1
2
3
4
5
6
7
8
9#include <linux/if.h>
10#include <linux/module.h>
11#include <linux/err.h>
12#include <linux/slab.h>
13#include <linux/list.h>
14#include <linux/if_ether.h>
15#include <linux/ieee80211.h>
16#include <linux/nl80211.h>
17#include <linux/rtnetlink.h>
18#include <linux/netlink.h>
19#include <linux/etherdevice.h>
20#include <net/net_namespace.h>
21#include <net/genetlink.h>
22#include <net/cfg80211.h>
23#include <net/sock.h>
24#include <net/inet_connection_sock.h>
25#include "core.h"
26#include "nl80211.h"
27#include "reg.h"
28#include "rdev-ops.h"
29
30static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
31 struct genl_info *info,
32 struct cfg80211_crypto_settings *settings,
33 int cipher_limit);
34
35static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
36 struct genl_info *info);
37static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
38 struct genl_info *info);
39
40
41static struct genl_family nl80211_fam = {
42 .id = GENL_ID_GENERATE,
43 .name = NL80211_GENL_NAME,
44 .hdrsize = 0,
45 .version = 1,
46 .maxattr = NL80211_ATTR_MAX,
47 .netnsok = true,
48 .pre_doit = nl80211_pre_doit,
49 .post_doit = nl80211_post_doit,
50};
51
52
53enum nl80211_multicast_groups {
54 NL80211_MCGRP_CONFIG,
55 NL80211_MCGRP_SCAN,
56 NL80211_MCGRP_REGULATORY,
57 NL80211_MCGRP_MLME,
58 NL80211_MCGRP_VENDOR,
59 NL80211_MCGRP_TESTMODE
60};
61
62static const struct genl_multicast_group nl80211_mcgrps[] = {
63 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
64 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
65 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
66 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
67 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
68#ifdef CONFIG_NL80211_TESTMODE
69 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
70#endif
71};
72
73
74static struct wireless_dev *
75__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
76{
77 struct cfg80211_registered_device *rdev;
78 struct wireless_dev *result = NULL;
79 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
80 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
81 u64 wdev_id;
82 int wiphy_idx = -1;
83 int ifidx = -1;
84
85 ASSERT_RTNL();
86
87 if (!have_ifidx && !have_wdev_id)
88 return ERR_PTR(-EINVAL);
89
90 if (have_ifidx)
91 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
92 if (have_wdev_id) {
93 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
94 wiphy_idx = wdev_id >> 32;
95 }
96
97 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
98 struct wireless_dev *wdev;
99
100 if (wiphy_net(&rdev->wiphy) != netns)
101 continue;
102
103 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
104 continue;
105
106 list_for_each_entry(wdev, &rdev->wdev_list, list) {
107 if (have_ifidx && wdev->netdev &&
108 wdev->netdev->ifindex == ifidx) {
109 result = wdev;
110 break;
111 }
112 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
113 result = wdev;
114 break;
115 }
116 }
117
118 if (result)
119 break;
120 }
121
122 if (result)
123 return result;
124 return ERR_PTR(-ENODEV);
125}
126
127static struct cfg80211_registered_device *
128__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
129{
130 struct cfg80211_registered_device *rdev = NULL, *tmp;
131 struct net_device *netdev;
132
133 ASSERT_RTNL();
134
135 if (!attrs[NL80211_ATTR_WIPHY] &&
136 !attrs[NL80211_ATTR_IFINDEX] &&
137 !attrs[NL80211_ATTR_WDEV])
138 return ERR_PTR(-EINVAL);
139
140 if (attrs[NL80211_ATTR_WIPHY])
141 rdev = cfg80211_rdev_by_wiphy_idx(
142 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
143
144 if (attrs[NL80211_ATTR_WDEV]) {
145 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
146 struct wireless_dev *wdev;
147 bool found = false;
148
149 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
150 if (tmp) {
151
152 list_for_each_entry(wdev, &tmp->wdev_list, list) {
153 if (wdev->identifier != (u32)wdev_id)
154 continue;
155 found = true;
156 break;
157 }
158
159 if (!found)
160 tmp = NULL;
161
162 if (rdev && tmp != rdev)
163 return ERR_PTR(-EINVAL);
164 rdev = tmp;
165 }
166 }
167
168 if (attrs[NL80211_ATTR_IFINDEX]) {
169 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
170 netdev = __dev_get_by_index(netns, ifindex);
171 if (netdev) {
172 if (netdev->ieee80211_ptr)
173 tmp = wiphy_to_rdev(
174 netdev->ieee80211_ptr->wiphy);
175 else
176 tmp = NULL;
177
178
179 if (!tmp)
180 return ERR_PTR(-EINVAL);
181
182
183 if (rdev && tmp != rdev)
184 return ERR_PTR(-EINVAL);
185
186 rdev = tmp;
187 }
188 }
189
190 if (!rdev)
191 return ERR_PTR(-ENODEV);
192
193 if (netns != wiphy_net(&rdev->wiphy))
194 return ERR_PTR(-ENODEV);
195
196 return rdev;
197}
198
199
200
201
202
203
204
205
206static struct cfg80211_registered_device *
207cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
208{
209 return __cfg80211_rdev_from_attrs(netns, info->attrs);
210}
211
212
213static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
214 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
215 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
216 .len = 20-1 },
217 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
218
219 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
220 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
221 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
222 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
223 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
224
225 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
226 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
227 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
228 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
229 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
230 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
231
232 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
233 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
234 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
235
236 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
237 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
238
239 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
240 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
241 .len = WLAN_MAX_KEY_LEN },
242 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
243 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
244 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
245 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
246 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
247
248 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
249 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
250 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
251 .len = IEEE80211_MAX_DATA_LEN },
252 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
253 .len = IEEE80211_MAX_DATA_LEN },
254 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
255 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
256 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
257 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
258 .len = NL80211_MAX_SUPP_RATES },
259 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
260 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
261 [NL80211_ATTR_MNTR_FLAGS] = { },
262 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
263 .len = IEEE80211_MAX_MESH_ID_LEN },
264 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
265
266 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
267 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
268
269 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
270 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
271 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
272 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
273 .len = NL80211_MAX_SUPP_RATES },
274 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
275
276 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
277 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
278
279 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
280
281 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
282 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
283 .len = IEEE80211_MAX_DATA_LEN },
284 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
285 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
286
287 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
288 .len = IEEE80211_MAX_SSID_LEN },
289 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
290 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
291 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
292 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
293 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
294 [NL80211_ATTR_STA_FLAGS2] = {
295 .len = sizeof(struct nl80211_sta_flag_update),
296 },
297 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
298 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
299 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
300 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
301 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
302 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
303 [NL80211_ATTR_PID] = { .type = NLA_U32 },
304 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
305 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
306 .len = WLAN_PMKID_LEN },
307 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
308 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
309 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
310 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
311 .len = IEEE80211_MAX_DATA_LEN },
312 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
313 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
314 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
315 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
316 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
317 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
318 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
319 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
320 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
321 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
322 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
323 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
324 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
325 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
326 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
327 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
328 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
329 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
330 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
331 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
332 .len = IEEE80211_MAX_DATA_LEN },
333 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
334 .len = IEEE80211_MAX_DATA_LEN },
335 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
336 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
337 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
338 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
339 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
340 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
341 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
342 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
343 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
344 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
345 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
346 .len = IEEE80211_MAX_DATA_LEN },
347 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
348 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
349 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
350 .len = NL80211_HT_CAPABILITY_LEN
351 },
352 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
353 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
354 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
355 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
356 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
357 [NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
358 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
359 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
360 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
361 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
362 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
363 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
364 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
365 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
366 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
367 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
368 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
369 .len = NL80211_VHT_CAPABILITY_LEN,
370 },
371 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
372 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
373 .len = IEEE80211_MAX_DATA_LEN },
374 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
375 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
376 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
377 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
378 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
379 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
380 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
381 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
382 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
383 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
384 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
385 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
386 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
387 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
388 .len = IEEE80211_QOS_MAP_LEN_MAX },
389 [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
390 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
391 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
392 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
393 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
394 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
395 [NL80211_ATTR_TSID] = { .type = NLA_U8 },
396 [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
397 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
398 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
399 [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
400 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
401 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
402 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
403 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
404 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
405};
406
407
408static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
409 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
410 [NL80211_KEY_IDX] = { .type = NLA_U8 },
411 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
412 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
413 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
414 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
415 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
416 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
417};
418
419
420static const struct nla_policy
421nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
422 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
423 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
424};
425
426
427static const struct nla_policy
428nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
429 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
430 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
431 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
432 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
433 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
434 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
435 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
436 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
437 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
438 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
439};
440
441static const struct nla_policy
442nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
443 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
444 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
445 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
446 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
447 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
448 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
449 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
450 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
451 },
452 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
453 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
454 },
455 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
456 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
457 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
458};
459
460
461static const struct nla_policy
462nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
463 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
464 [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
465 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
466};
467
468
469static const struct nla_policy
470nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
471 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
472 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
473 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
474};
475
476static const struct nla_policy
477nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
478 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
479 .len = IEEE80211_MAX_SSID_LEN },
480 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
481};
482
483static const struct nla_policy
484nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
485 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
486 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
487};
488
489static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
490 struct netlink_callback *cb,
491 struct cfg80211_registered_device **rdev,
492 struct wireless_dev **wdev)
493{
494 int err;
495
496 rtnl_lock();
497
498 if (!cb->args[0]) {
499 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
500 nl80211_fam.attrbuf, nl80211_fam.maxattr,
501 nl80211_policy);
502 if (err)
503 goto out_unlock;
504
505 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
506 nl80211_fam.attrbuf);
507 if (IS_ERR(*wdev)) {
508 err = PTR_ERR(*wdev);
509 goto out_unlock;
510 }
511 *rdev = wiphy_to_rdev((*wdev)->wiphy);
512
513 cb->args[0] = (*rdev)->wiphy_idx + 1;
514 cb->args[1] = (*wdev)->identifier;
515 } else {
516
517 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
518 struct wireless_dev *tmp;
519
520 if (!wiphy) {
521 err = -ENODEV;
522 goto out_unlock;
523 }
524 *rdev = wiphy_to_rdev(wiphy);
525 *wdev = NULL;
526
527 list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
528 if (tmp->identifier == cb->args[1]) {
529 *wdev = tmp;
530 break;
531 }
532 }
533
534 if (!*wdev) {
535 err = -ENODEV;
536 goto out_unlock;
537 }
538 }
539
540 return 0;
541 out_unlock:
542 rtnl_unlock();
543 return err;
544}
545
546static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
547{
548 rtnl_unlock();
549}
550
551
552static bool is_valid_ie_attr(const struct nlattr *attr)
553{
554 const u8 *pos;
555 int len;
556
557 if (!attr)
558 return true;
559
560 pos = nla_data(attr);
561 len = nla_len(attr);
562
563 while (len) {
564 u8 elemlen;
565
566 if (len < 2)
567 return false;
568 len -= 2;
569
570 elemlen = pos[1];
571 if (elemlen > len)
572 return false;
573
574 len -= elemlen;
575 pos += 2 + elemlen;
576 }
577
578 return true;
579}
580
581
582static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
583 int flags, u8 cmd)
584{
585
586 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
587}
588
589static int nl80211_msg_put_channel(struct sk_buff *msg,
590 struct ieee80211_channel *chan,
591 bool large)
592{
593
594
595
596 if (!large && chan->flags &
597 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
598 return 0;
599
600 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
601 chan->center_freq))
602 goto nla_put_failure;
603
604 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
605 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
606 goto nla_put_failure;
607 if (chan->flags & IEEE80211_CHAN_NO_IR) {
608 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
609 goto nla_put_failure;
610 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
611 goto nla_put_failure;
612 }
613 if (chan->flags & IEEE80211_CHAN_RADAR) {
614 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
615 goto nla_put_failure;
616 if (large) {
617 u32 time;
618
619 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
620
621 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
622 chan->dfs_state))
623 goto nla_put_failure;
624 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
625 time))
626 goto nla_put_failure;
627 if (nla_put_u32(msg,
628 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
629 chan->dfs_cac_ms))
630 goto nla_put_failure;
631 }
632 }
633
634 if (large) {
635 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
636 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
637 goto nla_put_failure;
638 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
639 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
640 goto nla_put_failure;
641 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
642 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
643 goto nla_put_failure;
644 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
645 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
646 goto nla_put_failure;
647 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
648 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
649 goto nla_put_failure;
650 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
651 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
652 goto nla_put_failure;
653 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
654 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
655 goto nla_put_failure;
656 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
657 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
658 goto nla_put_failure;
659 }
660
661 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
662 DBM_TO_MBM(chan->max_power)))
663 goto nla_put_failure;
664
665 return 0;
666
667 nla_put_failure:
668 return -ENOBUFS;
669}
670
671
672
673struct key_parse {
674 struct key_params p;
675 int idx;
676 int type;
677 bool def, defmgmt;
678 bool def_uni, def_multi;
679};
680
681static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
682{
683 struct nlattr *tb[NL80211_KEY_MAX + 1];
684 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
685 nl80211_key_policy);
686 if (err)
687 return err;
688
689 k->def = !!tb[NL80211_KEY_DEFAULT];
690 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
691
692 if (k->def) {
693 k->def_uni = true;
694 k->def_multi = true;
695 }
696 if (k->defmgmt)
697 k->def_multi = true;
698
699 if (tb[NL80211_KEY_IDX])
700 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
701
702 if (tb[NL80211_KEY_DATA]) {
703 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
704 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
705 }
706
707 if (tb[NL80211_KEY_SEQ]) {
708 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
709 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
710 }
711
712 if (tb[NL80211_KEY_CIPHER])
713 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
714
715 if (tb[NL80211_KEY_TYPE]) {
716 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
717 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
718 return -EINVAL;
719 }
720
721 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
722 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
723 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
724 tb[NL80211_KEY_DEFAULT_TYPES],
725 nl80211_key_default_policy);
726 if (err)
727 return err;
728
729 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
730 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
731 }
732
733 return 0;
734}
735
736static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
737{
738 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
739 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
740 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
741 }
742
743 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
744 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
745 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
746 }
747
748 if (info->attrs[NL80211_ATTR_KEY_IDX])
749 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
750
751 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
752 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
753
754 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
755 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
756
757 if (k->def) {
758 k->def_uni = true;
759 k->def_multi = true;
760 }
761 if (k->defmgmt)
762 k->def_multi = true;
763
764 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
765 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
766 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
767 return -EINVAL;
768 }
769
770 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
771 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
772 int err = nla_parse_nested(
773 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
774 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
775 nl80211_key_default_policy);
776 if (err)
777 return err;
778
779 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
780 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
781 }
782
783 return 0;
784}
785
786static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
787{
788 int err;
789
790 memset(k, 0, sizeof(*k));
791 k->idx = -1;
792 k->type = -1;
793
794 if (info->attrs[NL80211_ATTR_KEY])
795 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
796 else
797 err = nl80211_parse_key_old(info, k);
798
799 if (err)
800 return err;
801
802 if (k->def && k->defmgmt)
803 return -EINVAL;
804
805 if (k->defmgmt) {
806 if (k->def_uni || !k->def_multi)
807 return -EINVAL;
808 }
809
810 if (k->idx != -1) {
811 if (k->defmgmt) {
812 if (k->idx < 4 || k->idx > 5)
813 return -EINVAL;
814 } else if (k->def) {
815 if (k->idx < 0 || k->idx > 3)
816 return -EINVAL;
817 } else {
818 if (k->idx < 0 || k->idx > 5)
819 return -EINVAL;
820 }
821 }
822
823 return 0;
824}
825
826static struct cfg80211_cached_keys *
827nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
828 struct nlattr *keys, bool *no_ht)
829{
830 struct key_parse parse;
831 struct nlattr *key;
832 struct cfg80211_cached_keys *result;
833 int rem, err, def = 0;
834
835 result = kzalloc(sizeof(*result), GFP_KERNEL);
836 if (!result)
837 return ERR_PTR(-ENOMEM);
838
839 result->def = -1;
840 result->defmgmt = -1;
841
842 nla_for_each_nested(key, keys, rem) {
843 memset(&parse, 0, sizeof(parse));
844 parse.idx = -1;
845
846 err = nl80211_parse_key_new(key, &parse);
847 if (err)
848 goto error;
849 err = -EINVAL;
850 if (!parse.p.key)
851 goto error;
852 if (parse.idx < 0 || parse.idx > 4)
853 goto error;
854 if (parse.def) {
855 if (def)
856 goto error;
857 def = 1;
858 result->def = parse.idx;
859 if (!parse.def_uni || !parse.def_multi)
860 goto error;
861 } else if (parse.defmgmt)
862 goto error;
863 err = cfg80211_validate_key_settings(rdev, &parse.p,
864 parse.idx, false, NULL);
865 if (err)
866 goto error;
867 result->params[parse.idx].cipher = parse.p.cipher;
868 result->params[parse.idx].key_len = parse.p.key_len;
869 result->params[parse.idx].key = result->data[parse.idx];
870 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
871
872 if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
873 parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
874 if (no_ht)
875 *no_ht = true;
876 }
877 }
878
879 return result;
880 error:
881 kfree(result);
882 return ERR_PTR(err);
883}
884
885static int nl80211_key_allowed(struct wireless_dev *wdev)
886{
887 ASSERT_WDEV_LOCK(wdev);
888
889 switch (wdev->iftype) {
890 case NL80211_IFTYPE_AP:
891 case NL80211_IFTYPE_AP_VLAN:
892 case NL80211_IFTYPE_P2P_GO:
893 case NL80211_IFTYPE_MESH_POINT:
894 break;
895 case NL80211_IFTYPE_ADHOC:
896 case NL80211_IFTYPE_STATION:
897 case NL80211_IFTYPE_P2P_CLIENT:
898 if (!wdev->current_bss)
899 return -ENOLINK;
900 break;
901 case NL80211_IFTYPE_UNSPECIFIED:
902 case NL80211_IFTYPE_OCB:
903 case NL80211_IFTYPE_MONITOR:
904 case NL80211_IFTYPE_P2P_DEVICE:
905 case NL80211_IFTYPE_WDS:
906 case NUM_NL80211_IFTYPES:
907 return -EINVAL;
908 }
909
910 return 0;
911}
912
913static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
914 struct nlattr *tb)
915{
916 struct ieee80211_channel *chan;
917
918 if (tb == NULL)
919 return NULL;
920 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
921 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
922 return NULL;
923 return chan;
924}
925
926static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
927{
928 struct nlattr *nl_modes = nla_nest_start(msg, attr);
929 int i;
930
931 if (!nl_modes)
932 goto nla_put_failure;
933
934 i = 0;
935 while (ifmodes) {
936 if ((ifmodes & 1) && nla_put_flag(msg, i))
937 goto nla_put_failure;
938 ifmodes >>= 1;
939 i++;
940 }
941
942 nla_nest_end(msg, nl_modes);
943 return 0;
944
945nla_put_failure:
946 return -ENOBUFS;
947}
948
949static int nl80211_put_iface_combinations(struct wiphy *wiphy,
950 struct sk_buff *msg,
951 bool large)
952{
953 struct nlattr *nl_combis;
954 int i, j;
955
956 nl_combis = nla_nest_start(msg,
957 NL80211_ATTR_INTERFACE_COMBINATIONS);
958 if (!nl_combis)
959 goto nla_put_failure;
960
961 for (i = 0; i < wiphy->n_iface_combinations; i++) {
962 const struct ieee80211_iface_combination *c;
963 struct nlattr *nl_combi, *nl_limits;
964
965 c = &wiphy->iface_combinations[i];
966
967 nl_combi = nla_nest_start(msg, i + 1);
968 if (!nl_combi)
969 goto nla_put_failure;
970
971 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
972 if (!nl_limits)
973 goto nla_put_failure;
974
975 for (j = 0; j < c->n_limits; j++) {
976 struct nlattr *nl_limit;
977
978 nl_limit = nla_nest_start(msg, j + 1);
979 if (!nl_limit)
980 goto nla_put_failure;
981 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
982 c->limits[j].max))
983 goto nla_put_failure;
984 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
985 c->limits[j].types))
986 goto nla_put_failure;
987 nla_nest_end(msg, nl_limit);
988 }
989
990 nla_nest_end(msg, nl_limits);
991
992 if (c->beacon_int_infra_match &&
993 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
994 goto nla_put_failure;
995 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
996 c->num_different_channels) ||
997 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
998 c->max_interfaces))
999 goto nla_put_failure;
1000 if (large &&
1001 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1002 c->radar_detect_widths) ||
1003 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1004 c->radar_detect_regions)))
1005 goto nla_put_failure;
1006
1007 nla_nest_end(msg, nl_combi);
1008 }
1009
1010 nla_nest_end(msg, nl_combis);
1011
1012 return 0;
1013nla_put_failure:
1014 return -ENOBUFS;
1015}
1016
1017#ifdef CONFIG_PM
1018static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1019 struct sk_buff *msg)
1020{
1021 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1022 struct nlattr *nl_tcp;
1023
1024 if (!tcp)
1025 return 0;
1026
1027 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1028 if (!nl_tcp)
1029 return -ENOBUFS;
1030
1031 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1032 tcp->data_payload_max))
1033 return -ENOBUFS;
1034
1035 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1036 tcp->data_payload_max))
1037 return -ENOBUFS;
1038
1039 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1040 return -ENOBUFS;
1041
1042 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1043 sizeof(*tcp->tok), tcp->tok))
1044 return -ENOBUFS;
1045
1046 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1047 tcp->data_interval_max))
1048 return -ENOBUFS;
1049
1050 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1051 tcp->wake_payload_max))
1052 return -ENOBUFS;
1053
1054 nla_nest_end(msg, nl_tcp);
1055 return 0;
1056}
1057
1058static int nl80211_send_wowlan(struct sk_buff *msg,
1059 struct cfg80211_registered_device *rdev,
1060 bool large)
1061{
1062 struct nlattr *nl_wowlan;
1063
1064 if (!rdev->wiphy.wowlan)
1065 return 0;
1066
1067 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1068 if (!nl_wowlan)
1069 return -ENOBUFS;
1070
1071 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1072 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1073 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1074 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1075 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1076 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1077 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1078 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1079 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1080 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1081 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1082 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1083 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1084 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1085 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1086 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1087 return -ENOBUFS;
1088
1089 if (rdev->wiphy.wowlan->n_patterns) {
1090 struct nl80211_pattern_support pat = {
1091 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1092 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1093 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1094 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1095 };
1096
1097 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1098 sizeof(pat), &pat))
1099 return -ENOBUFS;
1100 }
1101
1102 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1103 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1104 rdev->wiphy.wowlan->max_nd_match_sets))
1105 return -ENOBUFS;
1106
1107 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1108 return -ENOBUFS;
1109
1110 nla_nest_end(msg, nl_wowlan);
1111
1112 return 0;
1113}
1114#endif
1115
1116static int nl80211_send_coalesce(struct sk_buff *msg,
1117 struct cfg80211_registered_device *rdev)
1118{
1119 struct nl80211_coalesce_rule_support rule;
1120
1121 if (!rdev->wiphy.coalesce)
1122 return 0;
1123
1124 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1125 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1126 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1127 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1128 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1129 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1130
1131 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1132 return -ENOBUFS;
1133
1134 return 0;
1135}
1136
1137static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1138 struct ieee80211_supported_band *sband)
1139{
1140 struct nlattr *nl_rates, *nl_rate;
1141 struct ieee80211_rate *rate;
1142 int i;
1143
1144
1145 if (sband->ht_cap.ht_supported &&
1146 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1147 sizeof(sband->ht_cap.mcs),
1148 &sband->ht_cap.mcs) ||
1149 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1150 sband->ht_cap.cap) ||
1151 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1152 sband->ht_cap.ampdu_factor) ||
1153 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1154 sband->ht_cap.ampdu_density)))
1155 return -ENOBUFS;
1156
1157
1158 if (sband->vht_cap.vht_supported &&
1159 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1160 sizeof(sband->vht_cap.vht_mcs),
1161 &sband->vht_cap.vht_mcs) ||
1162 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1163 sband->vht_cap.cap)))
1164 return -ENOBUFS;
1165
1166
1167 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1168 if (!nl_rates)
1169 return -ENOBUFS;
1170
1171 for (i = 0; i < sband->n_bitrates; i++) {
1172 nl_rate = nla_nest_start(msg, i);
1173 if (!nl_rate)
1174 return -ENOBUFS;
1175
1176 rate = &sband->bitrates[i];
1177 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1178 rate->bitrate))
1179 return -ENOBUFS;
1180 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1181 nla_put_flag(msg,
1182 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1183 return -ENOBUFS;
1184
1185 nla_nest_end(msg, nl_rate);
1186 }
1187
1188 nla_nest_end(msg, nl_rates);
1189
1190 return 0;
1191}
1192
1193static int
1194nl80211_send_mgmt_stypes(struct sk_buff *msg,
1195 const struct ieee80211_txrx_stypes *mgmt_stypes)
1196{
1197 u16 stypes;
1198 struct nlattr *nl_ftypes, *nl_ifs;
1199 enum nl80211_iftype ift;
1200 int i;
1201
1202 if (!mgmt_stypes)
1203 return 0;
1204
1205 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1206 if (!nl_ifs)
1207 return -ENOBUFS;
1208
1209 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1210 nl_ftypes = nla_nest_start(msg, ift);
1211 if (!nl_ftypes)
1212 return -ENOBUFS;
1213 i = 0;
1214 stypes = mgmt_stypes[ift].tx;
1215 while (stypes) {
1216 if ((stypes & 1) &&
1217 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1218 (i << 4) | IEEE80211_FTYPE_MGMT))
1219 return -ENOBUFS;
1220 stypes >>= 1;
1221 i++;
1222 }
1223 nla_nest_end(msg, nl_ftypes);
1224 }
1225
1226 nla_nest_end(msg, nl_ifs);
1227
1228 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1229 if (!nl_ifs)
1230 return -ENOBUFS;
1231
1232 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1233 nl_ftypes = nla_nest_start(msg, ift);
1234 if (!nl_ftypes)
1235 return -ENOBUFS;
1236 i = 0;
1237 stypes = mgmt_stypes[ift].rx;
1238 while (stypes) {
1239 if ((stypes & 1) &&
1240 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1241 (i << 4) | IEEE80211_FTYPE_MGMT))
1242 return -ENOBUFS;
1243 stypes >>= 1;
1244 i++;
1245 }
1246 nla_nest_end(msg, nl_ftypes);
1247 }
1248 nla_nest_end(msg, nl_ifs);
1249
1250 return 0;
1251}
1252
1253struct nl80211_dump_wiphy_state {
1254 s64 filter_wiphy;
1255 long start;
1256 long split_start, band_start, chan_start;
1257 bool split;
1258};
1259
1260static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1261 enum nl80211_commands cmd,
1262 struct sk_buff *msg, u32 portid, u32 seq,
1263 int flags, struct nl80211_dump_wiphy_state *state)
1264{
1265 void *hdr;
1266 struct nlattr *nl_bands, *nl_band;
1267 struct nlattr *nl_freqs, *nl_freq;
1268 struct nlattr *nl_cmds;
1269 enum ieee80211_band band;
1270 struct ieee80211_channel *chan;
1271 int i;
1272 const struct ieee80211_txrx_stypes *mgmt_stypes =
1273 rdev->wiphy.mgmt_stypes;
1274 u32 features;
1275
1276 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1277 if (!hdr)
1278 return -ENOBUFS;
1279
1280 if (WARN_ON(!state))
1281 return -EINVAL;
1282
1283 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1284 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1285 wiphy_name(&rdev->wiphy)) ||
1286 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1287 cfg80211_rdev_list_generation))
1288 goto nla_put_failure;
1289
1290 if (cmd != NL80211_CMD_NEW_WIPHY)
1291 goto finish;
1292
1293 switch (state->split_start) {
1294 case 0:
1295 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1296 rdev->wiphy.retry_short) ||
1297 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1298 rdev->wiphy.retry_long) ||
1299 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1300 rdev->wiphy.frag_threshold) ||
1301 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1302 rdev->wiphy.rts_threshold) ||
1303 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1304 rdev->wiphy.coverage_class) ||
1305 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1306 rdev->wiphy.max_scan_ssids) ||
1307 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1308 rdev->wiphy.max_sched_scan_ssids) ||
1309 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1310 rdev->wiphy.max_scan_ie_len) ||
1311 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1312 rdev->wiphy.max_sched_scan_ie_len) ||
1313 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1314 rdev->wiphy.max_match_sets) ||
1315 nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1316 rdev->wiphy.max_sched_scan_plans) ||
1317 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1318 rdev->wiphy.max_sched_scan_plan_interval) ||
1319 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1320 rdev->wiphy.max_sched_scan_plan_iterations))
1321 goto nla_put_failure;
1322
1323 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1324 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1325 goto nla_put_failure;
1326 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1327 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1328 goto nla_put_failure;
1329 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1330 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1331 goto nla_put_failure;
1332 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1333 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1334 goto nla_put_failure;
1335 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1336 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1337 goto nla_put_failure;
1338 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1339 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1340 goto nla_put_failure;
1341 state->split_start++;
1342 if (state->split)
1343 break;
1344 case 1:
1345 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1346 sizeof(u32) * rdev->wiphy.n_cipher_suites,
1347 rdev->wiphy.cipher_suites))
1348 goto nla_put_failure;
1349
1350 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1351 rdev->wiphy.max_num_pmkids))
1352 goto nla_put_failure;
1353
1354 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1355 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1356 goto nla_put_failure;
1357
1358 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1359 rdev->wiphy.available_antennas_tx) ||
1360 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1361 rdev->wiphy.available_antennas_rx))
1362 goto nla_put_failure;
1363
1364 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1365 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1366 rdev->wiphy.probe_resp_offload))
1367 goto nla_put_failure;
1368
1369 if ((rdev->wiphy.available_antennas_tx ||
1370 rdev->wiphy.available_antennas_rx) &&
1371 rdev->ops->get_antenna) {
1372 u32 tx_ant = 0, rx_ant = 0;
1373 int res;
1374 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1375 if (!res) {
1376 if (nla_put_u32(msg,
1377 NL80211_ATTR_WIPHY_ANTENNA_TX,
1378 tx_ant) ||
1379 nla_put_u32(msg,
1380 NL80211_ATTR_WIPHY_ANTENNA_RX,
1381 rx_ant))
1382 goto nla_put_failure;
1383 }
1384 }
1385
1386 state->split_start++;
1387 if (state->split)
1388 break;
1389 case 2:
1390 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1391 rdev->wiphy.interface_modes))
1392 goto nla_put_failure;
1393 state->split_start++;
1394 if (state->split)
1395 break;
1396 case 3:
1397 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1398 if (!nl_bands)
1399 goto nla_put_failure;
1400
1401 for (band = state->band_start;
1402 band < IEEE80211_NUM_BANDS; band++) {
1403 struct ieee80211_supported_band *sband;
1404
1405 sband = rdev->wiphy.bands[band];
1406
1407 if (!sband)
1408 continue;
1409
1410 nl_band = nla_nest_start(msg, band);
1411 if (!nl_band)
1412 goto nla_put_failure;
1413
1414 switch (state->chan_start) {
1415 case 0:
1416 if (nl80211_send_band_rateinfo(msg, sband))
1417 goto nla_put_failure;
1418 state->chan_start++;
1419 if (state->split)
1420 break;
1421 default:
1422
1423 nl_freqs = nla_nest_start(
1424 msg, NL80211_BAND_ATTR_FREQS);
1425 if (!nl_freqs)
1426 goto nla_put_failure;
1427
1428 for (i = state->chan_start - 1;
1429 i < sband->n_channels;
1430 i++) {
1431 nl_freq = nla_nest_start(msg, i);
1432 if (!nl_freq)
1433 goto nla_put_failure;
1434
1435 chan = &sband->channels[i];
1436
1437 if (nl80211_msg_put_channel(
1438 msg, chan,
1439 state->split))
1440 goto nla_put_failure;
1441
1442 nla_nest_end(msg, nl_freq);
1443 if (state->split)
1444 break;
1445 }
1446 if (i < sband->n_channels)
1447 state->chan_start = i + 2;
1448 else
1449 state->chan_start = 0;
1450 nla_nest_end(msg, nl_freqs);
1451 }
1452
1453 nla_nest_end(msg, nl_band);
1454
1455 if (state->split) {
1456
1457 if (state->chan_start)
1458 band--;
1459 break;
1460 }
1461 }
1462 nla_nest_end(msg, nl_bands);
1463
1464 if (band < IEEE80211_NUM_BANDS)
1465 state->band_start = band + 1;
1466 else
1467 state->band_start = 0;
1468
1469
1470 if (state->band_start == 0 && state->chan_start == 0)
1471 state->split_start++;
1472 if (state->split)
1473 break;
1474 case 4:
1475 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1476 if (!nl_cmds)
1477 goto nla_put_failure;
1478
1479 i = 0;
1480#define CMD(op, n) \
1481 do { \
1482 if (rdev->ops->op) { \
1483 i++; \
1484 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1485 goto nla_put_failure; \
1486 } \
1487 } while (0)
1488
1489 CMD(add_virtual_intf, NEW_INTERFACE);
1490 CMD(change_virtual_intf, SET_INTERFACE);
1491 CMD(add_key, NEW_KEY);
1492 CMD(start_ap, START_AP);
1493 CMD(add_station, NEW_STATION);
1494 CMD(add_mpath, NEW_MPATH);
1495 CMD(update_mesh_config, SET_MESH_CONFIG);
1496 CMD(change_bss, SET_BSS);
1497 CMD(auth, AUTHENTICATE);
1498 CMD(assoc, ASSOCIATE);
1499 CMD(deauth, DEAUTHENTICATE);
1500 CMD(disassoc, DISASSOCIATE);
1501 CMD(join_ibss, JOIN_IBSS);
1502 CMD(join_mesh, JOIN_MESH);
1503 CMD(set_pmksa, SET_PMKSA);
1504 CMD(del_pmksa, DEL_PMKSA);
1505 CMD(flush_pmksa, FLUSH_PMKSA);
1506 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1507 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1508 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1509 CMD(mgmt_tx, FRAME);
1510 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1511 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1512 i++;
1513 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1514 goto nla_put_failure;
1515 }
1516 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1517 rdev->ops->join_mesh) {
1518 i++;
1519 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1520 goto nla_put_failure;
1521 }
1522 CMD(set_wds_peer, SET_WDS_PEER);
1523 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1524 CMD(tdls_mgmt, TDLS_MGMT);
1525 CMD(tdls_oper, TDLS_OPER);
1526 }
1527 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1528 CMD(sched_scan_start, START_SCHED_SCAN);
1529 CMD(probe_client, PROBE_CLIENT);
1530 CMD(set_noack_map, SET_NOACK_MAP);
1531 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1532 i++;
1533 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1534 goto nla_put_failure;
1535 }
1536 CMD(start_p2p_device, START_P2P_DEVICE);
1537 CMD(set_mcast_rate, SET_MCAST_RATE);
1538#ifdef CONFIG_NL80211_TESTMODE
1539 CMD(testmode_cmd, TESTMODE);
1540#endif
1541 if (state->split) {
1542 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1543 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1544 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1545 CMD(channel_switch, CHANNEL_SWITCH);
1546 CMD(set_qos_map, SET_QOS_MAP);
1547 if (rdev->wiphy.features &
1548 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1549 CMD(add_tx_ts, ADD_TX_TS);
1550 }
1551
1552#undef CMD
1553
1554 if (rdev->ops->connect || rdev->ops->auth) {
1555 i++;
1556 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1557 goto nla_put_failure;
1558 }
1559
1560 if (rdev->ops->disconnect || rdev->ops->deauth) {
1561 i++;
1562 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1563 goto nla_put_failure;
1564 }
1565
1566 nla_nest_end(msg, nl_cmds);
1567 state->split_start++;
1568 if (state->split)
1569 break;
1570 case 5:
1571 if (rdev->ops->remain_on_channel &&
1572 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1573 nla_put_u32(msg,
1574 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1575 rdev->wiphy.max_remain_on_channel_duration))
1576 goto nla_put_failure;
1577
1578 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1579 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1580 goto nla_put_failure;
1581
1582 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1583 goto nla_put_failure;
1584 state->split_start++;
1585 if (state->split)
1586 break;
1587 case 6:
1588#ifdef CONFIG_PM
1589 if (nl80211_send_wowlan(msg, rdev, state->split))
1590 goto nla_put_failure;
1591 state->split_start++;
1592 if (state->split)
1593 break;
1594#else
1595 state->split_start++;
1596#endif
1597 case 7:
1598 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1599 rdev->wiphy.software_iftypes))
1600 goto nla_put_failure;
1601
1602 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1603 state->split))
1604 goto nla_put_failure;
1605
1606 state->split_start++;
1607 if (state->split)
1608 break;
1609 case 8:
1610 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1611 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1612 rdev->wiphy.ap_sme_capa))
1613 goto nla_put_failure;
1614
1615 features = rdev->wiphy.features;
1616
1617
1618
1619
1620
1621 if (state->split)
1622 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1623 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1624 goto nla_put_failure;
1625
1626 if (rdev->wiphy.ht_capa_mod_mask &&
1627 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1628 sizeof(*rdev->wiphy.ht_capa_mod_mask),
1629 rdev->wiphy.ht_capa_mod_mask))
1630 goto nla_put_failure;
1631
1632 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1633 rdev->wiphy.max_acl_mac_addrs &&
1634 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1635 rdev->wiphy.max_acl_mac_addrs))
1636 goto nla_put_failure;
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648 state->split_start++;
1649 break;
1650 case 9:
1651 if (rdev->wiphy.extended_capabilities &&
1652 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1653 rdev->wiphy.extended_capabilities_len,
1654 rdev->wiphy.extended_capabilities) ||
1655 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1656 rdev->wiphy.extended_capabilities_len,
1657 rdev->wiphy.extended_capabilities_mask)))
1658 goto nla_put_failure;
1659
1660 if (rdev->wiphy.vht_capa_mod_mask &&
1661 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1662 sizeof(*rdev->wiphy.vht_capa_mod_mask),
1663 rdev->wiphy.vht_capa_mod_mask))
1664 goto nla_put_failure;
1665
1666 state->split_start++;
1667 break;
1668 case 10:
1669 if (nl80211_send_coalesce(msg, rdev))
1670 goto nla_put_failure;
1671
1672 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1673 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1674 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1675 goto nla_put_failure;
1676
1677 if (rdev->wiphy.max_ap_assoc_sta &&
1678 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1679 rdev->wiphy.max_ap_assoc_sta))
1680 goto nla_put_failure;
1681
1682 state->split_start++;
1683 break;
1684 case 11:
1685 if (rdev->wiphy.n_vendor_commands) {
1686 const struct nl80211_vendor_cmd_info *info;
1687 struct nlattr *nested;
1688
1689 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1690 if (!nested)
1691 goto nla_put_failure;
1692
1693 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1694 info = &rdev->wiphy.vendor_commands[i].info;
1695 if (nla_put(msg, i + 1, sizeof(*info), info))
1696 goto nla_put_failure;
1697 }
1698 nla_nest_end(msg, nested);
1699 }
1700
1701 if (rdev->wiphy.n_vendor_events) {
1702 const struct nl80211_vendor_cmd_info *info;
1703 struct nlattr *nested;
1704
1705 nested = nla_nest_start(msg,
1706 NL80211_ATTR_VENDOR_EVENTS);
1707 if (!nested)
1708 goto nla_put_failure;
1709
1710 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1711 info = &rdev->wiphy.vendor_events[i];
1712 if (nla_put(msg, i + 1, sizeof(*info), info))
1713 goto nla_put_failure;
1714 }
1715 nla_nest_end(msg, nested);
1716 }
1717 state->split_start++;
1718 break;
1719 case 12:
1720 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1721 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1722 rdev->wiphy.max_num_csa_counters))
1723 goto nla_put_failure;
1724
1725 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1726 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1727 goto nla_put_failure;
1728
1729 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
1730 sizeof(rdev->wiphy.ext_features),
1731 rdev->wiphy.ext_features))
1732 goto nla_put_failure;
1733
1734
1735 state->split_start = 0;
1736 break;
1737 }
1738 finish:
1739 genlmsg_end(msg, hdr);
1740 return 0;
1741
1742 nla_put_failure:
1743 genlmsg_cancel(msg, hdr);
1744 return -EMSGSIZE;
1745}
1746
1747static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1748 struct netlink_callback *cb,
1749 struct nl80211_dump_wiphy_state *state)
1750{
1751 struct nlattr **tb = nl80211_fam.attrbuf;
1752 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1753 tb, nl80211_fam.maxattr, nl80211_policy);
1754
1755 if (ret)
1756 return 0;
1757
1758 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1759 if (tb[NL80211_ATTR_WIPHY])
1760 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1761 if (tb[NL80211_ATTR_WDEV])
1762 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1763 if (tb[NL80211_ATTR_IFINDEX]) {
1764 struct net_device *netdev;
1765 struct cfg80211_registered_device *rdev;
1766 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1767
1768 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1769 if (!netdev)
1770 return -ENODEV;
1771 if (netdev->ieee80211_ptr) {
1772 rdev = wiphy_to_rdev(
1773 netdev->ieee80211_ptr->wiphy);
1774 state->filter_wiphy = rdev->wiphy_idx;
1775 }
1776 }
1777
1778 return 0;
1779}
1780
1781static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1782{
1783 int idx = 0, ret;
1784 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1785 struct cfg80211_registered_device *rdev;
1786
1787 rtnl_lock();
1788 if (!state) {
1789 state = kzalloc(sizeof(*state), GFP_KERNEL);
1790 if (!state) {
1791 rtnl_unlock();
1792 return -ENOMEM;
1793 }
1794 state->filter_wiphy = -1;
1795 ret = nl80211_dump_wiphy_parse(skb, cb, state);
1796 if (ret) {
1797 kfree(state);
1798 rtnl_unlock();
1799 return ret;
1800 }
1801 cb->args[0] = (long)state;
1802 }
1803
1804 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1805 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1806 continue;
1807 if (++idx <= state->start)
1808 continue;
1809 if (state->filter_wiphy != -1 &&
1810 state->filter_wiphy != rdev->wiphy_idx)
1811 continue;
1812
1813 do {
1814 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
1815 skb,
1816 NETLINK_CB(cb->skb).portid,
1817 cb->nlh->nlmsg_seq,
1818 NLM_F_MULTI, state);
1819 if (ret < 0) {
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1834 !skb->len && !state->split &&
1835 cb->min_dump_alloc < 4096) {
1836 cb->min_dump_alloc = 4096;
1837 state->split_start = 0;
1838 rtnl_unlock();
1839 return 1;
1840 }
1841 idx--;
1842 break;
1843 }
1844 } while (state->split_start > 0);
1845 break;
1846 }
1847 rtnl_unlock();
1848
1849 state->start = idx;
1850
1851 return skb->len;
1852}
1853
1854static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1855{
1856 kfree((void *)cb->args[0]);
1857 return 0;
1858}
1859
1860static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1861{
1862 struct sk_buff *msg;
1863 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1864 struct nl80211_dump_wiphy_state state = {};
1865
1866 msg = nlmsg_new(4096, GFP_KERNEL);
1867 if (!msg)
1868 return -ENOMEM;
1869
1870 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
1871 info->snd_portid, info->snd_seq, 0,
1872 &state) < 0) {
1873 nlmsg_free(msg);
1874 return -ENOBUFS;
1875 }
1876
1877 return genlmsg_reply(msg, info);
1878}
1879
1880static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1881 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
1882 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
1883 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
1884 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
1885 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
1886};
1887
1888static int parse_txq_params(struct nlattr *tb[],
1889 struct ieee80211_txq_params *txq_params)
1890{
1891 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1892 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1893 !tb[NL80211_TXQ_ATTR_AIFS])
1894 return -EINVAL;
1895
1896 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1897 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1898 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1899 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1900 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1901
1902 if (txq_params->ac >= NL80211_NUM_ACS)
1903 return -EINVAL;
1904
1905 return 0;
1906}
1907
1908static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1909{
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925 return !wdev ||
1926 wdev->iftype == NL80211_IFTYPE_AP ||
1927 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1928 wdev->iftype == NL80211_IFTYPE_MONITOR ||
1929 wdev->iftype == NL80211_IFTYPE_P2P_GO;
1930}
1931
1932static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1933 struct genl_info *info,
1934 struct cfg80211_chan_def *chandef)
1935{
1936 u32 control_freq;
1937
1938 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1939 return -EINVAL;
1940
1941 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1942
1943 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1944 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1945 chandef->center_freq1 = control_freq;
1946 chandef->center_freq2 = 0;
1947
1948
1949 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1950 return -EINVAL;
1951
1952 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1953 enum nl80211_channel_type chantype;
1954
1955 chantype = nla_get_u32(
1956 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1957
1958 switch (chantype) {
1959 case NL80211_CHAN_NO_HT:
1960 case NL80211_CHAN_HT20:
1961 case NL80211_CHAN_HT40PLUS:
1962 case NL80211_CHAN_HT40MINUS:
1963 cfg80211_chandef_create(chandef, chandef->chan,
1964 chantype);
1965 break;
1966 default:
1967 return -EINVAL;
1968 }
1969 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1970 chandef->width =
1971 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1972 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1973 chandef->center_freq1 =
1974 nla_get_u32(
1975 info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1976 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1977 chandef->center_freq2 =
1978 nla_get_u32(
1979 info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1980 }
1981
1982 if (!cfg80211_chandef_valid(chandef))
1983 return -EINVAL;
1984
1985 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1986 IEEE80211_CHAN_DISABLED))
1987 return -EINVAL;
1988
1989 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1990 chandef->width == NL80211_CHAN_WIDTH_10) &&
1991 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1992 return -EINVAL;
1993
1994 return 0;
1995}
1996
1997static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1998 struct net_device *dev,
1999 struct genl_info *info)
2000{
2001 struct cfg80211_chan_def chandef;
2002 int result;
2003 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2004 struct wireless_dev *wdev = NULL;
2005
2006 if (dev)
2007 wdev = dev->ieee80211_ptr;
2008 if (!nl80211_can_set_dev_channel(wdev))
2009 return -EOPNOTSUPP;
2010 if (wdev)
2011 iftype = wdev->iftype;
2012
2013 result = nl80211_parse_chandef(rdev, info, &chandef);
2014 if (result)
2015 return result;
2016
2017 switch (iftype) {
2018 case NL80211_IFTYPE_AP:
2019 case NL80211_IFTYPE_P2P_GO:
2020 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2021 iftype)) {
2022 result = -EINVAL;
2023 break;
2024 }
2025 if (wdev->beacon_interval) {
2026 if (!dev || !rdev->ops->set_ap_chanwidth ||
2027 !(rdev->wiphy.features &
2028 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2029 result = -EBUSY;
2030 break;
2031 }
2032
2033
2034 if (chandef.chan != wdev->preset_chandef.chan) {
2035 result = -EBUSY;
2036 break;
2037 }
2038 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2039 if (result)
2040 break;
2041 }
2042 wdev->preset_chandef = chandef;
2043 result = 0;
2044 break;
2045 case NL80211_IFTYPE_MESH_POINT:
2046 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2047 break;
2048 case NL80211_IFTYPE_MONITOR:
2049 result = cfg80211_set_monitor_channel(rdev, &chandef);
2050 break;
2051 default:
2052 result = -EINVAL;
2053 }
2054
2055 return result;
2056}
2057
2058static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2059{
2060 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2061 struct net_device *netdev = info->user_ptr[1];
2062
2063 return __nl80211_set_channel(rdev, netdev, info);
2064}
2065
2066static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2067{
2068 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2069 struct net_device *dev = info->user_ptr[1];
2070 struct wireless_dev *wdev = dev->ieee80211_ptr;
2071 const u8 *bssid;
2072
2073 if (!info->attrs[NL80211_ATTR_MAC])
2074 return -EINVAL;
2075
2076 if (netif_running(dev))
2077 return -EBUSY;
2078
2079 if (!rdev->ops->set_wds_peer)
2080 return -EOPNOTSUPP;
2081
2082 if (wdev->iftype != NL80211_IFTYPE_WDS)
2083 return -EOPNOTSUPP;
2084
2085 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2086 return rdev_set_wds_peer(rdev, dev, bssid);
2087}
2088
2089
2090static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2091{
2092 struct cfg80211_registered_device *rdev;
2093 struct net_device *netdev = NULL;
2094 struct wireless_dev *wdev;
2095 int result = 0, rem_txq_params = 0;
2096 struct nlattr *nl_txq_params;
2097 u32 changed;
2098 u8 retry_short = 0, retry_long = 0;
2099 u32 frag_threshold = 0, rts_threshold = 0;
2100 u8 coverage_class = 0;
2101
2102 ASSERT_RTNL();
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114 if (info->attrs[NL80211_ATTR_IFINDEX]) {
2115 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2116
2117 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2118 if (netdev && netdev->ieee80211_ptr)
2119 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2120 else
2121 netdev = NULL;
2122 }
2123
2124 if (!netdev) {
2125 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2126 info->attrs);
2127 if (IS_ERR(rdev))
2128 return PTR_ERR(rdev);
2129 wdev = NULL;
2130 netdev = NULL;
2131 result = 0;
2132 } else
2133 wdev = netdev->ieee80211_ptr;
2134
2135
2136
2137
2138
2139
2140 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2141 result = cfg80211_dev_rename(
2142 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2143
2144 if (result)
2145 return result;
2146
2147 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2148 struct ieee80211_txq_params txq_params;
2149 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2150
2151 if (!rdev->ops->set_txq_params)
2152 return -EOPNOTSUPP;
2153
2154 if (!netdev)
2155 return -EINVAL;
2156
2157 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2158 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2159 return -EINVAL;
2160
2161 if (!netif_running(netdev))
2162 return -ENETDOWN;
2163
2164 nla_for_each_nested(nl_txq_params,
2165 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2166 rem_txq_params) {
2167 result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2168 nla_data(nl_txq_params),
2169 nla_len(nl_txq_params),
2170 txq_params_policy);
2171 if (result)
2172 return result;
2173 result = parse_txq_params(tb, &txq_params);
2174 if (result)
2175 return result;
2176
2177 result = rdev_set_txq_params(rdev, netdev,
2178 &txq_params);
2179 if (result)
2180 return result;
2181 }
2182 }
2183
2184 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2185 result = __nl80211_set_channel(
2186 rdev,
2187 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2188 info);
2189 if (result)
2190 return result;
2191 }
2192
2193 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2194 struct wireless_dev *txp_wdev = wdev;
2195 enum nl80211_tx_power_setting type;
2196 int idx, mbm = 0;
2197
2198 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2199 txp_wdev = NULL;
2200
2201 if (!rdev->ops->set_tx_power)
2202 return -EOPNOTSUPP;
2203
2204 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2205 type = nla_get_u32(info->attrs[idx]);
2206
2207 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2208 (type != NL80211_TX_POWER_AUTOMATIC))
2209 return -EINVAL;
2210
2211 if (type != NL80211_TX_POWER_AUTOMATIC) {
2212 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2213 mbm = nla_get_u32(info->attrs[idx]);
2214 }
2215
2216 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2217 if (result)
2218 return result;
2219 }
2220
2221 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2222 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2223 u32 tx_ant, rx_ant;
2224 if ((!rdev->wiphy.available_antennas_tx &&
2225 !rdev->wiphy.available_antennas_rx) ||
2226 !rdev->ops->set_antenna)
2227 return -EOPNOTSUPP;
2228
2229 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2230 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2231
2232
2233
2234 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2235 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2236 return -EINVAL;
2237
2238 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2239 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2240
2241 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2242 if (result)
2243 return result;
2244 }
2245
2246 changed = 0;
2247
2248 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2249 retry_short = nla_get_u8(
2250 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2251 if (retry_short == 0)
2252 return -EINVAL;
2253
2254 changed |= WIPHY_PARAM_RETRY_SHORT;
2255 }
2256
2257 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2258 retry_long = nla_get_u8(
2259 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2260 if (retry_long == 0)
2261 return -EINVAL;
2262
2263 changed |= WIPHY_PARAM_RETRY_LONG;
2264 }
2265
2266 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2267 frag_threshold = nla_get_u32(
2268 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2269 if (frag_threshold < 256)
2270 return -EINVAL;
2271
2272 if (frag_threshold != (u32) -1) {
2273
2274
2275
2276
2277
2278
2279 frag_threshold &= ~0x1;
2280 }
2281 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2282 }
2283
2284 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2285 rts_threshold = nla_get_u32(
2286 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2287 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2288 }
2289
2290 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2291 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2292 return -EINVAL;
2293
2294 coverage_class = nla_get_u8(
2295 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2296 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2297 }
2298
2299 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2300 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2301 return -EOPNOTSUPP;
2302
2303 changed |= WIPHY_PARAM_DYN_ACK;
2304 }
2305
2306 if (changed) {
2307 u8 old_retry_short, old_retry_long;
2308 u32 old_frag_threshold, old_rts_threshold;
2309 u8 old_coverage_class;
2310
2311 if (!rdev->ops->set_wiphy_params)
2312 return -EOPNOTSUPP;
2313
2314 old_retry_short = rdev->wiphy.retry_short;
2315 old_retry_long = rdev->wiphy.retry_long;
2316 old_frag_threshold = rdev->wiphy.frag_threshold;
2317 old_rts_threshold = rdev->wiphy.rts_threshold;
2318 old_coverage_class = rdev->wiphy.coverage_class;
2319
2320 if (changed & WIPHY_PARAM_RETRY_SHORT)
2321 rdev->wiphy.retry_short = retry_short;
2322 if (changed & WIPHY_PARAM_RETRY_LONG)
2323 rdev->wiphy.retry_long = retry_long;
2324 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2325 rdev->wiphy.frag_threshold = frag_threshold;
2326 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2327 rdev->wiphy.rts_threshold = rts_threshold;
2328 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2329 rdev->wiphy.coverage_class = coverage_class;
2330
2331 result = rdev_set_wiphy_params(rdev, changed);
2332 if (result) {
2333 rdev->wiphy.retry_short = old_retry_short;
2334 rdev->wiphy.retry_long = old_retry_long;
2335 rdev->wiphy.frag_threshold = old_frag_threshold;
2336 rdev->wiphy.rts_threshold = old_rts_threshold;
2337 rdev->wiphy.coverage_class = old_coverage_class;
2338 return result;
2339 }
2340 }
2341 return 0;
2342}
2343
2344static inline u64 wdev_id(struct wireless_dev *wdev)
2345{
2346 return (u64)wdev->identifier |
2347 ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2348}
2349
2350static int nl80211_send_chandef(struct sk_buff *msg,
2351 const struct cfg80211_chan_def *chandef)
2352{
2353 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2354 return -EINVAL;
2355
2356 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2357 chandef->chan->center_freq))
2358 return -ENOBUFS;
2359 switch (chandef->width) {
2360 case NL80211_CHAN_WIDTH_20_NOHT:
2361 case NL80211_CHAN_WIDTH_20:
2362 case NL80211_CHAN_WIDTH_40:
2363 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2364 cfg80211_get_chandef_type(chandef)))
2365 return -ENOBUFS;
2366 break;
2367 default:
2368 break;
2369 }
2370 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2371 return -ENOBUFS;
2372 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2373 return -ENOBUFS;
2374 if (chandef->center_freq2 &&
2375 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2376 return -ENOBUFS;
2377 return 0;
2378}
2379
2380static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2381 struct cfg80211_registered_device *rdev,
2382 struct wireless_dev *wdev, bool removal)
2383{
2384 struct net_device *dev = wdev->netdev;
2385 u8 cmd = NL80211_CMD_NEW_INTERFACE;
2386 void *hdr;
2387
2388 if (removal)
2389 cmd = NL80211_CMD_DEL_INTERFACE;
2390
2391 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2392 if (!hdr)
2393 return -1;
2394
2395 if (dev &&
2396 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2397 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2398 goto nla_put_failure;
2399
2400 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2401 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2402 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2403 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2404 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2405 rdev->devlist_generation ^
2406 (cfg80211_rdev_list_generation << 2)))
2407 goto nla_put_failure;
2408
2409 if (rdev->ops->get_channel) {
2410 int ret;
2411 struct cfg80211_chan_def chandef;
2412
2413 ret = rdev_get_channel(rdev, wdev, &chandef);
2414 if (ret == 0) {
2415 if (nl80211_send_chandef(msg, &chandef))
2416 goto nla_put_failure;
2417 }
2418 }
2419
2420 if (rdev->ops->get_tx_power) {
2421 int dbm, ret;
2422
2423 ret = rdev_get_tx_power(rdev, wdev, &dbm);
2424 if (ret == 0 &&
2425 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2426 DBM_TO_MBM(dbm)))
2427 goto nla_put_failure;
2428 }
2429
2430 if (wdev->ssid_len) {
2431 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2432 goto nla_put_failure;
2433 }
2434
2435 genlmsg_end(msg, hdr);
2436 return 0;
2437
2438 nla_put_failure:
2439 genlmsg_cancel(msg, hdr);
2440 return -EMSGSIZE;
2441}
2442
2443static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2444{
2445 int wp_idx = 0;
2446 int if_idx = 0;
2447 int wp_start = cb->args[0];
2448 int if_start = cb->args[1];
2449 struct cfg80211_registered_device *rdev;
2450 struct wireless_dev *wdev;
2451
2452 rtnl_lock();
2453 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2454 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2455 continue;
2456 if (wp_idx < wp_start) {
2457 wp_idx++;
2458 continue;
2459 }
2460 if_idx = 0;
2461
2462 list_for_each_entry(wdev, &rdev->wdev_list, list) {
2463 if (if_idx < if_start) {
2464 if_idx++;
2465 continue;
2466 }
2467 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2468 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2469 rdev, wdev, false) < 0) {
2470 goto out;
2471 }
2472 if_idx++;
2473 }
2474
2475 wp_idx++;
2476 }
2477 out:
2478 rtnl_unlock();
2479
2480 cb->args[0] = wp_idx;
2481 cb->args[1] = if_idx;
2482
2483 return skb->len;
2484}
2485
2486static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2487{
2488 struct sk_buff *msg;
2489 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2490 struct wireless_dev *wdev = info->user_ptr[1];
2491
2492 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2493 if (!msg)
2494 return -ENOMEM;
2495
2496 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2497 rdev, wdev, false) < 0) {
2498 nlmsg_free(msg);
2499 return -ENOBUFS;
2500 }
2501
2502 return genlmsg_reply(msg, info);
2503}
2504
2505static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2506 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2507 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2508 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2509 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2510 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2511 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2512};
2513
2514static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2515{
2516 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2517 int flag;
2518
2519 *mntrflags = 0;
2520
2521 if (!nla)
2522 return -EINVAL;
2523
2524 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2525 nla, mntr_flags_policy))
2526 return -EINVAL;
2527
2528 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2529 if (flags[flag])
2530 *mntrflags |= (1<<flag);
2531
2532 return 0;
2533}
2534
2535static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2536 struct net_device *netdev, u8 use_4addr,
2537 enum nl80211_iftype iftype)
2538{
2539 if (!use_4addr) {
2540 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2541 return -EBUSY;
2542 return 0;
2543 }
2544
2545 switch (iftype) {
2546 case NL80211_IFTYPE_AP_VLAN:
2547 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2548 return 0;
2549 break;
2550 case NL80211_IFTYPE_STATION:
2551 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2552 return 0;
2553 break;
2554 default:
2555 break;
2556 }
2557
2558 return -EOPNOTSUPP;
2559}
2560
2561static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2562{
2563 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2564 struct vif_params params;
2565 int err;
2566 enum nl80211_iftype otype, ntype;
2567 struct net_device *dev = info->user_ptr[1];
2568 u32 _flags, *flags = NULL;
2569 bool change = false;
2570
2571 memset(¶ms, 0, sizeof(params));
2572
2573 otype = ntype = dev->ieee80211_ptr->iftype;
2574
2575 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2576 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2577 if (otype != ntype)
2578 change = true;
2579 if (ntype > NL80211_IFTYPE_MAX)
2580 return -EINVAL;
2581 }
2582
2583 if (info->attrs[NL80211_ATTR_MESH_ID]) {
2584 struct wireless_dev *wdev = dev->ieee80211_ptr;
2585
2586 if (ntype != NL80211_IFTYPE_MESH_POINT)
2587 return -EINVAL;
2588 if (netif_running(dev))
2589 return -EBUSY;
2590
2591 wdev_lock(wdev);
2592 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2593 IEEE80211_MAX_MESH_ID_LEN);
2594 wdev->mesh_id_up_len =
2595 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2596 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2597 wdev->mesh_id_up_len);
2598 wdev_unlock(wdev);
2599 }
2600
2601 if (info->attrs[NL80211_ATTR_4ADDR]) {
2602 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2603 change = true;
2604 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2605 if (err)
2606 return err;
2607 } else {
2608 params.use_4addr = -1;
2609 }
2610
2611 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2612 if (ntype != NL80211_IFTYPE_MONITOR)
2613 return -EINVAL;
2614 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2615 &_flags);
2616 if (err)
2617 return err;
2618
2619 flags = &_flags;
2620 change = true;
2621 }
2622
2623 if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2624 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2625 return -EOPNOTSUPP;
2626
2627 if (change)
2628 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms);
2629 else
2630 err = 0;
2631
2632 if (!err && params.use_4addr != -1)
2633 dev->ieee80211_ptr->use_4addr = params.use_4addr;
2634
2635 return err;
2636}
2637
2638static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2639{
2640 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2641 struct vif_params params;
2642 struct wireless_dev *wdev;
2643 struct sk_buff *msg, *event;
2644 int err;
2645 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2646 u32 flags;
2647
2648
2649 cfg80211_destroy_ifaces(rdev);
2650
2651 memset(¶ms, 0, sizeof(params));
2652
2653 if (!info->attrs[NL80211_ATTR_IFNAME])
2654 return -EINVAL;
2655
2656 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2657 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2658 if (type > NL80211_IFTYPE_MAX)
2659 return -EINVAL;
2660 }
2661
2662 if (!rdev->ops->add_virtual_intf ||
2663 !(rdev->wiphy.interface_modes & (1 << type)))
2664 return -EOPNOTSUPP;
2665
2666 if ((type == NL80211_IFTYPE_P2P_DEVICE ||
2667 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
2668 info->attrs[NL80211_ATTR_MAC]) {
2669 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2670 ETH_ALEN);
2671 if (!is_valid_ether_addr(params.macaddr))
2672 return -EADDRNOTAVAIL;
2673 }
2674
2675 if (info->attrs[NL80211_ATTR_4ADDR]) {
2676 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2677 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2678 if (err)
2679 return err;
2680 }
2681
2682 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2683 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2684 &flags);
2685
2686 if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2687 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2688 return -EOPNOTSUPP;
2689
2690 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2691 if (!msg)
2692 return -ENOMEM;
2693
2694 wdev = rdev_add_virtual_intf(rdev,
2695 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2696 NET_NAME_USER, type, err ? NULL : &flags,
2697 ¶ms);
2698 if (WARN_ON(!wdev)) {
2699 nlmsg_free(msg);
2700 return -EPROTO;
2701 } else if (IS_ERR(wdev)) {
2702 nlmsg_free(msg);
2703 return PTR_ERR(wdev);
2704 }
2705
2706 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
2707 wdev->owner_nlportid = info->snd_portid;
2708
2709 switch (type) {
2710 case NL80211_IFTYPE_MESH_POINT:
2711 if (!info->attrs[NL80211_ATTR_MESH_ID])
2712 break;
2713 wdev_lock(wdev);
2714 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2715 IEEE80211_MAX_MESH_ID_LEN);
2716 wdev->mesh_id_up_len =
2717 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2718 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2719 wdev->mesh_id_up_len);
2720 wdev_unlock(wdev);
2721 break;
2722 case NL80211_IFTYPE_P2P_DEVICE:
2723
2724
2725
2726
2727 mutex_init(&wdev->mtx);
2728 INIT_LIST_HEAD(&wdev->event_list);
2729 spin_lock_init(&wdev->event_lock);
2730 INIT_LIST_HEAD(&wdev->mgmt_registrations);
2731 spin_lock_init(&wdev->mgmt_registrations_lock);
2732
2733 wdev->identifier = ++rdev->wdev_id;
2734 list_add_rcu(&wdev->list, &rdev->wdev_list);
2735 rdev->devlist_generation++;
2736 break;
2737 default:
2738 break;
2739 }
2740
2741 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2742 rdev, wdev, false) < 0) {
2743 nlmsg_free(msg);
2744 return -ENOBUFS;
2745 }
2746
2747 event = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2748 if (event) {
2749 if (nl80211_send_iface(event, 0, 0, 0,
2750 rdev, wdev, false) < 0) {
2751 nlmsg_free(event);
2752 goto out;
2753 }
2754
2755 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
2756 event, 0, NL80211_MCGRP_CONFIG,
2757 GFP_KERNEL);
2758 }
2759
2760out:
2761 return genlmsg_reply(msg, info);
2762}
2763
2764static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2765{
2766 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2767 struct wireless_dev *wdev = info->user_ptr[1];
2768 struct sk_buff *msg;
2769 int status;
2770
2771 if (!rdev->ops->del_virtual_intf)
2772 return -EOPNOTSUPP;
2773
2774 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2775 if (msg && nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, true) < 0) {
2776 nlmsg_free(msg);
2777 msg = NULL;
2778 }
2779
2780
2781
2782
2783
2784
2785
2786
2787 if (!wdev->netdev)
2788 info->user_ptr[1] = NULL;
2789
2790 status = rdev_del_virtual_intf(rdev, wdev);
2791 if (status >= 0 && msg)
2792 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
2793 msg, 0, NL80211_MCGRP_CONFIG,
2794 GFP_KERNEL);
2795 else
2796 nlmsg_free(msg);
2797
2798 return status;
2799}
2800
2801static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2802{
2803 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2804 struct net_device *dev = info->user_ptr[1];
2805 u16 noack_map;
2806
2807 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2808 return -EINVAL;
2809
2810 if (!rdev->ops->set_noack_map)
2811 return -EOPNOTSUPP;
2812
2813 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2814
2815 return rdev_set_noack_map(rdev, dev, noack_map);
2816}
2817
2818struct get_key_cookie {
2819 struct sk_buff *msg;
2820 int error;
2821 int idx;
2822};
2823
2824static void get_key_callback(void *c, struct key_params *params)
2825{
2826 struct nlattr *key;
2827 struct get_key_cookie *cookie = c;
2828
2829 if ((params->key &&
2830 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2831 params->key_len, params->key)) ||
2832 (params->seq &&
2833 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2834 params->seq_len, params->seq)) ||
2835 (params->cipher &&
2836 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2837 params->cipher)))
2838 goto nla_put_failure;
2839
2840 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2841 if (!key)
2842 goto nla_put_failure;
2843
2844 if ((params->key &&
2845 nla_put(cookie->msg, NL80211_KEY_DATA,
2846 params->key_len, params->key)) ||
2847 (params->seq &&
2848 nla_put(cookie->msg, NL80211_KEY_SEQ,
2849 params->seq_len, params->seq)) ||
2850 (params->cipher &&
2851 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2852 params->cipher)))
2853 goto nla_put_failure;
2854
2855 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2856 goto nla_put_failure;
2857
2858 nla_nest_end(cookie->msg, key);
2859
2860 return;
2861 nla_put_failure:
2862 cookie->error = 1;
2863}
2864
2865static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2866{
2867 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2868 int err;
2869 struct net_device *dev = info->user_ptr[1];
2870 u8 key_idx = 0;
2871 const u8 *mac_addr = NULL;
2872 bool pairwise;
2873 struct get_key_cookie cookie = {
2874 .error = 0,
2875 };
2876 void *hdr;
2877 struct sk_buff *msg;
2878
2879 if (info->attrs[NL80211_ATTR_KEY_IDX])
2880 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2881
2882 if (key_idx > 5)
2883 return -EINVAL;
2884
2885 if (info->attrs[NL80211_ATTR_MAC])
2886 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2887
2888 pairwise = !!mac_addr;
2889 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2890 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2891 if (kt >= NUM_NL80211_KEYTYPES)
2892 return -EINVAL;
2893 if (kt != NL80211_KEYTYPE_GROUP &&
2894 kt != NL80211_KEYTYPE_PAIRWISE)
2895 return -EINVAL;
2896 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2897 }
2898
2899 if (!rdev->ops->get_key)
2900 return -EOPNOTSUPP;
2901
2902 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2903 return -ENOENT;
2904
2905 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2906 if (!msg)
2907 return -ENOMEM;
2908
2909 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2910 NL80211_CMD_NEW_KEY);
2911 if (!hdr)
2912 goto nla_put_failure;
2913
2914 cookie.msg = msg;
2915 cookie.idx = key_idx;
2916
2917 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2918 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2919 goto nla_put_failure;
2920 if (mac_addr &&
2921 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2922 goto nla_put_failure;
2923
2924 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2925 get_key_callback);
2926
2927 if (err)
2928 goto free_msg;
2929
2930 if (cookie.error)
2931 goto nla_put_failure;
2932
2933 genlmsg_end(msg, hdr);
2934 return genlmsg_reply(msg, info);
2935
2936 nla_put_failure:
2937 err = -ENOBUFS;
2938 free_msg:
2939 nlmsg_free(msg);
2940 return err;
2941}
2942
2943static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2944{
2945 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2946 struct key_parse key;
2947 int err;
2948 struct net_device *dev = info->user_ptr[1];
2949
2950 err = nl80211_parse_key(info, &key);
2951 if (err)
2952 return err;
2953
2954 if (key.idx < 0)
2955 return -EINVAL;
2956
2957
2958 if (!key.def && !key.defmgmt)
2959 return -EINVAL;
2960
2961 wdev_lock(dev->ieee80211_ptr);
2962
2963 if (key.def) {
2964 if (!rdev->ops->set_default_key) {
2965 err = -EOPNOTSUPP;
2966 goto out;
2967 }
2968
2969 err = nl80211_key_allowed(dev->ieee80211_ptr);
2970 if (err)
2971 goto out;
2972
2973 err = rdev_set_default_key(rdev, dev, key.idx,
2974 key.def_uni, key.def_multi);
2975
2976 if (err)
2977 goto out;
2978
2979#ifdef CONFIG_CFG80211_WEXT
2980 dev->ieee80211_ptr->wext.default_key = key.idx;
2981#endif
2982 } else {
2983 if (key.def_uni || !key.def_multi) {
2984 err = -EINVAL;
2985 goto out;
2986 }
2987
2988 if (!rdev->ops->set_default_mgmt_key) {
2989 err = -EOPNOTSUPP;
2990 goto out;
2991 }
2992
2993 err = nl80211_key_allowed(dev->ieee80211_ptr);
2994 if (err)
2995 goto out;
2996
2997 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2998 if (err)
2999 goto out;
3000
3001#ifdef CONFIG_CFG80211_WEXT
3002 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3003#endif
3004 }
3005
3006 out:
3007 wdev_unlock(dev->ieee80211_ptr);
3008
3009 return err;
3010}
3011
3012static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3013{
3014 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3015 int err;
3016 struct net_device *dev = info->user_ptr[1];
3017 struct key_parse key;
3018 const u8 *mac_addr = NULL;
3019
3020 err = nl80211_parse_key(info, &key);
3021 if (err)
3022 return err;
3023
3024 if (!key.p.key)
3025 return -EINVAL;
3026
3027 if (info->attrs[NL80211_ATTR_MAC])
3028 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3029
3030 if (key.type == -1) {
3031 if (mac_addr)
3032 key.type = NL80211_KEYTYPE_PAIRWISE;
3033 else
3034 key.type = NL80211_KEYTYPE_GROUP;
3035 }
3036
3037
3038 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3039 key.type != NL80211_KEYTYPE_GROUP)
3040 return -EINVAL;
3041
3042 if (!rdev->ops->add_key)
3043 return -EOPNOTSUPP;
3044
3045 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3046 key.type == NL80211_KEYTYPE_PAIRWISE,
3047 mac_addr))
3048 return -EINVAL;
3049
3050 wdev_lock(dev->ieee80211_ptr);
3051 err = nl80211_key_allowed(dev->ieee80211_ptr);
3052 if (!err)
3053 err = rdev_add_key(rdev, dev, key.idx,
3054 key.type == NL80211_KEYTYPE_PAIRWISE,
3055 mac_addr, &key.p);
3056 wdev_unlock(dev->ieee80211_ptr);
3057
3058 return err;
3059}
3060
3061static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3062{
3063 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3064 int err;
3065 struct net_device *dev = info->user_ptr[1];
3066 u8 *mac_addr = NULL;
3067 struct key_parse key;
3068
3069 err = nl80211_parse_key(info, &key);
3070 if (err)
3071 return err;
3072
3073 if (info->attrs[NL80211_ATTR_MAC])
3074 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3075
3076 if (key.type == -1) {
3077 if (mac_addr)
3078 key.type = NL80211_KEYTYPE_PAIRWISE;
3079 else
3080 key.type = NL80211_KEYTYPE_GROUP;
3081 }
3082
3083
3084 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3085 key.type != NL80211_KEYTYPE_GROUP)
3086 return -EINVAL;
3087
3088 if (!rdev->ops->del_key)
3089 return -EOPNOTSUPP;
3090
3091 wdev_lock(dev->ieee80211_ptr);
3092 err = nl80211_key_allowed(dev->ieee80211_ptr);
3093
3094 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3095 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3096 err = -ENOENT;
3097
3098 if (!err)
3099 err = rdev_del_key(rdev, dev, key.idx,
3100 key.type == NL80211_KEYTYPE_PAIRWISE,
3101 mac_addr);
3102
3103#ifdef CONFIG_CFG80211_WEXT
3104 if (!err) {
3105 if (key.idx == dev->ieee80211_ptr->wext.default_key)
3106 dev->ieee80211_ptr->wext.default_key = -1;
3107 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3108 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3109 }
3110#endif
3111 wdev_unlock(dev->ieee80211_ptr);
3112
3113 return err;
3114}
3115
3116
3117static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3118{
3119 struct nlattr *attr;
3120 int n_entries = 0, tmp;
3121
3122 nla_for_each_nested(attr, nl_attr, tmp) {
3123 if (nla_len(attr) != ETH_ALEN)
3124 return -EINVAL;
3125
3126 n_entries++;
3127 }
3128
3129 return n_entries;
3130}
3131
3132
3133
3134
3135
3136
3137static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3138 struct genl_info *info)
3139{
3140 enum nl80211_acl_policy acl_policy;
3141 struct nlattr *attr;
3142 struct cfg80211_acl_data *acl;
3143 int i = 0, n_entries, tmp;
3144
3145 if (!wiphy->max_acl_mac_addrs)
3146 return ERR_PTR(-EOPNOTSUPP);
3147
3148 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3149 return ERR_PTR(-EINVAL);
3150
3151 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3152 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3153 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3154 return ERR_PTR(-EINVAL);
3155
3156 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3157 return ERR_PTR(-EINVAL);
3158
3159 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3160 if (n_entries < 0)
3161 return ERR_PTR(n_entries);
3162
3163 if (n_entries > wiphy->max_acl_mac_addrs)
3164 return ERR_PTR(-ENOTSUPP);
3165
3166 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3167 GFP_KERNEL);
3168 if (!acl)
3169 return ERR_PTR(-ENOMEM);
3170
3171 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3172 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3173 i++;
3174 }
3175
3176 acl->n_acl_entries = n_entries;
3177 acl->acl_policy = acl_policy;
3178
3179 return acl;
3180}
3181
3182static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3183{
3184 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3185 struct net_device *dev = info->user_ptr[1];
3186 struct cfg80211_acl_data *acl;
3187 int err;
3188
3189 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3190 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3191 return -EOPNOTSUPP;
3192
3193 if (!dev->ieee80211_ptr->beacon_interval)
3194 return -EINVAL;
3195
3196 acl = parse_acl_data(&rdev->wiphy, info);
3197 if (IS_ERR(acl))
3198 return PTR_ERR(acl);
3199
3200 err = rdev_set_mac_acl(rdev, dev, acl);
3201
3202 kfree(acl);
3203
3204 return err;
3205}
3206
3207static int nl80211_parse_beacon(struct nlattr *attrs[],
3208 struct cfg80211_beacon_data *bcn)
3209{
3210 bool haveinfo = false;
3211
3212 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3213 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3214 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3215 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3216 return -EINVAL;
3217
3218 memset(bcn, 0, sizeof(*bcn));
3219
3220 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3221 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3222 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3223 if (!bcn->head_len)
3224 return -EINVAL;
3225 haveinfo = true;
3226 }
3227
3228 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3229 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3230 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3231 haveinfo = true;
3232 }
3233
3234 if (!haveinfo)
3235 return -EINVAL;
3236
3237 if (attrs[NL80211_ATTR_IE]) {
3238 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3239 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3240 }
3241
3242 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3243 bcn->proberesp_ies =
3244 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3245 bcn->proberesp_ies_len =
3246 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3247 }
3248
3249 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3250 bcn->assocresp_ies =
3251 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3252 bcn->assocresp_ies_len =
3253 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3254 }
3255
3256 if (attrs[NL80211_ATTR_PROBE_RESP]) {
3257 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3258 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3259 }
3260
3261 return 0;
3262}
3263
3264static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3265 struct cfg80211_ap_settings *params)
3266{
3267 struct wireless_dev *wdev;
3268 bool ret = false;
3269
3270 list_for_each_entry(wdev, &rdev->wdev_list, list) {
3271 if (wdev->iftype != NL80211_IFTYPE_AP &&
3272 wdev->iftype != NL80211_IFTYPE_P2P_GO)
3273 continue;
3274
3275 if (!wdev->preset_chandef.chan)
3276 continue;
3277
3278 params->chandef = wdev->preset_chandef;
3279 ret = true;
3280 break;
3281 }
3282
3283 return ret;
3284}
3285
3286static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3287 enum nl80211_auth_type auth_type,
3288 enum nl80211_commands cmd)
3289{
3290 if (auth_type > NL80211_AUTHTYPE_MAX)
3291 return false;
3292
3293 switch (cmd) {
3294 case NL80211_CMD_AUTHENTICATE:
3295 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3296 auth_type == NL80211_AUTHTYPE_SAE)
3297 return false;
3298 return true;
3299 case NL80211_CMD_CONNECT:
3300 case NL80211_CMD_START_AP:
3301
3302 if (auth_type == NL80211_AUTHTYPE_SAE)
3303 return false;
3304 return true;
3305 default:
3306 return false;
3307 }
3308}
3309
3310static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3311{
3312 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3313 struct net_device *dev = info->user_ptr[1];
3314 struct wireless_dev *wdev = dev->ieee80211_ptr;
3315 struct cfg80211_ap_settings params;
3316 int err;
3317
3318 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3319 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3320 return -EOPNOTSUPP;
3321
3322 if (!rdev->ops->start_ap)
3323 return -EOPNOTSUPP;
3324
3325 if (wdev->beacon_interval)
3326 return -EALREADY;
3327
3328 memset(¶ms, 0, sizeof(params));
3329
3330
3331 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3332 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3333 !info->attrs[NL80211_ATTR_BEACON_HEAD])
3334 return -EINVAL;
3335
3336 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon);
3337 if (err)
3338 return err;
3339
3340 params.beacon_interval =
3341 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3342 params.dtim_period =
3343 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3344
3345 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3346 if (err)
3347 return err;
3348
3349
3350
3351
3352
3353
3354
3355
3356 if (info->attrs[NL80211_ATTR_SSID]) {
3357 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3358 params.ssid_len =
3359 nla_len(info->attrs[NL80211_ATTR_SSID]);
3360 if (params.ssid_len == 0 ||
3361 params.ssid_len > IEEE80211_MAX_SSID_LEN)
3362 return -EINVAL;
3363 }
3364
3365 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3366 params.hidden_ssid = nla_get_u32(
3367 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3368 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3369 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3370 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3371 return -EINVAL;
3372 }
3373
3374 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3375
3376 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3377 params.auth_type = nla_get_u32(
3378 info->attrs[NL80211_ATTR_AUTH_TYPE]);
3379 if (!nl80211_valid_auth_type(rdev, params.auth_type,
3380 NL80211_CMD_START_AP))
3381 return -EINVAL;
3382 } else
3383 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3384
3385 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto,
3386 NL80211_MAX_NR_CIPHER_SUITES);
3387 if (err)
3388 return err;
3389
3390 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3391 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3392 return -EOPNOTSUPP;
3393 params.inactivity_timeout = nla_get_u16(
3394 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3395 }
3396
3397 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3398 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3399 return -EINVAL;
3400 params.p2p_ctwindow =
3401 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3402 if (params.p2p_ctwindow > 127)
3403 return -EINVAL;
3404 if (params.p2p_ctwindow != 0 &&
3405 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3406 return -EINVAL;
3407 }
3408
3409 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3410 u8 tmp;
3411
3412 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3413 return -EINVAL;
3414 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3415 if (tmp > 1)
3416 return -EINVAL;
3417 params.p2p_opp_ps = tmp;
3418 if (params.p2p_opp_ps != 0 &&
3419 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3420 return -EINVAL;
3421 }
3422
3423 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3424 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
3425 if (err)
3426 return err;
3427 } else if (wdev->preset_chandef.chan) {
3428 params.chandef = wdev->preset_chandef;
3429 } else if (!nl80211_get_ap_channel(rdev, ¶ms))
3430 return -EINVAL;
3431
3432 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
3433 wdev->iftype))
3434 return -EINVAL;
3435
3436 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
3437 params.smps_mode =
3438 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
3439 switch (params.smps_mode) {
3440 case NL80211_SMPS_OFF:
3441 break;
3442 case NL80211_SMPS_STATIC:
3443 if (!(rdev->wiphy.features &
3444 NL80211_FEATURE_STATIC_SMPS))
3445 return -EINVAL;
3446 break;
3447 case NL80211_SMPS_DYNAMIC:
3448 if (!(rdev->wiphy.features &
3449 NL80211_FEATURE_DYNAMIC_SMPS))
3450 return -EINVAL;
3451 break;
3452 default:
3453 return -EINVAL;
3454 }
3455 } else {
3456 params.smps_mode = NL80211_SMPS_OFF;
3457 }
3458
3459 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3460 params.acl = parse_acl_data(&rdev->wiphy, info);
3461 if (IS_ERR(params.acl))
3462 return PTR_ERR(params.acl);
3463 }
3464
3465 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
3466 if (params.pbss && !rdev->wiphy.bands[IEEE80211_BAND_60GHZ])
3467 return -EOPNOTSUPP;
3468
3469 wdev_lock(wdev);
3470 err = rdev_start_ap(rdev, dev, ¶ms);
3471 if (!err) {
3472 wdev->preset_chandef = params.chandef;
3473 wdev->beacon_interval = params.beacon_interval;
3474 wdev->chandef = params.chandef;
3475 wdev->ssid_len = params.ssid_len;
3476 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3477 }
3478 wdev_unlock(wdev);
3479
3480 kfree(params.acl);
3481
3482 return err;
3483}
3484
3485static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3486{
3487 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3488 struct net_device *dev = info->user_ptr[1];
3489 struct wireless_dev *wdev = dev->ieee80211_ptr;
3490 struct cfg80211_beacon_data params;
3491 int err;
3492
3493 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3494 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3495 return -EOPNOTSUPP;
3496
3497 if (!rdev->ops->change_beacon)
3498 return -EOPNOTSUPP;
3499
3500 if (!wdev->beacon_interval)
3501 return -EINVAL;
3502
3503 err = nl80211_parse_beacon(info->attrs, ¶ms);
3504 if (err)
3505 return err;
3506
3507 wdev_lock(wdev);
3508 err = rdev_change_beacon(rdev, dev, ¶ms);
3509 wdev_unlock(wdev);
3510
3511 return err;
3512}
3513
3514static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3515{
3516 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3517 struct net_device *dev = info->user_ptr[1];
3518
3519 return cfg80211_stop_ap(rdev, dev, false);
3520}
3521
3522static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3523 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3524 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3525 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3526 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3527 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3528 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3529};
3530
3531static int parse_station_flags(struct genl_info *info,
3532 enum nl80211_iftype iftype,
3533 struct station_parameters *params)
3534{
3535 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3536 struct nlattr *nla;
3537 int flag;
3538
3539
3540
3541
3542
3543 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3544 if (nla) {
3545 struct nl80211_sta_flag_update *sta_flags;
3546
3547 sta_flags = nla_data(nla);
3548 params->sta_flags_mask = sta_flags->mask;
3549 params->sta_flags_set = sta_flags->set;
3550 params->sta_flags_set &= params->sta_flags_mask;
3551 if ((params->sta_flags_mask |
3552 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3553 return -EINVAL;
3554 return 0;
3555 }
3556
3557
3558
3559 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3560 if (!nla)
3561 return 0;
3562
3563 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3564 nla, sta_flags_policy))
3565 return -EINVAL;
3566
3567
3568
3569
3570
3571
3572
3573 switch (iftype) {
3574 case NL80211_IFTYPE_AP:
3575 case NL80211_IFTYPE_AP_VLAN:
3576 case NL80211_IFTYPE_P2P_GO:
3577 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3578 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3579 BIT(NL80211_STA_FLAG_WME) |
3580 BIT(NL80211_STA_FLAG_MFP);
3581 break;
3582 case NL80211_IFTYPE_P2P_CLIENT:
3583 case NL80211_IFTYPE_STATION:
3584 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3585 BIT(NL80211_STA_FLAG_TDLS_PEER);
3586 break;
3587 case NL80211_IFTYPE_MESH_POINT:
3588 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3589 BIT(NL80211_STA_FLAG_MFP) |
3590 BIT(NL80211_STA_FLAG_AUTHORIZED);
3591 default:
3592 return -EINVAL;
3593 }
3594
3595 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3596 if (flags[flag]) {
3597 params->sta_flags_set |= (1<<flag);
3598
3599
3600 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3601 return -EINVAL;
3602 }
3603 }
3604
3605 return 0;
3606}
3607
3608static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3609 int attr)
3610{
3611 struct nlattr *rate;
3612 u32 bitrate;
3613 u16 bitrate_compat;
3614 enum nl80211_attrs rate_flg;
3615
3616 rate = nla_nest_start(msg, attr);
3617 if (!rate)
3618 return false;
3619
3620
3621 bitrate = cfg80211_calculate_bitrate(info);
3622
3623 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3624 if (bitrate > 0 &&
3625 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3626 return false;
3627 if (bitrate_compat > 0 &&
3628 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3629 return false;
3630
3631 switch (info->bw) {
3632 case RATE_INFO_BW_5:
3633 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
3634 break;
3635 case RATE_INFO_BW_10:
3636 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
3637 break;
3638 default:
3639 WARN_ON(1);
3640
3641 case RATE_INFO_BW_20:
3642 rate_flg = 0;
3643 break;
3644 case RATE_INFO_BW_40:
3645 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
3646 break;
3647 case RATE_INFO_BW_80:
3648 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
3649 break;
3650 case RATE_INFO_BW_160:
3651 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
3652 break;
3653 }
3654
3655 if (rate_flg && nla_put_flag(msg, rate_flg))
3656 return false;
3657
3658 if (info->flags & RATE_INFO_FLAGS_MCS) {
3659 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3660 return false;
3661 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3662 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3663 return false;
3664 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3665 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3666 return false;
3667 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3668 return false;
3669 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3670 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3671 return false;
3672 }
3673
3674 nla_nest_end(msg, rate);
3675 return true;
3676}
3677
3678static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3679 int id)
3680{
3681 void *attr;
3682 int i = 0;
3683
3684 if (!mask)
3685 return true;
3686
3687 attr = nla_nest_start(msg, id);
3688 if (!attr)
3689 return false;
3690
3691 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3692 if (!(mask & BIT(i)))
3693 continue;
3694
3695 if (nla_put_u8(msg, i, signal[i]))
3696 return false;
3697 }
3698
3699 nla_nest_end(msg, attr);
3700
3701 return true;
3702}
3703
3704static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
3705 u32 seq, int flags,
3706 struct cfg80211_registered_device *rdev,
3707 struct net_device *dev,
3708 const u8 *mac_addr, struct station_info *sinfo)
3709{
3710 void *hdr;
3711 struct nlattr *sinfoattr, *bss_param;
3712
3713 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3714 if (!hdr)
3715 return -1;
3716
3717 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3718 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3719 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3720 goto nla_put_failure;
3721
3722 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3723 if (!sinfoattr)
3724 goto nla_put_failure;
3725
3726#define PUT_SINFO(attr, memb, type) do { \
3727 if (sinfo->filled & BIT(NL80211_STA_INFO_ ## attr) && \
3728 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
3729 sinfo->memb)) \
3730 goto nla_put_failure; \
3731 } while (0)
3732
3733 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
3734 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
3735
3736 if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) |
3737 BIT(NL80211_STA_INFO_RX_BYTES64)) &&
3738 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3739 (u32)sinfo->rx_bytes))
3740 goto nla_put_failure;
3741
3742 if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) |
3743 BIT(NL80211_STA_INFO_TX_BYTES64)) &&
3744 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3745 (u32)sinfo->tx_bytes))
3746 goto nla_put_failure;
3747
3748 PUT_SINFO(RX_BYTES64, rx_bytes, u64);
3749 PUT_SINFO(TX_BYTES64, tx_bytes, u64);
3750 PUT_SINFO(LLID, llid, u16);
3751 PUT_SINFO(PLID, plid, u16);
3752 PUT_SINFO(PLINK_STATE, plink_state, u8);
3753
3754 switch (rdev->wiphy.signal_type) {
3755 case CFG80211_SIGNAL_TYPE_MBM:
3756 PUT_SINFO(SIGNAL, signal, u8);
3757 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
3758 break;
3759 default:
3760 break;
3761 }
3762 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) {
3763 if (!nl80211_put_signal(msg, sinfo->chains,
3764 sinfo->chain_signal,
3765 NL80211_STA_INFO_CHAIN_SIGNAL))
3766 goto nla_put_failure;
3767 }
3768 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
3769 if (!nl80211_put_signal(msg, sinfo->chains,
3770 sinfo->chain_signal_avg,
3771 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3772 goto nla_put_failure;
3773 }
3774 if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
3775 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3776 NL80211_STA_INFO_TX_BITRATE))
3777 goto nla_put_failure;
3778 }
3779 if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) {
3780 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3781 NL80211_STA_INFO_RX_BITRATE))
3782 goto nla_put_failure;
3783 }
3784
3785 PUT_SINFO(RX_PACKETS, rx_packets, u32);
3786 PUT_SINFO(TX_PACKETS, tx_packets, u32);
3787 PUT_SINFO(TX_RETRIES, tx_retries, u32);
3788 PUT_SINFO(TX_FAILED, tx_failed, u32);
3789 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
3790 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
3791 PUT_SINFO(LOCAL_PM, local_pm, u32);
3792 PUT_SINFO(PEER_PM, peer_pm, u32);
3793 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
3794
3795 if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) {
3796 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3797 if (!bss_param)
3798 goto nla_put_failure;
3799
3800 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3801 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3802 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3803 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3804 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3805 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3806 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3807 sinfo->bss_param.dtim_period) ||
3808 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3809 sinfo->bss_param.beacon_interval))
3810 goto nla_put_failure;
3811
3812 nla_nest_end(msg, bss_param);
3813 }
3814 if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) &&
3815 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3816 sizeof(struct nl80211_sta_flag_update),
3817 &sinfo->sta_flags))
3818 goto nla_put_failure;
3819
3820 PUT_SINFO(T_OFFSET, t_offset, u64);
3821 PUT_SINFO(RX_DROP_MISC, rx_dropped_misc, u64);
3822 PUT_SINFO(BEACON_RX, rx_beacon, u64);
3823 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
3824
3825#undef PUT_SINFO
3826
3827 if (sinfo->filled & BIT(NL80211_STA_INFO_TID_STATS)) {
3828 struct nlattr *tidsattr;
3829 int tid;
3830
3831 tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
3832 if (!tidsattr)
3833 goto nla_put_failure;
3834
3835 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
3836 struct cfg80211_tid_stats *tidstats;
3837 struct nlattr *tidattr;
3838
3839 tidstats = &sinfo->pertid[tid];
3840
3841 if (!tidstats->filled)
3842 continue;
3843
3844 tidattr = nla_nest_start(msg, tid + 1);
3845 if (!tidattr)
3846 goto nla_put_failure;
3847
3848#define PUT_TIDVAL(attr, memb, type) do { \
3849 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
3850 nla_put_ ## type(msg, NL80211_TID_STATS_ ## attr, \
3851 tidstats->memb)) \
3852 goto nla_put_failure; \
3853 } while (0)
3854
3855 PUT_TIDVAL(RX_MSDU, rx_msdu, u64);
3856 PUT_TIDVAL(TX_MSDU, tx_msdu, u64);
3857 PUT_TIDVAL(TX_MSDU_RETRIES, tx_msdu_retries, u64);
3858 PUT_TIDVAL(TX_MSDU_FAILED, tx_msdu_failed, u64);
3859
3860#undef PUT_TIDVAL
3861 nla_nest_end(msg, tidattr);
3862 }
3863
3864 nla_nest_end(msg, tidsattr);
3865 }
3866
3867 nla_nest_end(msg, sinfoattr);
3868
3869 if (sinfo->assoc_req_ies_len &&
3870 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3871 sinfo->assoc_req_ies))
3872 goto nla_put_failure;
3873
3874 genlmsg_end(msg, hdr);
3875 return 0;
3876
3877 nla_put_failure:
3878 genlmsg_cancel(msg, hdr);
3879 return -EMSGSIZE;
3880}
3881
3882static int nl80211_dump_station(struct sk_buff *skb,
3883 struct netlink_callback *cb)
3884{
3885 struct station_info sinfo;
3886 struct cfg80211_registered_device *rdev;
3887 struct wireless_dev *wdev;
3888 u8 mac_addr[ETH_ALEN];
3889 int sta_idx = cb->args[2];
3890 int err;
3891
3892 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
3893 if (err)
3894 return err;
3895
3896 if (!wdev->netdev) {
3897 err = -EINVAL;
3898 goto out_err;
3899 }
3900
3901 if (!rdev->ops->dump_station) {
3902 err = -EOPNOTSUPP;
3903 goto out_err;
3904 }
3905
3906 while (1) {
3907 memset(&sinfo, 0, sizeof(sinfo));
3908 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
3909 mac_addr, &sinfo);
3910 if (err == -ENOENT)
3911 break;
3912 if (err)
3913 goto out_err;
3914
3915 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
3916 NETLINK_CB(cb->skb).portid,
3917 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3918 rdev, wdev->netdev, mac_addr,
3919 &sinfo) < 0)
3920 goto out;
3921
3922 sta_idx++;
3923 }
3924
3925
3926 out:
3927 cb->args[2] = sta_idx;
3928 err = skb->len;
3929 out_err:
3930 nl80211_finish_wdev_dump(rdev);
3931
3932 return err;
3933}
3934
3935static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3936{
3937 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3938 struct net_device *dev = info->user_ptr[1];
3939 struct station_info sinfo;
3940 struct sk_buff *msg;
3941 u8 *mac_addr = NULL;
3942 int err;
3943
3944 memset(&sinfo, 0, sizeof(sinfo));
3945
3946 if (!info->attrs[NL80211_ATTR_MAC])
3947 return -EINVAL;
3948
3949 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3950
3951 if (!rdev->ops->get_station)
3952 return -EOPNOTSUPP;
3953
3954 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3955 if (err)
3956 return err;
3957
3958 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3959 if (!msg)
3960 return -ENOMEM;
3961
3962 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
3963 info->snd_portid, info->snd_seq, 0,
3964 rdev, dev, mac_addr, &sinfo) < 0) {
3965 nlmsg_free(msg);
3966 return -ENOBUFS;
3967 }
3968
3969 return genlmsg_reply(msg, info);
3970}
3971
3972int cfg80211_check_station_change(struct wiphy *wiphy,
3973 struct station_parameters *params,
3974 enum cfg80211_station_type statype)
3975{
3976 if (params->listen_interval != -1 &&
3977 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
3978 return -EINVAL;
3979
3980 if (params->aid &&
3981 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
3982 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
3983 return -EINVAL;
3984
3985
3986 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3987
3988 switch (statype) {
3989 case CFG80211_STA_MESH_PEER_KERNEL:
3990 case CFG80211_STA_MESH_PEER_USER:
3991
3992
3993
3994
3995
3996 if (params->sta_flags_mask &
3997 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3998 BIT(NL80211_STA_FLAG_MFP) |
3999 BIT(NL80211_STA_FLAG_AUTHORIZED)))
4000 return -EINVAL;
4001 break;
4002 case CFG80211_STA_TDLS_PEER_SETUP:
4003 case CFG80211_STA_TDLS_PEER_ACTIVE:
4004 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4005 return -EINVAL;
4006
4007 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4008 break;
4009 default:
4010
4011 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
4012 return -EINVAL;
4013 if (params->local_pm)
4014 return -EINVAL;
4015 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4016 return -EINVAL;
4017 }
4018
4019 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4020 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
4021
4022 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
4023 return -EINVAL;
4024
4025
4026
4027
4028
4029 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4030 }
4031
4032 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4033 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4034
4035 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
4036 return -EINVAL;
4037 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
4038 return -EINVAL;
4039 if (params->supported_rates)
4040 return -EINVAL;
4041 if (params->ext_capab || params->ht_capa || params->vht_capa)
4042 return -EINVAL;
4043 }
4044
4045 if (statype != CFG80211_STA_AP_CLIENT &&
4046 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4047 if (params->vlan)
4048 return -EINVAL;
4049 }
4050
4051 switch (statype) {
4052 case CFG80211_STA_AP_MLME_CLIENT:
4053
4054 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
4055 return -EOPNOTSUPP;
4056 break;
4057 case CFG80211_STA_AP_CLIENT:
4058 case CFG80211_STA_AP_CLIENT_UNASSOC:
4059
4060 if (params->sta_flags_mask &
4061 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4062 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4063 BIT(NL80211_STA_FLAG_ASSOCIATED) |
4064 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4065 BIT(NL80211_STA_FLAG_WME) |
4066 BIT(NL80211_STA_FLAG_MFP)))
4067 return -EINVAL;
4068
4069
4070 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4071 params->sta_flags_mask &
4072 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4073 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4074 return -EINVAL;
4075 break;
4076 case CFG80211_STA_IBSS:
4077 case CFG80211_STA_AP_STA:
4078
4079 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
4080 return -EINVAL;
4081 break;
4082 case CFG80211_STA_TDLS_PEER_SETUP:
4083
4084 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4085 BIT(NL80211_STA_FLAG_WME)))
4086 return -EINVAL;
4087
4088 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
4089 !params->supported_rates)
4090 return -EINVAL;
4091 break;
4092 case CFG80211_STA_TDLS_PEER_ACTIVE:
4093
4094 return -EINVAL;
4095 case CFG80211_STA_MESH_PEER_KERNEL:
4096 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4097 return -EINVAL;
4098 break;
4099 case CFG80211_STA_MESH_PEER_USER:
4100 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
4101 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
4102 return -EINVAL;
4103 break;
4104 }
4105
4106 return 0;
4107}
4108EXPORT_SYMBOL(cfg80211_check_station_change);
4109
4110
4111
4112
4113static struct net_device *get_vlan(struct genl_info *info,
4114 struct cfg80211_registered_device *rdev)
4115{
4116 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
4117 struct net_device *v;
4118 int ret;
4119
4120 if (!vlanattr)
4121 return NULL;
4122
4123 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
4124 if (!v)
4125 return ERR_PTR(-ENODEV);
4126
4127 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
4128 ret = -EINVAL;
4129 goto error;
4130 }
4131
4132 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4133 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4134 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
4135 ret = -EINVAL;
4136 goto error;
4137 }
4138
4139 if (!netif_running(v)) {
4140 ret = -ENETDOWN;
4141 goto error;
4142 }
4143
4144 return v;
4145 error:
4146 dev_put(v);
4147 return ERR_PTR(ret);
4148}
4149
4150static const struct nla_policy
4151nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4152 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
4153 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
4154};
4155
4156static int nl80211_parse_sta_wme(struct genl_info *info,
4157 struct station_parameters *params)
4158{
4159 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
4160 struct nlattr *nla;
4161 int err;
4162
4163
4164 if (!info->attrs[NL80211_ATTR_STA_WME])
4165 return 0;
4166
4167 nla = info->attrs[NL80211_ATTR_STA_WME];
4168 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4169 nl80211_sta_wme_policy);
4170 if (err)
4171 return err;
4172
4173 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4174 params->uapsd_queues = nla_get_u8(
4175 tb[NL80211_STA_WME_UAPSD_QUEUES]);
4176 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4177 return -EINVAL;
4178
4179 if (tb[NL80211_STA_WME_MAX_SP])
4180 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4181
4182 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4183 return -EINVAL;
4184
4185 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4186
4187 return 0;
4188}
4189
4190static int nl80211_parse_sta_channel_info(struct genl_info *info,
4191 struct station_parameters *params)
4192{
4193 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4194 params->supported_channels =
4195 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4196 params->supported_channels_len =
4197 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4198
4199
4200
4201
4202
4203 if (params->supported_channels_len < 2)
4204 return -EINVAL;
4205 if (params->supported_channels_len % 2)
4206 return -EINVAL;
4207 }
4208
4209 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4210 params->supported_oper_classes =
4211 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4212 params->supported_oper_classes_len =
4213 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4214
4215
4216
4217
4218 if (params->supported_oper_classes_len < 2 ||
4219 params->supported_oper_classes_len > 253)
4220 return -EINVAL;
4221 }
4222 return 0;
4223}
4224
4225static int nl80211_set_station_tdls(struct genl_info *info,
4226 struct station_parameters *params)
4227{
4228 int err;
4229
4230 if (info->attrs[NL80211_ATTR_PEER_AID])
4231 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4232 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4233 params->ht_capa =
4234 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4235 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4236 params->vht_capa =
4237 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4238
4239 err = nl80211_parse_sta_channel_info(info, params);
4240 if (err)
4241 return err;
4242
4243 return nl80211_parse_sta_wme(info, params);
4244}
4245
4246static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4247{
4248 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4249 struct net_device *dev = info->user_ptr[1];
4250 struct station_parameters params;
4251 u8 *mac_addr;
4252 int err;
4253
4254 memset(¶ms, 0, sizeof(params));
4255
4256 if (!rdev->ops->change_station)
4257 return -EOPNOTSUPP;
4258
4259
4260
4261
4262
4263
4264 if (info->attrs[NL80211_ATTR_STA_AID])
4265 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4266
4267 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4268 params.listen_interval =
4269 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4270 else
4271 params.listen_interval = -1;
4272
4273 if (!info->attrs[NL80211_ATTR_MAC])
4274 return -EINVAL;
4275
4276 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4277
4278 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4279 params.supported_rates =
4280 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4281 params.supported_rates_len =
4282 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4283 }
4284
4285 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4286 params.capability =
4287 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4288 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4289 }
4290
4291 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4292 params.ext_capab =
4293 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4294 params.ext_capab_len =
4295 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4296 }
4297
4298 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
4299 return -EINVAL;
4300
4301 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4302 params.plink_action =
4303 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4304 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4305 return -EINVAL;
4306 }
4307
4308 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4309 params.plink_state =
4310 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4311 if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4312 return -EINVAL;
4313 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4314 }
4315
4316 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4317 enum nl80211_mesh_power_mode pm = nla_get_u32(
4318 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4319
4320 if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4321 pm > NL80211_MESH_POWER_MAX)
4322 return -EINVAL;
4323
4324 params.local_pm = pm;
4325 }
4326
4327
4328 err = nl80211_set_station_tdls(info, ¶ms);
4329 if (err)
4330 return err;
4331
4332 params.vlan = get_vlan(info, rdev);
4333 if (IS_ERR(params.vlan))
4334 return PTR_ERR(params.vlan);
4335
4336 switch (dev->ieee80211_ptr->iftype) {
4337 case NL80211_IFTYPE_AP:
4338 case NL80211_IFTYPE_AP_VLAN:
4339 case NL80211_IFTYPE_P2P_GO:
4340 case NL80211_IFTYPE_P2P_CLIENT:
4341 case NL80211_IFTYPE_STATION:
4342 case NL80211_IFTYPE_ADHOC:
4343 case NL80211_IFTYPE_MESH_POINT:
4344 break;
4345 default:
4346 err = -EOPNOTSUPP;
4347 goto out_put_vlan;
4348 }
4349
4350
4351 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
4352
4353 out_put_vlan:
4354 if (params.vlan)
4355 dev_put(params.vlan);
4356
4357 return err;
4358}
4359
4360static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4361{
4362 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4363 int err;
4364 struct net_device *dev = info->user_ptr[1];
4365 struct station_parameters params;
4366 u8 *mac_addr = NULL;
4367 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4368 BIT(NL80211_STA_FLAG_ASSOCIATED);
4369
4370 memset(¶ms, 0, sizeof(params));
4371
4372 if (!rdev->ops->add_station)
4373 return -EOPNOTSUPP;
4374
4375 if (!info->attrs[NL80211_ATTR_MAC])
4376 return -EINVAL;
4377
4378 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4379 return -EINVAL;
4380
4381 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4382 return -EINVAL;
4383
4384 if (!info->attrs[NL80211_ATTR_STA_AID] &&
4385 !info->attrs[NL80211_ATTR_PEER_AID])
4386 return -EINVAL;
4387
4388 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4389 params.supported_rates =
4390 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4391 params.supported_rates_len =
4392 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4393 params.listen_interval =
4394 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4395
4396 if (info->attrs[NL80211_ATTR_PEER_AID])
4397 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4398 else
4399 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4400 if (!params.aid || params.aid > IEEE80211_MAX_AID)
4401 return -EINVAL;
4402
4403 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4404 params.capability =
4405 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4406 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4407 }
4408
4409 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4410 params.ext_capab =
4411 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4412 params.ext_capab_len =
4413 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4414 }
4415
4416 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4417 params.ht_capa =
4418 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4419
4420 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4421 params.vht_capa =
4422 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4423
4424 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4425 params.opmode_notif_used = true;
4426 params.opmode_notif =
4427 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4428 }
4429
4430 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4431 params.plink_action =
4432 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4433 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4434 return -EINVAL;
4435 }
4436
4437 err = nl80211_parse_sta_channel_info(info, ¶ms);
4438 if (err)
4439 return err;
4440
4441 err = nl80211_parse_sta_wme(info, ¶ms);
4442 if (err)
4443 return err;
4444
4445 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
4446 return -EINVAL;
4447
4448
4449
4450
4451
4452
4453 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
4454 params.ht_capa = NULL;
4455 params.vht_capa = NULL;
4456 }
4457
4458
4459 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4460
4461 switch (dev->ieee80211_ptr->iftype) {
4462 case NL80211_IFTYPE_AP:
4463 case NL80211_IFTYPE_AP_VLAN:
4464 case NL80211_IFTYPE_P2P_GO:
4465
4466 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4467 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4468 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4469
4470
4471 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4472 info->attrs[NL80211_ATTR_PEER_AID])
4473 return -EINVAL;
4474
4475 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4476
4477
4478 if (!(rdev->wiphy.features &
4479 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4480 params.sta_flags_mask & auth_assoc)
4481 return -EINVAL;
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493 if (!(params.sta_flags_mask & auth_assoc)) {
4494 params.sta_flags_mask |= auth_assoc;
4495 params.sta_flags_set |= auth_assoc;
4496 }
4497
4498
4499 params.vlan = get_vlan(info, rdev);
4500 if (IS_ERR(params.vlan))
4501 return PTR_ERR(params.vlan);
4502 break;
4503 case NL80211_IFTYPE_MESH_POINT:
4504
4505 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4506
4507
4508 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4509 return -EINVAL;
4510
4511 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4512 info->attrs[NL80211_ATTR_PEER_AID])
4513 return -EINVAL;
4514 break;
4515 case NL80211_IFTYPE_STATION:
4516 case NL80211_IFTYPE_P2P_CLIENT:
4517
4518 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4519
4520
4521 if (params.sta_flags_mask &
4522 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
4523 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4524 return -EINVAL;
4525
4526 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4527 return -EINVAL;
4528
4529 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4530 return -EOPNOTSUPP;
4531
4532 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4533 return -EOPNOTSUPP;
4534
4535
4536
4537
4538 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4539 break;
4540 default:
4541 return -EOPNOTSUPP;
4542 }
4543
4544
4545
4546 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
4547
4548 if (params.vlan)
4549 dev_put(params.vlan);
4550 return err;
4551}
4552
4553static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4554{
4555 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4556 struct net_device *dev = info->user_ptr[1];
4557 struct station_del_parameters params;
4558
4559 memset(¶ms, 0, sizeof(params));
4560
4561 if (info->attrs[NL80211_ATTR_MAC])
4562 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
4563
4564 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4565 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4566 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4567 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4568 return -EINVAL;
4569
4570 if (!rdev->ops->del_station)
4571 return -EOPNOTSUPP;
4572
4573 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
4574 params.subtype =
4575 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
4576 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
4577 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
4578 return -EINVAL;
4579 } else {
4580
4581 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
4582 }
4583
4584 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
4585 params.reason_code =
4586 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4587 if (params.reason_code == 0)
4588 return -EINVAL;
4589 } else {
4590
4591 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
4592 }
4593
4594 return rdev_del_station(rdev, dev, ¶ms);
4595}
4596
4597static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4598 int flags, struct net_device *dev,
4599 u8 *dst, u8 *next_hop,
4600 struct mpath_info *pinfo)
4601{
4602 void *hdr;
4603 struct nlattr *pinfoattr;
4604
4605 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
4606 if (!hdr)
4607 return -1;
4608
4609 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4610 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4611 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4612 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4613 goto nla_put_failure;
4614
4615 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4616 if (!pinfoattr)
4617 goto nla_put_failure;
4618 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4619 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4620 pinfo->frame_qlen))
4621 goto nla_put_failure;
4622 if (((pinfo->filled & MPATH_INFO_SN) &&
4623 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4624 ((pinfo->filled & MPATH_INFO_METRIC) &&
4625 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4626 pinfo->metric)) ||
4627 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4628 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4629 pinfo->exptime)) ||
4630 ((pinfo->filled & MPATH_INFO_FLAGS) &&
4631 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4632 pinfo->flags)) ||
4633 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4634 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4635 pinfo->discovery_timeout)) ||
4636 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4637 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4638 pinfo->discovery_retries)))
4639 goto nla_put_failure;
4640
4641 nla_nest_end(msg, pinfoattr);
4642
4643 genlmsg_end(msg, hdr);
4644 return 0;
4645
4646 nla_put_failure:
4647 genlmsg_cancel(msg, hdr);
4648 return -EMSGSIZE;
4649}
4650
4651static int nl80211_dump_mpath(struct sk_buff *skb,
4652 struct netlink_callback *cb)
4653{
4654 struct mpath_info pinfo;
4655 struct cfg80211_registered_device *rdev;
4656 struct wireless_dev *wdev;
4657 u8 dst[ETH_ALEN];
4658 u8 next_hop[ETH_ALEN];
4659 int path_idx = cb->args[2];
4660 int err;
4661
4662 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4663 if (err)
4664 return err;
4665
4666 if (!rdev->ops->dump_mpath) {
4667 err = -EOPNOTSUPP;
4668 goto out_err;
4669 }
4670
4671 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4672 err = -EOPNOTSUPP;
4673 goto out_err;
4674 }
4675
4676 while (1) {
4677 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
4678 next_hop, &pinfo);
4679 if (err == -ENOENT)
4680 break;
4681 if (err)
4682 goto out_err;
4683
4684 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4685 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4686 wdev->netdev, dst, next_hop,
4687 &pinfo) < 0)
4688 goto out;
4689
4690 path_idx++;
4691 }
4692
4693
4694 out:
4695 cb->args[2] = path_idx;
4696 err = skb->len;
4697 out_err:
4698 nl80211_finish_wdev_dump(rdev);
4699 return err;
4700}
4701
4702static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4703{
4704 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4705 int err;
4706 struct net_device *dev = info->user_ptr[1];
4707 struct mpath_info pinfo;
4708 struct sk_buff *msg;
4709 u8 *dst = NULL;
4710 u8 next_hop[ETH_ALEN];
4711
4712 memset(&pinfo, 0, sizeof(pinfo));
4713
4714 if (!info->attrs[NL80211_ATTR_MAC])
4715 return -EINVAL;
4716
4717 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4718
4719 if (!rdev->ops->get_mpath)
4720 return -EOPNOTSUPP;
4721
4722 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4723 return -EOPNOTSUPP;
4724
4725 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4726 if (err)
4727 return err;
4728
4729 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4730 if (!msg)
4731 return -ENOMEM;
4732
4733 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4734 dev, dst, next_hop, &pinfo) < 0) {
4735 nlmsg_free(msg);
4736 return -ENOBUFS;
4737 }
4738
4739 return genlmsg_reply(msg, info);
4740}
4741
4742static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4743{
4744 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4745 struct net_device *dev = info->user_ptr[1];
4746 u8 *dst = NULL;
4747 u8 *next_hop = NULL;
4748
4749 if (!info->attrs[NL80211_ATTR_MAC])
4750 return -EINVAL;
4751
4752 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4753 return -EINVAL;
4754
4755 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4756 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4757
4758 if (!rdev->ops->change_mpath)
4759 return -EOPNOTSUPP;
4760
4761 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4762 return -EOPNOTSUPP;
4763
4764 return rdev_change_mpath(rdev, dev, dst, next_hop);
4765}
4766
4767static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4768{
4769 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4770 struct net_device *dev = info->user_ptr[1];
4771 u8 *dst = NULL;
4772 u8 *next_hop = NULL;
4773
4774 if (!info->attrs[NL80211_ATTR_MAC])
4775 return -EINVAL;
4776
4777 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4778 return -EINVAL;
4779
4780 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4781 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4782
4783 if (!rdev->ops->add_mpath)
4784 return -EOPNOTSUPP;
4785
4786 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4787 return -EOPNOTSUPP;
4788
4789 return rdev_add_mpath(rdev, dev, dst, next_hop);
4790}
4791
4792static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4793{
4794 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4795 struct net_device *dev = info->user_ptr[1];
4796 u8 *dst = NULL;
4797
4798 if (info->attrs[NL80211_ATTR_MAC])
4799 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4800
4801 if (!rdev->ops->del_mpath)
4802 return -EOPNOTSUPP;
4803
4804 return rdev_del_mpath(rdev, dev, dst);
4805}
4806
4807static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
4808{
4809 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4810 int err;
4811 struct net_device *dev = info->user_ptr[1];
4812 struct mpath_info pinfo;
4813 struct sk_buff *msg;
4814 u8 *dst = NULL;
4815 u8 mpp[ETH_ALEN];
4816
4817 memset(&pinfo, 0, sizeof(pinfo));
4818
4819 if (!info->attrs[NL80211_ATTR_MAC])
4820 return -EINVAL;
4821
4822 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4823
4824 if (!rdev->ops->get_mpp)
4825 return -EOPNOTSUPP;
4826
4827 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4828 return -EOPNOTSUPP;
4829
4830 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
4831 if (err)
4832 return err;
4833
4834 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4835 if (!msg)
4836 return -ENOMEM;
4837
4838 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4839 dev, dst, mpp, &pinfo) < 0) {
4840 nlmsg_free(msg);
4841 return -ENOBUFS;
4842 }
4843
4844 return genlmsg_reply(msg, info);
4845}
4846
4847static int nl80211_dump_mpp(struct sk_buff *skb,
4848 struct netlink_callback *cb)
4849{
4850 struct mpath_info pinfo;
4851 struct cfg80211_registered_device *rdev;
4852 struct wireless_dev *wdev;
4853 u8 dst[ETH_ALEN];
4854 u8 mpp[ETH_ALEN];
4855 int path_idx = cb->args[2];
4856 int err;
4857
4858 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4859 if (err)
4860 return err;
4861
4862 if (!rdev->ops->dump_mpp) {
4863 err = -EOPNOTSUPP;
4864 goto out_err;
4865 }
4866
4867 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4868 err = -EOPNOTSUPP;
4869 goto out_err;
4870 }
4871
4872 while (1) {
4873 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
4874 mpp, &pinfo);
4875 if (err == -ENOENT)
4876 break;
4877 if (err)
4878 goto out_err;
4879
4880 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4881 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4882 wdev->netdev, dst, mpp,
4883 &pinfo) < 0)
4884 goto out;
4885
4886 path_idx++;
4887 }
4888
4889 out:
4890 cb->args[2] = path_idx;
4891 err = skb->len;
4892 out_err:
4893 nl80211_finish_wdev_dump(rdev);
4894 return err;
4895}
4896
4897static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4898{
4899 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4900 struct net_device *dev = info->user_ptr[1];
4901 struct wireless_dev *wdev = dev->ieee80211_ptr;
4902 struct bss_parameters params;
4903 int err;
4904
4905 memset(¶ms, 0, sizeof(params));
4906
4907 params.use_cts_prot = -1;
4908 params.use_short_preamble = -1;
4909 params.use_short_slot_time = -1;
4910 params.ap_isolate = -1;
4911 params.ht_opmode = -1;
4912 params.p2p_ctwindow = -1;
4913 params.p2p_opp_ps = -1;
4914
4915 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4916 params.use_cts_prot =
4917 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4918 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4919 params.use_short_preamble =
4920 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4921 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4922 params.use_short_slot_time =
4923 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4924 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4925 params.basic_rates =
4926 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4927 params.basic_rates_len =
4928 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4929 }
4930 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4931 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4932 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4933 params.ht_opmode =
4934 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4935
4936 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4937 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4938 return -EINVAL;
4939 params.p2p_ctwindow =
4940 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4941 if (params.p2p_ctwindow < 0)
4942 return -EINVAL;
4943 if (params.p2p_ctwindow != 0 &&
4944 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4945 return -EINVAL;
4946 }
4947
4948 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4949 u8 tmp;
4950
4951 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4952 return -EINVAL;
4953 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4954 if (tmp > 1)
4955 return -EINVAL;
4956 params.p2p_opp_ps = tmp;
4957 if (params.p2p_opp_ps &&
4958 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4959 return -EINVAL;
4960 }
4961
4962 if (!rdev->ops->change_bss)
4963 return -EOPNOTSUPP;
4964
4965 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4966 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4967 return -EOPNOTSUPP;
4968
4969 wdev_lock(wdev);
4970 err = rdev_change_bss(rdev, dev, ¶ms);
4971 wdev_unlock(wdev);
4972
4973 return err;
4974}
4975
4976static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4977{
4978 char *data = NULL;
4979 bool is_indoor;
4980 enum nl80211_user_reg_hint_type user_reg_hint_type;
4981 u32 owner_nlportid;
4982
4983
4984
4985
4986
4987
4988
4989
4990 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4991 return -EINPROGRESS;
4992
4993 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4994 user_reg_hint_type =
4995 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4996 else
4997 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4998
4999 switch (user_reg_hint_type) {
5000 case NL80211_USER_REG_HINT_USER:
5001 case NL80211_USER_REG_HINT_CELL_BASE:
5002 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5003 return -EINVAL;
5004
5005 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5006 return regulatory_hint_user(data, user_reg_hint_type);
5007 case NL80211_USER_REG_HINT_INDOOR:
5008 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
5009 owner_nlportid = info->snd_portid;
5010 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
5011 } else {
5012 owner_nlportid = 0;
5013 is_indoor = true;
5014 }
5015
5016 return regulatory_hint_indoor(is_indoor, owner_nlportid);
5017 default:
5018 return -EINVAL;
5019 }
5020}
5021
5022static int nl80211_get_mesh_config(struct sk_buff *skb,
5023 struct genl_info *info)
5024{
5025 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5026 struct net_device *dev = info->user_ptr[1];
5027 struct wireless_dev *wdev = dev->ieee80211_ptr;
5028 struct mesh_config cur_params;
5029 int err = 0;
5030 void *hdr;
5031 struct nlattr *pinfoattr;
5032 struct sk_buff *msg;
5033
5034 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5035 return -EOPNOTSUPP;
5036
5037 if (!rdev->ops->get_mesh_config)
5038 return -EOPNOTSUPP;
5039
5040 wdev_lock(wdev);
5041
5042 if (!wdev->mesh_id_len)
5043 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
5044 else
5045 err = rdev_get_mesh_config(rdev, dev, &cur_params);
5046 wdev_unlock(wdev);
5047
5048 if (err)
5049 return err;
5050
5051
5052 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5053 if (!msg)
5054 return -ENOMEM;
5055 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5056 NL80211_CMD_GET_MESH_CONFIG);
5057 if (!hdr)
5058 goto out;
5059 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
5060 if (!pinfoattr)
5061 goto nla_put_failure;
5062 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5063 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
5064 cur_params.dot11MeshRetryTimeout) ||
5065 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5066 cur_params.dot11MeshConfirmTimeout) ||
5067 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
5068 cur_params.dot11MeshHoldingTimeout) ||
5069 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
5070 cur_params.dot11MeshMaxPeerLinks) ||
5071 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
5072 cur_params.dot11MeshMaxRetries) ||
5073 nla_put_u8(msg, NL80211_MESHCONF_TTL,
5074 cur_params.dot11MeshTTL) ||
5075 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
5076 cur_params.element_ttl) ||
5077 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5078 cur_params.auto_open_plinks) ||
5079 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5080 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
5081 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5082 cur_params.dot11MeshHWMPmaxPREQretries) ||
5083 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
5084 cur_params.path_refresh_time) ||
5085 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5086 cur_params.min_discovery_timeout) ||
5087 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5088 cur_params.dot11MeshHWMPactivePathTimeout) ||
5089 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5090 cur_params.dot11MeshHWMPpreqMinInterval) ||
5091 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5092 cur_params.dot11MeshHWMPperrMinInterval) ||
5093 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5094 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
5095 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
5096 cur_params.dot11MeshHWMPRootMode) ||
5097 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5098 cur_params.dot11MeshHWMPRannInterval) ||
5099 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5100 cur_params.dot11MeshGateAnnouncementProtocol) ||
5101 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
5102 cur_params.dot11MeshForwarding) ||
5103 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
5104 cur_params.rssi_threshold) ||
5105 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
5106 cur_params.ht_opmode) ||
5107 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5108 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
5109 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5110 cur_params.dot11MeshHWMProotInterval) ||
5111 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5112 cur_params.dot11MeshHWMPconfirmationInterval) ||
5113 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
5114 cur_params.power_mode) ||
5115 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
5116 cur_params.dot11MeshAwakeWindowDuration) ||
5117 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
5118 cur_params.plink_timeout))
5119 goto nla_put_failure;
5120 nla_nest_end(msg, pinfoattr);
5121 genlmsg_end(msg, hdr);
5122 return genlmsg_reply(msg, info);
5123
5124 nla_put_failure:
5125 genlmsg_cancel(msg, hdr);
5126 out:
5127 nlmsg_free(msg);
5128 return -ENOBUFS;
5129}
5130
5131static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
5132 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
5133 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
5134 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
5135 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
5136 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
5137 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
5138 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
5139 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
5140 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
5141 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
5142 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
5143 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
5144 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
5145 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
5146 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
5147 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
5148 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
5149 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
5150 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
5151 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
5152 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
5153 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
5154 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
5155 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
5156 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
5157 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
5158 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
5159 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
5160};
5161
5162static const struct nla_policy
5163 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
5164 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
5165 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
5166 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
5167 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
5168 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
5169 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
5170 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
5171 .len = IEEE80211_MAX_DATA_LEN },
5172 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
5173};
5174
5175static int nl80211_parse_mesh_config(struct genl_info *info,
5176 struct mesh_config *cfg,
5177 u32 *mask_out)
5178{
5179 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
5180 u32 mask = 0;
5181
5182#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
5183do { \
5184 if (tb[attr]) { \
5185 if (fn(tb[attr]) < min || fn(tb[attr]) > max) \
5186 return -EINVAL; \
5187 cfg->param = fn(tb[attr]); \
5188 mask |= (1 << (attr - 1)); \
5189 } \
5190} while (0)
5191
5192
5193 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
5194 return -EINVAL;
5195 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
5196 info->attrs[NL80211_ATTR_MESH_CONFIG],
5197 nl80211_meshconf_params_policy))
5198 return -EINVAL;
5199
5200
5201
5202 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
5203
5204
5205 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
5206 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
5207 nla_get_u16);
5208 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
5209 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5210 nla_get_u16);
5211 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
5212 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
5213 nla_get_u16);
5214 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
5215 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
5216 nla_get_u16);
5217 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
5218 mask, NL80211_MESHCONF_MAX_RETRIES,
5219 nla_get_u8);
5220 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
5221 mask, NL80211_MESHCONF_TTL, nla_get_u8);
5222 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
5223 mask, NL80211_MESHCONF_ELEMENT_TTL,
5224 nla_get_u8);
5225 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
5226 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5227 nla_get_u8);
5228 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
5229 1, 255, mask,
5230 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5231 nla_get_u32);
5232 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
5233 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5234 nla_get_u8);
5235 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
5236 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
5237 nla_get_u32);
5238 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
5239 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5240 nla_get_u16);
5241 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
5242 1, 65535, mask,
5243 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5244 nla_get_u32);
5245 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
5246 1, 65535, mask,
5247 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5248 nla_get_u16);
5249 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
5250 1, 65535, mask,
5251 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5252 nla_get_u16);
5253 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5254 dot11MeshHWMPnetDiameterTraversalTime,
5255 1, 65535, mask,
5256 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5257 nla_get_u16);
5258 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
5259 mask, NL80211_MESHCONF_HWMP_ROOTMODE,
5260 nla_get_u8);
5261 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
5262 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5263 nla_get_u16);
5264 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5265 dot11MeshGateAnnouncementProtocol, 0, 1,
5266 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5267 nla_get_u8);
5268 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
5269 mask, NL80211_MESHCONF_FORWARDING,
5270 nla_get_u8);
5271 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
5272 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
5273 nla_get_s32);
5274 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
5275 mask, NL80211_MESHCONF_HT_OPMODE,
5276 nla_get_u16);
5277 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
5278 1, 65535, mask,
5279 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5280 nla_get_u32);
5281 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
5282 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5283 nla_get_u16);
5284 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5285 dot11MeshHWMPconfirmationInterval,
5286 1, 65535, mask,
5287 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5288 nla_get_u16);
5289 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
5290 NL80211_MESH_POWER_ACTIVE,
5291 NL80211_MESH_POWER_MAX,
5292 mask, NL80211_MESHCONF_POWER_MODE,
5293 nla_get_u32);
5294 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
5295 0, 65535, mask,
5296 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
5297 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
5298 mask, NL80211_MESHCONF_PLINK_TIMEOUT,
5299 nla_get_u32);
5300 if (mask_out)
5301 *mask_out = mask;
5302
5303 return 0;
5304
5305#undef FILL_IN_MESH_PARAM_IF_SET
5306}
5307
5308static int nl80211_parse_mesh_setup(struct genl_info *info,
5309 struct mesh_setup *setup)
5310{
5311 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5312 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
5313
5314 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
5315 return -EINVAL;
5316 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
5317 info->attrs[NL80211_ATTR_MESH_SETUP],
5318 nl80211_mesh_setup_params_policy))
5319 return -EINVAL;
5320
5321 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
5322 setup->sync_method =
5323 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
5324 IEEE80211_SYNC_METHOD_VENDOR :
5325 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
5326
5327 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
5328 setup->path_sel_proto =
5329 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
5330 IEEE80211_PATH_PROTOCOL_VENDOR :
5331 IEEE80211_PATH_PROTOCOL_HWMP;
5332
5333 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
5334 setup->path_metric =
5335 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
5336 IEEE80211_PATH_METRIC_VENDOR :
5337 IEEE80211_PATH_METRIC_AIRTIME;
5338
5339
5340 if (tb[NL80211_MESH_SETUP_IE]) {
5341 struct nlattr *ieattr =
5342 tb[NL80211_MESH_SETUP_IE];
5343 if (!is_valid_ie_attr(ieattr))
5344 return -EINVAL;
5345 setup->ie = nla_data(ieattr);
5346 setup->ie_len = nla_len(ieattr);
5347 }
5348 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
5349 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
5350 return -EINVAL;
5351 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
5352 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
5353 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
5354 if (setup->is_secure)
5355 setup->user_mpm = true;
5356
5357 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
5358 if (!setup->user_mpm)
5359 return -EINVAL;
5360 setup->auth_id =
5361 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
5362 }
5363
5364 return 0;
5365}
5366
5367static int nl80211_update_mesh_config(struct sk_buff *skb,
5368 struct genl_info *info)
5369{
5370 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5371 struct net_device *dev = info->user_ptr[1];
5372 struct wireless_dev *wdev = dev->ieee80211_ptr;
5373 struct mesh_config cfg;
5374 u32 mask;
5375 int err;
5376
5377 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5378 return -EOPNOTSUPP;
5379
5380 if (!rdev->ops->update_mesh_config)
5381 return -EOPNOTSUPP;
5382
5383 err = nl80211_parse_mesh_config(info, &cfg, &mask);
5384 if (err)
5385 return err;
5386
5387 wdev_lock(wdev);
5388 if (!wdev->mesh_id_len)
5389 err = -ENOLINK;
5390
5391 if (!err)
5392 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5393
5394 wdev_unlock(wdev);
5395
5396 return err;
5397}
5398
5399static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
5400 struct sk_buff *msg)
5401{
5402 struct nlattr *nl_reg_rules;
5403 unsigned int i;
5404
5405 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
5406 (regdom->dfs_region &&
5407 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
5408 goto nla_put_failure;
5409
5410 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
5411 if (!nl_reg_rules)
5412 goto nla_put_failure;
5413
5414 for (i = 0; i < regdom->n_reg_rules; i++) {
5415 struct nlattr *nl_reg_rule;
5416 const struct ieee80211_reg_rule *reg_rule;
5417 const struct ieee80211_freq_range *freq_range;
5418 const struct ieee80211_power_rule *power_rule;
5419 unsigned int max_bandwidth_khz;
5420
5421 reg_rule = ®dom->reg_rules[i];
5422 freq_range = ®_rule->freq_range;
5423 power_rule = ®_rule->power_rule;
5424
5425 nl_reg_rule = nla_nest_start(msg, i);
5426 if (!nl_reg_rule)
5427 goto nla_put_failure;
5428
5429 max_bandwidth_khz = freq_range->max_bandwidth_khz;
5430 if (!max_bandwidth_khz)
5431 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
5432 reg_rule);
5433
5434 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
5435 reg_rule->flags) ||
5436 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
5437 freq_range->start_freq_khz) ||
5438 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
5439 freq_range->end_freq_khz) ||
5440 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5441 max_bandwidth_khz) ||
5442 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
5443 power_rule->max_antenna_gain) ||
5444 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5445 power_rule->max_eirp) ||
5446 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
5447 reg_rule->dfs_cac_ms))
5448 goto nla_put_failure;
5449
5450 nla_nest_end(msg, nl_reg_rule);
5451 }
5452
5453 nla_nest_end(msg, nl_reg_rules);
5454 return 0;
5455
5456nla_put_failure:
5457 return -EMSGSIZE;
5458}
5459
5460static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
5461{
5462 const struct ieee80211_regdomain *regdom = NULL;
5463 struct cfg80211_registered_device *rdev;
5464 struct wiphy *wiphy = NULL;
5465 struct sk_buff *msg;
5466 void *hdr;
5467
5468 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5469 if (!msg)
5470 return -ENOBUFS;
5471
5472 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5473 NL80211_CMD_GET_REG);
5474 if (!hdr)
5475 goto put_failure;
5476
5477 if (info->attrs[NL80211_ATTR_WIPHY]) {
5478 bool self_managed;
5479
5480 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
5481 if (IS_ERR(rdev)) {
5482 nlmsg_free(msg);
5483 return PTR_ERR(rdev);
5484 }
5485
5486 wiphy = &rdev->wiphy;
5487 self_managed = wiphy->regulatory_flags &
5488 REGULATORY_WIPHY_SELF_MANAGED;
5489 regdom = get_wiphy_regdom(wiphy);
5490
5491
5492 if (WARN_ON(!regdom && self_managed)) {
5493 nlmsg_free(msg);
5494 return -EINVAL;
5495 }
5496
5497 if (regdom &&
5498 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
5499 goto nla_put_failure;
5500 }
5501
5502 if (!wiphy && reg_last_request_cell_base() &&
5503 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5504 NL80211_USER_REG_HINT_CELL_BASE))
5505 goto nla_put_failure;
5506
5507 rcu_read_lock();
5508
5509 if (!regdom)
5510 regdom = rcu_dereference(cfg80211_regdomain);
5511
5512 if (nl80211_put_regdom(regdom, msg))
5513 goto nla_put_failure_rcu;
5514
5515 rcu_read_unlock();
5516
5517 genlmsg_end(msg, hdr);
5518 return genlmsg_reply(msg, info);
5519
5520nla_put_failure_rcu:
5521 rcu_read_unlock();
5522nla_put_failure:
5523 genlmsg_cancel(msg, hdr);
5524put_failure:
5525 nlmsg_free(msg);
5526 return -EMSGSIZE;
5527}
5528
5529static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
5530 u32 seq, int flags, struct wiphy *wiphy,
5531 const struct ieee80211_regdomain *regdom)
5532{
5533 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5534 NL80211_CMD_GET_REG);
5535
5536 if (!hdr)
5537 return -1;
5538
5539 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5540
5541 if (nl80211_put_regdom(regdom, msg))
5542 goto nla_put_failure;
5543
5544 if (!wiphy && reg_last_request_cell_base() &&
5545 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5546 NL80211_USER_REG_HINT_CELL_BASE))
5547 goto nla_put_failure;
5548
5549 if (wiphy &&
5550 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
5551 goto nla_put_failure;
5552
5553 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
5554 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
5555 goto nla_put_failure;
5556
5557 genlmsg_end(msg, hdr);
5558 return 0;
5559
5560nla_put_failure:
5561 genlmsg_cancel(msg, hdr);
5562 return -EMSGSIZE;
5563}
5564
5565static int nl80211_get_reg_dump(struct sk_buff *skb,
5566 struct netlink_callback *cb)
5567{
5568 const struct ieee80211_regdomain *regdom = NULL;
5569 struct cfg80211_registered_device *rdev;
5570 int err, reg_idx, start = cb->args[2];
5571
5572 rtnl_lock();
5573
5574 if (cfg80211_regdomain && start == 0) {
5575 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
5576 NLM_F_MULTI, NULL,
5577 rtnl_dereference(cfg80211_regdomain));
5578 if (err < 0)
5579 goto out_err;
5580 }
5581
5582
5583 reg_idx = 1;
5584 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
5585 regdom = get_wiphy_regdom(&rdev->wiphy);
5586 if (!regdom)
5587 continue;
5588
5589 if (++reg_idx <= start)
5590 continue;
5591
5592 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
5593 NLM_F_MULTI, &rdev->wiphy, regdom);
5594 if (err < 0) {
5595 reg_idx--;
5596 break;
5597 }
5598 }
5599
5600 cb->args[2] = reg_idx;
5601 err = skb->len;
5602out_err:
5603 rtnl_unlock();
5604 return err;
5605}
5606
5607#ifdef CONFIG_CFG80211_CRDA_SUPPORT
5608static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
5609 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
5610 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
5611 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
5612 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
5613 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
5614 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
5615 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
5616};
5617
5618static int parse_reg_rule(struct nlattr *tb[],
5619 struct ieee80211_reg_rule *reg_rule)
5620{
5621 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
5622 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
5623
5624 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
5625 return -EINVAL;
5626 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
5627 return -EINVAL;
5628 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
5629 return -EINVAL;
5630 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
5631 return -EINVAL;
5632 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
5633 return -EINVAL;
5634
5635 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
5636
5637 freq_range->start_freq_khz =
5638 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
5639 freq_range->end_freq_khz =
5640 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
5641 freq_range->max_bandwidth_khz =
5642 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
5643
5644 power_rule->max_eirp =
5645 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
5646
5647 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
5648 power_rule->max_antenna_gain =
5649 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
5650
5651 if (tb[NL80211_ATTR_DFS_CAC_TIME])
5652 reg_rule->dfs_cac_ms =
5653 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
5654
5655 return 0;
5656}
5657
5658static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5659{
5660 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5661 struct nlattr *nl_reg_rule;
5662 char *alpha2;
5663 int rem_reg_rules, r;
5664 u32 num_rules = 0, rule_idx = 0, size_of_regd;
5665 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5666 struct ieee80211_regdomain *rd;
5667
5668 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5669 return -EINVAL;
5670
5671 if (!info->attrs[NL80211_ATTR_REG_RULES])
5672 return -EINVAL;
5673
5674 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5675
5676 if (info->attrs[NL80211_ATTR_DFS_REGION])
5677 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5678
5679 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5680 rem_reg_rules) {
5681 num_rules++;
5682 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5683 return -EINVAL;
5684 }
5685
5686 if (!reg_is_valid_request(alpha2))
5687 return -EINVAL;
5688
5689 size_of_regd = sizeof(struct ieee80211_regdomain) +
5690 num_rules * sizeof(struct ieee80211_reg_rule);
5691
5692 rd = kzalloc(size_of_regd, GFP_KERNEL);
5693 if (!rd)
5694 return -ENOMEM;
5695
5696 rd->n_reg_rules = num_rules;
5697 rd->alpha2[0] = alpha2[0];
5698 rd->alpha2[1] = alpha2[1];
5699
5700
5701
5702
5703
5704 if (reg_supported_dfs_region(dfs_region))
5705 rd->dfs_region = dfs_region;
5706
5707 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5708 rem_reg_rules) {
5709 r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5710 nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5711 reg_rule_policy);
5712 if (r)
5713 goto bad_reg;
5714 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5715 if (r)
5716 goto bad_reg;
5717
5718 rule_idx++;
5719
5720 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5721 r = -EINVAL;
5722 goto bad_reg;
5723 }
5724 }
5725
5726 r = set_regdom(rd, REGD_SOURCE_CRDA);
5727
5728 rd = NULL;
5729
5730 bad_reg:
5731 kfree(rd);
5732 return r;
5733}
5734#endif
5735
5736static int validate_scan_freqs(struct nlattr *freqs)
5737{
5738 struct nlattr *attr1, *attr2;
5739 int n_channels = 0, tmp1, tmp2;
5740
5741 nla_for_each_nested(attr1, freqs, tmp1) {
5742 n_channels++;
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752 nla_for_each_nested(attr2, freqs, tmp2)
5753 if (attr1 != attr2 &&
5754 nla_get_u32(attr1) == nla_get_u32(attr2))
5755 return 0;
5756 }
5757
5758 return n_channels;
5759}
5760
5761static int nl80211_parse_random_mac(struct nlattr **attrs,
5762 u8 *mac_addr, u8 *mac_addr_mask)
5763{
5764 int i;
5765
5766 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
5767 eth_zero_addr(mac_addr);
5768 eth_zero_addr(mac_addr_mask);
5769 mac_addr[0] = 0x2;
5770 mac_addr_mask[0] = 0x3;
5771
5772 return 0;
5773 }
5774
5775
5776 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
5777 return -EINVAL;
5778
5779 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
5780 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
5781
5782
5783 if (!is_multicast_ether_addr(mac_addr_mask) ||
5784 is_multicast_ether_addr(mac_addr))
5785 return -EINVAL;
5786
5787
5788
5789
5790
5791
5792 for (i = 0; i < ETH_ALEN; i++)
5793 mac_addr[i] &= mac_addr_mask[i];
5794
5795 return 0;
5796}
5797
5798static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5799{
5800 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5801 struct wireless_dev *wdev = info->user_ptr[1];
5802 struct cfg80211_scan_request *request;
5803 struct nlattr *attr;
5804 struct wiphy *wiphy;
5805 int err, tmp, n_ssids = 0, n_channels, i;
5806 size_t ie_len;
5807
5808 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5809 return -EINVAL;
5810
5811 wiphy = &rdev->wiphy;
5812
5813 if (!rdev->ops->scan)
5814 return -EOPNOTSUPP;
5815
5816 if (rdev->scan_req || rdev->scan_msg) {
5817 err = -EBUSY;
5818 goto unlock;
5819 }
5820
5821 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5822 n_channels = validate_scan_freqs(
5823 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5824 if (!n_channels) {
5825 err = -EINVAL;
5826 goto unlock;
5827 }
5828 } else {
5829 n_channels = ieee80211_get_num_supported_channels(wiphy);
5830 }
5831
5832 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5833 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5834 n_ssids++;
5835
5836 if (n_ssids > wiphy->max_scan_ssids) {
5837 err = -EINVAL;
5838 goto unlock;
5839 }
5840
5841 if (info->attrs[NL80211_ATTR_IE])
5842 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5843 else
5844 ie_len = 0;
5845
5846 if (ie_len > wiphy->max_scan_ie_len) {
5847 err = -EINVAL;
5848 goto unlock;
5849 }
5850
5851 request = kzalloc(sizeof(*request)
5852 + sizeof(*request->ssids) * n_ssids
5853 + sizeof(*request->channels) * n_channels
5854 + ie_len, GFP_KERNEL);
5855 if (!request) {
5856 err = -ENOMEM;
5857 goto unlock;
5858 }
5859
5860 if (n_ssids)
5861 request->ssids = (void *)&request->channels[n_channels];
5862 request->n_ssids = n_ssids;
5863 if (ie_len) {
5864 if (n_ssids)
5865 request->ie = (void *)(request->ssids + n_ssids);
5866 else
5867 request->ie = (void *)(request->channels + n_channels);
5868 }
5869
5870 i = 0;
5871 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5872
5873 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5874 struct ieee80211_channel *chan;
5875
5876 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5877
5878 if (!chan) {
5879 err = -EINVAL;
5880 goto out_free;
5881 }
5882
5883
5884 if (chan->flags & IEEE80211_CHAN_DISABLED)
5885 continue;
5886
5887 request->channels[i] = chan;
5888 i++;
5889 }
5890 } else {
5891 enum ieee80211_band band;
5892
5893
5894 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5895 int j;
5896 if (!wiphy->bands[band])
5897 continue;
5898 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5899 struct ieee80211_channel *chan;
5900
5901 chan = &wiphy->bands[band]->channels[j];
5902
5903 if (chan->flags & IEEE80211_CHAN_DISABLED)
5904 continue;
5905
5906 request->channels[i] = chan;
5907 i++;
5908 }
5909 }
5910 }
5911
5912 if (!i) {
5913 err = -EINVAL;
5914 goto out_free;
5915 }
5916
5917 request->n_channels = i;
5918
5919 i = 0;
5920 if (n_ssids) {
5921 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5922 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5923 err = -EINVAL;
5924 goto out_free;
5925 }
5926 request->ssids[i].ssid_len = nla_len(attr);
5927 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5928 i++;
5929 }
5930 }
5931
5932 if (info->attrs[NL80211_ATTR_IE]) {
5933 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5934 memcpy((void *)request->ie,
5935 nla_data(info->attrs[NL80211_ATTR_IE]),
5936 request->ie_len);
5937 }
5938
5939 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5940 if (wiphy->bands[i])
5941 request->rates[i] =
5942 (1 << wiphy->bands[i]->n_bitrates) - 1;
5943
5944 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5945 nla_for_each_nested(attr,
5946 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5947 tmp) {
5948 enum ieee80211_band band = nla_type(attr);
5949
5950 if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5951 err = -EINVAL;
5952 goto out_free;
5953 }
5954
5955 if (!wiphy->bands[band])
5956 continue;
5957
5958 err = ieee80211_get_ratemask(wiphy->bands[band],
5959 nla_data(attr),
5960 nla_len(attr),
5961 &request->rates[band]);
5962 if (err)
5963 goto out_free;
5964 }
5965 }
5966
5967 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5968 request->flags = nla_get_u32(
5969 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5970 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5971 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5972 err = -EOPNOTSUPP;
5973 goto out_free;
5974 }
5975
5976 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
5977 if (!(wiphy->features &
5978 NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR)) {
5979 err = -EOPNOTSUPP;
5980 goto out_free;
5981 }
5982
5983 if (wdev->current_bss) {
5984 err = -EOPNOTSUPP;
5985 goto out_free;
5986 }
5987
5988 err = nl80211_parse_random_mac(info->attrs,
5989 request->mac_addr,
5990 request->mac_addr_mask);
5991 if (err)
5992 goto out_free;
5993 }
5994 }
5995
5996 request->no_cck =
5997 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5998
5999 request->wdev = wdev;
6000 request->wiphy = &rdev->wiphy;
6001 request->scan_start = jiffies;
6002
6003 rdev->scan_req = request;
6004 err = rdev_scan(rdev, request);
6005
6006 if (!err) {
6007 nl80211_send_scan_start(rdev, wdev);
6008 if (wdev->netdev)
6009 dev_hold(wdev->netdev);
6010 } else {
6011 out_free:
6012 rdev->scan_req = NULL;
6013 kfree(request);
6014 }
6015
6016 unlock:
6017 return err;
6018}
6019
6020static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
6021{
6022 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6023 struct wireless_dev *wdev = info->user_ptr[1];
6024
6025 if (!rdev->ops->abort_scan)
6026 return -EOPNOTSUPP;
6027
6028 if (rdev->scan_msg)
6029 return 0;
6030
6031 if (!rdev->scan_req)
6032 return -ENOENT;
6033
6034 rdev_abort_scan(rdev, wdev);
6035 return 0;
6036}
6037
6038static int
6039nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
6040 struct cfg80211_sched_scan_request *request,
6041 struct nlattr **attrs)
6042{
6043 int tmp, err, i = 0;
6044 struct nlattr *attr;
6045
6046 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6047 u32 interval;
6048
6049
6050
6051
6052
6053
6054
6055 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6056 return -EINVAL;
6057
6058 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
6059 if (!interval)
6060 return -EINVAL;
6061
6062 request->scan_plans[0].interval =
6063 DIV_ROUND_UP(interval, MSEC_PER_SEC);
6064 if (!request->scan_plans[0].interval)
6065 return -EINVAL;
6066
6067 if (request->scan_plans[0].interval >
6068 wiphy->max_sched_scan_plan_interval)
6069 request->scan_plans[0].interval =
6070 wiphy->max_sched_scan_plan_interval;
6071
6072 return 0;
6073 }
6074
6075 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
6076 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
6077
6078 if (WARN_ON(i >= n_plans))
6079 return -EINVAL;
6080
6081 err = nla_parse(plan, NL80211_SCHED_SCAN_PLAN_MAX,
6082 nla_data(attr), nla_len(attr),
6083 nl80211_plan_policy);
6084 if (err)
6085 return err;
6086
6087 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
6088 return -EINVAL;
6089
6090 request->scan_plans[i].interval =
6091 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
6092 if (!request->scan_plans[i].interval ||
6093 request->scan_plans[i].interval >
6094 wiphy->max_sched_scan_plan_interval)
6095 return -EINVAL;
6096
6097 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
6098 request->scan_plans[i].iterations =
6099 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
6100 if (!request->scan_plans[i].iterations ||
6101 (request->scan_plans[i].iterations >
6102 wiphy->max_sched_scan_plan_iterations))
6103 return -EINVAL;
6104 } else if (i < n_plans - 1) {
6105
6106
6107
6108
6109 return -EINVAL;
6110 }
6111
6112 i++;
6113 }
6114
6115
6116
6117
6118
6119 if (request->scan_plans[n_plans - 1].iterations)
6120 return -EINVAL;
6121
6122 return 0;
6123}
6124
6125static struct cfg80211_sched_scan_request *
6126nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
6127 struct nlattr **attrs)
6128{
6129 struct cfg80211_sched_scan_request *request;
6130 struct nlattr *attr;
6131 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
6132 enum ieee80211_band band;
6133 size_t ie_len;
6134 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
6135 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
6136
6137 if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
6138 return ERR_PTR(-EINVAL);
6139
6140 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6141 n_channels = validate_scan_freqs(
6142 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
6143 if (!n_channels)
6144 return ERR_PTR(-EINVAL);
6145 } else {
6146 n_channels = ieee80211_get_num_supported_channels(wiphy);
6147 }
6148
6149 if (attrs[NL80211_ATTR_SCAN_SSIDS])
6150 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
6151 tmp)
6152 n_ssids++;
6153
6154 if (n_ssids > wiphy->max_sched_scan_ssids)
6155 return ERR_PTR(-EINVAL);
6156
6157
6158
6159
6160
6161
6162
6163
6164
6165
6166 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
6167 nla_for_each_nested(attr,
6168 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
6169 tmp) {
6170 struct nlattr *rssi;
6171
6172 err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
6173 nla_data(attr), nla_len(attr),
6174 nl80211_match_policy);
6175 if (err)
6176 return ERR_PTR(err);
6177
6178 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
6179 n_match_sets++;
6180 continue;
6181 }
6182 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
6183 if (rssi)
6184 default_match_rssi = nla_get_s32(rssi);
6185 }
6186 }
6187
6188
6189 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
6190 n_match_sets = 1;
6191
6192 if (n_match_sets > wiphy->max_match_sets)
6193 return ERR_PTR(-EINVAL);
6194
6195 if (attrs[NL80211_ATTR_IE])
6196 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
6197 else
6198 ie_len = 0;
6199
6200 if (ie_len > wiphy->max_sched_scan_ie_len)
6201 return ERR_PTR(-EINVAL);
6202
6203 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6204
6205
6206
6207
6208 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6209 return ERR_PTR(-EINVAL);
6210
6211 nla_for_each_nested(attr,
6212 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
6213 n_plans++;
6214 } else {
6215
6216
6217
6218
6219
6220
6221 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6222 return ERR_PTR(-EINVAL);
6223
6224 n_plans = 1;
6225 }
6226
6227 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
6228 return ERR_PTR(-EINVAL);
6229
6230 request = kzalloc(sizeof(*request)
6231 + sizeof(*request->ssids) * n_ssids
6232 + sizeof(*request->match_sets) * n_match_sets
6233 + sizeof(*request->scan_plans) * n_plans
6234 + sizeof(*request->channels) * n_channels
6235 + ie_len, GFP_KERNEL);
6236 if (!request)
6237 return ERR_PTR(-ENOMEM);
6238
6239 if (n_ssids)
6240 request->ssids = (void *)&request->channels[n_channels];
6241 request->n_ssids = n_ssids;
6242 if (ie_len) {
6243 if (n_ssids)
6244 request->ie = (void *)(request->ssids + n_ssids);
6245 else
6246 request->ie = (void *)(request->channels + n_channels);
6247 }
6248
6249 if (n_match_sets) {
6250 if (request->ie)
6251 request->match_sets = (void *)(request->ie + ie_len);
6252 else if (n_ssids)
6253 request->match_sets =
6254 (void *)(request->ssids + n_ssids);
6255 else
6256 request->match_sets =
6257 (void *)(request->channels + n_channels);
6258 }
6259 request->n_match_sets = n_match_sets;
6260
6261 if (n_match_sets)
6262 request->scan_plans = (void *)(request->match_sets +
6263 n_match_sets);
6264 else if (request->ie)
6265 request->scan_plans = (void *)(request->ie + ie_len);
6266 else if (n_ssids)
6267 request->scan_plans = (void *)(request->ssids + n_ssids);
6268 else
6269 request->scan_plans = (void *)(request->channels + n_channels);
6270
6271 request->n_scan_plans = n_plans;
6272
6273 i = 0;
6274 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6275
6276 nla_for_each_nested(attr,
6277 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
6278 tmp) {
6279 struct ieee80211_channel *chan;
6280
6281 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
6282
6283 if (!chan) {
6284 err = -EINVAL;
6285 goto out_free;
6286 }
6287
6288
6289 if (chan->flags & IEEE80211_CHAN_DISABLED)
6290 continue;
6291
6292 request->channels[i] = chan;
6293 i++;
6294 }
6295 } else {
6296
6297 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6298 int j;
6299 if (!wiphy->bands[band])
6300 continue;
6301 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
6302 struct ieee80211_channel *chan;
6303
6304 chan = &wiphy->bands[band]->channels[j];
6305
6306 if (chan->flags & IEEE80211_CHAN_DISABLED)
6307 continue;
6308
6309 request->channels[i] = chan;
6310 i++;
6311 }
6312 }
6313 }
6314
6315 if (!i) {
6316 err = -EINVAL;
6317 goto out_free;
6318 }
6319
6320 request->n_channels = i;
6321
6322 i = 0;
6323 if (n_ssids) {
6324 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
6325 tmp) {
6326 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
6327 err = -EINVAL;
6328 goto out_free;
6329 }
6330 request->ssids[i].ssid_len = nla_len(attr);
6331 memcpy(request->ssids[i].ssid, nla_data(attr),
6332 nla_len(attr));
6333 i++;
6334 }
6335 }
6336
6337 i = 0;
6338 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
6339 nla_for_each_nested(attr,
6340 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
6341 tmp) {
6342 struct nlattr *ssid, *rssi;
6343
6344 err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
6345 nla_data(attr), nla_len(attr),
6346 nl80211_match_policy);
6347 if (err)
6348 goto out_free;
6349 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
6350 if (ssid) {
6351 if (WARN_ON(i >= n_match_sets)) {
6352
6353
6354
6355
6356 err = -EINVAL;
6357 goto out_free;
6358 }
6359
6360 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
6361 err = -EINVAL;
6362 goto out_free;
6363 }
6364 memcpy(request->match_sets[i].ssid.ssid,
6365 nla_data(ssid), nla_len(ssid));
6366 request->match_sets[i].ssid.ssid_len =
6367 nla_len(ssid);
6368
6369 request->match_sets[i].rssi_thold =
6370 default_match_rssi;
6371 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
6372 if (rssi)
6373 request->match_sets[i].rssi_thold =
6374 nla_get_s32(rssi);
6375 }
6376 i++;
6377 }
6378
6379
6380 if (i == 0 && n_match_sets)
6381 request->match_sets[0].rssi_thold = default_match_rssi;
6382
6383 request->min_rssi_thold = INT_MAX;
6384 for (i = 0; i < n_match_sets; i++)
6385 request->min_rssi_thold =
6386 min(request->match_sets[i].rssi_thold,
6387 request->min_rssi_thold);
6388 } else {
6389 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
6390 }
6391
6392 if (ie_len) {
6393 request->ie_len = ie_len;
6394 memcpy((void *)request->ie,
6395 nla_data(attrs[NL80211_ATTR_IE]),
6396 request->ie_len);
6397 }
6398
6399 if (attrs[NL80211_ATTR_SCAN_FLAGS]) {
6400 request->flags = nla_get_u32(
6401 attrs[NL80211_ATTR_SCAN_FLAGS]);
6402 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
6403 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
6404 err = -EOPNOTSUPP;
6405 goto out_free;
6406 }
6407
6408 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6409 u32 flg = NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
6410
6411 if (!wdev)
6412 flg = NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
6413
6414 if (!(wiphy->features & flg)) {
6415 err = -EOPNOTSUPP;
6416 goto out_free;
6417 }
6418
6419 if (wdev && wdev->current_bss) {
6420 err = -EOPNOTSUPP;
6421 goto out_free;
6422 }
6423
6424 err = nl80211_parse_random_mac(attrs, request->mac_addr,
6425 request->mac_addr_mask);
6426 if (err)
6427 goto out_free;
6428 }
6429 }
6430
6431 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
6432 request->delay =
6433 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
6434
6435 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
6436 if (err)
6437 goto out_free;
6438
6439 request->scan_start = jiffies;
6440
6441 return request;
6442
6443out_free:
6444 kfree(request);
6445 return ERR_PTR(err);
6446}
6447
6448static int nl80211_start_sched_scan(struct sk_buff *skb,
6449 struct genl_info *info)
6450{
6451 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6452 struct net_device *dev = info->user_ptr[1];
6453 struct wireless_dev *wdev = dev->ieee80211_ptr;
6454 struct cfg80211_sched_scan_request *sched_scan_req;
6455 int err;
6456
6457 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
6458 !rdev->ops->sched_scan_start)
6459 return -EOPNOTSUPP;
6460
6461 if (rdev->sched_scan_req)
6462 return -EINPROGRESS;
6463
6464 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
6465 info->attrs);
6466
6467 err = PTR_ERR_OR_ZERO(sched_scan_req);
6468 if (err)
6469 goto out_err;
6470
6471 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
6472 if (err)
6473 goto out_free;
6474
6475 sched_scan_req->dev = dev;
6476 sched_scan_req->wiphy = &rdev->wiphy;
6477
6478 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
6479 sched_scan_req->owner_nlportid = info->snd_portid;
6480
6481 rcu_assign_pointer(rdev->sched_scan_req, sched_scan_req);
6482
6483 nl80211_send_sched_scan(rdev, dev,
6484 NL80211_CMD_START_SCHED_SCAN);
6485 return 0;
6486
6487out_free:
6488 kfree(sched_scan_req);
6489out_err:
6490 return err;
6491}
6492
6493static int nl80211_stop_sched_scan(struct sk_buff *skb,
6494 struct genl_info *info)
6495{
6496 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6497
6498 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
6499 !rdev->ops->sched_scan_stop)
6500 return -EOPNOTSUPP;
6501
6502 return __cfg80211_stop_sched_scan(rdev, false);
6503}
6504
6505static int nl80211_start_radar_detection(struct sk_buff *skb,
6506 struct genl_info *info)
6507{
6508 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6509 struct net_device *dev = info->user_ptr[1];
6510 struct wireless_dev *wdev = dev->ieee80211_ptr;
6511 struct cfg80211_chan_def chandef;
6512 enum nl80211_dfs_regions dfs_region;
6513 unsigned int cac_time_ms;
6514 int err;
6515
6516 dfs_region = reg_get_dfs_region(wdev->wiphy);
6517 if (dfs_region == NL80211_DFS_UNSET)
6518 return -EINVAL;
6519
6520 err = nl80211_parse_chandef(rdev, info, &chandef);
6521 if (err)
6522 return err;
6523
6524 if (netif_carrier_ok(dev))
6525 return -EBUSY;
6526
6527 if (wdev->cac_started)
6528 return -EBUSY;
6529
6530 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
6531 wdev->iftype);
6532 if (err < 0)
6533 return err;
6534
6535 if (err == 0)
6536 return -EINVAL;
6537
6538 if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
6539 return -EINVAL;
6540
6541 if (!rdev->ops->start_radar_detection)
6542 return -EOPNOTSUPP;
6543
6544 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
6545 if (WARN_ON(!cac_time_ms))
6546 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
6547
6548 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
6549 if (!err) {
6550 wdev->chandef = chandef;
6551 wdev->cac_started = true;
6552 wdev->cac_start_time = jiffies;
6553 wdev->cac_time_ms = cac_time_ms;
6554 }
6555 return err;
6556}
6557
6558static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
6559{
6560 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6561 struct net_device *dev = info->user_ptr[1];
6562 struct wireless_dev *wdev = dev->ieee80211_ptr;
6563 struct cfg80211_csa_settings params;
6564
6565
6566
6567 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
6568 int err;
6569 bool need_new_beacon = false;
6570 int len, i;
6571 u32 cs_count;
6572
6573 if (!rdev->ops->channel_switch ||
6574 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
6575 return -EOPNOTSUPP;
6576
6577 switch (dev->ieee80211_ptr->iftype) {
6578 case NL80211_IFTYPE_AP:
6579 case NL80211_IFTYPE_P2P_GO:
6580 need_new_beacon = true;
6581
6582
6583 if (!wdev->beacon_interval)
6584 return -ENOTCONN;
6585 break;
6586 case NL80211_IFTYPE_ADHOC:
6587 if (!wdev->ssid_len)
6588 return -ENOTCONN;
6589 break;
6590 case NL80211_IFTYPE_MESH_POINT:
6591 if (!wdev->mesh_id_len)
6592 return -ENOTCONN;
6593 break;
6594 default:
6595 return -EOPNOTSUPP;
6596 }
6597
6598 memset(¶ms, 0, sizeof(params));
6599
6600 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
6601 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
6602 return -EINVAL;
6603
6604
6605 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
6606 return -EINVAL;
6607
6608
6609
6610
6611 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
6612 if (cs_count > 255)
6613 return -EINVAL;
6614
6615 params.count = cs_count;
6616
6617 if (!need_new_beacon)
6618 goto skip_beacons;
6619
6620 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon_after);
6621 if (err)
6622 return err;
6623
6624 err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
6625 info->attrs[NL80211_ATTR_CSA_IES],
6626 nl80211_policy);
6627 if (err)
6628 return err;
6629
6630 err = nl80211_parse_beacon(csa_attrs, ¶ms.beacon_csa);
6631 if (err)
6632 return err;
6633
6634 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
6635 return -EINVAL;
6636
6637 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
6638 if (!len || (len % sizeof(u16)))
6639 return -EINVAL;
6640
6641 params.n_counter_offsets_beacon = len / sizeof(u16);
6642 if (rdev->wiphy.max_num_csa_counters &&
6643 (params.n_counter_offsets_beacon >
6644 rdev->wiphy.max_num_csa_counters))
6645 return -EINVAL;
6646
6647 params.counter_offsets_beacon =
6648 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
6649
6650
6651 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
6652 u16 offset = params.counter_offsets_beacon[i];
6653
6654 if (offset >= params.beacon_csa.tail_len)
6655 return -EINVAL;
6656
6657 if (params.beacon_csa.tail[offset] != params.count)
6658 return -EINVAL;
6659 }
6660
6661 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
6662 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
6663 if (!len || (len % sizeof(u16)))
6664 return -EINVAL;
6665
6666 params.n_counter_offsets_presp = len / sizeof(u16);
6667 if (rdev->wiphy.max_num_csa_counters &&
6668 (params.n_counter_offsets_beacon >
6669 rdev->wiphy.max_num_csa_counters))
6670 return -EINVAL;
6671
6672 params.counter_offsets_presp =
6673 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
6674
6675
6676 for (i = 0; i < params.n_counter_offsets_presp; i++) {
6677 u16 offset = params.counter_offsets_presp[i];
6678
6679 if (offset >= params.beacon_csa.probe_resp_len)
6680 return -EINVAL;
6681
6682 if (params.beacon_csa.probe_resp[offset] !=
6683 params.count)
6684 return -EINVAL;
6685 }
6686 }
6687
6688skip_beacons:
6689 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
6690 if (err)
6691 return err;
6692
6693 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
6694 wdev->iftype))
6695 return -EINVAL;
6696
6697 err = cfg80211_chandef_dfs_required(wdev->wiphy,
6698 ¶ms.chandef,
6699 wdev->iftype);
6700 if (err < 0)
6701 return err;
6702
6703 if (err > 0)
6704 params.radar_required = true;
6705
6706 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
6707 params.block_tx = true;
6708
6709 wdev_lock(wdev);
6710 err = rdev_channel_switch(rdev, dev, ¶ms);
6711 wdev_unlock(wdev);
6712
6713 return err;
6714}
6715
6716static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
6717 u32 seq, int flags,
6718 struct cfg80211_registered_device *rdev,
6719 struct wireless_dev *wdev,
6720 struct cfg80211_internal_bss *intbss)
6721{
6722 struct cfg80211_bss *res = &intbss->pub;
6723 const struct cfg80211_bss_ies *ies;
6724 void *hdr;
6725 struct nlattr *bss;
6726
6727 ASSERT_WDEV_LOCK(wdev);
6728
6729 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6730 NL80211_CMD_NEW_SCAN_RESULTS);
6731 if (!hdr)
6732 return -1;
6733
6734 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
6735
6736 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
6737 goto nla_put_failure;
6738 if (wdev->netdev &&
6739 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
6740 goto nla_put_failure;
6741 if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
6742 goto nla_put_failure;
6743
6744 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
6745 if (!bss)
6746 goto nla_put_failure;
6747 if ((!is_zero_ether_addr(res->bssid) &&
6748 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
6749 goto nla_put_failure;
6750
6751 rcu_read_lock();
6752
6753 if (rcu_access_pointer(res->proberesp_ies) &&
6754 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
6755 goto fail_unlock_rcu;
6756
6757
6758
6759
6760 ies = rcu_dereference(res->ies);
6761 if (ies) {
6762 if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
6763 goto fail_unlock_rcu;
6764 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
6765 ies->len, ies->data))
6766 goto fail_unlock_rcu;
6767 }
6768
6769
6770 ies = rcu_dereference(res->beacon_ies);
6771 if (ies && ies->from_beacon) {
6772 if (nla_put_u64(msg, NL80211_BSS_BEACON_TSF, ies->tsf))
6773 goto fail_unlock_rcu;
6774 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
6775 ies->len, ies->data))
6776 goto fail_unlock_rcu;
6777 }
6778 rcu_read_unlock();
6779
6780 if (res->beacon_interval &&
6781 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
6782 goto nla_put_failure;
6783 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
6784 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
6785 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
6786 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
6787 jiffies_to_msecs(jiffies - intbss->ts)))
6788 goto nla_put_failure;
6789
6790 if (intbss->ts_boottime &&
6791 nla_put_u64(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
6792 intbss->ts_boottime))
6793 goto nla_put_failure;
6794
6795 switch (rdev->wiphy.signal_type) {
6796 case CFG80211_SIGNAL_TYPE_MBM:
6797 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
6798 goto nla_put_failure;
6799 break;
6800 case CFG80211_SIGNAL_TYPE_UNSPEC:
6801 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
6802 goto nla_put_failure;
6803 break;
6804 default:
6805 break;
6806 }
6807
6808 switch (wdev->iftype) {
6809 case NL80211_IFTYPE_P2P_CLIENT:
6810 case NL80211_IFTYPE_STATION:
6811 if (intbss == wdev->current_bss &&
6812 nla_put_u32(msg, NL80211_BSS_STATUS,
6813 NL80211_BSS_STATUS_ASSOCIATED))
6814 goto nla_put_failure;
6815 break;
6816 case NL80211_IFTYPE_ADHOC:
6817 if (intbss == wdev->current_bss &&
6818 nla_put_u32(msg, NL80211_BSS_STATUS,
6819 NL80211_BSS_STATUS_IBSS_JOINED))
6820 goto nla_put_failure;
6821 break;
6822 default:
6823 break;
6824 }
6825
6826 nla_nest_end(msg, bss);
6827
6828 genlmsg_end(msg, hdr);
6829 return 0;
6830
6831 fail_unlock_rcu:
6832 rcu_read_unlock();
6833 nla_put_failure:
6834 genlmsg_cancel(msg, hdr);
6835 return -EMSGSIZE;
6836}
6837
6838static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
6839{
6840 struct cfg80211_registered_device *rdev;
6841 struct cfg80211_internal_bss *scan;
6842 struct wireless_dev *wdev;
6843 int start = cb->args[2], idx = 0;
6844 int err;
6845
6846 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6847 if (err)
6848 return err;
6849
6850 wdev_lock(wdev);
6851 spin_lock_bh(&rdev->bss_lock);
6852 cfg80211_bss_expire(rdev);
6853
6854 cb->seq = rdev->bss_generation;
6855
6856 list_for_each_entry(scan, &rdev->bss_list, list) {
6857 if (++idx <= start)
6858 continue;
6859 if (nl80211_send_bss(skb, cb,
6860 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6861 rdev, wdev, scan) < 0) {
6862 idx--;
6863 break;
6864 }
6865 }
6866
6867 spin_unlock_bh(&rdev->bss_lock);
6868 wdev_unlock(wdev);
6869
6870 cb->args[2] = idx;
6871 nl80211_finish_wdev_dump(rdev);
6872
6873 return skb->len;
6874}
6875
6876static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
6877 int flags, struct net_device *dev,
6878 bool allow_radio_stats,
6879 struct survey_info *survey)
6880{
6881 void *hdr;
6882 struct nlattr *infoattr;
6883
6884
6885 if (!survey->channel && !allow_radio_stats)
6886 return 0;
6887
6888 hdr = nl80211hdr_put(msg, portid, seq, flags,
6889 NL80211_CMD_NEW_SURVEY_RESULTS);
6890 if (!hdr)
6891 return -ENOMEM;
6892
6893 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
6894 goto nla_put_failure;
6895
6896 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
6897 if (!infoattr)
6898 goto nla_put_failure;
6899
6900 if (survey->channel &&
6901 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
6902 survey->channel->center_freq))
6903 goto nla_put_failure;
6904
6905 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
6906 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
6907 goto nla_put_failure;
6908 if ((survey->filled & SURVEY_INFO_IN_USE) &&
6909 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
6910 goto nla_put_failure;
6911 if ((survey->filled & SURVEY_INFO_TIME) &&
6912 nla_put_u64(msg, NL80211_SURVEY_INFO_TIME,
6913 survey->time))
6914 goto nla_put_failure;
6915 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
6916 nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_BUSY,
6917 survey->time_busy))
6918 goto nla_put_failure;
6919 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
6920 nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
6921 survey->time_ext_busy))
6922 goto nla_put_failure;
6923 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
6924 nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_RX,
6925 survey->time_rx))
6926 goto nla_put_failure;
6927 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
6928 nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_TX,
6929 survey->time_tx))
6930 goto nla_put_failure;
6931 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
6932 nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_SCAN,
6933 survey->time_scan))
6934 goto nla_put_failure;
6935
6936 nla_nest_end(msg, infoattr);
6937
6938 genlmsg_end(msg, hdr);
6939 return 0;
6940
6941 nla_put_failure:
6942 genlmsg_cancel(msg, hdr);
6943 return -EMSGSIZE;
6944}
6945
6946static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
6947{
6948 struct survey_info survey;
6949 struct cfg80211_registered_device *rdev;
6950 struct wireless_dev *wdev;
6951 int survey_idx = cb->args[2];
6952 int res;
6953 bool radio_stats;
6954
6955 res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6956 if (res)
6957 return res;
6958
6959
6960 radio_stats = nl80211_fam.attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
6961
6962 if (!wdev->netdev) {
6963 res = -EINVAL;
6964 goto out_err;
6965 }
6966
6967 if (!rdev->ops->dump_survey) {
6968 res = -EOPNOTSUPP;
6969 goto out_err;
6970 }
6971
6972 while (1) {
6973 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
6974 if (res == -ENOENT)
6975 break;
6976 if (res)
6977 goto out_err;
6978
6979
6980 if (survey.channel &&
6981 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
6982 survey_idx++;
6983 continue;
6984 }
6985
6986 if (nl80211_send_survey(skb,
6987 NETLINK_CB(cb->skb).portid,
6988 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6989 wdev->netdev, radio_stats, &survey) < 0)
6990 goto out;
6991 survey_idx++;
6992 }
6993
6994 out:
6995 cb->args[2] = survey_idx;
6996 res = skb->len;
6997 out_err:
6998 nl80211_finish_wdev_dump(rdev);
6999 return res;
7000}
7001
7002static bool nl80211_valid_wpa_versions(u32 wpa_versions)
7003{
7004 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
7005 NL80211_WPA_VERSION_2));
7006}
7007
7008static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
7009{
7010 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7011 struct net_device *dev = info->user_ptr[1];
7012 struct ieee80211_channel *chan;
7013 const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
7014 int err, ssid_len, ie_len = 0, sae_data_len = 0;
7015 enum nl80211_auth_type auth_type;
7016 struct key_parse key;
7017 bool local_state_change;
7018
7019 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7020 return -EINVAL;
7021
7022 if (!info->attrs[NL80211_ATTR_MAC])
7023 return -EINVAL;
7024
7025 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
7026 return -EINVAL;
7027
7028 if (!info->attrs[NL80211_ATTR_SSID])
7029 return -EINVAL;
7030
7031 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
7032 return -EINVAL;
7033
7034 err = nl80211_parse_key(info, &key);
7035 if (err)
7036 return err;
7037
7038 if (key.idx >= 0) {
7039 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
7040 return -EINVAL;
7041 if (!key.p.key || !key.p.key_len)
7042 return -EINVAL;
7043 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
7044 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
7045 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
7046 key.p.key_len != WLAN_KEY_LEN_WEP104))
7047 return -EINVAL;
7048 if (key.idx > 4)
7049 return -EINVAL;
7050 } else {
7051 key.p.key_len = 0;
7052 key.p.key = NULL;
7053 }
7054
7055 if (key.idx >= 0) {
7056 int i;
7057 bool ok = false;
7058 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
7059 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
7060 ok = true;
7061 break;
7062 }
7063 }
7064 if (!ok)
7065 return -EINVAL;
7066 }
7067
7068 if (!rdev->ops->auth)
7069 return -EOPNOTSUPP;
7070
7071 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7072 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7073 return -EOPNOTSUPP;
7074
7075 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7076 chan = nl80211_get_valid_chan(&rdev->wiphy,
7077 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7078 if (!chan)
7079 return -EINVAL;
7080
7081 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7082 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7083
7084 if (info->attrs[NL80211_ATTR_IE]) {
7085 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7086 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7087 }
7088
7089 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7090 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
7091 return -EINVAL;
7092
7093 if (auth_type == NL80211_AUTHTYPE_SAE &&
7094 !info->attrs[NL80211_ATTR_SAE_DATA])
7095 return -EINVAL;
7096
7097 if (info->attrs[NL80211_ATTR_SAE_DATA]) {
7098 if (auth_type != NL80211_AUTHTYPE_SAE)
7099 return -EINVAL;
7100 sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
7101 sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
7102
7103 if (sae_data_len < 4)
7104 return -EINVAL;
7105 }
7106
7107 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7108
7109
7110
7111
7112
7113 if (local_state_change)
7114 return 0;
7115
7116 wdev_lock(dev->ieee80211_ptr);
7117 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
7118 ssid, ssid_len, ie, ie_len,
7119 key.p.key, key.p.key_len, key.idx,
7120 sae_data, sae_data_len);
7121 wdev_unlock(dev->ieee80211_ptr);
7122 return err;
7123}
7124
7125static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
7126 struct genl_info *info,
7127 struct cfg80211_crypto_settings *settings,
7128 int cipher_limit)
7129{
7130 memset(settings, 0, sizeof(*settings));
7131
7132 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
7133
7134 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
7135 u16 proto;
7136 proto = nla_get_u16(
7137 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
7138 settings->control_port_ethertype = cpu_to_be16(proto);
7139 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
7140 proto != ETH_P_PAE)
7141 return -EINVAL;
7142 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
7143 settings->control_port_no_encrypt = true;
7144 } else
7145 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
7146
7147 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
7148 void *data;
7149 int len, i;
7150
7151 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
7152 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
7153 settings->n_ciphers_pairwise = len / sizeof(u32);
7154
7155 if (len % sizeof(u32))
7156 return -EINVAL;
7157
7158 if (settings->n_ciphers_pairwise > cipher_limit)
7159 return -EINVAL;
7160
7161 memcpy(settings->ciphers_pairwise, data, len);
7162
7163 for (i = 0; i < settings->n_ciphers_pairwise; i++)
7164 if (!cfg80211_supported_cipher_suite(
7165 &rdev->wiphy,
7166 settings->ciphers_pairwise[i]))
7167 return -EINVAL;
7168 }
7169
7170 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
7171 settings->cipher_group =
7172 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
7173 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
7174 settings->cipher_group))
7175 return -EINVAL;
7176 }
7177
7178 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
7179 settings->wpa_versions =
7180 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
7181 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
7182 return -EINVAL;
7183 }
7184
7185 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
7186 void *data;
7187 int len;
7188
7189 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
7190 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
7191 settings->n_akm_suites = len / sizeof(u32);
7192
7193 if (len % sizeof(u32))
7194 return -EINVAL;
7195
7196 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
7197 return -EINVAL;
7198
7199 memcpy(settings->akm_suites, data, len);
7200 }
7201
7202 return 0;
7203}
7204
7205static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
7206{
7207 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7208 struct net_device *dev = info->user_ptr[1];
7209 struct ieee80211_channel *chan;
7210 struct cfg80211_assoc_request req = {};
7211 const u8 *bssid, *ssid;
7212 int err, ssid_len = 0;
7213
7214 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7215 return -EINVAL;
7216
7217 if (!info->attrs[NL80211_ATTR_MAC] ||
7218 !info->attrs[NL80211_ATTR_SSID] ||
7219 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
7220 return -EINVAL;
7221
7222 if (!rdev->ops->assoc)
7223 return -EOPNOTSUPP;
7224
7225 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7226 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7227 return -EOPNOTSUPP;
7228
7229 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7230
7231 chan = nl80211_get_valid_chan(&rdev->wiphy,
7232 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7233 if (!chan)
7234 return -EINVAL;
7235
7236 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7237 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7238
7239 if (info->attrs[NL80211_ATTR_IE]) {
7240 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7241 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7242 }
7243
7244 if (info->attrs[NL80211_ATTR_USE_MFP]) {
7245 enum nl80211_mfp mfp =
7246 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7247 if (mfp == NL80211_MFP_REQUIRED)
7248 req.use_mfp = true;
7249 else if (mfp != NL80211_MFP_NO)
7250 return -EINVAL;
7251 }
7252
7253 if (info->attrs[NL80211_ATTR_PREV_BSSID])
7254 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
7255
7256 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7257 req.flags |= ASSOC_REQ_DISABLE_HT;
7258
7259 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7260 memcpy(&req.ht_capa_mask,
7261 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7262 sizeof(req.ht_capa_mask));
7263
7264 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7265 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7266 return -EINVAL;
7267 memcpy(&req.ht_capa,
7268 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7269 sizeof(req.ht_capa));
7270 }
7271
7272 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7273 req.flags |= ASSOC_REQ_DISABLE_VHT;
7274
7275 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7276 memcpy(&req.vht_capa_mask,
7277 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7278 sizeof(req.vht_capa_mask));
7279
7280 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7281 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7282 return -EINVAL;
7283 memcpy(&req.vht_capa,
7284 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7285 sizeof(req.vht_capa));
7286 }
7287
7288 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
7289 if (!((rdev->wiphy.features &
7290 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
7291 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
7292 !wiphy_ext_feature_isset(&rdev->wiphy,
7293 NL80211_EXT_FEATURE_RRM))
7294 return -EINVAL;
7295 req.flags |= ASSOC_REQ_USE_RRM;
7296 }
7297
7298 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
7299 if (!err) {
7300 wdev_lock(dev->ieee80211_ptr);
7301 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
7302 ssid, ssid_len, &req);
7303 wdev_unlock(dev->ieee80211_ptr);
7304 }
7305
7306 return err;
7307}
7308
7309static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
7310{
7311 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7312 struct net_device *dev = info->user_ptr[1];
7313 const u8 *ie = NULL, *bssid;
7314 int ie_len = 0, err;
7315 u16 reason_code;
7316 bool local_state_change;
7317
7318 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7319 return -EINVAL;
7320
7321 if (!info->attrs[NL80211_ATTR_MAC])
7322 return -EINVAL;
7323
7324 if (!info->attrs[NL80211_ATTR_REASON_CODE])
7325 return -EINVAL;
7326
7327 if (!rdev->ops->deauth)
7328 return -EOPNOTSUPP;
7329
7330 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7331 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7332 return -EOPNOTSUPP;
7333
7334 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7335
7336 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7337 if (reason_code == 0) {
7338
7339 return -EINVAL;
7340 }
7341
7342 if (info->attrs[NL80211_ATTR_IE]) {
7343 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7344 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7345 }
7346
7347 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7348
7349 wdev_lock(dev->ieee80211_ptr);
7350 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
7351 local_state_change);
7352 wdev_unlock(dev->ieee80211_ptr);
7353 return err;
7354}
7355
7356static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
7357{
7358 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7359 struct net_device *dev = info->user_ptr[1];
7360 const u8 *ie = NULL, *bssid;
7361 int ie_len = 0, err;
7362 u16 reason_code;
7363 bool local_state_change;
7364
7365 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7366 return -EINVAL;
7367
7368 if (!info->attrs[NL80211_ATTR_MAC])
7369 return -EINVAL;
7370
7371 if (!info->attrs[NL80211_ATTR_REASON_CODE])
7372 return -EINVAL;
7373
7374 if (!rdev->ops->disassoc)
7375 return -EOPNOTSUPP;
7376
7377 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7378 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7379 return -EOPNOTSUPP;
7380
7381 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7382
7383 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7384 if (reason_code == 0) {
7385
7386 return -EINVAL;
7387 }
7388
7389 if (info->attrs[NL80211_ATTR_IE]) {
7390 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7391 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7392 }
7393
7394 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7395
7396 wdev_lock(dev->ieee80211_ptr);
7397 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
7398 local_state_change);
7399 wdev_unlock(dev->ieee80211_ptr);
7400 return err;
7401}
7402
7403static bool
7404nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
7405 int mcast_rate[IEEE80211_NUM_BANDS],
7406 int rateval)
7407{
7408 struct wiphy *wiphy = &rdev->wiphy;
7409 bool found = false;
7410 int band, i;
7411
7412 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
7413 struct ieee80211_supported_band *sband;
7414
7415 sband = wiphy->bands[band];
7416 if (!sband)
7417 continue;
7418
7419 for (i = 0; i < sband->n_bitrates; i++) {
7420 if (sband->bitrates[i].bitrate == rateval) {
7421 mcast_rate[band] = i + 1;
7422 found = true;
7423 break;
7424 }
7425 }
7426 }
7427
7428 return found;
7429}
7430
7431static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
7432{
7433 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7434 struct net_device *dev = info->user_ptr[1];
7435 struct cfg80211_ibss_params ibss;
7436 struct wiphy *wiphy;
7437 struct cfg80211_cached_keys *connkeys = NULL;
7438 int err;
7439
7440 memset(&ibss, 0, sizeof(ibss));
7441
7442 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7443 return -EINVAL;
7444
7445 if (!info->attrs[NL80211_ATTR_SSID] ||
7446 !nla_len(info->attrs[NL80211_ATTR_SSID]))
7447 return -EINVAL;
7448
7449 ibss.beacon_interval = 100;
7450
7451 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
7452 ibss.beacon_interval =
7453 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
7454 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
7455 return -EINVAL;
7456 }
7457
7458 if (!rdev->ops->join_ibss)
7459 return -EOPNOTSUPP;
7460
7461 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
7462 return -EOPNOTSUPP;
7463
7464 wiphy = &rdev->wiphy;
7465
7466 if (info->attrs[NL80211_ATTR_MAC]) {
7467 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7468
7469 if (!is_valid_ether_addr(ibss.bssid))
7470 return -EINVAL;
7471 }
7472 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7473 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7474
7475 if (info->attrs[NL80211_ATTR_IE]) {
7476 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7477 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7478 }
7479
7480 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
7481 if (err)
7482 return err;
7483
7484 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
7485 NL80211_IFTYPE_ADHOC))
7486 return -EINVAL;
7487
7488 switch (ibss.chandef.width) {
7489 case NL80211_CHAN_WIDTH_5:
7490 case NL80211_CHAN_WIDTH_10:
7491 case NL80211_CHAN_WIDTH_20_NOHT:
7492 break;
7493 case NL80211_CHAN_WIDTH_20:
7494 case NL80211_CHAN_WIDTH_40:
7495 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
7496 return -EINVAL;
7497 break;
7498 case NL80211_CHAN_WIDTH_80:
7499 case NL80211_CHAN_WIDTH_80P80:
7500 case NL80211_CHAN_WIDTH_160:
7501 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
7502 return -EINVAL;
7503 if (!wiphy_ext_feature_isset(&rdev->wiphy,
7504 NL80211_EXT_FEATURE_VHT_IBSS))
7505 return -EINVAL;
7506 break;
7507 default:
7508 return -EINVAL;
7509 }
7510
7511 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
7512 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
7513
7514 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
7515 u8 *rates =
7516 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7517 int n_rates =
7518 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7519 struct ieee80211_supported_band *sband =
7520 wiphy->bands[ibss.chandef.chan->band];
7521
7522 err = ieee80211_get_ratemask(sband, rates, n_rates,
7523 &ibss.basic_rates);
7524 if (err)
7525 return err;
7526 }
7527
7528 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7529 memcpy(&ibss.ht_capa_mask,
7530 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7531 sizeof(ibss.ht_capa_mask));
7532
7533 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7534 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7535 return -EINVAL;
7536 memcpy(&ibss.ht_capa,
7537 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7538 sizeof(ibss.ht_capa));
7539 }
7540
7541 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
7542 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
7543 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
7544 return -EINVAL;
7545
7546 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7547 bool no_ht = false;
7548
7549 connkeys = nl80211_parse_connkeys(rdev,
7550 info->attrs[NL80211_ATTR_KEYS],
7551 &no_ht);
7552 if (IS_ERR(connkeys))
7553 return PTR_ERR(connkeys);
7554
7555 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
7556 no_ht) {
7557 kzfree(connkeys);
7558 return -EINVAL;
7559 }
7560 }
7561
7562 ibss.control_port =
7563 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
7564
7565 ibss.userspace_handles_dfs =
7566 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
7567
7568 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
7569 if (err)
7570 kzfree(connkeys);
7571 return err;
7572}
7573
7574static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
7575{
7576 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7577 struct net_device *dev = info->user_ptr[1];
7578
7579 if (!rdev->ops->leave_ibss)
7580 return -EOPNOTSUPP;
7581
7582 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
7583 return -EOPNOTSUPP;
7584
7585 return cfg80211_leave_ibss(rdev, dev, false);
7586}
7587
7588static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
7589{
7590 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7591 struct net_device *dev = info->user_ptr[1];
7592 int mcast_rate[IEEE80211_NUM_BANDS];
7593 u32 nla_rate;
7594 int err;
7595
7596 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
7597 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
7598 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
7599 return -EOPNOTSUPP;
7600
7601 if (!rdev->ops->set_mcast_rate)
7602 return -EOPNOTSUPP;
7603
7604 memset(mcast_rate, 0, sizeof(mcast_rate));
7605
7606 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
7607 return -EINVAL;
7608
7609 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
7610 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
7611 return -EINVAL;
7612
7613 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
7614
7615 return err;
7616}
7617
7618static struct sk_buff *
7619__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
7620 struct wireless_dev *wdev, int approxlen,
7621 u32 portid, u32 seq, enum nl80211_commands cmd,
7622 enum nl80211_attrs attr,
7623 const struct nl80211_vendor_cmd_info *info,
7624 gfp_t gfp)
7625{
7626 struct sk_buff *skb;
7627 void *hdr;
7628 struct nlattr *data;
7629
7630 skb = nlmsg_new(approxlen + 100, gfp);
7631 if (!skb)
7632 return NULL;
7633
7634 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
7635 if (!hdr) {
7636 kfree_skb(skb);
7637 return NULL;
7638 }
7639
7640 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
7641 goto nla_put_failure;
7642
7643 if (info) {
7644 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
7645 info->vendor_id))
7646 goto nla_put_failure;
7647 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
7648 info->subcmd))
7649 goto nla_put_failure;
7650 }
7651
7652 if (wdev) {
7653 if (nla_put_u64(skb, NL80211_ATTR_WDEV,
7654 wdev_id(wdev)))
7655 goto nla_put_failure;
7656 if (wdev->netdev &&
7657 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
7658 wdev->netdev->ifindex))
7659 goto nla_put_failure;
7660 }
7661
7662 data = nla_nest_start(skb, attr);
7663
7664 ((void **)skb->cb)[0] = rdev;
7665 ((void **)skb->cb)[1] = hdr;
7666 ((void **)skb->cb)[2] = data;
7667
7668 return skb;
7669
7670 nla_put_failure:
7671 kfree_skb(skb);
7672 return NULL;
7673}
7674
7675struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
7676 struct wireless_dev *wdev,
7677 enum nl80211_commands cmd,
7678 enum nl80211_attrs attr,
7679 int vendor_event_idx,
7680 int approxlen, gfp_t gfp)
7681{
7682 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
7683 const struct nl80211_vendor_cmd_info *info;
7684
7685 switch (cmd) {
7686 case NL80211_CMD_TESTMODE:
7687 if (WARN_ON(vendor_event_idx != -1))
7688 return NULL;
7689 info = NULL;
7690 break;
7691 case NL80211_CMD_VENDOR:
7692 if (WARN_ON(vendor_event_idx < 0 ||
7693 vendor_event_idx >= wiphy->n_vendor_events))
7694 return NULL;
7695 info = &wiphy->vendor_events[vendor_event_idx];
7696 break;
7697 default:
7698 WARN_ON(1);
7699 return NULL;
7700 }
7701
7702 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
7703 cmd, attr, info, gfp);
7704}
7705EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
7706
7707void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
7708{
7709 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
7710 void *hdr = ((void **)skb->cb)[1];
7711 struct nlattr *data = ((void **)skb->cb)[2];
7712 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
7713
7714
7715 memset(skb->cb, 0, sizeof(skb->cb));
7716
7717 nla_nest_end(skb, data);
7718 genlmsg_end(skb, hdr);
7719
7720 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
7721 mcgrp = NL80211_MCGRP_VENDOR;
7722
7723 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
7724 mcgrp, gfp);
7725}
7726EXPORT_SYMBOL(__cfg80211_send_event_skb);
7727
7728#ifdef CONFIG_NL80211_TESTMODE
7729static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
7730{
7731 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7732 struct wireless_dev *wdev =
7733 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
7734 int err;
7735
7736 if (!rdev->ops->testmode_cmd)
7737 return -EOPNOTSUPP;
7738
7739 if (IS_ERR(wdev)) {
7740 err = PTR_ERR(wdev);
7741 if (err != -EINVAL)
7742 return err;
7743 wdev = NULL;
7744 } else if (wdev->wiphy != &rdev->wiphy) {
7745 return -EINVAL;
7746 }
7747
7748 if (!info->attrs[NL80211_ATTR_TESTDATA])
7749 return -EINVAL;
7750
7751 rdev->cur_cmd_info = info;
7752 err = rdev_testmode_cmd(rdev, wdev,
7753 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
7754 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
7755 rdev->cur_cmd_info = NULL;
7756
7757 return err;
7758}
7759
7760static int nl80211_testmode_dump(struct sk_buff *skb,
7761 struct netlink_callback *cb)
7762{
7763 struct cfg80211_registered_device *rdev;
7764 int err;
7765 long phy_idx;
7766 void *data = NULL;
7767 int data_len = 0;
7768
7769 rtnl_lock();
7770
7771 if (cb->args[0]) {
7772
7773
7774
7775
7776 phy_idx = cb->args[0] - 1;
7777 } else {
7778 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
7779 nl80211_fam.attrbuf, nl80211_fam.maxattr,
7780 nl80211_policy);
7781 if (err)
7782 goto out_err;
7783
7784 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
7785 nl80211_fam.attrbuf);
7786 if (IS_ERR(rdev)) {
7787 err = PTR_ERR(rdev);
7788 goto out_err;
7789 }
7790 phy_idx = rdev->wiphy_idx;
7791 rdev = NULL;
7792
7793 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
7794 cb->args[1] =
7795 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
7796 }
7797
7798 if (cb->args[1]) {
7799 data = nla_data((void *)cb->args[1]);
7800 data_len = nla_len((void *)cb->args[1]);
7801 }
7802
7803 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
7804 if (!rdev) {
7805 err = -ENOENT;
7806 goto out_err;
7807 }
7808
7809 if (!rdev->ops->testmode_dump) {
7810 err = -EOPNOTSUPP;
7811 goto out_err;
7812 }
7813
7814 while (1) {
7815 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
7816 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7817 NL80211_CMD_TESTMODE);
7818 struct nlattr *tmdata;
7819
7820 if (!hdr)
7821 break;
7822
7823 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
7824 genlmsg_cancel(skb, hdr);
7825 break;
7826 }
7827
7828 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
7829 if (!tmdata) {
7830 genlmsg_cancel(skb, hdr);
7831 break;
7832 }
7833 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
7834 nla_nest_end(skb, tmdata);
7835
7836 if (err == -ENOBUFS || err == -ENOENT) {
7837 genlmsg_cancel(skb, hdr);
7838 break;
7839 } else if (err) {
7840 genlmsg_cancel(skb, hdr);
7841 goto out_err;
7842 }
7843
7844 genlmsg_end(skb, hdr);
7845 }
7846
7847 err = skb->len;
7848
7849 cb->args[0] = phy_idx + 1;
7850 out_err:
7851 rtnl_unlock();
7852 return err;
7853}
7854#endif
7855
7856static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
7857{
7858 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7859 struct net_device *dev = info->user_ptr[1];
7860 struct cfg80211_connect_params connect;
7861 struct wiphy *wiphy;
7862 struct cfg80211_cached_keys *connkeys = NULL;
7863 int err;
7864
7865 memset(&connect, 0, sizeof(connect));
7866
7867 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7868 return -EINVAL;
7869
7870 if (!info->attrs[NL80211_ATTR_SSID] ||
7871 !nla_len(info->attrs[NL80211_ATTR_SSID]))
7872 return -EINVAL;
7873
7874 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
7875 connect.auth_type =
7876 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7877 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
7878 NL80211_CMD_CONNECT))
7879 return -EINVAL;
7880 } else
7881 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
7882
7883 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
7884
7885 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
7886 NL80211_MAX_NR_CIPHER_SUITES);
7887 if (err)
7888 return err;
7889
7890 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7891 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7892 return -EOPNOTSUPP;
7893
7894 wiphy = &rdev->wiphy;
7895
7896 connect.bg_scan_period = -1;
7897 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
7898 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
7899 connect.bg_scan_period =
7900 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
7901 }
7902
7903 if (info->attrs[NL80211_ATTR_MAC])
7904 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7905 else if (info->attrs[NL80211_ATTR_MAC_HINT])
7906 connect.bssid_hint =
7907 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
7908 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7909 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7910
7911 if (info->attrs[NL80211_ATTR_IE]) {
7912 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7913 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7914 }
7915
7916 if (info->attrs[NL80211_ATTR_USE_MFP]) {
7917 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7918 if (connect.mfp != NL80211_MFP_REQUIRED &&
7919 connect.mfp != NL80211_MFP_NO)
7920 return -EINVAL;
7921 } else {
7922 connect.mfp = NL80211_MFP_NO;
7923 }
7924
7925 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7926 connect.channel = nl80211_get_valid_chan(
7927 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7928 if (!connect.channel)
7929 return -EINVAL;
7930 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
7931 connect.channel_hint = nl80211_get_valid_chan(
7932 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
7933 if (!connect.channel_hint)
7934 return -EINVAL;
7935 }
7936
7937 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7938 connkeys = nl80211_parse_connkeys(rdev,
7939 info->attrs[NL80211_ATTR_KEYS], NULL);
7940 if (IS_ERR(connkeys))
7941 return PTR_ERR(connkeys);
7942 }
7943
7944 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7945 connect.flags |= ASSOC_REQ_DISABLE_HT;
7946
7947 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7948 memcpy(&connect.ht_capa_mask,
7949 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7950 sizeof(connect.ht_capa_mask));
7951
7952 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7953 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
7954 kzfree(connkeys);
7955 return -EINVAL;
7956 }
7957 memcpy(&connect.ht_capa,
7958 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7959 sizeof(connect.ht_capa));
7960 }
7961
7962 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7963 connect.flags |= ASSOC_REQ_DISABLE_VHT;
7964
7965 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7966 memcpy(&connect.vht_capa_mask,
7967 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7968 sizeof(connect.vht_capa_mask));
7969
7970 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7971 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
7972 kzfree(connkeys);
7973 return -EINVAL;
7974 }
7975 memcpy(&connect.vht_capa,
7976 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7977 sizeof(connect.vht_capa));
7978 }
7979
7980 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
7981 if (!((rdev->wiphy.features &
7982 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
7983 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
7984 !wiphy_ext_feature_isset(&rdev->wiphy,
7985 NL80211_EXT_FEATURE_RRM)) {
7986 kzfree(connkeys);
7987 return -EINVAL;
7988 }
7989 connect.flags |= ASSOC_REQ_USE_RRM;
7990 }
7991
7992 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
7993 if (connect.pbss && !rdev->wiphy.bands[IEEE80211_BAND_60GHZ]) {
7994 kzfree(connkeys);
7995 return -EOPNOTSUPP;
7996 }
7997
7998 wdev_lock(dev->ieee80211_ptr);
7999 err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
8000 wdev_unlock(dev->ieee80211_ptr);
8001 if (err)
8002 kzfree(connkeys);
8003 return err;
8004}
8005
8006static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
8007{
8008 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8009 struct net_device *dev = info->user_ptr[1];
8010 u16 reason;
8011 int ret;
8012
8013 if (!info->attrs[NL80211_ATTR_REASON_CODE])
8014 reason = WLAN_REASON_DEAUTH_LEAVING;
8015 else
8016 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8017
8018 if (reason == 0)
8019 return -EINVAL;
8020
8021 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8022 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8023 return -EOPNOTSUPP;
8024
8025 wdev_lock(dev->ieee80211_ptr);
8026 ret = cfg80211_disconnect(rdev, dev, reason, true);
8027 wdev_unlock(dev->ieee80211_ptr);
8028 return ret;
8029}
8030
8031static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
8032{
8033 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8034 struct net *net;
8035 int err;
8036
8037 if (info->attrs[NL80211_ATTR_PID]) {
8038 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
8039
8040 net = get_net_ns_by_pid(pid);
8041 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
8042 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
8043
8044 net = get_net_ns_by_fd(fd);
8045 } else {
8046 return -EINVAL;
8047 }
8048
8049 if (IS_ERR(net))
8050 return PTR_ERR(net);
8051
8052 err = 0;
8053
8054
8055 if (!net_eq(wiphy_net(&rdev->wiphy), net))
8056 err = cfg80211_switch_netns(rdev, net);
8057
8058 put_net(net);
8059 return err;
8060}
8061
8062static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
8063{
8064 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8065 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
8066 struct cfg80211_pmksa *pmksa) = NULL;
8067 struct net_device *dev = info->user_ptr[1];
8068 struct cfg80211_pmksa pmksa;
8069
8070 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
8071
8072 if (!info->attrs[NL80211_ATTR_MAC])
8073 return -EINVAL;
8074
8075 if (!info->attrs[NL80211_ATTR_PMKID])
8076 return -EINVAL;
8077
8078 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
8079 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8080
8081 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8082 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8083 return -EOPNOTSUPP;
8084
8085 switch (info->genlhdr->cmd) {
8086 case NL80211_CMD_SET_PMKSA:
8087 rdev_ops = rdev->ops->set_pmksa;
8088 break;
8089 case NL80211_CMD_DEL_PMKSA:
8090 rdev_ops = rdev->ops->del_pmksa;
8091 break;
8092 default:
8093 WARN_ON(1);
8094 break;
8095 }
8096
8097 if (!rdev_ops)
8098 return -EOPNOTSUPP;
8099
8100 return rdev_ops(&rdev->wiphy, dev, &pmksa);
8101}
8102
8103static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
8104{
8105 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8106 struct net_device *dev = info->user_ptr[1];
8107
8108 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8109 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8110 return -EOPNOTSUPP;
8111
8112 if (!rdev->ops->flush_pmksa)
8113 return -EOPNOTSUPP;
8114
8115 return rdev_flush_pmksa(rdev, dev);
8116}
8117
8118static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
8119{
8120 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8121 struct net_device *dev = info->user_ptr[1];
8122 u8 action_code, dialog_token;
8123 u32 peer_capability = 0;
8124 u16 status_code;
8125 u8 *peer;
8126 bool initiator;
8127
8128 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
8129 !rdev->ops->tdls_mgmt)
8130 return -EOPNOTSUPP;
8131
8132 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
8133 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
8134 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
8135 !info->attrs[NL80211_ATTR_IE] ||
8136 !info->attrs[NL80211_ATTR_MAC])
8137 return -EINVAL;
8138
8139 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
8140 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
8141 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
8142 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
8143 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
8144 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
8145 peer_capability =
8146 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
8147
8148 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
8149 dialog_token, status_code, peer_capability,
8150 initiator,
8151 nla_data(info->attrs[NL80211_ATTR_IE]),
8152 nla_len(info->attrs[NL80211_ATTR_IE]));
8153}
8154
8155static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
8156{
8157 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8158 struct net_device *dev = info->user_ptr[1];
8159 enum nl80211_tdls_operation operation;
8160 u8 *peer;
8161
8162 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
8163 !rdev->ops->tdls_oper)
8164 return -EOPNOTSUPP;
8165
8166 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
8167 !info->attrs[NL80211_ATTR_MAC])
8168 return -EINVAL;
8169
8170 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
8171 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
8172
8173 return rdev_tdls_oper(rdev, dev, peer, operation);
8174}
8175
8176static int nl80211_remain_on_channel(struct sk_buff *skb,
8177 struct genl_info *info)
8178{
8179 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8180 struct wireless_dev *wdev = info->user_ptr[1];
8181 struct cfg80211_chan_def chandef;
8182 struct sk_buff *msg;
8183 void *hdr;
8184 u64 cookie;
8185 u32 duration;
8186 int err;
8187
8188 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8189 !info->attrs[NL80211_ATTR_DURATION])
8190 return -EINVAL;
8191
8192 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
8193
8194 if (!rdev->ops->remain_on_channel ||
8195 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
8196 return -EOPNOTSUPP;
8197
8198
8199
8200
8201
8202 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
8203 duration > rdev->wiphy.max_remain_on_channel_duration)
8204 return -EINVAL;
8205
8206 err = nl80211_parse_chandef(rdev, info, &chandef);
8207 if (err)
8208 return err;
8209
8210 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8211 if (!msg)
8212 return -ENOMEM;
8213
8214 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8215 NL80211_CMD_REMAIN_ON_CHANNEL);
8216 if (!hdr) {
8217 err = -ENOBUFS;
8218 goto free_msg;
8219 }
8220
8221 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
8222 duration, &cookie);
8223
8224 if (err)
8225 goto free_msg;
8226
8227 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8228 goto nla_put_failure;
8229
8230 genlmsg_end(msg, hdr);
8231
8232 return genlmsg_reply(msg, info);
8233
8234 nla_put_failure:
8235 err = -ENOBUFS;
8236 free_msg:
8237 nlmsg_free(msg);
8238 return err;
8239}
8240
8241static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
8242 struct genl_info *info)
8243{
8244 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8245 struct wireless_dev *wdev = info->user_ptr[1];
8246 u64 cookie;
8247
8248 if (!info->attrs[NL80211_ATTR_COOKIE])
8249 return -EINVAL;
8250
8251 if (!rdev->ops->cancel_remain_on_channel)
8252 return -EOPNOTSUPP;
8253
8254 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8255
8256 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
8257}
8258
8259static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
8260 u8 *rates, u8 rates_len)
8261{
8262 u8 i;
8263 u32 mask = 0;
8264
8265 for (i = 0; i < rates_len; i++) {
8266 int rate = (rates[i] & 0x7f) * 5;
8267 int ridx;
8268 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
8269 struct ieee80211_rate *srate =
8270 &sband->bitrates[ridx];
8271 if (rate == srate->bitrate) {
8272 mask |= 1 << ridx;
8273 break;
8274 }
8275 }
8276 if (ridx == sband->n_bitrates)
8277 return 0;
8278 }
8279
8280 return mask;
8281}
8282
8283static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
8284 u8 *rates, u8 rates_len,
8285 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
8286{
8287 u8 i;
8288
8289 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
8290
8291 for (i = 0; i < rates_len; i++) {
8292 int ridx, rbit;
8293
8294 ridx = rates[i] / 8;
8295 rbit = BIT(rates[i] % 8);
8296
8297
8298 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
8299 return false;
8300
8301
8302 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
8303 mcs[ridx] |= rbit;
8304 else
8305 return false;
8306 }
8307
8308 return true;
8309}
8310
8311static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
8312{
8313 u16 mcs_mask = 0;
8314
8315 switch (vht_mcs_map) {
8316 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
8317 break;
8318 case IEEE80211_VHT_MCS_SUPPORT_0_7:
8319 mcs_mask = 0x00FF;
8320 break;
8321 case IEEE80211_VHT_MCS_SUPPORT_0_8:
8322 mcs_mask = 0x01FF;
8323 break;
8324 case IEEE80211_VHT_MCS_SUPPORT_0_9:
8325 mcs_mask = 0x03FF;
8326 break;
8327 default:
8328 break;
8329 }
8330
8331 return mcs_mask;
8332}
8333
8334static void vht_build_mcs_mask(u16 vht_mcs_map,
8335 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
8336{
8337 u8 nss;
8338
8339 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
8340 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
8341 vht_mcs_map >>= 2;
8342 }
8343}
8344
8345static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
8346 struct nl80211_txrate_vht *txrate,
8347 u16 mcs[NL80211_VHT_NSS_MAX])
8348{
8349 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8350 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
8351 u8 i;
8352
8353 if (!sband->vht_cap.vht_supported)
8354 return false;
8355
8356 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
8357
8358
8359 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
8360
8361 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8362 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
8363 mcs[i] = txrate->mcs[i];
8364 else
8365 return false;
8366 }
8367
8368 return true;
8369}
8370
8371static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
8372 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
8373 .len = NL80211_MAX_SUPP_RATES },
8374 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
8375 .len = NL80211_MAX_SUPP_HT_RATES },
8376 [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
8377 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
8378};
8379
8380static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
8381 struct genl_info *info)
8382{
8383 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
8384 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8385 struct cfg80211_bitrate_mask mask;
8386 int rem, i;
8387 struct net_device *dev = info->user_ptr[1];
8388 struct nlattr *tx_rates;
8389 struct ieee80211_supported_band *sband;
8390 u16 vht_tx_mcs_map;
8391
8392 if (!rdev->ops->set_bitrate_mask)
8393 return -EOPNOTSUPP;
8394
8395 memset(&mask, 0, sizeof(mask));
8396
8397 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
8398 sband = rdev->wiphy.bands[i];
8399
8400 if (!sband)
8401 continue;
8402
8403 mask.control[i].legacy = (1 << sband->n_bitrates) - 1;
8404 memcpy(mask.control[i].ht_mcs,
8405 sband->ht_cap.mcs.rx_mask,
8406 sizeof(mask.control[i].ht_mcs));
8407
8408 if (!sband->vht_cap.vht_supported)
8409 continue;
8410
8411 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8412 vht_build_mcs_mask(vht_tx_mcs_map, mask.control[i].vht_mcs);
8413 }
8414
8415
8416 if (!info->attrs[NL80211_ATTR_TX_RATES])
8417 goto out;
8418
8419
8420
8421
8422
8423 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
8424 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
8425 enum ieee80211_band band = nla_type(tx_rates);
8426 int err;
8427
8428 if (band < 0 || band >= IEEE80211_NUM_BANDS)
8429 return -EINVAL;
8430 sband = rdev->wiphy.bands[band];
8431 if (sband == NULL)
8432 return -EINVAL;
8433 err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
8434 nla_len(tx_rates), nl80211_txattr_policy);
8435 if (err)
8436 return err;
8437 if (tb[NL80211_TXRATE_LEGACY]) {
8438 mask.control[band].legacy = rateset_to_mask(
8439 sband,
8440 nla_data(tb[NL80211_TXRATE_LEGACY]),
8441 nla_len(tb[NL80211_TXRATE_LEGACY]));
8442 if ((mask.control[band].legacy == 0) &&
8443 nla_len(tb[NL80211_TXRATE_LEGACY]))
8444 return -EINVAL;
8445 }
8446 if (tb[NL80211_TXRATE_HT]) {
8447 if (!ht_rateset_to_mask(
8448 sband,
8449 nla_data(tb[NL80211_TXRATE_HT]),
8450 nla_len(tb[NL80211_TXRATE_HT]),
8451 mask.control[band].ht_mcs))
8452 return -EINVAL;
8453 }
8454 if (tb[NL80211_TXRATE_VHT]) {
8455 if (!vht_set_mcs_mask(
8456 sband,
8457 nla_data(tb[NL80211_TXRATE_VHT]),
8458 mask.control[band].vht_mcs))
8459 return -EINVAL;
8460 }
8461 if (tb[NL80211_TXRATE_GI]) {
8462 mask.control[band].gi =
8463 nla_get_u8(tb[NL80211_TXRATE_GI]);
8464 if (mask.control[band].gi > NL80211_TXRATE_FORCE_LGI)
8465 return -EINVAL;
8466 }
8467
8468 if (mask.control[band].legacy == 0) {
8469
8470
8471
8472 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
8473 rdev->wiphy.bands[band]->vht_cap.vht_supported))
8474 return -EINVAL;
8475
8476 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
8477 if (mask.control[band].ht_mcs[i])
8478 goto out;
8479
8480 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
8481 if (mask.control[band].vht_mcs[i])
8482 goto out;
8483
8484
8485 return -EINVAL;
8486 }
8487 }
8488
8489out:
8490 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
8491}
8492
8493static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
8494{
8495 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8496 struct wireless_dev *wdev = info->user_ptr[1];
8497 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
8498
8499 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
8500 return -EINVAL;
8501
8502 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
8503 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
8504
8505 switch (wdev->iftype) {
8506 case NL80211_IFTYPE_STATION:
8507 case NL80211_IFTYPE_ADHOC:
8508 case NL80211_IFTYPE_P2P_CLIENT:
8509 case NL80211_IFTYPE_AP:
8510 case NL80211_IFTYPE_AP_VLAN:
8511 case NL80211_IFTYPE_MESH_POINT:
8512 case NL80211_IFTYPE_P2P_GO:
8513 case NL80211_IFTYPE_P2P_DEVICE:
8514 break;
8515 default:
8516 return -EOPNOTSUPP;
8517 }
8518
8519
8520 if (!rdev->ops->mgmt_tx)
8521 return -EOPNOTSUPP;
8522
8523 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
8524 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
8525 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
8526}
8527
8528static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
8529{
8530 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8531 struct wireless_dev *wdev = info->user_ptr[1];
8532 struct cfg80211_chan_def chandef;
8533 int err;
8534 void *hdr = NULL;
8535 u64 cookie;
8536 struct sk_buff *msg = NULL;
8537 struct cfg80211_mgmt_tx_params params = {
8538 .dont_wait_for_ack =
8539 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
8540 };
8541
8542 if (!info->attrs[NL80211_ATTR_FRAME])
8543 return -EINVAL;
8544
8545 if (!rdev->ops->mgmt_tx)
8546 return -EOPNOTSUPP;
8547
8548 switch (wdev->iftype) {
8549 case NL80211_IFTYPE_P2P_DEVICE:
8550 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8551 return -EINVAL;
8552 case NL80211_IFTYPE_STATION:
8553 case NL80211_IFTYPE_ADHOC:
8554 case NL80211_IFTYPE_P2P_CLIENT:
8555 case NL80211_IFTYPE_AP:
8556 case NL80211_IFTYPE_AP_VLAN:
8557 case NL80211_IFTYPE_MESH_POINT:
8558 case NL80211_IFTYPE_P2P_GO:
8559 break;
8560 default:
8561 return -EOPNOTSUPP;
8562 }
8563
8564 if (info->attrs[NL80211_ATTR_DURATION]) {
8565 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
8566 return -EINVAL;
8567 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
8568
8569
8570
8571
8572
8573 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
8574 params.wait > rdev->wiphy.max_remain_on_channel_duration)
8575 return -EINVAL;
8576
8577 }
8578
8579 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
8580
8581 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
8582 return -EINVAL;
8583
8584 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
8585
8586
8587
8588
8589 chandef.chan = NULL;
8590 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8591 err = nl80211_parse_chandef(rdev, info, &chandef);
8592 if (err)
8593 return err;
8594 }
8595
8596 if (!chandef.chan && params.offchan)
8597 return -EINVAL;
8598
8599 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
8600 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
8601
8602 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
8603 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
8604 int i;
8605
8606 if (len % sizeof(u16))
8607 return -EINVAL;
8608
8609 params.n_csa_offsets = len / sizeof(u16);
8610 params.csa_offsets =
8611 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
8612
8613
8614 for (i = 0; i < params.n_csa_offsets; i++) {
8615 if (params.csa_offsets[i] >= params.len)
8616 return -EINVAL;
8617 }
8618 }
8619
8620 if (!params.dont_wait_for_ack) {
8621 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8622 if (!msg)
8623 return -ENOMEM;
8624
8625 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8626 NL80211_CMD_FRAME);
8627 if (!hdr) {
8628 err = -ENOBUFS;
8629 goto free_msg;
8630 }
8631 }
8632
8633 params.chan = chandef.chan;
8634 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie);
8635 if (err)
8636 goto free_msg;
8637
8638 if (msg) {
8639 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8640 goto nla_put_failure;
8641
8642 genlmsg_end(msg, hdr);
8643 return genlmsg_reply(msg, info);
8644 }
8645
8646 return 0;
8647
8648 nla_put_failure:
8649 err = -ENOBUFS;
8650 free_msg:
8651 nlmsg_free(msg);
8652 return err;
8653}
8654
8655static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
8656{
8657 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8658 struct wireless_dev *wdev = info->user_ptr[1];
8659 u64 cookie;
8660
8661 if (!info->attrs[NL80211_ATTR_COOKIE])
8662 return -EINVAL;
8663
8664 if (!rdev->ops->mgmt_tx_cancel_wait)
8665 return -EOPNOTSUPP;
8666
8667 switch (wdev->iftype) {
8668 case NL80211_IFTYPE_STATION:
8669 case NL80211_IFTYPE_ADHOC:
8670 case NL80211_IFTYPE_P2P_CLIENT:
8671 case NL80211_IFTYPE_AP:
8672 case NL80211_IFTYPE_AP_VLAN:
8673 case NL80211_IFTYPE_P2P_GO:
8674 case NL80211_IFTYPE_P2P_DEVICE:
8675 break;
8676 default:
8677 return -EOPNOTSUPP;
8678 }
8679
8680 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8681
8682 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
8683}
8684
8685static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
8686{
8687 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8688 struct wireless_dev *wdev;
8689 struct net_device *dev = info->user_ptr[1];
8690 u8 ps_state;
8691 bool state;
8692 int err;
8693
8694 if (!info->attrs[NL80211_ATTR_PS_STATE])
8695 return -EINVAL;
8696
8697 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
8698
8699 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
8700 return -EINVAL;
8701
8702 wdev = dev->ieee80211_ptr;
8703
8704 if (!rdev->ops->set_power_mgmt)
8705 return -EOPNOTSUPP;
8706
8707 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
8708
8709 if (state == wdev->ps)
8710 return 0;
8711
8712 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
8713 if (!err)
8714 wdev->ps = state;
8715 return err;
8716}
8717
8718static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
8719{
8720 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8721 enum nl80211_ps_state ps_state;
8722 struct wireless_dev *wdev;
8723 struct net_device *dev = info->user_ptr[1];
8724 struct sk_buff *msg;
8725 void *hdr;
8726 int err;
8727
8728 wdev = dev->ieee80211_ptr;
8729
8730 if (!rdev->ops->set_power_mgmt)
8731 return -EOPNOTSUPP;
8732
8733 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8734 if (!msg)
8735 return -ENOMEM;
8736
8737 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8738 NL80211_CMD_GET_POWER_SAVE);
8739 if (!hdr) {
8740 err = -ENOBUFS;
8741 goto free_msg;
8742 }
8743
8744 if (wdev->ps)
8745 ps_state = NL80211_PS_ENABLED;
8746 else
8747 ps_state = NL80211_PS_DISABLED;
8748
8749 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
8750 goto nla_put_failure;
8751
8752 genlmsg_end(msg, hdr);
8753 return genlmsg_reply(msg, info);
8754
8755 nla_put_failure:
8756 err = -ENOBUFS;
8757 free_msg:
8758 nlmsg_free(msg);
8759 return err;
8760}
8761
8762static const struct nla_policy
8763nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
8764 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
8765 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
8766 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
8767 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
8768 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
8769 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
8770};
8771
8772static int nl80211_set_cqm_txe(struct genl_info *info,
8773 u32 rate, u32 pkts, u32 intvl)
8774{
8775 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8776 struct net_device *dev = info->user_ptr[1];
8777 struct wireless_dev *wdev = dev->ieee80211_ptr;
8778
8779 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
8780 return -EINVAL;
8781
8782 if (!rdev->ops->set_cqm_txe_config)
8783 return -EOPNOTSUPP;
8784
8785 if (wdev->iftype != NL80211_IFTYPE_STATION &&
8786 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8787 return -EOPNOTSUPP;
8788
8789 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
8790}
8791
8792static int nl80211_set_cqm_rssi(struct genl_info *info,
8793 s32 threshold, u32 hysteresis)
8794{
8795 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8796 struct net_device *dev = info->user_ptr[1];
8797 struct wireless_dev *wdev = dev->ieee80211_ptr;
8798
8799 if (threshold > 0)
8800 return -EINVAL;
8801
8802
8803 if (threshold == 0)
8804 hysteresis = 0;
8805
8806 if (!rdev->ops->set_cqm_rssi_config)
8807 return -EOPNOTSUPP;
8808
8809 if (wdev->iftype != NL80211_IFTYPE_STATION &&
8810 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8811 return -EOPNOTSUPP;
8812
8813 return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
8814}
8815
8816static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
8817{
8818 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
8819 struct nlattr *cqm;
8820 int err;
8821
8822 cqm = info->attrs[NL80211_ATTR_CQM];
8823 if (!cqm)
8824 return -EINVAL;
8825
8826 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
8827 nl80211_attr_cqm_policy);
8828 if (err)
8829 return err;
8830
8831 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
8832 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
8833 s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
8834 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
8835
8836 return nl80211_set_cqm_rssi(info, threshold, hysteresis);
8837 }
8838
8839 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
8840 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
8841 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
8842 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
8843 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
8844 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
8845
8846 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
8847 }
8848
8849 return -EINVAL;
8850}
8851
8852static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
8853{
8854 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8855 struct net_device *dev = info->user_ptr[1];
8856 struct ocb_setup setup = {};
8857 int err;
8858
8859 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8860 if (err)
8861 return err;
8862
8863 return cfg80211_join_ocb(rdev, dev, &setup);
8864}
8865
8866static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
8867{
8868 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8869 struct net_device *dev = info->user_ptr[1];
8870
8871 return cfg80211_leave_ocb(rdev, dev);
8872}
8873
8874static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
8875{
8876 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8877 struct net_device *dev = info->user_ptr[1];
8878 struct mesh_config cfg;
8879 struct mesh_setup setup;
8880 int err;
8881
8882
8883 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
8884 memcpy(&setup, &default_mesh_setup, sizeof(setup));
8885
8886 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
8887
8888 err = nl80211_parse_mesh_config(info, &cfg, NULL);
8889 if (err)
8890 return err;
8891 }
8892
8893 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
8894 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
8895 return -EINVAL;
8896
8897 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
8898 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
8899
8900 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8901 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
8902 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8903 return -EINVAL;
8904
8905 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
8906 setup.beacon_interval =
8907 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8908 if (setup.beacon_interval < 10 ||
8909 setup.beacon_interval > 10000)
8910 return -EINVAL;
8911 }
8912
8913 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
8914 setup.dtim_period =
8915 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
8916 if (setup.dtim_period < 1 || setup.dtim_period > 100)
8917 return -EINVAL;
8918 }
8919
8920 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
8921
8922 err = nl80211_parse_mesh_setup(info, &setup);
8923 if (err)
8924 return err;
8925 }
8926
8927 if (setup.user_mpm)
8928 cfg.auto_open_plinks = false;
8929
8930 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8931 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8932 if (err)
8933 return err;
8934 } else {
8935
8936 setup.chandef.chan = NULL;
8937 }
8938
8939 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8940 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8941 int n_rates =
8942 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8943 struct ieee80211_supported_band *sband;
8944
8945 if (!setup.chandef.chan)
8946 return -EINVAL;
8947
8948 sband = rdev->wiphy.bands[setup.chandef.chan->band];
8949
8950 err = ieee80211_get_ratemask(sband, rates, n_rates,
8951 &setup.basic_rates);
8952 if (err)
8953 return err;
8954 }
8955
8956 return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
8957}
8958
8959static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
8960{
8961 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8962 struct net_device *dev = info->user_ptr[1];
8963
8964 return cfg80211_leave_mesh(rdev, dev);
8965}
8966
8967#ifdef CONFIG_PM
8968static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
8969 struct cfg80211_registered_device *rdev)
8970{
8971 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
8972 struct nlattr *nl_pats, *nl_pat;
8973 int i, pat_len;
8974
8975 if (!wowlan->n_patterns)
8976 return 0;
8977
8978 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
8979 if (!nl_pats)
8980 return -ENOBUFS;
8981
8982 for (i = 0; i < wowlan->n_patterns; i++) {
8983 nl_pat = nla_nest_start(msg, i + 1);
8984 if (!nl_pat)
8985 return -ENOBUFS;
8986 pat_len = wowlan->patterns[i].pattern_len;
8987 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
8988 wowlan->patterns[i].mask) ||
8989 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8990 wowlan->patterns[i].pattern) ||
8991 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8992 wowlan->patterns[i].pkt_offset))
8993 return -ENOBUFS;
8994 nla_nest_end(msg, nl_pat);
8995 }
8996 nla_nest_end(msg, nl_pats);
8997
8998 return 0;
8999}
9000
9001static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
9002 struct cfg80211_wowlan_tcp *tcp)
9003{
9004 struct nlattr *nl_tcp;
9005
9006 if (!tcp)
9007 return 0;
9008
9009 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
9010 if (!nl_tcp)
9011 return -ENOBUFS;
9012
9013 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
9014 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
9015 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
9016 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
9017 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
9018 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
9019 tcp->payload_len, tcp->payload) ||
9020 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
9021 tcp->data_interval) ||
9022 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
9023 tcp->wake_len, tcp->wake_data) ||
9024 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
9025 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
9026 return -ENOBUFS;
9027
9028 if (tcp->payload_seq.len &&
9029 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
9030 sizeof(tcp->payload_seq), &tcp->payload_seq))
9031 return -ENOBUFS;
9032
9033 if (tcp->payload_tok.len &&
9034 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
9035 sizeof(tcp->payload_tok) + tcp->tokens_size,
9036 &tcp->payload_tok))
9037 return -ENOBUFS;
9038
9039 nla_nest_end(msg, nl_tcp);
9040
9041 return 0;
9042}
9043
9044static int nl80211_send_wowlan_nd(struct sk_buff *msg,
9045 struct cfg80211_sched_scan_request *req)
9046{
9047 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
9048 int i;
9049
9050 if (!req)
9051 return 0;
9052
9053 nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
9054 if (!nd)
9055 return -ENOBUFS;
9056
9057 if (req->n_scan_plans == 1 &&
9058 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
9059 req->scan_plans[0].interval * 1000))
9060 return -ENOBUFS;
9061
9062 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
9063 return -ENOBUFS;
9064
9065 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
9066 if (!freqs)
9067 return -ENOBUFS;
9068
9069 for (i = 0; i < req->n_channels; i++)
9070 nla_put_u32(msg, i, req->channels[i]->center_freq);
9071
9072 nla_nest_end(msg, freqs);
9073
9074 if (req->n_match_sets) {
9075 matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
9076 for (i = 0; i < req->n_match_sets; i++) {
9077 match = nla_nest_start(msg, i);
9078 nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
9079 req->match_sets[i].ssid.ssid_len,
9080 req->match_sets[i].ssid.ssid);
9081 nla_nest_end(msg, match);
9082 }
9083 nla_nest_end(msg, matches);
9084 }
9085
9086 scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
9087 if (!scan_plans)
9088 return -ENOBUFS;
9089
9090 for (i = 0; i < req->n_scan_plans; i++) {
9091 scan_plan = nla_nest_start(msg, i + 1);
9092 if (!scan_plan ||
9093 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
9094 req->scan_plans[i].interval) ||
9095 (req->scan_plans[i].iterations &&
9096 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
9097 req->scan_plans[i].iterations)))
9098 return -ENOBUFS;
9099 nla_nest_end(msg, scan_plan);
9100 }
9101 nla_nest_end(msg, scan_plans);
9102
9103 nla_nest_end(msg, nd);
9104
9105 return 0;
9106}
9107
9108static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
9109{
9110 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9111 struct sk_buff *msg;
9112 void *hdr;
9113 u32 size = NLMSG_DEFAULT_SIZE;
9114
9115 if (!rdev->wiphy.wowlan)
9116 return -EOPNOTSUPP;
9117
9118 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
9119
9120 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
9121 rdev->wiphy.wowlan_config->tcp->payload_len +
9122 rdev->wiphy.wowlan_config->tcp->wake_len +
9123 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
9124 }
9125
9126 msg = nlmsg_new(size, GFP_KERNEL);
9127 if (!msg)
9128 return -ENOMEM;
9129
9130 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9131 NL80211_CMD_GET_WOWLAN);
9132 if (!hdr)
9133 goto nla_put_failure;
9134
9135 if (rdev->wiphy.wowlan_config) {
9136 struct nlattr *nl_wowlan;
9137
9138 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
9139 if (!nl_wowlan)
9140 goto nla_put_failure;
9141
9142 if ((rdev->wiphy.wowlan_config->any &&
9143 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
9144 (rdev->wiphy.wowlan_config->disconnect &&
9145 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
9146 (rdev->wiphy.wowlan_config->magic_pkt &&
9147 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
9148 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
9149 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
9150 (rdev->wiphy.wowlan_config->eap_identity_req &&
9151 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
9152 (rdev->wiphy.wowlan_config->four_way_handshake &&
9153 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
9154 (rdev->wiphy.wowlan_config->rfkill_release &&
9155 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
9156 goto nla_put_failure;
9157
9158 if (nl80211_send_wowlan_patterns(msg, rdev))
9159 goto nla_put_failure;
9160
9161 if (nl80211_send_wowlan_tcp(msg,
9162 rdev->wiphy.wowlan_config->tcp))
9163 goto nla_put_failure;
9164
9165 if (nl80211_send_wowlan_nd(
9166 msg,
9167 rdev->wiphy.wowlan_config->nd_config))
9168 goto nla_put_failure;
9169
9170 nla_nest_end(msg, nl_wowlan);
9171 }
9172
9173 genlmsg_end(msg, hdr);
9174 return genlmsg_reply(msg, info);
9175
9176nla_put_failure:
9177 nlmsg_free(msg);
9178 return -ENOBUFS;
9179}
9180
9181static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
9182 struct nlattr *attr,
9183 struct cfg80211_wowlan *trig)
9184{
9185 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
9186 struct cfg80211_wowlan_tcp *cfg;
9187 struct nl80211_wowlan_tcp_data_token *tok = NULL;
9188 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
9189 u32 size;
9190 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
9191 int err, port;
9192
9193 if (!rdev->wiphy.wowlan->tcp)
9194 return -EINVAL;
9195
9196 err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
9197 nla_data(attr), nla_len(attr),
9198 nl80211_wowlan_tcp_policy);
9199 if (err)
9200 return err;
9201
9202 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
9203 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
9204 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
9205 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
9206 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
9207 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
9208 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
9209 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
9210 return -EINVAL;
9211
9212 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
9213 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
9214 return -EINVAL;
9215
9216 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
9217 rdev->wiphy.wowlan->tcp->data_interval_max ||
9218 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
9219 return -EINVAL;
9220
9221 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
9222 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
9223 return -EINVAL;
9224
9225 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
9226 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
9227 return -EINVAL;
9228
9229 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
9230 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
9231
9232 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
9233 tokens_size = tokln - sizeof(*tok);
9234
9235 if (!tok->len || tokens_size % tok->len)
9236 return -EINVAL;
9237 if (!rdev->wiphy.wowlan->tcp->tok)
9238 return -EINVAL;
9239 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
9240 return -EINVAL;
9241 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
9242 return -EINVAL;
9243 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
9244 return -EINVAL;
9245 if (tok->offset + tok->len > data_size)
9246 return -EINVAL;
9247 }
9248
9249 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
9250 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
9251 if (!rdev->wiphy.wowlan->tcp->seq)
9252 return -EINVAL;
9253 if (seq->len == 0 || seq->len > 4)
9254 return -EINVAL;
9255 if (seq->len + seq->offset > data_size)
9256 return -EINVAL;
9257 }
9258
9259 size = sizeof(*cfg);
9260 size += data_size;
9261 size += wake_size + wake_mask_size;
9262 size += tokens_size;
9263
9264 cfg = kzalloc(size, GFP_KERNEL);
9265 if (!cfg)
9266 return -ENOMEM;
9267 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
9268 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
9269 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
9270 ETH_ALEN);
9271 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
9272 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
9273 else
9274 port = 0;
9275#ifdef CONFIG_INET
9276
9277 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
9278 IPPROTO_TCP, &cfg->sock, 1);
9279 if (err) {
9280 kfree(cfg);
9281 return err;
9282 }
9283 if (inet_csk_get_port(cfg->sock->sk, port)) {
9284 sock_release(cfg->sock);
9285 kfree(cfg);
9286 return -EADDRINUSE;
9287 }
9288 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
9289#else
9290 if (!port) {
9291 kfree(cfg);
9292 return -EINVAL;
9293 }
9294 cfg->src_port = port;
9295#endif
9296
9297 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
9298 cfg->payload_len = data_size;
9299 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
9300 memcpy((void *)cfg->payload,
9301 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
9302 data_size);
9303 if (seq)
9304 cfg->payload_seq = *seq;
9305 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
9306 cfg->wake_len = wake_size;
9307 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
9308 memcpy((void *)cfg->wake_data,
9309 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
9310 wake_size);
9311 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
9312 data_size + wake_size;
9313 memcpy((void *)cfg->wake_mask,
9314 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
9315 wake_mask_size);
9316 if (tok) {
9317 cfg->tokens_size = tokens_size;
9318 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
9319 }
9320
9321 trig->tcp = cfg;
9322
9323 return 0;
9324}
9325
9326static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
9327 const struct wiphy_wowlan_support *wowlan,
9328 struct nlattr *attr,
9329 struct cfg80211_wowlan *trig)
9330{
9331 struct nlattr **tb;
9332 int err;
9333
9334 tb = kzalloc(NUM_NL80211_ATTR * sizeof(*tb), GFP_KERNEL);
9335 if (!tb)
9336 return -ENOMEM;
9337
9338 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
9339 err = -EOPNOTSUPP;
9340 goto out;
9341 }
9342
9343 err = nla_parse(tb, NL80211_ATTR_MAX,
9344 nla_data(attr), nla_len(attr),
9345 nl80211_policy);
9346 if (err)
9347 goto out;
9348
9349 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb);
9350 err = PTR_ERR_OR_ZERO(trig->nd_config);
9351 if (err)
9352 trig->nd_config = NULL;
9353
9354out:
9355 kfree(tb);
9356 return err;
9357}
9358
9359static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
9360{
9361 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9362 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
9363 struct cfg80211_wowlan new_triggers = {};
9364 struct cfg80211_wowlan *ntrig;
9365 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
9366 int err, i;
9367 bool prev_enabled = rdev->wiphy.wowlan_config;
9368 bool regular = false;
9369
9370 if (!wowlan)
9371 return -EOPNOTSUPP;
9372
9373 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
9374 cfg80211_rdev_free_wowlan(rdev);
9375 rdev->wiphy.wowlan_config = NULL;
9376 goto set_wakeup;
9377 }
9378
9379 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
9380 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
9381 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
9382 nl80211_wowlan_policy);
9383 if (err)
9384 return err;
9385
9386 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
9387 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
9388 return -EINVAL;
9389 new_triggers.any = true;
9390 }
9391
9392 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
9393 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
9394 return -EINVAL;
9395 new_triggers.disconnect = true;
9396 regular = true;
9397 }
9398
9399 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
9400 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
9401 return -EINVAL;
9402 new_triggers.magic_pkt = true;
9403 regular = true;
9404 }
9405
9406 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
9407 return -EINVAL;
9408
9409 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
9410 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
9411 return -EINVAL;
9412 new_triggers.gtk_rekey_failure = true;
9413 regular = true;
9414 }
9415
9416 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
9417 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
9418 return -EINVAL;
9419 new_triggers.eap_identity_req = true;
9420 regular = true;
9421 }
9422
9423 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
9424 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
9425 return -EINVAL;
9426 new_triggers.four_way_handshake = true;
9427 regular = true;
9428 }
9429
9430 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
9431 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
9432 return -EINVAL;
9433 new_triggers.rfkill_release = true;
9434 regular = true;
9435 }
9436
9437 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
9438 struct nlattr *pat;
9439 int n_patterns = 0;
9440 int rem, pat_len, mask_len, pkt_offset;
9441 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
9442
9443 regular = true;
9444
9445 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
9446 rem)
9447 n_patterns++;
9448 if (n_patterns > wowlan->n_patterns)
9449 return -EINVAL;
9450
9451 new_triggers.patterns = kcalloc(n_patterns,
9452 sizeof(new_triggers.patterns[0]),
9453 GFP_KERNEL);
9454 if (!new_triggers.patterns)
9455 return -ENOMEM;
9456
9457 new_triggers.n_patterns = n_patterns;
9458 i = 0;
9459
9460 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
9461 rem) {
9462 u8 *mask_pat;
9463
9464 nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
9465 nla_len(pat), NULL);
9466 err = -EINVAL;
9467 if (!pat_tb[NL80211_PKTPAT_MASK] ||
9468 !pat_tb[NL80211_PKTPAT_PATTERN])
9469 goto error;
9470 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
9471 mask_len = DIV_ROUND_UP(pat_len, 8);
9472 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
9473 goto error;
9474 if (pat_len > wowlan->pattern_max_len ||
9475 pat_len < wowlan->pattern_min_len)
9476 goto error;
9477
9478 if (!pat_tb[NL80211_PKTPAT_OFFSET])
9479 pkt_offset = 0;
9480 else
9481 pkt_offset = nla_get_u32(
9482 pat_tb[NL80211_PKTPAT_OFFSET]);
9483 if (pkt_offset > wowlan->max_pkt_offset)
9484 goto error;
9485 new_triggers.patterns[i].pkt_offset = pkt_offset;
9486
9487 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
9488 if (!mask_pat) {
9489 err = -ENOMEM;
9490 goto error;
9491 }
9492 new_triggers.patterns[i].mask = mask_pat;
9493 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
9494 mask_len);
9495 mask_pat += mask_len;
9496 new_triggers.patterns[i].pattern = mask_pat;
9497 new_triggers.patterns[i].pattern_len = pat_len;
9498 memcpy(mask_pat,
9499 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
9500 pat_len);
9501 i++;
9502 }
9503 }
9504
9505 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
9506 regular = true;
9507 err = nl80211_parse_wowlan_tcp(
9508 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
9509 &new_triggers);
9510 if (err)
9511 goto error;
9512 }
9513
9514 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
9515 regular = true;
9516 err = nl80211_parse_wowlan_nd(
9517 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
9518 &new_triggers);
9519 if (err)
9520 goto error;
9521 }
9522
9523
9524
9525
9526
9527
9528
9529 if (new_triggers.any && regular) {
9530 err = -EINVAL;
9531 goto error;
9532 }
9533
9534 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
9535 if (!ntrig) {
9536 err = -ENOMEM;
9537 goto error;
9538 }
9539 cfg80211_rdev_free_wowlan(rdev);
9540 rdev->wiphy.wowlan_config = ntrig;
9541
9542 set_wakeup:
9543 if (rdev->ops->set_wakeup &&
9544 prev_enabled != !!rdev->wiphy.wowlan_config)
9545 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
9546
9547 return 0;
9548 error:
9549 for (i = 0; i < new_triggers.n_patterns; i++)
9550 kfree(new_triggers.patterns[i].mask);
9551 kfree(new_triggers.patterns);
9552 if (new_triggers.tcp && new_triggers.tcp->sock)
9553 sock_release(new_triggers.tcp->sock);
9554 kfree(new_triggers.tcp);
9555 kfree(new_triggers.nd_config);
9556 return err;
9557}
9558#endif
9559
9560static int nl80211_send_coalesce_rules(struct sk_buff *msg,
9561 struct cfg80211_registered_device *rdev)
9562{
9563 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
9564 int i, j, pat_len;
9565 struct cfg80211_coalesce_rules *rule;
9566
9567 if (!rdev->coalesce->n_rules)
9568 return 0;
9569
9570 nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
9571 if (!nl_rules)
9572 return -ENOBUFS;
9573
9574 for (i = 0; i < rdev->coalesce->n_rules; i++) {
9575 nl_rule = nla_nest_start(msg, i + 1);
9576 if (!nl_rule)
9577 return -ENOBUFS;
9578
9579 rule = &rdev->coalesce->rules[i];
9580 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
9581 rule->delay))
9582 return -ENOBUFS;
9583
9584 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
9585 rule->condition))
9586 return -ENOBUFS;
9587
9588 nl_pats = nla_nest_start(msg,
9589 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
9590 if (!nl_pats)
9591 return -ENOBUFS;
9592
9593 for (j = 0; j < rule->n_patterns; j++) {
9594 nl_pat = nla_nest_start(msg, j + 1);
9595 if (!nl_pat)
9596 return -ENOBUFS;
9597 pat_len = rule->patterns[j].pattern_len;
9598 if (nla_put(msg, NL80211_PKTPAT_MASK,
9599 DIV_ROUND_UP(pat_len, 8),
9600 rule->patterns[j].mask) ||
9601 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
9602 rule->patterns[j].pattern) ||
9603 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
9604 rule->patterns[j].pkt_offset))
9605 return -ENOBUFS;
9606 nla_nest_end(msg, nl_pat);
9607 }
9608 nla_nest_end(msg, nl_pats);
9609 nla_nest_end(msg, nl_rule);
9610 }
9611 nla_nest_end(msg, nl_rules);
9612
9613 return 0;
9614}
9615
9616static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
9617{
9618 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9619 struct sk_buff *msg;
9620 void *hdr;
9621
9622 if (!rdev->wiphy.coalesce)
9623 return -EOPNOTSUPP;
9624
9625 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9626 if (!msg)
9627 return -ENOMEM;
9628
9629 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9630 NL80211_CMD_GET_COALESCE);
9631 if (!hdr)
9632 goto nla_put_failure;
9633
9634 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
9635 goto nla_put_failure;
9636
9637 genlmsg_end(msg, hdr);
9638 return genlmsg_reply(msg, info);
9639
9640nla_put_failure:
9641 nlmsg_free(msg);
9642 return -ENOBUFS;
9643}
9644
9645void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
9646{
9647 struct cfg80211_coalesce *coalesce = rdev->coalesce;
9648 int i, j;
9649 struct cfg80211_coalesce_rules *rule;
9650
9651 if (!coalesce)
9652 return;
9653
9654 for (i = 0; i < coalesce->n_rules; i++) {
9655 rule = &coalesce->rules[i];
9656 for (j = 0; j < rule->n_patterns; j++)
9657 kfree(rule->patterns[j].mask);
9658 kfree(rule->patterns);
9659 }
9660 kfree(coalesce->rules);
9661 kfree(coalesce);
9662 rdev->coalesce = NULL;
9663}
9664
9665static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
9666 struct nlattr *rule,
9667 struct cfg80211_coalesce_rules *new_rule)
9668{
9669 int err, i;
9670 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
9671 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
9672 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
9673 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
9674
9675 err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
9676 nla_len(rule), nl80211_coalesce_policy);
9677 if (err)
9678 return err;
9679
9680 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
9681 new_rule->delay =
9682 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
9683 if (new_rule->delay > coalesce->max_delay)
9684 return -EINVAL;
9685
9686 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
9687 new_rule->condition =
9688 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
9689 if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
9690 new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
9691 return -EINVAL;
9692
9693 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
9694 return -EINVAL;
9695
9696 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
9697 rem)
9698 n_patterns++;
9699 if (n_patterns > coalesce->n_patterns)
9700 return -EINVAL;
9701
9702 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
9703 GFP_KERNEL);
9704 if (!new_rule->patterns)
9705 return -ENOMEM;
9706
9707 new_rule->n_patterns = n_patterns;
9708 i = 0;
9709
9710 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
9711 rem) {
9712 u8 *mask_pat;
9713
9714 nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
9715 nla_len(pat), NULL);
9716 if (!pat_tb[NL80211_PKTPAT_MASK] ||
9717 !pat_tb[NL80211_PKTPAT_PATTERN])
9718 return -EINVAL;
9719 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
9720 mask_len = DIV_ROUND_UP(pat_len, 8);
9721 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
9722 return -EINVAL;
9723 if (pat_len > coalesce->pattern_max_len ||
9724 pat_len < coalesce->pattern_min_len)
9725 return -EINVAL;
9726
9727 if (!pat_tb[NL80211_PKTPAT_OFFSET])
9728 pkt_offset = 0;
9729 else
9730 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
9731 if (pkt_offset > coalesce->max_pkt_offset)
9732 return -EINVAL;
9733 new_rule->patterns[i].pkt_offset = pkt_offset;
9734
9735 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
9736 if (!mask_pat)
9737 return -ENOMEM;
9738
9739 new_rule->patterns[i].mask = mask_pat;
9740 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
9741 mask_len);
9742
9743 mask_pat += mask_len;
9744 new_rule->patterns[i].pattern = mask_pat;
9745 new_rule->patterns[i].pattern_len = pat_len;
9746 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
9747 pat_len);
9748 i++;
9749 }
9750
9751 return 0;
9752}
9753
9754static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
9755{
9756 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9757 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
9758 struct cfg80211_coalesce new_coalesce = {};
9759 struct cfg80211_coalesce *n_coalesce;
9760 int err, rem_rule, n_rules = 0, i, j;
9761 struct nlattr *rule;
9762 struct cfg80211_coalesce_rules *tmp_rule;
9763
9764 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
9765 return -EOPNOTSUPP;
9766
9767 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
9768 cfg80211_rdev_free_coalesce(rdev);
9769 rdev_set_coalesce(rdev, NULL);
9770 return 0;
9771 }
9772
9773 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
9774 rem_rule)
9775 n_rules++;
9776 if (n_rules > coalesce->n_rules)
9777 return -EINVAL;
9778
9779 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
9780 GFP_KERNEL);
9781 if (!new_coalesce.rules)
9782 return -ENOMEM;
9783
9784 new_coalesce.n_rules = n_rules;
9785 i = 0;
9786
9787 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
9788 rem_rule) {
9789 err = nl80211_parse_coalesce_rule(rdev, rule,
9790 &new_coalesce.rules[i]);
9791 if (err)
9792 goto error;
9793
9794 i++;
9795 }
9796
9797 err = rdev_set_coalesce(rdev, &new_coalesce);
9798 if (err)
9799 goto error;
9800
9801 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
9802 if (!n_coalesce) {
9803 err = -ENOMEM;
9804 goto error;
9805 }
9806 cfg80211_rdev_free_coalesce(rdev);
9807 rdev->coalesce = n_coalesce;
9808
9809 return 0;
9810error:
9811 for (i = 0; i < new_coalesce.n_rules; i++) {
9812 tmp_rule = &new_coalesce.rules[i];
9813 for (j = 0; j < tmp_rule->n_patterns; j++)
9814 kfree(tmp_rule->patterns[j].mask);
9815 kfree(tmp_rule->patterns);
9816 }
9817 kfree(new_coalesce.rules);
9818
9819 return err;
9820}
9821
9822static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
9823{
9824 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9825 struct net_device *dev = info->user_ptr[1];
9826 struct wireless_dev *wdev = dev->ieee80211_ptr;
9827 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
9828 struct cfg80211_gtk_rekey_data rekey_data;
9829 int err;
9830
9831 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
9832 return -EINVAL;
9833
9834 err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
9835 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
9836 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
9837 nl80211_rekey_policy);
9838 if (err)
9839 return err;
9840
9841 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
9842 return -ERANGE;
9843 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
9844 return -ERANGE;
9845 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
9846 return -ERANGE;
9847
9848 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
9849 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
9850 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
9851
9852 wdev_lock(wdev);
9853 if (!wdev->current_bss) {
9854 err = -ENOTCONN;
9855 goto out;
9856 }
9857
9858 if (!rdev->ops->set_rekey_data) {
9859 err = -EOPNOTSUPP;
9860 goto out;
9861 }
9862
9863 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
9864 out:
9865 wdev_unlock(wdev);
9866 return err;
9867}
9868
9869static int nl80211_register_unexpected_frame(struct sk_buff *skb,
9870 struct genl_info *info)
9871{
9872 struct net_device *dev = info->user_ptr[1];
9873 struct wireless_dev *wdev = dev->ieee80211_ptr;
9874
9875 if (wdev->iftype != NL80211_IFTYPE_AP &&
9876 wdev->iftype != NL80211_IFTYPE_P2P_GO)
9877 return -EINVAL;
9878
9879 if (wdev->ap_unexpected_nlportid)
9880 return -EBUSY;
9881
9882 wdev->ap_unexpected_nlportid = info->snd_portid;
9883 return 0;
9884}
9885
9886static int nl80211_probe_client(struct sk_buff *skb,
9887 struct genl_info *info)
9888{
9889 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9890 struct net_device *dev = info->user_ptr[1];
9891 struct wireless_dev *wdev = dev->ieee80211_ptr;
9892 struct sk_buff *msg;
9893 void *hdr;
9894 const u8 *addr;
9895 u64 cookie;
9896 int err;
9897
9898 if (wdev->iftype != NL80211_IFTYPE_AP &&
9899 wdev->iftype != NL80211_IFTYPE_P2P_GO)
9900 return -EOPNOTSUPP;
9901
9902 if (!info->attrs[NL80211_ATTR_MAC])
9903 return -EINVAL;
9904
9905 if (!rdev->ops->probe_client)
9906 return -EOPNOTSUPP;
9907
9908 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9909 if (!msg)
9910 return -ENOMEM;
9911
9912 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9913 NL80211_CMD_PROBE_CLIENT);
9914 if (!hdr) {
9915 err = -ENOBUFS;
9916 goto free_msg;
9917 }
9918
9919 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
9920
9921 err = rdev_probe_client(rdev, dev, addr, &cookie);
9922 if (err)
9923 goto free_msg;
9924
9925 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
9926 goto nla_put_failure;
9927
9928 genlmsg_end(msg, hdr);
9929
9930 return genlmsg_reply(msg, info);
9931
9932 nla_put_failure:
9933 err = -ENOBUFS;
9934 free_msg:
9935 nlmsg_free(msg);
9936 return err;
9937}
9938
9939static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
9940{
9941 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9942 struct cfg80211_beacon_registration *reg, *nreg;
9943 int rv;
9944
9945 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
9946 return -EOPNOTSUPP;
9947
9948 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
9949 if (!nreg)
9950 return -ENOMEM;
9951
9952
9953 spin_lock_bh(&rdev->beacon_registrations_lock);
9954 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
9955 if (reg->nlportid == info->snd_portid) {
9956 rv = -EALREADY;
9957 goto out_err;
9958 }
9959 }
9960
9961 nreg->nlportid = info->snd_portid;
9962 list_add(&nreg->list, &rdev->beacon_registrations);
9963
9964 spin_unlock_bh(&rdev->beacon_registrations_lock);
9965
9966 return 0;
9967out_err:
9968 spin_unlock_bh(&rdev->beacon_registrations_lock);
9969 kfree(nreg);
9970 return rv;
9971}
9972
9973static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
9974{
9975 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9976 struct wireless_dev *wdev = info->user_ptr[1];
9977 int err;
9978
9979 if (!rdev->ops->start_p2p_device)
9980 return -EOPNOTSUPP;
9981
9982 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9983 return -EOPNOTSUPP;
9984
9985 if (wdev->p2p_started)
9986 return 0;
9987
9988 if (rfkill_blocked(rdev->rfkill))
9989 return -ERFKILL;
9990
9991 err = rdev_start_p2p_device(rdev, wdev);
9992 if (err)
9993 return err;
9994
9995 wdev->p2p_started = true;
9996 rdev->opencount++;
9997
9998 return 0;
9999}
10000
10001static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
10002{
10003 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10004 struct wireless_dev *wdev = info->user_ptr[1];
10005
10006 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
10007 return -EOPNOTSUPP;
10008
10009 if (!rdev->ops->stop_p2p_device)
10010 return -EOPNOTSUPP;
10011
10012 cfg80211_stop_p2p_device(rdev, wdev);
10013
10014 return 0;
10015}
10016
10017static int nl80211_get_protocol_features(struct sk_buff *skb,
10018 struct genl_info *info)
10019{
10020 void *hdr;
10021 struct sk_buff *msg;
10022
10023 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10024 if (!msg)
10025 return -ENOMEM;
10026
10027 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10028 NL80211_CMD_GET_PROTOCOL_FEATURES);
10029 if (!hdr)
10030 goto nla_put_failure;
10031
10032 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
10033 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
10034 goto nla_put_failure;
10035
10036 genlmsg_end(msg, hdr);
10037 return genlmsg_reply(msg, info);
10038
10039 nla_put_failure:
10040 kfree_skb(msg);
10041 return -ENOBUFS;
10042}
10043
10044static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
10045{
10046 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10047 struct cfg80211_update_ft_ies_params ft_params;
10048 struct net_device *dev = info->user_ptr[1];
10049
10050 if (!rdev->ops->update_ft_ies)
10051 return -EOPNOTSUPP;
10052
10053 if (!info->attrs[NL80211_ATTR_MDID] ||
10054 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
10055 return -EINVAL;
10056
10057 memset(&ft_params, 0, sizeof(ft_params));
10058 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
10059 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10060 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10061
10062 return rdev_update_ft_ies(rdev, dev, &ft_params);
10063}
10064
10065static int nl80211_crit_protocol_start(struct sk_buff *skb,
10066 struct genl_info *info)
10067{
10068 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10069 struct wireless_dev *wdev = info->user_ptr[1];
10070 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
10071 u16 duration;
10072 int ret;
10073
10074 if (!rdev->ops->crit_proto_start)
10075 return -EOPNOTSUPP;
10076
10077 if (WARN_ON(!rdev->ops->crit_proto_stop))
10078 return -EINVAL;
10079
10080 if (rdev->crit_proto_nlportid)
10081 return -EBUSY;
10082
10083
10084 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
10085 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
10086
10087 if (proto >= NUM_NL80211_CRIT_PROTO)
10088 return -EINVAL;
10089
10090
10091 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
10092 return -EINVAL;
10093
10094 duration =
10095 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
10096
10097 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
10098 return -ERANGE;
10099
10100 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
10101 if (!ret)
10102 rdev->crit_proto_nlportid = info->snd_portid;
10103
10104 return ret;
10105}
10106
10107static int nl80211_crit_protocol_stop(struct sk_buff *skb,
10108 struct genl_info *info)
10109{
10110 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10111 struct wireless_dev *wdev = info->user_ptr[1];
10112
10113 if (!rdev->ops->crit_proto_stop)
10114 return -EOPNOTSUPP;
10115
10116 if (rdev->crit_proto_nlportid) {
10117 rdev->crit_proto_nlportid = 0;
10118 rdev_crit_proto_stop(rdev, wdev);
10119 }
10120 return 0;
10121}
10122
10123static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
10124{
10125 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10126 struct wireless_dev *wdev =
10127 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
10128 int i, err;
10129 u32 vid, subcmd;
10130
10131 if (!rdev->wiphy.vendor_commands)
10132 return -EOPNOTSUPP;
10133
10134 if (IS_ERR(wdev)) {
10135 err = PTR_ERR(wdev);
10136 if (err != -EINVAL)
10137 return err;
10138 wdev = NULL;
10139 } else if (wdev->wiphy != &rdev->wiphy) {
10140 return -EINVAL;
10141 }
10142
10143 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
10144 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
10145 return -EINVAL;
10146
10147 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
10148 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
10149 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
10150 const struct wiphy_vendor_command *vcmd;
10151 void *data = NULL;
10152 int len = 0;
10153
10154 vcmd = &rdev->wiphy.vendor_commands[i];
10155
10156 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
10157 continue;
10158
10159 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
10160 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
10161 if (!wdev)
10162 return -EINVAL;
10163 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
10164 !wdev->netdev)
10165 return -EINVAL;
10166
10167 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
10168 if (wdev->netdev &&
10169 !netif_running(wdev->netdev))
10170 return -ENETDOWN;
10171 if (!wdev->netdev && !wdev->p2p_started)
10172 return -ENETDOWN;
10173 }
10174
10175 if (!vcmd->doit)
10176 return -EOPNOTSUPP;
10177 } else {
10178 wdev = NULL;
10179 }
10180
10181 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
10182 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
10183 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
10184 }
10185
10186 rdev->cur_cmd_info = info;
10187 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
10188 data, len);
10189 rdev->cur_cmd_info = NULL;
10190 return err;
10191 }
10192
10193 return -EOPNOTSUPP;
10194}
10195
10196static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
10197 struct netlink_callback *cb,
10198 struct cfg80211_registered_device **rdev,
10199 struct wireless_dev **wdev)
10200{
10201 u32 vid, subcmd;
10202 unsigned int i;
10203 int vcmd_idx = -1;
10204 int err;
10205 void *data = NULL;
10206 unsigned int data_len = 0;
10207
10208 rtnl_lock();
10209
10210 if (cb->args[0]) {
10211
10212 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
10213 struct wireless_dev *tmp;
10214
10215 if (!wiphy) {
10216 err = -ENODEV;
10217 goto out_unlock;
10218 }
10219 *rdev = wiphy_to_rdev(wiphy);
10220 *wdev = NULL;
10221
10222 if (cb->args[1]) {
10223 list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
10224 if (tmp->identifier == cb->args[1] - 1) {
10225 *wdev = tmp;
10226 break;
10227 }
10228 }
10229 }
10230
10231
10232 return 0;
10233 }
10234
10235 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
10236 nl80211_fam.attrbuf, nl80211_fam.maxattr,
10237 nl80211_policy);
10238 if (err)
10239 goto out_unlock;
10240
10241 if (!nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_ID] ||
10242 !nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
10243 err = -EINVAL;
10244 goto out_unlock;
10245 }
10246
10247 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
10248 nl80211_fam.attrbuf);
10249 if (IS_ERR(*wdev))
10250 *wdev = NULL;
10251
10252 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
10253 nl80211_fam.attrbuf);
10254 if (IS_ERR(*rdev)) {
10255 err = PTR_ERR(*rdev);
10256 goto out_unlock;
10257 }
10258
10259 vid = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_ID]);
10260 subcmd = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
10261
10262 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
10263 const struct wiphy_vendor_command *vcmd;
10264
10265 vcmd = &(*rdev)->wiphy.vendor_commands[i];
10266
10267 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
10268 continue;
10269
10270 if (!vcmd->dumpit) {
10271 err = -EOPNOTSUPP;
10272 goto out_unlock;
10273 }
10274
10275 vcmd_idx = i;
10276 break;
10277 }
10278
10279 if (vcmd_idx < 0) {
10280 err = -EOPNOTSUPP;
10281 goto out_unlock;
10282 }
10283
10284 if (nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]) {
10285 data = nla_data(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]);
10286 data_len = nla_len(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]);
10287 }
10288
10289
10290 cb->args[0] = (*rdev)->wiphy_idx + 1;
10291
10292 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
10293 cb->args[2] = vcmd_idx;
10294 cb->args[3] = (unsigned long)data;
10295 cb->args[4] = data_len;
10296
10297
10298 return 0;
10299 out_unlock:
10300 rtnl_unlock();
10301 return err;
10302}
10303
10304static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
10305 struct netlink_callback *cb)
10306{
10307 struct cfg80211_registered_device *rdev;
10308 struct wireless_dev *wdev;
10309 unsigned int vcmd_idx;
10310 const struct wiphy_vendor_command *vcmd;
10311 void *data;
10312 int data_len;
10313 int err;
10314 struct nlattr *vendor_data;
10315
10316 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
10317 if (err)
10318 return err;
10319
10320 vcmd_idx = cb->args[2];
10321 data = (void *)cb->args[3];
10322 data_len = cb->args[4];
10323 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
10324
10325 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
10326 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
10327 if (!wdev)
10328 return -EINVAL;
10329 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
10330 !wdev->netdev)
10331 return -EINVAL;
10332
10333 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
10334 if (wdev->netdev &&
10335 !netif_running(wdev->netdev))
10336 return -ENETDOWN;
10337 if (!wdev->netdev && !wdev->p2p_started)
10338 return -ENETDOWN;
10339 }
10340 }
10341
10342 while (1) {
10343 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
10344 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10345 NL80211_CMD_VENDOR);
10346 if (!hdr)
10347 break;
10348
10349 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10350 (wdev && nla_put_u64(skb, NL80211_ATTR_WDEV,
10351 wdev_id(wdev)))) {
10352 genlmsg_cancel(skb, hdr);
10353 break;
10354 }
10355
10356 vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
10357 if (!vendor_data) {
10358 genlmsg_cancel(skb, hdr);
10359 break;
10360 }
10361
10362 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
10363 (unsigned long *)&cb->args[5]);
10364 nla_nest_end(skb, vendor_data);
10365
10366 if (err == -ENOBUFS || err == -ENOENT) {
10367 genlmsg_cancel(skb, hdr);
10368 break;
10369 } else if (err) {
10370 genlmsg_cancel(skb, hdr);
10371 goto out;
10372 }
10373
10374 genlmsg_end(skb, hdr);
10375 }
10376
10377 err = skb->len;
10378 out:
10379 rtnl_unlock();
10380 return err;
10381}
10382
10383struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
10384 enum nl80211_commands cmd,
10385 enum nl80211_attrs attr,
10386 int approxlen)
10387{
10388 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10389
10390 if (WARN_ON(!rdev->cur_cmd_info))
10391 return NULL;
10392
10393 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
10394 rdev->cur_cmd_info->snd_portid,
10395 rdev->cur_cmd_info->snd_seq,
10396 cmd, attr, NULL, GFP_KERNEL);
10397}
10398EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
10399
10400int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
10401{
10402 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
10403 void *hdr = ((void **)skb->cb)[1];
10404 struct nlattr *data = ((void **)skb->cb)[2];
10405
10406
10407 memset(skb->cb, 0, sizeof(skb->cb));
10408
10409 if (WARN_ON(!rdev->cur_cmd_info)) {
10410 kfree_skb(skb);
10411 return -EINVAL;
10412 }
10413
10414 nla_nest_end(skb, data);
10415 genlmsg_end(skb, hdr);
10416 return genlmsg_reply(skb, rdev->cur_cmd_info);
10417}
10418EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
10419
10420
10421static int nl80211_set_qos_map(struct sk_buff *skb,
10422 struct genl_info *info)
10423{
10424 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10425 struct cfg80211_qos_map *qos_map = NULL;
10426 struct net_device *dev = info->user_ptr[1];
10427 u8 *pos, len, num_des, des_len, des;
10428 int ret;
10429
10430 if (!rdev->ops->set_qos_map)
10431 return -EOPNOTSUPP;
10432
10433 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
10434 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
10435 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
10436
10437 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
10438 len > IEEE80211_QOS_MAP_LEN_MAX)
10439 return -EINVAL;
10440
10441 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
10442 if (!qos_map)
10443 return -ENOMEM;
10444
10445 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
10446 if (num_des) {
10447 des_len = num_des *
10448 sizeof(struct cfg80211_dscp_exception);
10449 memcpy(qos_map->dscp_exception, pos, des_len);
10450 qos_map->num_des = num_des;
10451 for (des = 0; des < num_des; des++) {
10452 if (qos_map->dscp_exception[des].up > 7) {
10453 kfree(qos_map);
10454 return -EINVAL;
10455 }
10456 }
10457 pos += des_len;
10458 }
10459 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
10460 }
10461
10462 wdev_lock(dev->ieee80211_ptr);
10463 ret = nl80211_key_allowed(dev->ieee80211_ptr);
10464 if (!ret)
10465 ret = rdev_set_qos_map(rdev, dev, qos_map);
10466 wdev_unlock(dev->ieee80211_ptr);
10467
10468 kfree(qos_map);
10469 return ret;
10470}
10471
10472static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
10473{
10474 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10475 struct net_device *dev = info->user_ptr[1];
10476 struct wireless_dev *wdev = dev->ieee80211_ptr;
10477 const u8 *peer;
10478 u8 tsid, up;
10479 u16 admitted_time = 0;
10480 int err;
10481
10482 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
10483 return -EOPNOTSUPP;
10484
10485 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
10486 !info->attrs[NL80211_ATTR_USER_PRIO])
10487 return -EINVAL;
10488
10489 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
10490 if (tsid >= IEEE80211_NUM_TIDS)
10491 return -EINVAL;
10492
10493 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
10494 if (up >= IEEE80211_NUM_UPS)
10495 return -EINVAL;
10496
10497
10498 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
10499
10500
10501
10502
10503 return -EINVAL;
10504 }
10505
10506 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10507
10508 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
10509 admitted_time =
10510 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
10511 if (!admitted_time)
10512 return -EINVAL;
10513 }
10514
10515 wdev_lock(wdev);
10516 switch (wdev->iftype) {
10517 case NL80211_IFTYPE_STATION:
10518 case NL80211_IFTYPE_P2P_CLIENT:
10519 if (wdev->current_bss)
10520 break;
10521 err = -ENOTCONN;
10522 goto out;
10523 default:
10524 err = -EOPNOTSUPP;
10525 goto out;
10526 }
10527
10528 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
10529
10530 out:
10531 wdev_unlock(wdev);
10532 return err;
10533}
10534
10535static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
10536{
10537 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10538 struct net_device *dev = info->user_ptr[1];
10539 struct wireless_dev *wdev = dev->ieee80211_ptr;
10540 const u8 *peer;
10541 u8 tsid;
10542 int err;
10543
10544 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
10545 return -EINVAL;
10546
10547 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
10548 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10549
10550 wdev_lock(wdev);
10551 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
10552 wdev_unlock(wdev);
10553
10554 return err;
10555}
10556
10557static int nl80211_tdls_channel_switch(struct sk_buff *skb,
10558 struct genl_info *info)
10559{
10560 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10561 struct net_device *dev = info->user_ptr[1];
10562 struct wireless_dev *wdev = dev->ieee80211_ptr;
10563 struct cfg80211_chan_def chandef = {};
10564 const u8 *addr;
10565 u8 oper_class;
10566 int err;
10567
10568 if (!rdev->ops->tdls_channel_switch ||
10569 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
10570 return -EOPNOTSUPP;
10571
10572 switch (dev->ieee80211_ptr->iftype) {
10573 case NL80211_IFTYPE_STATION:
10574 case NL80211_IFTYPE_P2P_CLIENT:
10575 break;
10576 default:
10577 return -EOPNOTSUPP;
10578 }
10579
10580 if (!info->attrs[NL80211_ATTR_MAC] ||
10581 !info->attrs[NL80211_ATTR_OPER_CLASS])
10582 return -EINVAL;
10583
10584 err = nl80211_parse_chandef(rdev, info, &chandef);
10585 if (err)
10586 return err;
10587
10588
10589
10590
10591
10592
10593 if (chandef.chan->band == IEEE80211_BAND_2GHZ &&
10594 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
10595 chandef.width != NL80211_CHAN_WIDTH_20)
10596 return -EINVAL;
10597
10598
10599 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
10600 wdev->iftype))
10601 return -EINVAL;
10602
10603
10604 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
10605 return -EINVAL;
10606
10607 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10608 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
10609
10610 wdev_lock(wdev);
10611 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
10612 wdev_unlock(wdev);
10613
10614 return err;
10615}
10616
10617static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
10618 struct genl_info *info)
10619{
10620 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10621 struct net_device *dev = info->user_ptr[1];
10622 struct wireless_dev *wdev = dev->ieee80211_ptr;
10623 const u8 *addr;
10624
10625 if (!rdev->ops->tdls_channel_switch ||
10626 !rdev->ops->tdls_cancel_channel_switch ||
10627 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
10628 return -EOPNOTSUPP;
10629
10630 switch (dev->ieee80211_ptr->iftype) {
10631 case NL80211_IFTYPE_STATION:
10632 case NL80211_IFTYPE_P2P_CLIENT:
10633 break;
10634 default:
10635 return -EOPNOTSUPP;
10636 }
10637
10638 if (!info->attrs[NL80211_ATTR_MAC])
10639 return -EINVAL;
10640
10641 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10642
10643 wdev_lock(wdev);
10644 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
10645 wdev_unlock(wdev);
10646
10647 return 0;
10648}
10649
10650#define NL80211_FLAG_NEED_WIPHY 0x01
10651#define NL80211_FLAG_NEED_NETDEV 0x02
10652#define NL80211_FLAG_NEED_RTNL 0x04
10653#define NL80211_FLAG_CHECK_NETDEV_UP 0x08
10654#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
10655 NL80211_FLAG_CHECK_NETDEV_UP)
10656#define NL80211_FLAG_NEED_WDEV 0x10
10657
10658#define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
10659 NL80211_FLAG_CHECK_NETDEV_UP)
10660#define NL80211_FLAG_CLEAR_SKB 0x20
10661
10662static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
10663 struct genl_info *info)
10664{
10665 struct cfg80211_registered_device *rdev;
10666 struct wireless_dev *wdev;
10667 struct net_device *dev;
10668 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
10669
10670 if (rtnl)
10671 rtnl_lock();
10672
10673 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
10674 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
10675 if (IS_ERR(rdev)) {
10676 if (rtnl)
10677 rtnl_unlock();
10678 return PTR_ERR(rdev);
10679 }
10680 info->user_ptr[0] = rdev;
10681 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
10682 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
10683 ASSERT_RTNL();
10684
10685 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
10686 info->attrs);
10687 if (IS_ERR(wdev)) {
10688 if (rtnl)
10689 rtnl_unlock();
10690 return PTR_ERR(wdev);
10691 }
10692
10693 dev = wdev->netdev;
10694 rdev = wiphy_to_rdev(wdev->wiphy);
10695
10696 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
10697 if (!dev) {
10698 if (rtnl)
10699 rtnl_unlock();
10700 return -EINVAL;
10701 }
10702
10703 info->user_ptr[1] = dev;
10704 } else {
10705 info->user_ptr[1] = wdev;
10706 }
10707
10708 if (dev) {
10709 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
10710 !netif_running(dev)) {
10711 if (rtnl)
10712 rtnl_unlock();
10713 return -ENETDOWN;
10714 }
10715
10716 dev_hold(dev);
10717 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
10718 if (!wdev->p2p_started) {
10719 if (rtnl)
10720 rtnl_unlock();
10721 return -ENETDOWN;
10722 }
10723 }
10724
10725 info->user_ptr[0] = rdev;
10726 }
10727
10728 return 0;
10729}
10730
10731static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
10732 struct genl_info *info)
10733{
10734 if (info->user_ptr[1]) {
10735 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
10736 struct wireless_dev *wdev = info->user_ptr[1];
10737
10738 if (wdev->netdev)
10739 dev_put(wdev->netdev);
10740 } else {
10741 dev_put(info->user_ptr[1]);
10742 }
10743 }
10744
10745 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
10746 rtnl_unlock();
10747
10748
10749
10750
10751
10752
10753 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
10754 struct nlmsghdr *nlh = nlmsg_hdr(skb);
10755
10756 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
10757 }
10758}
10759
10760static const struct genl_ops nl80211_ops[] = {
10761 {
10762 .cmd = NL80211_CMD_GET_WIPHY,
10763 .doit = nl80211_get_wiphy,
10764 .dumpit = nl80211_dump_wiphy,
10765 .done = nl80211_dump_wiphy_done,
10766 .policy = nl80211_policy,
10767
10768 .internal_flags = NL80211_FLAG_NEED_WIPHY |
10769 NL80211_FLAG_NEED_RTNL,
10770 },
10771 {
10772 .cmd = NL80211_CMD_SET_WIPHY,
10773 .doit = nl80211_set_wiphy,
10774 .policy = nl80211_policy,
10775 .flags = GENL_ADMIN_PERM,
10776 .internal_flags = NL80211_FLAG_NEED_RTNL,
10777 },
10778 {
10779 .cmd = NL80211_CMD_GET_INTERFACE,
10780 .doit = nl80211_get_interface,
10781 .dumpit = nl80211_dump_interface,
10782 .policy = nl80211_policy,
10783
10784 .internal_flags = NL80211_FLAG_NEED_WDEV |
10785 NL80211_FLAG_NEED_RTNL,
10786 },
10787 {
10788 .cmd = NL80211_CMD_SET_INTERFACE,
10789 .doit = nl80211_set_interface,
10790 .policy = nl80211_policy,
10791 .flags = GENL_ADMIN_PERM,
10792 .internal_flags = NL80211_FLAG_NEED_NETDEV |
10793 NL80211_FLAG_NEED_RTNL,
10794 },
10795 {
10796 .cmd = NL80211_CMD_NEW_INTERFACE,
10797 .doit = nl80211_new_interface,
10798 .policy = nl80211_policy,
10799 .flags = GENL_ADMIN_PERM,
10800 .internal_flags = NL80211_FLAG_NEED_WIPHY |
10801 NL80211_FLAG_NEED_RTNL,
10802 },
10803 {
10804 .cmd = NL80211_CMD_DEL_INTERFACE,
10805 .doit = nl80211_del_interface,
10806 .policy = nl80211_policy,
10807 .flags = GENL_ADMIN_PERM,
10808 .internal_flags = NL80211_FLAG_NEED_WDEV |
10809 NL80211_FLAG_NEED_RTNL,
10810 },
10811 {
10812 .cmd = NL80211_CMD_GET_KEY,
10813 .doit = nl80211_get_key,
10814 .policy = nl80211_policy,
10815 .flags = GENL_ADMIN_PERM,
10816 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10817 NL80211_FLAG_NEED_RTNL,
10818 },
10819 {
10820 .cmd = NL80211_CMD_SET_KEY,
10821 .doit = nl80211_set_key,
10822 .policy = nl80211_policy,
10823 .flags = GENL_ADMIN_PERM,
10824 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10825 NL80211_FLAG_NEED_RTNL |
10826 NL80211_FLAG_CLEAR_SKB,
10827 },
10828 {
10829 .cmd = NL80211_CMD_NEW_KEY,
10830 .doit = nl80211_new_key,
10831 .policy = nl80211_policy,
10832 .flags = GENL_ADMIN_PERM,
10833 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10834 NL80211_FLAG_NEED_RTNL |
10835 NL80211_FLAG_CLEAR_SKB,
10836 },
10837 {
10838 .cmd = NL80211_CMD_DEL_KEY,
10839 .doit = nl80211_del_key,
10840 .policy = nl80211_policy,
10841 .flags = GENL_ADMIN_PERM,
10842 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10843 NL80211_FLAG_NEED_RTNL,
10844 },
10845 {
10846 .cmd = NL80211_CMD_SET_BEACON,
10847 .policy = nl80211_policy,
10848 .flags = GENL_ADMIN_PERM,
10849 .doit = nl80211_set_beacon,
10850 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10851 NL80211_FLAG_NEED_RTNL,
10852 },
10853 {
10854 .cmd = NL80211_CMD_START_AP,
10855 .policy = nl80211_policy,
10856 .flags = GENL_ADMIN_PERM,
10857 .doit = nl80211_start_ap,
10858 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10859 NL80211_FLAG_NEED_RTNL,
10860 },
10861 {
10862 .cmd = NL80211_CMD_STOP_AP,
10863 .policy = nl80211_policy,
10864 .flags = GENL_ADMIN_PERM,
10865 .doit = nl80211_stop_ap,
10866 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10867 NL80211_FLAG_NEED_RTNL,
10868 },
10869 {
10870 .cmd = NL80211_CMD_GET_STATION,
10871 .doit = nl80211_get_station,
10872 .dumpit = nl80211_dump_station,
10873 .policy = nl80211_policy,
10874 .internal_flags = NL80211_FLAG_NEED_NETDEV |
10875 NL80211_FLAG_NEED_RTNL,
10876 },
10877 {
10878 .cmd = NL80211_CMD_SET_STATION,
10879 .doit = nl80211_set_station,
10880 .policy = nl80211_policy,
10881 .flags = GENL_ADMIN_PERM,
10882 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10883 NL80211_FLAG_NEED_RTNL,
10884 },
10885 {
10886 .cmd = NL80211_CMD_NEW_STATION,
10887 .doit = nl80211_new_station,
10888 .policy = nl80211_policy,
10889 .flags = GENL_ADMIN_PERM,
10890 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10891 NL80211_FLAG_NEED_RTNL,
10892 },
10893 {
10894 .cmd = NL80211_CMD_DEL_STATION,
10895 .doit = nl80211_del_station,
10896 .policy = nl80211_policy,
10897 .flags = GENL_ADMIN_PERM,
10898 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10899 NL80211_FLAG_NEED_RTNL,
10900 },
10901 {
10902 .cmd = NL80211_CMD_GET_MPATH,
10903 .doit = nl80211_get_mpath,
10904 .dumpit = nl80211_dump_mpath,
10905 .policy = nl80211_policy,
10906 .flags = GENL_ADMIN_PERM,
10907 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10908 NL80211_FLAG_NEED_RTNL,
10909 },
10910 {
10911 .cmd = NL80211_CMD_GET_MPP,
10912 .doit = nl80211_get_mpp,
10913 .dumpit = nl80211_dump_mpp,
10914 .policy = nl80211_policy,
10915 .flags = GENL_ADMIN_PERM,
10916 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10917 NL80211_FLAG_NEED_RTNL,
10918 },
10919 {
10920 .cmd = NL80211_CMD_SET_MPATH,
10921 .doit = nl80211_set_mpath,
10922 .policy = nl80211_policy,
10923 .flags = GENL_ADMIN_PERM,
10924 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10925 NL80211_FLAG_NEED_RTNL,
10926 },
10927 {
10928 .cmd = NL80211_CMD_NEW_MPATH,
10929 .doit = nl80211_new_mpath,
10930 .policy = nl80211_policy,
10931 .flags = GENL_ADMIN_PERM,
10932 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10933 NL80211_FLAG_NEED_RTNL,
10934 },
10935 {
10936 .cmd = NL80211_CMD_DEL_MPATH,
10937 .doit = nl80211_del_mpath,
10938 .policy = nl80211_policy,
10939 .flags = GENL_ADMIN_PERM,
10940 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10941 NL80211_FLAG_NEED_RTNL,
10942 },
10943 {
10944 .cmd = NL80211_CMD_SET_BSS,
10945 .doit = nl80211_set_bss,
10946 .policy = nl80211_policy,
10947 .flags = GENL_ADMIN_PERM,
10948 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10949 NL80211_FLAG_NEED_RTNL,
10950 },
10951 {
10952 .cmd = NL80211_CMD_GET_REG,
10953 .doit = nl80211_get_reg_do,
10954 .dumpit = nl80211_get_reg_dump,
10955 .policy = nl80211_policy,
10956 .internal_flags = NL80211_FLAG_NEED_RTNL,
10957
10958 },
10959#ifdef CONFIG_CFG80211_CRDA_SUPPORT
10960 {
10961 .cmd = NL80211_CMD_SET_REG,
10962 .doit = nl80211_set_reg,
10963 .policy = nl80211_policy,
10964 .flags = GENL_ADMIN_PERM,
10965 .internal_flags = NL80211_FLAG_NEED_RTNL,
10966 },
10967#endif
10968 {
10969 .cmd = NL80211_CMD_REQ_SET_REG,
10970 .doit = nl80211_req_set_reg,
10971 .policy = nl80211_policy,
10972 .flags = GENL_ADMIN_PERM,
10973 },
10974 {
10975 .cmd = NL80211_CMD_GET_MESH_CONFIG,
10976 .doit = nl80211_get_mesh_config,
10977 .policy = nl80211_policy,
10978
10979 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10980 NL80211_FLAG_NEED_RTNL,
10981 },
10982 {
10983 .cmd = NL80211_CMD_SET_MESH_CONFIG,
10984 .doit = nl80211_update_mesh_config,
10985 .policy = nl80211_policy,
10986 .flags = GENL_ADMIN_PERM,
10987 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10988 NL80211_FLAG_NEED_RTNL,
10989 },
10990 {
10991 .cmd = NL80211_CMD_TRIGGER_SCAN,
10992 .doit = nl80211_trigger_scan,
10993 .policy = nl80211_policy,
10994 .flags = GENL_ADMIN_PERM,
10995 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10996 NL80211_FLAG_NEED_RTNL,
10997 },
10998 {
10999 .cmd = NL80211_CMD_ABORT_SCAN,
11000 .doit = nl80211_abort_scan,
11001 .policy = nl80211_policy,
11002 .flags = GENL_ADMIN_PERM,
11003 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11004 NL80211_FLAG_NEED_RTNL,
11005 },
11006 {
11007 .cmd = NL80211_CMD_GET_SCAN,
11008 .policy = nl80211_policy,
11009 .dumpit = nl80211_dump_scan,
11010 },
11011 {
11012 .cmd = NL80211_CMD_START_SCHED_SCAN,
11013 .doit = nl80211_start_sched_scan,
11014 .policy = nl80211_policy,
11015 .flags = GENL_ADMIN_PERM,
11016 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11017 NL80211_FLAG_NEED_RTNL,
11018 },
11019 {
11020 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
11021 .doit = nl80211_stop_sched_scan,
11022 .policy = nl80211_policy,
11023 .flags = GENL_ADMIN_PERM,
11024 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11025 NL80211_FLAG_NEED_RTNL,
11026 },
11027 {
11028 .cmd = NL80211_CMD_AUTHENTICATE,
11029 .doit = nl80211_authenticate,
11030 .policy = nl80211_policy,
11031 .flags = GENL_ADMIN_PERM,
11032 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11033 NL80211_FLAG_NEED_RTNL |
11034 NL80211_FLAG_CLEAR_SKB,
11035 },
11036 {
11037 .cmd = NL80211_CMD_ASSOCIATE,
11038 .doit = nl80211_associate,
11039 .policy = nl80211_policy,
11040 .flags = GENL_ADMIN_PERM,
11041 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11042 NL80211_FLAG_NEED_RTNL,
11043 },
11044 {
11045 .cmd = NL80211_CMD_DEAUTHENTICATE,
11046 .doit = nl80211_deauthenticate,
11047 .policy = nl80211_policy,
11048 .flags = GENL_ADMIN_PERM,
11049 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11050 NL80211_FLAG_NEED_RTNL,
11051 },
11052 {
11053 .cmd = NL80211_CMD_DISASSOCIATE,
11054 .doit = nl80211_disassociate,
11055 .policy = nl80211_policy,
11056 .flags = GENL_ADMIN_PERM,
11057 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11058 NL80211_FLAG_NEED_RTNL,
11059 },
11060 {
11061 .cmd = NL80211_CMD_JOIN_IBSS,
11062 .doit = nl80211_join_ibss,
11063 .policy = nl80211_policy,
11064 .flags = GENL_ADMIN_PERM,
11065 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11066 NL80211_FLAG_NEED_RTNL,
11067 },
11068 {
11069 .cmd = NL80211_CMD_LEAVE_IBSS,
11070 .doit = nl80211_leave_ibss,
11071 .policy = nl80211_policy,
11072 .flags = GENL_ADMIN_PERM,
11073 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11074 NL80211_FLAG_NEED_RTNL,
11075 },
11076#ifdef CONFIG_NL80211_TESTMODE
11077 {
11078 .cmd = NL80211_CMD_TESTMODE,
11079 .doit = nl80211_testmode_do,
11080 .dumpit = nl80211_testmode_dump,
11081 .policy = nl80211_policy,
11082 .flags = GENL_ADMIN_PERM,
11083 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11084 NL80211_FLAG_NEED_RTNL,
11085 },
11086#endif
11087 {
11088 .cmd = NL80211_CMD_CONNECT,
11089 .doit = nl80211_connect,
11090 .policy = nl80211_policy,
11091 .flags = GENL_ADMIN_PERM,
11092 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11093 NL80211_FLAG_NEED_RTNL,
11094 },
11095 {
11096 .cmd = NL80211_CMD_DISCONNECT,
11097 .doit = nl80211_disconnect,
11098 .policy = nl80211_policy,
11099 .flags = GENL_ADMIN_PERM,
11100 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11101 NL80211_FLAG_NEED_RTNL,
11102 },
11103 {
11104 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
11105 .doit = nl80211_wiphy_netns,
11106 .policy = nl80211_policy,
11107 .flags = GENL_ADMIN_PERM,
11108 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11109 NL80211_FLAG_NEED_RTNL,
11110 },
11111 {
11112 .cmd = NL80211_CMD_GET_SURVEY,
11113 .policy = nl80211_policy,
11114 .dumpit = nl80211_dump_survey,
11115 },
11116 {
11117 .cmd = NL80211_CMD_SET_PMKSA,
11118 .doit = nl80211_setdel_pmksa,
11119 .policy = nl80211_policy,
11120 .flags = GENL_ADMIN_PERM,
11121 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11122 NL80211_FLAG_NEED_RTNL,
11123 },
11124 {
11125 .cmd = NL80211_CMD_DEL_PMKSA,
11126 .doit = nl80211_setdel_pmksa,
11127 .policy = nl80211_policy,
11128 .flags = GENL_ADMIN_PERM,
11129 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11130 NL80211_FLAG_NEED_RTNL,
11131 },
11132 {
11133 .cmd = NL80211_CMD_FLUSH_PMKSA,
11134 .doit = nl80211_flush_pmksa,
11135 .policy = nl80211_policy,
11136 .flags = GENL_ADMIN_PERM,
11137 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11138 NL80211_FLAG_NEED_RTNL,
11139 },
11140 {
11141 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
11142 .doit = nl80211_remain_on_channel,
11143 .policy = nl80211_policy,
11144 .flags = GENL_ADMIN_PERM,
11145 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11146 NL80211_FLAG_NEED_RTNL,
11147 },
11148 {
11149 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
11150 .doit = nl80211_cancel_remain_on_channel,
11151 .policy = nl80211_policy,
11152 .flags = GENL_ADMIN_PERM,
11153 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11154 NL80211_FLAG_NEED_RTNL,
11155 },
11156 {
11157 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
11158 .doit = nl80211_set_tx_bitrate_mask,
11159 .policy = nl80211_policy,
11160 .flags = GENL_ADMIN_PERM,
11161 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11162 NL80211_FLAG_NEED_RTNL,
11163 },
11164 {
11165 .cmd = NL80211_CMD_REGISTER_FRAME,
11166 .doit = nl80211_register_mgmt,
11167 .policy = nl80211_policy,
11168 .flags = GENL_ADMIN_PERM,
11169 .internal_flags = NL80211_FLAG_NEED_WDEV |
11170 NL80211_FLAG_NEED_RTNL,
11171 },
11172 {
11173 .cmd = NL80211_CMD_FRAME,
11174 .doit = nl80211_tx_mgmt,
11175 .policy = nl80211_policy,
11176 .flags = GENL_ADMIN_PERM,
11177 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11178 NL80211_FLAG_NEED_RTNL,
11179 },
11180 {
11181 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
11182 .doit = nl80211_tx_mgmt_cancel_wait,
11183 .policy = nl80211_policy,
11184 .flags = GENL_ADMIN_PERM,
11185 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11186 NL80211_FLAG_NEED_RTNL,
11187 },
11188 {
11189 .cmd = NL80211_CMD_SET_POWER_SAVE,
11190 .doit = nl80211_set_power_save,
11191 .policy = nl80211_policy,
11192 .flags = GENL_ADMIN_PERM,
11193 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11194 NL80211_FLAG_NEED_RTNL,
11195 },
11196 {
11197 .cmd = NL80211_CMD_GET_POWER_SAVE,
11198 .doit = nl80211_get_power_save,
11199 .policy = nl80211_policy,
11200
11201 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11202 NL80211_FLAG_NEED_RTNL,
11203 },
11204 {
11205 .cmd = NL80211_CMD_SET_CQM,
11206 .doit = nl80211_set_cqm,
11207 .policy = nl80211_policy,
11208 .flags = GENL_ADMIN_PERM,
11209 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11210 NL80211_FLAG_NEED_RTNL,
11211 },
11212 {
11213 .cmd = NL80211_CMD_SET_CHANNEL,
11214 .doit = nl80211_set_channel,
11215 .policy = nl80211_policy,
11216 .flags = GENL_ADMIN_PERM,
11217 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11218 NL80211_FLAG_NEED_RTNL,
11219 },
11220 {
11221 .cmd = NL80211_CMD_SET_WDS_PEER,
11222 .doit = nl80211_set_wds_peer,
11223 .policy = nl80211_policy,
11224 .flags = GENL_ADMIN_PERM,
11225 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11226 NL80211_FLAG_NEED_RTNL,
11227 },
11228 {
11229 .cmd = NL80211_CMD_JOIN_MESH,
11230 .doit = nl80211_join_mesh,
11231 .policy = nl80211_policy,
11232 .flags = GENL_ADMIN_PERM,
11233 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11234 NL80211_FLAG_NEED_RTNL,
11235 },
11236 {
11237 .cmd = NL80211_CMD_LEAVE_MESH,
11238 .doit = nl80211_leave_mesh,
11239 .policy = nl80211_policy,
11240 .flags = GENL_ADMIN_PERM,
11241 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11242 NL80211_FLAG_NEED_RTNL,
11243 },
11244 {
11245 .cmd = NL80211_CMD_JOIN_OCB,
11246 .doit = nl80211_join_ocb,
11247 .policy = nl80211_policy,
11248 .flags = GENL_ADMIN_PERM,
11249 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11250 NL80211_FLAG_NEED_RTNL,
11251 },
11252 {
11253 .cmd = NL80211_CMD_LEAVE_OCB,
11254 .doit = nl80211_leave_ocb,
11255 .policy = nl80211_policy,
11256 .flags = GENL_ADMIN_PERM,
11257 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11258 NL80211_FLAG_NEED_RTNL,
11259 },
11260#ifdef CONFIG_PM
11261 {
11262 .cmd = NL80211_CMD_GET_WOWLAN,
11263 .doit = nl80211_get_wowlan,
11264 .policy = nl80211_policy,
11265
11266 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11267 NL80211_FLAG_NEED_RTNL,
11268 },
11269 {
11270 .cmd = NL80211_CMD_SET_WOWLAN,
11271 .doit = nl80211_set_wowlan,
11272 .policy = nl80211_policy,
11273 .flags = GENL_ADMIN_PERM,
11274 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11275 NL80211_FLAG_NEED_RTNL,
11276 },
11277#endif
11278 {
11279 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
11280 .doit = nl80211_set_rekey_data,
11281 .policy = nl80211_policy,
11282 .flags = GENL_ADMIN_PERM,
11283 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11284 NL80211_FLAG_NEED_RTNL |
11285 NL80211_FLAG_CLEAR_SKB,
11286 },
11287 {
11288 .cmd = NL80211_CMD_TDLS_MGMT,
11289 .doit = nl80211_tdls_mgmt,
11290 .policy = nl80211_policy,
11291 .flags = GENL_ADMIN_PERM,
11292 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11293 NL80211_FLAG_NEED_RTNL,
11294 },
11295 {
11296 .cmd = NL80211_CMD_TDLS_OPER,
11297 .doit = nl80211_tdls_oper,
11298 .policy = nl80211_policy,
11299 .flags = GENL_ADMIN_PERM,
11300 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11301 NL80211_FLAG_NEED_RTNL,
11302 },
11303 {
11304 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
11305 .doit = nl80211_register_unexpected_frame,
11306 .policy = nl80211_policy,
11307 .flags = GENL_ADMIN_PERM,
11308 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11309 NL80211_FLAG_NEED_RTNL,
11310 },
11311 {
11312 .cmd = NL80211_CMD_PROBE_CLIENT,
11313 .doit = nl80211_probe_client,
11314 .policy = nl80211_policy,
11315 .flags = GENL_ADMIN_PERM,
11316 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11317 NL80211_FLAG_NEED_RTNL,
11318 },
11319 {
11320 .cmd = NL80211_CMD_REGISTER_BEACONS,
11321 .doit = nl80211_register_beacons,
11322 .policy = nl80211_policy,
11323 .flags = GENL_ADMIN_PERM,
11324 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11325 NL80211_FLAG_NEED_RTNL,
11326 },
11327 {
11328 .cmd = NL80211_CMD_SET_NOACK_MAP,
11329 .doit = nl80211_set_noack_map,
11330 .policy = nl80211_policy,
11331 .flags = GENL_ADMIN_PERM,
11332 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11333 NL80211_FLAG_NEED_RTNL,
11334 },
11335 {
11336 .cmd = NL80211_CMD_START_P2P_DEVICE,
11337 .doit = nl80211_start_p2p_device,
11338 .policy = nl80211_policy,
11339 .flags = GENL_ADMIN_PERM,
11340 .internal_flags = NL80211_FLAG_NEED_WDEV |
11341 NL80211_FLAG_NEED_RTNL,
11342 },
11343 {
11344 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
11345 .doit = nl80211_stop_p2p_device,
11346 .policy = nl80211_policy,
11347 .flags = GENL_ADMIN_PERM,
11348 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11349 NL80211_FLAG_NEED_RTNL,
11350 },
11351 {
11352 .cmd = NL80211_CMD_SET_MCAST_RATE,
11353 .doit = nl80211_set_mcast_rate,
11354 .policy = nl80211_policy,
11355 .flags = GENL_ADMIN_PERM,
11356 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11357 NL80211_FLAG_NEED_RTNL,
11358 },
11359 {
11360 .cmd = NL80211_CMD_SET_MAC_ACL,
11361 .doit = nl80211_set_mac_acl,
11362 .policy = nl80211_policy,
11363 .flags = GENL_ADMIN_PERM,
11364 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11365 NL80211_FLAG_NEED_RTNL,
11366 },
11367 {
11368 .cmd = NL80211_CMD_RADAR_DETECT,
11369 .doit = nl80211_start_radar_detection,
11370 .policy = nl80211_policy,
11371 .flags = GENL_ADMIN_PERM,
11372 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11373 NL80211_FLAG_NEED_RTNL,
11374 },
11375 {
11376 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
11377 .doit = nl80211_get_protocol_features,
11378 .policy = nl80211_policy,
11379 },
11380 {
11381 .cmd = NL80211_CMD_UPDATE_FT_IES,
11382 .doit = nl80211_update_ft_ies,
11383 .policy = nl80211_policy,
11384 .flags = GENL_ADMIN_PERM,
11385 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11386 NL80211_FLAG_NEED_RTNL,
11387 },
11388 {
11389 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
11390 .doit = nl80211_crit_protocol_start,
11391 .policy = nl80211_policy,
11392 .flags = GENL_ADMIN_PERM,
11393 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11394 NL80211_FLAG_NEED_RTNL,
11395 },
11396 {
11397 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
11398 .doit = nl80211_crit_protocol_stop,
11399 .policy = nl80211_policy,
11400 .flags = GENL_ADMIN_PERM,
11401 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11402 NL80211_FLAG_NEED_RTNL,
11403 },
11404 {
11405 .cmd = NL80211_CMD_GET_COALESCE,
11406 .doit = nl80211_get_coalesce,
11407 .policy = nl80211_policy,
11408 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11409 NL80211_FLAG_NEED_RTNL,
11410 },
11411 {
11412 .cmd = NL80211_CMD_SET_COALESCE,
11413 .doit = nl80211_set_coalesce,
11414 .policy = nl80211_policy,
11415 .flags = GENL_ADMIN_PERM,
11416 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11417 NL80211_FLAG_NEED_RTNL,
11418 },
11419 {
11420 .cmd = NL80211_CMD_CHANNEL_SWITCH,
11421 .doit = nl80211_channel_switch,
11422 .policy = nl80211_policy,
11423 .flags = GENL_ADMIN_PERM,
11424 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11425 NL80211_FLAG_NEED_RTNL,
11426 },
11427 {
11428 .cmd = NL80211_CMD_VENDOR,
11429 .doit = nl80211_vendor_cmd,
11430 .dumpit = nl80211_vendor_cmd_dump,
11431 .policy = nl80211_policy,
11432 .flags = GENL_ADMIN_PERM,
11433 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11434 NL80211_FLAG_NEED_RTNL,
11435 },
11436 {
11437 .cmd = NL80211_CMD_SET_QOS_MAP,
11438 .doit = nl80211_set_qos_map,
11439 .policy = nl80211_policy,
11440 .flags = GENL_ADMIN_PERM,
11441 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11442 NL80211_FLAG_NEED_RTNL,
11443 },
11444 {
11445 .cmd = NL80211_CMD_ADD_TX_TS,
11446 .doit = nl80211_add_tx_ts,
11447 .policy = nl80211_policy,
11448 .flags = GENL_ADMIN_PERM,
11449 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11450 NL80211_FLAG_NEED_RTNL,
11451 },
11452 {
11453 .cmd = NL80211_CMD_DEL_TX_TS,
11454 .doit = nl80211_del_tx_ts,
11455 .policy = nl80211_policy,
11456 .flags = GENL_ADMIN_PERM,
11457 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11458 NL80211_FLAG_NEED_RTNL,
11459 },
11460 {
11461 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
11462 .doit = nl80211_tdls_channel_switch,
11463 .policy = nl80211_policy,
11464 .flags = GENL_ADMIN_PERM,
11465 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11466 NL80211_FLAG_NEED_RTNL,
11467 },
11468 {
11469 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
11470 .doit = nl80211_tdls_cancel_channel_switch,
11471 .policy = nl80211_policy,
11472 .flags = GENL_ADMIN_PERM,
11473 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11474 NL80211_FLAG_NEED_RTNL,
11475 },
11476};
11477
11478
11479
11480void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
11481 enum nl80211_commands cmd)
11482{
11483 struct sk_buff *msg;
11484 struct nl80211_dump_wiphy_state state = {};
11485
11486 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
11487 cmd != NL80211_CMD_DEL_WIPHY);
11488
11489 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11490 if (!msg)
11491 return;
11492
11493 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
11494 nlmsg_free(msg);
11495 return;
11496 }
11497
11498 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11499 NL80211_MCGRP_CONFIG, GFP_KERNEL);
11500}
11501
11502static int nl80211_add_scan_req(struct sk_buff *msg,
11503 struct cfg80211_registered_device *rdev)
11504{
11505 struct cfg80211_scan_request *req = rdev->scan_req;
11506 struct nlattr *nest;
11507 int i;
11508
11509 if (WARN_ON(!req))
11510 return 0;
11511
11512 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
11513 if (!nest)
11514 goto nla_put_failure;
11515 for (i = 0; i < req->n_ssids; i++) {
11516 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
11517 goto nla_put_failure;
11518 }
11519 nla_nest_end(msg, nest);
11520
11521 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11522 if (!nest)
11523 goto nla_put_failure;
11524 for (i = 0; i < req->n_channels; i++) {
11525 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11526 goto nla_put_failure;
11527 }
11528 nla_nest_end(msg, nest);
11529
11530 if (req->ie &&
11531 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
11532 goto nla_put_failure;
11533
11534 if (req->flags &&
11535 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
11536 goto nla_put_failure;
11537
11538 return 0;
11539 nla_put_failure:
11540 return -ENOBUFS;
11541}
11542
11543static int nl80211_send_scan_msg(struct sk_buff *msg,
11544 struct cfg80211_registered_device *rdev,
11545 struct wireless_dev *wdev,
11546 u32 portid, u32 seq, int flags,
11547 u32 cmd)
11548{
11549 void *hdr;
11550
11551 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
11552 if (!hdr)
11553 return -1;
11554
11555 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11556 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11557 wdev->netdev->ifindex)) ||
11558 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11559 goto nla_put_failure;
11560
11561
11562 nl80211_add_scan_req(msg, rdev);
11563
11564 genlmsg_end(msg, hdr);
11565 return 0;
11566
11567 nla_put_failure:
11568 genlmsg_cancel(msg, hdr);
11569 return -EMSGSIZE;
11570}
11571
11572static int
11573nl80211_send_sched_scan_msg(struct sk_buff *msg,
11574 struct cfg80211_registered_device *rdev,
11575 struct net_device *netdev,
11576 u32 portid, u32 seq, int flags, u32 cmd)
11577{
11578 void *hdr;
11579
11580 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
11581 if (!hdr)
11582 return -1;
11583
11584 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11585 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11586 goto nla_put_failure;
11587
11588 genlmsg_end(msg, hdr);
11589 return 0;
11590
11591 nla_put_failure:
11592 genlmsg_cancel(msg, hdr);
11593 return -EMSGSIZE;
11594}
11595
11596void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
11597 struct wireless_dev *wdev)
11598{
11599 struct sk_buff *msg;
11600
11601 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11602 if (!msg)
11603 return;
11604
11605 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
11606 NL80211_CMD_TRIGGER_SCAN) < 0) {
11607 nlmsg_free(msg);
11608 return;
11609 }
11610
11611 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11612 NL80211_MCGRP_SCAN, GFP_KERNEL);
11613}
11614
11615struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
11616 struct wireless_dev *wdev, bool aborted)
11617{
11618 struct sk_buff *msg;
11619
11620 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11621 if (!msg)
11622 return NULL;
11623
11624 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
11625 aborted ? NL80211_CMD_SCAN_ABORTED :
11626 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
11627 nlmsg_free(msg);
11628 return NULL;
11629 }
11630
11631 return msg;
11632}
11633
11634void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
11635 struct sk_buff *msg)
11636{
11637 if (!msg)
11638 return;
11639
11640 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11641 NL80211_MCGRP_SCAN, GFP_KERNEL);
11642}
11643
11644void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
11645 struct net_device *netdev)
11646{
11647 struct sk_buff *msg;
11648
11649 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11650 if (!msg)
11651 return;
11652
11653 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
11654 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
11655 nlmsg_free(msg);
11656 return;
11657 }
11658
11659 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11660 NL80211_MCGRP_SCAN, GFP_KERNEL);
11661}
11662
11663void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
11664 struct net_device *netdev, u32 cmd)
11665{
11666 struct sk_buff *msg;
11667
11668 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11669 if (!msg)
11670 return;
11671
11672 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
11673 nlmsg_free(msg);
11674 return;
11675 }
11676
11677 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11678 NL80211_MCGRP_SCAN, GFP_KERNEL);
11679}
11680
11681static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
11682 struct regulatory_request *request)
11683{
11684
11685 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
11686 goto nla_put_failure;
11687
11688 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
11689 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11690 NL80211_REGDOM_TYPE_WORLD))
11691 goto nla_put_failure;
11692 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
11693 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11694 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
11695 goto nla_put_failure;
11696 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
11697 request->intersect) {
11698 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11699 NL80211_REGDOM_TYPE_INTERSECTION))
11700 goto nla_put_failure;
11701 } else {
11702 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11703 NL80211_REGDOM_TYPE_COUNTRY) ||
11704 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
11705 request->alpha2))
11706 goto nla_put_failure;
11707 }
11708
11709 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
11710 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
11711
11712 if (wiphy &&
11713 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
11714 goto nla_put_failure;
11715
11716 if (wiphy &&
11717 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
11718 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
11719 goto nla_put_failure;
11720 }
11721
11722 return true;
11723
11724nla_put_failure:
11725 return false;
11726}
11727
11728
11729
11730
11731
11732void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
11733 struct regulatory_request *request)
11734{
11735 struct sk_buff *msg;
11736 void *hdr;
11737
11738 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11739 if (!msg)
11740 return;
11741
11742 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
11743 if (!hdr) {
11744 nlmsg_free(msg);
11745 return;
11746 }
11747
11748 if (nl80211_reg_change_event_fill(msg, request) == false)
11749 goto nla_put_failure;
11750
11751 genlmsg_end(msg, hdr);
11752
11753 rcu_read_lock();
11754 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
11755 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
11756 rcu_read_unlock();
11757
11758 return;
11759
11760nla_put_failure:
11761 genlmsg_cancel(msg, hdr);
11762 nlmsg_free(msg);
11763}
11764
11765static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
11766 struct net_device *netdev,
11767 const u8 *buf, size_t len,
11768 enum nl80211_commands cmd, gfp_t gfp,
11769 int uapsd_queues)
11770{
11771 struct sk_buff *msg;
11772 void *hdr;
11773
11774 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11775 if (!msg)
11776 return;
11777
11778 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11779 if (!hdr) {
11780 nlmsg_free(msg);
11781 return;
11782 }
11783
11784 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11785 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11786 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
11787 goto nla_put_failure;
11788
11789 if (uapsd_queues >= 0) {
11790 struct nlattr *nla_wmm =
11791 nla_nest_start(msg, NL80211_ATTR_STA_WME);
11792 if (!nla_wmm)
11793 goto nla_put_failure;
11794
11795 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
11796 uapsd_queues))
11797 goto nla_put_failure;
11798
11799 nla_nest_end(msg, nla_wmm);
11800 }
11801
11802 genlmsg_end(msg, hdr);
11803
11804 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11805 NL80211_MCGRP_MLME, gfp);
11806 return;
11807
11808 nla_put_failure:
11809 genlmsg_cancel(msg, hdr);
11810 nlmsg_free(msg);
11811}
11812
11813void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
11814 struct net_device *netdev, const u8 *buf,
11815 size_t len, gfp_t gfp)
11816{
11817 nl80211_send_mlme_event(rdev, netdev, buf, len,
11818 NL80211_CMD_AUTHENTICATE, gfp, -1);
11819}
11820
11821void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
11822 struct net_device *netdev, const u8 *buf,
11823 size_t len, gfp_t gfp, int uapsd_queues)
11824{
11825 nl80211_send_mlme_event(rdev, netdev, buf, len,
11826 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
11827}
11828
11829void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
11830 struct net_device *netdev, const u8 *buf,
11831 size_t len, gfp_t gfp)
11832{
11833 nl80211_send_mlme_event(rdev, netdev, buf, len,
11834 NL80211_CMD_DEAUTHENTICATE, gfp, -1);
11835}
11836
11837void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
11838 struct net_device *netdev, const u8 *buf,
11839 size_t len, gfp_t gfp)
11840{
11841 nl80211_send_mlme_event(rdev, netdev, buf, len,
11842 NL80211_CMD_DISASSOCIATE, gfp, -1);
11843}
11844
11845void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
11846 size_t len)
11847{
11848 struct wireless_dev *wdev = dev->ieee80211_ptr;
11849 struct wiphy *wiphy = wdev->wiphy;
11850 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11851 const struct ieee80211_mgmt *mgmt = (void *)buf;
11852 u32 cmd;
11853
11854 if (WARN_ON(len < 2))
11855 return;
11856
11857 if (ieee80211_is_deauth(mgmt->frame_control))
11858 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
11859 else
11860 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
11861
11862 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
11863 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
11864}
11865EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
11866
11867static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
11868 struct net_device *netdev, int cmd,
11869 const u8 *addr, gfp_t gfp)
11870{
11871 struct sk_buff *msg;
11872 void *hdr;
11873
11874 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11875 if (!msg)
11876 return;
11877
11878 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11879 if (!hdr) {
11880 nlmsg_free(msg);
11881 return;
11882 }
11883
11884 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11885 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11886 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
11887 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
11888 goto nla_put_failure;
11889
11890 genlmsg_end(msg, hdr);
11891
11892 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11893 NL80211_MCGRP_MLME, gfp);
11894 return;
11895
11896 nla_put_failure:
11897 genlmsg_cancel(msg, hdr);
11898 nlmsg_free(msg);
11899}
11900
11901void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
11902 struct net_device *netdev, const u8 *addr,
11903 gfp_t gfp)
11904{
11905 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
11906 addr, gfp);
11907}
11908
11909void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
11910 struct net_device *netdev, const u8 *addr,
11911 gfp_t gfp)
11912{
11913 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
11914 addr, gfp);
11915}
11916
11917void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
11918 struct net_device *netdev, const u8 *bssid,
11919 const u8 *req_ie, size_t req_ie_len,
11920 const u8 *resp_ie, size_t resp_ie_len,
11921 u16 status, gfp_t gfp)
11922{
11923 struct sk_buff *msg;
11924 void *hdr;
11925
11926 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11927 if (!msg)
11928 return;
11929
11930 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
11931 if (!hdr) {
11932 nlmsg_free(msg);
11933 return;
11934 }
11935
11936 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11937 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11938 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
11939 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
11940 (req_ie &&
11941 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
11942 (resp_ie &&
11943 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
11944 goto nla_put_failure;
11945
11946 genlmsg_end(msg, hdr);
11947
11948 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11949 NL80211_MCGRP_MLME, gfp);
11950 return;
11951
11952 nla_put_failure:
11953 genlmsg_cancel(msg, hdr);
11954 nlmsg_free(msg);
11955
11956}
11957
11958void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
11959 struct net_device *netdev, const u8 *bssid,
11960 const u8 *req_ie, size_t req_ie_len,
11961 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
11962{
11963 struct sk_buff *msg;
11964 void *hdr;
11965
11966 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11967 if (!msg)
11968 return;
11969
11970 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
11971 if (!hdr) {
11972 nlmsg_free(msg);
11973 return;
11974 }
11975
11976 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11977 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11978 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
11979 (req_ie &&
11980 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
11981 (resp_ie &&
11982 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
11983 goto nla_put_failure;
11984
11985 genlmsg_end(msg, hdr);
11986
11987 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11988 NL80211_MCGRP_MLME, gfp);
11989 return;
11990
11991 nla_put_failure:
11992 genlmsg_cancel(msg, hdr);
11993 nlmsg_free(msg);
11994
11995}
11996
11997void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
11998 struct net_device *netdev, u16 reason,
11999 const u8 *ie, size_t ie_len, bool from_ap)
12000{
12001 struct sk_buff *msg;
12002 void *hdr;
12003
12004 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12005 if (!msg)
12006 return;
12007
12008 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
12009 if (!hdr) {
12010 nlmsg_free(msg);
12011 return;
12012 }
12013
12014 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12015 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12016 (from_ap && reason &&
12017 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
12018 (from_ap &&
12019 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
12020 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
12021 goto nla_put_failure;
12022
12023 genlmsg_end(msg, hdr);
12024
12025 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12026 NL80211_MCGRP_MLME, GFP_KERNEL);
12027 return;
12028
12029 nla_put_failure:
12030 genlmsg_cancel(msg, hdr);
12031 nlmsg_free(msg);
12032
12033}
12034
12035void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
12036 struct net_device *netdev, const u8 *bssid,
12037 gfp_t gfp)
12038{
12039 struct sk_buff *msg;
12040 void *hdr;
12041
12042 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12043 if (!msg)
12044 return;
12045
12046 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
12047 if (!hdr) {
12048 nlmsg_free(msg);
12049 return;
12050 }
12051
12052 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12053 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12054 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
12055 goto nla_put_failure;
12056
12057 genlmsg_end(msg, hdr);
12058
12059 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12060 NL80211_MCGRP_MLME, gfp);
12061 return;
12062
12063 nla_put_failure:
12064 genlmsg_cancel(msg, hdr);
12065 nlmsg_free(msg);
12066}
12067
12068void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
12069 const u8* ie, u8 ie_len, gfp_t gfp)
12070{
12071 struct wireless_dev *wdev = dev->ieee80211_ptr;
12072 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12073 struct sk_buff *msg;
12074 void *hdr;
12075
12076 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
12077 return;
12078
12079 trace_cfg80211_notify_new_peer_candidate(dev, addr);
12080
12081 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12082 if (!msg)
12083 return;
12084
12085 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
12086 if (!hdr) {
12087 nlmsg_free(msg);
12088 return;
12089 }
12090
12091 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12092 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12093 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
12094 (ie_len && ie &&
12095 nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
12096 goto nla_put_failure;
12097
12098 genlmsg_end(msg, hdr);
12099
12100 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12101 NL80211_MCGRP_MLME, gfp);
12102 return;
12103
12104 nla_put_failure:
12105 genlmsg_cancel(msg, hdr);
12106 nlmsg_free(msg);
12107}
12108EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
12109
12110void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
12111 struct net_device *netdev, const u8 *addr,
12112 enum nl80211_key_type key_type, int key_id,
12113 const u8 *tsc, gfp_t gfp)
12114{
12115 struct sk_buff *msg;
12116 void *hdr;
12117
12118 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12119 if (!msg)
12120 return;
12121
12122 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
12123 if (!hdr) {
12124 nlmsg_free(msg);
12125 return;
12126 }
12127
12128 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12129 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12130 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
12131 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
12132 (key_id != -1 &&
12133 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
12134 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
12135 goto nla_put_failure;
12136
12137 genlmsg_end(msg, hdr);
12138
12139 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12140 NL80211_MCGRP_MLME, gfp);
12141 return;
12142
12143 nla_put_failure:
12144 genlmsg_cancel(msg, hdr);
12145 nlmsg_free(msg);
12146}
12147
12148void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
12149 struct ieee80211_channel *channel_before,
12150 struct ieee80211_channel *channel_after)
12151{
12152 struct sk_buff *msg;
12153 void *hdr;
12154 struct nlattr *nl_freq;
12155
12156 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
12157 if (!msg)
12158 return;
12159
12160 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
12161 if (!hdr) {
12162 nlmsg_free(msg);
12163 return;
12164 }
12165
12166
12167
12168
12169
12170 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
12171 goto nla_put_failure;
12172
12173
12174 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
12175 if (!nl_freq)
12176 goto nla_put_failure;
12177 if (nl80211_msg_put_channel(msg, channel_before, false))
12178 goto nla_put_failure;
12179 nla_nest_end(msg, nl_freq);
12180
12181
12182 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
12183 if (!nl_freq)
12184 goto nla_put_failure;
12185 if (nl80211_msg_put_channel(msg, channel_after, false))
12186 goto nla_put_failure;
12187 nla_nest_end(msg, nl_freq);
12188
12189 genlmsg_end(msg, hdr);
12190
12191 rcu_read_lock();
12192 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
12193 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
12194 rcu_read_unlock();
12195
12196 return;
12197
12198nla_put_failure:
12199 genlmsg_cancel(msg, hdr);
12200 nlmsg_free(msg);
12201}
12202
12203static void nl80211_send_remain_on_chan_event(
12204 int cmd, struct cfg80211_registered_device *rdev,
12205 struct wireless_dev *wdev, u64 cookie,
12206 struct ieee80211_channel *chan,
12207 unsigned int duration, gfp_t gfp)
12208{
12209 struct sk_buff *msg;
12210 void *hdr;
12211
12212 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12213 if (!msg)
12214 return;
12215
12216 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
12217 if (!hdr) {
12218 nlmsg_free(msg);
12219 return;
12220 }
12221
12222 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12223 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12224 wdev->netdev->ifindex)) ||
12225 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12226 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
12227 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
12228 NL80211_CHAN_NO_HT) ||
12229 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
12230 goto nla_put_failure;
12231
12232 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
12233 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
12234 goto nla_put_failure;
12235
12236 genlmsg_end(msg, hdr);
12237
12238 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12239 NL80211_MCGRP_MLME, gfp);
12240 return;
12241
12242 nla_put_failure:
12243 genlmsg_cancel(msg, hdr);
12244 nlmsg_free(msg);
12245}
12246
12247void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
12248 struct ieee80211_channel *chan,
12249 unsigned int duration, gfp_t gfp)
12250{
12251 struct wiphy *wiphy = wdev->wiphy;
12252 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12253
12254 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
12255 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
12256 rdev, wdev, cookie, chan,
12257 duration, gfp);
12258}
12259EXPORT_SYMBOL(cfg80211_ready_on_channel);
12260
12261void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
12262 struct ieee80211_channel *chan,
12263 gfp_t gfp)
12264{
12265 struct wiphy *wiphy = wdev->wiphy;
12266 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12267
12268 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
12269 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
12270 rdev, wdev, cookie, chan, 0, gfp);
12271}
12272EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
12273
12274void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
12275 struct station_info *sinfo, gfp_t gfp)
12276{
12277 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12278 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12279 struct sk_buff *msg;
12280
12281 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
12282
12283 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12284 if (!msg)
12285 return;
12286
12287 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
12288 rdev, dev, mac_addr, sinfo) < 0) {
12289 nlmsg_free(msg);
12290 return;
12291 }
12292
12293 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12294 NL80211_MCGRP_MLME, gfp);
12295}
12296EXPORT_SYMBOL(cfg80211_new_sta);
12297
12298void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
12299 struct station_info *sinfo, gfp_t gfp)
12300{
12301 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12302 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12303 struct sk_buff *msg;
12304 struct station_info empty_sinfo = {};
12305
12306 if (!sinfo)
12307 sinfo = &empty_sinfo;
12308
12309 trace_cfg80211_del_sta(dev, mac_addr);
12310
12311 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12312 if (!msg)
12313 return;
12314
12315 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
12316 rdev, dev, mac_addr, sinfo) < 0) {
12317 nlmsg_free(msg);
12318 return;
12319 }
12320
12321 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12322 NL80211_MCGRP_MLME, gfp);
12323}
12324EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
12325
12326void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
12327 enum nl80211_connect_failed_reason reason,
12328 gfp_t gfp)
12329{
12330 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12331 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12332 struct sk_buff *msg;
12333 void *hdr;
12334
12335 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
12336 if (!msg)
12337 return;
12338
12339 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
12340 if (!hdr) {
12341 nlmsg_free(msg);
12342 return;
12343 }
12344
12345 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12346 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
12347 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
12348 goto nla_put_failure;
12349
12350 genlmsg_end(msg, hdr);
12351
12352 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12353 NL80211_MCGRP_MLME, gfp);
12354 return;
12355
12356 nla_put_failure:
12357 genlmsg_cancel(msg, hdr);
12358 nlmsg_free(msg);
12359}
12360EXPORT_SYMBOL(cfg80211_conn_failed);
12361
12362static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
12363 const u8 *addr, gfp_t gfp)
12364{
12365 struct wireless_dev *wdev = dev->ieee80211_ptr;
12366 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12367 struct sk_buff *msg;
12368 void *hdr;
12369 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
12370
12371 if (!nlportid)
12372 return false;
12373
12374 msg = nlmsg_new(100, gfp);
12375 if (!msg)
12376 return true;
12377
12378 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
12379 if (!hdr) {
12380 nlmsg_free(msg);
12381 return true;
12382 }
12383
12384 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12385 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12386 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
12387 goto nla_put_failure;
12388
12389 genlmsg_end(msg, hdr);
12390 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
12391 return true;
12392
12393 nla_put_failure:
12394 genlmsg_cancel(msg, hdr);
12395 nlmsg_free(msg);
12396 return true;
12397}
12398
12399bool cfg80211_rx_spurious_frame(struct net_device *dev,
12400 const u8 *addr, gfp_t gfp)
12401{
12402 struct wireless_dev *wdev = dev->ieee80211_ptr;
12403 bool ret;
12404
12405 trace_cfg80211_rx_spurious_frame(dev, addr);
12406
12407 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
12408 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
12409 trace_cfg80211_return_bool(false);
12410 return false;
12411 }
12412 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
12413 addr, gfp);
12414 trace_cfg80211_return_bool(ret);
12415 return ret;
12416}
12417EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
12418
12419bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
12420 const u8 *addr, gfp_t gfp)
12421{
12422 struct wireless_dev *wdev = dev->ieee80211_ptr;
12423 bool ret;
12424
12425 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
12426
12427 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
12428 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
12429 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
12430 trace_cfg80211_return_bool(false);
12431 return false;
12432 }
12433 ret = __nl80211_unexpected_frame(dev,
12434 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
12435 addr, gfp);
12436 trace_cfg80211_return_bool(ret);
12437 return ret;
12438}
12439EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
12440
12441int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
12442 struct wireless_dev *wdev, u32 nlportid,
12443 int freq, int sig_dbm,
12444 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
12445{
12446 struct net_device *netdev = wdev->netdev;
12447 struct sk_buff *msg;
12448 void *hdr;
12449
12450 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12451 if (!msg)
12452 return -ENOMEM;
12453
12454 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
12455 if (!hdr) {
12456 nlmsg_free(msg);
12457 return -ENOMEM;
12458 }
12459
12460 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12461 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12462 netdev->ifindex)) ||
12463 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12464 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
12465 (sig_dbm &&
12466 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
12467 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
12468 (flags &&
12469 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
12470 goto nla_put_failure;
12471
12472 genlmsg_end(msg, hdr);
12473
12474 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
12475
12476 nla_put_failure:
12477 genlmsg_cancel(msg, hdr);
12478 nlmsg_free(msg);
12479 return -ENOBUFS;
12480}
12481
12482void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
12483 const u8 *buf, size_t len, bool ack, gfp_t gfp)
12484{
12485 struct wiphy *wiphy = wdev->wiphy;
12486 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12487 struct net_device *netdev = wdev->netdev;
12488 struct sk_buff *msg;
12489 void *hdr;
12490
12491 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
12492
12493 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12494 if (!msg)
12495 return;
12496
12497 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
12498 if (!hdr) {
12499 nlmsg_free(msg);
12500 return;
12501 }
12502
12503 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12504 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12505 netdev->ifindex)) ||
12506 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12507 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
12508 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
12509 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
12510 goto nla_put_failure;
12511
12512 genlmsg_end(msg, hdr);
12513
12514 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12515 NL80211_MCGRP_MLME, gfp);
12516 return;
12517
12518 nla_put_failure:
12519 genlmsg_cancel(msg, hdr);
12520 nlmsg_free(msg);
12521}
12522EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
12523
12524static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
12525 const char *mac, gfp_t gfp)
12526{
12527 struct wireless_dev *wdev = dev->ieee80211_ptr;
12528 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12529 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12530 void **cb;
12531
12532 if (!msg)
12533 return NULL;
12534
12535 cb = (void **)msg->cb;
12536
12537 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
12538 if (!cb[0]) {
12539 nlmsg_free(msg);
12540 return NULL;
12541 }
12542
12543 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12544 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
12545 goto nla_put_failure;
12546
12547 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
12548 goto nla_put_failure;
12549
12550 cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
12551 if (!cb[1])
12552 goto nla_put_failure;
12553
12554 cb[2] = rdev;
12555
12556 return msg;
12557 nla_put_failure:
12558 nlmsg_free(msg);
12559 return NULL;
12560}
12561
12562static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
12563{
12564 void **cb = (void **)msg->cb;
12565 struct cfg80211_registered_device *rdev = cb[2];
12566
12567 nla_nest_end(msg, cb[1]);
12568 genlmsg_end(msg, cb[0]);
12569
12570 memset(msg->cb, 0, sizeof(msg->cb));
12571
12572 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12573 NL80211_MCGRP_MLME, gfp);
12574}
12575
12576void cfg80211_cqm_rssi_notify(struct net_device *dev,
12577 enum nl80211_cqm_rssi_threshold_event rssi_event,
12578 gfp_t gfp)
12579{
12580 struct sk_buff *msg;
12581
12582 trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
12583
12584 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
12585 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
12586 return;
12587
12588 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
12589 if (!msg)
12590 return;
12591
12592 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
12593 rssi_event))
12594 goto nla_put_failure;
12595
12596 cfg80211_send_cqm(msg, gfp);
12597
12598 return;
12599
12600 nla_put_failure:
12601 nlmsg_free(msg);
12602}
12603EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
12604
12605void cfg80211_cqm_txe_notify(struct net_device *dev,
12606 const u8 *peer, u32 num_packets,
12607 u32 rate, u32 intvl, gfp_t gfp)
12608{
12609 struct sk_buff *msg;
12610
12611 msg = cfg80211_prepare_cqm(dev, peer, gfp);
12612 if (!msg)
12613 return;
12614
12615 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
12616 goto nla_put_failure;
12617
12618 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
12619 goto nla_put_failure;
12620
12621 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
12622 goto nla_put_failure;
12623
12624 cfg80211_send_cqm(msg, gfp);
12625 return;
12626
12627 nla_put_failure:
12628 nlmsg_free(msg);
12629}
12630EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
12631
12632void cfg80211_cqm_pktloss_notify(struct net_device *dev,
12633 const u8 *peer, u32 num_packets, gfp_t gfp)
12634{
12635 struct sk_buff *msg;
12636
12637 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
12638
12639 msg = cfg80211_prepare_cqm(dev, peer, gfp);
12640 if (!msg)
12641 return;
12642
12643 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
12644 goto nla_put_failure;
12645
12646 cfg80211_send_cqm(msg, gfp);
12647 return;
12648
12649 nla_put_failure:
12650 nlmsg_free(msg);
12651}
12652EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
12653
12654void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
12655{
12656 struct sk_buff *msg;
12657
12658 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
12659 if (!msg)
12660 return;
12661
12662 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
12663 goto nla_put_failure;
12664
12665 cfg80211_send_cqm(msg, gfp);
12666 return;
12667
12668 nla_put_failure:
12669 nlmsg_free(msg);
12670}
12671EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
12672
12673static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
12674 struct net_device *netdev, const u8 *bssid,
12675 const u8 *replay_ctr, gfp_t gfp)
12676{
12677 struct sk_buff *msg;
12678 struct nlattr *rekey_attr;
12679 void *hdr;
12680
12681 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12682 if (!msg)
12683 return;
12684
12685 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
12686 if (!hdr) {
12687 nlmsg_free(msg);
12688 return;
12689 }
12690
12691 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12692 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12693 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
12694 goto nla_put_failure;
12695
12696 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
12697 if (!rekey_attr)
12698 goto nla_put_failure;
12699
12700 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
12701 NL80211_REPLAY_CTR_LEN, replay_ctr))
12702 goto nla_put_failure;
12703
12704 nla_nest_end(msg, rekey_attr);
12705
12706 genlmsg_end(msg, hdr);
12707
12708 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12709 NL80211_MCGRP_MLME, gfp);
12710 return;
12711
12712 nla_put_failure:
12713 genlmsg_cancel(msg, hdr);
12714 nlmsg_free(msg);
12715}
12716
12717void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
12718 const u8 *replay_ctr, gfp_t gfp)
12719{
12720 struct wireless_dev *wdev = dev->ieee80211_ptr;
12721 struct wiphy *wiphy = wdev->wiphy;
12722 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12723
12724 trace_cfg80211_gtk_rekey_notify(dev, bssid);
12725 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
12726}
12727EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
12728
12729static void
12730nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
12731 struct net_device *netdev, int index,
12732 const u8 *bssid, bool preauth, gfp_t gfp)
12733{
12734 struct sk_buff *msg;
12735 struct nlattr *attr;
12736 void *hdr;
12737
12738 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12739 if (!msg)
12740 return;
12741
12742 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
12743 if (!hdr) {
12744 nlmsg_free(msg);
12745 return;
12746 }
12747
12748 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12749 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
12750 goto nla_put_failure;
12751
12752 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
12753 if (!attr)
12754 goto nla_put_failure;
12755
12756 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
12757 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
12758 (preauth &&
12759 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
12760 goto nla_put_failure;
12761
12762 nla_nest_end(msg, attr);
12763
12764 genlmsg_end(msg, hdr);
12765
12766 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12767 NL80211_MCGRP_MLME, gfp);
12768 return;
12769
12770 nla_put_failure:
12771 genlmsg_cancel(msg, hdr);
12772 nlmsg_free(msg);
12773}
12774
12775void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
12776 const u8 *bssid, bool preauth, gfp_t gfp)
12777{
12778 struct wireless_dev *wdev = dev->ieee80211_ptr;
12779 struct wiphy *wiphy = wdev->wiphy;
12780 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12781
12782 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
12783 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
12784}
12785EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
12786
12787static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
12788 struct net_device *netdev,
12789 struct cfg80211_chan_def *chandef,
12790 gfp_t gfp,
12791 enum nl80211_commands notif,
12792 u8 count)
12793{
12794 struct sk_buff *msg;
12795 void *hdr;
12796
12797 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12798 if (!msg)
12799 return;
12800
12801 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
12802 if (!hdr) {
12803 nlmsg_free(msg);
12804 return;
12805 }
12806
12807 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
12808 goto nla_put_failure;
12809
12810 if (nl80211_send_chandef(msg, chandef))
12811 goto nla_put_failure;
12812
12813 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
12814 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
12815 goto nla_put_failure;
12816
12817 genlmsg_end(msg, hdr);
12818
12819 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12820 NL80211_MCGRP_MLME, gfp);
12821 return;
12822
12823 nla_put_failure:
12824 genlmsg_cancel(msg, hdr);
12825 nlmsg_free(msg);
12826}
12827
12828void cfg80211_ch_switch_notify(struct net_device *dev,
12829 struct cfg80211_chan_def *chandef)
12830{
12831 struct wireless_dev *wdev = dev->ieee80211_ptr;
12832 struct wiphy *wiphy = wdev->wiphy;
12833 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12834
12835 ASSERT_WDEV_LOCK(wdev);
12836
12837 trace_cfg80211_ch_switch_notify(dev, chandef);
12838
12839 wdev->chandef = *chandef;
12840 wdev->preset_chandef = *chandef;
12841 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
12842 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
12843}
12844EXPORT_SYMBOL(cfg80211_ch_switch_notify);
12845
12846void cfg80211_ch_switch_started_notify(struct net_device *dev,
12847 struct cfg80211_chan_def *chandef,
12848 u8 count)
12849{
12850 struct wireless_dev *wdev = dev->ieee80211_ptr;
12851 struct wiphy *wiphy = wdev->wiphy;
12852 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12853
12854 trace_cfg80211_ch_switch_started_notify(dev, chandef);
12855
12856 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
12857 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
12858}
12859EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
12860
12861void
12862nl80211_radar_notify(struct cfg80211_registered_device *rdev,
12863 const struct cfg80211_chan_def *chandef,
12864 enum nl80211_radar_event event,
12865 struct net_device *netdev, gfp_t gfp)
12866{
12867 struct sk_buff *msg;
12868 void *hdr;
12869
12870 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12871 if (!msg)
12872 return;
12873
12874 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
12875 if (!hdr) {
12876 nlmsg_free(msg);
12877 return;
12878 }
12879
12880 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
12881 goto nla_put_failure;
12882
12883
12884 if (netdev) {
12885 struct wireless_dev *wdev = netdev->ieee80211_ptr;
12886
12887 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12888 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
12889 goto nla_put_failure;
12890 }
12891
12892 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
12893 goto nla_put_failure;
12894
12895 if (nl80211_send_chandef(msg, chandef))
12896 goto nla_put_failure;
12897
12898 genlmsg_end(msg, hdr);
12899
12900 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12901 NL80211_MCGRP_MLME, gfp);
12902 return;
12903
12904 nla_put_failure:
12905 genlmsg_cancel(msg, hdr);
12906 nlmsg_free(msg);
12907}
12908
12909void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
12910 u64 cookie, bool acked, gfp_t gfp)
12911{
12912 struct wireless_dev *wdev = dev->ieee80211_ptr;
12913 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12914 struct sk_buff *msg;
12915 void *hdr;
12916
12917 trace_cfg80211_probe_status(dev, addr, cookie, acked);
12918
12919 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12920
12921 if (!msg)
12922 return;
12923
12924 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
12925 if (!hdr) {
12926 nlmsg_free(msg);
12927 return;
12928 }
12929
12930 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12931 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12932 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
12933 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
12934 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
12935 goto nla_put_failure;
12936
12937 genlmsg_end(msg, hdr);
12938
12939 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12940 NL80211_MCGRP_MLME, gfp);
12941 return;
12942
12943 nla_put_failure:
12944 genlmsg_cancel(msg, hdr);
12945 nlmsg_free(msg);
12946}
12947EXPORT_SYMBOL(cfg80211_probe_status);
12948
12949void cfg80211_report_obss_beacon(struct wiphy *wiphy,
12950 const u8 *frame, size_t len,
12951 int freq, int sig_dbm)
12952{
12953 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12954 struct sk_buff *msg;
12955 void *hdr;
12956 struct cfg80211_beacon_registration *reg;
12957
12958 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
12959
12960 spin_lock_bh(&rdev->beacon_registrations_lock);
12961 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
12962 msg = nlmsg_new(len + 100, GFP_ATOMIC);
12963 if (!msg) {
12964 spin_unlock_bh(&rdev->beacon_registrations_lock);
12965 return;
12966 }
12967
12968 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
12969 if (!hdr)
12970 goto nla_put_failure;
12971
12972 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12973 (freq &&
12974 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
12975 (sig_dbm &&
12976 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
12977 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
12978 goto nla_put_failure;
12979
12980 genlmsg_end(msg, hdr);
12981
12982 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
12983 }
12984 spin_unlock_bh(&rdev->beacon_registrations_lock);
12985 return;
12986
12987 nla_put_failure:
12988 spin_unlock_bh(&rdev->beacon_registrations_lock);
12989 if (hdr)
12990 genlmsg_cancel(msg, hdr);
12991 nlmsg_free(msg);
12992}
12993EXPORT_SYMBOL(cfg80211_report_obss_beacon);
12994
12995#ifdef CONFIG_PM
12996static int cfg80211_net_detect_results(struct sk_buff *msg,
12997 struct cfg80211_wowlan_wakeup *wakeup)
12998{
12999 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
13000 struct nlattr *nl_results, *nl_match, *nl_freqs;
13001 int i, j;
13002
13003 nl_results = nla_nest_start(
13004 msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
13005 if (!nl_results)
13006 return -EMSGSIZE;
13007
13008 for (i = 0; i < nd->n_matches; i++) {
13009 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
13010
13011 nl_match = nla_nest_start(msg, i);
13012 if (!nl_match)
13013 break;
13014
13015
13016
13017
13018
13019
13020
13021
13022 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
13023 match->ssid.ssid)) {
13024 nla_nest_cancel(msg, nl_match);
13025 goto out;
13026 }
13027
13028 if (match->n_channels) {
13029 nl_freqs = nla_nest_start(
13030 msg, NL80211_ATTR_SCAN_FREQUENCIES);
13031 if (!nl_freqs) {
13032 nla_nest_cancel(msg, nl_match);
13033 goto out;
13034 }
13035
13036 for (j = 0; j < match->n_channels; j++) {
13037 if (nla_put_u32(msg, j, match->channels[j])) {
13038 nla_nest_cancel(msg, nl_freqs);
13039 nla_nest_cancel(msg, nl_match);
13040 goto out;
13041 }
13042 }
13043
13044 nla_nest_end(msg, nl_freqs);
13045 }
13046
13047 nla_nest_end(msg, nl_match);
13048 }
13049
13050out:
13051 nla_nest_end(msg, nl_results);
13052 return 0;
13053}
13054
13055void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
13056 struct cfg80211_wowlan_wakeup *wakeup,
13057 gfp_t gfp)
13058{
13059 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
13060 struct sk_buff *msg;
13061 void *hdr;
13062 int size = 200;
13063
13064 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
13065
13066 if (wakeup)
13067 size += wakeup->packet_present_len;
13068
13069 msg = nlmsg_new(size, gfp);
13070 if (!msg)
13071 return;
13072
13073 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
13074 if (!hdr)
13075 goto free_msg;
13076
13077 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13078 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
13079 goto free_msg;
13080
13081 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13082 wdev->netdev->ifindex))
13083 goto free_msg;
13084
13085 if (wakeup) {
13086 struct nlattr *reasons;
13087
13088 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
13089 if (!reasons)
13090 goto free_msg;
13091
13092 if (wakeup->disconnect &&
13093 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
13094 goto free_msg;
13095 if (wakeup->magic_pkt &&
13096 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
13097 goto free_msg;
13098 if (wakeup->gtk_rekey_failure &&
13099 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
13100 goto free_msg;
13101 if (wakeup->eap_identity_req &&
13102 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
13103 goto free_msg;
13104 if (wakeup->four_way_handshake &&
13105 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
13106 goto free_msg;
13107 if (wakeup->rfkill_release &&
13108 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
13109 goto free_msg;
13110
13111 if (wakeup->pattern_idx >= 0 &&
13112 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
13113 wakeup->pattern_idx))
13114 goto free_msg;
13115
13116 if (wakeup->tcp_match &&
13117 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
13118 goto free_msg;
13119
13120 if (wakeup->tcp_connlost &&
13121 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
13122 goto free_msg;
13123
13124 if (wakeup->tcp_nomoretokens &&
13125 nla_put_flag(msg,
13126 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
13127 goto free_msg;
13128
13129 if (wakeup->packet) {
13130 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
13131 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
13132
13133 if (!wakeup->packet_80211) {
13134 pkt_attr =
13135 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
13136 len_attr =
13137 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
13138 }
13139
13140 if (wakeup->packet_len &&
13141 nla_put_u32(msg, len_attr, wakeup->packet_len))
13142 goto free_msg;
13143
13144 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
13145 wakeup->packet))
13146 goto free_msg;
13147 }
13148
13149 if (wakeup->net_detect &&
13150 cfg80211_net_detect_results(msg, wakeup))
13151 goto free_msg;
13152
13153 nla_nest_end(msg, reasons);
13154 }
13155
13156 genlmsg_end(msg, hdr);
13157
13158 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13159 NL80211_MCGRP_MLME, gfp);
13160 return;
13161
13162 free_msg:
13163 nlmsg_free(msg);
13164}
13165EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
13166#endif
13167
13168void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
13169 enum nl80211_tdls_operation oper,
13170 u16 reason_code, gfp_t gfp)
13171{
13172 struct wireless_dev *wdev = dev->ieee80211_ptr;
13173 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
13174 struct sk_buff *msg;
13175 void *hdr;
13176
13177 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
13178 reason_code);
13179
13180 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13181 if (!msg)
13182 return;
13183
13184 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
13185 if (!hdr) {
13186 nlmsg_free(msg);
13187 return;
13188 }
13189
13190 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13191 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
13192 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
13193 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
13194 (reason_code > 0 &&
13195 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
13196 goto nla_put_failure;
13197
13198 genlmsg_end(msg, hdr);
13199
13200 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13201 NL80211_MCGRP_MLME, gfp);
13202 return;
13203
13204 nla_put_failure:
13205 genlmsg_cancel(msg, hdr);
13206 nlmsg_free(msg);
13207}
13208EXPORT_SYMBOL(cfg80211_tdls_oper_request);
13209
13210static int nl80211_netlink_notify(struct notifier_block * nb,
13211 unsigned long state,
13212 void *_notify)
13213{
13214 struct netlink_notify *notify = _notify;
13215 struct cfg80211_registered_device *rdev;
13216 struct wireless_dev *wdev;
13217 struct cfg80211_beacon_registration *reg, *tmp;
13218
13219 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
13220 return NOTIFY_DONE;
13221
13222 rcu_read_lock();
13223
13224 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
13225 bool schedule_destroy_work = false;
13226 bool schedule_scan_stop = false;
13227 struct cfg80211_sched_scan_request *sched_scan_req =
13228 rcu_dereference(rdev->sched_scan_req);
13229
13230 if (sched_scan_req && notify->portid &&
13231 sched_scan_req->owner_nlportid == notify->portid)
13232 schedule_scan_stop = true;
13233
13234 list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) {
13235 cfg80211_mlme_unregister_socket(wdev, notify->portid);
13236
13237 if (wdev->owner_nlportid == notify->portid)
13238 schedule_destroy_work = true;
13239 }
13240
13241 spin_lock_bh(&rdev->beacon_registrations_lock);
13242 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
13243 list) {
13244 if (reg->nlportid == notify->portid) {
13245 list_del(®->list);
13246 kfree(reg);
13247 break;
13248 }
13249 }
13250 spin_unlock_bh(&rdev->beacon_registrations_lock);
13251
13252 if (schedule_destroy_work) {
13253 struct cfg80211_iface_destroy *destroy;
13254
13255 destroy = kzalloc(sizeof(*destroy), GFP_ATOMIC);
13256 if (destroy) {
13257 destroy->nlportid = notify->portid;
13258 spin_lock(&rdev->destroy_list_lock);
13259 list_add(&destroy->list, &rdev->destroy_list);
13260 spin_unlock(&rdev->destroy_list_lock);
13261 schedule_work(&rdev->destroy_work);
13262 }
13263 } else if (schedule_scan_stop) {
13264 sched_scan_req->owner_nlportid = 0;
13265
13266 if (rdev->ops->sched_scan_stop &&
13267 rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
13268 schedule_work(&rdev->sched_scan_stop_wk);
13269 }
13270 }
13271
13272 rcu_read_unlock();
13273
13274
13275
13276
13277
13278 regulatory_netlink_notify(notify->portid);
13279 return NOTIFY_OK;
13280}
13281
13282static struct notifier_block nl80211_netlink_notifier = {
13283 .notifier_call = nl80211_netlink_notify,
13284};
13285
13286void cfg80211_ft_event(struct net_device *netdev,
13287 struct cfg80211_ft_event_params *ft_event)
13288{
13289 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
13290 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13291 struct sk_buff *msg;
13292 void *hdr;
13293
13294 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
13295
13296 if (!ft_event->target_ap)
13297 return;
13298
13299 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13300 if (!msg)
13301 return;
13302
13303 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
13304 if (!hdr)
13305 goto out;
13306
13307 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13308 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13309 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
13310 goto out;
13311
13312 if (ft_event->ies &&
13313 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
13314 goto out;
13315 if (ft_event->ric_ies &&
13316 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
13317 ft_event->ric_ies))
13318 goto out;
13319
13320 genlmsg_end(msg, hdr);
13321
13322 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13323 NL80211_MCGRP_MLME, GFP_KERNEL);
13324 return;
13325 out:
13326 nlmsg_free(msg);
13327}
13328EXPORT_SYMBOL(cfg80211_ft_event);
13329
13330void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
13331{
13332 struct cfg80211_registered_device *rdev;
13333 struct sk_buff *msg;
13334 void *hdr;
13335 u32 nlportid;
13336
13337 rdev = wiphy_to_rdev(wdev->wiphy);
13338 if (!rdev->crit_proto_nlportid)
13339 return;
13340
13341 nlportid = rdev->crit_proto_nlportid;
13342 rdev->crit_proto_nlportid = 0;
13343
13344 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13345 if (!msg)
13346 return;
13347
13348 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
13349 if (!hdr)
13350 goto nla_put_failure;
13351
13352 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13353 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
13354 goto nla_put_failure;
13355
13356 genlmsg_end(msg, hdr);
13357
13358 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
13359 return;
13360
13361 nla_put_failure:
13362 if (hdr)
13363 genlmsg_cancel(msg, hdr);
13364 nlmsg_free(msg);
13365
13366}
13367EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
13368
13369void nl80211_send_ap_stopped(struct wireless_dev *wdev)
13370{
13371 struct wiphy *wiphy = wdev->wiphy;
13372 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13373 struct sk_buff *msg;
13374 void *hdr;
13375
13376 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13377 if (!msg)
13378 return;
13379
13380 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
13381 if (!hdr)
13382 goto out;
13383
13384 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13385 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
13386 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
13387 goto out;
13388
13389 genlmsg_end(msg, hdr);
13390
13391 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
13392 NL80211_MCGRP_MLME, GFP_KERNEL);
13393 return;
13394 out:
13395 nlmsg_free(msg);
13396}
13397
13398
13399
13400int nl80211_init(void)
13401{
13402 int err;
13403
13404 err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
13405 nl80211_mcgrps);
13406 if (err)
13407 return err;
13408
13409 err = netlink_register_notifier(&nl80211_netlink_notifier);
13410 if (err)
13411 goto err_out;
13412
13413 return 0;
13414 err_out:
13415 genl_unregister_family(&nl80211_fam);
13416 return err;
13417}
13418
13419void nl80211_exit(void)
13420{
13421 netlink_unregister_notifier(&nl80211_netlink_notifier);
13422 genl_unregister_family(&nl80211_fam);
13423}
13424
