11160 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
11161 goto nla_put_failure;
11162
11163 if (nl80211_send_wowlan_patterns(msg, rdev))
11164 goto nla_put_failure;
11165
11166 if (nl80211_send_wowlan_tcp(msg,
11167 rdev->wiphy.wowlan_config->tcp))
11168 goto nla_put_failure;
11169
11170 if (nl80211_send_wowlan_nd(
11171 msg,
11172 rdev->wiphy.wowlan_config->nd_config))
11173 goto nla_put_failure;
11174
11175 nla_nest_end(msg, nl_wowlan);
11176 }
11177
11178 genlmsg_end(msg, hdr);
11179 return genlmsg_reply(msg, info);
11180
11181nla_put_failure:
11182 nlmsg_free(msg);
11183 return -ENOBUFS;
11184}
11185
11186static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
11187 struct nlattr *attr,
11188 struct cfg80211_wowlan *trig)
11189{
11190 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
11191 struct cfg80211_wowlan_tcp *cfg;
11192 struct nl80211_wowlan_tcp_data_token *tok = NULL;
11193 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
11194 u32 size;
11195 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
11196 int err, port;
11197
11198 if (!rdev->wiphy.wowlan->tcp)
11199 return -EINVAL;
11200
11201 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
11202 nl80211_wowlan_tcp_policy, NULL);
11203 if (err)
11204 return err;
11205
11206 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
11207 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
11208 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
11209 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
11210 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
11211 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
11212 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
11213 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
11214 return -EINVAL;
11215
11216 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
11217 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
11218 return -EINVAL;
11219
11220 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
11221 rdev->wiphy.wowlan->tcp->data_interval_max ||
11222 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
11223 return -EINVAL;
11224
11225 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
11226 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
11227 return -EINVAL;
11228
11229 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
11230 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
11231 return -EINVAL;
11232
11233 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
11234 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11235
11236 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11237 tokens_size = tokln - sizeof(*tok);
11238
11239 if (!tok->len || tokens_size % tok->len)
11240 return -EINVAL;
11241 if (!rdev->wiphy.wowlan->tcp->tok)
11242 return -EINVAL;
11243 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
11244 return -EINVAL;
11245 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
11246 return -EINVAL;
11247 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
11248 return -EINVAL;
11249 if (tok->offset + tok->len > data_size)
11250 return -EINVAL;
11251 }
11252
11253 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
11254 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
11255 if (!rdev->wiphy.wowlan->tcp->seq)
11256 return -EINVAL;
11257 if (seq->len == 0 || seq->len > 4)
11258 return -EINVAL;
11259 if (seq->len + seq->offset > data_size)
11260 return -EINVAL;
11261 }
11262
11263 size = sizeof(*cfg);
11264 size += data_size;
11265 size += wake_size + wake_mask_size;
11266 size += tokens_size;
11267
11268 cfg = kzalloc(size, GFP_KERNEL);
11269 if (!cfg)
11270 return -ENOMEM;
11271 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
11272 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
11273 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
11274 ETH_ALEN);
11275 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
11276 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
11277 else
11278 port = 0;
11279#ifdef CONFIG_INET
11280
11281 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
11282 IPPROTO_TCP, &cfg->sock, 1);
11283 if (err) {
11284 kfree(cfg);
11285 return err;
11286 }
11287 if (inet_csk_get_port(cfg->sock->sk, port)) {
11288 sock_release(cfg->sock);
11289 kfree(cfg);
11290 return -EADDRINUSE;
11291 }
11292 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
11293#else
11294 if (!port) {
11295 kfree(cfg);
11296 return -EINVAL;
11297 }
11298 cfg->src_port = port;
11299#endif
11300
11301 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
11302 cfg->payload_len = data_size;
11303 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
11304 memcpy((void *)cfg->payload,
11305 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
11306 data_size);
11307 if (seq)
11308 cfg->payload_seq = *seq;
11309 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
11310 cfg->wake_len = wake_size;
11311 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
11312 memcpy((void *)cfg->wake_data,
11313 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
11314 wake_size);
11315 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
11316 data_size + wake_size;
11317 memcpy((void *)cfg->wake_mask,
11318 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
11319 wake_mask_size);
11320 if (tok) {
11321 cfg->tokens_size = tokens_size;
11322 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
11323 }
11324
11325 trig->tcp = cfg;
11326
11327 return 0;
11328}
11329
11330static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
11331 const struct wiphy_wowlan_support *wowlan,
11332 struct nlattr *attr,
11333 struct cfg80211_wowlan *trig)
11334{
11335 struct nlattr **tb;
11336 int err;
11337
11338 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
11339 if (!tb)
11340 return -ENOMEM;
11341
11342 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
11343 err = -EOPNOTSUPP;
11344 goto out;
11345 }
11346
11347 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
11348 nl80211_policy, NULL);
11349 if (err)
11350 goto out;
11351
11352 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
11353 wowlan->max_nd_match_sets);
11354 err = PTR_ERR_OR_ZERO(trig->nd_config);
11355 if (err)
11356 trig->nd_config = NULL;
11357
11358out:
11359 kfree(tb);
11360 return err;
11361}
11362
11363static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
11364{
11365 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11366 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
11367 struct cfg80211_wowlan new_triggers = {};
11368 struct cfg80211_wowlan *ntrig;
11369 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
11370 int err, i;
11371 bool prev_enabled = rdev->wiphy.wowlan_config;
11372 bool regular = false;
11373
11374 if (!wowlan)
11375 return -EOPNOTSUPP;
11376
11377 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
11378 cfg80211_rdev_free_wowlan(rdev);
11379 rdev->wiphy.wowlan_config = NULL;
11380 goto set_wakeup;
11381 }
11382
11383 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
11384 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
11385 nl80211_wowlan_policy, info->extack);
11386 if (err)
11387 return err;
11388
11389 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
11390 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
11391 return -EINVAL;
11392 new_triggers.any = true;
11393 }
11394
11395 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
11396 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
11397 return -EINVAL;
11398 new_triggers.disconnect = true;
11399 regular = true;
11400 }
11401
11402 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
11403 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
11404 return -EINVAL;
11405 new_triggers.magic_pkt = true;
11406 regular = true;
11407 }
11408
11409 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
11410 return -EINVAL;
11411
11412 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
11413 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
11414 return -EINVAL;
11415 new_triggers.gtk_rekey_failure = true;
11416 regular = true;
11417 }
11418
11419 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
11420 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
11421 return -EINVAL;
11422 new_triggers.eap_identity_req = true;
11423 regular = true;
11424 }
11425
11426 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
11427 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
11428 return -EINVAL;
11429 new_triggers.four_way_handshake = true;
11430 regular = true;
11431 }
11432
11433 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
11434 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
11435 return -EINVAL;
11436 new_triggers.rfkill_release = true;
11437 regular = true;
11438 }
11439
11440 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
11441 struct nlattr *pat;
11442 int n_patterns = 0;
11443 int rem, pat_len, mask_len, pkt_offset;
11444 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11445
11446 regular = true;
11447
11448 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11449 rem)
11450 n_patterns++;
11451 if (n_patterns > wowlan->n_patterns)
11452 return -EINVAL;
11453
11454 new_triggers.patterns = kcalloc(n_patterns,
11455 sizeof(new_triggers.patterns[0]),
11456 GFP_KERNEL);
11457 if (!new_triggers.patterns)
11458 return -ENOMEM;
11459
11460 new_triggers.n_patterns = n_patterns;
11461 i = 0;
11462
11463 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11464 rem) {
11465 u8 *mask_pat;
11466
11467 err = nla_parse_nested_deprecated(pat_tb,
11468 MAX_NL80211_PKTPAT,
11469 pat,
11470 nl80211_packet_pattern_policy,
11471 info->extack);
11472 if (err)
11473 goto error;
11474
11475 err = -EINVAL;
11476 if (!pat_tb[NL80211_PKTPAT_MASK] ||
11477 !pat_tb[NL80211_PKTPAT_PATTERN])
11478 goto error;
11479 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11480 mask_len = DIV_ROUND_UP(pat_len, 8);
11481 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11482 goto error;
11483 if (pat_len > wowlan->pattern_max_len ||
11484 pat_len < wowlan->pattern_min_len)
11485 goto error;
11486
11487 if (!pat_tb[NL80211_PKTPAT_OFFSET])
11488 pkt_offset = 0;
11489 else
11490 pkt_offset = nla_get_u32(
11491 pat_tb[NL80211_PKTPAT_OFFSET]);
11492 if (pkt_offset > wowlan->max_pkt_offset)
11493 goto error;
11494 new_triggers.patterns[i].pkt_offset = pkt_offset;
11495
11496 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11497 if (!mask_pat) {
11498 err = -ENOMEM;
11499 goto error;
11500 }
11501 new_triggers.patterns[i].mask = mask_pat;
11502 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11503 mask_len);
11504 mask_pat += mask_len;
11505 new_triggers.patterns[i].pattern = mask_pat;
11506 new_triggers.patterns[i].pattern_len = pat_len;
11507 memcpy(mask_pat,
11508 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11509 pat_len);
11510 i++;
11511 }
11512 }
11513
11514 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
11515 regular = true;
11516 err = nl80211_parse_wowlan_tcp(
11517 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
11518 &new_triggers);
11519 if (err)
11520 goto error;
11521 }
11522
11523 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
11524 regular = true;
11525 err = nl80211_parse_wowlan_nd(
11526 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
11527 &new_triggers);
11528 if (err)
11529 goto error;
11530 }
11531
11532
11533
11534
11535
11536
11537
11538 if (new_triggers.any && regular) {
11539 err = -EINVAL;
11540 goto error;
11541 }
11542
11543 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
11544 if (!ntrig) {
11545 err = -ENOMEM;
11546 goto error;
11547 }
11548 cfg80211_rdev_free_wowlan(rdev);
11549 rdev->wiphy.wowlan_config = ntrig;
11550
11551 set_wakeup:
11552 if (rdev->ops->set_wakeup &&
11553 prev_enabled != !!rdev->wiphy.wowlan_config)
11554 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
11555
11556 return 0;
11557 error:
11558 for (i = 0; i < new_triggers.n_patterns; i++)
11559 kfree(new_triggers.patterns[i].mask);
11560 kfree(new_triggers.patterns);
11561 if (new_triggers.tcp && new_triggers.tcp->sock)
11562 sock_release(new_triggers.tcp->sock);
11563 kfree(new_triggers.tcp);
11564 kfree(new_triggers.nd_config);
11565 return err;
11566}
11567#endif
11568
11569static int nl80211_send_coalesce_rules(struct sk_buff *msg,
11570 struct cfg80211_registered_device *rdev)
11571{
11572 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
11573 int i, j, pat_len;
11574 struct cfg80211_coalesce_rules *rule;
11575
11576 if (!rdev->coalesce->n_rules)
11577 return 0;
11578
11579 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
11580 if (!nl_rules)
11581 return -ENOBUFS;
11582
11583 for (i = 0; i < rdev->coalesce->n_rules; i++) {
11584 nl_rule = nla_nest_start_noflag(msg, i + 1);
11585 if (!nl_rule)
11586 return -ENOBUFS;
11587
11588 rule = &rdev->coalesce->rules[i];
11589 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
11590 rule->delay))
11591 return -ENOBUFS;
11592
11593 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
11594 rule->condition))
11595 return -ENOBUFS;
11596
11597 nl_pats = nla_nest_start_noflag(msg,
11598 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
11599 if (!nl_pats)
11600 return -ENOBUFS;
11601
11602 for (j = 0; j < rule->n_patterns; j++) {
11603 nl_pat = nla_nest_start_noflag(msg, j + 1);
11604 if (!nl_pat)
11605 return -ENOBUFS;
11606 pat_len = rule->patterns[j].pattern_len;
11607 if (nla_put(msg, NL80211_PKTPAT_MASK,
11608 DIV_ROUND_UP(pat_len, 8),
11609 rule->patterns[j].mask) ||
11610 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11611 rule->patterns[j].pattern) ||
11612 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11613 rule->patterns[j].pkt_offset))
11614 return -ENOBUFS;
11615 nla_nest_end(msg, nl_pat);
11616 }
11617 nla_nest_end(msg, nl_pats);
11618 nla_nest_end(msg, nl_rule);
11619 }
11620 nla_nest_end(msg, nl_rules);
11621
11622 return 0;
11623}
11624
11625static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
11626{
11627 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11628 struct sk_buff *msg;
11629 void *hdr;
11630
11631 if (!rdev->wiphy.coalesce)
11632 return -EOPNOTSUPP;
11633
11634 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11635 if (!msg)
11636 return -ENOMEM;
11637
11638 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11639 NL80211_CMD_GET_COALESCE);
11640 if (!hdr)
11641 goto nla_put_failure;
11642
11643 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
11644 goto nla_put_failure;
11645
11646 genlmsg_end(msg, hdr);
11647 return genlmsg_reply(msg, info);
11648
11649nla_put_failure:
11650 nlmsg_free(msg);
11651 return -ENOBUFS;
11652}
11653
11654void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
11655{
11656 struct cfg80211_coalesce *coalesce = rdev->coalesce;
11657 int i, j;
11658 struct cfg80211_coalesce_rules *rule;
11659
11660 if (!coalesce)
11661 return;
11662
11663 for (i = 0; i < coalesce->n_rules; i++) {
11664 rule = &coalesce->rules[i];
11665 for (j = 0; j < rule->n_patterns; j++)
11666 kfree(rule->patterns[j].mask);
11667 kfree(rule->patterns);
11668 }
11669 kfree(coalesce->rules);
11670 kfree(coalesce);
11671 rdev->coalesce = NULL;
11672}
11673
11674static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
11675 struct nlattr *rule,
11676 struct cfg80211_coalesce_rules *new_rule)
11677{
11678 int err, i;
11679 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11680 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
11681 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
11682 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11683
11684 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
11685 rule, nl80211_coalesce_policy, NULL);
11686 if (err)
11687 return err;
11688
11689 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
11690 new_rule->delay =
11691 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
11692 if (new_rule->delay > coalesce->max_delay)
11693 return -EINVAL;
11694
11695 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
11696 new_rule->condition =
11697 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
11698
11699 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
11700 return -EINVAL;
11701
11702 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11703 rem)
11704 n_patterns++;
11705 if (n_patterns > coalesce->n_patterns)
11706 return -EINVAL;
11707
11708 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
11709 GFP_KERNEL);
11710 if (!new_rule->patterns)
11711 return -ENOMEM;
11712
11713 new_rule->n_patterns = n_patterns;
11714 i = 0;
11715
11716 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11717 rem) {
11718 u8 *mask_pat;
11719
11720 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
11721 pat,
11722 nl80211_packet_pattern_policy,
11723 NULL);
11724 if (err)
11725 return err;
11726
11727 if (!pat_tb[NL80211_PKTPAT_MASK] ||
11728 !pat_tb[NL80211_PKTPAT_PATTERN])
11729 return -EINVAL;
11730 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11731 mask_len = DIV_ROUND_UP(pat_len, 8);
11732 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11733 return -EINVAL;
11734 if (pat_len > coalesce->pattern_max_len ||
11735 pat_len < coalesce->pattern_min_len)
11736 return -EINVAL;
11737
11738 if (!pat_tb[NL80211_PKTPAT_OFFSET])
11739 pkt_offset = 0;
11740 else
11741 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
11742 if (pkt_offset > coalesce->max_pkt_offset)
11743 return -EINVAL;
11744 new_rule->patterns[i].pkt_offset = pkt_offset;
11745
11746 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11747 if (!mask_pat)
11748 return -ENOMEM;
11749
11750 new_rule->patterns[i].mask = mask_pat;
11751 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11752 mask_len);
11753
11754 mask_pat += mask_len;
11755 new_rule->patterns[i].pattern = mask_pat;
11756 new_rule->patterns[i].pattern_len = pat_len;
11757 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11758 pat_len);
11759 i++;
11760 }
11761
11762 return 0;
11763}
11764
11765static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
11766{
11767 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11768 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11769 struct cfg80211_coalesce new_coalesce = {};
11770 struct cfg80211_coalesce *n_coalesce;
11771 int err, rem_rule, n_rules = 0, i, j;
11772 struct nlattr *rule;
11773 struct cfg80211_coalesce_rules *tmp_rule;
11774
11775 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
11776 return -EOPNOTSUPP;
11777
11778 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
11779 cfg80211_rdev_free_coalesce(rdev);
11780 rdev_set_coalesce(rdev, NULL);
11781 return 0;
11782 }
11783
11784 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11785 rem_rule)
11786 n_rules++;
11787 if (n_rules > coalesce->n_rules)
11788 return -EINVAL;
11789
11790 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
11791 GFP_KERNEL);
11792 if (!new_coalesce.rules)
11793 return -ENOMEM;
11794
11795 new_coalesce.n_rules = n_rules;
11796 i = 0;
11797
11798 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11799 rem_rule) {
11800 err = nl80211_parse_coalesce_rule(rdev, rule,
11801 &new_coalesce.rules[i]);
11802 if (err)
11803 goto error;
11804
11805 i++;
11806 }
11807
11808 err = rdev_set_coalesce(rdev, &new_coalesce);
11809 if (err)
11810 goto error;
11811
11812 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
11813 if (!n_coalesce) {
11814 err = -ENOMEM;
11815 goto error;
11816 }
11817 cfg80211_rdev_free_coalesce(rdev);
11818 rdev->coalesce = n_coalesce;
11819
11820 return 0;
11821error:
11822 for (i = 0; i < new_coalesce.n_rules; i++) {
11823 tmp_rule = &new_coalesce.rules[i];
11824 for (j = 0; j < tmp_rule->n_patterns; j++)
11825 kfree(tmp_rule->patterns[j].mask);
11826 kfree(tmp_rule->patterns);
11827 }
11828 kfree(new_coalesce.rules);
11829
11830 return err;
11831}
11832
11833static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
11834{
11835 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11836 struct net_device *dev = info->user_ptr[1];
11837 struct wireless_dev *wdev = dev->ieee80211_ptr;
11838 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
11839 struct cfg80211_gtk_rekey_data rekey_data;
11840 int err;
11841
11842 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
11843 return -EINVAL;
11844
11845 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
11846 info->attrs[NL80211_ATTR_REKEY_DATA],
11847 nl80211_rekey_policy, info->extack);
11848 if (err)
11849 return err;
11850
11851 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
11852 !tb[NL80211_REKEY_DATA_KCK])
11853 return -EINVAL;
11854 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
11855 return -ERANGE;
11856 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
11857 return -ERANGE;
11858 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
11859 return -ERANGE;
11860
11861 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
11862 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
11863 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
11864
11865 wdev_lock(wdev);
11866 if (!wdev->current_bss) {
11867 err = -ENOTCONN;
11868 goto out;
11869 }
11870
11871 if (!rdev->ops->set_rekey_data) {
11872 err = -EOPNOTSUPP;
11873 goto out;
11874 }
11875
11876 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
11877 out:
11878 wdev_unlock(wdev);
11879 return err;
11880}
11881
11882static int nl80211_register_unexpected_frame(struct sk_buff *skb,
11883 struct genl_info *info)
11884{
11885 struct net_device *dev = info->user_ptr[1];
11886 struct wireless_dev *wdev = dev->ieee80211_ptr;
11887
11888 if (wdev->iftype != NL80211_IFTYPE_AP &&
11889 wdev->iftype != NL80211_IFTYPE_P2P_GO)
11890 return -EINVAL;
11891
11892 if (wdev->ap_unexpected_nlportid)
11893 return -EBUSY;
11894
11895 wdev->ap_unexpected_nlportid = info->snd_portid;
11896 return 0;
11897}
11898
11899static int nl80211_probe_client(struct sk_buff *skb,
11900 struct genl_info *info)
11901{
11902 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11903 struct net_device *dev = info->user_ptr[1];
11904 struct wireless_dev *wdev = dev->ieee80211_ptr;
11905 struct sk_buff *msg;
11906 void *hdr;
11907 const u8 *addr;
11908 u64 cookie;
11909 int err;
11910
11911 if (wdev->iftype != NL80211_IFTYPE_AP &&
11912 wdev->iftype != NL80211_IFTYPE_P2P_GO)
11913 return -EOPNOTSUPP;
11914
11915 if (!info->attrs[NL80211_ATTR_MAC])
11916 return -EINVAL;
11917
11918 if (!rdev->ops->probe_client)
11919 return -EOPNOTSUPP;
11920
11921 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11922 if (!msg)
11923 return -ENOMEM;
11924
11925 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11926 NL80211_CMD_PROBE_CLIENT);
11927 if (!hdr) {
11928 err = -ENOBUFS;
11929 goto free_msg;
11930 }
11931
11932 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
11933
11934 err = rdev_probe_client(rdev, dev, addr, &cookie);
11935 if (err)
11936 goto free_msg;
11937
11938 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11939 NL80211_ATTR_PAD))
11940 goto nla_put_failure;
11941
11942 genlmsg_end(msg, hdr);
11943
11944 return genlmsg_reply(msg, info);
11945
11946 nla_put_failure:
11947 err = -ENOBUFS;
11948 free_msg:
11949 nlmsg_free(msg);
11950 return err;
11951}
11952
11953static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
11954{
11955 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11956 struct cfg80211_beacon_registration *reg, *nreg;
11957 int rv;
11958
11959 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
11960 return -EOPNOTSUPP;
11961
11962 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
11963 if (!nreg)
11964 return -ENOMEM;
11965
11966
11967 spin_lock_bh(&rdev->beacon_registrations_lock);
11968 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11969 if (reg->nlportid == info->snd_portid) {
11970 rv = -EALREADY;
11971 goto out_err;
11972 }
11973 }
11974
11975 nreg->nlportid = info->snd_portid;
11976 list_add(&nreg->list, &rdev->beacon_registrations);
11977
11978 spin_unlock_bh(&rdev->beacon_registrations_lock);
11979
11980 return 0;
11981out_err:
11982 spin_unlock_bh(&rdev->beacon_registrations_lock);
11983 kfree(nreg);
11984 return rv;
11985}
11986
11987static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
11988{
11989 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11990 struct wireless_dev *wdev = info->user_ptr[1];
11991 int err;
11992
11993 if (!rdev->ops->start_p2p_device)
11994 return -EOPNOTSUPP;
11995
11996 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11997 return -EOPNOTSUPP;
11998
11999 if (wdev_running(wdev))
12000 return 0;
12001
12002 if (rfkill_blocked(rdev->rfkill))
12003 return -ERFKILL;
12004
12005 err = rdev_start_p2p_device(rdev, wdev);
12006 if (err)
12007 return err;
12008
12009 wdev->is_running = true;
12010 rdev->opencount++;
12011
12012 return 0;
12013}
12014
12015static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
12016{
12017 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12018 struct wireless_dev *wdev = info->user_ptr[1];
12019
12020 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12021 return -EOPNOTSUPP;
12022
12023 if (!rdev->ops->stop_p2p_device)
12024 return -EOPNOTSUPP;
12025
12026 cfg80211_stop_p2p_device(rdev, wdev);
12027
12028 return 0;
12029}
12030
12031static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
12032{
12033 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12034 struct wireless_dev *wdev = info->user_ptr[1];
12035 struct cfg80211_nan_conf conf = {};
12036 int err;
12037
12038 if (wdev->iftype != NL80211_IFTYPE_NAN)
12039 return -EOPNOTSUPP;
12040
12041 if (wdev_running(wdev))
12042 return -EEXIST;
12043
12044 if (rfkill_blocked(rdev->rfkill))
12045 return -ERFKILL;
12046
12047 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
12048 return -EINVAL;
12049
12050 conf.master_pref =
12051 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12052
12053 if (info->attrs[NL80211_ATTR_BANDS]) {
12054 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12055
12056 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12057 return -EOPNOTSUPP;
12058
12059 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12060 return -EINVAL;
12061
12062 conf.bands = bands;
12063 }
12064
12065 err = rdev_start_nan(rdev, wdev, &conf);
12066 if (err)
12067 return err;
12068
12069 wdev->is_running = true;
12070 rdev->opencount++;
12071
12072 return 0;
12073}
12074
12075static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
12076{
12077 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12078 struct wireless_dev *wdev = info->user_ptr[1];
12079
12080 if (wdev->iftype != NL80211_IFTYPE_NAN)
12081 return -EOPNOTSUPP;
12082
12083 cfg80211_stop_nan(rdev, wdev);
12084
12085 return 0;
12086}
12087
12088static int validate_nan_filter(struct nlattr *filter_attr)
12089{
12090 struct nlattr *attr;
12091 int len = 0, n_entries = 0, rem;
12092
12093 nla_for_each_nested(attr, filter_attr, rem) {
12094 len += nla_len(attr);
12095 n_entries++;
12096 }
12097
12098 if (len >= U8_MAX)
12099 return -EINVAL;
12100
12101 return n_entries;
12102}
12103
12104static int handle_nan_filter(struct nlattr *attr_filter,
12105 struct cfg80211_nan_func *func,
12106 bool tx)
12107{
12108 struct nlattr *attr;
12109 int n_entries, rem, i;
12110 struct cfg80211_nan_func_filter *filter;
12111
12112 n_entries = validate_nan_filter(attr_filter);
12113 if (n_entries < 0)
12114 return n_entries;
12115
12116 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
12117
12118 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
12119 if (!filter)
12120 return -ENOMEM;
12121
12122 i = 0;
12123 nla_for_each_nested(attr, attr_filter, rem) {
12124 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
12125 filter[i].len = nla_len(attr);
12126 i++;
12127 }
12128 if (tx) {
12129 func->num_tx_filters = n_entries;
12130 func->tx_filters = filter;
12131 } else {
12132 func->num_rx_filters = n_entries;
12133 func->rx_filters = filter;
12134 }
12135
12136 return 0;
12137}
12138
12139static int nl80211_nan_add_func(struct sk_buff *skb,
12140 struct genl_info *info)
12141{
12142 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12143 struct wireless_dev *wdev = info->user_ptr[1];
12144 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
12145 struct cfg80211_nan_func *func;
12146 struct sk_buff *msg = NULL;
12147 void *hdr = NULL;
12148 int err = 0;
12149
12150 if (wdev->iftype != NL80211_IFTYPE_NAN)
12151 return -EOPNOTSUPP;
12152
12153 if (!wdev_running(wdev))
12154 return -ENOTCONN;
12155
12156 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
12157 return -EINVAL;
12158
12159 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
12160 info->attrs[NL80211_ATTR_NAN_FUNC],
12161 nl80211_nan_func_policy,
12162 info->extack);
12163 if (err)
12164 return err;
12165
12166 func = kzalloc(sizeof(*func), GFP_KERNEL);
12167 if (!func)
12168 return -ENOMEM;
12169
12170 func->cookie = cfg80211_assign_cookie(rdev);
12171
12172 if (!tb[NL80211_NAN_FUNC_TYPE] ||
12173 nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
12174 err = -EINVAL;
12175 goto out;
12176 }
12177
12178
12179 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
12180
12181 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
12182 err = -EINVAL;
12183 goto out;
12184 }
12185
12186 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
12187 sizeof(func->service_id));
12188
12189 func->close_range =
12190 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
12191
12192 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
12193 func->serv_spec_info_len =
12194 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
12195 func->serv_spec_info =
12196 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
12197 func->serv_spec_info_len,
12198 GFP_KERNEL);
12199 if (!func->serv_spec_info) {
12200 err = -ENOMEM;
12201 goto out;
12202 }
12203 }
12204
12205 if (tb[NL80211_NAN_FUNC_TTL])
12206 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
12207
12208 switch (func->type) {
12209 case NL80211_NAN_FUNC_PUBLISH:
12210 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
12211 err = -EINVAL;
12212 goto out;
12213 }
12214
12215 func->publish_type =
12216 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
12217 func->publish_bcast =
12218 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
12219
12220 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
12221 func->publish_bcast) {
12222 err = -EINVAL;
12223 goto out;
12224 }
12225 break;
12226 case NL80211_NAN_FUNC_SUBSCRIBE:
12227 func->subscribe_active =
12228 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
12229 break;
12230 case NL80211_NAN_FUNC_FOLLOW_UP:
12231 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
12232 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
12233 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
12234 err = -EINVAL;
12235 goto out;
12236 }
12237
12238 func->followup_id =
12239 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
12240 func->followup_reqid =
12241 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
12242 memcpy(func->followup_dest.addr,
12243 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
12244 sizeof(func->followup_dest.addr));
12245 if (func->ttl) {
12246 err = -EINVAL;
12247 goto out;
12248 }
12249 break;
12250 default:
12251 err = -EINVAL;
12252 goto out;
12253 }
12254
12255 if (tb[NL80211_NAN_FUNC_SRF]) {
12256 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
12257
12258 err = nla_parse_nested_deprecated(srf_tb,
12259 NL80211_NAN_SRF_ATTR_MAX,
12260 tb[NL80211_NAN_FUNC_SRF],
12261 nl80211_nan_srf_policy,
12262 info->extack);
12263 if (err)
12264 goto out;
12265
12266 func->srf_include =
12267 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
12268
12269 if (srf_tb[NL80211_NAN_SRF_BF]) {
12270 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
12271 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
12272 err = -EINVAL;
12273 goto out;
12274 }
12275
12276 func->srf_bf_len =
12277 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
12278 func->srf_bf =
12279 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
12280 func->srf_bf_len, GFP_KERNEL);
12281 if (!func->srf_bf) {
12282 err = -ENOMEM;
12283 goto out;
12284 }
12285
12286 func->srf_bf_idx =
12287 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
12288 } else {
12289 struct nlattr *attr, *mac_attr =
12290 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
12291 int n_entries, rem, i = 0;
12292
12293 if (!mac_attr) {
12294 err = -EINVAL;
12295 goto out;
12296 }
12297
12298 n_entries = validate_acl_mac_addrs(mac_attr);
12299 if (n_entries <= 0) {
12300 err = -EINVAL;
12301 goto out;
12302 }
12303
12304 func->srf_num_macs = n_entries;
12305 func->srf_macs =
12306 kcalloc(n_entries, sizeof(*func->srf_macs),
12307 GFP_KERNEL);
12308 if (!func->srf_macs) {
12309 err = -ENOMEM;
12310 goto out;
12311 }
12312
12313 nla_for_each_nested(attr, mac_attr, rem)
12314 memcpy(func->srf_macs[i++].addr, nla_data(attr),
12315 sizeof(*func->srf_macs));
12316 }
12317 }
12318
12319 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
12320 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
12321 func, true);
12322 if (err)
12323 goto out;
12324 }
12325
12326 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
12327 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
12328 func, false);
12329 if (err)
12330 goto out;
12331 }
12332
12333 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12334 if (!msg) {
12335 err = -ENOMEM;
12336 goto out;
12337 }
12338
12339 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12340 NL80211_CMD_ADD_NAN_FUNCTION);
12341
12342 if (WARN_ON(!hdr)) {
12343 err = -ENOMEM;
12344 goto out;
12345 }
12346
12347 err = rdev_add_nan_func(rdev, wdev, func);
12348out:
12349 if (err < 0) {
12350 cfg80211_free_nan_func(func);
12351 nlmsg_free(msg);
12352 return err;
12353 }
12354
12355
12356 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
12357 NL80211_ATTR_PAD))
12358 goto nla_put_failure;
12359
12360 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12361 if (!func_attr)
12362 goto nla_put_failure;
12363
12364 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
12365 func->instance_id))
12366 goto nla_put_failure;
12367
12368 nla_nest_end(msg, func_attr);
12369
12370 genlmsg_end(msg, hdr);
12371 return genlmsg_reply(msg, info);
12372
12373nla_put_failure:
12374 nlmsg_free(msg);
12375 return -ENOBUFS;
12376}
12377
12378static int nl80211_nan_del_func(struct sk_buff *skb,
12379 struct genl_info *info)
12380{
12381 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12382 struct wireless_dev *wdev = info->user_ptr[1];
12383 u64 cookie;
12384
12385 if (wdev->iftype != NL80211_IFTYPE_NAN)
12386 return -EOPNOTSUPP;
12387
12388 if (!wdev_running(wdev))
12389 return -ENOTCONN;
12390
12391 if (!info->attrs[NL80211_ATTR_COOKIE])
12392 return -EINVAL;
12393
12394 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12395
12396 rdev_del_nan_func(rdev, wdev, cookie);
12397
12398 return 0;
12399}
12400
12401static int nl80211_nan_change_config(struct sk_buff *skb,
12402 struct genl_info *info)
12403{
12404 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12405 struct wireless_dev *wdev = info->user_ptr[1];
12406 struct cfg80211_nan_conf conf = {};
12407 u32 changed = 0;
12408
12409 if (wdev->iftype != NL80211_IFTYPE_NAN)
12410 return -EOPNOTSUPP;
12411
12412 if (!wdev_running(wdev))
12413 return -ENOTCONN;
12414
12415 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
12416 conf.master_pref =
12417 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12418 if (conf.master_pref <= 1 || conf.master_pref == 255)
12419 return -EINVAL;
12420
12421 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
12422 }
12423
12424 if (info->attrs[NL80211_ATTR_BANDS]) {
12425 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12426
12427 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12428 return -EOPNOTSUPP;
12429
12430 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12431 return -EINVAL;
12432
12433 conf.bands = bands;
12434 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
12435 }
12436
12437 if (!changed)
12438 return -EINVAL;
12439
12440 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
12441}
12442
12443void cfg80211_nan_match(struct wireless_dev *wdev,
12444 struct cfg80211_nan_match_params *match, gfp_t gfp)
12445{
12446 struct wiphy *wiphy = wdev->wiphy;
12447 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12448 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
12449 struct sk_buff *msg;
12450 void *hdr;
12451
12452 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
12453 return;
12454
12455 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12456 if (!msg)
12457 return;
12458
12459 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
12460 if (!hdr) {
12461 nlmsg_free(msg);
12462 return;
12463 }
12464
12465 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12466 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12467 wdev->netdev->ifindex)) ||
12468 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12469 NL80211_ATTR_PAD))
12470 goto nla_put_failure;
12471
12472 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
12473 NL80211_ATTR_PAD) ||
12474 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
12475 goto nla_put_failure;
12476
12477 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
12478 if (!match_attr)
12479 goto nla_put_failure;
12480
12481 local_func_attr = nla_nest_start_noflag(msg,
12482 NL80211_NAN_MATCH_FUNC_LOCAL);
12483 if (!local_func_attr)
12484 goto nla_put_failure;
12485
12486 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
12487 goto nla_put_failure;
12488
12489 nla_nest_end(msg, local_func_attr);
12490
12491 peer_func_attr = nla_nest_start_noflag(msg,
12492 NL80211_NAN_MATCH_FUNC_PEER);
12493 if (!peer_func_attr)
12494 goto nla_put_failure;
12495
12496 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
12497 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
12498 goto nla_put_failure;
12499
12500 if (match->info && match->info_len &&
12501 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
12502 match->info))
12503 goto nla_put_failure;
12504
12505 nla_nest_end(msg, peer_func_attr);
12506 nla_nest_end(msg, match_attr);
12507 genlmsg_end(msg, hdr);
12508
12509 if (!wdev->owner_nlportid)
12510 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12511 msg, 0, NL80211_MCGRP_NAN, gfp);
12512 else
12513 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12514 wdev->owner_nlportid);
12515
12516 return;
12517
12518nla_put_failure:
12519 nlmsg_free(msg);
12520}
12521EXPORT_SYMBOL(cfg80211_nan_match);
12522
12523void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
12524 u8 inst_id,
12525 enum nl80211_nan_func_term_reason reason,
12526 u64 cookie, gfp_t gfp)
12527{
12528 struct wiphy *wiphy = wdev->wiphy;
12529 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12530 struct sk_buff *msg;
12531 struct nlattr *func_attr;
12532 void *hdr;
12533
12534 if (WARN_ON(!inst_id))
12535 return;
12536
12537 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12538 if (!msg)
12539 return;
12540
12541 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
12542 if (!hdr) {
12543 nlmsg_free(msg);
12544 return;
12545 }
12546
12547 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12548 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12549 wdev->netdev->ifindex)) ||
12550 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12551 NL80211_ATTR_PAD))
12552 goto nla_put_failure;
12553
12554 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12555 NL80211_ATTR_PAD))
12556 goto nla_put_failure;
12557
12558 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12559 if (!func_attr)
12560 goto nla_put_failure;
12561
12562 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
12563 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
12564 goto nla_put_failure;
12565
12566 nla_nest_end(msg, func_attr);
12567 genlmsg_end(msg, hdr);
12568
12569 if (!wdev->owner_nlportid)
12570 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12571 msg, 0, NL80211_MCGRP_NAN, gfp);
12572 else
12573 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12574 wdev->owner_nlportid);
12575
12576 return;
12577
12578nla_put_failure:
12579 nlmsg_free(msg);
12580}
12581EXPORT_SYMBOL(cfg80211_nan_func_terminated);
12582
12583static int nl80211_get_protocol_features(struct sk_buff *skb,
12584 struct genl_info *info)
12585{
12586 void *hdr;
12587 struct sk_buff *msg;
12588
12589 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12590 if (!msg)
12591 return -ENOMEM;
12592
12593 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12594 NL80211_CMD_GET_PROTOCOL_FEATURES);
12595 if (!hdr)
12596 goto nla_put_failure;
12597
12598 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
12599 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
12600 goto nla_put_failure;
12601
12602 genlmsg_end(msg, hdr);
12603 return genlmsg_reply(msg, info);
12604
12605 nla_put_failure:
12606 kfree_skb(msg);
12607 return -ENOBUFS;
12608}
12609
12610static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
12611{
12612 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12613 struct cfg80211_update_ft_ies_params ft_params;
12614 struct net_device *dev = info->user_ptr[1];
12615
12616 if (!rdev->ops->update_ft_ies)
12617 return -EOPNOTSUPP;
12618
12619 if (!info->attrs[NL80211_ATTR_MDID] ||
12620 !info->attrs[NL80211_ATTR_IE])
12621 return -EINVAL;
12622
12623 memset(&ft_params, 0, sizeof(ft_params));
12624 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
12625 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12626 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12627
12628 return rdev_update_ft_ies(rdev, dev, &ft_params);
12629}
12630
12631static int nl80211_crit_protocol_start(struct sk_buff *skb,
12632 struct genl_info *info)
12633{
12634 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12635 struct wireless_dev *wdev = info->user_ptr[1];
12636 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
12637 u16 duration;
12638 int ret;
12639
12640 if (!rdev->ops->crit_proto_start)
12641 return -EOPNOTSUPP;
12642
12643 if (WARN_ON(!rdev->ops->crit_proto_stop))
12644 return -EINVAL;
12645
12646 if (rdev->crit_proto_nlportid)
12647 return -EBUSY;
12648
12649
12650 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
12651 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
12652
12653 if (proto >= NUM_NL80211_CRIT_PROTO)
12654 return -EINVAL;
12655
12656
12657 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
12658 return -EINVAL;
12659
12660 duration =
12661 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
12662
12663 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
12664 return -ERANGE;
12665
12666 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
12667 if (!ret)
12668 rdev->crit_proto_nlportid = info->snd_portid;
12669
12670 return ret;
12671}
12672
12673static int nl80211_crit_protocol_stop(struct sk_buff *skb,
12674 struct genl_info *info)
12675{
12676 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12677 struct wireless_dev *wdev = info->user_ptr[1];
12678
12679 if (!rdev->ops->crit_proto_stop)
12680 return -EOPNOTSUPP;
12681
12682 if (rdev->crit_proto_nlportid) {
12683 rdev->crit_proto_nlportid = 0;
12684 rdev_crit_proto_stop(rdev, wdev);
12685 }
12686 return 0;
12687}
12688
12689static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
12690 struct nlattr *attr,
12691 struct netlink_ext_ack *extack)
12692{
12693 if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
12694 if (attr->nla_type & NLA_F_NESTED) {
12695 NL_SET_ERR_MSG_ATTR(extack, attr,
12696 "unexpected nested data");
12697 return -EINVAL;
12698 }
12699
12700 return 0;
12701 }
12702
12703 if (!(attr->nla_type & NLA_F_NESTED)) {
12704 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
12705 return -EINVAL;
12706 }
12707
12708 return nl80211_validate_nested(attr, vcmd->maxattr, vcmd->policy,
12709 extack);
12710}
12711
12712static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
12713{
12714 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12715 struct wireless_dev *wdev =
12716 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
12717 int i, err;
12718 u32 vid, subcmd;
12719
12720 if (!rdev->wiphy.vendor_commands)
12721 return -EOPNOTSUPP;
12722
12723 if (IS_ERR(wdev)) {
12724 err = PTR_ERR(wdev);
12725 if (err != -EINVAL)
12726 return err;
12727 wdev = NULL;
12728 } else if (wdev->wiphy != &rdev->wiphy) {
12729 return -EINVAL;
12730 }
12731
12732 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
12733 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
12734 return -EINVAL;
12735
12736 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
12737 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
12738 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
12739 const struct wiphy_vendor_command *vcmd;
12740 void *data = NULL;
12741 int len = 0;
12742
12743 vcmd = &rdev->wiphy.vendor_commands[i];
12744
12745 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12746 continue;
12747
12748 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12749 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12750 if (!wdev)
12751 return -EINVAL;
12752 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12753 !wdev->netdev)
12754 return -EINVAL;
12755
12756 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12757 if (!wdev_running(wdev))
12758 return -ENETDOWN;
12759 }
12760
12761 if (!vcmd->doit)
12762 return -EOPNOTSUPP;
12763 } else {
12764 wdev = NULL;
12765 }
12766
12767 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
12768 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12769 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12770
12771 err = nl80211_vendor_check_policy(vcmd,
12772 info->attrs[NL80211_ATTR_VENDOR_DATA],
12773 info->extack);
12774 if (err)
12775 return err;
12776 }
12777
12778 rdev->cur_cmd_info = info;
12779 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
12780 rdev->cur_cmd_info = NULL;
12781 return err;
12782 }
12783
12784 return -EOPNOTSUPP;
12785}
12786
12787static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
12788 struct netlink_callback *cb,
12789 struct cfg80211_registered_device **rdev,
12790 struct wireless_dev **wdev)
12791{
12792 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
12793 u32 vid, subcmd;
12794 unsigned int i;
12795 int vcmd_idx = -1;
12796 int err;
12797 void *data = NULL;
12798 unsigned int data_len = 0;
12799
12800 if (cb->args[0]) {
12801
12802 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
12803 struct wireless_dev *tmp;
12804
12805 if (!wiphy)
12806 return -ENODEV;
12807 *rdev = wiphy_to_rdev(wiphy);
12808 *wdev = NULL;
12809
12810 if (cb->args[1]) {
12811 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
12812 if (tmp->identifier == cb->args[1] - 1) {
12813 *wdev = tmp;
12814 break;
12815 }
12816 }
12817 }
12818
12819
12820 return 0;
12821 }
12822
12823 err = nlmsg_parse_deprecated(cb->nlh,
12824 GENL_HDRLEN + nl80211_fam.hdrsize,
12825 attrbuf, nl80211_fam.maxattr,
12826 nl80211_policy, NULL);
12827 if (err)
12828 return err;
12829
12830 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
12831 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD])
12832 return -EINVAL;
12833
12834 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
12835 if (IS_ERR(*wdev))
12836 *wdev = NULL;
12837
12838 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
12839 if (IS_ERR(*rdev))
12840 return PTR_ERR(*rdev);
12841
12842 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
12843 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
12844
12845 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
12846 const struct wiphy_vendor_command *vcmd;
12847
12848 vcmd = &(*rdev)->wiphy.vendor_commands[i];
12849
12850 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12851 continue;
12852
12853 if (!vcmd->dumpit)
12854 return -EOPNOTSUPP;
12855
12856 vcmd_idx = i;
12857 break;
12858 }
12859
12860 if (vcmd_idx < 0)
12861 return -EOPNOTSUPP;
12862
12863 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
12864 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12865 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12866
12867 err = nl80211_vendor_check_policy(
12868 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
12869 attrbuf[NL80211_ATTR_VENDOR_DATA],
12870 cb->extack);
12871 if (err)
12872 return err;
12873 }
12874
12875
12876 cb->args[0] = (*rdev)->wiphy_idx + 1;
12877
12878 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
12879 cb->args[2] = vcmd_idx;
12880 cb->args[3] = (unsigned long)data;
12881 cb->args[4] = data_len;
12882
12883
12884 return 0;
12885}
12886
12887static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
12888 struct netlink_callback *cb)
12889{
12890 struct cfg80211_registered_device *rdev;
12891 struct wireless_dev *wdev;
12892 unsigned int vcmd_idx;
12893 const struct wiphy_vendor_command *vcmd;
12894 void *data;
12895 int data_len;
12896 int err;
12897 struct nlattr *vendor_data;
12898
12899 rtnl_lock();
12900 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
12901 if (err)
12902 goto out;
12903
12904 vcmd_idx = cb->args[2];
12905 data = (void *)cb->args[3];
12906 data_len = cb->args[4];
12907 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
12908
12909 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12910 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12911 if (!wdev) {
12912 err = -EINVAL;
12913 goto out;
12914 }
12915 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12916 !wdev->netdev) {
12917 err = -EINVAL;
12918 goto out;
12919 }
12920
12921 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12922 if (!wdev_running(wdev)) {
12923 err = -ENETDOWN;
12924 goto out;
12925 }
12926 }
12927 }
12928
12929 while (1) {
12930 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
12931 cb->nlh->nlmsg_seq, NLM_F_MULTI,
12932 NL80211_CMD_VENDOR);
12933 if (!hdr)
12934 break;
12935
12936 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12937 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
12938 wdev_id(wdev),
12939 NL80211_ATTR_PAD))) {
12940 genlmsg_cancel(skb, hdr);
12941 break;
12942 }
12943
12944 vendor_data = nla_nest_start_noflag(skb,
12945 NL80211_ATTR_VENDOR_DATA);
12946 if (!vendor_data) {
12947 genlmsg_cancel(skb, hdr);
12948 break;
12949 }
12950
12951 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
12952 (unsigned long *)&cb->args[5]);
12953 nla_nest_end(skb, vendor_data);
12954
12955 if (err == -ENOBUFS || err == -ENOENT) {
12956 genlmsg_cancel(skb, hdr);
12957 break;
12958 } else if (err) {
12959 genlmsg_cancel(skb, hdr);
12960 goto out;
12961 }
12962
12963 genlmsg_end(skb, hdr);
12964 }
12965
12966 err = skb->len;
12967 out:
12968 rtnl_unlock();
12969 return err;
12970}
12971
12972struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
12973 enum nl80211_commands cmd,
12974 enum nl80211_attrs attr,
12975 int approxlen)
12976{
12977 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12978
12979 if (WARN_ON(!rdev->cur_cmd_info))
12980 return NULL;
12981
12982 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
12983 rdev->cur_cmd_info->snd_portid,
12984 rdev->cur_cmd_info->snd_seq,
12985 cmd, attr, NULL, GFP_KERNEL);
12986}
12987EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
12988
12989int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
12990{
12991 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
12992 void *hdr = ((void **)skb->cb)[1];
12993 struct nlattr *data = ((void **)skb->cb)[2];
12994
12995
12996 memset(skb->cb, 0, sizeof(skb->cb));
12997
12998 if (WARN_ON(!rdev->cur_cmd_info)) {
12999 kfree_skb(skb);
13000 return -EINVAL;
13001 }
13002
13003 nla_nest_end(skb, data);
13004 genlmsg_end(skb, hdr);
13005 return genlmsg_reply(skb, rdev->cur_cmd_info);
13006}
13007EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
13008
13009unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
13010{
13011 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13012
13013 if (WARN_ON(!rdev->cur_cmd_info))
13014 return 0;
13015
13016 return rdev->cur_cmd_info->snd_portid;
13017}
13018EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
13019
13020static int nl80211_set_qos_map(struct sk_buff *skb,
13021 struct genl_info *info)
13022{
13023 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13024 struct cfg80211_qos_map *qos_map = NULL;
13025 struct net_device *dev = info->user_ptr[1];
13026 u8 *pos, len, num_des, des_len, des;
13027 int ret;
13028
13029 if (!rdev->ops->set_qos_map)
13030 return -EOPNOTSUPP;
13031
13032 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
13033 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
13034 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
13035
13036 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
13037 len > IEEE80211_QOS_MAP_LEN_MAX)
13038 return -EINVAL;
13039
13040 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
13041 if (!qos_map)
13042 return -ENOMEM;
13043
13044 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
13045 if (num_des) {
13046 des_len = num_des *
13047 sizeof(struct cfg80211_dscp_exception);
13048 memcpy(qos_map->dscp_exception, pos, des_len);
13049 qos_map->num_des = num_des;
13050 for (des = 0; des < num_des; des++) {
13051 if (qos_map->dscp_exception[des].up > 7) {
13052 kfree(qos_map);
13053 return -EINVAL;
13054 }
13055 }
13056 pos += des_len;
13057 }
13058 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
13059 }
13060
13061 wdev_lock(dev->ieee80211_ptr);
13062 ret = nl80211_key_allowed(dev->ieee80211_ptr);
13063 if (!ret)
13064 ret = rdev_set_qos_map(rdev, dev, qos_map);
13065 wdev_unlock(dev->ieee80211_ptr);
13066
13067 kfree(qos_map);
13068 return ret;
13069}
13070
13071static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
13072{
13073 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13074 struct net_device *dev = info->user_ptr[1];
13075 struct wireless_dev *wdev = dev->ieee80211_ptr;
13076 const u8 *peer;
13077 u8 tsid, up;
13078 u16 admitted_time = 0;
13079 int err;
13080
13081 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
13082 return -EOPNOTSUPP;
13083
13084 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
13085 !info->attrs[NL80211_ATTR_USER_PRIO])
13086 return -EINVAL;
13087
13088 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13089 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
13090
13091
13092 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
13093
13094
13095
13096
13097 return -EINVAL;
13098 }
13099
13100 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13101
13102 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
13103 admitted_time =
13104 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
13105 if (!admitted_time)
13106 return -EINVAL;
13107 }
13108
13109 wdev_lock(wdev);
13110 switch (wdev->iftype) {
13111 case NL80211_IFTYPE_STATION:
13112 case NL80211_IFTYPE_P2P_CLIENT:
13113 if (wdev->current_bss)
13114 break;
13115 err = -ENOTCONN;
13116 goto out;
13117 default:
13118 err = -EOPNOTSUPP;
13119 goto out;
13120 }
13121
13122 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
13123
13124 out:
13125 wdev_unlock(wdev);
13126 return err;
13127}
13128
13129static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
13130{
13131 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13132 struct net_device *dev = info->user_ptr[1];
13133 struct wireless_dev *wdev = dev->ieee80211_ptr;
13134 const u8 *peer;
13135 u8 tsid;
13136 int err;
13137
13138 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
13139 return -EINVAL;
13140
13141 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13142 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13143
13144 wdev_lock(wdev);
13145 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
13146 wdev_unlock(wdev);
13147
13148 return err;
13149}
13150
13151static int nl80211_tdls_channel_switch(struct sk_buff *skb,
13152 struct genl_info *info)
13153{
13154 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13155 struct net_device *dev = info->user_ptr[1];
13156 struct wireless_dev *wdev = dev->ieee80211_ptr;
13157 struct cfg80211_chan_def chandef = {};
13158 const u8 *addr;
13159 u8 oper_class;
13160 int err;
13161
13162 if (!rdev->ops->tdls_channel_switch ||
13163 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13164 return -EOPNOTSUPP;
13165
13166 switch (dev->ieee80211_ptr->iftype) {
13167 case NL80211_IFTYPE_STATION:
13168 case NL80211_IFTYPE_P2P_CLIENT:
13169 break;
13170 default:
13171 return -EOPNOTSUPP;
13172 }
13173
13174 if (!info->attrs[NL80211_ATTR_MAC] ||
13175 !info->attrs[NL80211_ATTR_OPER_CLASS])
13176 return -EINVAL;
13177
13178 err = nl80211_parse_chandef(rdev, info, &chandef);
13179 if (err)
13180 return err;
13181
13182
13183
13184
13185
13186
13187 if (chandef.chan->band == NL80211_BAND_2GHZ &&
13188 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
13189 chandef.width != NL80211_CHAN_WIDTH_20)
13190 return -EINVAL;
13191
13192
13193 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
13194 wdev->iftype))
13195 return -EINVAL;
13196
13197
13198 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
13199 return -EINVAL;
13200
13201 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13202 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
13203
13204 wdev_lock(wdev);
13205 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
13206 wdev_unlock(wdev);
13207
13208 return err;
13209}
13210
13211static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
13212 struct genl_info *info)
13213{
13214 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13215 struct net_device *dev = info->user_ptr[1];
13216 struct wireless_dev *wdev = dev->ieee80211_ptr;
13217 const u8 *addr;
13218
13219 if (!rdev->ops->tdls_channel_switch ||
13220 !rdev->ops->tdls_cancel_channel_switch ||
13221 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13222 return -EOPNOTSUPP;
13223
13224 switch (dev->ieee80211_ptr->iftype) {
13225 case NL80211_IFTYPE_STATION:
13226 case NL80211_IFTYPE_P2P_CLIENT:
13227 break;
13228 default:
13229 return -EOPNOTSUPP;
13230 }
13231
13232 if (!info->attrs[NL80211_ATTR_MAC])
13233 return -EINVAL;
13234
13235 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13236
13237 wdev_lock(wdev);
13238 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
13239 wdev_unlock(wdev);
13240
13241 return 0;
13242}
13243
13244static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
13245 struct genl_info *info)
13246{
13247 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13248 struct net_device *dev = info->user_ptr[1];
13249 struct wireless_dev *wdev = dev->ieee80211_ptr;
13250 const struct nlattr *nla;
13251 bool enabled;
13252
13253 if (!rdev->ops->set_multicast_to_unicast)
13254 return -EOPNOTSUPP;
13255
13256 if (wdev->iftype != NL80211_IFTYPE_AP &&
13257 wdev->iftype != NL80211_IFTYPE_P2P_GO)
13258 return -EOPNOTSUPP;
13259
13260 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
13261 enabled = nla_get_flag(nla);
13262
13263 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
13264}
13265
13266static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
13267{
13268 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13269 struct net_device *dev = info->user_ptr[1];
13270 struct wireless_dev *wdev = dev->ieee80211_ptr;
13271 struct cfg80211_pmk_conf pmk_conf = {};
13272 int ret;
13273
13274 if (wdev->iftype != NL80211_IFTYPE_STATION &&
13275 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13276 return -EOPNOTSUPP;
13277
13278 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13279 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13280 return -EOPNOTSUPP;
13281
13282 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
13283 return -EINVAL;
13284
13285 wdev_lock(wdev);
13286 if (!wdev->current_bss) {
13287 ret = -ENOTCONN;
13288 goto out;
13289 }
13290
13291 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13292 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
13293 ret = -EINVAL;
13294 goto out;
13295 }
13296
13297 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
13298 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
13299 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
13300 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
13301 ret = -EINVAL;
13302 goto out;
13303 }
13304
13305 if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
13306 int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13307
13308 if (r0_name_len != WLAN_PMK_NAME_LEN) {
13309 ret = -EINVAL;
13310 goto out;
13311 }
13312
13313 pmk_conf.pmk_r0_name =
13314 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13315 }
13316
13317 ret = rdev_set_pmk(rdev, dev, &pmk_conf);
13318out:
13319 wdev_unlock(wdev);
13320 return ret;
13321}
13322
13323static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
13324{
13325 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13326 struct net_device *dev = info->user_ptr[1];
13327 struct wireless_dev *wdev = dev->ieee80211_ptr;
13328 const u8 *aa;
13329 int ret;
13330
13331 if (wdev->iftype != NL80211_IFTYPE_STATION &&
13332 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13333 return -EOPNOTSUPP;
13334
13335 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13336 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13337 return -EOPNOTSUPP;
13338
13339 if (!info->attrs[NL80211_ATTR_MAC])
13340 return -EINVAL;
13341
13342 wdev_lock(wdev);
13343 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13344 ret = rdev_del_pmk(rdev, dev, aa);
13345 wdev_unlock(wdev);
13346
13347 return ret;
13348}
13349
13350static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
13351{
13352 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13353 struct net_device *dev = info->user_ptr[1];
13354 struct cfg80211_external_auth_params params;
13355
13356 if (!rdev->ops->external_auth)
13357 return -EOPNOTSUPP;
13358
13359 if (!info->attrs[NL80211_ATTR_SSID] &&
13360 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
13361 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
13362 return -EINVAL;
13363
13364 if (!info->attrs[NL80211_ATTR_BSSID])
13365 return -EINVAL;
13366
13367 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
13368 return -EINVAL;
13369
13370 memset(¶ms, 0, sizeof(params));
13371
13372 if (info->attrs[NL80211_ATTR_SSID]) {
13373 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13374 if (params.ssid.ssid_len == 0 ||
13375 params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
13376 return -EINVAL;
13377 memcpy(params.ssid.ssid,
13378 nla_data(info->attrs[NL80211_ATTR_SSID]),
13379 params.ssid.ssid_len);
13380 }
13381
13382 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
13383 ETH_ALEN);
13384
13385 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13386
13387 if (info->attrs[NL80211_ATTR_PMKID])
13388 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13389
13390 return rdev_external_auth(rdev, dev, ¶ms);
13391}
13392
13393static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
13394{
13395 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13396 struct net_device *dev = info->user_ptr[1];
13397 struct wireless_dev *wdev = dev->ieee80211_ptr;
13398 const u8 *buf;
13399 size_t len;
13400 u8 *dest;
13401 u16 proto;
13402 bool noencrypt;
13403 int err;
13404
13405 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13406 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
13407 return -EOPNOTSUPP;
13408
13409 if (!rdev->ops->tx_control_port)
13410 return -EOPNOTSUPP;
13411
13412 if (!info->attrs[NL80211_ATTR_FRAME] ||
13413 !info->attrs[NL80211_ATTR_MAC] ||
13414 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
13415 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
13416 return -EINVAL;
13417 }
13418
13419 wdev_lock(wdev);
13420
13421 switch (wdev->iftype) {
13422 case NL80211_IFTYPE_AP:
13423 case NL80211_IFTYPE_P2P_GO:
13424 case NL80211_IFTYPE_MESH_POINT:
13425 break;
13426 case NL80211_IFTYPE_ADHOC:
13427 case NL80211_IFTYPE_STATION:
13428 case NL80211_IFTYPE_P2P_CLIENT:
13429 if (wdev->current_bss)
13430 break;
13431 err = -ENOTCONN;
13432 goto out;
13433 default:
13434 err = -EOPNOTSUPP;
13435 goto out;
13436 }
13437
13438 wdev_unlock(wdev);
13439
13440 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13441 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13442 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13443 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
13444 noencrypt =
13445 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
13446
13447 return rdev_tx_control_port(rdev, dev, buf, len,
13448 dest, cpu_to_be16(proto), noencrypt);
13449
13450 out:
13451 wdev_unlock(wdev);
13452 return err;
13453}
13454
13455static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
13456 struct genl_info *info)
13457{
13458 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13459 struct net_device *dev = info->user_ptr[1];
13460 struct wireless_dev *wdev = dev->ieee80211_ptr;
13461 struct cfg80211_ftm_responder_stats ftm_stats = {};
13462 struct sk_buff *msg;
13463 void *hdr;
13464 struct nlattr *ftm_stats_attr;
13465 int err;
13466
13467 if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
13468 return -EOPNOTSUPP;
13469
13470 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
13471 if (err)
13472 return err;
13473
13474 if (!ftm_stats.filled)
13475 return -ENODATA;
13476
13477 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13478 if (!msg)
13479 return -ENOMEM;
13480
13481 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13482 NL80211_CMD_GET_FTM_RESPONDER_STATS);
13483 if (!hdr)
13484 return -ENOBUFS;
13485
13486 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
13487 goto nla_put_failure;
13488
13489 ftm_stats_attr = nla_nest_start_noflag(msg,
13490 NL80211_ATTR_FTM_RESPONDER_STATS);
13491 if (!ftm_stats_attr)
13492 goto nla_put_failure;
13493
13494#define SET_FTM(field, name, type) \
13495 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13496 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
13497 ftm_stats.field)) \
13498 goto nla_put_failure; } while (0)
13499#define SET_FTM_U64(field, name) \
13500 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13501 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
13502 ftm_stats.field, NL80211_FTM_STATS_PAD)) \
13503 goto nla_put_failure; } while (0)
13504
13505 SET_FTM(success_num, SUCCESS_NUM, u32);
13506 SET_FTM(partial_num, PARTIAL_NUM, u32);
13507 SET_FTM(failed_num, FAILED_NUM, u32);
13508 SET_FTM(asap_num, ASAP_NUM, u32);
13509 SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
13510 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
13511 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
13512 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
13513 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
13514#undef SET_FTM
13515
13516 nla_nest_end(msg, ftm_stats_attr);
13517
13518 genlmsg_end(msg, hdr);
13519 return genlmsg_reply(msg, info);
13520
13521nla_put_failure:
13522 nlmsg_free(msg);
13523 return -ENOBUFS;
13524}
13525
13526static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
13527{
13528 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13529 struct cfg80211_update_owe_info owe_info;
13530 struct net_device *dev = info->user_ptr[1];
13531
13532 if (!rdev->ops->update_owe_info)
13533 return -EOPNOTSUPP;
13534
13535 if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
13536 !info->attrs[NL80211_ATTR_MAC])
13537 return -EINVAL;
13538
13539 memset(&owe_info, 0, sizeof(owe_info));
13540 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13541 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
13542
13543 if (info->attrs[NL80211_ATTR_IE]) {
13544 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13545 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13546 }
13547
13548 return rdev_update_owe_info(rdev, dev, &owe_info);
13549}
13550
13551static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
13552{
13553 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13554 struct net_device *dev = info->user_ptr[1];
13555 struct wireless_dev *wdev = dev->ieee80211_ptr;
13556 struct station_info sinfo = {};
13557 const u8 *buf;
13558 size_t len;
13559 u8 *dest;
13560 int err;
13561
13562 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
13563 return -EOPNOTSUPP;
13564
13565 if (!info->attrs[NL80211_ATTR_MAC] ||
13566 !info->attrs[NL80211_ATTR_FRAME]) {
13567 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
13568 return -EINVAL;
13569 }
13570
13571 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
13572 return -EOPNOTSUPP;
13573
13574 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13575 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13576 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13577
13578 if (len < sizeof(struct ethhdr))
13579 return -EINVAL;
13580
13581 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
13582 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
13583 return -EINVAL;
13584
13585 err = rdev_get_station(rdev, dev, dest, &sinfo);
13586 if (err)
13587 return err;
13588
13589 return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
13590}
13591
13592#define NL80211_FLAG_NEED_WIPHY 0x01
13593#define NL80211_FLAG_NEED_NETDEV 0x02
13594#define NL80211_FLAG_NEED_RTNL 0x04
13595#define NL80211_FLAG_CHECK_NETDEV_UP 0x08
13596#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
13597 NL80211_FLAG_CHECK_NETDEV_UP)
13598#define NL80211_FLAG_NEED_WDEV 0x10
13599
13600#define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
13601 NL80211_FLAG_CHECK_NETDEV_UP)
13602#define NL80211_FLAG_CLEAR_SKB 0x20
13603
13604static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
13605 struct genl_info *info)
13606{
13607 struct cfg80211_registered_device *rdev;
13608 struct wireless_dev *wdev;
13609 struct net_device *dev;
13610 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
13611
13612 if (rtnl)
13613 rtnl_lock();
13614
13615 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
13616 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
13617 if (IS_ERR(rdev)) {
13618 if (rtnl)
13619 rtnl_unlock();
13620 return PTR_ERR(rdev);
13621 }
13622 info->user_ptr[0] = rdev;
13623 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
13624 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13625 ASSERT_RTNL();
13626
13627 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
13628 info->attrs);
13629 if (IS_ERR(wdev)) {
13630 if (rtnl)
13631 rtnl_unlock();
13632 return PTR_ERR(wdev);
13633 }
13634
13635 dev = wdev->netdev;
13636 rdev = wiphy_to_rdev(wdev->wiphy);
13637
13638 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
13639 if (!dev) {
13640 if (rtnl)
13641 rtnl_unlock();
13642 return -EINVAL;
13643 }
13644
13645 info->user_ptr[1] = dev;
13646 } else {
13647 info->user_ptr[1] = wdev;
13648 }
13649
13650 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
13651 !wdev_running(wdev)) {
13652 if (rtnl)
13653 rtnl_unlock();
13654 return -ENETDOWN;
13655 }
13656
13657 if (dev)
13658 dev_hold(dev);
13659
13660 info->user_ptr[0] = rdev;
13661 }
13662
13663 return 0;
13664}
13665
13666static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
13667 struct genl_info *info)
13668{
13669 if (info->user_ptr[1]) {
13670 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13671 struct wireless_dev *wdev = info->user_ptr[1];
13672
13673 if (wdev->netdev)
13674 dev_put(wdev->netdev);
13675 } else {
13676 dev_put(info->user_ptr[1]);
13677 }
13678 }
13679
13680 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
13681 rtnl_unlock();
13682
13683
13684
13685
13686
13687
13688 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
13689 struct nlmsghdr *nlh = nlmsg_hdr(skb);
13690
13691 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
13692 }
13693}
13694
13695static const struct genl_ops nl80211_ops[] = {
13696 {
13697 .cmd = NL80211_CMD_GET_WIPHY,
13698 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13699 .doit = nl80211_get_wiphy,
13700 .dumpit = nl80211_dump_wiphy,
13701 .done = nl80211_dump_wiphy_done,
13702
13703 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13704 NL80211_FLAG_NEED_RTNL,
13705 },
13706 {
13707 .cmd = NL80211_CMD_SET_WIPHY,
13708 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13709 .doit = nl80211_set_wiphy,
13710 .flags = GENL_UNS_ADMIN_PERM,
13711 .internal_flags = NL80211_FLAG_NEED_RTNL,
13712 },
13713 {
13714 .cmd = NL80211_CMD_GET_INTERFACE,
13715 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13716 .doit = nl80211_get_interface,
13717 .dumpit = nl80211_dump_interface,
13718
13719 .internal_flags = NL80211_FLAG_NEED_WDEV |
13720 NL80211_FLAG_NEED_RTNL,
13721 },
13722 {
13723 .cmd = NL80211_CMD_SET_INTERFACE,
13724 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13725 .doit = nl80211_set_interface,
13726 .flags = GENL_UNS_ADMIN_PERM,
13727 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13728 NL80211_FLAG_NEED_RTNL,
13729 },
13730 {
13731 .cmd = NL80211_CMD_NEW_INTERFACE,
13732 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13733 .doit = nl80211_new_interface,
13734 .flags = GENL_UNS_ADMIN_PERM,
13735 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13736 NL80211_FLAG_NEED_RTNL,
13737 },
13738 {
13739 .cmd = NL80211_CMD_DEL_INTERFACE,
13740 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13741 .doit = nl80211_del_interface,
13742 .flags = GENL_UNS_ADMIN_PERM,
13743 .internal_flags = NL80211_FLAG_NEED_WDEV |
13744 NL80211_FLAG_NEED_RTNL,
13745 },
13746 {
13747 .cmd = NL80211_CMD_GET_KEY,
13748 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13749 .doit = nl80211_get_key,
13750 .flags = GENL_UNS_ADMIN_PERM,
13751 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13752 NL80211_FLAG_NEED_RTNL,
13753 },
13754 {
13755 .cmd = NL80211_CMD_SET_KEY,
13756 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13757 .doit = nl80211_set_key,
13758 .flags = GENL_UNS_ADMIN_PERM,
13759 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13760 NL80211_FLAG_NEED_RTNL |
13761 NL80211_FLAG_CLEAR_SKB,
13762 },
13763 {
13764 .cmd = NL80211_CMD_NEW_KEY,
13765 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13766 .doit = nl80211_new_key,
13767 .flags = GENL_UNS_ADMIN_PERM,
13768 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13769 NL80211_FLAG_NEED_RTNL |
13770 NL80211_FLAG_CLEAR_SKB,
13771 },
13772 {
13773 .cmd = NL80211_CMD_DEL_KEY,
13774 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13775 .doit = nl80211_del_key,
13776 .flags = GENL_UNS_ADMIN_PERM,
13777 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13778 NL80211_FLAG_NEED_RTNL,
13779 },
13780 {
13781 .cmd = NL80211_CMD_SET_BEACON,
13782 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13783 .flags = GENL_UNS_ADMIN_PERM,
13784 .doit = nl80211_set_beacon,
13785 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13786 NL80211_FLAG_NEED_RTNL,
13787 },
13788 {
13789 .cmd = NL80211_CMD_START_AP,
13790 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13791 .flags = GENL_UNS_ADMIN_PERM,
13792 .doit = nl80211_start_ap,
13793 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13794 NL80211_FLAG_NEED_RTNL,
13795 },
13796 {
13797 .cmd = NL80211_CMD_STOP_AP,
13798 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13799 .flags = GENL_UNS_ADMIN_PERM,
13800 .doit = nl80211_stop_ap,
13801 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13802 NL80211_FLAG_NEED_RTNL,
13803 },
13804 {
13805 .cmd = NL80211_CMD_GET_STATION,
13806 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13807 .doit = nl80211_get_station,
13808 .dumpit = nl80211_dump_station,
13809 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13810 NL80211_FLAG_NEED_RTNL,
13811 },
13812 {
13813 .cmd = NL80211_CMD_SET_STATION,
13814 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13815 .doit = nl80211_set_station,
13816 .flags = GENL_UNS_ADMIN_PERM,
13817 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13818 NL80211_FLAG_NEED_RTNL,
13819 },
13820 {
13821 .cmd = NL80211_CMD_NEW_STATION,
13822 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13823 .doit = nl80211_new_station,
13824 .flags = GENL_UNS_ADMIN_PERM,
13825 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13826 NL80211_FLAG_NEED_RTNL,
13827 },
13828 {
13829 .cmd = NL80211_CMD_DEL_STATION,
13830 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13831 .doit = nl80211_del_station,
13832 .flags = GENL_UNS_ADMIN_PERM,
13833 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13834 NL80211_FLAG_NEED_RTNL,
13835 },
13836 {
13837 .cmd = NL80211_CMD_GET_MPATH,
13838 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13839 .doit = nl80211_get_mpath,
13840 .dumpit = nl80211_dump_mpath,
13841 .flags = GENL_UNS_ADMIN_PERM,
13842 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13843 NL80211_FLAG_NEED_RTNL,
13844 },
13845 {
13846 .cmd = NL80211_CMD_GET_MPP,
13847 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13848 .doit = nl80211_get_mpp,
13849 .dumpit = nl80211_dump_mpp,
13850 .flags = GENL_UNS_ADMIN_PERM,
13851 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13852 NL80211_FLAG_NEED_RTNL,
13853 },
13854 {
13855 .cmd = NL80211_CMD_SET_MPATH,
13856 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13857 .doit = nl80211_set_mpath,
13858 .flags = GENL_UNS_ADMIN_PERM,
13859 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13860 NL80211_FLAG_NEED_RTNL,
13861 },
13862 {
13863 .cmd = NL80211_CMD_NEW_MPATH,
13864 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13865 .doit = nl80211_new_mpath,
13866 .flags = GENL_UNS_ADMIN_PERM,
13867 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13868 NL80211_FLAG_NEED_RTNL,
13869 },
13870 {
13871 .cmd = NL80211_CMD_DEL_MPATH,
13872 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13873 .doit = nl80211_del_mpath,
13874 .flags = GENL_UNS_ADMIN_PERM,
13875 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13876 NL80211_FLAG_NEED_RTNL,
13877 },
13878 {
13879 .cmd = NL80211_CMD_SET_BSS,
13880 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13881 .doit = nl80211_set_bss,
13882 .flags = GENL_UNS_ADMIN_PERM,
13883 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13884 NL80211_FLAG_NEED_RTNL,
13885 },
13886 {
13887 .cmd = NL80211_CMD_GET_REG,
13888 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13889 .doit = nl80211_get_reg_do,
13890 .dumpit = nl80211_get_reg_dump,
13891 .internal_flags = NL80211_FLAG_NEED_RTNL,
13892
13893 },
13894#ifdef CONFIG_CFG80211_CRDA_SUPPORT
13895 {
13896 .cmd = NL80211_CMD_SET_REG,
13897 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13898 .doit = nl80211_set_reg,
13899 .flags = GENL_ADMIN_PERM,
13900 .internal_flags = NL80211_FLAG_NEED_RTNL,
13901 },
13902#endif
13903 {
13904 .cmd = NL80211_CMD_REQ_SET_REG,
13905 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13906 .doit = nl80211_req_set_reg,
13907 .flags = GENL_ADMIN_PERM,
13908 },
13909 {
13910 .cmd = NL80211_CMD_RELOAD_REGDB,
13911 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13912 .doit = nl80211_reload_regdb,
13913 .flags = GENL_ADMIN_PERM,
13914 },
13915 {
13916 .cmd = NL80211_CMD_GET_MESH_CONFIG,
13917 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13918 .doit = nl80211_get_mesh_config,
13919
13920 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13921 NL80211_FLAG_NEED_RTNL,
13922 },
13923 {
13924 .cmd = NL80211_CMD_SET_MESH_CONFIG,
13925 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13926 .doit = nl80211_update_mesh_config,
13927 .flags = GENL_UNS_ADMIN_PERM,
13928 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13929 NL80211_FLAG_NEED_RTNL,
13930 },
13931 {
13932 .cmd = NL80211_CMD_TRIGGER_SCAN,
13933 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13934 .doit = nl80211_trigger_scan,
13935 .flags = GENL_UNS_ADMIN_PERM,
13936 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13937 NL80211_FLAG_NEED_RTNL,
13938 },
13939 {
13940 .cmd = NL80211_CMD_ABORT_SCAN,
13941 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13942 .doit = nl80211_abort_scan,
13943 .flags = GENL_UNS_ADMIN_PERM,
13944 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13945 NL80211_FLAG_NEED_RTNL,
13946 },
13947 {
13948 .cmd = NL80211_CMD_GET_SCAN,
13949 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13950 .dumpit = nl80211_dump_scan,
13951 },
13952 {
13953 .cmd = NL80211_CMD_START_SCHED_SCAN,
13954 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13955 .doit = nl80211_start_sched_scan,
13956 .flags = GENL_UNS_ADMIN_PERM,
13957 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13958 NL80211_FLAG_NEED_RTNL,
13959 },
13960 {
13961 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
13962 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13963 .doit = nl80211_stop_sched_scan,
13964 .flags = GENL_UNS_ADMIN_PERM,
13965 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13966 NL80211_FLAG_NEED_RTNL,
13967 },
13968 {
13969 .cmd = NL80211_CMD_AUTHENTICATE,
13970 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13971 .doit = nl80211_authenticate,
13972 .flags = GENL_UNS_ADMIN_PERM,
13973 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13974 NL80211_FLAG_NEED_RTNL |
13975 NL80211_FLAG_CLEAR_SKB,
13976 },
13977 {
13978 .cmd = NL80211_CMD_ASSOCIATE,
13979 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13980 .doit = nl80211_associate,
13981 .flags = GENL_UNS_ADMIN_PERM,
13982 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13983 NL80211_FLAG_NEED_RTNL |
13984 NL80211_FLAG_CLEAR_SKB,
13985 },
13986 {
13987 .cmd = NL80211_CMD_DEAUTHENTICATE,
13988 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13989 .doit = nl80211_deauthenticate,
13990 .flags = GENL_UNS_ADMIN_PERM,
13991 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13992 NL80211_FLAG_NEED_RTNL,
13993 },
13994 {
13995 .cmd = NL80211_CMD_DISASSOCIATE,
13996 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13997 .doit = nl80211_disassociate,
13998 .flags = GENL_UNS_ADMIN_PERM,
13999 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14000 NL80211_FLAG_NEED_RTNL,
14001 },
14002 {
14003 .cmd = NL80211_CMD_JOIN_IBSS,
14004 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14005 .doit = nl80211_join_ibss,
14006 .flags = GENL_UNS_ADMIN_PERM,
14007 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14008 NL80211_FLAG_NEED_RTNL,
14009 },
14010 {
14011 .cmd = NL80211_CMD_LEAVE_IBSS,
14012 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14013 .doit = nl80211_leave_ibss,
14014 .flags = GENL_UNS_ADMIN_PERM,
14015 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14016 NL80211_FLAG_NEED_RTNL,
14017 },
14018#ifdef CONFIG_NL80211_TESTMODE
14019 {
14020 .cmd = NL80211_CMD_TESTMODE,
14021 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14022 .doit = nl80211_testmode_do,
14023 .dumpit = nl80211_testmode_dump,
14024 .flags = GENL_UNS_ADMIN_PERM,
14025 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14026 NL80211_FLAG_NEED_RTNL,
14027 },
14028#endif
14029 {
14030 .cmd = NL80211_CMD_CONNECT,
14031 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14032 .doit = nl80211_connect,
14033 .flags = GENL_UNS_ADMIN_PERM,
14034 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14035 NL80211_FLAG_NEED_RTNL |
14036 NL80211_FLAG_CLEAR_SKB,
14037 },
14038 {
14039 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
14040 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14041 .doit = nl80211_update_connect_params,
14042 .flags = GENL_ADMIN_PERM,
14043 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14044 NL80211_FLAG_NEED_RTNL |
14045 NL80211_FLAG_CLEAR_SKB,
14046 },
14047 {
14048 .cmd = NL80211_CMD_DISCONNECT,
14049 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14050 .doit = nl80211_disconnect,
14051 .flags = GENL_UNS_ADMIN_PERM,
14052 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14053 NL80211_FLAG_NEED_RTNL,
14054 },
14055 {
14056 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
14057 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14058 .doit = nl80211_wiphy_netns,
14059 .flags = GENL_UNS_ADMIN_PERM,
14060 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14061 NL80211_FLAG_NEED_RTNL,
14062 },
14063 {
14064 .cmd = NL80211_CMD_GET_SURVEY,
14065 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14066 .dumpit = nl80211_dump_survey,
14067 },
14068 {
14069 .cmd = NL80211_CMD_SET_PMKSA,
14070 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14071 .doit = nl80211_setdel_pmksa,
14072 .flags = GENL_UNS_ADMIN_PERM,
14073 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14074 NL80211_FLAG_NEED_RTNL |
14075 NL80211_FLAG_CLEAR_SKB,
14076 },
14077 {
14078 .cmd = NL80211_CMD_DEL_PMKSA,
14079 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14080 .doit = nl80211_setdel_pmksa,
14081 .flags = GENL_UNS_ADMIN_PERM,
14082 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14083 NL80211_FLAG_NEED_RTNL,
14084 },
14085 {
14086 .cmd = NL80211_CMD_FLUSH_PMKSA,
14087 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14088 .doit = nl80211_flush_pmksa,
14089 .flags = GENL_UNS_ADMIN_PERM,
14090 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14091 NL80211_FLAG_NEED_RTNL,
14092 },
14093 {
14094 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
14095 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14096 .doit = nl80211_remain_on_channel,
14097 .flags = GENL_UNS_ADMIN_PERM,
14098 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14099 NL80211_FLAG_NEED_RTNL,
14100 },
14101 {
14102 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14103 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14104 .doit = nl80211_cancel_remain_on_channel,
14105 .flags = GENL_UNS_ADMIN_PERM,
14106 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14107 NL80211_FLAG_NEED_RTNL,
14108 },
14109 {
14110 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
14111 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14112 .doit = nl80211_set_tx_bitrate_mask,
14113 .flags = GENL_UNS_ADMIN_PERM,
14114 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14115 NL80211_FLAG_NEED_RTNL,
14116 },
14117 {
14118 .cmd = NL80211_CMD_REGISTER_FRAME,
14119 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14120 .doit = nl80211_register_mgmt,
14121 .flags = GENL_UNS_ADMIN_PERM,
14122 .internal_flags = NL80211_FLAG_NEED_WDEV |
14123 NL80211_FLAG_NEED_RTNL,
14124 },
14125 {
14126 .cmd = NL80211_CMD_FRAME,
14127 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14128 .doit = nl80211_tx_mgmt,
14129 .flags = GENL_UNS_ADMIN_PERM,
14130 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14131 NL80211_FLAG_NEED_RTNL,
14132 },
14133 {
14134 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
14135 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14136 .doit = nl80211_tx_mgmt_cancel_wait,
14137 .flags = GENL_UNS_ADMIN_PERM,
14138 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14139 NL80211_FLAG_NEED_RTNL,
14140 },
14141 {
14142 .cmd = NL80211_CMD_SET_POWER_SAVE,
14143 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14144 .doit = nl80211_set_power_save,
14145 .flags = GENL_UNS_ADMIN_PERM,
14146 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14147 NL80211_FLAG_NEED_RTNL,
14148 },
14149 {
14150 .cmd = NL80211_CMD_GET_POWER_SAVE,
14151 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14152 .doit = nl80211_get_power_save,
14153
14154 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14155 NL80211_FLAG_NEED_RTNL,
14156 },
14157 {
14158 .cmd = NL80211_CMD_SET_CQM,
14159 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14160 .doit = nl80211_set_cqm,
14161 .flags = GENL_UNS_ADMIN_PERM,
14162 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14163 NL80211_FLAG_NEED_RTNL,
14164 },
14165 {
14166 .cmd = NL80211_CMD_SET_CHANNEL,
14167 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14168 .doit = nl80211_set_channel,
14169 .flags = GENL_UNS_ADMIN_PERM,
14170 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14171 NL80211_FLAG_NEED_RTNL,
14172 },
14173 {
14174 .cmd = NL80211_CMD_SET_WDS_PEER,
14175 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14176 .doit = nl80211_set_wds_peer,
14177 .flags = GENL_UNS_ADMIN_PERM,
14178 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14179 NL80211_FLAG_NEED_RTNL,
14180 },
14181 {
14182 .cmd = NL80211_CMD_JOIN_MESH,
14183 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14184 .doit = nl80211_join_mesh,
14185 .flags = GENL_UNS_ADMIN_PERM,
14186 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14187 NL80211_FLAG_NEED_RTNL,
14188 },
14189 {
14190 .cmd = NL80211_CMD_LEAVE_MESH,
14191 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14192 .doit = nl80211_leave_mesh,
14193 .flags = GENL_UNS_ADMIN_PERM,
14194 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14195 NL80211_FLAG_NEED_RTNL,
14196 },
14197 {
14198 .cmd = NL80211_CMD_JOIN_OCB,
14199 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14200 .doit = nl80211_join_ocb,
14201 .flags = GENL_UNS_ADMIN_PERM,
14202 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14203 NL80211_FLAG_NEED_RTNL,
14204 },
14205 {
14206 .cmd = NL80211_CMD_LEAVE_OCB,
14207 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14208 .doit = nl80211_leave_ocb,
14209 .flags = GENL_UNS_ADMIN_PERM,
14210 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14211 NL80211_FLAG_NEED_RTNL,
14212 },
14213#ifdef CONFIG_PM
14214 {
14215 .cmd = NL80211_CMD_GET_WOWLAN,
14216 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14217 .doit = nl80211_get_wowlan,
14218
14219 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14220 NL80211_FLAG_NEED_RTNL,
14221 },
14222 {
14223 .cmd = NL80211_CMD_SET_WOWLAN,
14224 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14225 .doit = nl80211_set_wowlan,
14226 .flags = GENL_UNS_ADMIN_PERM,
14227 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14228 NL80211_FLAG_NEED_RTNL,
14229 },
14230#endif
14231 {
14232 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
14233 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14234 .doit = nl80211_set_rekey_data,
14235 .flags = GENL_UNS_ADMIN_PERM,
14236 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14237 NL80211_FLAG_NEED_RTNL |
14238 NL80211_FLAG_CLEAR_SKB,
14239 },
14240 {
14241 .cmd = NL80211_CMD_TDLS_MGMT,
14242 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14243 .doit = nl80211_tdls_mgmt,
14244 .flags = GENL_UNS_ADMIN_PERM,
14245 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14246 NL80211_FLAG_NEED_RTNL,
14247 },
14248 {
14249 .cmd = NL80211_CMD_TDLS_OPER,
14250 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14251 .doit = nl80211_tdls_oper,
14252 .flags = GENL_UNS_ADMIN_PERM,
14253 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14254 NL80211_FLAG_NEED_RTNL,
14255 },
14256 {
14257 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
14258 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14259 .doit = nl80211_register_unexpected_frame,
14260 .flags = GENL_UNS_ADMIN_PERM,
14261 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14262 NL80211_FLAG_NEED_RTNL,
14263 },
14264 {
14265 .cmd = NL80211_CMD_PROBE_CLIENT,
14266 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14267 .doit = nl80211_probe_client,
14268 .flags = GENL_UNS_ADMIN_PERM,
14269 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14270 NL80211_FLAG_NEED_RTNL,
14271 },
14272 {
14273 .cmd = NL80211_CMD_REGISTER_BEACONS,
14274 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14275 .doit = nl80211_register_beacons,
14276 .flags = GENL_UNS_ADMIN_PERM,
14277 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14278 NL80211_FLAG_NEED_RTNL,
14279 },
14280 {
14281 .cmd = NL80211_CMD_SET_NOACK_MAP,
14282 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14283 .doit = nl80211_set_noack_map,
14284 .flags = GENL_UNS_ADMIN_PERM,
14285 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14286 NL80211_FLAG_NEED_RTNL,
14287 },
14288 {
14289 .cmd = NL80211_CMD_START_P2P_DEVICE,
14290 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14291 .doit = nl80211_start_p2p_device,
14292 .flags = GENL_UNS_ADMIN_PERM,
14293 .internal_flags = NL80211_FLAG_NEED_WDEV |
14294 NL80211_FLAG_NEED_RTNL,
14295 },
14296 {
14297 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
14298 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14299 .doit = nl80211_stop_p2p_device,
14300 .flags = GENL_UNS_ADMIN_PERM,
14301 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14302 NL80211_FLAG_NEED_RTNL,
14303 },
14304 {
14305 .cmd = NL80211_CMD_START_NAN,
14306 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14307 .doit = nl80211_start_nan,
14308 .flags = GENL_ADMIN_PERM,
14309 .internal_flags = NL80211_FLAG_NEED_WDEV |
14310 NL80211_FLAG_NEED_RTNL,
14311 },
14312 {
14313 .cmd = NL80211_CMD_STOP_NAN,
14314 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14315 .doit = nl80211_stop_nan,
14316 .flags = GENL_ADMIN_PERM,
14317 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14318 NL80211_FLAG_NEED_RTNL,
14319 },
14320 {
14321 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
14322 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14323 .doit = nl80211_nan_add_func,
14324 .flags = GENL_ADMIN_PERM,
14325 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14326 NL80211_FLAG_NEED_RTNL,
14327 },
14328 {
14329 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
14330 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14331 .doit = nl80211_nan_del_func,
14332 .flags = GENL_ADMIN_PERM,
14333 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14334 NL80211_FLAG_NEED_RTNL,
14335 },
14336 {
14337 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
14338 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14339 .doit = nl80211_nan_change_config,
14340 .flags = GENL_ADMIN_PERM,
14341 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14342 NL80211_FLAG_NEED_RTNL,
14343 },
14344 {
14345 .cmd = NL80211_CMD_SET_MCAST_RATE,
14346 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14347 .doit = nl80211_set_mcast_rate,
14348 .flags = GENL_UNS_ADMIN_PERM,
14349 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14350 NL80211_FLAG_NEED_RTNL,
14351 },
14352 {
14353 .cmd = NL80211_CMD_SET_MAC_ACL,
14354 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14355 .doit = nl80211_set_mac_acl,
14356 .flags = GENL_UNS_ADMIN_PERM,
14357 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14358 NL80211_FLAG_NEED_RTNL,
14359 },
14360 {
14361 .cmd = NL80211_CMD_RADAR_DETECT,
14362 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14363 .doit = nl80211_start_radar_detection,
14364 .flags = GENL_UNS_ADMIN_PERM,
14365 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14366 NL80211_FLAG_NEED_RTNL,
14367 },
14368 {
14369 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
14370 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14371 .doit = nl80211_get_protocol_features,
14372 },
14373 {
14374 .cmd = NL80211_CMD_UPDATE_FT_IES,
14375 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14376 .doit = nl80211_update_ft_ies,
14377 .flags = GENL_UNS_ADMIN_PERM,
14378 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14379 NL80211_FLAG_NEED_RTNL,
14380 },
14381 {
14382 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
14383 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14384 .doit = nl80211_crit_protocol_start,
14385 .flags = GENL_UNS_ADMIN_PERM,
14386 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14387 NL80211_FLAG_NEED_RTNL,
14388 },
14389 {
14390 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
14391 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14392 .doit = nl80211_crit_protocol_stop,
14393 .flags = GENL_UNS_ADMIN_PERM,
14394 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14395 NL80211_FLAG_NEED_RTNL,
14396 },
14397 {
14398 .cmd = NL80211_CMD_GET_COALESCE,
14399 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14400 .doit = nl80211_get_coalesce,
14401 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14402 NL80211_FLAG_NEED_RTNL,
14403 },
14404 {
14405 .cmd = NL80211_CMD_SET_COALESCE,
14406 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14407 .doit = nl80211_set_coalesce,
14408 .flags = GENL_UNS_ADMIN_PERM,
14409 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14410 NL80211_FLAG_NEED_RTNL,
14411 },
14412 {
14413 .cmd = NL80211_CMD_CHANNEL_SWITCH,
14414 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14415 .doit = nl80211_channel_switch,
14416 .flags = GENL_UNS_ADMIN_PERM,
14417 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14418 NL80211_FLAG_NEED_RTNL,
14419 },
14420 {
14421 .cmd = NL80211_CMD_VENDOR,
14422 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14423 .doit = nl80211_vendor_cmd,
14424 .dumpit = nl80211_vendor_cmd_dump,
14425 .flags = GENL_UNS_ADMIN_PERM,
14426 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14427 NL80211_FLAG_NEED_RTNL |
14428 NL80211_FLAG_CLEAR_SKB,
14429 },
14430 {
14431 .cmd = NL80211_CMD_SET_QOS_MAP,
14432 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14433 .doit = nl80211_set_qos_map,
14434 .flags = GENL_UNS_ADMIN_PERM,
14435 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14436 NL80211_FLAG_NEED_RTNL,
14437 },
14438 {
14439 .cmd = NL80211_CMD_ADD_TX_TS,
14440 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14441 .doit = nl80211_add_tx_ts,
14442 .flags = GENL_UNS_ADMIN_PERM,
14443 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14444 NL80211_FLAG_NEED_RTNL,
14445 },
14446 {
14447 .cmd = NL80211_CMD_DEL_TX_TS,
14448 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14449 .doit = nl80211_del_tx_ts,
14450 .flags = GENL_UNS_ADMIN_PERM,
14451 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14452 NL80211_FLAG_NEED_RTNL,
14453 },
14454 {
14455 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
14456 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14457 .doit = nl80211_tdls_channel_switch,
14458 .flags = GENL_UNS_ADMIN_PERM,
14459 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14460 NL80211_FLAG_NEED_RTNL,
14461 },
14462 {
14463 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
14464 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14465 .doit = nl80211_tdls_cancel_channel_switch,
14466 .flags = GENL_UNS_ADMIN_PERM,
14467 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14468 NL80211_FLAG_NEED_RTNL,
14469 },
14470 {
14471 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
14472 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14473 .doit = nl80211_set_multicast_to_unicast,
14474 .flags = GENL_UNS_ADMIN_PERM,
14475 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14476 NL80211_FLAG_NEED_RTNL,
14477 },
14478 {
14479 .cmd = NL80211_CMD_SET_PMK,
14480 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14481 .doit = nl80211_set_pmk,
14482 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14483 NL80211_FLAG_NEED_RTNL |
14484 NL80211_FLAG_CLEAR_SKB,
14485 },
14486 {
14487 .cmd = NL80211_CMD_DEL_PMK,
14488 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14489 .doit = nl80211_del_pmk,
14490 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14491 NL80211_FLAG_NEED_RTNL,
14492 },
14493 {
14494 .cmd = NL80211_CMD_EXTERNAL_AUTH,
14495 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14496 .doit = nl80211_external_auth,
14497 .flags = GENL_ADMIN_PERM,
14498 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14499 NL80211_FLAG_NEED_RTNL,
14500 },
14501 {
14502 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
14503 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14504 .doit = nl80211_tx_control_port,
14505 .flags = GENL_UNS_ADMIN_PERM,
14506 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14507 NL80211_FLAG_NEED_RTNL,
14508 },
14509 {
14510 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
14511 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14512 .doit = nl80211_get_ftm_responder_stats,
14513 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14514 NL80211_FLAG_NEED_RTNL,
14515 },
14516 {
14517 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
14518 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14519 .doit = nl80211_pmsr_start,
14520 .flags = GENL_UNS_ADMIN_PERM,
14521 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14522 NL80211_FLAG_NEED_RTNL,
14523 },
14524 {
14525 .cmd = NL80211_CMD_NOTIFY_RADAR,
14526 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14527 .doit = nl80211_notify_radar_detection,
14528 .flags = GENL_UNS_ADMIN_PERM,
14529 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14530 NL80211_FLAG_NEED_RTNL,
14531 },
14532 {
14533 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
14534 .doit = nl80211_update_owe_info,
14535 .flags = GENL_ADMIN_PERM,
14536 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14537 NL80211_FLAG_NEED_RTNL,
14538 },
14539 {
14540 .cmd = NL80211_CMD_PROBE_MESH_LINK,
14541 .doit = nl80211_probe_mesh_link,
14542 .flags = GENL_UNS_ADMIN_PERM,
14543 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14544 NL80211_FLAG_NEED_RTNL,
14545 },
14546};
14547
14548static struct genl_family nl80211_fam __ro_after_init = {
14549 .name = NL80211_GENL_NAME,
14550 .hdrsize = 0,
14551 .version = 1,
14552 .maxattr = NL80211_ATTR_MAX,
14553 .policy = nl80211_policy,
14554 .netnsok = true,
14555 .pre_doit = nl80211_pre_doit,
14556 .post_doit = nl80211_post_doit,
14557 .module = THIS_MODULE,
14558 .ops = nl80211_ops,
14559 .n_ops = ARRAY_SIZE(nl80211_ops),
14560 .mcgrps = nl80211_mcgrps,
14561 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
14562};
14563
14564
14565
14566void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
14567 enum nl80211_commands cmd)
14568{
14569 struct sk_buff *msg;
14570 struct nl80211_dump_wiphy_state state = {};
14571
14572 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
14573 cmd != NL80211_CMD_DEL_WIPHY);
14574
14575 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14576 if (!msg)
14577 return;
14578
14579 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
14580 nlmsg_free(msg);
14581 return;
14582 }
14583
14584 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14585 NL80211_MCGRP_CONFIG, GFP_KERNEL);
14586}
14587
14588void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
14589 struct wireless_dev *wdev,
14590 enum nl80211_commands cmd)
14591{
14592 struct sk_buff *msg;
14593
14594 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14595 if (!msg)
14596 return;
14597
14598 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
14599 nlmsg_free(msg);
14600 return;
14601 }
14602
14603 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14604 NL80211_MCGRP_CONFIG, GFP_KERNEL);
14605}
14606
14607static int nl80211_add_scan_req(struct sk_buff *msg,
14608 struct cfg80211_registered_device *rdev)
14609{
14610 struct cfg80211_scan_request *req = rdev->scan_req;
14611 struct nlattr *nest;
14612 int i;
14613
14614 if (WARN_ON(!req))
14615 return 0;
14616
14617 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
14618 if (!nest)
14619 goto nla_put_failure;
14620 for (i = 0; i < req->n_ssids; i++) {
14621 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
14622 goto nla_put_failure;
14623 }
14624 nla_nest_end(msg, nest);
14625
14626 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
14627 if (!nest)
14628 goto nla_put_failure;
14629 for (i = 0; i < req->n_channels; i++) {
14630 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
14631 goto nla_put_failure;
14632 }
14633 nla_nest_end(msg, nest);
14634
14635 if (req->ie &&
14636 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
14637 goto nla_put_failure;
14638
14639 if (req->flags &&
14640 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
14641 goto nla_put_failure;
14642
14643 if (req->info.scan_start_tsf &&
14644 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
14645 req->info.scan_start_tsf, NL80211_BSS_PAD) ||
14646 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
14647 req->info.tsf_bssid)))
14648 goto nla_put_failure;
14649
14650 return 0;
14651 nla_put_failure:
14652 return -ENOBUFS;
14653}
14654
14655static int nl80211_prep_scan_msg(struct sk_buff *msg,
14656 struct cfg80211_registered_device *rdev,
14657 struct wireless_dev *wdev,
14658 u32 portid, u32 seq, int flags,
14659 u32 cmd)
14660{
14661 void *hdr;
14662
14663 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
14664 if (!hdr)
14665 return -1;
14666
14667 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14668 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14669 wdev->netdev->ifindex)) ||
14670 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14671 NL80211_ATTR_PAD))
14672 goto nla_put_failure;
14673
14674
14675 nl80211_add_scan_req(msg, rdev);
14676
14677 genlmsg_end(msg, hdr);
14678 return 0;
14679
14680 nla_put_failure:
14681 genlmsg_cancel(msg, hdr);
14682 return -EMSGSIZE;
14683}
14684
14685static int
14686nl80211_prep_sched_scan_msg(struct sk_buff *msg,
14687 struct cfg80211_sched_scan_request *req, u32 cmd)
14688{
14689 void *hdr;
14690
14691 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14692 if (!hdr)
14693 return -1;
14694
14695 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
14696 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
14697 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
14698 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
14699 NL80211_ATTR_PAD))
14700 goto nla_put_failure;
14701
14702 genlmsg_end(msg, hdr);
14703 return 0;
14704
14705 nla_put_failure:
14706 genlmsg_cancel(msg, hdr);
14707 return -EMSGSIZE;
14708}
14709
14710void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
14711 struct wireless_dev *wdev)
14712{
14713 struct sk_buff *msg;
14714
14715 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14716 if (!msg)
14717 return;
14718
14719 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14720 NL80211_CMD_TRIGGER_SCAN) < 0) {
14721 nlmsg_free(msg);
14722 return;
14723 }
14724
14725 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14726 NL80211_MCGRP_SCAN, GFP_KERNEL);
14727}
14728
14729struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
14730 struct wireless_dev *wdev, bool aborted)
14731{
14732 struct sk_buff *msg;
14733
14734 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14735 if (!msg)
14736 return NULL;
14737
14738 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14739 aborted ? NL80211_CMD_SCAN_ABORTED :
14740 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
14741 nlmsg_free(msg);
14742 return NULL;
14743 }
14744
14745 return msg;
14746}
14747
14748
14749void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
14750 struct sk_buff *msg)
14751{
14752 if (!msg)
14753 return;
14754
14755 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14756 NL80211_MCGRP_SCAN, GFP_KERNEL);
14757}
14758
14759void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
14760{
14761 struct sk_buff *msg;
14762
14763 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14764 if (!msg)
14765 return;
14766
14767 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
14768 nlmsg_free(msg);
14769 return;
14770 }
14771
14772 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
14773 NL80211_MCGRP_SCAN, GFP_KERNEL);
14774}
14775
14776static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
14777 struct regulatory_request *request)
14778{
14779
14780 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
14781 goto nla_put_failure;
14782
14783 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
14784 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14785 NL80211_REGDOM_TYPE_WORLD))
14786 goto nla_put_failure;
14787 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
14788 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14789 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
14790 goto nla_put_failure;
14791 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
14792 request->intersect) {
14793 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14794 NL80211_REGDOM_TYPE_INTERSECTION))
14795 goto nla_put_failure;
14796 } else {
14797 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14798 NL80211_REGDOM_TYPE_COUNTRY) ||
14799 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
14800 request->alpha2))
14801 goto nla_put_failure;
14802 }
14803
14804 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
14805 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
14806
14807 if (wiphy &&
14808 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
14809 goto nla_put_failure;
14810
14811 if (wiphy &&
14812 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
14813 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
14814 goto nla_put_failure;
14815 }
14816
14817 return true;
14818
14819nla_put_failure:
14820 return false;
14821}
14822
14823
14824
14825
14826
14827void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
14828 struct regulatory_request *request)
14829{
14830 struct sk_buff *msg;
14831 void *hdr;
14832
14833 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14834 if (!msg)
14835 return;
14836
14837 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
14838 if (!hdr) {
14839 nlmsg_free(msg);
14840 return;
14841 }
14842
14843 if (nl80211_reg_change_event_fill(msg, request) == false)
14844 goto nla_put_failure;
14845
14846 genlmsg_end(msg, hdr);
14847
14848 rcu_read_lock();
14849 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14850 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
14851 rcu_read_unlock();
14852
14853 return;
14854
14855nla_put_failure:
14856 nlmsg_free(msg);
14857}
14858
14859static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
14860 struct net_device *netdev,
14861 const u8 *buf, size_t len,
14862 enum nl80211_commands cmd, gfp_t gfp,
14863 int uapsd_queues, const u8 *req_ies,
14864 size_t req_ies_len)
14865{
14866 struct sk_buff *msg;
14867 void *hdr;
14868
14869 msg = nlmsg_new(100 + len + req_ies_len, gfp);
14870 if (!msg)
14871 return;
14872
14873 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14874 if (!hdr) {
14875 nlmsg_free(msg);
14876 return;
14877 }
14878
14879 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14880 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14881 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14882 (req_ies &&
14883 nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
14884 goto nla_put_failure;
14885
14886 if (uapsd_queues >= 0) {
14887 struct nlattr *nla_wmm =
14888 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
14889 if (!nla_wmm)
14890 goto nla_put_failure;
14891
14892 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
14893 uapsd_queues))
14894 goto nla_put_failure;
14895
14896 nla_nest_end(msg, nla_wmm);
14897 }
14898
14899 genlmsg_end(msg, hdr);
14900
14901 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14902 NL80211_MCGRP_MLME, gfp);
14903 return;
14904
14905 nla_put_failure:
14906 nlmsg_free(msg);
14907}
14908
14909void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
14910 struct net_device *netdev, const u8 *buf,
14911 size_t len, gfp_t gfp)
14912{
14913 nl80211_send_mlme_event(rdev, netdev, buf, len,
14914 NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0);
14915}
14916
14917void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
14918 struct net_device *netdev, const u8 *buf,
14919 size_t len, gfp_t gfp, int uapsd_queues,
14920 const u8 *req_ies, size_t req_ies_len)
14921{
14922 nl80211_send_mlme_event(rdev, netdev, buf, len,
14923 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
14924 req_ies, req_ies_len);
14925}
14926
14927void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
14928 struct net_device *netdev, const u8 *buf,
14929 size_t len, gfp_t gfp)
14930{
14931 nl80211_send_mlme_event(rdev, netdev, buf, len,
14932 NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0);
14933}
14934
14935void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
14936 struct net_device *netdev, const u8 *buf,
14937 size_t len, gfp_t gfp)
14938{
14939 nl80211_send_mlme_event(rdev, netdev, buf, len,
14940 NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0);
14941}
14942
14943void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
14944 size_t len)
14945{
14946 struct wireless_dev *wdev = dev->ieee80211_ptr;
14947 struct wiphy *wiphy = wdev->wiphy;
14948 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14949 const struct ieee80211_mgmt *mgmt = (void *)buf;
14950 u32 cmd;
14951
14952 if (WARN_ON(len < 2))
14953 return;
14954
14955 if (ieee80211_is_deauth(mgmt->frame_control))
14956 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
14957 else
14958 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
14959
14960 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
14961 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
14962 NULL, 0);
14963}
14964EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
14965
14966static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
14967 struct net_device *netdev, int cmd,
14968 const u8 *addr, gfp_t gfp)
14969{
14970 struct sk_buff *msg;
14971 void *hdr;
14972
14973 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14974 if (!msg)
14975 return;
14976
14977 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14978 if (!hdr) {
14979 nlmsg_free(msg);
14980 return;
14981 }
14982
14983 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14984 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14985 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
14986 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
14987 goto nla_put_failure;
14988
14989 genlmsg_end(msg, hdr);
14990
14991 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14992 NL80211_MCGRP_MLME, gfp);
14993 return;
14994
14995 nla_put_failure:
14996 nlmsg_free(msg);
14997}
14998
14999void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
15000 struct net_device *netdev, const u8 *addr,
15001 gfp_t gfp)
15002{
15003 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
15004 addr, gfp);
15005}
15006
15007void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
15008 struct net_device *netdev, const u8 *addr,
15009 gfp_t gfp)
15010{
15011 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
15012 addr, gfp);
15013}
15014
15015void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
15016 struct net_device *netdev,
15017 struct cfg80211_connect_resp_params *cr,
15018 gfp_t gfp)
15019{
15020 struct sk_buff *msg;
15021 void *hdr;
15022
15023 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
15024 cr->fils.kek_len + cr->fils.pmk_len +
15025 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15026 if (!msg)
15027 return;
15028
15029 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
15030 if (!hdr) {
15031 nlmsg_free(msg);
15032 return;
15033 }
15034
15035 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15036 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15037 (cr->bssid &&
15038 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
15039 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
15040 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
15041 cr->status) ||
15042 (cr->status < 0 &&
15043 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15044 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
15045 cr->timeout_reason))) ||
15046 (cr->req_ie &&
15047 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
15048 (cr->resp_ie &&
15049 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
15050 cr->resp_ie)) ||
15051 (cr->fils.update_erp_next_seq_num &&
15052 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15053 cr->fils.erp_next_seq_num)) ||
15054 (cr->status == WLAN_STATUS_SUCCESS &&
15055 ((cr->fils.kek &&
15056 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
15057 cr->fils.kek)) ||
15058 (cr->fils.pmk &&
15059 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
15060 (cr->fils.pmkid &&
15061 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
15062 goto nla_put_failure;
15063
15064 genlmsg_end(msg, hdr);
15065
15066 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15067 NL80211_MCGRP_MLME, gfp);
15068 return;
15069
15070 nla_put_failure:
15071 nlmsg_free(msg);
15072}
15073
15074void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
15075 struct net_device *netdev,
15076 struct cfg80211_roam_info *info, gfp_t gfp)
15077{
15078 struct sk_buff *msg;
15079 void *hdr;
15080 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
15081
15082 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
15083 info->fils.kek_len + info->fils.pmk_len +
15084 (info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15085 if (!msg)
15086 return;
15087
15088 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
15089 if (!hdr) {
15090 nlmsg_free(msg);
15091 return;
15092 }
15093
15094 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15095 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15096 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
15097 (info->req_ie &&
15098 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
15099 info->req_ie)) ||
15100 (info->resp_ie &&
15101 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
15102 info->resp_ie)) ||
15103 (info->fils.update_erp_next_seq_num &&
15104 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15105 info->fils.erp_next_seq_num)) ||
15106 (info->fils.kek &&
15107 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
15108 info->fils.kek)) ||
15109 (info->fils.pmk &&
15110 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
15111 (info->fils.pmkid &&
15112 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
15113 goto nla_put_failure;
15114
15115 genlmsg_end(msg, hdr);
15116
15117 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15118 NL80211_MCGRP_MLME, gfp);
15119 return;
15120
15121 nla_put_failure:
15122 nlmsg_free(msg);
15123}
15124
15125void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
15126 struct net_device *netdev, const u8 *bssid)
15127{
15128 struct sk_buff *msg;
15129 void *hdr;
15130
15131 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15132 if (!msg)
15133 return;
15134
15135 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
15136 if (!hdr) {
15137 nlmsg_free(msg);
15138 return;
15139 }
15140
15141 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15142 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15143 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15144 goto nla_put_failure;
15145
15146 genlmsg_end(msg, hdr);
15147
15148 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15149 NL80211_MCGRP_MLME, GFP_KERNEL);
15150 return;
15151
15152 nla_put_failure:
15153 nlmsg_free(msg);
15154}
15155
15156void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
15157 struct net_device *netdev, u16 reason,
15158 const u8 *ie, size_t ie_len, bool from_ap)
15159{
15160 struct sk_buff *msg;
15161 void *hdr;
15162
15163 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
15164 if (!msg)
15165 return;
15166
15167 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
15168 if (!hdr) {
15169 nlmsg_free(msg);
15170 return;
15171 }
15172
15173 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15174 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15175 (reason &&
15176 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
15177 (from_ap &&
15178 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
15179 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
15180 goto nla_put_failure;
15181
15182 genlmsg_end(msg, hdr);
15183
15184 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15185 NL80211_MCGRP_MLME, GFP_KERNEL);
15186 return;
15187
15188 nla_put_failure:
15189 nlmsg_free(msg);
15190}
15191
15192void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
15193 struct net_device *netdev, const u8 *bssid,
15194 gfp_t gfp)
15195{
15196 struct sk_buff *msg;
15197 void *hdr;
15198
15199 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15200 if (!msg)
15201 return;
15202
15203 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
15204 if (!hdr) {
15205 nlmsg_free(msg);
15206 return;
15207 }
15208
15209 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15210 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15211 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15212 goto nla_put_failure;
15213
15214 genlmsg_end(msg, hdr);
15215
15216 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15217 NL80211_MCGRP_MLME, gfp);
15218 return;
15219
15220 nla_put_failure:
15221 nlmsg_free(msg);
15222}
15223
15224void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
15225 const u8 *ie, u8 ie_len,
15226 int sig_dbm, gfp_t gfp)
15227{
15228 struct wireless_dev *wdev = dev->ieee80211_ptr;
15229 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15230 struct sk_buff *msg;
15231 void *hdr;
15232
15233 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
15234 return;
15235
15236 trace_cfg80211_notify_new_peer_candidate(dev, addr);
15237
15238 msg = nlmsg_new(100 + ie_len, gfp);
15239 if (!msg)
15240 return;
15241
15242 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
15243 if (!hdr) {
15244 nlmsg_free(msg);
15245 return;
15246 }
15247
15248 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15249 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15250 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15251 (ie_len && ie &&
15252 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
15253 (sig_dbm &&
15254 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
15255 goto nla_put_failure;
15256
15257 genlmsg_end(msg, hdr);
15258
15259 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15260 NL80211_MCGRP_MLME, gfp);
15261 return;
15262
15263 nla_put_failure:
15264 nlmsg_free(msg);
15265}
15266EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
15267
15268void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
15269 struct net_device *netdev, const u8 *addr,
15270 enum nl80211_key_type key_type, int key_id,
15271 const u8 *tsc, gfp_t gfp)
15272{
15273 struct sk_buff *msg;
15274 void *hdr;
15275
15276 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15277 if (!msg)
15278 return;
15279
15280 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
15281 if (!hdr) {
15282 nlmsg_free(msg);
15283 return;
15284 }
15285
15286 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15287 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15288 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
15289 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
15290 (key_id != -1 &&
15291 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
15292 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
15293 goto nla_put_failure;
15294
15295 genlmsg_end(msg, hdr);
15296
15297 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15298 NL80211_MCGRP_MLME, gfp);
15299 return;
15300
15301 nla_put_failure:
15302 nlmsg_free(msg);
15303}
15304
15305void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
15306 struct ieee80211_channel *channel_before,
15307 struct ieee80211_channel *channel_after)
15308{
15309 struct sk_buff *msg;
15310 void *hdr;
15311 struct nlattr *nl_freq;
15312
15313 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
15314 if (!msg)
15315 return;
15316
15317 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
15318 if (!hdr) {
15319 nlmsg_free(msg);
15320 return;
15321 }
15322
15323
15324
15325
15326
15327 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
15328 goto nla_put_failure;
15329
15330
15331 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
15332 if (!nl_freq)
15333 goto nla_put_failure;
15334
15335 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
15336 goto nla_put_failure;
15337 nla_nest_end(msg, nl_freq);
15338
15339
15340 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
15341 if (!nl_freq)
15342 goto nla_put_failure;
15343
15344 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
15345 goto nla_put_failure;
15346 nla_nest_end(msg, nl_freq);
15347
15348 genlmsg_end(msg, hdr);
15349
15350 rcu_read_lock();
15351 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15352 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15353 rcu_read_unlock();
15354
15355 return;
15356
15357nla_put_failure:
15358 nlmsg_free(msg);
15359}
15360
15361static void nl80211_send_remain_on_chan_event(
15362 int cmd, struct cfg80211_registered_device *rdev,
15363 struct wireless_dev *wdev, u64 cookie,
15364 struct ieee80211_channel *chan,
15365 unsigned int duration, gfp_t gfp)
15366{
15367 struct sk_buff *msg;
15368 void *hdr;
15369
15370 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15371 if (!msg)
15372 return;
15373
15374 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15375 if (!hdr) {
15376 nlmsg_free(msg);
15377 return;
15378 }
15379
15380 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15381 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15382 wdev->netdev->ifindex)) ||
15383 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15384 NL80211_ATTR_PAD) ||
15385 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
15386 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
15387 NL80211_CHAN_NO_HT) ||
15388 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15389 NL80211_ATTR_PAD))
15390 goto nla_put_failure;
15391
15392 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
15393 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
15394 goto nla_put_failure;
15395
15396 genlmsg_end(msg, hdr);
15397
15398 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15399 NL80211_MCGRP_MLME, gfp);
15400 return;
15401
15402 nla_put_failure:
15403 nlmsg_free(msg);
15404}
15405
15406void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
15407 struct ieee80211_channel *chan,
15408 unsigned int duration, gfp_t gfp)
15409{
15410 struct wiphy *wiphy = wdev->wiphy;
15411 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15412
15413 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
15414 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
15415 rdev, wdev, cookie, chan,
15416 duration, gfp);
15417}
15418EXPORT_SYMBOL(cfg80211_ready_on_channel);
15419
15420void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
15421 struct ieee80211_channel *chan,
15422 gfp_t gfp)
15423{
15424 struct wiphy *wiphy = wdev->wiphy;
15425 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15426
15427 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
15428 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15429 rdev, wdev, cookie, chan, 0, gfp);
15430}
15431EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
15432
15433void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
15434 struct ieee80211_channel *chan,
15435 gfp_t gfp)
15436{
15437 struct wiphy *wiphy = wdev->wiphy;
15438 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15439
15440 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
15441 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
15442 rdev, wdev, cookie, chan, 0, gfp);
15443}
15444EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
15445
15446void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
15447 struct station_info *sinfo, gfp_t gfp)
15448{
15449 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15450 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15451 struct sk_buff *msg;
15452
15453 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
15454
15455 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15456 if (!msg)
15457 return;
15458
15459 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
15460 rdev, dev, mac_addr, sinfo) < 0) {
15461 nlmsg_free(msg);
15462 return;
15463 }
15464
15465 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15466 NL80211_MCGRP_MLME, gfp);
15467}
15468EXPORT_SYMBOL(cfg80211_new_sta);
15469
15470void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
15471 struct station_info *sinfo, gfp_t gfp)
15472{
15473 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15474 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15475 struct sk_buff *msg;
15476 struct station_info empty_sinfo = {};
15477
15478 if (!sinfo)
15479 sinfo = &empty_sinfo;
15480
15481 trace_cfg80211_del_sta(dev, mac_addr);
15482
15483 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15484 if (!msg) {
15485 cfg80211_sinfo_release_content(sinfo);
15486 return;
15487 }
15488
15489 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
15490 rdev, dev, mac_addr, sinfo) < 0) {
15491 nlmsg_free(msg);
15492 return;
15493 }
15494
15495 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15496 NL80211_MCGRP_MLME, gfp);
15497}
15498EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
15499
15500void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
15501 enum nl80211_connect_failed_reason reason,
15502 gfp_t gfp)
15503{
15504 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15505 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15506 struct sk_buff *msg;
15507 void *hdr;
15508
15509 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
15510 if (!msg)
15511 return;
15512
15513 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
15514 if (!hdr) {
15515 nlmsg_free(msg);
15516 return;
15517 }
15518
15519 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15520 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
15521 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
15522 goto nla_put_failure;
15523
15524 genlmsg_end(msg, hdr);
15525
15526 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15527 NL80211_MCGRP_MLME, gfp);
15528 return;
15529
15530 nla_put_failure:
15531 nlmsg_free(msg);
15532}
15533EXPORT_SYMBOL(cfg80211_conn_failed);
15534
15535static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
15536 const u8 *addr, gfp_t gfp)
15537{
15538 struct wireless_dev *wdev = dev->ieee80211_ptr;
15539 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15540 struct sk_buff *msg;
15541 void *hdr;
15542 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
15543
15544 if (!nlportid)
15545 return false;
15546
15547 msg = nlmsg_new(100, gfp);
15548 if (!msg)
15549 return true;
15550
15551 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15552 if (!hdr) {
15553 nlmsg_free(msg);
15554 return true;
15555 }
15556
15557 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15558 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15559 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
15560 goto nla_put_failure;
15561
15562 genlmsg_end(msg, hdr);
15563 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15564 return true;
15565
15566 nla_put_failure:
15567 nlmsg_free(msg);
15568 return true;
15569}
15570
15571bool cfg80211_rx_spurious_frame(struct net_device *dev,
15572 const u8 *addr, gfp_t gfp)
15573{
15574 struct wireless_dev *wdev = dev->ieee80211_ptr;
15575 bool ret;
15576
15577 trace_cfg80211_rx_spurious_frame(dev, addr);
15578
15579 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15580 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
15581 trace_cfg80211_return_bool(false);
15582 return false;
15583 }
15584 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
15585 addr, gfp);
15586 trace_cfg80211_return_bool(ret);
15587 return ret;
15588}
15589EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
15590
15591bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
15592 const u8 *addr, gfp_t gfp)
15593{
15594 struct wireless_dev *wdev = dev->ieee80211_ptr;
15595 bool ret;
15596
15597 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
15598
15599 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15600 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
15601 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
15602 trace_cfg80211_return_bool(false);
15603 return false;
15604 }
15605 ret = __nl80211_unexpected_frame(dev,
15606 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
15607 addr, gfp);
15608 trace_cfg80211_return_bool(ret);
15609 return ret;
15610}
15611EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
15612
15613int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
15614 struct wireless_dev *wdev, u32 nlportid,
15615 int freq, int sig_dbm,
15616 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
15617{
15618 struct net_device *netdev = wdev->netdev;
15619 struct sk_buff *msg;
15620 void *hdr;
15621
15622 msg = nlmsg_new(100 + len, gfp);
15623 if (!msg)
15624 return -ENOMEM;
15625
15626 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
15627 if (!hdr) {
15628 nlmsg_free(msg);
15629 return -ENOMEM;
15630 }
15631
15632 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15633 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15634 netdev->ifindex)) ||
15635 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15636 NL80211_ATTR_PAD) ||
15637 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
15638 (sig_dbm &&
15639 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
15640 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15641 (flags &&
15642 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
15643 goto nla_put_failure;
15644
15645 genlmsg_end(msg, hdr);
15646
15647 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15648
15649 nla_put_failure:
15650 nlmsg_free(msg);
15651 return -ENOBUFS;
15652}
15653
15654void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
15655 const u8 *buf, size_t len, bool ack, gfp_t gfp)
15656{
15657 struct wiphy *wiphy = wdev->wiphy;
15658 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15659 struct net_device *netdev = wdev->netdev;
15660 struct sk_buff *msg;
15661 void *hdr;
15662
15663 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
15664
15665 msg = nlmsg_new(100 + len, gfp);
15666 if (!msg)
15667 return;
15668
15669 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
15670 if (!hdr) {
15671 nlmsg_free(msg);
15672 return;
15673 }
15674
15675 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15676 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15677 netdev->ifindex)) ||
15678 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15679 NL80211_ATTR_PAD) ||
15680 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15681 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15682 NL80211_ATTR_PAD) ||
15683 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
15684 goto nla_put_failure;
15685
15686 genlmsg_end(msg, hdr);
15687
15688 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15689 NL80211_MCGRP_MLME, gfp);
15690 return;
15691
15692 nla_put_failure:
15693 nlmsg_free(msg);
15694}
15695EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
15696
15697static int __nl80211_rx_control_port(struct net_device *dev,
15698 struct sk_buff *skb,
15699 bool unencrypted, gfp_t gfp)
15700{
15701 struct wireless_dev *wdev = dev->ieee80211_ptr;
15702 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15703 struct ethhdr *ehdr = eth_hdr(skb);
15704 const u8 *addr = ehdr->h_source;
15705 u16 proto = be16_to_cpu(skb->protocol);
15706 struct sk_buff *msg;
15707 void *hdr;
15708 struct nlattr *frame;
15709
15710 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
15711
15712 if (!nlportid)
15713 return -ENOENT;
15714
15715 msg = nlmsg_new(100 + skb->len, gfp);
15716 if (!msg)
15717 return -ENOMEM;
15718
15719 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
15720 if (!hdr) {
15721 nlmsg_free(msg);
15722 return -ENOBUFS;
15723 }
15724
15725 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15726 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15727 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15728 NL80211_ATTR_PAD) ||
15729 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15730 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
15731 (unencrypted && nla_put_flag(msg,
15732 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
15733 goto nla_put_failure;
15734
15735 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
15736 if (!frame)
15737 goto nla_put_failure;
15738
15739 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
15740 genlmsg_end(msg, hdr);
15741
15742 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15743
15744 nla_put_failure:
15745 nlmsg_free(msg);
15746 return -ENOBUFS;
15747}
15748
15749bool cfg80211_rx_control_port(struct net_device *dev,
15750 struct sk_buff *skb, bool unencrypted)
15751{
15752 int ret;
15753
15754 trace_cfg80211_rx_control_port(dev, skb, unencrypted);
15755 ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
15756 trace_cfg80211_return_bool(ret == 0);
15757 return ret == 0;
15758}
15759EXPORT_SYMBOL(cfg80211_rx_control_port);
15760
15761static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
15762 const char *mac, gfp_t gfp)
15763{
15764 struct wireless_dev *wdev = dev->ieee80211_ptr;
15765 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15766 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15767 void **cb;
15768
15769 if (!msg)
15770 return NULL;
15771
15772 cb = (void **)msg->cb;
15773
15774 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
15775 if (!cb[0]) {
15776 nlmsg_free(msg);
15777 return NULL;
15778 }
15779
15780 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15781 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15782 goto nla_put_failure;
15783
15784 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
15785 goto nla_put_failure;
15786
15787 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
15788 if (!cb[1])
15789 goto nla_put_failure;
15790
15791 cb[2] = rdev;
15792
15793 return msg;
15794 nla_put_failure:
15795 nlmsg_free(msg);
15796 return NULL;
15797}
15798
15799static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
15800{
15801 void **cb = (void **)msg->cb;
15802 struct cfg80211_registered_device *rdev = cb[2];
15803
15804 nla_nest_end(msg, cb[1]);
15805 genlmsg_end(msg, cb[0]);
15806
15807 memset(msg->cb, 0, sizeof(msg->cb));
15808
15809 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15810 NL80211_MCGRP_MLME, gfp);
15811}
15812
15813void cfg80211_cqm_rssi_notify(struct net_device *dev,
15814 enum nl80211_cqm_rssi_threshold_event rssi_event,
15815 s32 rssi_level, gfp_t gfp)
15816{
15817 struct sk_buff *msg;
15818 struct wireless_dev *wdev = dev->ieee80211_ptr;
15819 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15820
15821 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
15822
15823 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
15824 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
15825 return;
15826
15827 if (wdev->cqm_config) {
15828 wdev->cqm_config->last_rssi_event_value = rssi_level;
15829
15830 cfg80211_cqm_rssi_update(rdev, dev);
15831
15832 if (rssi_level == 0)
15833 rssi_level = wdev->cqm_config->last_rssi_event_value;
15834 }
15835
15836 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
15837 if (!msg)
15838 return;
15839
15840 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
15841 rssi_event))
15842 goto nla_put_failure;
15843
15844 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
15845 rssi_level))
15846 goto nla_put_failure;
15847
15848 cfg80211_send_cqm(msg, gfp);
15849
15850 return;
15851
15852 nla_put_failure:
15853 nlmsg_free(msg);
15854}
15855EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
15856
15857void cfg80211_cqm_txe_notify(struct net_device *dev,
15858 const u8 *peer, u32 num_packets,
15859 u32 rate, u32 intvl, gfp_t gfp)
15860{
15861 struct sk_buff *msg;
15862
15863 msg = cfg80211_prepare_cqm(dev, peer, gfp);
15864 if (!msg)
15865 return;
15866
15867 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
15868 goto nla_put_failure;
15869
15870 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
15871 goto nla_put_failure;
15872
15873 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
15874 goto nla_put_failure;
15875
15876 cfg80211_send_cqm(msg, gfp);
15877 return;
15878
15879 nla_put_failure:
15880 nlmsg_free(msg);
15881}
15882EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
15883
15884void cfg80211_cqm_pktloss_notify(struct net_device *dev,
15885 const u8 *peer, u32 num_packets, gfp_t gfp)
15886{
15887 struct sk_buff *msg;
15888
15889 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
15890
15891 msg = cfg80211_prepare_cqm(dev, peer, gfp);
15892 if (!msg)
15893 return;
15894
15895 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
15896 goto nla_put_failure;
15897
15898 cfg80211_send_cqm(msg, gfp);
15899 return;
15900
15901 nla_put_failure:
15902 nlmsg_free(msg);
15903}
15904EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
15905
15906void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
15907{
15908 struct sk_buff *msg;
15909
15910 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
15911 if (!msg)
15912 return;
15913
15914 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
15915 goto nla_put_failure;
15916
15917 cfg80211_send_cqm(msg, gfp);
15918 return;
15919
15920 nla_put_failure:
15921 nlmsg_free(msg);
15922}
15923EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
15924
15925static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
15926 struct net_device *netdev, const u8 *bssid,
15927 const u8 *replay_ctr, gfp_t gfp)
15928{
15929 struct sk_buff *msg;
15930 struct nlattr *rekey_attr;
15931 void *hdr;
15932
15933 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15934 if (!msg)
15935 return;
15936
15937 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
15938 if (!hdr) {
15939 nlmsg_free(msg);
15940 return;
15941 }
15942
15943 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15944 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15945 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15946 goto nla_put_failure;
15947
15948 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
15949 if (!rekey_attr)
15950 goto nla_put_failure;
15951
15952 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
15953 NL80211_REPLAY_CTR_LEN, replay_ctr))
15954 goto nla_put_failure;
15955
15956 nla_nest_end(msg, rekey_attr);
15957
15958 genlmsg_end(msg, hdr);
15959
15960 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15961 NL80211_MCGRP_MLME, gfp);
15962 return;
15963
15964 nla_put_failure:
15965 nlmsg_free(msg);
15966}
15967
15968void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
15969 const u8 *replay_ctr, gfp_t gfp)
15970{
15971 struct wireless_dev *wdev = dev->ieee80211_ptr;
15972 struct wiphy *wiphy = wdev->wiphy;
15973 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15974
15975 trace_cfg80211_gtk_rekey_notify(dev, bssid);
15976 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
15977}
15978EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
15979
15980static void
15981nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
15982 struct net_device *netdev, int index,
15983 const u8 *bssid, bool preauth, gfp_t gfp)
15984{
15985 struct sk_buff *msg;
15986 struct nlattr *attr;
15987 void *hdr;
15988
15989 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15990 if (!msg)
15991 return;
15992
15993 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
15994 if (!hdr) {
15995 nlmsg_free(msg);
15996 return;
15997 }
15998
15999 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16000 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16001 goto nla_put_failure;
16002
16003 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
16004 if (!attr)
16005 goto nla_put_failure;
16006
16007 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
16008 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
16009 (preauth &&
16010 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
16011 goto nla_put_failure;
16012
16013 nla_nest_end(msg, attr);
16014
16015 genlmsg_end(msg, hdr);
16016
16017 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16018 NL80211_MCGRP_MLME, gfp);
16019 return;
16020
16021 nla_put_failure:
16022 nlmsg_free(msg);
16023}
16024
16025void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
16026 const u8 *bssid, bool preauth, gfp_t gfp)
16027{
16028 struct wireless_dev *wdev = dev->ieee80211_ptr;
16029 struct wiphy *wiphy = wdev->wiphy;
16030 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16031
16032 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
16033 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
16034}
16035EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
16036
16037static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
16038 struct net_device *netdev,
16039 struct cfg80211_chan_def *chandef,
16040 gfp_t gfp,
16041 enum nl80211_commands notif,
16042 u8 count)
16043{
16044 struct sk_buff *msg;
16045 void *hdr;
16046
16047 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16048 if (!msg)
16049 return;
16050
16051 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
16052 if (!hdr) {
16053 nlmsg_free(msg);
16054 return;
16055 }
16056
16057 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16058 goto nla_put_failure;
16059
16060 if (nl80211_send_chandef(msg, chandef))
16061 goto nla_put_failure;
16062
16063 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
16064 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
16065 goto nla_put_failure;
16066
16067 genlmsg_end(msg, hdr);
16068
16069 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16070 NL80211_MCGRP_MLME, gfp);
16071 return;
16072
16073 nla_put_failure:
16074 nlmsg_free(msg);
16075}
16076
16077void cfg80211_ch_switch_notify(struct net_device *dev,
16078 struct cfg80211_chan_def *chandef)
16079{
16080 struct wireless_dev *wdev = dev->ieee80211_ptr;
16081 struct wiphy *wiphy = wdev->wiphy;
16082 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16083
16084 ASSERT_WDEV_LOCK(wdev);
16085
16086 trace_cfg80211_ch_switch_notify(dev, chandef);
16087
16088 wdev->chandef = *chandef;
16089 wdev->preset_chandef = *chandef;
16090
16091 if (wdev->iftype == NL80211_IFTYPE_STATION &&
16092 !WARN_ON(!wdev->current_bss))
16093 wdev->current_bss->pub.channel = chandef->chan;
16094
16095 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16096 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
16097}
16098EXPORT_SYMBOL(cfg80211_ch_switch_notify);
16099
16100void cfg80211_ch_switch_started_notify(struct net_device *dev,
16101 struct cfg80211_chan_def *chandef,
16102 u8 count)
16103{
16104 struct wireless_dev *wdev = dev->ieee80211_ptr;
16105 struct wiphy *wiphy = wdev->wiphy;
16106 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16107
16108 trace_cfg80211_ch_switch_started_notify(dev, chandef);
16109
16110 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16111 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
16112}
16113EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
16114
16115void
16116nl80211_radar_notify(struct cfg80211_registered_device *rdev,
16117 const struct cfg80211_chan_def *chandef,
16118 enum nl80211_radar_event event,
16119 struct net_device *netdev, gfp_t gfp)
16120{
16121 struct sk_buff *msg;
16122 void *hdr;
16123
16124 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16125 if (!msg)
16126 return;
16127
16128 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
16129 if (!hdr) {
16130 nlmsg_free(msg);
16131 return;
16132 }
16133
16134 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16135 goto nla_put_failure;
16136
16137
16138 if (netdev) {
16139 struct wireless_dev *wdev = netdev->ieee80211_ptr;
16140
16141 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16142 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16143 NL80211_ATTR_PAD))
16144 goto nla_put_failure;
16145 }
16146
16147 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
16148 goto nla_put_failure;
16149
16150 if (nl80211_send_chandef(msg, chandef))
16151 goto nla_put_failure;
16152
16153 genlmsg_end(msg, hdr);
16154
16155 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16156 NL80211_MCGRP_MLME, gfp);
16157 return;
16158
16159 nla_put_failure:
16160 nlmsg_free(msg);
16161}
16162
16163void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
16164 struct sta_opmode_info *sta_opmode,
16165 gfp_t gfp)
16166{
16167 struct sk_buff *msg;
16168 struct wireless_dev *wdev = dev->ieee80211_ptr;
16169 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16170 void *hdr;
16171
16172 if (WARN_ON(!mac))
16173 return;
16174
16175 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16176 if (!msg)
16177 return;
16178
16179 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
16180 if (!hdr) {
16181 nlmsg_free(msg);
16182 return;
16183 }
16184
16185 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16186 goto nla_put_failure;
16187
16188 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16189 goto nla_put_failure;
16190
16191 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
16192 goto nla_put_failure;
16193
16194 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
16195 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
16196 goto nla_put_failure;
16197
16198 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
16199 nla_put_u8(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
16200 goto nla_put_failure;
16201
16202 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
16203 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
16204 goto nla_put_failure;
16205
16206 genlmsg_end(msg, hdr);
16207
16208 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16209 NL80211_MCGRP_MLME, gfp);
16210
16211 return;
16212
16213nla_put_failure:
16214 nlmsg_free(msg);
16215}
16216EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
16217
16218void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
16219 u64 cookie, bool acked, s32 ack_signal,
16220 bool is_valid_ack_signal, gfp_t gfp)
16221{
16222 struct wireless_dev *wdev = dev->ieee80211_ptr;
16223 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16224 struct sk_buff *msg;
16225 void *hdr;
16226
16227 trace_cfg80211_probe_status(dev, addr, cookie, acked);
16228
16229 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16230
16231 if (!msg)
16232 return;
16233
16234 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
16235 if (!hdr) {
16236 nlmsg_free(msg);
16237 return;
16238 }
16239
16240 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16241 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16242 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16243 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16244 NL80211_ATTR_PAD) ||
16245 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
16246 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
16247 ack_signal)))
16248 goto nla_put_failure;
16249
16250 genlmsg_end(msg, hdr);
16251
16252 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16253 NL80211_MCGRP_MLME, gfp);
16254 return;
16255
16256 nla_put_failure:
16257 nlmsg_free(msg);
16258}
16259EXPORT_SYMBOL(cfg80211_probe_status);
16260
16261void cfg80211_report_obss_beacon(struct wiphy *wiphy,
16262 const u8 *frame, size_t len,
16263 int freq, int sig_dbm)
16264{
16265 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16266 struct sk_buff *msg;
16267 void *hdr;
16268 struct cfg80211_beacon_registration *reg;
16269
16270 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
16271
16272 spin_lock_bh(&rdev->beacon_registrations_lock);
16273 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
16274 msg = nlmsg_new(len + 100, GFP_ATOMIC);
16275 if (!msg) {
16276 spin_unlock_bh(&rdev->beacon_registrations_lock);
16277 return;
16278 }
16279
16280 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16281 if (!hdr)
16282 goto nla_put_failure;
16283
16284 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16285 (freq &&
16286 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
16287 (sig_dbm &&
16288 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16289 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
16290 goto nla_put_failure;
16291
16292 genlmsg_end(msg, hdr);
16293
16294 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
16295 }
16296 spin_unlock_bh(&rdev->beacon_registrations_lock);
16297 return;
16298
16299 nla_put_failure:
16300 spin_unlock_bh(&rdev->beacon_registrations_lock);
16301 nlmsg_free(msg);
16302}
16303EXPORT_SYMBOL(cfg80211_report_obss_beacon);
16304
16305#ifdef CONFIG_PM
16306static int cfg80211_net_detect_results(struct sk_buff *msg,
16307 struct cfg80211_wowlan_wakeup *wakeup)
16308{
16309 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
16310 struct nlattr *nl_results, *nl_match, *nl_freqs;
16311 int i, j;
16312
16313 nl_results = nla_nest_start_noflag(msg,
16314 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
16315 if (!nl_results)
16316 return -EMSGSIZE;
16317
16318 for (i = 0; i < nd->n_matches; i++) {
16319 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
16320
16321 nl_match = nla_nest_start_noflag(msg, i);
16322 if (!nl_match)
16323 break;
16324
16325
16326
16327
16328
16329
16330
16331
16332 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
16333 match->ssid.ssid)) {
16334 nla_nest_cancel(msg, nl_match);
16335 goto out;
16336 }
16337
16338 if (match->n_channels) {
16339 nl_freqs = nla_nest_start_noflag(msg,
16340 NL80211_ATTR_SCAN_FREQUENCIES);
16341 if (!nl_freqs) {
16342 nla_nest_cancel(msg, nl_match);
16343 goto out;
16344 }
16345
16346 for (j = 0; j < match->n_channels; j++) {
16347 if (nla_put_u32(msg, j, match->channels[j])) {
16348 nla_nest_cancel(msg, nl_freqs);
16349 nla_nest_cancel(msg, nl_match);
16350 goto out;
16351 }
16352 }
16353
16354 nla_nest_end(msg, nl_freqs);
16355 }
16356
16357 nla_nest_end(msg, nl_match);
16358 }
16359
16360out:
16361 nla_nest_end(msg, nl_results);
16362 return 0;
16363}
16364
16365void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
16366 struct cfg80211_wowlan_wakeup *wakeup,
16367 gfp_t gfp)
16368{
16369 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16370 struct sk_buff *msg;
16371 void *hdr;
16372 int size = 200;
16373
16374 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
16375
16376 if (wakeup)
16377 size += wakeup->packet_present_len;
16378
16379 msg = nlmsg_new(size, gfp);
16380 if (!msg)
16381 return;
16382
16383 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
16384 if (!hdr)
16385 goto free_msg;
16386
16387 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16388 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16389 NL80211_ATTR_PAD))
16390 goto free_msg;
16391
16392 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16393 wdev->netdev->ifindex))
16394 goto free_msg;
16395
16396 if (wakeup) {
16397 struct nlattr *reasons;
16398
16399 reasons = nla_nest_start_noflag(msg,
16400 NL80211_ATTR_WOWLAN_TRIGGERS);
16401 if (!reasons)
16402 goto free_msg;
16403
16404 if (wakeup->disconnect &&
16405 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
16406 goto free_msg;
16407 if (wakeup->magic_pkt &&
16408 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
16409 goto free_msg;
16410 if (wakeup->gtk_rekey_failure &&
16411 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
16412 goto free_msg;
16413 if (wakeup->eap_identity_req &&
16414 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
16415 goto free_msg;
16416 if (wakeup->four_way_handshake &&
16417 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
16418 goto free_msg;
16419 if (wakeup->rfkill_release &&
16420 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
16421 goto free_msg;
16422
16423 if (wakeup->pattern_idx >= 0 &&
16424 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
16425 wakeup->pattern_idx))
16426 goto free_msg;
16427
16428 if (wakeup->tcp_match &&
16429 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
16430 goto free_msg;
16431
16432 if (wakeup->tcp_connlost &&
16433 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
16434 goto free_msg;
16435
16436 if (wakeup->tcp_nomoretokens &&
16437 nla_put_flag(msg,
16438 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
16439 goto free_msg;
16440
16441 if (wakeup->packet) {
16442 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
16443 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
16444
16445 if (!wakeup->packet_80211) {
16446 pkt_attr =
16447 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
16448 len_attr =
16449 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
16450 }
16451
16452 if (wakeup->packet_len &&
16453 nla_put_u32(msg, len_attr, wakeup->packet_len))
16454 goto free_msg;
16455
16456 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
16457 wakeup->packet))
16458 goto free_msg;
16459 }
16460
16461 if (wakeup->net_detect &&
16462 cfg80211_net_detect_results(msg, wakeup))
16463 goto free_msg;
16464
16465 nla_nest_end(msg, reasons);
16466 }
16467
16468 genlmsg_end(msg, hdr);
16469
16470 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16471 NL80211_MCGRP_MLME, gfp);
16472 return;
16473
16474 free_msg:
16475 nlmsg_free(msg);
16476}
16477EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
16478#endif
16479
16480void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
16481 enum nl80211_tdls_operation oper,
16482 u16 reason_code, gfp_t gfp)
16483{
16484 struct wireless_dev *wdev = dev->ieee80211_ptr;
16485 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16486 struct sk_buff *msg;
16487 void *hdr;
16488
16489 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
16490 reason_code);
16491
16492 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16493 if (!msg)
16494 return;
16495
16496 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
16497 if (!hdr) {
16498 nlmsg_free(msg);
16499 return;
16500 }
16501
16502 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16503 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16504 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
16505 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
16506 (reason_code > 0 &&
16507 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
16508 goto nla_put_failure;
16509
16510 genlmsg_end(msg, hdr);
16511
16512 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16513 NL80211_MCGRP_MLME, gfp);
16514 return;
16515
16516 nla_put_failure:
16517 nlmsg_free(msg);
16518}
16519EXPORT_SYMBOL(cfg80211_tdls_oper_request);
16520
16521static int nl80211_netlink_notify(struct notifier_block * nb,
16522 unsigned long state,
16523 void *_notify)
16524{
16525 struct netlink_notify *notify = _notify;
16526 struct cfg80211_registered_device *rdev;
16527 struct wireless_dev *wdev;
16528 struct cfg80211_beacon_registration *reg, *tmp;
16529
16530 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
16531 return NOTIFY_DONE;
16532
16533 rcu_read_lock();
16534
16535 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
16536 struct cfg80211_sched_scan_request *sched_scan_req;
16537
16538 list_for_each_entry_rcu(sched_scan_req,
16539 &rdev->sched_scan_req_list,
16540 list) {
16541 if (sched_scan_req->owner_nlportid == notify->portid) {
16542 sched_scan_req->nl_owner_dead = true;
16543 schedule_work(&rdev->sched_scan_stop_wk);
16544 }
16545 }
16546
16547 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
16548 cfg80211_mlme_unregister_socket(wdev, notify->portid);
16549
16550 if (wdev->owner_nlportid == notify->portid) {
16551 wdev->nl_owner_dead = true;
16552 schedule_work(&rdev->destroy_work);
16553 } else if (wdev->conn_owner_nlportid == notify->portid) {
16554 schedule_work(&wdev->disconnect_wk);
16555 }
16556
16557 cfg80211_release_pmsr(wdev, notify->portid);
16558 }
16559
16560 spin_lock_bh(&rdev->beacon_registrations_lock);
16561 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
16562 list) {
16563 if (reg->nlportid == notify->portid) {
16564 list_del(®->list);
16565 kfree(reg);
16566 break;
16567 }
16568 }
16569 spin_unlock_bh(&rdev->beacon_registrations_lock);
16570 }
16571
16572 rcu_read_unlock();
16573
16574
16575
16576
16577
16578 regulatory_netlink_notify(notify->portid);
16579 return NOTIFY_OK;
16580}
16581
16582static struct notifier_block nl80211_netlink_notifier = {
16583 .notifier_call = nl80211_netlink_notify,
16584};
16585
16586void cfg80211_ft_event(struct net_device *netdev,
16587 struct cfg80211_ft_event_params *ft_event)
16588{
16589 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16590 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16591 struct sk_buff *msg;
16592 void *hdr;
16593
16594 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
16595
16596 if (!ft_event->target_ap)
16597 return;
16598
16599 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
16600 GFP_KERNEL);
16601 if (!msg)
16602 return;
16603
16604 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
16605 if (!hdr)
16606 goto out;
16607
16608 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16609 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16610 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
16611 goto out;
16612
16613 if (ft_event->ies &&
16614 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
16615 goto out;
16616 if (ft_event->ric_ies &&
16617 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
16618 ft_event->ric_ies))
16619 goto out;
16620
16621 genlmsg_end(msg, hdr);
16622
16623 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16624 NL80211_MCGRP_MLME, GFP_KERNEL);
16625 return;
16626 out:
16627 nlmsg_free(msg);
16628}
16629EXPORT_SYMBOL(cfg80211_ft_event);
16630
16631void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
16632{
16633 struct cfg80211_registered_device *rdev;
16634 struct sk_buff *msg;
16635 void *hdr;
16636 u32 nlportid;
16637
16638 rdev = wiphy_to_rdev(wdev->wiphy);
16639 if (!rdev->crit_proto_nlportid)
16640 return;
16641
16642 nlportid = rdev->crit_proto_nlportid;
16643 rdev->crit_proto_nlportid = 0;
16644
16645 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16646 if (!msg)
16647 return;
16648
16649 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
16650 if (!hdr)
16651 goto nla_put_failure;
16652
16653 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16654 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16655 NL80211_ATTR_PAD))
16656 goto nla_put_failure;
16657
16658 genlmsg_end(msg, hdr);
16659
16660 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16661 return;
16662
16663 nla_put_failure:
16664 nlmsg_free(msg);
16665}
16666EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
16667
16668void nl80211_send_ap_stopped(struct wireless_dev *wdev)
16669{
16670 struct wiphy *wiphy = wdev->wiphy;
16671 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16672 struct sk_buff *msg;
16673 void *hdr;
16674
16675 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16676 if (!msg)
16677 return;
16678
16679 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
16680 if (!hdr)
16681 goto out;
16682
16683 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16684 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
16685 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16686 NL80211_ATTR_PAD))
16687 goto out;
16688
16689 genlmsg_end(msg, hdr);
16690
16691 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
16692 NL80211_MCGRP_MLME, GFP_KERNEL);
16693 return;
16694 out:
16695 nlmsg_free(msg);
16696}
16697
16698int cfg80211_external_auth_request(struct net_device *dev,
16699 struct cfg80211_external_auth_params *params,
16700 gfp_t gfp)
16701{
16702 struct wireless_dev *wdev = dev->ieee80211_ptr;
16703 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16704 struct sk_buff *msg;
16705 void *hdr;
16706
16707 if (!wdev->conn_owner_nlportid)
16708 return -EINVAL;
16709
16710 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16711 if (!msg)
16712 return -ENOMEM;
16713
16714 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
16715 if (!hdr)
16716 goto nla_put_failure;
16717
16718 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16719 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16720 nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
16721 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
16722 params->action) ||
16723 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
16724 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
16725 params->ssid.ssid))
16726 goto nla_put_failure;
16727
16728 genlmsg_end(msg, hdr);
16729 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
16730 wdev->conn_owner_nlportid);
16731 return 0;
16732
16733 nla_put_failure:
16734 nlmsg_free(msg);
16735 return -ENOBUFS;
16736}
16737EXPORT_SYMBOL(cfg80211_external_auth_request);
16738
16739void cfg80211_update_owe_info_event(struct net_device *netdev,
16740 struct cfg80211_update_owe_info *owe_info,
16741 gfp_t gfp)
16742{
16743 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16744 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16745 struct sk_buff *msg;
16746 void *hdr;
16747
16748 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
16749
16750 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16751 if (!msg)
16752 return;
16753
16754 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
16755 if (!hdr)
16756 goto nla_put_failure;
16757
16758 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16759 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16760 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
16761 goto nla_put_failure;
16762
16763 if (!owe_info->ie_len ||
16764 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
16765 goto nla_put_failure;
16766
16767 genlmsg_end(msg, hdr);
16768
16769 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16770 NL80211_MCGRP_MLME, gfp);
16771 return;
16772
16773nla_put_failure:
16774 genlmsg_cancel(msg, hdr);
16775 nlmsg_free(msg);
16776}
16777EXPORT_SYMBOL(cfg80211_update_owe_info_event);
16778
16779
16780
16781int __init nl80211_init(void)
16782{
16783 int err;
16784
16785 err = genl_register_family(&nl80211_fam);
16786 if (err)
16787 return err;
16788
16789 err = netlink_register_notifier(&nl80211_netlink_notifier);
16790 if (err)
16791 goto err_out;
16792
16793 return 0;
16794 err_out:
16795 genl_unregister_family(&nl80211_fam);
16796 return err;
16797}
16798
16799void nl80211_exit(void)
16800{
16801 netlink_unregister_notifier(&nl80211_netlink_notifier);
16802 genl_unregister_family(&nl80211_fam);
16803}
16804
