1
2
3
4
5
6
7
8
9#include <linux/if.h>
10#include <linux/module.h>
11#include <linux/err.h>
12#include <linux/slab.h>
13#include <linux/list.h>
14#include <linux/if_ether.h>
15#include <linux/ieee80211.h>
16#include <linux/nl80211.h>
17#include <linux/rtnetlink.h>
18#include <linux/netlink.h>
19#include <linux/etherdevice.h>
20#include <net/net_namespace.h>
21#include <net/genetlink.h>
22#include <net/cfg80211.h>
23#include <net/sock.h>
24#include <net/inet_connection_sock.h>
25#include "core.h"
26#include "nl80211.h"
27#include "reg.h"
28#include "rdev-ops.h"
29
30static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
31 struct genl_info *info,
32 struct cfg80211_crypto_settings *settings,
33 int cipher_limit);
34
35
36static struct genl_family nl80211_fam;
37
38
39enum nl80211_multicast_groups {
40 NL80211_MCGRP_CONFIG,
41 NL80211_MCGRP_SCAN,
42 NL80211_MCGRP_REGULATORY,
43 NL80211_MCGRP_MLME,
44 NL80211_MCGRP_VENDOR,
45 NL80211_MCGRP_NAN,
46 NL80211_MCGRP_TESTMODE
47};
48
49static const struct genl_multicast_group nl80211_mcgrps[] = {
50 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
51 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
52 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
53 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
54 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
55 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
56#ifdef CONFIG_NL80211_TESTMODE
57 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
58#endif
59};
60
61
62static struct wireless_dev *
63__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
64{
65 struct cfg80211_registered_device *rdev;
66 struct wireless_dev *result = NULL;
67 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
68 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
69 u64 wdev_id;
70 int wiphy_idx = -1;
71 int ifidx = -1;
72
73 ASSERT_RTNL();
74
75 if (!have_ifidx && !have_wdev_id)
76 return ERR_PTR(-EINVAL);
77
78 if (have_ifidx)
79 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
80 if (have_wdev_id) {
81 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
82 wiphy_idx = wdev_id >> 32;
83 }
84
85 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
86 struct wireless_dev *wdev;
87
88 if (wiphy_net(&rdev->wiphy) != netns)
89 continue;
90
91 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
92 continue;
93
94 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
95 if (have_ifidx && wdev->netdev &&
96 wdev->netdev->ifindex == ifidx) {
97 result = wdev;
98 break;
99 }
100 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
101 result = wdev;
102 break;
103 }
104 }
105
106 if (result)
107 break;
108 }
109
110 if (result)
111 return result;
112 return ERR_PTR(-ENODEV);
113}
114
115static struct cfg80211_registered_device *
116__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
117{
118 struct cfg80211_registered_device *rdev = NULL, *tmp;
119 struct net_device *netdev;
120
121 ASSERT_RTNL();
122
123 if (!attrs[NL80211_ATTR_WIPHY] &&
124 !attrs[NL80211_ATTR_IFINDEX] &&
125 !attrs[NL80211_ATTR_WDEV])
126 return ERR_PTR(-EINVAL);
127
128 if (attrs[NL80211_ATTR_WIPHY])
129 rdev = cfg80211_rdev_by_wiphy_idx(
130 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
131
132 if (attrs[NL80211_ATTR_WDEV]) {
133 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
134 struct wireless_dev *wdev;
135 bool found = false;
136
137 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
138 if (tmp) {
139
140 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
141 if (wdev->identifier != (u32)wdev_id)
142 continue;
143 found = true;
144 break;
145 }
146
147 if (!found)
148 tmp = NULL;
149
150 if (rdev && tmp != rdev)
151 return ERR_PTR(-EINVAL);
152 rdev = tmp;
153 }
154 }
155
156 if (attrs[NL80211_ATTR_IFINDEX]) {
157 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
158
159 netdev = __dev_get_by_index(netns, ifindex);
160 if (netdev) {
161 if (netdev->ieee80211_ptr)
162 tmp = wiphy_to_rdev(
163 netdev->ieee80211_ptr->wiphy);
164 else
165 tmp = NULL;
166
167
168 if (!tmp)
169 return ERR_PTR(-EINVAL);
170
171
172 if (rdev && tmp != rdev)
173 return ERR_PTR(-EINVAL);
174
175 rdev = tmp;
176 }
177 }
178
179 if (!rdev)
180 return ERR_PTR(-ENODEV);
181
182 if (netns != wiphy_net(&rdev->wiphy))
183 return ERR_PTR(-ENODEV);
184
185 return rdev;
186}
187
188
189
190
191
192
193
194
195static struct cfg80211_registered_device *
196cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
197{
198 return __cfg80211_rdev_from_attrs(netns, info->attrs);
199}
200
201
202static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
203 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
204 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
205 .len = 20-1 },
206 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
207
208 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
209 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
210 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
211 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
212 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
213
214 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
215 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
216 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
217 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
218 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
219 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
220
221 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
222 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
223 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
224
225 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
226 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
227
228 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
229 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
230 .len = WLAN_MAX_KEY_LEN },
231 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
232 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
233 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
234 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
235 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
236
237 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
238 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
239 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
240 .len = IEEE80211_MAX_DATA_LEN },
241 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
242 .len = IEEE80211_MAX_DATA_LEN },
243 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
244 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
245 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
246 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
247 .len = NL80211_MAX_SUPP_RATES },
248 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
249 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
250 [NL80211_ATTR_MNTR_FLAGS] = { },
251 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
252 .len = IEEE80211_MAX_MESH_ID_LEN },
253 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
254
255 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
256 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
257
258 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
259 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
260 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
261 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
262 .len = NL80211_MAX_SUPP_RATES },
263 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
264
265 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
266 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
267
268 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
269
270 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
271 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
272 .len = IEEE80211_MAX_DATA_LEN },
273 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
274 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
275
276 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
277 .len = IEEE80211_MAX_SSID_LEN },
278 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
279 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
280 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
281 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
282 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
283 [NL80211_ATTR_STA_FLAGS2] = {
284 .len = sizeof(struct nl80211_sta_flag_update),
285 },
286 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
287 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
288 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
289 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
290 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
291 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
292 [NL80211_ATTR_PID] = { .type = NLA_U32 },
293 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
294 [NL80211_ATTR_PMKID] = { .len = WLAN_PMKID_LEN },
295 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
296 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
297 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
298 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
299 .len = IEEE80211_MAX_DATA_LEN },
300 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
301 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
302 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
303 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
304 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
305 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
306 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
307 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
308 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
309 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
310 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
311 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
312 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
313 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
314 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
315 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
316 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
317 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
318 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
319 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
320 .len = IEEE80211_MAX_DATA_LEN },
321 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
322 .len = IEEE80211_MAX_DATA_LEN },
323 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
324 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
325 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
326 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
327 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
328 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
329 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
330 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
331 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
332 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
333 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
334 .len = IEEE80211_MAX_DATA_LEN },
335 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
336 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
337 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
338 .len = NL80211_HT_CAPABILITY_LEN
339 },
340 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
341 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
342 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
343 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
344 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
345 [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
346 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
347 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
348 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
349 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
350 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = {. type = NLA_U32 },
351 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
352 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
353 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
354 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
355 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
356 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
357 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
358 .len = NL80211_VHT_CAPABILITY_LEN,
359 },
360 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
361 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
362 .len = IEEE80211_MAX_DATA_LEN },
363 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
364 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
365 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
366 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
367 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
368 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
369 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
370 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
371 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
372 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
373 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
374 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
375 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
376 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
377 .len = IEEE80211_QOS_MAP_LEN_MAX },
378 [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
379 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
380 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
381 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
382 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
383 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
384 [NL80211_ATTR_TSID] = { .type = NLA_U8 },
385 [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
386 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
387 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
388 [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
389 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
390 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
391 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
392 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
393 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
394 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
395 [NL80211_ATTR_STA_SUPPORT_P2P_PS] = { .type = NLA_U8 },
396 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
397 .len = VHT_MUMIMO_GROUPS_DATA_LEN
398 },
399 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
400 [NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 },
401 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
402 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
403 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
404 .len = FILS_MAX_KEK_LEN },
405 [NL80211_ATTR_FILS_NONCES] = { .len = 2 * FILS_NONCE_LEN },
406 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
407 [NL80211_ATTR_BSSID] = { .len = ETH_ALEN },
408 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
409 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
410 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
411 },
412 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
413 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
414 .len = FILS_ERP_MAX_USERNAME_LEN },
415 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
416 .len = FILS_ERP_MAX_REALM_LEN },
417 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
418 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
419 .len = FILS_ERP_MAX_RRK_LEN },
420 [NL80211_ATTR_FILS_CACHE_ID] = { .len = 2 },
421 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
422 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
423};
424
425
426static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
427 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
428 [NL80211_KEY_IDX] = { .type = NLA_U8 },
429 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
430 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
431 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
432 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
433 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
434 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
435};
436
437
438static const struct nla_policy
439nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
440 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
441 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
442};
443
444#ifdef CONFIG_PM
445
446static const struct nla_policy
447nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
448 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
449 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
450 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
451 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
452 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
453 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
454 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
455 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
456 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
457 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
458};
459
460static const struct nla_policy
461nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
462 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
463 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
464 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
465 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
466 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
467 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
468 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
469 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
470 },
471 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
472 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
473 },
474 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
475 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
476 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
477};
478#endif
479
480
481static const struct nla_policy
482nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
483 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
484 [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
485 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
486};
487
488
489static const struct nla_policy
490nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
491 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
492 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
493 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
494};
495
496static const struct nla_policy
497nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
498 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
499 .len = IEEE80211_MAX_SSID_LEN },
500 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = { .len = ETH_ALEN },
501 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
502};
503
504static const struct nla_policy
505nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
506 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
507 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
508};
509
510static const struct nla_policy
511nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
512 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
513 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
514 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
515 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
516 },
517};
518
519
520static const struct nla_policy
521nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
522 [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
523 [NL80211_NAN_FUNC_SERVICE_ID] = {
524 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
525 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
526 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
527 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
528 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
529 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
530 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = { .len = ETH_ALEN },
531 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
532 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
533 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
534 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
535 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
536 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
537 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
538 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
539 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
540};
541
542
543static const struct nla_policy
544nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
545 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
546 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
547 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
548 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
549 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
550};
551
552
553static const struct nla_policy
554nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
555 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
556 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
557 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
558};
559
560static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
561 struct netlink_callback *cb,
562 struct cfg80211_registered_device **rdev,
563 struct wireless_dev **wdev)
564{
565 int err;
566
567 if (!cb->args[0]) {
568 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
569 genl_family_attrbuf(&nl80211_fam),
570 nl80211_fam.maxattr, nl80211_policy, NULL);
571 if (err)
572 return err;
573
574 *wdev = __cfg80211_wdev_from_attrs(
575 sock_net(skb->sk),
576 genl_family_attrbuf(&nl80211_fam));
577 if (IS_ERR(*wdev))
578 return PTR_ERR(*wdev);
579 *rdev = wiphy_to_rdev((*wdev)->wiphy);
580
581 cb->args[0] = (*rdev)->wiphy_idx + 1;
582 cb->args[1] = (*wdev)->identifier;
583 } else {
584
585 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
586 struct wireless_dev *tmp;
587
588 if (!wiphy)
589 return -ENODEV;
590 *rdev = wiphy_to_rdev(wiphy);
591 *wdev = NULL;
592
593 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
594 if (tmp->identifier == cb->args[1]) {
595 *wdev = tmp;
596 break;
597 }
598 }
599
600 if (!*wdev)
601 return -ENODEV;
602 }
603
604 return 0;
605}
606
607
608static bool is_valid_ie_attr(const struct nlattr *attr)
609{
610 const u8 *pos;
611 int len;
612
613 if (!attr)
614 return true;
615
616 pos = nla_data(attr);
617 len = nla_len(attr);
618
619 while (len) {
620 u8 elemlen;
621
622 if (len < 2)
623 return false;
624 len -= 2;
625
626 elemlen = pos[1];
627 if (elemlen > len)
628 return false;
629
630 len -= elemlen;
631 pos += 2 + elemlen;
632 }
633
634 return true;
635}
636
637
638static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
639 int flags, u8 cmd)
640{
641
642 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
643}
644
645static int nl80211_msg_put_channel(struct sk_buff *msg,
646 struct ieee80211_channel *chan,
647 bool large)
648{
649
650
651
652 if (!large && chan->flags &
653 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
654 return 0;
655
656 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
657 chan->center_freq))
658 goto nla_put_failure;
659
660 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
661 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
662 goto nla_put_failure;
663 if (chan->flags & IEEE80211_CHAN_NO_IR) {
664 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
665 goto nla_put_failure;
666 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
667 goto nla_put_failure;
668 }
669 if (chan->flags & IEEE80211_CHAN_RADAR) {
670 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
671 goto nla_put_failure;
672 if (large) {
673 u32 time;
674
675 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
676
677 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
678 chan->dfs_state))
679 goto nla_put_failure;
680 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
681 time))
682 goto nla_put_failure;
683 if (nla_put_u32(msg,
684 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
685 chan->dfs_cac_ms))
686 goto nla_put_failure;
687 }
688 }
689
690 if (large) {
691 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
692 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
693 goto nla_put_failure;
694 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
695 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
696 goto nla_put_failure;
697 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
698 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
699 goto nla_put_failure;
700 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
701 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
702 goto nla_put_failure;
703 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
704 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
705 goto nla_put_failure;
706 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
707 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
708 goto nla_put_failure;
709 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
710 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
711 goto nla_put_failure;
712 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
713 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
714 goto nla_put_failure;
715 }
716
717 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
718 DBM_TO_MBM(chan->max_power)))
719 goto nla_put_failure;
720
721 return 0;
722
723 nla_put_failure:
724 return -ENOBUFS;
725}
726
727
728
729struct key_parse {
730 struct key_params p;
731 int idx;
732 int type;
733 bool def, defmgmt;
734 bool def_uni, def_multi;
735};
736
737static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
738{
739 struct nlattr *tb[NL80211_KEY_MAX + 1];
740 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
741 nl80211_key_policy, NULL);
742 if (err)
743 return err;
744
745 k->def = !!tb[NL80211_KEY_DEFAULT];
746 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
747
748 if (k->def) {
749 k->def_uni = true;
750 k->def_multi = true;
751 }
752 if (k->defmgmt)
753 k->def_multi = true;
754
755 if (tb[NL80211_KEY_IDX])
756 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
757
758 if (tb[NL80211_KEY_DATA]) {
759 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
760 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
761 }
762
763 if (tb[NL80211_KEY_SEQ]) {
764 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
765 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
766 }
767
768 if (tb[NL80211_KEY_CIPHER])
769 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
770
771 if (tb[NL80211_KEY_TYPE]) {
772 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
773 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
774 return -EINVAL;
775 }
776
777 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
778 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
779
780 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
781 tb[NL80211_KEY_DEFAULT_TYPES],
782 nl80211_key_default_policy, NULL);
783 if (err)
784 return err;
785
786 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
787 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
788 }
789
790 return 0;
791}
792
793static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
794{
795 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
796 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
797 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
798 }
799
800 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
801 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
802 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
803 }
804
805 if (info->attrs[NL80211_ATTR_KEY_IDX])
806 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
807
808 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
809 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
810
811 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
812 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
813
814 if (k->def) {
815 k->def_uni = true;
816 k->def_multi = true;
817 }
818 if (k->defmgmt)
819 k->def_multi = true;
820
821 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
822 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
823 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
824 return -EINVAL;
825 }
826
827 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
828 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
829 int err = nla_parse_nested(kdt,
830 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
831 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
832 nl80211_key_default_policy,
833 info->extack);
834 if (err)
835 return err;
836
837 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
838 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
839 }
840
841 return 0;
842}
843
844static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
845{
846 int err;
847
848 memset(k, 0, sizeof(*k));
849 k->idx = -1;
850 k->type = -1;
851
852 if (info->attrs[NL80211_ATTR_KEY])
853 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
854 else
855 err = nl80211_parse_key_old(info, k);
856
857 if (err)
858 return err;
859
860 if (k->def && k->defmgmt)
861 return -EINVAL;
862
863 if (k->defmgmt) {
864 if (k->def_uni || !k->def_multi)
865 return -EINVAL;
866 }
867
868 if (k->idx != -1) {
869 if (k->defmgmt) {
870 if (k->idx < 4 || k->idx > 5)
871 return -EINVAL;
872 } else if (k->def) {
873 if (k->idx < 0 || k->idx > 3)
874 return -EINVAL;
875 } else {
876 if (k->idx < 0 || k->idx > 5)
877 return -EINVAL;
878 }
879 }
880
881 return 0;
882}
883
884static struct cfg80211_cached_keys *
885nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
886 struct nlattr *keys, bool *no_ht)
887{
888 struct key_parse parse;
889 struct nlattr *key;
890 struct cfg80211_cached_keys *result;
891 int rem, err, def = 0;
892 bool have_key = false;
893
894 nla_for_each_nested(key, keys, rem) {
895 have_key = true;
896 break;
897 }
898
899 if (!have_key)
900 return NULL;
901
902 result = kzalloc(sizeof(*result), GFP_KERNEL);
903 if (!result)
904 return ERR_PTR(-ENOMEM);
905
906 result->def = -1;
907
908 nla_for_each_nested(key, keys, rem) {
909 memset(&parse, 0, sizeof(parse));
910 parse.idx = -1;
911
912 err = nl80211_parse_key_new(key, &parse);
913 if (err)
914 goto error;
915 err = -EINVAL;
916 if (!parse.p.key)
917 goto error;
918 if (parse.idx < 0 || parse.idx > 3)
919 goto error;
920 if (parse.def) {
921 if (def)
922 goto error;
923 def = 1;
924 result->def = parse.idx;
925 if (!parse.def_uni || !parse.def_multi)
926 goto error;
927 } else if (parse.defmgmt)
928 goto error;
929 err = cfg80211_validate_key_settings(rdev, &parse.p,
930 parse.idx, false, NULL);
931 if (err)
932 goto error;
933 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
934 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
935 err = -EINVAL;
936 goto error;
937 }
938 result->params[parse.idx].cipher = parse.p.cipher;
939 result->params[parse.idx].key_len = parse.p.key_len;
940 result->params[parse.idx].key = result->data[parse.idx];
941 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
942
943
944 if (no_ht)
945 *no_ht = true;
946 }
947
948 if (result->def < 0) {
949 err = -EINVAL;
950 goto error;
951 }
952
953 return result;
954 error:
955 kfree(result);
956 return ERR_PTR(err);
957}
958
959static int nl80211_key_allowed(struct wireless_dev *wdev)
960{
961 ASSERT_WDEV_LOCK(wdev);
962
963 switch (wdev->iftype) {
964 case NL80211_IFTYPE_AP:
965 case NL80211_IFTYPE_AP_VLAN:
966 case NL80211_IFTYPE_P2P_GO:
967 case NL80211_IFTYPE_MESH_POINT:
968 break;
969 case NL80211_IFTYPE_ADHOC:
970 case NL80211_IFTYPE_STATION:
971 case NL80211_IFTYPE_P2P_CLIENT:
972 if (!wdev->current_bss)
973 return -ENOLINK;
974 break;
975 case NL80211_IFTYPE_UNSPECIFIED:
976 case NL80211_IFTYPE_OCB:
977 case NL80211_IFTYPE_MONITOR:
978 case NL80211_IFTYPE_NAN:
979 case NL80211_IFTYPE_P2P_DEVICE:
980 case NL80211_IFTYPE_WDS:
981 case NUM_NL80211_IFTYPES:
982 return -EINVAL;
983 }
984
985 return 0;
986}
987
988static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
989 struct nlattr *tb)
990{
991 struct ieee80211_channel *chan;
992
993 if (tb == NULL)
994 return NULL;
995 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
996 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
997 return NULL;
998 return chan;
999}
1000
1001static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1002{
1003 struct nlattr *nl_modes = nla_nest_start(msg, attr);
1004 int i;
1005
1006 if (!nl_modes)
1007 goto nla_put_failure;
1008
1009 i = 0;
1010 while (ifmodes) {
1011 if ((ifmodes & 1) && nla_put_flag(msg, i))
1012 goto nla_put_failure;
1013 ifmodes >>= 1;
1014 i++;
1015 }
1016
1017 nla_nest_end(msg, nl_modes);
1018 return 0;
1019
1020nla_put_failure:
1021 return -ENOBUFS;
1022}
1023
1024static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1025 struct sk_buff *msg,
1026 bool large)
1027{
1028 struct nlattr *nl_combis;
1029 int i, j;
1030
1031 nl_combis = nla_nest_start(msg,
1032 NL80211_ATTR_INTERFACE_COMBINATIONS);
1033 if (!nl_combis)
1034 goto nla_put_failure;
1035
1036 for (i = 0; i < wiphy->n_iface_combinations; i++) {
1037 const struct ieee80211_iface_combination *c;
1038 struct nlattr *nl_combi, *nl_limits;
1039
1040 c = &wiphy->iface_combinations[i];
1041
1042 nl_combi = nla_nest_start(msg, i + 1);
1043 if (!nl_combi)
1044 goto nla_put_failure;
1045
1046 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
1047 if (!nl_limits)
1048 goto nla_put_failure;
1049
1050 for (j = 0; j < c->n_limits; j++) {
1051 struct nlattr *nl_limit;
1052
1053 nl_limit = nla_nest_start(msg, j + 1);
1054 if (!nl_limit)
1055 goto nla_put_failure;
1056 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1057 c->limits[j].max))
1058 goto nla_put_failure;
1059 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1060 c->limits[j].types))
1061 goto nla_put_failure;
1062 nla_nest_end(msg, nl_limit);
1063 }
1064
1065 nla_nest_end(msg, nl_limits);
1066
1067 if (c->beacon_int_infra_match &&
1068 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1069 goto nla_put_failure;
1070 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1071 c->num_different_channels) ||
1072 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1073 c->max_interfaces))
1074 goto nla_put_failure;
1075 if (large &&
1076 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1077 c->radar_detect_widths) ||
1078 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1079 c->radar_detect_regions)))
1080 goto nla_put_failure;
1081 if (c->beacon_int_min_gcd &&
1082 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1083 c->beacon_int_min_gcd))
1084 goto nla_put_failure;
1085
1086 nla_nest_end(msg, nl_combi);
1087 }
1088
1089 nla_nest_end(msg, nl_combis);
1090
1091 return 0;
1092nla_put_failure:
1093 return -ENOBUFS;
1094}
1095
1096#ifdef CONFIG_PM
1097static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1098 struct sk_buff *msg)
1099{
1100 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1101 struct nlattr *nl_tcp;
1102
1103 if (!tcp)
1104 return 0;
1105
1106 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1107 if (!nl_tcp)
1108 return -ENOBUFS;
1109
1110 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1111 tcp->data_payload_max))
1112 return -ENOBUFS;
1113
1114 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1115 tcp->data_payload_max))
1116 return -ENOBUFS;
1117
1118 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1119 return -ENOBUFS;
1120
1121 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1122 sizeof(*tcp->tok), tcp->tok))
1123 return -ENOBUFS;
1124
1125 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1126 tcp->data_interval_max))
1127 return -ENOBUFS;
1128
1129 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1130 tcp->wake_payload_max))
1131 return -ENOBUFS;
1132
1133 nla_nest_end(msg, nl_tcp);
1134 return 0;
1135}
1136
1137static int nl80211_send_wowlan(struct sk_buff *msg,
1138 struct cfg80211_registered_device *rdev,
1139 bool large)
1140{
1141 struct nlattr *nl_wowlan;
1142
1143 if (!rdev->wiphy.wowlan)
1144 return 0;
1145
1146 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1147 if (!nl_wowlan)
1148 return -ENOBUFS;
1149
1150 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1151 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1152 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1153 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1154 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1155 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1156 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1157 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1158 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1159 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1160 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1161 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1162 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1163 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1164 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1165 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1166 return -ENOBUFS;
1167
1168 if (rdev->wiphy.wowlan->n_patterns) {
1169 struct nl80211_pattern_support pat = {
1170 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1171 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1172 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1173 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1174 };
1175
1176 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1177 sizeof(pat), &pat))
1178 return -ENOBUFS;
1179 }
1180
1181 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1182 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1183 rdev->wiphy.wowlan->max_nd_match_sets))
1184 return -ENOBUFS;
1185
1186 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1187 return -ENOBUFS;
1188
1189 nla_nest_end(msg, nl_wowlan);
1190
1191 return 0;
1192}
1193#endif
1194
1195static int nl80211_send_coalesce(struct sk_buff *msg,
1196 struct cfg80211_registered_device *rdev)
1197{
1198 struct nl80211_coalesce_rule_support rule;
1199
1200 if (!rdev->wiphy.coalesce)
1201 return 0;
1202
1203 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1204 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1205 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1206 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1207 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1208 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1209
1210 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1211 return -ENOBUFS;
1212
1213 return 0;
1214}
1215
1216static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1217 struct ieee80211_supported_band *sband)
1218{
1219 struct nlattr *nl_rates, *nl_rate;
1220 struct ieee80211_rate *rate;
1221 int i;
1222
1223
1224 if (sband->ht_cap.ht_supported &&
1225 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1226 sizeof(sband->ht_cap.mcs),
1227 &sband->ht_cap.mcs) ||
1228 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1229 sband->ht_cap.cap) ||
1230 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1231 sband->ht_cap.ampdu_factor) ||
1232 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1233 sband->ht_cap.ampdu_density)))
1234 return -ENOBUFS;
1235
1236
1237 if (sband->vht_cap.vht_supported &&
1238 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1239 sizeof(sband->vht_cap.vht_mcs),
1240 &sband->vht_cap.vht_mcs) ||
1241 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1242 sband->vht_cap.cap)))
1243 return -ENOBUFS;
1244
1245
1246 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1247 if (!nl_rates)
1248 return -ENOBUFS;
1249
1250 for (i = 0; i < sband->n_bitrates; i++) {
1251 nl_rate = nla_nest_start(msg, i);
1252 if (!nl_rate)
1253 return -ENOBUFS;
1254
1255 rate = &sband->bitrates[i];
1256 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1257 rate->bitrate))
1258 return -ENOBUFS;
1259 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1260 nla_put_flag(msg,
1261 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1262 return -ENOBUFS;
1263
1264 nla_nest_end(msg, nl_rate);
1265 }
1266
1267 nla_nest_end(msg, nl_rates);
1268
1269 return 0;
1270}
1271
1272static int
1273nl80211_send_mgmt_stypes(struct sk_buff *msg,
1274 const struct ieee80211_txrx_stypes *mgmt_stypes)
1275{
1276 u16 stypes;
1277 struct nlattr *nl_ftypes, *nl_ifs;
1278 enum nl80211_iftype ift;
1279 int i;
1280
1281 if (!mgmt_stypes)
1282 return 0;
1283
1284 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1285 if (!nl_ifs)
1286 return -ENOBUFS;
1287
1288 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1289 nl_ftypes = nla_nest_start(msg, ift);
1290 if (!nl_ftypes)
1291 return -ENOBUFS;
1292 i = 0;
1293 stypes = mgmt_stypes[ift].tx;
1294 while (stypes) {
1295 if ((stypes & 1) &&
1296 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1297 (i << 4) | IEEE80211_FTYPE_MGMT))
1298 return -ENOBUFS;
1299 stypes >>= 1;
1300 i++;
1301 }
1302 nla_nest_end(msg, nl_ftypes);
1303 }
1304
1305 nla_nest_end(msg, nl_ifs);
1306
1307 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1308 if (!nl_ifs)
1309 return -ENOBUFS;
1310
1311 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1312 nl_ftypes = nla_nest_start(msg, ift);
1313 if (!nl_ftypes)
1314 return -ENOBUFS;
1315 i = 0;
1316 stypes = mgmt_stypes[ift].rx;
1317 while (stypes) {
1318 if ((stypes & 1) &&
1319 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1320 (i << 4) | IEEE80211_FTYPE_MGMT))
1321 return -ENOBUFS;
1322 stypes >>= 1;
1323 i++;
1324 }
1325 nla_nest_end(msg, nl_ftypes);
1326 }
1327 nla_nest_end(msg, nl_ifs);
1328
1329 return 0;
1330}
1331
1332#define CMD(op, n) \
1333 do { \
1334 if (rdev->ops->op) { \
1335 i++; \
1336 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1337 goto nla_put_failure; \
1338 } \
1339 } while (0)
1340
1341static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1342 struct sk_buff *msg)
1343{
1344 int i = 0;
1345
1346
1347
1348
1349
1350
1351 CMD(add_virtual_intf, NEW_INTERFACE);
1352 CMD(change_virtual_intf, SET_INTERFACE);
1353 CMD(add_key, NEW_KEY);
1354 CMD(start_ap, START_AP);
1355 CMD(add_station, NEW_STATION);
1356 CMD(add_mpath, NEW_MPATH);
1357 CMD(update_mesh_config, SET_MESH_CONFIG);
1358 CMD(change_bss, SET_BSS);
1359 CMD(auth, AUTHENTICATE);
1360 CMD(assoc, ASSOCIATE);
1361 CMD(deauth, DEAUTHENTICATE);
1362 CMD(disassoc, DISASSOCIATE);
1363 CMD(join_ibss, JOIN_IBSS);
1364 CMD(join_mesh, JOIN_MESH);
1365 CMD(set_pmksa, SET_PMKSA);
1366 CMD(del_pmksa, DEL_PMKSA);
1367 CMD(flush_pmksa, FLUSH_PMKSA);
1368 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1369 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1370 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1371 CMD(mgmt_tx, FRAME);
1372 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1373 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1374 i++;
1375 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1376 goto nla_put_failure;
1377 }
1378 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1379 rdev->ops->join_mesh) {
1380 i++;
1381 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1382 goto nla_put_failure;
1383 }
1384 CMD(set_wds_peer, SET_WDS_PEER);
1385 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1386 CMD(tdls_mgmt, TDLS_MGMT);
1387 CMD(tdls_oper, TDLS_OPER);
1388 }
1389 if (rdev->wiphy.max_sched_scan_reqs)
1390 CMD(sched_scan_start, START_SCHED_SCAN);
1391 CMD(probe_client, PROBE_CLIENT);
1392 CMD(set_noack_map, SET_NOACK_MAP);
1393 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1394 i++;
1395 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1396 goto nla_put_failure;
1397 }
1398 CMD(start_p2p_device, START_P2P_DEVICE);
1399 CMD(set_mcast_rate, SET_MCAST_RATE);
1400#ifdef CONFIG_NL80211_TESTMODE
1401 CMD(testmode_cmd, TESTMODE);
1402#endif
1403
1404 if (rdev->ops->connect || rdev->ops->auth) {
1405 i++;
1406 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1407 goto nla_put_failure;
1408 }
1409
1410 if (rdev->ops->disconnect || rdev->ops->deauth) {
1411 i++;
1412 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1413 goto nla_put_failure;
1414 }
1415
1416 return i;
1417 nla_put_failure:
1418 return -ENOBUFS;
1419}
1420
1421struct nl80211_dump_wiphy_state {
1422 s64 filter_wiphy;
1423 long start;
1424 long split_start, band_start, chan_start, capa_start;
1425 bool split;
1426};
1427
1428static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1429 enum nl80211_commands cmd,
1430 struct sk_buff *msg, u32 portid, u32 seq,
1431 int flags, struct nl80211_dump_wiphy_state *state)
1432{
1433 void *hdr;
1434 struct nlattr *nl_bands, *nl_band;
1435 struct nlattr *nl_freqs, *nl_freq;
1436 struct nlattr *nl_cmds;
1437 enum nl80211_band band;
1438 struct ieee80211_channel *chan;
1439 int i;
1440 const struct ieee80211_txrx_stypes *mgmt_stypes =
1441 rdev->wiphy.mgmt_stypes;
1442 u32 features;
1443
1444 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1445 if (!hdr)
1446 return -ENOBUFS;
1447
1448 if (WARN_ON(!state))
1449 return -EINVAL;
1450
1451 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1452 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1453 wiphy_name(&rdev->wiphy)) ||
1454 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1455 cfg80211_rdev_list_generation))
1456 goto nla_put_failure;
1457
1458 if (cmd != NL80211_CMD_NEW_WIPHY)
1459 goto finish;
1460
1461 switch (state->split_start) {
1462 case 0:
1463 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1464 rdev->wiphy.retry_short) ||
1465 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1466 rdev->wiphy.retry_long) ||
1467 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1468 rdev->wiphy.frag_threshold) ||
1469 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1470 rdev->wiphy.rts_threshold) ||
1471 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1472 rdev->wiphy.coverage_class) ||
1473 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1474 rdev->wiphy.max_scan_ssids) ||
1475 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1476 rdev->wiphy.max_sched_scan_ssids) ||
1477 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1478 rdev->wiphy.max_scan_ie_len) ||
1479 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1480 rdev->wiphy.max_sched_scan_ie_len) ||
1481 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1482 rdev->wiphy.max_match_sets) ||
1483 nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1484 rdev->wiphy.max_sched_scan_plans) ||
1485 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1486 rdev->wiphy.max_sched_scan_plan_interval) ||
1487 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1488 rdev->wiphy.max_sched_scan_plan_iterations))
1489 goto nla_put_failure;
1490
1491 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1492 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1493 goto nla_put_failure;
1494 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1495 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1496 goto nla_put_failure;
1497 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1498 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1499 goto nla_put_failure;
1500 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1501 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1502 goto nla_put_failure;
1503 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1504 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1505 goto nla_put_failure;
1506 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1507 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1508 goto nla_put_failure;
1509 state->split_start++;
1510 if (state->split)
1511 break;
1512 case 1:
1513 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1514 sizeof(u32) * rdev->wiphy.n_cipher_suites,
1515 rdev->wiphy.cipher_suites))
1516 goto nla_put_failure;
1517
1518 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1519 rdev->wiphy.max_num_pmkids))
1520 goto nla_put_failure;
1521
1522 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1523 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1524 goto nla_put_failure;
1525
1526 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1527 rdev->wiphy.available_antennas_tx) ||
1528 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1529 rdev->wiphy.available_antennas_rx))
1530 goto nla_put_failure;
1531
1532 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1533 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1534 rdev->wiphy.probe_resp_offload))
1535 goto nla_put_failure;
1536
1537 if ((rdev->wiphy.available_antennas_tx ||
1538 rdev->wiphy.available_antennas_rx) &&
1539 rdev->ops->get_antenna) {
1540 u32 tx_ant = 0, rx_ant = 0;
1541 int res;
1542
1543 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1544 if (!res) {
1545 if (nla_put_u32(msg,
1546 NL80211_ATTR_WIPHY_ANTENNA_TX,
1547 tx_ant) ||
1548 nla_put_u32(msg,
1549 NL80211_ATTR_WIPHY_ANTENNA_RX,
1550 rx_ant))
1551 goto nla_put_failure;
1552 }
1553 }
1554
1555 state->split_start++;
1556 if (state->split)
1557 break;
1558 case 2:
1559 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1560 rdev->wiphy.interface_modes))
1561 goto nla_put_failure;
1562 state->split_start++;
1563 if (state->split)
1564 break;
1565 case 3:
1566 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1567 if (!nl_bands)
1568 goto nla_put_failure;
1569
1570 for (band = state->band_start;
1571 band < NUM_NL80211_BANDS; band++) {
1572 struct ieee80211_supported_band *sband;
1573
1574 sband = rdev->wiphy.bands[band];
1575
1576 if (!sband)
1577 continue;
1578
1579 nl_band = nla_nest_start(msg, band);
1580 if (!nl_band)
1581 goto nla_put_failure;
1582
1583 switch (state->chan_start) {
1584 case 0:
1585 if (nl80211_send_band_rateinfo(msg, sband))
1586 goto nla_put_failure;
1587 state->chan_start++;
1588 if (state->split)
1589 break;
1590 default:
1591
1592 nl_freqs = nla_nest_start(
1593 msg, NL80211_BAND_ATTR_FREQS);
1594 if (!nl_freqs)
1595 goto nla_put_failure;
1596
1597 for (i = state->chan_start - 1;
1598 i < sband->n_channels;
1599 i++) {
1600 nl_freq = nla_nest_start(msg, i);
1601 if (!nl_freq)
1602 goto nla_put_failure;
1603
1604 chan = &sband->channels[i];
1605
1606 if (nl80211_msg_put_channel(
1607 msg, chan,
1608 state->split))
1609 goto nla_put_failure;
1610
1611 nla_nest_end(msg, nl_freq);
1612 if (state->split)
1613 break;
1614 }
1615 if (i < sband->n_channels)
1616 state->chan_start = i + 2;
1617 else
1618 state->chan_start = 0;
1619 nla_nest_end(msg, nl_freqs);
1620 }
1621
1622 nla_nest_end(msg, nl_band);
1623
1624 if (state->split) {
1625
1626 if (state->chan_start)
1627 band--;
1628 break;
1629 }
1630 }
1631 nla_nest_end(msg, nl_bands);
1632
1633 if (band < NUM_NL80211_BANDS)
1634 state->band_start = band + 1;
1635 else
1636 state->band_start = 0;
1637
1638
1639 if (state->band_start == 0 && state->chan_start == 0)
1640 state->split_start++;
1641 if (state->split)
1642 break;
1643 case 4:
1644 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1645 if (!nl_cmds)
1646 goto nla_put_failure;
1647
1648 i = nl80211_add_commands_unsplit(rdev, msg);
1649 if (i < 0)
1650 goto nla_put_failure;
1651 if (state->split) {
1652 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1653 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1654 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1655 CMD(channel_switch, CHANNEL_SWITCH);
1656 CMD(set_qos_map, SET_QOS_MAP);
1657 if (rdev->wiphy.features &
1658 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1659 CMD(add_tx_ts, ADD_TX_TS);
1660 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
1661 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
1662 }
1663#undef CMD
1664
1665 nla_nest_end(msg, nl_cmds);
1666 state->split_start++;
1667 if (state->split)
1668 break;
1669 case 5:
1670 if (rdev->ops->remain_on_channel &&
1671 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1672 nla_put_u32(msg,
1673 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1674 rdev->wiphy.max_remain_on_channel_duration))
1675 goto nla_put_failure;
1676
1677 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1678 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1679 goto nla_put_failure;
1680
1681 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1682 goto nla_put_failure;
1683 state->split_start++;
1684 if (state->split)
1685 break;
1686 case 6:
1687#ifdef CONFIG_PM
1688 if (nl80211_send_wowlan(msg, rdev, state->split))
1689 goto nla_put_failure;
1690 state->split_start++;
1691 if (state->split)
1692 break;
1693#else
1694 state->split_start++;
1695#endif
1696 case 7:
1697 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1698 rdev->wiphy.software_iftypes))
1699 goto nla_put_failure;
1700
1701 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1702 state->split))
1703 goto nla_put_failure;
1704
1705 state->split_start++;
1706 if (state->split)
1707 break;
1708 case 8:
1709 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1710 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1711 rdev->wiphy.ap_sme_capa))
1712 goto nla_put_failure;
1713
1714 features = rdev->wiphy.features;
1715
1716
1717
1718
1719
1720 if (state->split)
1721 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1722 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1723 goto nla_put_failure;
1724
1725 if (rdev->wiphy.ht_capa_mod_mask &&
1726 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1727 sizeof(*rdev->wiphy.ht_capa_mod_mask),
1728 rdev->wiphy.ht_capa_mod_mask))
1729 goto nla_put_failure;
1730
1731 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1732 rdev->wiphy.max_acl_mac_addrs &&
1733 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1734 rdev->wiphy.max_acl_mac_addrs))
1735 goto nla_put_failure;
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747 state->split_start++;
1748 break;
1749 case 9:
1750 if (rdev->wiphy.extended_capabilities &&
1751 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1752 rdev->wiphy.extended_capabilities_len,
1753 rdev->wiphy.extended_capabilities) ||
1754 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1755 rdev->wiphy.extended_capabilities_len,
1756 rdev->wiphy.extended_capabilities_mask)))
1757 goto nla_put_failure;
1758
1759 if (rdev->wiphy.vht_capa_mod_mask &&
1760 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1761 sizeof(*rdev->wiphy.vht_capa_mod_mask),
1762 rdev->wiphy.vht_capa_mod_mask))
1763 goto nla_put_failure;
1764
1765 state->split_start++;
1766 break;
1767 case 10:
1768 if (nl80211_send_coalesce(msg, rdev))
1769 goto nla_put_failure;
1770
1771 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1772 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1773 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1774 goto nla_put_failure;
1775
1776 if (rdev->wiphy.max_ap_assoc_sta &&
1777 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1778 rdev->wiphy.max_ap_assoc_sta))
1779 goto nla_put_failure;
1780
1781 state->split_start++;
1782 break;
1783 case 11:
1784 if (rdev->wiphy.n_vendor_commands) {
1785 const struct nl80211_vendor_cmd_info *info;
1786 struct nlattr *nested;
1787
1788 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1789 if (!nested)
1790 goto nla_put_failure;
1791
1792 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1793 info = &rdev->wiphy.vendor_commands[i].info;
1794 if (nla_put(msg, i + 1, sizeof(*info), info))
1795 goto nla_put_failure;
1796 }
1797 nla_nest_end(msg, nested);
1798 }
1799
1800 if (rdev->wiphy.n_vendor_events) {
1801 const struct nl80211_vendor_cmd_info *info;
1802 struct nlattr *nested;
1803
1804 nested = nla_nest_start(msg,
1805 NL80211_ATTR_VENDOR_EVENTS);
1806 if (!nested)
1807 goto nla_put_failure;
1808
1809 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1810 info = &rdev->wiphy.vendor_events[i];
1811 if (nla_put(msg, i + 1, sizeof(*info), info))
1812 goto nla_put_failure;
1813 }
1814 nla_nest_end(msg, nested);
1815 }
1816 state->split_start++;
1817 break;
1818 case 12:
1819 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1820 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1821 rdev->wiphy.max_num_csa_counters))
1822 goto nla_put_failure;
1823
1824 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1825 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1826 goto nla_put_failure;
1827
1828 if (rdev->wiphy.max_sched_scan_reqs &&
1829 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
1830 rdev->wiphy.max_sched_scan_reqs))
1831 goto nla_put_failure;
1832
1833 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
1834 sizeof(rdev->wiphy.ext_features),
1835 rdev->wiphy.ext_features))
1836 goto nla_put_failure;
1837
1838 if (rdev->wiphy.bss_select_support) {
1839 struct nlattr *nested;
1840 u32 bss_select_support = rdev->wiphy.bss_select_support;
1841
1842 nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT);
1843 if (!nested)
1844 goto nla_put_failure;
1845
1846 i = 0;
1847 while (bss_select_support) {
1848 if ((bss_select_support & 1) &&
1849 nla_put_flag(msg, i))
1850 goto nla_put_failure;
1851 i++;
1852 bss_select_support >>= 1;
1853 }
1854 nla_nest_end(msg, nested);
1855 }
1856
1857 state->split_start++;
1858 break;
1859 case 13:
1860 if (rdev->wiphy.num_iftype_ext_capab &&
1861 rdev->wiphy.iftype_ext_capab) {
1862 struct nlattr *nested_ext_capab, *nested;
1863
1864 nested = nla_nest_start(msg,
1865 NL80211_ATTR_IFTYPE_EXT_CAPA);
1866 if (!nested)
1867 goto nla_put_failure;
1868
1869 for (i = state->capa_start;
1870 i < rdev->wiphy.num_iftype_ext_capab; i++) {
1871 const struct wiphy_iftype_ext_capab *capab;
1872
1873 capab = &rdev->wiphy.iftype_ext_capab[i];
1874
1875 nested_ext_capab = nla_nest_start(msg, i);
1876 if (!nested_ext_capab ||
1877 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
1878 capab->iftype) ||
1879 nla_put(msg, NL80211_ATTR_EXT_CAPA,
1880 capab->extended_capabilities_len,
1881 capab->extended_capabilities) ||
1882 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1883 capab->extended_capabilities_len,
1884 capab->extended_capabilities_mask))
1885 goto nla_put_failure;
1886
1887 nla_nest_end(msg, nested_ext_capab);
1888 if (state->split)
1889 break;
1890 }
1891 nla_nest_end(msg, nested);
1892 if (i < rdev->wiphy.num_iftype_ext_capab) {
1893 state->capa_start = i + 1;
1894 break;
1895 }
1896 }
1897
1898 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
1899 rdev->wiphy.nan_supported_bands))
1900 goto nla_put_failure;
1901
1902
1903 state->split_start = 0;
1904 break;
1905 }
1906 finish:
1907 genlmsg_end(msg, hdr);
1908 return 0;
1909
1910 nla_put_failure:
1911 genlmsg_cancel(msg, hdr);
1912 return -EMSGSIZE;
1913}
1914
1915static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1916 struct netlink_callback *cb,
1917 struct nl80211_dump_wiphy_state *state)
1918{
1919 struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
1920 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, tb,
1921 nl80211_fam.maxattr, nl80211_policy, NULL);
1922
1923 if (ret)
1924 return 0;
1925
1926 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1927 if (tb[NL80211_ATTR_WIPHY])
1928 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1929 if (tb[NL80211_ATTR_WDEV])
1930 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1931 if (tb[NL80211_ATTR_IFINDEX]) {
1932 struct net_device *netdev;
1933 struct cfg80211_registered_device *rdev;
1934 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1935
1936 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1937 if (!netdev)
1938 return -ENODEV;
1939 if (netdev->ieee80211_ptr) {
1940 rdev = wiphy_to_rdev(
1941 netdev->ieee80211_ptr->wiphy);
1942 state->filter_wiphy = rdev->wiphy_idx;
1943 }
1944 }
1945
1946 return 0;
1947}
1948
1949static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1950{
1951 int idx = 0, ret;
1952 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1953 struct cfg80211_registered_device *rdev;
1954
1955 rtnl_lock();
1956 if (!state) {
1957 state = kzalloc(sizeof(*state), GFP_KERNEL);
1958 if (!state) {
1959 rtnl_unlock();
1960 return -ENOMEM;
1961 }
1962 state->filter_wiphy = -1;
1963 ret = nl80211_dump_wiphy_parse(skb, cb, state);
1964 if (ret) {
1965 kfree(state);
1966 rtnl_unlock();
1967 return ret;
1968 }
1969 cb->args[0] = (long)state;
1970 }
1971
1972 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1973 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1974 continue;
1975 if (++idx <= state->start)
1976 continue;
1977 if (state->filter_wiphy != -1 &&
1978 state->filter_wiphy != rdev->wiphy_idx)
1979 continue;
1980
1981 do {
1982 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
1983 skb,
1984 NETLINK_CB(cb->skb).portid,
1985 cb->nlh->nlmsg_seq,
1986 NLM_F_MULTI, state);
1987 if (ret < 0) {
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2002 !skb->len && !state->split &&
2003 cb->min_dump_alloc < 4096) {
2004 cb->min_dump_alloc = 4096;
2005 state->split_start = 0;
2006 rtnl_unlock();
2007 return 1;
2008 }
2009 idx--;
2010 break;
2011 }
2012 } while (state->split_start > 0);
2013 break;
2014 }
2015 rtnl_unlock();
2016
2017 state->start = idx;
2018
2019 return skb->len;
2020}
2021
2022static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2023{
2024 kfree((void *)cb->args[0]);
2025 return 0;
2026}
2027
2028static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2029{
2030 struct sk_buff *msg;
2031 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2032 struct nl80211_dump_wiphy_state state = {};
2033
2034 msg = nlmsg_new(4096, GFP_KERNEL);
2035 if (!msg)
2036 return -ENOMEM;
2037
2038 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2039 info->snd_portid, info->snd_seq, 0,
2040 &state) < 0) {
2041 nlmsg_free(msg);
2042 return -ENOBUFS;
2043 }
2044
2045 return genlmsg_reply(msg, info);
2046}
2047
2048static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2049 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
2050 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
2051 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
2052 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
2053 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
2054};
2055
2056static int parse_txq_params(struct nlattr *tb[],
2057 struct ieee80211_txq_params *txq_params)
2058{
2059 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2060 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2061 !tb[NL80211_TXQ_ATTR_AIFS])
2062 return -EINVAL;
2063
2064 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2065 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2066 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2067 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2068 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2069
2070 if (txq_params->ac >= NL80211_NUM_ACS)
2071 return -EINVAL;
2072
2073 return 0;
2074}
2075
2076static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2077{
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093 return !wdev ||
2094 wdev->iftype == NL80211_IFTYPE_AP ||
2095 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2096 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2097 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2098}
2099
2100static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2101 struct genl_info *info,
2102 struct cfg80211_chan_def *chandef)
2103{
2104 u32 control_freq;
2105
2106 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
2107 return -EINVAL;
2108
2109 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
2110
2111 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2112 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2113 chandef->center_freq1 = control_freq;
2114 chandef->center_freq2 = 0;
2115
2116
2117 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
2118 return -EINVAL;
2119
2120 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2121 enum nl80211_channel_type chantype;
2122
2123 chantype = nla_get_u32(
2124 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2125
2126 switch (chantype) {
2127 case NL80211_CHAN_NO_HT:
2128 case NL80211_CHAN_HT20:
2129 case NL80211_CHAN_HT40PLUS:
2130 case NL80211_CHAN_HT40MINUS:
2131 cfg80211_chandef_create(chandef, chandef->chan,
2132 chantype);
2133 break;
2134 default:
2135 return -EINVAL;
2136 }
2137 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2138 chandef->width =
2139 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2140 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
2141 chandef->center_freq1 =
2142 nla_get_u32(
2143 info->attrs[NL80211_ATTR_CENTER_FREQ1]);
2144 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
2145 chandef->center_freq2 =
2146 nla_get_u32(
2147 info->attrs[NL80211_ATTR_CENTER_FREQ2]);
2148 }
2149
2150 if (!cfg80211_chandef_valid(chandef))
2151 return -EINVAL;
2152
2153 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2154 IEEE80211_CHAN_DISABLED))
2155 return -EINVAL;
2156
2157 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2158 chandef->width == NL80211_CHAN_WIDTH_10) &&
2159 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
2160 return -EINVAL;
2161
2162 return 0;
2163}
2164
2165static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2166 struct net_device *dev,
2167 struct genl_info *info)
2168{
2169 struct cfg80211_chan_def chandef;
2170 int result;
2171 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2172 struct wireless_dev *wdev = NULL;
2173
2174 if (dev)
2175 wdev = dev->ieee80211_ptr;
2176 if (!nl80211_can_set_dev_channel(wdev))
2177 return -EOPNOTSUPP;
2178 if (wdev)
2179 iftype = wdev->iftype;
2180
2181 result = nl80211_parse_chandef(rdev, info, &chandef);
2182 if (result)
2183 return result;
2184
2185 switch (iftype) {
2186 case NL80211_IFTYPE_AP:
2187 case NL80211_IFTYPE_P2P_GO:
2188 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2189 iftype)) {
2190 result = -EINVAL;
2191 break;
2192 }
2193 if (wdev->beacon_interval) {
2194 if (!dev || !rdev->ops->set_ap_chanwidth ||
2195 !(rdev->wiphy.features &
2196 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2197 result = -EBUSY;
2198 break;
2199 }
2200
2201
2202 if (chandef.chan != wdev->preset_chandef.chan) {
2203 result = -EBUSY;
2204 break;
2205 }
2206 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2207 if (result)
2208 break;
2209 }
2210 wdev->preset_chandef = chandef;
2211 result = 0;
2212 break;
2213 case NL80211_IFTYPE_MESH_POINT:
2214 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2215 break;
2216 case NL80211_IFTYPE_MONITOR:
2217 result = cfg80211_set_monitor_channel(rdev, &chandef);
2218 break;
2219 default:
2220 result = -EINVAL;
2221 }
2222
2223 return result;
2224}
2225
2226static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2227{
2228 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2229 struct net_device *netdev = info->user_ptr[1];
2230
2231 return __nl80211_set_channel(rdev, netdev, info);
2232}
2233
2234static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2235{
2236 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2237 struct net_device *dev = info->user_ptr[1];
2238 struct wireless_dev *wdev = dev->ieee80211_ptr;
2239 const u8 *bssid;
2240
2241 if (!info->attrs[NL80211_ATTR_MAC])
2242 return -EINVAL;
2243
2244 if (netif_running(dev))
2245 return -EBUSY;
2246
2247 if (!rdev->ops->set_wds_peer)
2248 return -EOPNOTSUPP;
2249
2250 if (wdev->iftype != NL80211_IFTYPE_WDS)
2251 return -EOPNOTSUPP;
2252
2253 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2254 return rdev_set_wds_peer(rdev, dev, bssid);
2255}
2256
2257static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2258{
2259 struct cfg80211_registered_device *rdev;
2260 struct net_device *netdev = NULL;
2261 struct wireless_dev *wdev;
2262 int result = 0, rem_txq_params = 0;
2263 struct nlattr *nl_txq_params;
2264 u32 changed;
2265 u8 retry_short = 0, retry_long = 0;
2266 u32 frag_threshold = 0, rts_threshold = 0;
2267 u8 coverage_class = 0;
2268
2269 ASSERT_RTNL();
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281 if (info->attrs[NL80211_ATTR_IFINDEX]) {
2282 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2283
2284 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2285 if (netdev && netdev->ieee80211_ptr)
2286 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2287 else
2288 netdev = NULL;
2289 }
2290
2291 if (!netdev) {
2292 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2293 info->attrs);
2294 if (IS_ERR(rdev))
2295 return PTR_ERR(rdev);
2296 wdev = NULL;
2297 netdev = NULL;
2298 result = 0;
2299 } else
2300 wdev = netdev->ieee80211_ptr;
2301
2302
2303
2304
2305
2306
2307 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2308 result = cfg80211_dev_rename(
2309 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2310
2311 if (result)
2312 return result;
2313
2314 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2315 struct ieee80211_txq_params txq_params;
2316 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2317
2318 if (!rdev->ops->set_txq_params)
2319 return -EOPNOTSUPP;
2320
2321 if (!netdev)
2322 return -EINVAL;
2323
2324 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2325 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2326 return -EINVAL;
2327
2328 if (!netif_running(netdev))
2329 return -ENETDOWN;
2330
2331 nla_for_each_nested(nl_txq_params,
2332 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2333 rem_txq_params) {
2334 result = nla_parse_nested(tb, NL80211_TXQ_ATTR_MAX,
2335 nl_txq_params,
2336 txq_params_policy,
2337 info->extack);
2338 if (result)
2339 return result;
2340 result = parse_txq_params(tb, &txq_params);
2341 if (result)
2342 return result;
2343
2344 result = rdev_set_txq_params(rdev, netdev,
2345 &txq_params);
2346 if (result)
2347 return result;
2348 }
2349 }
2350
2351 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2352 result = __nl80211_set_channel(
2353 rdev,
2354 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2355 info);
2356 if (result)
2357 return result;
2358 }
2359
2360 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2361 struct wireless_dev *txp_wdev = wdev;
2362 enum nl80211_tx_power_setting type;
2363 int idx, mbm = 0;
2364
2365 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2366 txp_wdev = NULL;
2367
2368 if (!rdev->ops->set_tx_power)
2369 return -EOPNOTSUPP;
2370
2371 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2372 type = nla_get_u32(info->attrs[idx]);
2373
2374 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2375 (type != NL80211_TX_POWER_AUTOMATIC))
2376 return -EINVAL;
2377
2378 if (type != NL80211_TX_POWER_AUTOMATIC) {
2379 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2380 mbm = nla_get_u32(info->attrs[idx]);
2381 }
2382
2383 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2384 if (result)
2385 return result;
2386 }
2387
2388 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2389 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2390 u32 tx_ant, rx_ant;
2391
2392 if ((!rdev->wiphy.available_antennas_tx &&
2393 !rdev->wiphy.available_antennas_rx) ||
2394 !rdev->ops->set_antenna)
2395 return -EOPNOTSUPP;
2396
2397 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2398 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2399
2400
2401
2402 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2403 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2404 return -EINVAL;
2405
2406 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2407 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2408
2409 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2410 if (result)
2411 return result;
2412 }
2413
2414 changed = 0;
2415
2416 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2417 retry_short = nla_get_u8(
2418 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2419 if (retry_short == 0)
2420 return -EINVAL;
2421
2422 changed |= WIPHY_PARAM_RETRY_SHORT;
2423 }
2424
2425 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2426 retry_long = nla_get_u8(
2427 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2428 if (retry_long == 0)
2429 return -EINVAL;
2430
2431 changed |= WIPHY_PARAM_RETRY_LONG;
2432 }
2433
2434 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2435 frag_threshold = nla_get_u32(
2436 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2437 if (frag_threshold < 256)
2438 return -EINVAL;
2439
2440 if (frag_threshold != (u32) -1) {
2441
2442
2443
2444
2445
2446
2447 frag_threshold &= ~0x1;
2448 }
2449 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2450 }
2451
2452 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2453 rts_threshold = nla_get_u32(
2454 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2455 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2456 }
2457
2458 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2459 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2460 return -EINVAL;
2461
2462 coverage_class = nla_get_u8(
2463 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2464 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2465 }
2466
2467 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2468 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2469 return -EOPNOTSUPP;
2470
2471 changed |= WIPHY_PARAM_DYN_ACK;
2472 }
2473
2474 if (changed) {
2475 u8 old_retry_short, old_retry_long;
2476 u32 old_frag_threshold, old_rts_threshold;
2477 u8 old_coverage_class;
2478
2479 if (!rdev->ops->set_wiphy_params)
2480 return -EOPNOTSUPP;
2481
2482 old_retry_short = rdev->wiphy.retry_short;
2483 old_retry_long = rdev->wiphy.retry_long;
2484 old_frag_threshold = rdev->wiphy.frag_threshold;
2485 old_rts_threshold = rdev->wiphy.rts_threshold;
2486 old_coverage_class = rdev->wiphy.coverage_class;
2487
2488 if (changed & WIPHY_PARAM_RETRY_SHORT)
2489 rdev->wiphy.retry_short = retry_short;
2490 if (changed & WIPHY_PARAM_RETRY_LONG)
2491 rdev->wiphy.retry_long = retry_long;
2492 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2493 rdev->wiphy.frag_threshold = frag_threshold;
2494 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2495 rdev->wiphy.rts_threshold = rts_threshold;
2496 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2497 rdev->wiphy.coverage_class = coverage_class;
2498
2499 result = rdev_set_wiphy_params(rdev, changed);
2500 if (result) {
2501 rdev->wiphy.retry_short = old_retry_short;
2502 rdev->wiphy.retry_long = old_retry_long;
2503 rdev->wiphy.frag_threshold = old_frag_threshold;
2504 rdev->wiphy.rts_threshold = old_rts_threshold;
2505 rdev->wiphy.coverage_class = old_coverage_class;
2506 return result;
2507 }
2508 }
2509 return 0;
2510}
2511
2512static inline u64 wdev_id(struct wireless_dev *wdev)
2513{
2514 return (u64)wdev->identifier |
2515 ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2516}
2517
2518static int nl80211_send_chandef(struct sk_buff *msg,
2519 const struct cfg80211_chan_def *chandef)
2520{
2521 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2522 return -EINVAL;
2523
2524 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2525 chandef->chan->center_freq))
2526 return -ENOBUFS;
2527 switch (chandef->width) {
2528 case NL80211_CHAN_WIDTH_20_NOHT:
2529 case NL80211_CHAN_WIDTH_20:
2530 case NL80211_CHAN_WIDTH_40:
2531 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2532 cfg80211_get_chandef_type(chandef)))
2533 return -ENOBUFS;
2534 break;
2535 default:
2536 break;
2537 }
2538 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2539 return -ENOBUFS;
2540 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2541 return -ENOBUFS;
2542 if (chandef->center_freq2 &&
2543 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2544 return -ENOBUFS;
2545 return 0;
2546}
2547
2548static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2549 struct cfg80211_registered_device *rdev,
2550 struct wireless_dev *wdev, bool removal)
2551{
2552 struct net_device *dev = wdev->netdev;
2553 u8 cmd = NL80211_CMD_NEW_INTERFACE;
2554 void *hdr;
2555
2556 if (removal)
2557 cmd = NL80211_CMD_DEL_INTERFACE;
2558
2559 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2560 if (!hdr)
2561 return -1;
2562
2563 if (dev &&
2564 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2565 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2566 goto nla_put_failure;
2567
2568 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2569 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2570 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
2571 NL80211_ATTR_PAD) ||
2572 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2573 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2574 rdev->devlist_generation ^
2575 (cfg80211_rdev_list_generation << 2)))
2576 goto nla_put_failure;
2577
2578 if (rdev->ops->get_channel) {
2579 int ret;
2580 struct cfg80211_chan_def chandef;
2581
2582 ret = rdev_get_channel(rdev, wdev, &chandef);
2583 if (ret == 0) {
2584 if (nl80211_send_chandef(msg, &chandef))
2585 goto nla_put_failure;
2586 }
2587 }
2588
2589 if (rdev->ops->get_tx_power) {
2590 int dbm, ret;
2591
2592 ret = rdev_get_tx_power(rdev, wdev, &dbm);
2593 if (ret == 0 &&
2594 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2595 DBM_TO_MBM(dbm)))
2596 goto nla_put_failure;
2597 }
2598
2599 if (wdev->ssid_len) {
2600 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2601 goto nla_put_failure;
2602 }
2603
2604 genlmsg_end(msg, hdr);
2605 return 0;
2606
2607 nla_put_failure:
2608 genlmsg_cancel(msg, hdr);
2609 return -EMSGSIZE;
2610}
2611
2612static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2613{
2614 int wp_idx = 0;
2615 int if_idx = 0;
2616 int wp_start = cb->args[0];
2617 int if_start = cb->args[1];
2618 int filter_wiphy = -1;
2619 struct cfg80211_registered_device *rdev;
2620 struct wireless_dev *wdev;
2621 int ret;
2622
2623 rtnl_lock();
2624 if (!cb->args[2]) {
2625 struct nl80211_dump_wiphy_state state = {
2626 .filter_wiphy = -1,
2627 };
2628
2629 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
2630 if (ret)
2631 goto out_unlock;
2632
2633 filter_wiphy = state.filter_wiphy;
2634
2635
2636
2637
2638
2639 if (filter_wiphy >= 0)
2640 cb->args[2] = filter_wiphy + 1;
2641 else
2642 cb->args[2] = -1;
2643 } else if (cb->args[2] > 0) {
2644 filter_wiphy = cb->args[2] - 1;
2645 }
2646
2647 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2648 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2649 continue;
2650 if (wp_idx < wp_start) {
2651 wp_idx++;
2652 continue;
2653 }
2654
2655 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
2656 continue;
2657
2658 if_idx = 0;
2659
2660 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
2661 if (if_idx < if_start) {
2662 if_idx++;
2663 continue;
2664 }
2665 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2666 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2667 rdev, wdev, false) < 0) {
2668 goto out;
2669 }
2670 if_idx++;
2671 }
2672
2673 wp_idx++;
2674 }
2675 out:
2676 cb->args[0] = wp_idx;
2677 cb->args[1] = if_idx;
2678
2679 ret = skb->len;
2680 out_unlock:
2681 rtnl_unlock();
2682
2683 return ret;
2684}
2685
2686static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2687{
2688 struct sk_buff *msg;
2689 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2690 struct wireless_dev *wdev = info->user_ptr[1];
2691
2692 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2693 if (!msg)
2694 return -ENOMEM;
2695
2696 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2697 rdev, wdev, false) < 0) {
2698 nlmsg_free(msg);
2699 return -ENOBUFS;
2700 }
2701
2702 return genlmsg_reply(msg, info);
2703}
2704
2705static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2706 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2707 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2708 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2709 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2710 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2711 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2712};
2713
2714static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2715{
2716 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2717 int flag;
2718
2719 *mntrflags = 0;
2720
2721 if (!nla)
2722 return -EINVAL;
2723
2724 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, nla,
2725 mntr_flags_policy, NULL))
2726 return -EINVAL;
2727
2728 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2729 if (flags[flag])
2730 *mntrflags |= (1<<flag);
2731
2732 *mntrflags |= MONITOR_FLAG_CHANGED;
2733
2734 return 0;
2735}
2736
2737static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
2738 enum nl80211_iftype type,
2739 struct genl_info *info,
2740 struct vif_params *params)
2741{
2742 bool change = false;
2743 int err;
2744
2745 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2746 if (type != NL80211_IFTYPE_MONITOR)
2747 return -EINVAL;
2748
2749 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2750 ¶ms->flags);
2751 if (err)
2752 return err;
2753
2754 change = true;
2755 }
2756
2757 if (params->flags & MONITOR_FLAG_ACTIVE &&
2758 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2759 return -EOPNOTSUPP;
2760
2761 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
2762 const u8 *mumimo_groups;
2763 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2764
2765 if (type != NL80211_IFTYPE_MONITOR)
2766 return -EINVAL;
2767
2768 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2769 return -EOPNOTSUPP;
2770
2771 mumimo_groups =
2772 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
2773
2774
2775 if ((mumimo_groups[0] & BIT(0)) ||
2776 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
2777 return -EINVAL;
2778
2779 params->vht_mumimo_groups = mumimo_groups;
2780 change = true;
2781 }
2782
2783 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
2784 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2785
2786 if (type != NL80211_IFTYPE_MONITOR)
2787 return -EINVAL;
2788
2789 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2790 return -EOPNOTSUPP;
2791
2792 params->vht_mumimo_follow_addr =
2793 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
2794 change = true;
2795 }
2796
2797 return change ? 1 : 0;
2798}
2799
2800static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2801 struct net_device *netdev, u8 use_4addr,
2802 enum nl80211_iftype iftype)
2803{
2804 if (!use_4addr) {
2805 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2806 return -EBUSY;
2807 return 0;
2808 }
2809
2810 switch (iftype) {
2811 case NL80211_IFTYPE_AP_VLAN:
2812 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2813 return 0;
2814 break;
2815 case NL80211_IFTYPE_STATION:
2816 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2817 return 0;
2818 break;
2819 default:
2820 break;
2821 }
2822
2823 return -EOPNOTSUPP;
2824}
2825
2826static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2827{
2828 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2829 struct vif_params params;
2830 int err;
2831 enum nl80211_iftype otype, ntype;
2832 struct net_device *dev = info->user_ptr[1];
2833 bool change = false;
2834
2835 memset(¶ms, 0, sizeof(params));
2836
2837 otype = ntype = dev->ieee80211_ptr->iftype;
2838
2839 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2840 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2841 if (otype != ntype)
2842 change = true;
2843 if (ntype > NL80211_IFTYPE_MAX)
2844 return -EINVAL;
2845 }
2846
2847 if (info->attrs[NL80211_ATTR_MESH_ID]) {
2848 struct wireless_dev *wdev = dev->ieee80211_ptr;
2849
2850 if (ntype != NL80211_IFTYPE_MESH_POINT)
2851 return -EINVAL;
2852 if (netif_running(dev))
2853 return -EBUSY;
2854
2855 wdev_lock(wdev);
2856 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2857 IEEE80211_MAX_MESH_ID_LEN);
2858 wdev->mesh_id_up_len =
2859 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2860 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2861 wdev->mesh_id_up_len);
2862 wdev_unlock(wdev);
2863 }
2864
2865 if (info->attrs[NL80211_ATTR_4ADDR]) {
2866 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2867 change = true;
2868 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2869 if (err)
2870 return err;
2871 } else {
2872 params.use_4addr = -1;
2873 }
2874
2875 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms);
2876 if (err < 0)
2877 return err;
2878 if (err > 0)
2879 change = true;
2880
2881 if (change)
2882 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms);
2883 else
2884 err = 0;
2885
2886 if (!err && params.use_4addr != -1)
2887 dev->ieee80211_ptr->use_4addr = params.use_4addr;
2888
2889 return err;
2890}
2891
2892static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2893{
2894 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2895 struct vif_params params;
2896 struct wireless_dev *wdev;
2897 struct sk_buff *msg;
2898 int err;
2899 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2900
2901
2902 cfg80211_destroy_ifaces(rdev);
2903
2904 memset(¶ms, 0, sizeof(params));
2905
2906 if (!info->attrs[NL80211_ATTR_IFNAME])
2907 return -EINVAL;
2908
2909 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2910 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2911 if (type > NL80211_IFTYPE_MAX)
2912 return -EINVAL;
2913 }
2914
2915 if (!rdev->ops->add_virtual_intf ||
2916 !(rdev->wiphy.interface_modes & (1 << type)))
2917 return -EOPNOTSUPP;
2918
2919 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
2920 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
2921 info->attrs[NL80211_ATTR_MAC]) {
2922 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2923 ETH_ALEN);
2924 if (!is_valid_ether_addr(params.macaddr))
2925 return -EADDRNOTAVAIL;
2926 }
2927
2928 if (info->attrs[NL80211_ATTR_4ADDR]) {
2929 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2930 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2931 if (err)
2932 return err;
2933 }
2934
2935 err = nl80211_parse_mon_options(rdev, type, info, ¶ms);
2936 if (err < 0)
2937 return err;
2938
2939 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2940 if (!msg)
2941 return -ENOMEM;
2942
2943 wdev = rdev_add_virtual_intf(rdev,
2944 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2945 NET_NAME_USER, type, ¶ms);
2946 if (WARN_ON(!wdev)) {
2947 nlmsg_free(msg);
2948 return -EPROTO;
2949 } else if (IS_ERR(wdev)) {
2950 nlmsg_free(msg);
2951 return PTR_ERR(wdev);
2952 }
2953
2954 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
2955 wdev->owner_nlportid = info->snd_portid;
2956
2957 switch (type) {
2958 case NL80211_IFTYPE_MESH_POINT:
2959 if (!info->attrs[NL80211_ATTR_MESH_ID])
2960 break;
2961 wdev_lock(wdev);
2962 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2963 IEEE80211_MAX_MESH_ID_LEN);
2964 wdev->mesh_id_up_len =
2965 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2966 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2967 wdev->mesh_id_up_len);
2968 wdev_unlock(wdev);
2969 break;
2970 case NL80211_IFTYPE_NAN:
2971 case NL80211_IFTYPE_P2P_DEVICE:
2972
2973
2974
2975
2976 mutex_init(&wdev->mtx);
2977 INIT_LIST_HEAD(&wdev->event_list);
2978 spin_lock_init(&wdev->event_lock);
2979 INIT_LIST_HEAD(&wdev->mgmt_registrations);
2980 spin_lock_init(&wdev->mgmt_registrations_lock);
2981
2982 wdev->identifier = ++rdev->wdev_id;
2983 list_add_rcu(&wdev->list, &rdev->wiphy.wdev_list);
2984 rdev->devlist_generation++;
2985 break;
2986 default:
2987 break;
2988 }
2989
2990 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2991 rdev, wdev, false) < 0) {
2992 nlmsg_free(msg);
2993 return -ENOBUFS;
2994 }
2995
2996
2997
2998
2999
3000
3001
3002 if (!wdev->netdev)
3003 nl80211_notify_iface(rdev, wdev, NL80211_CMD_NEW_INTERFACE);
3004
3005 return genlmsg_reply(msg, info);
3006}
3007
3008static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3009{
3010 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3011 struct wireless_dev *wdev = info->user_ptr[1];
3012
3013 if (!rdev->ops->del_virtual_intf)
3014 return -EOPNOTSUPP;
3015
3016
3017
3018
3019
3020
3021
3022
3023 if (!wdev->netdev)
3024 info->user_ptr[1] = NULL;
3025
3026 return rdev_del_virtual_intf(rdev, wdev);
3027}
3028
3029static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3030{
3031 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3032 struct net_device *dev = info->user_ptr[1];
3033 u16 noack_map;
3034
3035 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3036 return -EINVAL;
3037
3038 if (!rdev->ops->set_noack_map)
3039 return -EOPNOTSUPP;
3040
3041 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3042
3043 return rdev_set_noack_map(rdev, dev, noack_map);
3044}
3045
3046struct get_key_cookie {
3047 struct sk_buff *msg;
3048 int error;
3049 int idx;
3050};
3051
3052static void get_key_callback(void *c, struct key_params *params)
3053{
3054 struct nlattr *key;
3055 struct get_key_cookie *cookie = c;
3056
3057 if ((params->key &&
3058 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3059 params->key_len, params->key)) ||
3060 (params->seq &&
3061 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3062 params->seq_len, params->seq)) ||
3063 (params->cipher &&
3064 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3065 params->cipher)))
3066 goto nla_put_failure;
3067
3068 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
3069 if (!key)
3070 goto nla_put_failure;
3071
3072 if ((params->key &&
3073 nla_put(cookie->msg, NL80211_KEY_DATA,
3074 params->key_len, params->key)) ||
3075 (params->seq &&
3076 nla_put(cookie->msg, NL80211_KEY_SEQ,
3077 params->seq_len, params->seq)) ||
3078 (params->cipher &&
3079 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3080 params->cipher)))
3081 goto nla_put_failure;
3082
3083 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
3084 goto nla_put_failure;
3085
3086 nla_nest_end(cookie->msg, key);
3087
3088 return;
3089 nla_put_failure:
3090 cookie->error = 1;
3091}
3092
3093static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3094{
3095 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3096 int err;
3097 struct net_device *dev = info->user_ptr[1];
3098 u8 key_idx = 0;
3099 const u8 *mac_addr = NULL;
3100 bool pairwise;
3101 struct get_key_cookie cookie = {
3102 .error = 0,
3103 };
3104 void *hdr;
3105 struct sk_buff *msg;
3106
3107 if (info->attrs[NL80211_ATTR_KEY_IDX])
3108 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3109
3110 if (key_idx > 5)
3111 return -EINVAL;
3112
3113 if (info->attrs[NL80211_ATTR_MAC])
3114 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3115
3116 pairwise = !!mac_addr;
3117 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3118 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3119
3120 if (kt >= NUM_NL80211_KEYTYPES)
3121 return -EINVAL;
3122 if (kt != NL80211_KEYTYPE_GROUP &&
3123 kt != NL80211_KEYTYPE_PAIRWISE)
3124 return -EINVAL;
3125 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3126 }
3127
3128 if (!rdev->ops->get_key)
3129 return -EOPNOTSUPP;
3130
3131 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3132 return -ENOENT;
3133
3134 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3135 if (!msg)
3136 return -ENOMEM;
3137
3138 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3139 NL80211_CMD_NEW_KEY);
3140 if (!hdr)
3141 goto nla_put_failure;
3142
3143 cookie.msg = msg;
3144 cookie.idx = key_idx;
3145
3146 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3147 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3148 goto nla_put_failure;
3149 if (mac_addr &&
3150 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3151 goto nla_put_failure;
3152
3153 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3154 get_key_callback);
3155
3156 if (err)
3157 goto free_msg;
3158
3159 if (cookie.error)
3160 goto nla_put_failure;
3161
3162 genlmsg_end(msg, hdr);
3163 return genlmsg_reply(msg, info);
3164
3165 nla_put_failure:
3166 err = -ENOBUFS;
3167 free_msg:
3168 nlmsg_free(msg);
3169 return err;
3170}
3171
3172static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3173{
3174 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3175 struct key_parse key;
3176 int err;
3177 struct net_device *dev = info->user_ptr[1];
3178
3179 err = nl80211_parse_key(info, &key);
3180 if (err)
3181 return err;
3182
3183 if (key.idx < 0)
3184 return -EINVAL;
3185
3186
3187 if (!key.def && !key.defmgmt)
3188 return -EINVAL;
3189
3190 wdev_lock(dev->ieee80211_ptr);
3191
3192 if (key.def) {
3193 if (!rdev->ops->set_default_key) {
3194 err = -EOPNOTSUPP;
3195 goto out;
3196 }
3197
3198 err = nl80211_key_allowed(dev->ieee80211_ptr);
3199 if (err)
3200 goto out;
3201
3202 err = rdev_set_default_key(rdev, dev, key.idx,
3203 key.def_uni, key.def_multi);
3204
3205 if (err)
3206 goto out;
3207
3208#ifdef CONFIG_CFG80211_WEXT
3209 dev->ieee80211_ptr->wext.default_key = key.idx;
3210#endif
3211 } else {
3212 if (key.def_uni || !key.def_multi) {
3213 err = -EINVAL;
3214 goto out;
3215 }
3216
3217 if (!rdev->ops->set_default_mgmt_key) {
3218 err = -EOPNOTSUPP;
3219 goto out;
3220 }
3221
3222 err = nl80211_key_allowed(dev->ieee80211_ptr);
3223 if (err)
3224 goto out;
3225
3226 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3227 if (err)
3228 goto out;
3229
3230#ifdef CONFIG_CFG80211_WEXT
3231 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3232#endif
3233 }
3234
3235 out:
3236 wdev_unlock(dev->ieee80211_ptr);
3237
3238 return err;
3239}
3240
3241static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3242{
3243 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3244 int err;
3245 struct net_device *dev = info->user_ptr[1];
3246 struct key_parse key;
3247 const u8 *mac_addr = NULL;
3248
3249 err = nl80211_parse_key(info, &key);
3250 if (err)
3251 return err;
3252
3253 if (!key.p.key)
3254 return -EINVAL;
3255
3256 if (info->attrs[NL80211_ATTR_MAC])
3257 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3258
3259 if (key.type == -1) {
3260 if (mac_addr)
3261 key.type = NL80211_KEYTYPE_PAIRWISE;
3262 else
3263 key.type = NL80211_KEYTYPE_GROUP;
3264 }
3265
3266
3267 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3268 key.type != NL80211_KEYTYPE_GROUP)
3269 return -EINVAL;
3270
3271 if (!rdev->ops->add_key)
3272 return -EOPNOTSUPP;
3273
3274 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3275 key.type == NL80211_KEYTYPE_PAIRWISE,
3276 mac_addr))
3277 return -EINVAL;
3278
3279 wdev_lock(dev->ieee80211_ptr);
3280 err = nl80211_key_allowed(dev->ieee80211_ptr);
3281 if (!err)
3282 err = rdev_add_key(rdev, dev, key.idx,
3283 key.type == NL80211_KEYTYPE_PAIRWISE,
3284 mac_addr, &key.p);
3285 wdev_unlock(dev->ieee80211_ptr);
3286
3287 return err;
3288}
3289
3290static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3291{
3292 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3293 int err;
3294 struct net_device *dev = info->user_ptr[1];
3295 u8 *mac_addr = NULL;
3296 struct key_parse key;
3297
3298 err = nl80211_parse_key(info, &key);
3299 if (err)
3300 return err;
3301
3302 if (info->attrs[NL80211_ATTR_MAC])
3303 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3304
3305 if (key.type == -1) {
3306 if (mac_addr)
3307 key.type = NL80211_KEYTYPE_PAIRWISE;
3308 else
3309 key.type = NL80211_KEYTYPE_GROUP;
3310 }
3311
3312
3313 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3314 key.type != NL80211_KEYTYPE_GROUP)
3315 return -EINVAL;
3316
3317 if (!rdev->ops->del_key)
3318 return -EOPNOTSUPP;
3319
3320 wdev_lock(dev->ieee80211_ptr);
3321 err = nl80211_key_allowed(dev->ieee80211_ptr);
3322
3323 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3324 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3325 err = -ENOENT;
3326
3327 if (!err)
3328 err = rdev_del_key(rdev, dev, key.idx,
3329 key.type == NL80211_KEYTYPE_PAIRWISE,
3330 mac_addr);
3331
3332#ifdef CONFIG_CFG80211_WEXT
3333 if (!err) {
3334 if (key.idx == dev->ieee80211_ptr->wext.default_key)
3335 dev->ieee80211_ptr->wext.default_key = -1;
3336 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3337 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3338 }
3339#endif
3340 wdev_unlock(dev->ieee80211_ptr);
3341
3342 return err;
3343}
3344
3345
3346static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3347{
3348 struct nlattr *attr;
3349 int n_entries = 0, tmp;
3350
3351 nla_for_each_nested(attr, nl_attr, tmp) {
3352 if (nla_len(attr) != ETH_ALEN)
3353 return -EINVAL;
3354
3355 n_entries++;
3356 }
3357
3358 return n_entries;
3359}
3360
3361
3362
3363
3364
3365
3366static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3367 struct genl_info *info)
3368{
3369 enum nl80211_acl_policy acl_policy;
3370 struct nlattr *attr;
3371 struct cfg80211_acl_data *acl;
3372 int i = 0, n_entries, tmp;
3373
3374 if (!wiphy->max_acl_mac_addrs)
3375 return ERR_PTR(-EOPNOTSUPP);
3376
3377 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3378 return ERR_PTR(-EINVAL);
3379
3380 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3381 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3382 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3383 return ERR_PTR(-EINVAL);
3384
3385 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3386 return ERR_PTR(-EINVAL);
3387
3388 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3389 if (n_entries < 0)
3390 return ERR_PTR(n_entries);
3391
3392 if (n_entries > wiphy->max_acl_mac_addrs)
3393 return ERR_PTR(-ENOTSUPP);
3394
3395 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3396 GFP_KERNEL);
3397 if (!acl)
3398 return ERR_PTR(-ENOMEM);
3399
3400 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3401 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3402 i++;
3403 }
3404
3405 acl->n_acl_entries = n_entries;
3406 acl->acl_policy = acl_policy;
3407
3408 return acl;
3409}
3410
3411static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3412{
3413 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3414 struct net_device *dev = info->user_ptr[1];
3415 struct cfg80211_acl_data *acl;
3416 int err;
3417
3418 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3419 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3420 return -EOPNOTSUPP;
3421
3422 if (!dev->ieee80211_ptr->beacon_interval)
3423 return -EINVAL;
3424
3425 acl = parse_acl_data(&rdev->wiphy, info);
3426 if (IS_ERR(acl))
3427 return PTR_ERR(acl);
3428
3429 err = rdev_set_mac_acl(rdev, dev, acl);
3430
3431 kfree(acl);
3432
3433 return err;
3434}
3435
3436static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
3437 u8 *rates, u8 rates_len)
3438{
3439 u8 i;
3440 u32 mask = 0;
3441
3442 for (i = 0; i < rates_len; i++) {
3443 int rate = (rates[i] & 0x7f) * 5;
3444 int ridx;
3445
3446 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
3447 struct ieee80211_rate *srate =
3448 &sband->bitrates[ridx];
3449 if (rate == srate->bitrate) {
3450 mask |= 1 << ridx;
3451 break;
3452 }
3453 }
3454 if (ridx == sband->n_bitrates)
3455 return 0;
3456 }
3457
3458 return mask;
3459}
3460
3461static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
3462 u8 *rates, u8 rates_len,
3463 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
3464{
3465 u8 i;
3466
3467 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
3468
3469 for (i = 0; i < rates_len; i++) {
3470 int ridx, rbit;
3471
3472 ridx = rates[i] / 8;
3473 rbit = BIT(rates[i] % 8);
3474
3475
3476 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
3477 return false;
3478
3479
3480 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
3481 mcs[ridx] |= rbit;
3482 else
3483 return false;
3484 }
3485
3486 return true;
3487}
3488
3489static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
3490{
3491 u16 mcs_mask = 0;
3492
3493 switch (vht_mcs_map) {
3494 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
3495 break;
3496 case IEEE80211_VHT_MCS_SUPPORT_0_7:
3497 mcs_mask = 0x00FF;
3498 break;
3499 case IEEE80211_VHT_MCS_SUPPORT_0_8:
3500 mcs_mask = 0x01FF;
3501 break;
3502 case IEEE80211_VHT_MCS_SUPPORT_0_9:
3503 mcs_mask = 0x03FF;
3504 break;
3505 default:
3506 break;
3507 }
3508
3509 return mcs_mask;
3510}
3511
3512static void vht_build_mcs_mask(u16 vht_mcs_map,
3513 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
3514{
3515 u8 nss;
3516
3517 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
3518 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
3519 vht_mcs_map >>= 2;
3520 }
3521}
3522
3523static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
3524 struct nl80211_txrate_vht *txrate,
3525 u16 mcs[NL80211_VHT_NSS_MAX])
3526{
3527 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3528 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
3529 u8 i;
3530
3531 if (!sband->vht_cap.vht_supported)
3532 return false;
3533
3534 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
3535
3536
3537 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
3538
3539 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3540 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
3541 mcs[i] = txrate->mcs[i];
3542 else
3543 return false;
3544 }
3545
3546 return true;
3547}
3548
3549static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
3550 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
3551 .len = NL80211_MAX_SUPP_RATES },
3552 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
3553 .len = NL80211_MAX_SUPP_HT_RATES },
3554 [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
3555 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
3556};
3557
3558static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
3559 struct cfg80211_bitrate_mask *mask)
3560{
3561 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
3562 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3563 int rem, i;
3564 struct nlattr *tx_rates;
3565 struct ieee80211_supported_band *sband;
3566 u16 vht_tx_mcs_map;
3567
3568 memset(mask, 0, sizeof(*mask));
3569
3570 for (i = 0; i < NUM_NL80211_BANDS; i++) {
3571 sband = rdev->wiphy.bands[i];
3572
3573 if (!sband)
3574 continue;
3575
3576 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
3577 memcpy(mask->control[i].ht_mcs,
3578 sband->ht_cap.mcs.rx_mask,
3579 sizeof(mask->control[i].ht_mcs));
3580
3581 if (!sband->vht_cap.vht_supported)
3582 continue;
3583
3584 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3585 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
3586 }
3587
3588
3589 if (!info->attrs[NL80211_ATTR_TX_RATES])
3590 goto out;
3591
3592
3593
3594
3595 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
3596 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
3597 enum nl80211_band band = nla_type(tx_rates);
3598 int err;
3599
3600 if (band < 0 || band >= NUM_NL80211_BANDS)
3601 return -EINVAL;
3602 sband = rdev->wiphy.bands[band];
3603 if (sband == NULL)
3604 return -EINVAL;
3605 err = nla_parse_nested(tb, NL80211_TXRATE_MAX, tx_rates,
3606 nl80211_txattr_policy, info->extack);
3607 if (err)
3608 return err;
3609 if (tb[NL80211_TXRATE_LEGACY]) {
3610 mask->control[band].legacy = rateset_to_mask(
3611 sband,
3612 nla_data(tb[NL80211_TXRATE_LEGACY]),
3613 nla_len(tb[NL80211_TXRATE_LEGACY]));
3614 if ((mask->control[band].legacy == 0) &&
3615 nla_len(tb[NL80211_TXRATE_LEGACY]))
3616 return -EINVAL;
3617 }
3618 if (tb[NL80211_TXRATE_HT]) {
3619 if (!ht_rateset_to_mask(
3620 sband,
3621 nla_data(tb[NL80211_TXRATE_HT]),
3622 nla_len(tb[NL80211_TXRATE_HT]),
3623 mask->control[band].ht_mcs))
3624 return -EINVAL;
3625 }
3626 if (tb[NL80211_TXRATE_VHT]) {
3627 if (!vht_set_mcs_mask(
3628 sband,
3629 nla_data(tb[NL80211_TXRATE_VHT]),
3630 mask->control[band].vht_mcs))
3631 return -EINVAL;
3632 }
3633 if (tb[NL80211_TXRATE_GI]) {
3634 mask->control[band].gi =
3635 nla_get_u8(tb[NL80211_TXRATE_GI]);
3636 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
3637 return -EINVAL;
3638 }
3639
3640 if (mask->control[band].legacy == 0) {
3641
3642
3643
3644 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
3645 rdev->wiphy.bands[band]->vht_cap.vht_supported))
3646 return -EINVAL;
3647
3648 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
3649 if (mask->control[band].ht_mcs[i])
3650 goto out;
3651
3652 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
3653 if (mask->control[band].vht_mcs[i])
3654 goto out;
3655
3656
3657 return -EINVAL;
3658 }
3659 }
3660
3661out:
3662 return 0;
3663}
3664
3665static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
3666 enum nl80211_band band,
3667 struct cfg80211_bitrate_mask *beacon_rate)
3668{
3669 u32 count_ht, count_vht, i;
3670 u32 rate = beacon_rate->control[band].legacy;
3671
3672
3673 if (hweight32(rate) > 1)
3674 return -EINVAL;
3675
3676 count_ht = 0;
3677 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
3678 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
3679 return -EINVAL;
3680 } else if (beacon_rate->control[band].ht_mcs[i]) {
3681 count_ht++;
3682 if (count_ht > 1)
3683 return -EINVAL;
3684 }
3685 if (count_ht && rate)
3686 return -EINVAL;
3687 }
3688
3689 count_vht = 0;
3690 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3691 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
3692 return -EINVAL;
3693 } else if (beacon_rate->control[band].vht_mcs[i]) {
3694 count_vht++;
3695 if (count_vht > 1)
3696 return -EINVAL;
3697 }
3698 if (count_vht && rate)
3699 return -EINVAL;
3700 }
3701
3702 if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
3703 return -EINVAL;
3704
3705 if (rate &&
3706 !wiphy_ext_feature_isset(&rdev->wiphy,
3707 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
3708 return -EINVAL;
3709 if (count_ht &&
3710 !wiphy_ext_feature_isset(&rdev->wiphy,
3711 NL80211_EXT_FEATURE_BEACON_RATE_HT))
3712 return -EINVAL;
3713 if (count_vht &&
3714 !wiphy_ext_feature_isset(&rdev->wiphy,
3715 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
3716 return -EINVAL;
3717
3718 return 0;
3719}
3720
3721static int nl80211_parse_beacon(struct nlattr *attrs[],
3722 struct cfg80211_beacon_data *bcn)
3723{
3724 bool haveinfo = false;
3725
3726 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3727 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3728 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3729 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3730 return -EINVAL;
3731
3732 memset(bcn, 0, sizeof(*bcn));
3733
3734 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3735 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3736 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3737 if (!bcn->head_len)
3738 return -EINVAL;
3739 haveinfo = true;
3740 }
3741
3742 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3743 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3744 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3745 haveinfo = true;
3746 }
3747
3748 if (!haveinfo)
3749 return -EINVAL;
3750
3751 if (attrs[NL80211_ATTR_IE]) {
3752 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3753 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3754 }
3755
3756 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3757 bcn->proberesp_ies =
3758 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3759 bcn->proberesp_ies_len =
3760 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3761 }
3762
3763 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3764 bcn->assocresp_ies =
3765 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3766 bcn->assocresp_ies_len =
3767 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3768 }
3769
3770 if (attrs[NL80211_ATTR_PROBE_RESP]) {
3771 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3772 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3773 }
3774
3775 return 0;
3776}
3777
3778static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
3779 const u8 *rates)
3780{
3781 int i;
3782
3783 if (!rates)
3784 return;
3785
3786 for (i = 0; i < rates[1]; i++) {
3787 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
3788 params->ht_required = true;
3789 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
3790 params->vht_required = true;
3791 }
3792}
3793
3794
3795
3796
3797
3798
3799static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
3800{
3801 const struct cfg80211_beacon_data *bcn = ¶ms->beacon;
3802 size_t ies_len = bcn->tail_len;
3803 const u8 *ies = bcn->tail;
3804 const u8 *rates;
3805 const u8 *cap;
3806
3807 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
3808 nl80211_check_ap_rate_selectors(params, rates);
3809
3810 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
3811 nl80211_check_ap_rate_selectors(params, rates);
3812
3813 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
3814 if (cap && cap[1] >= sizeof(*params->ht_cap))
3815 params->ht_cap = (void *)(cap + 2);
3816 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
3817 if (cap && cap[1] >= sizeof(*params->vht_cap))
3818 params->vht_cap = (void *)(cap + 2);
3819}
3820
3821static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3822 struct cfg80211_ap_settings *params)
3823{
3824 struct wireless_dev *wdev;
3825 bool ret = false;
3826
3827 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3828 if (wdev->iftype != NL80211_IFTYPE_AP &&
3829 wdev->iftype != NL80211_IFTYPE_P2P_GO)
3830 continue;
3831
3832 if (!wdev->preset_chandef.chan)
3833 continue;
3834
3835 params->chandef = wdev->preset_chandef;
3836 ret = true;
3837 break;
3838 }
3839
3840 return ret;
3841}
3842
3843static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3844 enum nl80211_auth_type auth_type,
3845 enum nl80211_commands cmd)
3846{
3847 if (auth_type > NL80211_AUTHTYPE_MAX)
3848 return false;
3849
3850 switch (cmd) {
3851 case NL80211_CMD_AUTHENTICATE:
3852 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3853 auth_type == NL80211_AUTHTYPE_SAE)
3854 return false;
3855 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3856 NL80211_EXT_FEATURE_FILS_STA) &&
3857 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
3858 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3859 auth_type == NL80211_AUTHTYPE_FILS_PK))
3860 return false;
3861 return true;
3862 case NL80211_CMD_CONNECT:
3863
3864 if (auth_type == NL80211_AUTHTYPE_SAE)
3865 return false;
3866
3867 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3868 auth_type == NL80211_AUTHTYPE_FILS_PK)
3869 return false;
3870 if (!wiphy_ext_feature_isset(
3871 &rdev->wiphy,
3872 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
3873 auth_type == NL80211_AUTHTYPE_FILS_SK)
3874 return false;
3875 return true;
3876 case NL80211_CMD_START_AP:
3877
3878 if (auth_type == NL80211_AUTHTYPE_SAE)
3879 return false;
3880
3881 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
3882 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3883 auth_type == NL80211_AUTHTYPE_FILS_PK)
3884 return false;
3885 return true;
3886 default:
3887 return false;
3888 }
3889}
3890
3891static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3892{
3893 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3894 struct net_device *dev = info->user_ptr[1];
3895 struct wireless_dev *wdev = dev->ieee80211_ptr;
3896 struct cfg80211_ap_settings params;
3897 int err;
3898
3899 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3900 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3901 return -EOPNOTSUPP;
3902
3903 if (!rdev->ops->start_ap)
3904 return -EOPNOTSUPP;
3905
3906 if (wdev->beacon_interval)
3907 return -EALREADY;
3908
3909 memset(¶ms, 0, sizeof(params));
3910
3911
3912 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3913 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3914 !info->attrs[NL80211_ATTR_BEACON_HEAD])
3915 return -EINVAL;
3916
3917 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon);
3918 if (err)
3919 return err;
3920
3921 params.beacon_interval =
3922 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3923 params.dtim_period =
3924 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3925
3926 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
3927 params.beacon_interval);
3928 if (err)
3929 return err;
3930
3931
3932
3933
3934
3935
3936
3937
3938 if (info->attrs[NL80211_ATTR_SSID]) {
3939 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3940 params.ssid_len =
3941 nla_len(info->attrs[NL80211_ATTR_SSID]);
3942 if (params.ssid_len == 0 ||
3943 params.ssid_len > IEEE80211_MAX_SSID_LEN)
3944 return -EINVAL;
3945 }
3946
3947 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3948 params.hidden_ssid = nla_get_u32(
3949 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3950 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3951 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3952 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3953 return -EINVAL;
3954 }
3955
3956 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3957
3958 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3959 params.auth_type = nla_get_u32(
3960 info->attrs[NL80211_ATTR_AUTH_TYPE]);
3961 if (!nl80211_valid_auth_type(rdev, params.auth_type,
3962 NL80211_CMD_START_AP))
3963 return -EINVAL;
3964 } else
3965 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3966
3967 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto,
3968 NL80211_MAX_NR_CIPHER_SUITES);
3969 if (err)
3970 return err;
3971
3972 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3973 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3974 return -EOPNOTSUPP;
3975 params.inactivity_timeout = nla_get_u16(
3976 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3977 }
3978
3979 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3980 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3981 return -EINVAL;
3982 params.p2p_ctwindow =
3983 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3984 if (params.p2p_ctwindow > 127)
3985 return -EINVAL;
3986 if (params.p2p_ctwindow != 0 &&
3987 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3988 return -EINVAL;
3989 }
3990
3991 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3992 u8 tmp;
3993
3994 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3995 return -EINVAL;
3996 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3997 if (tmp > 1)
3998 return -EINVAL;
3999 params.p2p_opp_ps = tmp;
4000 if (params.p2p_opp_ps != 0 &&
4001 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4002 return -EINVAL;
4003 }
4004
4005 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4006 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
4007 if (err)
4008 return err;
4009 } else if (wdev->preset_chandef.chan) {
4010 params.chandef = wdev->preset_chandef;
4011 } else if (!nl80211_get_ap_channel(rdev, ¶ms))
4012 return -EINVAL;
4013
4014 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
4015 wdev->iftype))
4016 return -EINVAL;
4017
4018 if (info->attrs[NL80211_ATTR_TX_RATES]) {
4019 err = nl80211_parse_tx_bitrate_mask(info, ¶ms.beacon_rate);
4020 if (err)
4021 return err;
4022
4023 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4024 ¶ms.beacon_rate);
4025 if (err)
4026 return err;
4027 }
4028
4029 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4030 params.smps_mode =
4031 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4032 switch (params.smps_mode) {
4033 case NL80211_SMPS_OFF:
4034 break;
4035 case NL80211_SMPS_STATIC:
4036 if (!(rdev->wiphy.features &
4037 NL80211_FEATURE_STATIC_SMPS))
4038 return -EINVAL;
4039 break;
4040 case NL80211_SMPS_DYNAMIC:
4041 if (!(rdev->wiphy.features &
4042 NL80211_FEATURE_DYNAMIC_SMPS))
4043 return -EINVAL;
4044 break;
4045 default:
4046 return -EINVAL;
4047 }
4048 } else {
4049 params.smps_mode = NL80211_SMPS_OFF;
4050 }
4051
4052 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4053 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4054 return -EOPNOTSUPP;
4055
4056 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4057 params.acl = parse_acl_data(&rdev->wiphy, info);
4058 if (IS_ERR(params.acl))
4059 return PTR_ERR(params.acl);
4060 }
4061
4062 nl80211_calculate_ap_params(¶ms);
4063
4064 wdev_lock(wdev);
4065 err = rdev_start_ap(rdev, dev, ¶ms);
4066 if (!err) {
4067 wdev->preset_chandef = params.chandef;
4068 wdev->beacon_interval = params.beacon_interval;
4069 wdev->chandef = params.chandef;
4070 wdev->ssid_len = params.ssid_len;
4071 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4072 }
4073 wdev_unlock(wdev);
4074
4075 kfree(params.acl);
4076
4077 return err;
4078}
4079
4080static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4081{
4082 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4083 struct net_device *dev = info->user_ptr[1];
4084 struct wireless_dev *wdev = dev->ieee80211_ptr;
4085 struct cfg80211_beacon_data params;
4086 int err;
4087
4088 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4089 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4090 return -EOPNOTSUPP;
4091
4092 if (!rdev->ops->change_beacon)
4093 return -EOPNOTSUPP;
4094
4095 if (!wdev->beacon_interval)
4096 return -EINVAL;
4097
4098 err = nl80211_parse_beacon(info->attrs, ¶ms);
4099 if (err)
4100 return err;
4101
4102 wdev_lock(wdev);
4103 err = rdev_change_beacon(rdev, dev, ¶ms);
4104 wdev_unlock(wdev);
4105
4106 return err;
4107}
4108
4109static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4110{
4111 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4112 struct net_device *dev = info->user_ptr[1];
4113
4114 return cfg80211_stop_ap(rdev, dev, false);
4115}
4116
4117static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4118 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4119 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4120 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4121 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4122 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4123 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4124};
4125
4126static int parse_station_flags(struct genl_info *info,
4127 enum nl80211_iftype iftype,
4128 struct station_parameters *params)
4129{
4130 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4131 struct nlattr *nla;
4132 int flag;
4133
4134
4135
4136
4137
4138 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4139 if (nla) {
4140 struct nl80211_sta_flag_update *sta_flags;
4141
4142 sta_flags = nla_data(nla);
4143 params->sta_flags_mask = sta_flags->mask;
4144 params->sta_flags_set = sta_flags->set;
4145 params->sta_flags_set &= params->sta_flags_mask;
4146 if ((params->sta_flags_mask |
4147 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4148 return -EINVAL;
4149 return 0;
4150 }
4151
4152
4153
4154 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4155 if (!nla)
4156 return 0;
4157
4158 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, nla,
4159 sta_flags_policy, info->extack))
4160 return -EINVAL;
4161
4162
4163
4164
4165
4166
4167
4168 switch (iftype) {
4169 case NL80211_IFTYPE_AP:
4170 case NL80211_IFTYPE_AP_VLAN:
4171 case NL80211_IFTYPE_P2P_GO:
4172 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4173 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4174 BIT(NL80211_STA_FLAG_WME) |
4175 BIT(NL80211_STA_FLAG_MFP);
4176 break;
4177 case NL80211_IFTYPE_P2P_CLIENT:
4178 case NL80211_IFTYPE_STATION:
4179 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4180 BIT(NL80211_STA_FLAG_TDLS_PEER);
4181 break;
4182 case NL80211_IFTYPE_MESH_POINT:
4183 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4184 BIT(NL80211_STA_FLAG_MFP) |
4185 BIT(NL80211_STA_FLAG_AUTHORIZED);
4186 default:
4187 return -EINVAL;
4188 }
4189
4190 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4191 if (flags[flag]) {
4192 params->sta_flags_set |= (1<<flag);
4193
4194
4195 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4196 return -EINVAL;
4197 }
4198 }
4199
4200 return 0;
4201}
4202
4203static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
4204 int attr)
4205{
4206 struct nlattr *rate;
4207 u32 bitrate;
4208 u16 bitrate_compat;
4209 enum nl80211_rate_info rate_flg;
4210
4211 rate = nla_nest_start(msg, attr);
4212 if (!rate)
4213 return false;
4214
4215
4216 bitrate = cfg80211_calculate_bitrate(info);
4217
4218 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4219 if (bitrate > 0 &&
4220 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4221 return false;
4222 if (bitrate_compat > 0 &&
4223 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4224 return false;
4225
4226 switch (info->bw) {
4227 case RATE_INFO_BW_5:
4228 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4229 break;
4230 case RATE_INFO_BW_10:
4231 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4232 break;
4233 default:
4234 WARN_ON(1);
4235
4236 case RATE_INFO_BW_20:
4237 rate_flg = 0;
4238 break;
4239 case RATE_INFO_BW_40:
4240 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4241 break;
4242 case RATE_INFO_BW_80:
4243 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4244 break;
4245 case RATE_INFO_BW_160:
4246 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4247 break;
4248 }
4249
4250 if (rate_flg && nla_put_flag(msg, rate_flg))
4251 return false;
4252
4253 if (info->flags & RATE_INFO_FLAGS_MCS) {
4254 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
4255 return false;
4256 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4257 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4258 return false;
4259 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
4260 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
4261 return false;
4262 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
4263 return false;
4264 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4265 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4266 return false;
4267 }
4268
4269 nla_nest_end(msg, rate);
4270 return true;
4271}
4272
4273static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
4274 int id)
4275{
4276 void *attr;
4277 int i = 0;
4278
4279 if (!mask)
4280 return true;
4281
4282 attr = nla_nest_start(msg, id);
4283 if (!attr)
4284 return false;
4285
4286 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
4287 if (!(mask & BIT(i)))
4288 continue;
4289
4290 if (nla_put_u8(msg, i, signal[i]))
4291 return false;
4292 }
4293
4294 nla_nest_end(msg, attr);
4295
4296 return true;
4297}
4298
4299static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
4300 u32 seq, int flags,
4301 struct cfg80211_registered_device *rdev,
4302 struct net_device *dev,
4303 const u8 *mac_addr, struct station_info *sinfo)
4304{
4305 void *hdr;
4306 struct nlattr *sinfoattr, *bss_param;
4307
4308 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4309 if (!hdr)
4310 return -1;
4311
4312 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4313 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
4314 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
4315 goto nla_put_failure;
4316
4317 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
4318 if (!sinfoattr)
4319 goto nla_put_failure;
4320
4321#define PUT_SINFO(attr, memb, type) do { \
4322 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
4323 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \
4324 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
4325 sinfo->memb)) \
4326 goto nla_put_failure; \
4327 } while (0)
4328#define PUT_SINFO_U64(attr, memb) do { \
4329 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \
4330 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
4331 sinfo->memb, NL80211_STA_INFO_PAD)) \
4332 goto nla_put_failure; \
4333 } while (0)
4334
4335 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
4336 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
4337
4338 if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) |
4339 BIT(NL80211_STA_INFO_RX_BYTES64)) &&
4340 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
4341 (u32)sinfo->rx_bytes))
4342 goto nla_put_failure;
4343
4344 if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) |
4345 BIT(NL80211_STA_INFO_TX_BYTES64)) &&
4346 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
4347 (u32)sinfo->tx_bytes))
4348 goto nla_put_failure;
4349
4350 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
4351 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
4352 PUT_SINFO(LLID, llid, u16);
4353 PUT_SINFO(PLID, plid, u16);
4354 PUT_SINFO(PLINK_STATE, plink_state, u8);
4355 PUT_SINFO_U64(RX_DURATION, rx_duration);
4356
4357 switch (rdev->wiphy.signal_type) {
4358 case CFG80211_SIGNAL_TYPE_MBM:
4359 PUT_SINFO(SIGNAL, signal, u8);
4360 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
4361 break;
4362 default:
4363 break;
4364 }
4365 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) {
4366 if (!nl80211_put_signal(msg, sinfo->chains,
4367 sinfo->chain_signal,
4368 NL80211_STA_INFO_CHAIN_SIGNAL))
4369 goto nla_put_failure;
4370 }
4371 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
4372 if (!nl80211_put_signal(msg, sinfo->chains,
4373 sinfo->chain_signal_avg,
4374 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
4375 goto nla_put_failure;
4376 }
4377 if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
4378 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
4379 NL80211_STA_INFO_TX_BITRATE))
4380 goto nla_put_failure;
4381 }
4382 if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) {
4383 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
4384 NL80211_STA_INFO_RX_BITRATE))
4385 goto nla_put_failure;
4386 }
4387
4388 PUT_SINFO(RX_PACKETS, rx_packets, u32);
4389 PUT_SINFO(TX_PACKETS, tx_packets, u32);
4390 PUT_SINFO(TX_RETRIES, tx_retries, u32);
4391 PUT_SINFO(TX_FAILED, tx_failed, u32);
4392 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
4393 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
4394 PUT_SINFO(LOCAL_PM, local_pm, u32);
4395 PUT_SINFO(PEER_PM, peer_pm, u32);
4396 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
4397
4398 if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) {
4399 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
4400 if (!bss_param)
4401 goto nla_put_failure;
4402
4403 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
4404 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
4405 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
4406 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
4407 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
4408 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
4409 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
4410 sinfo->bss_param.dtim_period) ||
4411 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
4412 sinfo->bss_param.beacon_interval))
4413 goto nla_put_failure;
4414
4415 nla_nest_end(msg, bss_param);
4416 }
4417 if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) &&
4418 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
4419 sizeof(struct nl80211_sta_flag_update),
4420 &sinfo->sta_flags))
4421 goto nla_put_failure;
4422
4423 PUT_SINFO_U64(T_OFFSET, t_offset);
4424 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
4425 PUT_SINFO_U64(BEACON_RX, rx_beacon);
4426 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
4427
4428#undef PUT_SINFO
4429#undef PUT_SINFO_U64
4430
4431 if (sinfo->filled & BIT(NL80211_STA_INFO_TID_STATS)) {
4432 struct nlattr *tidsattr;
4433 int tid;
4434
4435 tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
4436 if (!tidsattr)
4437 goto nla_put_failure;
4438
4439 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
4440 struct cfg80211_tid_stats *tidstats;
4441 struct nlattr *tidattr;
4442
4443 tidstats = &sinfo->pertid[tid];
4444
4445 if (!tidstats->filled)
4446 continue;
4447
4448 tidattr = nla_nest_start(msg, tid + 1);
4449 if (!tidattr)
4450 goto nla_put_failure;
4451
4452#define PUT_TIDVAL_U64(attr, memb) do { \
4453 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
4454 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
4455 tidstats->memb, NL80211_TID_STATS_PAD)) \
4456 goto nla_put_failure; \
4457 } while (0)
4458
4459 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
4460 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
4461 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
4462 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
4463
4464#undef PUT_TIDVAL_U64
4465 nla_nest_end(msg, tidattr);
4466 }
4467
4468 nla_nest_end(msg, tidsattr);
4469 }
4470
4471 nla_nest_end(msg, sinfoattr);
4472
4473 if (sinfo->assoc_req_ies_len &&
4474 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
4475 sinfo->assoc_req_ies))
4476 goto nla_put_failure;
4477
4478 genlmsg_end(msg, hdr);
4479 return 0;
4480
4481 nla_put_failure:
4482 genlmsg_cancel(msg, hdr);
4483 return -EMSGSIZE;
4484}
4485
4486static int nl80211_dump_station(struct sk_buff *skb,
4487 struct netlink_callback *cb)
4488{
4489 struct station_info sinfo;
4490 struct cfg80211_registered_device *rdev;
4491 struct wireless_dev *wdev;
4492 u8 mac_addr[ETH_ALEN];
4493 int sta_idx = cb->args[2];
4494 int err;
4495
4496 rtnl_lock();
4497 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4498 if (err)
4499 goto out_err;
4500
4501 if (!wdev->netdev) {
4502 err = -EINVAL;
4503 goto out_err;
4504 }
4505
4506 if (!rdev->ops->dump_station) {
4507 err = -EOPNOTSUPP;
4508 goto out_err;
4509 }
4510
4511 while (1) {
4512 memset(&sinfo, 0, sizeof(sinfo));
4513 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
4514 mac_addr, &sinfo);
4515 if (err == -ENOENT)
4516 break;
4517 if (err)
4518 goto out_err;
4519
4520 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
4521 NETLINK_CB(cb->skb).portid,
4522 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4523 rdev, wdev->netdev, mac_addr,
4524 &sinfo) < 0)
4525 goto out;
4526
4527 sta_idx++;
4528 }
4529
4530 out:
4531 cb->args[2] = sta_idx;
4532 err = skb->len;
4533 out_err:
4534 rtnl_unlock();
4535
4536 return err;
4537}
4538
4539static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
4540{
4541 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4542 struct net_device *dev = info->user_ptr[1];
4543 struct station_info sinfo;
4544 struct sk_buff *msg;
4545 u8 *mac_addr = NULL;
4546 int err;
4547
4548 memset(&sinfo, 0, sizeof(sinfo));
4549
4550 if (!info->attrs[NL80211_ATTR_MAC])
4551 return -EINVAL;
4552
4553 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4554
4555 if (!rdev->ops->get_station)
4556 return -EOPNOTSUPP;
4557
4558 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
4559 if (err)
4560 return err;
4561
4562 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4563 if (!msg)
4564 return -ENOMEM;
4565
4566 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
4567 info->snd_portid, info->snd_seq, 0,
4568 rdev, dev, mac_addr, &sinfo) < 0) {
4569 nlmsg_free(msg);
4570 return -ENOBUFS;
4571 }
4572
4573 return genlmsg_reply(msg, info);
4574}
4575
4576int cfg80211_check_station_change(struct wiphy *wiphy,
4577 struct station_parameters *params,
4578 enum cfg80211_station_type statype)
4579{
4580 if (params->listen_interval != -1 &&
4581 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4582 return -EINVAL;
4583
4584 if (params->support_p2p_ps != -1 &&
4585 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4586 return -EINVAL;
4587
4588 if (params->aid &&
4589 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
4590 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4591 return -EINVAL;
4592
4593
4594 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4595
4596 switch (statype) {
4597 case CFG80211_STA_MESH_PEER_KERNEL:
4598 case CFG80211_STA_MESH_PEER_USER:
4599
4600
4601
4602
4603
4604 if (params->sta_flags_mask &
4605 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4606 BIT(NL80211_STA_FLAG_MFP) |
4607 BIT(NL80211_STA_FLAG_AUTHORIZED)))
4608 return -EINVAL;
4609 break;
4610 case CFG80211_STA_TDLS_PEER_SETUP:
4611 case CFG80211_STA_TDLS_PEER_ACTIVE:
4612 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4613 return -EINVAL;
4614
4615 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4616 break;
4617 default:
4618
4619 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
4620 return -EINVAL;
4621 if (params->local_pm)
4622 return -EINVAL;
4623 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4624 return -EINVAL;
4625 }
4626
4627 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4628 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
4629
4630 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
4631 return -EINVAL;
4632
4633
4634
4635
4636
4637 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4638 }
4639
4640 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4641 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4642
4643 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
4644 return -EINVAL;
4645 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
4646 return -EINVAL;
4647 if (params->supported_rates)
4648 return -EINVAL;
4649 if (params->ext_capab || params->ht_capa || params->vht_capa)
4650 return -EINVAL;
4651 }
4652
4653 if (statype != CFG80211_STA_AP_CLIENT &&
4654 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4655 if (params->vlan)
4656 return -EINVAL;
4657 }
4658
4659 switch (statype) {
4660 case CFG80211_STA_AP_MLME_CLIENT:
4661
4662 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
4663 return -EOPNOTSUPP;
4664 break;
4665 case CFG80211_STA_AP_CLIENT:
4666 case CFG80211_STA_AP_CLIENT_UNASSOC:
4667
4668 if (params->sta_flags_mask &
4669 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4670 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4671 BIT(NL80211_STA_FLAG_ASSOCIATED) |
4672 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4673 BIT(NL80211_STA_FLAG_WME) |
4674 BIT(NL80211_STA_FLAG_MFP)))
4675 return -EINVAL;
4676
4677
4678 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4679 params->sta_flags_mask &
4680 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4681 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4682 return -EINVAL;
4683 break;
4684 case CFG80211_STA_IBSS:
4685 case CFG80211_STA_AP_STA:
4686
4687 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
4688 return -EINVAL;
4689 break;
4690 case CFG80211_STA_TDLS_PEER_SETUP:
4691
4692 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4693 BIT(NL80211_STA_FLAG_WME)))
4694 return -EINVAL;
4695
4696 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
4697 !params->supported_rates)
4698 return -EINVAL;
4699 break;
4700 case CFG80211_STA_TDLS_PEER_ACTIVE:
4701
4702 return -EINVAL;
4703 case CFG80211_STA_MESH_PEER_KERNEL:
4704 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4705 return -EINVAL;
4706 break;
4707 case CFG80211_STA_MESH_PEER_USER:
4708 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
4709 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
4710 return -EINVAL;
4711 break;
4712 }
4713
4714
4715
4716
4717
4718
4719 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
4720 statype != CFG80211_STA_TDLS_PEER_SETUP)
4721 params->opmode_notif_used = false;
4722
4723 return 0;
4724}
4725EXPORT_SYMBOL(cfg80211_check_station_change);
4726
4727
4728
4729
4730static struct net_device *get_vlan(struct genl_info *info,
4731 struct cfg80211_registered_device *rdev)
4732{
4733 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
4734 struct net_device *v;
4735 int ret;
4736
4737 if (!vlanattr)
4738 return NULL;
4739
4740 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
4741 if (!v)
4742 return ERR_PTR(-ENODEV);
4743
4744 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
4745 ret = -EINVAL;
4746 goto error;
4747 }
4748
4749 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4750 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4751 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
4752 ret = -EINVAL;
4753 goto error;
4754 }
4755
4756 if (!netif_running(v)) {
4757 ret = -ENETDOWN;
4758 goto error;
4759 }
4760
4761 return v;
4762 error:
4763 dev_put(v);
4764 return ERR_PTR(ret);
4765}
4766
4767static const struct nla_policy
4768nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4769 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
4770 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
4771};
4772
4773static int nl80211_parse_sta_wme(struct genl_info *info,
4774 struct station_parameters *params)
4775{
4776 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
4777 struct nlattr *nla;
4778 int err;
4779
4780
4781 if (!info->attrs[NL80211_ATTR_STA_WME])
4782 return 0;
4783
4784 nla = info->attrs[NL80211_ATTR_STA_WME];
4785 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4786 nl80211_sta_wme_policy, info->extack);
4787 if (err)
4788 return err;
4789
4790 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4791 params->uapsd_queues = nla_get_u8(
4792 tb[NL80211_STA_WME_UAPSD_QUEUES]);
4793 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4794 return -EINVAL;
4795
4796 if (tb[NL80211_STA_WME_MAX_SP])
4797 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4798
4799 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4800 return -EINVAL;
4801
4802 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4803
4804 return 0;
4805}
4806
4807static int nl80211_parse_sta_channel_info(struct genl_info *info,
4808 struct station_parameters *params)
4809{
4810 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4811 params->supported_channels =
4812 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4813 params->supported_channels_len =
4814 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4815
4816
4817
4818
4819
4820 if (params->supported_channels_len < 2)
4821 return -EINVAL;
4822 if (params->supported_channels_len % 2)
4823 return -EINVAL;
4824 }
4825
4826 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4827 params->supported_oper_classes =
4828 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4829 params->supported_oper_classes_len =
4830 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4831
4832
4833
4834
4835 if (params->supported_oper_classes_len < 2 ||
4836 params->supported_oper_classes_len > 253)
4837 return -EINVAL;
4838 }
4839 return 0;
4840}
4841
4842static int nl80211_set_station_tdls(struct genl_info *info,
4843 struct station_parameters *params)
4844{
4845 int err;
4846
4847 if (info->attrs[NL80211_ATTR_PEER_AID])
4848 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4849 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4850 params->ht_capa =
4851 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4852 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4853 params->vht_capa =
4854 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4855
4856 err = nl80211_parse_sta_channel_info(info, params);
4857 if (err)
4858 return err;
4859
4860 return nl80211_parse_sta_wme(info, params);
4861}
4862
4863static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4864{
4865 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4866 struct net_device *dev = info->user_ptr[1];
4867 struct station_parameters params;
4868 u8 *mac_addr;
4869 int err;
4870
4871 memset(¶ms, 0, sizeof(params));
4872
4873 if (!rdev->ops->change_station)
4874 return -EOPNOTSUPP;
4875
4876
4877
4878
4879
4880
4881 if (info->attrs[NL80211_ATTR_STA_AID])
4882 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4883
4884 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4885 params.listen_interval =
4886 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4887 else
4888 params.listen_interval = -1;
4889
4890 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
4891 u8 tmp;
4892
4893 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
4894 if (tmp >= NUM_NL80211_P2P_PS_STATUS)
4895 return -EINVAL;
4896
4897 params.support_p2p_ps = tmp;
4898 } else {
4899 params.support_p2p_ps = -1;
4900 }
4901
4902 if (!info->attrs[NL80211_ATTR_MAC])
4903 return -EINVAL;
4904
4905 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4906
4907 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4908 params.supported_rates =
4909 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4910 params.supported_rates_len =
4911 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4912 }
4913
4914 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4915 params.capability =
4916 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4917 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4918 }
4919
4920 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4921 params.ext_capab =
4922 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4923 params.ext_capab_len =
4924 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4925 }
4926
4927 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
4928 return -EINVAL;
4929
4930 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4931 params.plink_action =
4932 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4933 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4934 return -EINVAL;
4935 }
4936
4937 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4938 params.plink_state =
4939 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4940 if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4941 return -EINVAL;
4942 if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) {
4943 params.peer_aid = nla_get_u16(
4944 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
4945 if (params.peer_aid > IEEE80211_MAX_AID)
4946 return -EINVAL;
4947 }
4948 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4949 }
4950
4951 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4952 enum nl80211_mesh_power_mode pm = nla_get_u32(
4953 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4954
4955 if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4956 pm > NL80211_MESH_POWER_MAX)
4957 return -EINVAL;
4958
4959 params.local_pm = pm;
4960 }
4961
4962 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4963 params.opmode_notif_used = true;
4964 params.opmode_notif =
4965 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4966 }
4967
4968
4969 err = nl80211_set_station_tdls(info, ¶ms);
4970 if (err)
4971 return err;
4972
4973 params.vlan = get_vlan(info, rdev);
4974 if (IS_ERR(params.vlan))
4975 return PTR_ERR(params.vlan);
4976
4977 switch (dev->ieee80211_ptr->iftype) {
4978 case NL80211_IFTYPE_AP:
4979 case NL80211_IFTYPE_AP_VLAN:
4980 case NL80211_IFTYPE_P2P_GO:
4981 case NL80211_IFTYPE_P2P_CLIENT:
4982 case NL80211_IFTYPE_STATION:
4983 case NL80211_IFTYPE_ADHOC:
4984 case NL80211_IFTYPE_MESH_POINT:
4985 break;
4986 default:
4987 err = -EOPNOTSUPP;
4988 goto out_put_vlan;
4989 }
4990
4991
4992 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
4993
4994 out_put_vlan:
4995 if (params.vlan)
4996 dev_put(params.vlan);
4997
4998 return err;
4999}
5000
5001static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5002{
5003 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5004 int err;
5005 struct net_device *dev = info->user_ptr[1];
5006 struct station_parameters params;
5007 u8 *mac_addr = NULL;
5008 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5009 BIT(NL80211_STA_FLAG_ASSOCIATED);
5010
5011 memset(¶ms, 0, sizeof(params));
5012
5013 if (!rdev->ops->add_station)
5014 return -EOPNOTSUPP;
5015
5016 if (!info->attrs[NL80211_ATTR_MAC])
5017 return -EINVAL;
5018
5019 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5020 return -EINVAL;
5021
5022 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5023 return -EINVAL;
5024
5025 if (!info->attrs[NL80211_ATTR_STA_AID] &&
5026 !info->attrs[NL80211_ATTR_PEER_AID])
5027 return -EINVAL;
5028
5029 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5030 params.supported_rates =
5031 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5032 params.supported_rates_len =
5033 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5034 params.listen_interval =
5035 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5036
5037 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5038 u8 tmp;
5039
5040 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5041 if (tmp >= NUM_NL80211_P2P_PS_STATUS)
5042 return -EINVAL;
5043
5044 params.support_p2p_ps = tmp;
5045 } else {
5046
5047
5048
5049
5050 params.support_p2p_ps =
5051 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5052 }
5053
5054 if (info->attrs[NL80211_ATTR_PEER_AID])
5055 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5056 else
5057 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5058 if (!params.aid || params.aid > IEEE80211_MAX_AID)
5059 return -EINVAL;
5060
5061 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5062 params.capability =
5063 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5064 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5065 }
5066
5067 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5068 params.ext_capab =
5069 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5070 params.ext_capab_len =
5071 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5072 }
5073
5074 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5075 params.ht_capa =
5076 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5077
5078 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5079 params.vht_capa =
5080 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5081
5082 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5083 params.opmode_notif_used = true;
5084 params.opmode_notif =
5085 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5086 }
5087
5088 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
5089 params.plink_action =
5090 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5091 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
5092 return -EINVAL;
5093 }
5094
5095 err = nl80211_parse_sta_channel_info(info, ¶ms);
5096 if (err)
5097 return err;
5098
5099 err = nl80211_parse_sta_wme(info, ¶ms);
5100 if (err)
5101 return err;
5102
5103 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
5104 return -EINVAL;
5105
5106
5107
5108
5109
5110
5111 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5112 params.ht_capa = NULL;
5113 params.vht_capa = NULL;
5114 }
5115
5116
5117 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5118
5119 switch (dev->ieee80211_ptr->iftype) {
5120 case NL80211_IFTYPE_AP:
5121 case NL80211_IFTYPE_AP_VLAN:
5122 case NL80211_IFTYPE_P2P_GO:
5123
5124 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5125 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5126 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5127
5128
5129 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5130 info->attrs[NL80211_ATTR_PEER_AID])
5131 return -EINVAL;
5132
5133 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5134
5135
5136 if (!(rdev->wiphy.features &
5137 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5138 params.sta_flags_mask & auth_assoc)
5139 return -EINVAL;
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151 if (!(params.sta_flags_mask & auth_assoc)) {
5152 params.sta_flags_mask |= auth_assoc;
5153 params.sta_flags_set |= auth_assoc;
5154 }
5155
5156
5157 params.vlan = get_vlan(info, rdev);
5158 if (IS_ERR(params.vlan))
5159 return PTR_ERR(params.vlan);
5160 break;
5161 case NL80211_IFTYPE_MESH_POINT:
5162
5163 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5164
5165
5166 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
5167 return -EINVAL;
5168
5169 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5170 info->attrs[NL80211_ATTR_PEER_AID])
5171 return -EINVAL;
5172 break;
5173 case NL80211_IFTYPE_STATION:
5174 case NL80211_IFTYPE_P2P_CLIENT:
5175
5176 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5177
5178
5179 if (params.sta_flags_mask &
5180 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
5181 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
5182 return -EINVAL;
5183
5184 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5185 return -EINVAL;
5186
5187 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
5188 return -EOPNOTSUPP;
5189
5190 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
5191 return -EOPNOTSUPP;
5192
5193
5194
5195
5196 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
5197 break;
5198 default:
5199 return -EOPNOTSUPP;
5200 }
5201
5202
5203
5204 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
5205
5206 if (params.vlan)
5207 dev_put(params.vlan);
5208 return err;
5209}
5210
5211static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
5212{
5213 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5214 struct net_device *dev = info->user_ptr[1];
5215 struct station_del_parameters params;
5216
5217 memset(¶ms, 0, sizeof(params));
5218
5219 if (info->attrs[NL80211_ATTR_MAC])
5220 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
5221
5222 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5223 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5224 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5225 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5226 return -EINVAL;
5227
5228 if (!rdev->ops->del_station)
5229 return -EOPNOTSUPP;
5230
5231 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
5232 params.subtype =
5233 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
5234 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
5235 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
5236 return -EINVAL;
5237 } else {
5238
5239 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
5240 }
5241
5242 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
5243 params.reason_code =
5244 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5245 if (params.reason_code == 0)
5246 return -EINVAL;
5247 } else {
5248
5249 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
5250 }
5251
5252 return rdev_del_station(rdev, dev, ¶ms);
5253}
5254
5255static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
5256 int flags, struct net_device *dev,
5257 u8 *dst, u8 *next_hop,
5258 struct mpath_info *pinfo)
5259{
5260 void *hdr;
5261 struct nlattr *pinfoattr;
5262
5263 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
5264 if (!hdr)
5265 return -1;
5266
5267 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5268 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
5269 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
5270 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
5271 goto nla_put_failure;
5272
5273 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
5274 if (!pinfoattr)
5275 goto nla_put_failure;
5276 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
5277 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
5278 pinfo->frame_qlen))
5279 goto nla_put_failure;
5280 if (((pinfo->filled & MPATH_INFO_SN) &&
5281 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
5282 ((pinfo->filled & MPATH_INFO_METRIC) &&
5283 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
5284 pinfo->metric)) ||
5285 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
5286 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
5287 pinfo->exptime)) ||
5288 ((pinfo->filled & MPATH_INFO_FLAGS) &&
5289 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
5290 pinfo->flags)) ||
5291 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
5292 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
5293 pinfo->discovery_timeout)) ||
5294 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
5295 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
5296 pinfo->discovery_retries)))
5297 goto nla_put_failure;
5298
5299 nla_nest_end(msg, pinfoattr);
5300
5301 genlmsg_end(msg, hdr);
5302 return 0;
5303
5304 nla_put_failure:
5305 genlmsg_cancel(msg, hdr);
5306 return -EMSGSIZE;
5307}
5308
5309static int nl80211_dump_mpath(struct sk_buff *skb,
5310 struct netlink_callback *cb)
5311{
5312 struct mpath_info pinfo;
5313 struct cfg80211_registered_device *rdev;
5314 struct wireless_dev *wdev;
5315 u8 dst[ETH_ALEN];
5316 u8 next_hop[ETH_ALEN];
5317 int path_idx = cb->args[2];
5318 int err;
5319
5320 rtnl_lock();
5321 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5322 if (err)
5323 goto out_err;
5324
5325 if (!rdev->ops->dump_mpath) {
5326 err = -EOPNOTSUPP;
5327 goto out_err;
5328 }
5329
5330 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5331 err = -EOPNOTSUPP;
5332 goto out_err;
5333 }
5334
5335 while (1) {
5336 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
5337 next_hop, &pinfo);
5338 if (err == -ENOENT)
5339 break;
5340 if (err)
5341 goto out_err;
5342
5343 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5344 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5345 wdev->netdev, dst, next_hop,
5346 &pinfo) < 0)
5347 goto out;
5348
5349 path_idx++;
5350 }
5351
5352 out:
5353 cb->args[2] = path_idx;
5354 err = skb->len;
5355 out_err:
5356 rtnl_unlock();
5357 return err;
5358}
5359
5360static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
5361{
5362 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5363 int err;
5364 struct net_device *dev = info->user_ptr[1];
5365 struct mpath_info pinfo;
5366 struct sk_buff *msg;
5367 u8 *dst = NULL;
5368 u8 next_hop[ETH_ALEN];
5369
5370 memset(&pinfo, 0, sizeof(pinfo));
5371
5372 if (!info->attrs[NL80211_ATTR_MAC])
5373 return -EINVAL;
5374
5375 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5376
5377 if (!rdev->ops->get_mpath)
5378 return -EOPNOTSUPP;
5379
5380 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5381 return -EOPNOTSUPP;
5382
5383 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
5384 if (err)
5385 return err;
5386
5387 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5388 if (!msg)
5389 return -ENOMEM;
5390
5391 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5392 dev, dst, next_hop, &pinfo) < 0) {
5393 nlmsg_free(msg);
5394 return -ENOBUFS;
5395 }
5396
5397 return genlmsg_reply(msg, info);
5398}
5399
5400static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
5401{
5402 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5403 struct net_device *dev = info->user_ptr[1];
5404 u8 *dst = NULL;
5405 u8 *next_hop = NULL;
5406
5407 if (!info->attrs[NL80211_ATTR_MAC])
5408 return -EINVAL;
5409
5410 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5411 return -EINVAL;
5412
5413 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5414 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5415
5416 if (!rdev->ops->change_mpath)
5417 return -EOPNOTSUPP;
5418
5419 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5420 return -EOPNOTSUPP;
5421
5422 return rdev_change_mpath(rdev, dev, dst, next_hop);
5423}
5424
5425static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
5426{
5427 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5428 struct net_device *dev = info->user_ptr[1];
5429 u8 *dst = NULL;
5430 u8 *next_hop = NULL;
5431
5432 if (!info->attrs[NL80211_ATTR_MAC])
5433 return -EINVAL;
5434
5435 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5436 return -EINVAL;
5437
5438 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5439 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5440
5441 if (!rdev->ops->add_mpath)
5442 return -EOPNOTSUPP;
5443
5444 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5445 return -EOPNOTSUPP;
5446
5447 return rdev_add_mpath(rdev, dev, dst, next_hop);
5448}
5449
5450static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
5451{
5452 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5453 struct net_device *dev = info->user_ptr[1];
5454 u8 *dst = NULL;
5455
5456 if (info->attrs[NL80211_ATTR_MAC])
5457 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5458
5459 if (!rdev->ops->del_mpath)
5460 return -EOPNOTSUPP;
5461
5462 return rdev_del_mpath(rdev, dev, dst);
5463}
5464
5465static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
5466{
5467 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5468 int err;
5469 struct net_device *dev = info->user_ptr[1];
5470 struct mpath_info pinfo;
5471 struct sk_buff *msg;
5472 u8 *dst = NULL;
5473 u8 mpp[ETH_ALEN];
5474
5475 memset(&pinfo, 0, sizeof(pinfo));
5476
5477 if (!info->attrs[NL80211_ATTR_MAC])
5478 return -EINVAL;
5479
5480 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5481
5482 if (!rdev->ops->get_mpp)
5483 return -EOPNOTSUPP;
5484
5485 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5486 return -EOPNOTSUPP;
5487
5488 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
5489 if (err)
5490 return err;
5491
5492 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5493 if (!msg)
5494 return -ENOMEM;
5495
5496 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5497 dev, dst, mpp, &pinfo) < 0) {
5498 nlmsg_free(msg);
5499 return -ENOBUFS;
5500 }
5501
5502 return genlmsg_reply(msg, info);
5503}
5504
5505static int nl80211_dump_mpp(struct sk_buff *skb,
5506 struct netlink_callback *cb)
5507{
5508 struct mpath_info pinfo;
5509 struct cfg80211_registered_device *rdev;
5510 struct wireless_dev *wdev;
5511 u8 dst[ETH_ALEN];
5512 u8 mpp[ETH_ALEN];
5513 int path_idx = cb->args[2];
5514 int err;
5515
5516 rtnl_lock();
5517 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5518 if (err)
5519 goto out_err;
5520
5521 if (!rdev->ops->dump_mpp) {
5522 err = -EOPNOTSUPP;
5523 goto out_err;
5524 }
5525
5526 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5527 err = -EOPNOTSUPP;
5528 goto out_err;
5529 }
5530
5531 while (1) {
5532 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
5533 mpp, &pinfo);
5534 if (err == -ENOENT)
5535 break;
5536 if (err)
5537 goto out_err;
5538
5539 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5540 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5541 wdev->netdev, dst, mpp,
5542 &pinfo) < 0)
5543 goto out;
5544
5545 path_idx++;
5546 }
5547
5548 out:
5549 cb->args[2] = path_idx;
5550 err = skb->len;
5551 out_err:
5552 rtnl_unlock();
5553 return err;
5554}
5555
5556static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
5557{
5558 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5559 struct net_device *dev = info->user_ptr[1];
5560 struct wireless_dev *wdev = dev->ieee80211_ptr;
5561 struct bss_parameters params;
5562 int err;
5563
5564 memset(¶ms, 0, sizeof(params));
5565
5566 params.use_cts_prot = -1;
5567 params.use_short_preamble = -1;
5568 params.use_short_slot_time = -1;
5569 params.ap_isolate = -1;
5570 params.ht_opmode = -1;
5571 params.p2p_ctwindow = -1;
5572 params.p2p_opp_ps = -1;
5573
5574 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
5575 params.use_cts_prot =
5576 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
5577 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
5578 params.use_short_preamble =
5579 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
5580 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
5581 params.use_short_slot_time =
5582 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
5583 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
5584 params.basic_rates =
5585 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5586 params.basic_rates_len =
5587 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5588 }
5589 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
5590 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
5591 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
5592 params.ht_opmode =
5593 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
5594
5595 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
5596 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5597 return -EINVAL;
5598 params.p2p_ctwindow =
5599 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
5600 if (params.p2p_ctwindow < 0)
5601 return -EINVAL;
5602 if (params.p2p_ctwindow != 0 &&
5603 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
5604 return -EINVAL;
5605 }
5606
5607 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
5608 u8 tmp;
5609
5610 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5611 return -EINVAL;
5612 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
5613 if (tmp > 1)
5614 return -EINVAL;
5615 params.p2p_opp_ps = tmp;
5616 if (params.p2p_opp_ps &&
5617 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
5618 return -EINVAL;
5619 }
5620
5621 if (!rdev->ops->change_bss)
5622 return -EOPNOTSUPP;
5623
5624 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5625 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5626 return -EOPNOTSUPP;
5627
5628 wdev_lock(wdev);
5629 err = rdev_change_bss(rdev, dev, ¶ms);
5630 wdev_unlock(wdev);
5631
5632 return err;
5633}
5634
5635static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
5636{
5637 char *data = NULL;
5638 bool is_indoor;
5639 enum nl80211_user_reg_hint_type user_reg_hint_type;
5640 u32 owner_nlportid;
5641
5642
5643
5644
5645
5646
5647
5648 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
5649 return -EINPROGRESS;
5650
5651 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
5652 user_reg_hint_type =
5653 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
5654 else
5655 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
5656
5657 switch (user_reg_hint_type) {
5658 case NL80211_USER_REG_HINT_USER:
5659 case NL80211_USER_REG_HINT_CELL_BASE:
5660 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5661 return -EINVAL;
5662
5663 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5664 return regulatory_hint_user(data, user_reg_hint_type);
5665 case NL80211_USER_REG_HINT_INDOOR:
5666 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
5667 owner_nlportid = info->snd_portid;
5668 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
5669 } else {
5670 owner_nlportid = 0;
5671 is_indoor = true;
5672 }
5673
5674 return regulatory_hint_indoor(is_indoor, owner_nlportid);
5675 default:
5676 return -EINVAL;
5677 }
5678}
5679
5680static int nl80211_get_mesh_config(struct sk_buff *skb,
5681 struct genl_info *info)
5682{
5683 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5684 struct net_device *dev = info->user_ptr[1];
5685 struct wireless_dev *wdev = dev->ieee80211_ptr;
5686 struct mesh_config cur_params;
5687 int err = 0;
5688 void *hdr;
5689 struct nlattr *pinfoattr;
5690 struct sk_buff *msg;
5691
5692 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5693 return -EOPNOTSUPP;
5694
5695 if (!rdev->ops->get_mesh_config)
5696 return -EOPNOTSUPP;
5697
5698 wdev_lock(wdev);
5699
5700 if (!wdev->mesh_id_len)
5701 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
5702 else
5703 err = rdev_get_mesh_config(rdev, dev, &cur_params);
5704 wdev_unlock(wdev);
5705
5706 if (err)
5707 return err;
5708
5709
5710 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5711 if (!msg)
5712 return -ENOMEM;
5713 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5714 NL80211_CMD_GET_MESH_CONFIG);
5715 if (!hdr)
5716 goto out;
5717 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
5718 if (!pinfoattr)
5719 goto nla_put_failure;
5720 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5721 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
5722 cur_params.dot11MeshRetryTimeout) ||
5723 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5724 cur_params.dot11MeshConfirmTimeout) ||
5725 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
5726 cur_params.dot11MeshHoldingTimeout) ||
5727 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
5728 cur_params.dot11MeshMaxPeerLinks) ||
5729 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
5730 cur_params.dot11MeshMaxRetries) ||
5731 nla_put_u8(msg, NL80211_MESHCONF_TTL,
5732 cur_params.dot11MeshTTL) ||
5733 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
5734 cur_params.element_ttl) ||
5735 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5736 cur_params.auto_open_plinks) ||
5737 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5738 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
5739 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5740 cur_params.dot11MeshHWMPmaxPREQretries) ||
5741 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
5742 cur_params.path_refresh_time) ||
5743 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5744 cur_params.min_discovery_timeout) ||
5745 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5746 cur_params.dot11MeshHWMPactivePathTimeout) ||
5747 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5748 cur_params.dot11MeshHWMPpreqMinInterval) ||
5749 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5750 cur_params.dot11MeshHWMPperrMinInterval) ||
5751 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5752 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
5753 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
5754 cur_params.dot11MeshHWMPRootMode) ||
5755 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5756 cur_params.dot11MeshHWMPRannInterval) ||
5757 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5758 cur_params.dot11MeshGateAnnouncementProtocol) ||
5759 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
5760 cur_params.dot11MeshForwarding) ||
5761 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
5762 cur_params.rssi_threshold) ||
5763 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
5764 cur_params.ht_opmode) ||
5765 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5766 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
5767 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5768 cur_params.dot11MeshHWMProotInterval) ||
5769 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5770 cur_params.dot11MeshHWMPconfirmationInterval) ||
5771 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
5772 cur_params.power_mode) ||
5773 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
5774 cur_params.dot11MeshAwakeWindowDuration) ||
5775 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
5776 cur_params.plink_timeout))
5777 goto nla_put_failure;
5778 nla_nest_end(msg, pinfoattr);
5779 genlmsg_end(msg, hdr);
5780 return genlmsg_reply(msg, info);
5781
5782 nla_put_failure:
5783 genlmsg_cancel(msg, hdr);
5784 out:
5785 nlmsg_free(msg);
5786 return -ENOBUFS;
5787}
5788
5789static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
5790 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
5791 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
5792 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
5793 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
5794 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
5795 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
5796 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
5797 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
5798 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
5799 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
5800 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
5801 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
5802 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
5803 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
5804 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
5805 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
5806 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
5807 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
5808 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
5809 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
5810 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
5811 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
5812 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
5813 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
5814 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
5815 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
5816 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
5817 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
5818};
5819
5820static const struct nla_policy
5821 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
5822 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
5823 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
5824 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
5825 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
5826 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
5827 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
5828 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
5829 .len = IEEE80211_MAX_DATA_LEN },
5830 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
5831};
5832
5833static int nl80211_check_bool(const struct nlattr *nla, u8 min, u8 max, bool *out)
5834{
5835 u8 val = nla_get_u8(nla);
5836 if (val < min || val > max)
5837 return -EINVAL;
5838 *out = val;
5839 return 0;
5840}
5841
5842static int nl80211_check_u8(const struct nlattr *nla, u8 min, u8 max, u8 *out)
5843{
5844 u8 val = nla_get_u8(nla);
5845 if (val < min || val > max)
5846 return -EINVAL;
5847 *out = val;
5848 return 0;
5849}
5850
5851static int nl80211_check_u16(const struct nlattr *nla, u16 min, u16 max, u16 *out)
5852{
5853 u16 val = nla_get_u16(nla);
5854 if (val < min || val > max)
5855 return -EINVAL;
5856 *out = val;
5857 return 0;
5858}
5859
5860static int nl80211_check_u32(const struct nlattr *nla, u32 min, u32 max, u32 *out)
5861{
5862 u32 val = nla_get_u32(nla);
5863 if (val < min || val > max)
5864 return -EINVAL;
5865 *out = val;
5866 return 0;
5867}
5868
5869static int nl80211_check_s32(const struct nlattr *nla, s32 min, s32 max, s32 *out)
5870{
5871 s32 val = nla_get_s32(nla);
5872 if (val < min || val > max)
5873 return -EINVAL;
5874 *out = val;
5875 return 0;
5876}
5877
5878static int nl80211_check_power_mode(const struct nlattr *nla,
5879 enum nl80211_mesh_power_mode min,
5880 enum nl80211_mesh_power_mode max,
5881 enum nl80211_mesh_power_mode *out)
5882{
5883 u32 val = nla_get_u32(nla);
5884 if (val < min || val > max)
5885 return -EINVAL;
5886 *out = val;
5887 return 0;
5888}
5889
5890static int nl80211_parse_mesh_config(struct genl_info *info,
5891 struct mesh_config *cfg,
5892 u32 *mask_out)
5893{
5894 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
5895 u32 mask = 0;
5896 u16 ht_opmode;
5897
5898#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
5899do { \
5900 if (tb[attr]) { \
5901 if (fn(tb[attr], min, max, &cfg->param)) \
5902 return -EINVAL; \
5903 mask |= (1 << (attr - 1)); \
5904 } \
5905} while (0)
5906
5907 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
5908 return -EINVAL;
5909 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
5910 info->attrs[NL80211_ATTR_MESH_CONFIG],
5911 nl80211_meshconf_params_policy, info->extack))
5912 return -EINVAL;
5913
5914
5915
5916 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
5917
5918
5919 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
5920 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
5921 nl80211_check_u16);
5922 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
5923 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5924 nl80211_check_u16);
5925 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
5926 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
5927 nl80211_check_u16);
5928 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
5929 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
5930 nl80211_check_u16);
5931 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
5932 mask, NL80211_MESHCONF_MAX_RETRIES,
5933 nl80211_check_u8);
5934 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
5935 mask, NL80211_MESHCONF_TTL, nl80211_check_u8);
5936 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
5937 mask, NL80211_MESHCONF_ELEMENT_TTL,
5938 nl80211_check_u8);
5939 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
5940 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5941 nl80211_check_bool);
5942 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
5943 1, 255, mask,
5944 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5945 nl80211_check_u32);
5946 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
5947 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5948 nl80211_check_u8);
5949 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
5950 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
5951 nl80211_check_u32);
5952 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
5953 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5954 nl80211_check_u16);
5955 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
5956 1, 65535, mask,
5957 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5958 nl80211_check_u32);
5959 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
5960 1, 65535, mask,
5961 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5962 nl80211_check_u16);
5963 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
5964 1, 65535, mask,
5965 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5966 nl80211_check_u16);
5967 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5968 dot11MeshHWMPnetDiameterTraversalTime,
5969 1, 65535, mask,
5970 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5971 nl80211_check_u16);
5972 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
5973 mask, NL80211_MESHCONF_HWMP_ROOTMODE,
5974 nl80211_check_u8);
5975 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
5976 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5977 nl80211_check_u16);
5978 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5979 dot11MeshGateAnnouncementProtocol, 0, 1,
5980 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5981 nl80211_check_bool);
5982 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
5983 mask, NL80211_MESHCONF_FORWARDING,
5984 nl80211_check_bool);
5985 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
5986 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
5987 nl80211_check_s32);
5988
5989
5990
5991
5992 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
5993 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
5994
5995 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
5996 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
5997 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
5998 return -EINVAL;
5999
6000 if ((ht_opmode & IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT) &&
6001 (ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6002 return -EINVAL;
6003
6004 switch (ht_opmode & IEEE80211_HT_OP_MODE_PROTECTION) {
6005 case IEEE80211_HT_OP_MODE_PROTECTION_NONE:
6006 case IEEE80211_HT_OP_MODE_PROTECTION_20MHZ:
6007 if (ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT)
6008 return -EINVAL;
6009 break;
6010 case IEEE80211_HT_OP_MODE_PROTECTION_NONMEMBER:
6011 case IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED:
6012 if (!(ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6013 return -EINVAL;
6014 break;
6015 }
6016 cfg->ht_opmode = ht_opmode;
6017 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6018 }
6019 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
6020 1, 65535, mask,
6021 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6022 nl80211_check_u32);
6023 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
6024 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6025 nl80211_check_u16);
6026 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6027 dot11MeshHWMPconfirmationInterval,
6028 1, 65535, mask,
6029 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6030 nl80211_check_u16);
6031 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
6032 NL80211_MESH_POWER_ACTIVE,
6033 NL80211_MESH_POWER_MAX,
6034 mask, NL80211_MESHCONF_POWER_MODE,
6035 nl80211_check_power_mode);
6036 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
6037 0, 65535, mask,
6038 NL80211_MESHCONF_AWAKE_WINDOW, nl80211_check_u16);
6039 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
6040 mask, NL80211_MESHCONF_PLINK_TIMEOUT,
6041 nl80211_check_u32);
6042 if (mask_out)
6043 *mask_out = mask;
6044
6045 return 0;
6046
6047#undef FILL_IN_MESH_PARAM_IF_SET
6048}
6049
6050static int nl80211_parse_mesh_setup(struct genl_info *info,
6051 struct mesh_setup *setup)
6052{
6053 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6054 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6055
6056 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6057 return -EINVAL;
6058 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
6059 info->attrs[NL80211_ATTR_MESH_SETUP],
6060 nl80211_mesh_setup_params_policy, info->extack))
6061 return -EINVAL;
6062
6063 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6064 setup->sync_method =
6065 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6066 IEEE80211_SYNC_METHOD_VENDOR :
6067 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6068
6069 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6070 setup->path_sel_proto =
6071 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6072 IEEE80211_PATH_PROTOCOL_VENDOR :
6073 IEEE80211_PATH_PROTOCOL_HWMP;
6074
6075 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6076 setup->path_metric =
6077 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6078 IEEE80211_PATH_METRIC_VENDOR :
6079 IEEE80211_PATH_METRIC_AIRTIME;
6080
6081 if (tb[NL80211_MESH_SETUP_IE]) {
6082 struct nlattr *ieattr =
6083 tb[NL80211_MESH_SETUP_IE];
6084 if (!is_valid_ie_attr(ieattr))
6085 return -EINVAL;
6086 setup->ie = nla_data(ieattr);
6087 setup->ie_len = nla_len(ieattr);
6088 }
6089 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6090 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6091 return -EINVAL;
6092 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6093 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6094 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6095 if (setup->is_secure)
6096 setup->user_mpm = true;
6097
6098 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6099 if (!setup->user_mpm)
6100 return -EINVAL;
6101 setup->auth_id =
6102 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6103 }
6104
6105 return 0;
6106}
6107
6108static int nl80211_update_mesh_config(struct sk_buff *skb,
6109 struct genl_info *info)
6110{
6111 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6112 struct net_device *dev = info->user_ptr[1];
6113 struct wireless_dev *wdev = dev->ieee80211_ptr;
6114 struct mesh_config cfg;
6115 u32 mask;
6116 int err;
6117
6118 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6119 return -EOPNOTSUPP;
6120
6121 if (!rdev->ops->update_mesh_config)
6122 return -EOPNOTSUPP;
6123
6124 err = nl80211_parse_mesh_config(info, &cfg, &mask);
6125 if (err)
6126 return err;
6127
6128 wdev_lock(wdev);
6129 if (!wdev->mesh_id_len)
6130 err = -ENOLINK;
6131
6132 if (!err)
6133 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6134
6135 wdev_unlock(wdev);
6136
6137 return err;
6138}
6139
6140static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6141 struct sk_buff *msg)
6142{
6143 struct nlattr *nl_reg_rules;
6144 unsigned int i;
6145
6146 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6147 (regdom->dfs_region &&
6148 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6149 goto nla_put_failure;
6150
6151 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
6152 if (!nl_reg_rules)
6153 goto nla_put_failure;
6154
6155 for (i = 0; i < regdom->n_reg_rules; i++) {
6156 struct nlattr *nl_reg_rule;
6157 const struct ieee80211_reg_rule *reg_rule;
6158 const struct ieee80211_freq_range *freq_range;
6159 const struct ieee80211_power_rule *power_rule;
6160 unsigned int max_bandwidth_khz;
6161
6162 reg_rule = ®dom->reg_rules[i];
6163 freq_range = ®_rule->freq_range;
6164 power_rule = ®_rule->power_rule;
6165
6166 nl_reg_rule = nla_nest_start(msg, i);
6167 if (!nl_reg_rule)
6168 goto nla_put_failure;
6169
6170 max_bandwidth_khz = freq_range->max_bandwidth_khz;
6171 if (!max_bandwidth_khz)
6172 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6173 reg_rule);
6174
6175 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6176 reg_rule->flags) ||
6177 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6178 freq_range->start_freq_khz) ||
6179 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6180 freq_range->end_freq_khz) ||
6181 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6182 max_bandwidth_khz) ||
6183 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6184 power_rule->max_antenna_gain) ||
6185 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6186 power_rule->max_eirp) ||
6187 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6188 reg_rule->dfs_cac_ms))
6189 goto nla_put_failure;
6190
6191 nla_nest_end(msg, nl_reg_rule);
6192 }
6193
6194 nla_nest_end(msg, nl_reg_rules);
6195 return 0;
6196
6197nla_put_failure:
6198 return -EMSGSIZE;
6199}
6200
6201static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
6202{
6203 const struct ieee80211_regdomain *regdom = NULL;
6204 struct cfg80211_registered_device *rdev;
6205 struct wiphy *wiphy = NULL;
6206 struct sk_buff *msg;
6207 void *hdr;
6208
6209 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6210 if (!msg)
6211 return -ENOBUFS;
6212
6213 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6214 NL80211_CMD_GET_REG);
6215 if (!hdr)
6216 goto put_failure;
6217
6218 if (info->attrs[NL80211_ATTR_WIPHY]) {
6219 bool self_managed;
6220
6221 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
6222 if (IS_ERR(rdev)) {
6223 nlmsg_free(msg);
6224 return PTR_ERR(rdev);
6225 }
6226
6227 wiphy = &rdev->wiphy;
6228 self_managed = wiphy->regulatory_flags &
6229 REGULATORY_WIPHY_SELF_MANAGED;
6230 regdom = get_wiphy_regdom(wiphy);
6231
6232
6233 if (WARN_ON(!regdom && self_managed)) {
6234 nlmsg_free(msg);
6235 return -EINVAL;
6236 }
6237
6238 if (regdom &&
6239 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6240 goto nla_put_failure;
6241 }
6242
6243 if (!wiphy && reg_last_request_cell_base() &&
6244 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6245 NL80211_USER_REG_HINT_CELL_BASE))
6246 goto nla_put_failure;
6247
6248 rcu_read_lock();
6249
6250 if (!regdom)
6251 regdom = rcu_dereference(cfg80211_regdomain);
6252
6253 if (nl80211_put_regdom(regdom, msg))
6254 goto nla_put_failure_rcu;
6255
6256 rcu_read_unlock();
6257
6258 genlmsg_end(msg, hdr);
6259 return genlmsg_reply(msg, info);
6260
6261nla_put_failure_rcu:
6262 rcu_read_unlock();
6263nla_put_failure:
6264 genlmsg_cancel(msg, hdr);
6265put_failure:
6266 nlmsg_free(msg);
6267 return -EMSGSIZE;
6268}
6269
6270static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
6271 u32 seq, int flags, struct wiphy *wiphy,
6272 const struct ieee80211_regdomain *regdom)
6273{
6274 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6275 NL80211_CMD_GET_REG);
6276
6277 if (!hdr)
6278 return -1;
6279
6280 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
6281
6282 if (nl80211_put_regdom(regdom, msg))
6283 goto nla_put_failure;
6284
6285 if (!wiphy && reg_last_request_cell_base() &&
6286 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6287 NL80211_USER_REG_HINT_CELL_BASE))
6288 goto nla_put_failure;
6289
6290 if (wiphy &&
6291 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6292 goto nla_put_failure;
6293
6294 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
6295 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
6296 goto nla_put_failure;
6297
6298 genlmsg_end(msg, hdr);
6299 return 0;
6300
6301nla_put_failure:
6302 genlmsg_cancel(msg, hdr);
6303 return -EMSGSIZE;
6304}
6305
6306static int nl80211_get_reg_dump(struct sk_buff *skb,
6307 struct netlink_callback *cb)
6308{
6309 const struct ieee80211_regdomain *regdom = NULL;
6310 struct cfg80211_registered_device *rdev;
6311 int err, reg_idx, start = cb->args[2];
6312
6313 rtnl_lock();
6314
6315 if (cfg80211_regdomain && start == 0) {
6316 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6317 NLM_F_MULTI, NULL,
6318 rtnl_dereference(cfg80211_regdomain));
6319 if (err < 0)
6320 goto out_err;
6321 }
6322
6323
6324 reg_idx = 1;
6325 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
6326 regdom = get_wiphy_regdom(&rdev->wiphy);
6327 if (!regdom)
6328 continue;
6329
6330 if (++reg_idx <= start)
6331 continue;
6332
6333 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6334 NLM_F_MULTI, &rdev->wiphy, regdom);
6335 if (err < 0) {
6336 reg_idx--;
6337 break;
6338 }
6339 }
6340
6341 cb->args[2] = reg_idx;
6342 err = skb->len;
6343out_err:
6344 rtnl_unlock();
6345 return err;
6346}
6347
6348#ifdef CONFIG_CFG80211_CRDA_SUPPORT
6349static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
6350 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
6351 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
6352 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
6353 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
6354 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
6355 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
6356 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
6357};
6358
6359static int parse_reg_rule(struct nlattr *tb[],
6360 struct ieee80211_reg_rule *reg_rule)
6361{
6362 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
6363 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
6364
6365 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
6366 return -EINVAL;
6367 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
6368 return -EINVAL;
6369 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
6370 return -EINVAL;
6371 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
6372 return -EINVAL;
6373 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
6374 return -EINVAL;
6375
6376 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
6377
6378 freq_range->start_freq_khz =
6379 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
6380 freq_range->end_freq_khz =
6381 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
6382 freq_range->max_bandwidth_khz =
6383 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
6384
6385 power_rule->max_eirp =
6386 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
6387
6388 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
6389 power_rule->max_antenna_gain =
6390 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
6391
6392 if (tb[NL80211_ATTR_DFS_CAC_TIME])
6393 reg_rule->dfs_cac_ms =
6394 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
6395
6396 return 0;
6397}
6398
6399static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
6400{
6401 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
6402 struct nlattr *nl_reg_rule;
6403 char *alpha2;
6404 int rem_reg_rules, r;
6405 u32 num_rules = 0, rule_idx = 0, size_of_regd;
6406 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
6407 struct ieee80211_regdomain *rd;
6408
6409 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6410 return -EINVAL;
6411
6412 if (!info->attrs[NL80211_ATTR_REG_RULES])
6413 return -EINVAL;
6414
6415 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6416
6417 if (info->attrs[NL80211_ATTR_DFS_REGION])
6418 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
6419
6420 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6421 rem_reg_rules) {
6422 num_rules++;
6423 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
6424 return -EINVAL;
6425 }
6426
6427 if (!reg_is_valid_request(alpha2))
6428 return -EINVAL;
6429
6430 size_of_regd = sizeof(struct ieee80211_regdomain) +
6431 num_rules * sizeof(struct ieee80211_reg_rule);
6432
6433 rd = kzalloc(size_of_regd, GFP_KERNEL);
6434 if (!rd)
6435 return -ENOMEM;
6436
6437 rd->n_reg_rules = num_rules;
6438 rd->alpha2[0] = alpha2[0];
6439 rd->alpha2[1] = alpha2[1];
6440
6441
6442
6443
6444
6445 if (reg_supported_dfs_region(dfs_region))
6446 rd->dfs_region = dfs_region;
6447
6448 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6449 rem_reg_rules) {
6450 r = nla_parse_nested(tb, NL80211_REG_RULE_ATTR_MAX,
6451 nl_reg_rule, reg_rule_policy,
6452 info->extack);
6453 if (r)
6454 goto bad_reg;
6455 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
6456 if (r)
6457 goto bad_reg;
6458
6459 rule_idx++;
6460
6461 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
6462 r = -EINVAL;
6463 goto bad_reg;
6464 }
6465 }
6466
6467
6468 return set_regdom(rd, REGD_SOURCE_CRDA);
6469 bad_reg:
6470 kfree(rd);
6471 return r;
6472}
6473#endif
6474
6475static int validate_scan_freqs(struct nlattr *freqs)
6476{
6477 struct nlattr *attr1, *attr2;
6478 int n_channels = 0, tmp1, tmp2;
6479
6480 nla_for_each_nested(attr1, freqs, tmp1)
6481 if (nla_len(attr1) != sizeof(u32))
6482 return 0;
6483
6484 nla_for_each_nested(attr1, freqs, tmp1) {
6485 n_channels++;
6486
6487
6488
6489
6490
6491
6492
6493
6494
6495 nla_for_each_nested(attr2, freqs, tmp2)
6496 if (attr1 != attr2 &&
6497 nla_get_u32(attr1) == nla_get_u32(attr2))
6498 return 0;
6499 }
6500
6501 return n_channels;
6502}
6503
6504static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
6505{
6506 return b < NUM_NL80211_BANDS && wiphy->bands[b];
6507}
6508
6509static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
6510 struct cfg80211_bss_selection *bss_select)
6511{
6512 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
6513 struct nlattr *nest;
6514 int err;
6515 bool found = false;
6516 int i;
6517
6518
6519 nest = nla_data(nla);
6520 if (!nla_ok(nest, nla_len(nest)))
6521 return -EINVAL;
6522
6523 err = nla_parse_nested(attr, NL80211_BSS_SELECT_ATTR_MAX, nest,
6524 nl80211_bss_select_policy, NULL);
6525 if (err)
6526 return err;
6527
6528
6529 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
6530 if (attr[i]) {
6531 if (found)
6532 return -EINVAL;
6533 found = true;
6534 }
6535 }
6536
6537 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
6538
6539 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
6540 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
6541
6542 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
6543 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
6544 bss_select->param.band_pref =
6545 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
6546 if (!is_band_valid(wiphy, bss_select->param.band_pref))
6547 return -EINVAL;
6548 }
6549
6550 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
6551 struct nl80211_bss_select_rssi_adjust *adj_param;
6552
6553 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
6554 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
6555 bss_select->param.adjust.band = adj_param->band;
6556 bss_select->param.adjust.delta = adj_param->delta;
6557 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
6558 return -EINVAL;
6559 }
6560
6561
6562 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
6563 return -EINVAL;
6564
6565 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
6566 return -EINVAL;
6567
6568 return 0;
6569}
6570
6571static int nl80211_parse_random_mac(struct nlattr **attrs,
6572 u8 *mac_addr, u8 *mac_addr_mask)
6573{
6574 int i;
6575
6576 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
6577 eth_zero_addr(mac_addr);
6578 eth_zero_addr(mac_addr_mask);
6579 mac_addr[0] = 0x2;
6580 mac_addr_mask[0] = 0x3;
6581
6582 return 0;
6583 }
6584
6585
6586 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
6587 return -EINVAL;
6588
6589 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
6590 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
6591
6592
6593 if (!is_multicast_ether_addr(mac_addr_mask) ||
6594 is_multicast_ether_addr(mac_addr))
6595 return -EINVAL;
6596
6597
6598
6599
6600
6601
6602 for (i = 0; i < ETH_ALEN; i++)
6603 mac_addr[i] &= mac_addr_mask[i];
6604
6605 return 0;
6606}
6607
6608static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
6609{
6610 ASSERT_WDEV_LOCK(wdev);
6611
6612 if (!cfg80211_beaconing_iface_active(wdev))
6613 return true;
6614
6615 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
6616 return true;
6617
6618 return regulatory_pre_cac_allowed(wdev->wiphy);
6619}
6620
6621static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
6622{
6623 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6624 struct wireless_dev *wdev = info->user_ptr[1];
6625 struct cfg80211_scan_request *request;
6626 struct nlattr *attr;
6627 struct wiphy *wiphy;
6628 int err, tmp, n_ssids = 0, n_channels, i;
6629 size_t ie_len;
6630
6631 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6632 return -EINVAL;
6633
6634 wiphy = &rdev->wiphy;
6635
6636 if (wdev->iftype == NL80211_IFTYPE_NAN)
6637 return -EOPNOTSUPP;
6638
6639 if (!rdev->ops->scan)
6640 return -EOPNOTSUPP;
6641
6642 if (rdev->scan_req || rdev->scan_msg) {
6643 err = -EBUSY;
6644 goto unlock;
6645 }
6646
6647 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6648 n_channels = validate_scan_freqs(
6649 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
6650 if (!n_channels) {
6651 err = -EINVAL;
6652 goto unlock;
6653 }
6654 } else {
6655 n_channels = ieee80211_get_num_supported_channels(wiphy);
6656 }
6657
6658 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
6659 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
6660 n_ssids++;
6661
6662 if (n_ssids > wiphy->max_scan_ssids) {
6663 err = -EINVAL;
6664 goto unlock;
6665 }
6666
6667 if (info->attrs[NL80211_ATTR_IE])
6668 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6669 else
6670 ie_len = 0;
6671
6672 if (ie_len > wiphy->max_scan_ie_len) {
6673 err = -EINVAL;
6674 goto unlock;
6675 }
6676
6677 request = kzalloc(sizeof(*request)
6678 + sizeof(*request->ssids) * n_ssids
6679 + sizeof(*request->channels) * n_channels
6680 + ie_len, GFP_KERNEL);
6681 if (!request) {
6682 err = -ENOMEM;
6683 goto unlock;
6684 }
6685
6686 if (n_ssids)
6687 request->ssids = (void *)&request->channels[n_channels];
6688 request->n_ssids = n_ssids;
6689 if (ie_len) {
6690 if (n_ssids)
6691 request->ie = (void *)(request->ssids + n_ssids);
6692 else
6693 request->ie = (void *)(request->channels + n_channels);
6694 }
6695
6696 i = 0;
6697 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6698
6699 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
6700 struct ieee80211_channel *chan;
6701
6702 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
6703
6704 if (!chan) {
6705 err = -EINVAL;
6706 goto out_free;
6707 }
6708
6709
6710 if (chan->flags & IEEE80211_CHAN_DISABLED)
6711 continue;
6712
6713 request->channels[i] = chan;
6714 i++;
6715 }
6716 } else {
6717 enum nl80211_band band;
6718
6719
6720 for (band = 0; band < NUM_NL80211_BANDS; band++) {
6721 int j;
6722
6723 if (!wiphy->bands[band])
6724 continue;
6725 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
6726 struct ieee80211_channel *chan;
6727
6728 chan = &wiphy->bands[band]->channels[j];
6729
6730 if (chan->flags & IEEE80211_CHAN_DISABLED)
6731 continue;
6732
6733 request->channels[i] = chan;
6734 i++;
6735 }
6736 }
6737 }
6738
6739 if (!i) {
6740 err = -EINVAL;
6741 goto out_free;
6742 }
6743
6744 request->n_channels = i;
6745
6746 wdev_lock(wdev);
6747 if (!cfg80211_off_channel_oper_allowed(wdev)) {
6748 struct ieee80211_channel *chan;
6749
6750 if (request->n_channels != 1) {
6751 wdev_unlock(wdev);
6752 err = -EBUSY;
6753 goto out_free;
6754 }
6755
6756 chan = request->channels[0];
6757 if (chan->center_freq != wdev->chandef.chan->center_freq) {
6758 wdev_unlock(wdev);
6759 err = -EBUSY;
6760 goto out_free;
6761 }
6762 }
6763 wdev_unlock(wdev);
6764
6765 i = 0;
6766 if (n_ssids) {
6767 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
6768 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
6769 err = -EINVAL;
6770 goto out_free;
6771 }
6772 request->ssids[i].ssid_len = nla_len(attr);
6773 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
6774 i++;
6775 }
6776 }
6777
6778 if (info->attrs[NL80211_ATTR_IE]) {
6779 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6780 memcpy((void *)request->ie,
6781 nla_data(info->attrs[NL80211_ATTR_IE]),
6782 request->ie_len);
6783 }
6784
6785 for (i = 0; i < NUM_NL80211_BANDS; i++)
6786 if (wiphy->bands[i])
6787 request->rates[i] =
6788 (1 << wiphy->bands[i]->n_bitrates) - 1;
6789
6790 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
6791 nla_for_each_nested(attr,
6792 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
6793 tmp) {
6794 enum nl80211_band band = nla_type(attr);
6795
6796 if (band < 0 || band >= NUM_NL80211_BANDS) {
6797 err = -EINVAL;
6798 goto out_free;
6799 }
6800
6801 if (!wiphy->bands[band])
6802 continue;
6803
6804 err = ieee80211_get_ratemask(wiphy->bands[band],
6805 nla_data(attr),
6806 nla_len(attr),
6807 &request->rates[band]);
6808 if (err)
6809 goto out_free;
6810 }
6811 }
6812
6813 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
6814 if (!wiphy_ext_feature_isset(wiphy,
6815 NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
6816 err = -EOPNOTSUPP;
6817 goto out_free;
6818 }
6819
6820 request->duration =
6821 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
6822 request->duration_mandatory =
6823 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
6824 }
6825
6826 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
6827 request->flags = nla_get_u32(
6828 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
6829 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
6830 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
6831 err = -EOPNOTSUPP;
6832 goto out_free;
6833 }
6834
6835 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6836 if (!(wiphy->features &
6837 NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR)) {
6838 err = -EOPNOTSUPP;
6839 goto out_free;
6840 }
6841
6842 if (wdev->current_bss) {
6843 err = -EOPNOTSUPP;
6844 goto out_free;
6845 }
6846
6847 err = nl80211_parse_random_mac(info->attrs,
6848 request->mac_addr,
6849 request->mac_addr_mask);
6850 if (err)
6851 goto out_free;
6852 }
6853 }
6854
6855 request->no_cck =
6856 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
6857
6858
6859
6860
6861
6862
6863
6864
6865
6866
6867 if (info->attrs[NL80211_ATTR_BSSID])
6868 memcpy(request->bssid,
6869 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
6870 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
6871 info->attrs[NL80211_ATTR_MAC])
6872 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
6873 ETH_ALEN);
6874 else
6875 eth_broadcast_addr(request->bssid);
6876
6877 request->wdev = wdev;
6878 request->wiphy = &rdev->wiphy;
6879 request->scan_start = jiffies;
6880
6881 rdev->scan_req = request;
6882 err = rdev_scan(rdev, request);
6883
6884 if (!err) {
6885 nl80211_send_scan_start(rdev, wdev);
6886 if (wdev->netdev)
6887 dev_hold(wdev->netdev);
6888 } else {
6889 out_free:
6890 rdev->scan_req = NULL;
6891 kfree(request);
6892 }
6893
6894 unlock:
6895 return err;
6896}
6897
6898static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
6899{
6900 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6901 struct wireless_dev *wdev = info->user_ptr[1];
6902
6903 if (!rdev->ops->abort_scan)
6904 return -EOPNOTSUPP;
6905
6906 if (rdev->scan_msg)
6907 return 0;
6908
6909 if (!rdev->scan_req)
6910 return -ENOENT;
6911
6912 rdev_abort_scan(rdev, wdev);
6913 return 0;
6914}
6915
6916static int
6917nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
6918 struct cfg80211_sched_scan_request *request,
6919 struct nlattr **attrs)
6920{
6921 int tmp, err, i = 0;
6922 struct nlattr *attr;
6923
6924 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6925 u32 interval;
6926
6927
6928
6929
6930
6931
6932
6933 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
6934 if (!interval)
6935 return -EINVAL;
6936
6937 request->scan_plans[0].interval =
6938 DIV_ROUND_UP(interval, MSEC_PER_SEC);
6939 if (!request->scan_plans[0].interval)
6940 return -EINVAL;
6941
6942 if (request->scan_plans[0].interval >
6943 wiphy->max_sched_scan_plan_interval)
6944 request->scan_plans[0].interval =
6945 wiphy->max_sched_scan_plan_interval;
6946
6947 return 0;
6948 }
6949
6950 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
6951 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
6952
6953 if (WARN_ON(i >= n_plans))
6954 return -EINVAL;
6955
6956 err = nla_parse_nested(plan, NL80211_SCHED_SCAN_PLAN_MAX,
6957 attr, nl80211_plan_policy, NULL);
6958 if (err)
6959 return err;
6960
6961 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
6962 return -EINVAL;
6963
6964 request->scan_plans[i].interval =
6965 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
6966 if (!request->scan_plans[i].interval ||
6967 request->scan_plans[i].interval >
6968 wiphy->max_sched_scan_plan_interval)
6969 return -EINVAL;
6970
6971 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
6972 request->scan_plans[i].iterations =
6973 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
6974 if (!request->scan_plans[i].iterations ||
6975 (request->scan_plans[i].iterations >
6976 wiphy->max_sched_scan_plan_iterations))
6977 return -EINVAL;
6978 } else if (i < n_plans - 1) {
6979
6980
6981
6982
6983 return -EINVAL;
6984 }
6985
6986 i++;
6987 }
6988
6989
6990
6991
6992
6993 if (request->scan_plans[n_plans - 1].iterations)
6994 return -EINVAL;
6995
6996 return 0;
6997}
6998
6999static struct cfg80211_sched_scan_request *
7000nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
7001 struct nlattr **attrs, int max_match_sets)
7002{
7003 struct cfg80211_sched_scan_request *request;
7004 struct nlattr *attr;
7005 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7006 enum nl80211_band band;
7007 size_t ie_len;
7008 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7009 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7010
7011 if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
7012 return ERR_PTR(-EINVAL);
7013
7014 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7015 n_channels = validate_scan_freqs(
7016 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7017 if (!n_channels)
7018 return ERR_PTR(-EINVAL);
7019 } else {
7020 n_channels = ieee80211_get_num_supported_channels(wiphy);
7021 }
7022
7023 if (attrs[NL80211_ATTR_SCAN_SSIDS])
7024 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7025 tmp)
7026 n_ssids++;
7027
7028 if (n_ssids > wiphy->max_sched_scan_ssids)
7029 return ERR_PTR(-EINVAL);
7030
7031
7032
7033
7034
7035
7036
7037
7038
7039
7040 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7041 nla_for_each_nested(attr,
7042 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7043 tmp) {
7044 struct nlattr *rssi;
7045
7046 err = nla_parse_nested(tb,
7047 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7048 attr, nl80211_match_policy,
7049 NULL);
7050 if (err)
7051 return ERR_PTR(err);
7052
7053
7054 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7055 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7056 return ERR_PTR(-EINVAL);
7057
7058
7059 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7060 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7061 n_match_sets++;
7062 continue;
7063 }
7064 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7065 if (rssi)
7066 default_match_rssi = nla_get_s32(rssi);
7067 }
7068 }
7069
7070
7071 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7072 n_match_sets = 1;
7073
7074 if (n_match_sets > max_match_sets)
7075 return ERR_PTR(-EINVAL);
7076
7077 if (attrs[NL80211_ATTR_IE])
7078 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7079 else
7080 ie_len = 0;
7081
7082 if (ie_len > wiphy->max_sched_scan_ie_len)
7083 return ERR_PTR(-EINVAL);
7084
7085 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7086
7087
7088
7089
7090 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7091 return ERR_PTR(-EINVAL);
7092
7093 nla_for_each_nested(attr,
7094 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7095 n_plans++;
7096 } else {
7097
7098
7099
7100
7101
7102
7103 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7104 return ERR_PTR(-EINVAL);
7105
7106 n_plans = 1;
7107 }
7108
7109 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
7110 return ERR_PTR(-EINVAL);
7111
7112 if (!wiphy_ext_feature_isset(
7113 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
7114 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
7115 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
7116 return ERR_PTR(-EINVAL);
7117
7118 request = kzalloc(sizeof(*request)
7119 + sizeof(*request->ssids) * n_ssids
7120 + sizeof(*request->match_sets) * n_match_sets
7121 + sizeof(*request->scan_plans) * n_plans
7122 + sizeof(*request->channels) * n_channels
7123 + ie_len, GFP_KERNEL);
7124 if (!request)
7125 return ERR_PTR(-ENOMEM);
7126
7127 if (n_ssids)
7128 request->ssids = (void *)&request->channels[n_channels];
7129 request->n_ssids = n_ssids;
7130 if (ie_len) {
7131 if (n_ssids)
7132 request->ie = (void *)(request->ssids + n_ssids);
7133 else
7134 request->ie = (void *)(request->channels + n_channels);
7135 }
7136
7137 if (n_match_sets) {
7138 if (request->ie)
7139 request->match_sets = (void *)(request->ie + ie_len);
7140 else if (n_ssids)
7141 request->match_sets =
7142 (void *)(request->ssids + n_ssids);
7143 else
7144 request->match_sets =
7145 (void *)(request->channels + n_channels);
7146 }
7147 request->n_match_sets = n_match_sets;
7148
7149 if (n_match_sets)
7150 request->scan_plans = (void *)(request->match_sets +
7151 n_match_sets);
7152 else if (request->ie)
7153 request->scan_plans = (void *)(request->ie + ie_len);
7154 else if (n_ssids)
7155 request->scan_plans = (void *)(request->ssids + n_ssids);
7156 else
7157 request->scan_plans = (void *)(request->channels + n_channels);
7158
7159 request->n_scan_plans = n_plans;
7160
7161 i = 0;
7162 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7163
7164 nla_for_each_nested(attr,
7165 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
7166 tmp) {
7167 struct ieee80211_channel *chan;
7168
7169 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7170
7171 if (!chan) {
7172 err = -EINVAL;
7173 goto out_free;
7174 }
7175
7176
7177 if (chan->flags & IEEE80211_CHAN_DISABLED)
7178 continue;
7179
7180 request->channels[i] = chan;
7181 i++;
7182 }
7183 } else {
7184
7185 for (band = 0; band < NUM_NL80211_BANDS; band++) {
7186 int j;
7187
7188 if (!wiphy->bands[band])
7189 continue;
7190 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7191 struct ieee80211_channel *chan;
7192
7193 chan = &wiphy->bands[band]->channels[j];
7194
7195 if (chan->flags & IEEE80211_CHAN_DISABLED)
7196 continue;
7197
7198 request->channels[i] = chan;
7199 i++;
7200 }
7201 }
7202 }
7203
7204 if (!i) {
7205 err = -EINVAL;
7206 goto out_free;
7207 }
7208
7209 request->n_channels = i;
7210
7211 i = 0;
7212 if (n_ssids) {
7213 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7214 tmp) {
7215 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7216 err = -EINVAL;
7217 goto out_free;
7218 }
7219 request->ssids[i].ssid_len = nla_len(attr);
7220 memcpy(request->ssids[i].ssid, nla_data(attr),
7221 nla_len(attr));
7222 i++;
7223 }
7224 }
7225
7226 i = 0;
7227 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7228 nla_for_each_nested(attr,
7229 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7230 tmp) {
7231 struct nlattr *ssid, *bssid, *rssi;
7232
7233 err = nla_parse_nested(tb,
7234 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7235 attr, nl80211_match_policy,
7236 NULL);
7237 if (err)
7238 goto out_free;
7239 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
7240 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
7241 if (ssid || bssid) {
7242 if (WARN_ON(i >= n_match_sets)) {
7243
7244
7245
7246
7247 err = -EINVAL;
7248 goto out_free;
7249 }
7250
7251 if (ssid) {
7252 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
7253 err = -EINVAL;
7254 goto out_free;
7255 }
7256 memcpy(request->match_sets[i].ssid.ssid,
7257 nla_data(ssid), nla_len(ssid));
7258 request->match_sets[i].ssid.ssid_len =
7259 nla_len(ssid);
7260 }
7261 if (bssid) {
7262 if (nla_len(bssid) != ETH_ALEN) {
7263 err = -EINVAL;
7264 goto out_free;
7265 }
7266 memcpy(request->match_sets[i].bssid,
7267 nla_data(bssid), ETH_ALEN);
7268 }
7269
7270
7271 request->match_sets[i].rssi_thold =
7272 default_match_rssi;
7273 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7274 if (rssi)
7275 request->match_sets[i].rssi_thold =
7276 nla_get_s32(rssi);
7277 }
7278 i++;
7279 }
7280
7281
7282 if (i == 0 && n_match_sets)
7283 request->match_sets[0].rssi_thold = default_match_rssi;
7284
7285 request->min_rssi_thold = INT_MAX;
7286 for (i = 0; i < n_match_sets; i++)
7287 request->min_rssi_thold =
7288 min(request->match_sets[i].rssi_thold,
7289 request->min_rssi_thold);
7290 } else {
7291 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
7292 }
7293
7294 if (ie_len) {
7295 request->ie_len = ie_len;
7296 memcpy((void *)request->ie,
7297 nla_data(attrs[NL80211_ATTR_IE]),
7298 request->ie_len);
7299 }
7300
7301 if (attrs[NL80211_ATTR_SCAN_FLAGS]) {
7302 request->flags = nla_get_u32(
7303 attrs[NL80211_ATTR_SCAN_FLAGS]);
7304 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7305 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
7306 err = -EOPNOTSUPP;
7307 goto out_free;
7308 }
7309
7310 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7311 u32 flg = NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
7312
7313 if (!wdev)
7314 flg = NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7315
7316 if (!(wiphy->features & flg)) {
7317 err = -EOPNOTSUPP;
7318 goto out_free;
7319 }
7320
7321 if (wdev && wdev->current_bss) {
7322 err = -EOPNOTSUPP;
7323 goto out_free;
7324 }
7325
7326 err = nl80211_parse_random_mac(attrs, request->mac_addr,
7327 request->mac_addr_mask);
7328 if (err)
7329 goto out_free;
7330 }
7331 }
7332
7333 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
7334 request->delay =
7335 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
7336
7337 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
7338 request->relative_rssi = nla_get_s8(
7339 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
7340 request->relative_rssi_set = true;
7341 }
7342
7343 if (request->relative_rssi_set &&
7344 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
7345 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
7346
7347 rssi_adjust = nla_data(
7348 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
7349 request->rssi_adjust.band = rssi_adjust->band;
7350 request->rssi_adjust.delta = rssi_adjust->delta;
7351 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
7352 err = -EINVAL;
7353 goto out_free;
7354 }
7355 }
7356
7357 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
7358 if (err)
7359 goto out_free;
7360
7361 request->scan_start = jiffies;
7362
7363 return request;
7364
7365out_free:
7366 kfree(request);
7367 return ERR_PTR(err);
7368}
7369
7370static int nl80211_start_sched_scan(struct sk_buff *skb,
7371 struct genl_info *info)
7372{
7373 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7374 struct net_device *dev = info->user_ptr[1];
7375 struct wireless_dev *wdev = dev->ieee80211_ptr;
7376 struct cfg80211_sched_scan_request *sched_scan_req;
7377 bool want_multi;
7378 int err;
7379
7380 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
7381 return -EOPNOTSUPP;
7382
7383 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
7384 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
7385 if (err)
7386 return err;
7387
7388 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
7389 info->attrs,
7390 rdev->wiphy.max_match_sets);
7391
7392 err = PTR_ERR_OR_ZERO(sched_scan_req);
7393 if (err)
7394 goto out_err;
7395
7396
7397
7398
7399 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
7400 while (!sched_scan_req->reqid)
7401 sched_scan_req->reqid = rdev->wiphy.cookie_counter++;
7402 }
7403
7404 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
7405 if (err)
7406 goto out_free;
7407
7408 sched_scan_req->dev = dev;
7409 sched_scan_req->wiphy = &rdev->wiphy;
7410
7411 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
7412 sched_scan_req->owner_nlportid = info->snd_portid;
7413
7414 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
7415
7416 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
7417 return 0;
7418
7419out_free:
7420 kfree(sched_scan_req);
7421out_err:
7422 return err;
7423}
7424
7425static int nl80211_stop_sched_scan(struct sk_buff *skb,
7426 struct genl_info *info)
7427{
7428 struct cfg80211_sched_scan_request *req;
7429 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7430 u64 cookie;
7431
7432 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
7433 return -EOPNOTSUPP;
7434
7435 if (info->attrs[NL80211_ATTR_COOKIE]) {
7436 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7437 return __cfg80211_stop_sched_scan(rdev, cookie, false);
7438 }
7439
7440 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
7441 struct cfg80211_sched_scan_request,
7442 list);
7443 if (!req || req->reqid ||
7444 (req->owner_nlportid &&
7445 req->owner_nlportid != info->snd_portid))
7446 return -ENOENT;
7447
7448 return cfg80211_stop_sched_scan_req(rdev, req, false);
7449}
7450
7451static int nl80211_start_radar_detection(struct sk_buff *skb,
7452 struct genl_info *info)
7453{
7454 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7455 struct net_device *dev = info->user_ptr[1];
7456 struct wireless_dev *wdev = dev->ieee80211_ptr;
7457 struct cfg80211_chan_def chandef;
7458 enum nl80211_dfs_regions dfs_region;
7459 unsigned int cac_time_ms;
7460 int err;
7461
7462 dfs_region = reg_get_dfs_region(wdev->wiphy);
7463 if (dfs_region == NL80211_DFS_UNSET)
7464 return -EINVAL;
7465
7466 err = nl80211_parse_chandef(rdev, info, &chandef);
7467 if (err)
7468 return err;
7469
7470 if (netif_carrier_ok(dev))
7471 return -EBUSY;
7472
7473 if (wdev->cac_started)
7474 return -EBUSY;
7475
7476 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
7477 wdev->iftype);
7478 if (err < 0)
7479 return err;
7480
7481 if (err == 0)
7482 return -EINVAL;
7483
7484 if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
7485 return -EINVAL;
7486
7487 if (!rdev->ops->start_radar_detection)
7488 return -EOPNOTSUPP;
7489
7490 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
7491 if (WARN_ON(!cac_time_ms))
7492 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
7493
7494 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
7495 if (!err) {
7496 wdev->chandef = chandef;
7497 wdev->cac_started = true;
7498 wdev->cac_start_time = jiffies;
7499 wdev->cac_time_ms = cac_time_ms;
7500 }
7501 return err;
7502}
7503
7504static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
7505{
7506 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7507 struct net_device *dev = info->user_ptr[1];
7508 struct wireless_dev *wdev = dev->ieee80211_ptr;
7509 struct cfg80211_csa_settings params;
7510
7511
7512
7513 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
7514 int err;
7515 bool need_new_beacon = false;
7516 bool need_handle_dfs_flag = true;
7517 int len, i;
7518 u32 cs_count;
7519
7520 if (!rdev->ops->channel_switch ||
7521 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
7522 return -EOPNOTSUPP;
7523
7524 switch (dev->ieee80211_ptr->iftype) {
7525 case NL80211_IFTYPE_AP:
7526 case NL80211_IFTYPE_P2P_GO:
7527 need_new_beacon = true;
7528
7529
7530
7531
7532
7533 need_handle_dfs_flag = false;
7534
7535
7536 if (!wdev->beacon_interval)
7537 return -ENOTCONN;
7538 break;
7539 case NL80211_IFTYPE_ADHOC:
7540 if (!wdev->ssid_len)
7541 return -ENOTCONN;
7542 break;
7543 case NL80211_IFTYPE_MESH_POINT:
7544 if (!wdev->mesh_id_len)
7545 return -ENOTCONN;
7546 break;
7547 default:
7548 return -EOPNOTSUPP;
7549 }
7550
7551 memset(¶ms, 0, sizeof(params));
7552
7553 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7554 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
7555 return -EINVAL;
7556
7557
7558 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
7559 return -EINVAL;
7560
7561
7562
7563
7564 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
7565 if (cs_count > 255)
7566 return -EINVAL;
7567
7568 params.count = cs_count;
7569
7570 if (!need_new_beacon)
7571 goto skip_beacons;
7572
7573 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon_after);
7574 if (err)
7575 return err;
7576
7577 err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
7578 info->attrs[NL80211_ATTR_CSA_IES],
7579 nl80211_policy, info->extack);
7580 if (err)
7581 return err;
7582
7583 err = nl80211_parse_beacon(csa_attrs, ¶ms.beacon_csa);
7584 if (err)
7585 return err;
7586
7587 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
7588 return -EINVAL;
7589
7590 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
7591 if (!len || (len % sizeof(u16)))
7592 return -EINVAL;
7593
7594 params.n_counter_offsets_beacon = len / sizeof(u16);
7595 if (rdev->wiphy.max_num_csa_counters &&
7596 (params.n_counter_offsets_beacon >
7597 rdev->wiphy.max_num_csa_counters))
7598 return -EINVAL;
7599
7600 params.counter_offsets_beacon =
7601 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
7602
7603
7604 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
7605 u16 offset = params.counter_offsets_beacon[i];
7606
7607 if (offset >= params.beacon_csa.tail_len)
7608 return -EINVAL;
7609
7610 if (params.beacon_csa.tail[offset] != params.count)
7611 return -EINVAL;
7612 }
7613
7614 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
7615 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
7616 if (!len || (len % sizeof(u16)))
7617 return -EINVAL;
7618
7619 params.n_counter_offsets_presp = len / sizeof(u16);
7620 if (rdev->wiphy.max_num_csa_counters &&
7621 (params.n_counter_offsets_presp >
7622 rdev->wiphy.max_num_csa_counters))
7623 return -EINVAL;
7624
7625 params.counter_offsets_presp =
7626 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
7627
7628
7629 for (i = 0; i < params.n_counter_offsets_presp; i++) {
7630 u16 offset = params.counter_offsets_presp[i];
7631
7632 if (offset >= params.beacon_csa.probe_resp_len)
7633 return -EINVAL;
7634
7635 if (params.beacon_csa.probe_resp[offset] !=
7636 params.count)
7637 return -EINVAL;
7638 }
7639 }
7640
7641skip_beacons:
7642 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
7643 if (err)
7644 return err;
7645
7646 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
7647 wdev->iftype))
7648 return -EINVAL;
7649
7650 err = cfg80211_chandef_dfs_required(wdev->wiphy,
7651 ¶ms.chandef,
7652 wdev->iftype);
7653 if (err < 0)
7654 return err;
7655
7656 if (err > 0) {
7657 params.radar_required = true;
7658 if (need_handle_dfs_flag &&
7659 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
7660 return -EINVAL;
7661 }
7662 }
7663
7664 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
7665 params.block_tx = true;
7666
7667 wdev_lock(wdev);
7668 err = rdev_channel_switch(rdev, dev, ¶ms);
7669 wdev_unlock(wdev);
7670
7671 return err;
7672}
7673
7674static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
7675 u32 seq, int flags,
7676 struct cfg80211_registered_device *rdev,
7677 struct wireless_dev *wdev,
7678 struct cfg80211_internal_bss *intbss)
7679{
7680 struct cfg80211_bss *res = &intbss->pub;
7681 const struct cfg80211_bss_ies *ies;
7682 void *hdr;
7683 struct nlattr *bss;
7684
7685 ASSERT_WDEV_LOCK(wdev);
7686
7687 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7688 NL80211_CMD_NEW_SCAN_RESULTS);
7689 if (!hdr)
7690 return -1;
7691
7692 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
7693
7694 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
7695 goto nla_put_failure;
7696 if (wdev->netdev &&
7697 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
7698 goto nla_put_failure;
7699 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
7700 NL80211_ATTR_PAD))
7701 goto nla_put_failure;
7702
7703 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
7704 if (!bss)
7705 goto nla_put_failure;
7706 if ((!is_zero_ether_addr(res->bssid) &&
7707 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
7708 goto nla_put_failure;
7709
7710 rcu_read_lock();
7711
7712 if (rcu_access_pointer(res->proberesp_ies) &&
7713 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
7714 goto fail_unlock_rcu;
7715
7716
7717
7718
7719 ies = rcu_dereference(res->ies);
7720 if (ies) {
7721 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
7722 NL80211_BSS_PAD))
7723 goto fail_unlock_rcu;
7724 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
7725 ies->len, ies->data))
7726 goto fail_unlock_rcu;
7727 }
7728
7729
7730 ies = rcu_dereference(res->beacon_ies);
7731 if (ies && ies->from_beacon) {
7732 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
7733 NL80211_BSS_PAD))
7734 goto fail_unlock_rcu;
7735 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
7736 ies->len, ies->data))
7737 goto fail_unlock_rcu;
7738 }
7739 rcu_read_unlock();
7740
7741 if (res->beacon_interval &&
7742 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
7743 goto nla_put_failure;
7744 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
7745 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
7746 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
7747 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
7748 jiffies_to_msecs(jiffies - intbss->ts)))
7749 goto nla_put_failure;
7750
7751 if (intbss->parent_tsf &&
7752 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
7753 intbss->parent_tsf, NL80211_BSS_PAD) ||
7754 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
7755 intbss->parent_bssid)))
7756 goto nla_put_failure;
7757
7758 if (intbss->ts_boottime &&
7759 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
7760 intbss->ts_boottime, NL80211_BSS_PAD))
7761 goto nla_put_failure;
7762
7763 switch (rdev->wiphy.signal_type) {
7764 case CFG80211_SIGNAL_TYPE_MBM:
7765 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
7766 goto nla_put_failure;
7767 break;
7768 case CFG80211_SIGNAL_TYPE_UNSPEC:
7769 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
7770 goto nla_put_failure;
7771 break;
7772 default:
7773 break;
7774 }
7775
7776 switch (wdev->iftype) {
7777 case NL80211_IFTYPE_P2P_CLIENT:
7778 case NL80211_IFTYPE_STATION:
7779 if (intbss == wdev->current_bss &&
7780 nla_put_u32(msg, NL80211_BSS_STATUS,
7781 NL80211_BSS_STATUS_ASSOCIATED))
7782 goto nla_put_failure;
7783 break;
7784 case NL80211_IFTYPE_ADHOC:
7785 if (intbss == wdev->current_bss &&
7786 nla_put_u32(msg, NL80211_BSS_STATUS,
7787 NL80211_BSS_STATUS_IBSS_JOINED))
7788 goto nla_put_failure;
7789 break;
7790 default:
7791 break;
7792 }
7793
7794 nla_nest_end(msg, bss);
7795
7796 genlmsg_end(msg, hdr);
7797 return 0;
7798
7799 fail_unlock_rcu:
7800 rcu_read_unlock();
7801 nla_put_failure:
7802 genlmsg_cancel(msg, hdr);
7803 return -EMSGSIZE;
7804}
7805
7806static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
7807{
7808 struct cfg80211_registered_device *rdev;
7809 struct cfg80211_internal_bss *scan;
7810 struct wireless_dev *wdev;
7811 int start = cb->args[2], idx = 0;
7812 int err;
7813
7814 rtnl_lock();
7815 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
7816 if (err) {
7817 rtnl_unlock();
7818 return err;
7819 }
7820
7821 wdev_lock(wdev);
7822 spin_lock_bh(&rdev->bss_lock);
7823 cfg80211_bss_expire(rdev);
7824
7825 cb->seq = rdev->bss_generation;
7826
7827 list_for_each_entry(scan, &rdev->bss_list, list) {
7828 if (++idx <= start)
7829 continue;
7830 if (nl80211_send_bss(skb, cb,
7831 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7832 rdev, wdev, scan) < 0) {
7833 idx--;
7834 break;
7835 }
7836 }
7837
7838 spin_unlock_bh(&rdev->bss_lock);
7839 wdev_unlock(wdev);
7840
7841 cb->args[2] = idx;
7842 rtnl_unlock();
7843
7844 return skb->len;
7845}
7846
7847static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
7848 int flags, struct net_device *dev,
7849 bool allow_radio_stats,
7850 struct survey_info *survey)
7851{
7852 void *hdr;
7853 struct nlattr *infoattr;
7854
7855
7856 if (!survey->channel && !allow_radio_stats)
7857 return 0;
7858
7859 hdr = nl80211hdr_put(msg, portid, seq, flags,
7860 NL80211_CMD_NEW_SURVEY_RESULTS);
7861 if (!hdr)
7862 return -ENOMEM;
7863
7864 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
7865 goto nla_put_failure;
7866
7867 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
7868 if (!infoattr)
7869 goto nla_put_failure;
7870
7871 if (survey->channel &&
7872 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
7873 survey->channel->center_freq))
7874 goto nla_put_failure;
7875
7876 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
7877 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
7878 goto nla_put_failure;
7879 if ((survey->filled & SURVEY_INFO_IN_USE) &&
7880 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
7881 goto nla_put_failure;
7882 if ((survey->filled & SURVEY_INFO_TIME) &&
7883 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
7884 survey->time, NL80211_SURVEY_INFO_PAD))
7885 goto nla_put_failure;
7886 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
7887 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
7888 survey->time_busy, NL80211_SURVEY_INFO_PAD))
7889 goto nla_put_failure;
7890 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
7891 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
7892 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
7893 goto nla_put_failure;
7894 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
7895 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
7896 survey->time_rx, NL80211_SURVEY_INFO_PAD))
7897 goto nla_put_failure;
7898 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
7899 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
7900 survey->time_tx, NL80211_SURVEY_INFO_PAD))
7901 goto nla_put_failure;
7902 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
7903 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
7904 survey->time_scan, NL80211_SURVEY_INFO_PAD))
7905 goto nla_put_failure;
7906
7907 nla_nest_end(msg, infoattr);
7908
7909 genlmsg_end(msg, hdr);
7910 return 0;
7911
7912 nla_put_failure:
7913 genlmsg_cancel(msg, hdr);
7914 return -EMSGSIZE;
7915}
7916
7917static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
7918{
7919 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
7920 struct survey_info survey;
7921 struct cfg80211_registered_device *rdev;
7922 struct wireless_dev *wdev;
7923 int survey_idx = cb->args[2];
7924 int res;
7925 bool radio_stats;
7926
7927 rtnl_lock();
7928 res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
7929 if (res)
7930 goto out_err;
7931
7932
7933 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
7934
7935 if (!wdev->netdev) {
7936 res = -EINVAL;
7937 goto out_err;
7938 }
7939
7940 if (!rdev->ops->dump_survey) {
7941 res = -EOPNOTSUPP;
7942 goto out_err;
7943 }
7944
7945 while (1) {
7946 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
7947 if (res == -ENOENT)
7948 break;
7949 if (res)
7950 goto out_err;
7951
7952
7953 if (survey.channel &&
7954 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
7955 survey_idx++;
7956 continue;
7957 }
7958
7959 if (nl80211_send_survey(skb,
7960 NETLINK_CB(cb->skb).portid,
7961 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7962 wdev->netdev, radio_stats, &survey) < 0)
7963 goto out;
7964 survey_idx++;
7965 }
7966
7967 out:
7968 cb->args[2] = survey_idx;
7969 res = skb->len;
7970 out_err:
7971 rtnl_unlock();
7972 return res;
7973}
7974
7975static bool nl80211_valid_wpa_versions(u32 wpa_versions)
7976{
7977 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
7978 NL80211_WPA_VERSION_2));
7979}
7980
7981static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
7982{
7983 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7984 struct net_device *dev = info->user_ptr[1];
7985 struct ieee80211_channel *chan;
7986 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
7987 int err, ssid_len, ie_len = 0, auth_data_len = 0;
7988 enum nl80211_auth_type auth_type;
7989 struct key_parse key;
7990 bool local_state_change;
7991
7992 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7993 return -EINVAL;
7994
7995 if (!info->attrs[NL80211_ATTR_MAC])
7996 return -EINVAL;
7997
7998 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
7999 return -EINVAL;
8000
8001 if (!info->attrs[NL80211_ATTR_SSID])
8002 return -EINVAL;
8003
8004 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8005 return -EINVAL;
8006
8007 err = nl80211_parse_key(info, &key);
8008 if (err)
8009 return err;
8010
8011 if (key.idx >= 0) {
8012 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8013 return -EINVAL;
8014 if (!key.p.key || !key.p.key_len)
8015 return -EINVAL;
8016 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8017 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8018 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8019 key.p.key_len != WLAN_KEY_LEN_WEP104))
8020 return -EINVAL;
8021 if (key.idx > 3)
8022 return -EINVAL;
8023 } else {
8024 key.p.key_len = 0;
8025 key.p.key = NULL;
8026 }
8027
8028 if (key.idx >= 0) {
8029 int i;
8030 bool ok = false;
8031
8032 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8033 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8034 ok = true;
8035 break;
8036 }
8037 }
8038 if (!ok)
8039 return -EINVAL;
8040 }
8041
8042 if (!rdev->ops->auth)
8043 return -EOPNOTSUPP;
8044
8045 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8046 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8047 return -EOPNOTSUPP;
8048
8049 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8050 chan = nl80211_get_valid_chan(&rdev->wiphy,
8051 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8052 if (!chan)
8053 return -EINVAL;
8054
8055 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8056 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8057
8058 if (info->attrs[NL80211_ATTR_IE]) {
8059 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8060 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8061 }
8062
8063 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8064 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
8065 return -EINVAL;
8066
8067 if ((auth_type == NL80211_AUTHTYPE_SAE ||
8068 auth_type == NL80211_AUTHTYPE_FILS_SK ||
8069 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
8070 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
8071 !info->attrs[NL80211_ATTR_AUTH_DATA])
8072 return -EINVAL;
8073
8074 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
8075 if (auth_type != NL80211_AUTHTYPE_SAE &&
8076 auth_type != NL80211_AUTHTYPE_FILS_SK &&
8077 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
8078 auth_type != NL80211_AUTHTYPE_FILS_PK)
8079 return -EINVAL;
8080 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
8081 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
8082
8083 if (auth_data_len < 4)
8084 return -EINVAL;
8085 }
8086
8087 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8088
8089
8090
8091
8092
8093 if (local_state_change)
8094 return 0;
8095
8096 wdev_lock(dev->ieee80211_ptr);
8097 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
8098 ssid, ssid_len, ie, ie_len,
8099 key.p.key, key.p.key_len, key.idx,
8100 auth_data, auth_data_len);
8101 wdev_unlock(dev->ieee80211_ptr);
8102 return err;
8103}
8104
8105static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
8106 struct genl_info *info,
8107 struct cfg80211_crypto_settings *settings,
8108 int cipher_limit)
8109{
8110 memset(settings, 0, sizeof(*settings));
8111
8112 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
8113
8114 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
8115 u16 proto;
8116
8117 proto = nla_get_u16(
8118 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
8119 settings->control_port_ethertype = cpu_to_be16(proto);
8120 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
8121 proto != ETH_P_PAE)
8122 return -EINVAL;
8123 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
8124 settings->control_port_no_encrypt = true;
8125 } else
8126 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
8127
8128 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
8129 void *data;
8130 int len, i;
8131
8132 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8133 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8134 settings->n_ciphers_pairwise = len / sizeof(u32);
8135
8136 if (len % sizeof(u32))
8137 return -EINVAL;
8138
8139 if (settings->n_ciphers_pairwise > cipher_limit)
8140 return -EINVAL;
8141
8142 memcpy(settings->ciphers_pairwise, data, len);
8143
8144 for (i = 0; i < settings->n_ciphers_pairwise; i++)
8145 if (!cfg80211_supported_cipher_suite(
8146 &rdev->wiphy,
8147 settings->ciphers_pairwise[i]))
8148 return -EINVAL;
8149 }
8150
8151 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
8152 settings->cipher_group =
8153 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
8154 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
8155 settings->cipher_group))
8156 return -EINVAL;
8157 }
8158
8159 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
8160 settings->wpa_versions =
8161 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
8162 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
8163 return -EINVAL;
8164 }
8165
8166 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
8167 void *data;
8168 int len;
8169
8170 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
8171 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
8172 settings->n_akm_suites = len / sizeof(u32);
8173
8174 if (len % sizeof(u32))
8175 return -EINVAL;
8176
8177 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
8178 return -EINVAL;
8179
8180 memcpy(settings->akm_suites, data, len);
8181 }
8182
8183 if (info->attrs[NL80211_ATTR_PMK]) {
8184 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
8185 return -EINVAL;
8186 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8187 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
8188 return -EINVAL;
8189 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
8190 }
8191
8192 return 0;
8193}
8194
8195static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
8196{
8197 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8198 struct net_device *dev = info->user_ptr[1];
8199 struct ieee80211_channel *chan;
8200 struct cfg80211_assoc_request req = {};
8201 const u8 *bssid, *ssid;
8202 int err, ssid_len = 0;
8203
8204 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8205 return -EINVAL;
8206
8207 if (!info->attrs[NL80211_ATTR_MAC] ||
8208 !info->attrs[NL80211_ATTR_SSID] ||
8209 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
8210 return -EINVAL;
8211
8212 if (!rdev->ops->assoc)
8213 return -EOPNOTSUPP;
8214
8215 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8216 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8217 return -EOPNOTSUPP;
8218
8219 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8220
8221 chan = nl80211_get_valid_chan(&rdev->wiphy,
8222 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8223 if (!chan)
8224 return -EINVAL;
8225
8226 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8227 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8228
8229 if (info->attrs[NL80211_ATTR_IE]) {
8230 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8231 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8232 }
8233
8234 if (info->attrs[NL80211_ATTR_USE_MFP]) {
8235 enum nl80211_mfp mfp =
8236 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8237 if (mfp == NL80211_MFP_REQUIRED)
8238 req.use_mfp = true;
8239 else if (mfp != NL80211_MFP_NO)
8240 return -EINVAL;
8241 }
8242
8243 if (info->attrs[NL80211_ATTR_PREV_BSSID])
8244 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
8245
8246 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
8247 req.flags |= ASSOC_REQ_DISABLE_HT;
8248
8249 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8250 memcpy(&req.ht_capa_mask,
8251 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8252 sizeof(req.ht_capa_mask));
8253
8254 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8255 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8256 return -EINVAL;
8257 memcpy(&req.ht_capa,
8258 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8259 sizeof(req.ht_capa));
8260 }
8261
8262 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
8263 req.flags |= ASSOC_REQ_DISABLE_VHT;
8264
8265 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8266 memcpy(&req.vht_capa_mask,
8267 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
8268 sizeof(req.vht_capa_mask));
8269
8270 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
8271 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8272 return -EINVAL;
8273 memcpy(&req.vht_capa,
8274 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
8275 sizeof(req.vht_capa));
8276 }
8277
8278 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
8279 if (!((rdev->wiphy.features &
8280 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
8281 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
8282 !wiphy_ext_feature_isset(&rdev->wiphy,
8283 NL80211_EXT_FEATURE_RRM))
8284 return -EINVAL;
8285 req.flags |= ASSOC_REQ_USE_RRM;
8286 }
8287
8288 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
8289 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
8290 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
8291 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
8292 return -EINVAL;
8293 req.fils_nonces =
8294 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
8295 }
8296
8297 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
8298 if (!err) {
8299 wdev_lock(dev->ieee80211_ptr);
8300
8301 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
8302 ssid, ssid_len, &req);
8303
8304 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8305 dev->ieee80211_ptr->conn_owner_nlportid =
8306 info->snd_portid;
8307 memcpy(dev->ieee80211_ptr->disconnect_bssid,
8308 bssid, ETH_ALEN);
8309 }
8310
8311 wdev_unlock(dev->ieee80211_ptr);
8312 }
8313
8314 return err;
8315}
8316
8317static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
8318{
8319 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8320 struct net_device *dev = info->user_ptr[1];
8321 const u8 *ie = NULL, *bssid;
8322 int ie_len = 0, err;
8323 u16 reason_code;
8324 bool local_state_change;
8325
8326 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8327 return -EINVAL;
8328
8329 if (!info->attrs[NL80211_ATTR_MAC])
8330 return -EINVAL;
8331
8332 if (!info->attrs[NL80211_ATTR_REASON_CODE])
8333 return -EINVAL;
8334
8335 if (!rdev->ops->deauth)
8336 return -EOPNOTSUPP;
8337
8338 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8339 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8340 return -EOPNOTSUPP;
8341
8342 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8343
8344 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8345 if (reason_code == 0) {
8346
8347 return -EINVAL;
8348 }
8349
8350 if (info->attrs[NL80211_ATTR_IE]) {
8351 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8352 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8353 }
8354
8355 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8356
8357 wdev_lock(dev->ieee80211_ptr);
8358 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
8359 local_state_change);
8360 wdev_unlock(dev->ieee80211_ptr);
8361 return err;
8362}
8363
8364static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
8365{
8366 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8367 struct net_device *dev = info->user_ptr[1];
8368 const u8 *ie = NULL, *bssid;
8369 int ie_len = 0, err;
8370 u16 reason_code;
8371 bool local_state_change;
8372
8373 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8374 return -EINVAL;
8375
8376 if (!info->attrs[NL80211_ATTR_MAC])
8377 return -EINVAL;
8378
8379 if (!info->attrs[NL80211_ATTR_REASON_CODE])
8380 return -EINVAL;
8381
8382 if (!rdev->ops->disassoc)
8383 return -EOPNOTSUPP;
8384
8385 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8386 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8387 return -EOPNOTSUPP;
8388
8389 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8390
8391 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8392 if (reason_code == 0) {
8393
8394 return -EINVAL;
8395 }
8396
8397 if (info->attrs[NL80211_ATTR_IE]) {
8398 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8399 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8400 }
8401
8402 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8403
8404 wdev_lock(dev->ieee80211_ptr);
8405 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
8406 local_state_change);
8407 wdev_unlock(dev->ieee80211_ptr);
8408 return err;
8409}
8410
8411static bool
8412nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
8413 int mcast_rate[NUM_NL80211_BANDS],
8414 int rateval)
8415{
8416 struct wiphy *wiphy = &rdev->wiphy;
8417 bool found = false;
8418 int band, i;
8419
8420 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8421 struct ieee80211_supported_band *sband;
8422
8423 sband = wiphy->bands[band];
8424 if (!sband)
8425 continue;
8426
8427 for (i = 0; i < sband->n_bitrates; i++) {
8428 if (sband->bitrates[i].bitrate == rateval) {
8429 mcast_rate[band] = i + 1;
8430 found = true;
8431 break;
8432 }
8433 }
8434 }
8435
8436 return found;
8437}
8438
8439static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
8440{
8441 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8442 struct net_device *dev = info->user_ptr[1];
8443 struct cfg80211_ibss_params ibss;
8444 struct wiphy *wiphy;
8445 struct cfg80211_cached_keys *connkeys = NULL;
8446 int err;
8447
8448 memset(&ibss, 0, sizeof(ibss));
8449
8450 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8451 return -EINVAL;
8452
8453 if (!info->attrs[NL80211_ATTR_SSID] ||
8454 !nla_len(info->attrs[NL80211_ATTR_SSID]))
8455 return -EINVAL;
8456
8457 ibss.beacon_interval = 100;
8458
8459 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
8460 ibss.beacon_interval =
8461 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8462
8463 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
8464 ibss.beacon_interval);
8465 if (err)
8466 return err;
8467
8468 if (!rdev->ops->join_ibss)
8469 return -EOPNOTSUPP;
8470
8471 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
8472 return -EOPNOTSUPP;
8473
8474 wiphy = &rdev->wiphy;
8475
8476 if (info->attrs[NL80211_ATTR_MAC]) {
8477 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8478
8479 if (!is_valid_ether_addr(ibss.bssid))
8480 return -EINVAL;
8481 }
8482 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8483 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8484
8485 if (info->attrs[NL80211_ATTR_IE]) {
8486 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8487 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8488 }
8489
8490 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
8491 if (err)
8492 return err;
8493
8494 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
8495 NL80211_IFTYPE_ADHOC))
8496 return -EINVAL;
8497
8498 switch (ibss.chandef.width) {
8499 case NL80211_CHAN_WIDTH_5:
8500 case NL80211_CHAN_WIDTH_10:
8501 case NL80211_CHAN_WIDTH_20_NOHT:
8502 break;
8503 case NL80211_CHAN_WIDTH_20:
8504 case NL80211_CHAN_WIDTH_40:
8505 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8506 return -EINVAL;
8507 break;
8508 case NL80211_CHAN_WIDTH_80:
8509 case NL80211_CHAN_WIDTH_80P80:
8510 case NL80211_CHAN_WIDTH_160:
8511 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8512 return -EINVAL;
8513 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8514 NL80211_EXT_FEATURE_VHT_IBSS))
8515 return -EINVAL;
8516 break;
8517 default:
8518 return -EINVAL;
8519 }
8520
8521 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
8522 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
8523
8524 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8525 u8 *rates =
8526 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8527 int n_rates =
8528 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8529 struct ieee80211_supported_band *sband =
8530 wiphy->bands[ibss.chandef.chan->band];
8531
8532 err = ieee80211_get_ratemask(sband, rates, n_rates,
8533 &ibss.basic_rates);
8534 if (err)
8535 return err;
8536 }
8537
8538 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8539 memcpy(&ibss.ht_capa_mask,
8540 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8541 sizeof(ibss.ht_capa_mask));
8542
8543 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8544 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8545 return -EINVAL;
8546 memcpy(&ibss.ht_capa,
8547 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8548 sizeof(ibss.ht_capa));
8549 }
8550
8551 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8552 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
8553 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8554 return -EINVAL;
8555
8556 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
8557 bool no_ht = false;
8558
8559 connkeys = nl80211_parse_connkeys(rdev,
8560 info->attrs[NL80211_ATTR_KEYS],
8561 &no_ht);
8562 if (IS_ERR(connkeys))
8563 return PTR_ERR(connkeys);
8564
8565 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
8566 no_ht) {
8567 kzfree(connkeys);
8568 return -EINVAL;
8569 }
8570 }
8571
8572 ibss.control_port =
8573 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
8574
8575 ibss.userspace_handles_dfs =
8576 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
8577
8578 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
8579 if (err)
8580 kzfree(connkeys);
8581 return err;
8582}
8583
8584static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
8585{
8586 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8587 struct net_device *dev = info->user_ptr[1];
8588
8589 if (!rdev->ops->leave_ibss)
8590 return -EOPNOTSUPP;
8591
8592 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
8593 return -EOPNOTSUPP;
8594
8595 return cfg80211_leave_ibss(rdev, dev, false);
8596}
8597
8598static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
8599{
8600 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8601 struct net_device *dev = info->user_ptr[1];
8602 int mcast_rate[NUM_NL80211_BANDS];
8603 u32 nla_rate;
8604 int err;
8605
8606 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
8607 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
8608 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
8609 return -EOPNOTSUPP;
8610
8611 if (!rdev->ops->set_mcast_rate)
8612 return -EOPNOTSUPP;
8613
8614 memset(mcast_rate, 0, sizeof(mcast_rate));
8615
8616 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
8617 return -EINVAL;
8618
8619 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
8620 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
8621 return -EINVAL;
8622
8623 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
8624
8625 return err;
8626}
8627
8628static struct sk_buff *
8629__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
8630 struct wireless_dev *wdev, int approxlen,
8631 u32 portid, u32 seq, enum nl80211_commands cmd,
8632 enum nl80211_attrs attr,
8633 const struct nl80211_vendor_cmd_info *info,
8634 gfp_t gfp)
8635{
8636 struct sk_buff *skb;
8637 void *hdr;
8638 struct nlattr *data;
8639
8640 skb = nlmsg_new(approxlen + 100, gfp);
8641 if (!skb)
8642 return NULL;
8643
8644 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
8645 if (!hdr) {
8646 kfree_skb(skb);
8647 return NULL;
8648 }
8649
8650 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
8651 goto nla_put_failure;
8652
8653 if (info) {
8654 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
8655 info->vendor_id))
8656 goto nla_put_failure;
8657 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
8658 info->subcmd))
8659 goto nla_put_failure;
8660 }
8661
8662 if (wdev) {
8663 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
8664 wdev_id(wdev), NL80211_ATTR_PAD))
8665 goto nla_put_failure;
8666 if (wdev->netdev &&
8667 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
8668 wdev->netdev->ifindex))
8669 goto nla_put_failure;
8670 }
8671
8672 data = nla_nest_start(skb, attr);
8673 if (!data)
8674 goto nla_put_failure;
8675
8676 ((void **)skb->cb)[0] = rdev;
8677 ((void **)skb->cb)[1] = hdr;
8678 ((void **)skb->cb)[2] = data;
8679
8680 return skb;
8681
8682 nla_put_failure:
8683 kfree_skb(skb);
8684 return NULL;
8685}
8686
8687struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
8688 struct wireless_dev *wdev,
8689 enum nl80211_commands cmd,
8690 enum nl80211_attrs attr,
8691 int vendor_event_idx,
8692 int approxlen, gfp_t gfp)
8693{
8694 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
8695 const struct nl80211_vendor_cmd_info *info;
8696
8697 switch (cmd) {
8698 case NL80211_CMD_TESTMODE:
8699 if (WARN_ON(vendor_event_idx != -1))
8700 return NULL;
8701 info = NULL;
8702 break;
8703 case NL80211_CMD_VENDOR:
8704 if (WARN_ON(vendor_event_idx < 0 ||
8705 vendor_event_idx >= wiphy->n_vendor_events))
8706 return NULL;
8707 info = &wiphy->vendor_events[vendor_event_idx];
8708 break;
8709 default:
8710 WARN_ON(1);
8711 return NULL;
8712 }
8713
8714 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
8715 cmd, attr, info, gfp);
8716}
8717EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
8718
8719void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
8720{
8721 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
8722 void *hdr = ((void **)skb->cb)[1];
8723 struct nlattr *data = ((void **)skb->cb)[2];
8724 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
8725
8726
8727 memset(skb->cb, 0, sizeof(skb->cb));
8728
8729 nla_nest_end(skb, data);
8730 genlmsg_end(skb, hdr);
8731
8732 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
8733 mcgrp = NL80211_MCGRP_VENDOR;
8734
8735 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
8736 mcgrp, gfp);
8737}
8738EXPORT_SYMBOL(__cfg80211_send_event_skb);
8739
8740#ifdef CONFIG_NL80211_TESTMODE
8741static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
8742{
8743 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8744 struct wireless_dev *wdev =
8745 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
8746 int err;
8747
8748 if (!rdev->ops->testmode_cmd)
8749 return -EOPNOTSUPP;
8750
8751 if (IS_ERR(wdev)) {
8752 err = PTR_ERR(wdev);
8753 if (err != -EINVAL)
8754 return err;
8755 wdev = NULL;
8756 } else if (wdev->wiphy != &rdev->wiphy) {
8757 return -EINVAL;
8758 }
8759
8760 if (!info->attrs[NL80211_ATTR_TESTDATA])
8761 return -EINVAL;
8762
8763 rdev->cur_cmd_info = info;
8764 err = rdev_testmode_cmd(rdev, wdev,
8765 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
8766 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
8767 rdev->cur_cmd_info = NULL;
8768
8769 return err;
8770}
8771
8772static int nl80211_testmode_dump(struct sk_buff *skb,
8773 struct netlink_callback *cb)
8774{
8775 struct cfg80211_registered_device *rdev;
8776 int err;
8777 long phy_idx;
8778 void *data = NULL;
8779 int data_len = 0;
8780
8781 rtnl_lock();
8782
8783 if (cb->args[0]) {
8784
8785
8786
8787
8788 phy_idx = cb->args[0] - 1;
8789
8790 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
8791 if (!rdev) {
8792 err = -ENOENT;
8793 goto out_err;
8794 }
8795 } else {
8796 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
8797
8798 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
8799 attrbuf, nl80211_fam.maxattr,
8800 nl80211_policy, NULL);
8801 if (err)
8802 goto out_err;
8803
8804 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
8805 if (IS_ERR(rdev)) {
8806 err = PTR_ERR(rdev);
8807 goto out_err;
8808 }
8809 phy_idx = rdev->wiphy_idx;
8810
8811 if (attrbuf[NL80211_ATTR_TESTDATA])
8812 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
8813 }
8814
8815 if (cb->args[1]) {
8816 data = nla_data((void *)cb->args[1]);
8817 data_len = nla_len((void *)cb->args[1]);
8818 }
8819
8820 if (!rdev->ops->testmode_dump) {
8821 err = -EOPNOTSUPP;
8822 goto out_err;
8823 }
8824
8825 while (1) {
8826 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
8827 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8828 NL80211_CMD_TESTMODE);
8829 struct nlattr *tmdata;
8830
8831 if (!hdr)
8832 break;
8833
8834 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
8835 genlmsg_cancel(skb, hdr);
8836 break;
8837 }
8838
8839 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
8840 if (!tmdata) {
8841 genlmsg_cancel(skb, hdr);
8842 break;
8843 }
8844 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
8845 nla_nest_end(skb, tmdata);
8846
8847 if (err == -ENOBUFS || err == -ENOENT) {
8848 genlmsg_cancel(skb, hdr);
8849 break;
8850 } else if (err) {
8851 genlmsg_cancel(skb, hdr);
8852 goto out_err;
8853 }
8854
8855 genlmsg_end(skb, hdr);
8856 }
8857
8858 err = skb->len;
8859
8860 cb->args[0] = phy_idx + 1;
8861 out_err:
8862 rtnl_unlock();
8863 return err;
8864}
8865#endif
8866
8867static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
8868{
8869 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8870 struct net_device *dev = info->user_ptr[1];
8871 struct cfg80211_connect_params connect;
8872 struct wiphy *wiphy;
8873 struct cfg80211_cached_keys *connkeys = NULL;
8874 int err;
8875
8876 memset(&connect, 0, sizeof(connect));
8877
8878 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8879 return -EINVAL;
8880
8881 if (!info->attrs[NL80211_ATTR_SSID] ||
8882 !nla_len(info->attrs[NL80211_ATTR_SSID]))
8883 return -EINVAL;
8884
8885 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
8886 connect.auth_type =
8887 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8888 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
8889 NL80211_CMD_CONNECT))
8890 return -EINVAL;
8891 } else
8892 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
8893
8894 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
8895
8896 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
8897 !wiphy_ext_feature_isset(&rdev->wiphy,
8898 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
8899 return -EINVAL;
8900 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
8901
8902 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
8903 NL80211_MAX_NR_CIPHER_SUITES);
8904 if (err)
8905 return err;
8906
8907 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8908 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8909 return -EOPNOTSUPP;
8910
8911 wiphy = &rdev->wiphy;
8912
8913 connect.bg_scan_period = -1;
8914 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
8915 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
8916 connect.bg_scan_period =
8917 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
8918 }
8919
8920 if (info->attrs[NL80211_ATTR_MAC])
8921 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8922 else if (info->attrs[NL80211_ATTR_MAC_HINT])
8923 connect.bssid_hint =
8924 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
8925 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8926 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8927
8928 if (info->attrs[NL80211_ATTR_IE]) {
8929 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8930 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8931 }
8932
8933 if (info->attrs[NL80211_ATTR_USE_MFP]) {
8934 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8935 if (connect.mfp != NL80211_MFP_REQUIRED &&
8936 connect.mfp != NL80211_MFP_NO)
8937 return -EINVAL;
8938 } else {
8939 connect.mfp = NL80211_MFP_NO;
8940 }
8941
8942 if (info->attrs[NL80211_ATTR_PREV_BSSID])
8943 connect.prev_bssid =
8944 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
8945
8946 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8947 connect.channel = nl80211_get_valid_chan(
8948 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8949 if (!connect.channel)
8950 return -EINVAL;
8951 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
8952 connect.channel_hint = nl80211_get_valid_chan(
8953 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
8954 if (!connect.channel_hint)
8955 return -EINVAL;
8956 }
8957
8958 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
8959 connkeys = nl80211_parse_connkeys(rdev,
8960 info->attrs[NL80211_ATTR_KEYS], NULL);
8961 if (IS_ERR(connkeys))
8962 return PTR_ERR(connkeys);
8963 }
8964
8965 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
8966 connect.flags |= ASSOC_REQ_DISABLE_HT;
8967
8968 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8969 memcpy(&connect.ht_capa_mask,
8970 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8971 sizeof(connect.ht_capa_mask));
8972
8973 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8974 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
8975 kzfree(connkeys);
8976 return -EINVAL;
8977 }
8978 memcpy(&connect.ht_capa,
8979 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8980 sizeof(connect.ht_capa));
8981 }
8982
8983 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
8984 connect.flags |= ASSOC_REQ_DISABLE_VHT;
8985
8986 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8987 memcpy(&connect.vht_capa_mask,
8988 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
8989 sizeof(connect.vht_capa_mask));
8990
8991 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
8992 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
8993 kzfree(connkeys);
8994 return -EINVAL;
8995 }
8996 memcpy(&connect.vht_capa,
8997 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
8998 sizeof(connect.vht_capa));
8999 }
9000
9001 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9002 if (!((rdev->wiphy.features &
9003 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9004 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9005 !wiphy_ext_feature_isset(&rdev->wiphy,
9006 NL80211_EXT_FEATURE_RRM)) {
9007 kzfree(connkeys);
9008 return -EINVAL;
9009 }
9010 connect.flags |= ASSOC_REQ_USE_RRM;
9011 }
9012
9013 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
9014 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
9015 kzfree(connkeys);
9016 return -EOPNOTSUPP;
9017 }
9018
9019 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
9020
9021 if (connect.bssid) {
9022 kzfree(connkeys);
9023 return -EINVAL;
9024 }
9025
9026 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
9027 wiphy, &connect.bss_select);
9028 if (err) {
9029 kzfree(connkeys);
9030 return err;
9031 }
9032 }
9033
9034 if (wiphy_ext_feature_isset(&rdev->wiphy,
9035 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
9036 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9037 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9038 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9039 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9040 connect.fils_erp_username =
9041 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9042 connect.fils_erp_username_len =
9043 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9044 connect.fils_erp_realm =
9045 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9046 connect.fils_erp_realm_len =
9047 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9048 connect.fils_erp_next_seq_num =
9049 nla_get_u16(
9050 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9051 connect.fils_erp_rrk =
9052 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9053 connect.fils_erp_rrk_len =
9054 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9055 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9056 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9057 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9058 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9059 kzfree(connkeys);
9060 return -EINVAL;
9061 }
9062
9063 wdev_lock(dev->ieee80211_ptr);
9064
9065 err = cfg80211_connect(rdev, dev, &connect, connkeys,
9066 connect.prev_bssid);
9067 if (err)
9068 kzfree(connkeys);
9069
9070 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9071 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9072 if (connect.bssid)
9073 memcpy(dev->ieee80211_ptr->disconnect_bssid,
9074 connect.bssid, ETH_ALEN);
9075 else
9076 memset(dev->ieee80211_ptr->disconnect_bssid,
9077 0, ETH_ALEN);
9078 }
9079
9080 wdev_unlock(dev->ieee80211_ptr);
9081
9082 return err;
9083}
9084
9085static int nl80211_update_connect_params(struct sk_buff *skb,
9086 struct genl_info *info)
9087{
9088 struct cfg80211_connect_params connect = {};
9089 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9090 struct net_device *dev = info->user_ptr[1];
9091 struct wireless_dev *wdev = dev->ieee80211_ptr;
9092 u32 changed = 0;
9093 int ret;
9094
9095 if (!rdev->ops->update_connect_params)
9096 return -EOPNOTSUPP;
9097
9098 if (info->attrs[NL80211_ATTR_IE]) {
9099 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9100 return -EINVAL;
9101 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9102 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9103 changed |= UPDATE_ASSOC_IES;
9104 }
9105
9106 wdev_lock(dev->ieee80211_ptr);
9107 if (!wdev->current_bss)
9108 ret = -ENOLINK;
9109 else
9110 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
9111 wdev_unlock(dev->ieee80211_ptr);
9112
9113 return ret;
9114}
9115
9116static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
9117{
9118 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9119 struct net_device *dev = info->user_ptr[1];
9120 u16 reason;
9121 int ret;
9122
9123 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9124 reason = WLAN_REASON_DEAUTH_LEAVING;
9125 else
9126 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9127
9128 if (reason == 0)
9129 return -EINVAL;
9130
9131 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9132 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9133 return -EOPNOTSUPP;
9134
9135 wdev_lock(dev->ieee80211_ptr);
9136 ret = cfg80211_disconnect(rdev, dev, reason, true);
9137 wdev_unlock(dev->ieee80211_ptr);
9138 return ret;
9139}
9140
9141static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
9142{
9143 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9144 struct net *net;
9145 int err;
9146
9147 if (info->attrs[NL80211_ATTR_PID]) {
9148 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
9149
9150 net = get_net_ns_by_pid(pid);
9151 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
9152 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
9153
9154 net = get_net_ns_by_fd(fd);
9155 } else {
9156 return -EINVAL;
9157 }
9158
9159 if (IS_ERR(net))
9160 return PTR_ERR(net);
9161
9162 err = 0;
9163
9164
9165 if (!net_eq(wiphy_net(&rdev->wiphy), net))
9166 err = cfg80211_switch_netns(rdev, net);
9167
9168 put_net(net);
9169 return err;
9170}
9171
9172static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
9173{
9174 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9175 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
9176 struct cfg80211_pmksa *pmksa) = NULL;
9177 struct net_device *dev = info->user_ptr[1];
9178 struct cfg80211_pmksa pmksa;
9179
9180 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
9181
9182 if (!info->attrs[NL80211_ATTR_PMKID])
9183 return -EINVAL;
9184
9185 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
9186
9187 if (info->attrs[NL80211_ATTR_MAC]) {
9188 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9189 } else if (info->attrs[NL80211_ATTR_SSID] &&
9190 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
9191 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
9192 info->attrs[NL80211_ATTR_PMK])) {
9193 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9194 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9195 pmksa.cache_id =
9196 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
9197 } else {
9198 return -EINVAL;
9199 }
9200 if (info->attrs[NL80211_ATTR_PMK]) {
9201 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9202 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
9203 }
9204
9205 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9206 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9207 return -EOPNOTSUPP;
9208
9209 switch (info->genlhdr->cmd) {
9210 case NL80211_CMD_SET_PMKSA:
9211 rdev_ops = rdev->ops->set_pmksa;
9212 break;
9213 case NL80211_CMD_DEL_PMKSA:
9214 rdev_ops = rdev->ops->del_pmksa;
9215 break;
9216 default:
9217 WARN_ON(1);
9218 break;
9219 }
9220
9221 if (!rdev_ops)
9222 return -EOPNOTSUPP;
9223
9224 return rdev_ops(&rdev->wiphy, dev, &pmksa);
9225}
9226
9227static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
9228{
9229 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9230 struct net_device *dev = info->user_ptr[1];
9231
9232 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9233 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9234 return -EOPNOTSUPP;
9235
9236 if (!rdev->ops->flush_pmksa)
9237 return -EOPNOTSUPP;
9238
9239 return rdev_flush_pmksa(rdev, dev);
9240}
9241
9242static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
9243{
9244 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9245 struct net_device *dev = info->user_ptr[1];
9246 u8 action_code, dialog_token;
9247 u32 peer_capability = 0;
9248 u16 status_code;
9249 u8 *peer;
9250 bool initiator;
9251
9252 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9253 !rdev->ops->tdls_mgmt)
9254 return -EOPNOTSUPP;
9255
9256 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
9257 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
9258 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
9259 !info->attrs[NL80211_ATTR_IE] ||
9260 !info->attrs[NL80211_ATTR_MAC])
9261 return -EINVAL;
9262
9263 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9264 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
9265 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
9266 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
9267 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
9268 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
9269 peer_capability =
9270 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
9271
9272 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
9273 dialog_token, status_code, peer_capability,
9274 initiator,
9275 nla_data(info->attrs[NL80211_ATTR_IE]),
9276 nla_len(info->attrs[NL80211_ATTR_IE]));
9277}
9278
9279static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
9280{
9281 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9282 struct net_device *dev = info->user_ptr[1];
9283 enum nl80211_tdls_operation operation;
9284 u8 *peer;
9285
9286 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9287 !rdev->ops->tdls_oper)
9288 return -EOPNOTSUPP;
9289
9290 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
9291 !info->attrs[NL80211_ATTR_MAC])
9292 return -EINVAL;
9293
9294 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
9295 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9296
9297 return rdev_tdls_oper(rdev, dev, peer, operation);
9298}
9299
9300static int nl80211_remain_on_channel(struct sk_buff *skb,
9301 struct genl_info *info)
9302{
9303 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9304 struct wireless_dev *wdev = info->user_ptr[1];
9305 struct cfg80211_chan_def chandef;
9306 const struct cfg80211_chan_def *compat_chandef;
9307 struct sk_buff *msg;
9308 void *hdr;
9309 u64 cookie;
9310 u32 duration;
9311 int err;
9312
9313 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
9314 !info->attrs[NL80211_ATTR_DURATION])
9315 return -EINVAL;
9316
9317 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
9318
9319 if (!rdev->ops->remain_on_channel ||
9320 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
9321 return -EOPNOTSUPP;
9322
9323
9324
9325
9326
9327 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
9328 duration > rdev->wiphy.max_remain_on_channel_duration)
9329 return -EINVAL;
9330
9331 err = nl80211_parse_chandef(rdev, info, &chandef);
9332 if (err)
9333 return err;
9334
9335 wdev_lock(wdev);
9336 if (!cfg80211_off_channel_oper_allowed(wdev) &&
9337 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
9338 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
9339 &chandef);
9340 if (compat_chandef != &chandef) {
9341 wdev_unlock(wdev);
9342 return -EBUSY;
9343 }
9344 }
9345 wdev_unlock(wdev);
9346
9347 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9348 if (!msg)
9349 return -ENOMEM;
9350
9351 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9352 NL80211_CMD_REMAIN_ON_CHANNEL);
9353 if (!hdr) {
9354 err = -ENOBUFS;
9355 goto free_msg;
9356 }
9357
9358 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
9359 duration, &cookie);
9360
9361 if (err)
9362 goto free_msg;
9363
9364 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
9365 NL80211_ATTR_PAD))
9366 goto nla_put_failure;
9367
9368 genlmsg_end(msg, hdr);
9369
9370 return genlmsg_reply(msg, info);
9371
9372 nla_put_failure:
9373 err = -ENOBUFS;
9374 free_msg:
9375 nlmsg_free(msg);
9376 return err;
9377}
9378
9379static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
9380 struct genl_info *info)
9381{
9382 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9383 struct wireless_dev *wdev = info->user_ptr[1];
9384 u64 cookie;
9385
9386 if (!info->attrs[NL80211_ATTR_COOKIE])
9387 return -EINVAL;
9388
9389 if (!rdev->ops->cancel_remain_on_channel)
9390 return -EOPNOTSUPP;
9391
9392 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9393
9394 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
9395}
9396
9397static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
9398 struct genl_info *info)
9399{
9400 struct cfg80211_bitrate_mask mask;
9401 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9402 struct net_device *dev = info->user_ptr[1];
9403 int err;
9404
9405 if (!rdev->ops->set_bitrate_mask)
9406 return -EOPNOTSUPP;
9407
9408 err = nl80211_parse_tx_bitrate_mask(info, &mask);
9409 if (err)
9410 return err;
9411
9412 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
9413}
9414
9415static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
9416{
9417 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9418 struct wireless_dev *wdev = info->user_ptr[1];
9419 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
9420
9421 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
9422 return -EINVAL;
9423
9424 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
9425 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
9426
9427 switch (wdev->iftype) {
9428 case NL80211_IFTYPE_STATION:
9429 case NL80211_IFTYPE_ADHOC:
9430 case NL80211_IFTYPE_P2P_CLIENT:
9431 case NL80211_IFTYPE_AP:
9432 case NL80211_IFTYPE_AP_VLAN:
9433 case NL80211_IFTYPE_MESH_POINT:
9434 case NL80211_IFTYPE_P2P_GO:
9435 case NL80211_IFTYPE_P2P_DEVICE:
9436 break;
9437 case NL80211_IFTYPE_NAN:
9438 default:
9439 return -EOPNOTSUPP;
9440 }
9441
9442
9443 if (!rdev->ops->mgmt_tx)
9444 return -EOPNOTSUPP;
9445
9446 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
9447 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
9448 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
9449}
9450
9451static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
9452{
9453 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9454 struct wireless_dev *wdev = info->user_ptr[1];
9455 struct cfg80211_chan_def chandef;
9456 int err;
9457 void *hdr = NULL;
9458 u64 cookie;
9459 struct sk_buff *msg = NULL;
9460 struct cfg80211_mgmt_tx_params params = {
9461 .dont_wait_for_ack =
9462 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
9463 };
9464
9465 if (!info->attrs[NL80211_ATTR_FRAME])
9466 return -EINVAL;
9467
9468 if (!rdev->ops->mgmt_tx)
9469 return -EOPNOTSUPP;
9470
9471 switch (wdev->iftype) {
9472 case NL80211_IFTYPE_P2P_DEVICE:
9473 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9474 return -EINVAL;
9475 case NL80211_IFTYPE_STATION:
9476 case NL80211_IFTYPE_ADHOC:
9477 case NL80211_IFTYPE_P2P_CLIENT:
9478 case NL80211_IFTYPE_AP:
9479 case NL80211_IFTYPE_AP_VLAN:
9480 case NL80211_IFTYPE_MESH_POINT:
9481 case NL80211_IFTYPE_P2P_GO:
9482 break;
9483 case NL80211_IFTYPE_NAN:
9484 default:
9485 return -EOPNOTSUPP;
9486 }
9487
9488 if (info->attrs[NL80211_ATTR_DURATION]) {
9489 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
9490 return -EINVAL;
9491 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
9492
9493
9494
9495
9496
9497 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
9498 params.wait > rdev->wiphy.max_remain_on_channel_duration)
9499 return -EINVAL;
9500 }
9501
9502 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
9503
9504 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
9505 return -EINVAL;
9506
9507 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
9508
9509
9510
9511
9512 chandef.chan = NULL;
9513 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9514 err = nl80211_parse_chandef(rdev, info, &chandef);
9515 if (err)
9516 return err;
9517 }
9518
9519 if (!chandef.chan && params.offchan)
9520 return -EINVAL;
9521
9522 wdev_lock(wdev);
9523 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
9524 wdev_unlock(wdev);
9525 return -EBUSY;
9526 }
9527 wdev_unlock(wdev);
9528
9529 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
9530 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
9531
9532 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
9533 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
9534 int i;
9535
9536 if (len % sizeof(u16))
9537 return -EINVAL;
9538
9539 params.n_csa_offsets = len / sizeof(u16);
9540 params.csa_offsets =
9541 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
9542
9543
9544 for (i = 0; i < params.n_csa_offsets; i++) {
9545 if (params.csa_offsets[i] >= params.len)
9546 return -EINVAL;
9547 }
9548 }
9549
9550 if (!params.dont_wait_for_ack) {
9551 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9552 if (!msg)
9553 return -ENOMEM;
9554
9555 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9556 NL80211_CMD_FRAME);
9557 if (!hdr) {
9558 err = -ENOBUFS;
9559 goto free_msg;
9560 }
9561 }
9562
9563 params.chan = chandef.chan;
9564 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie);
9565 if (err)
9566 goto free_msg;
9567
9568 if (msg) {
9569 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
9570 NL80211_ATTR_PAD))
9571 goto nla_put_failure;
9572
9573 genlmsg_end(msg, hdr);
9574 return genlmsg_reply(msg, info);
9575 }
9576
9577 return 0;
9578
9579 nla_put_failure:
9580 err = -ENOBUFS;
9581 free_msg:
9582 nlmsg_free(msg);
9583 return err;
9584}
9585
9586static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
9587{
9588 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9589 struct wireless_dev *wdev = info->user_ptr[1];
9590 u64 cookie;
9591
9592 if (!info->attrs[NL80211_ATTR_COOKIE])
9593 return -EINVAL;
9594
9595 if (!rdev->ops->mgmt_tx_cancel_wait)
9596 return -EOPNOTSUPP;
9597
9598 switch (wdev->iftype) {
9599 case NL80211_IFTYPE_STATION:
9600 case NL80211_IFTYPE_ADHOC:
9601 case NL80211_IFTYPE_P2P_CLIENT:
9602 case NL80211_IFTYPE_AP:
9603 case NL80211_IFTYPE_AP_VLAN:
9604 case NL80211_IFTYPE_P2P_GO:
9605 case NL80211_IFTYPE_P2P_DEVICE:
9606 break;
9607 case NL80211_IFTYPE_NAN:
9608 default:
9609 return -EOPNOTSUPP;
9610 }
9611
9612 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9613
9614 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
9615}
9616
9617static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
9618{
9619 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9620 struct wireless_dev *wdev;
9621 struct net_device *dev = info->user_ptr[1];
9622 u8 ps_state;
9623 bool state;
9624 int err;
9625
9626 if (!info->attrs[NL80211_ATTR_PS_STATE])
9627 return -EINVAL;
9628
9629 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
9630
9631 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
9632 return -EINVAL;
9633
9634 wdev = dev->ieee80211_ptr;
9635
9636 if (!rdev->ops->set_power_mgmt)
9637 return -EOPNOTSUPP;
9638
9639 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
9640
9641 if (state == wdev->ps)
9642 return 0;
9643
9644 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
9645 if (!err)
9646 wdev->ps = state;
9647 return err;
9648}
9649
9650static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
9651{
9652 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9653 enum nl80211_ps_state ps_state;
9654 struct wireless_dev *wdev;
9655 struct net_device *dev = info->user_ptr[1];
9656 struct sk_buff *msg;
9657 void *hdr;
9658 int err;
9659
9660 wdev = dev->ieee80211_ptr;
9661
9662 if (!rdev->ops->set_power_mgmt)
9663 return -EOPNOTSUPP;
9664
9665 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9666 if (!msg)
9667 return -ENOMEM;
9668
9669 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9670 NL80211_CMD_GET_POWER_SAVE);
9671 if (!hdr) {
9672 err = -ENOBUFS;
9673 goto free_msg;
9674 }
9675
9676 if (wdev->ps)
9677 ps_state = NL80211_PS_ENABLED;
9678 else
9679 ps_state = NL80211_PS_DISABLED;
9680
9681 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
9682 goto nla_put_failure;
9683
9684 genlmsg_end(msg, hdr);
9685 return genlmsg_reply(msg, info);
9686
9687 nla_put_failure:
9688 err = -ENOBUFS;
9689 free_msg:
9690 nlmsg_free(msg);
9691 return err;
9692}
9693
9694static const struct nla_policy
9695nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
9696 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
9697 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
9698 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
9699 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
9700 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
9701 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
9702 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
9703};
9704
9705static int nl80211_set_cqm_txe(struct genl_info *info,
9706 u32 rate, u32 pkts, u32 intvl)
9707{
9708 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9709 struct net_device *dev = info->user_ptr[1];
9710 struct wireless_dev *wdev = dev->ieee80211_ptr;
9711
9712 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
9713 return -EINVAL;
9714
9715 if (!rdev->ops->set_cqm_txe_config)
9716 return -EOPNOTSUPP;
9717
9718 if (wdev->iftype != NL80211_IFTYPE_STATION &&
9719 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9720 return -EOPNOTSUPP;
9721
9722 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
9723}
9724
9725static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
9726 struct net_device *dev)
9727{
9728 struct wireless_dev *wdev = dev->ieee80211_ptr;
9729 s32 last, low, high;
9730 u32 hyst;
9731 int i, n;
9732 int err;
9733
9734
9735 if (!wdev->cqm_config)
9736 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
9737
9738
9739
9740
9741
9742
9743
9744 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
9745 rdev->ops->get_station) {
9746 struct station_info sinfo;
9747 u8 *mac_addr;
9748
9749 mac_addr = wdev->current_bss->pub.bssid;
9750
9751 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
9752 if (err)
9753 return err;
9754
9755 if (sinfo.filled & BIT(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
9756 wdev->cqm_config->last_rssi_event_value =
9757 (s8) sinfo.rx_beacon_signal_avg;
9758 }
9759
9760 last = wdev->cqm_config->last_rssi_event_value;
9761 hyst = wdev->cqm_config->rssi_hyst;
9762 n = wdev->cqm_config->n_rssi_thresholds;
9763
9764 for (i = 0; i < n; i++)
9765 if (last < wdev->cqm_config->rssi_thresholds[i])
9766 break;
9767
9768 low = i > 0 ?
9769 (wdev->cqm_config->rssi_thresholds[i - 1] - hyst) : S32_MIN;
9770 high = i < n ?
9771 (wdev->cqm_config->rssi_thresholds[i] + hyst - 1) : S32_MAX;
9772
9773 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
9774}
9775
9776static int nl80211_set_cqm_rssi(struct genl_info *info,
9777 const s32 *thresholds, int n_thresholds,
9778 u32 hysteresis)
9779{
9780 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9781 struct net_device *dev = info->user_ptr[1];
9782 struct wireless_dev *wdev = dev->ieee80211_ptr;
9783 int i, err;
9784 s32 prev = S32_MIN;
9785
9786
9787 for (i = 0; i < n_thresholds; i++) {
9788 if (thresholds[i] > 0 || thresholds[i] <= prev)
9789 return -EINVAL;
9790
9791 prev = thresholds[i];
9792 }
9793
9794 if (wdev->iftype != NL80211_IFTYPE_STATION &&
9795 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9796 return -EOPNOTSUPP;
9797
9798 wdev_lock(wdev);
9799 cfg80211_cqm_config_free(wdev);
9800 wdev_unlock(wdev);
9801
9802 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
9803 if (n_thresholds == 0 || thresholds[0] == 0)
9804 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
9805
9806 return rdev_set_cqm_rssi_config(rdev, dev,
9807 thresholds[0], hysteresis);
9808 }
9809
9810 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9811 NL80211_EXT_FEATURE_CQM_RSSI_LIST))
9812 return -EOPNOTSUPP;
9813
9814 if (n_thresholds == 1 && thresholds[0] == 0)
9815 n_thresholds = 0;
9816
9817 wdev_lock(wdev);
9818 if (n_thresholds) {
9819 struct cfg80211_cqm_config *cqm_config;
9820
9821 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
9822 n_thresholds * sizeof(s32), GFP_KERNEL);
9823 if (!cqm_config) {
9824 err = -ENOMEM;
9825 goto unlock;
9826 }
9827
9828 cqm_config->rssi_hyst = hysteresis;
9829 cqm_config->n_rssi_thresholds = n_thresholds;
9830 memcpy(cqm_config->rssi_thresholds, thresholds,
9831 n_thresholds * sizeof(s32));
9832
9833 wdev->cqm_config = cqm_config;
9834 }
9835
9836 err = cfg80211_cqm_rssi_update(rdev, dev);
9837
9838unlock:
9839 wdev_unlock(wdev);
9840
9841 return err;
9842}
9843
9844static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
9845{
9846 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
9847 struct nlattr *cqm;
9848 int err;
9849
9850 cqm = info->attrs[NL80211_ATTR_CQM];
9851 if (!cqm)
9852 return -EINVAL;
9853
9854 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
9855 nl80211_attr_cqm_policy, info->extack);
9856 if (err)
9857 return err;
9858
9859 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
9860 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
9861 const s32 *thresholds =
9862 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
9863 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
9864 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
9865
9866 if (len % 4)
9867 return -EINVAL;
9868
9869 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
9870 hysteresis);
9871 }
9872
9873 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
9874 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
9875 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
9876 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
9877 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
9878 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
9879
9880 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
9881 }
9882
9883 return -EINVAL;
9884}
9885
9886static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
9887{
9888 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9889 struct net_device *dev = info->user_ptr[1];
9890 struct ocb_setup setup = {};
9891 int err;
9892
9893 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
9894 if (err)
9895 return err;
9896
9897 return cfg80211_join_ocb(rdev, dev, &setup);
9898}
9899
9900static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
9901{
9902 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9903 struct net_device *dev = info->user_ptr[1];
9904
9905 return cfg80211_leave_ocb(rdev, dev);
9906}
9907
9908static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
9909{
9910 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9911 struct net_device *dev = info->user_ptr[1];
9912 struct mesh_config cfg;
9913 struct mesh_setup setup;
9914 int err;
9915
9916
9917 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
9918 memcpy(&setup, &default_mesh_setup, sizeof(setup));
9919
9920 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
9921
9922 err = nl80211_parse_mesh_config(info, &cfg, NULL);
9923 if (err)
9924 return err;
9925 }
9926
9927 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
9928 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
9929 return -EINVAL;
9930
9931 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
9932 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
9933
9934 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9935 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
9936 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9937 return -EINVAL;
9938
9939 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
9940 setup.beacon_interval =
9941 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9942
9943 err = cfg80211_validate_beacon_int(rdev,
9944 NL80211_IFTYPE_MESH_POINT,
9945 setup.beacon_interval);
9946 if (err)
9947 return err;
9948 }
9949
9950 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
9951 setup.dtim_period =
9952 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
9953 if (setup.dtim_period < 1 || setup.dtim_period > 100)
9954 return -EINVAL;
9955 }
9956
9957 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
9958
9959 err = nl80211_parse_mesh_setup(info, &setup);
9960 if (err)
9961 return err;
9962 }
9963
9964 if (setup.user_mpm)
9965 cfg.auto_open_plinks = false;
9966
9967 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9968 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
9969 if (err)
9970 return err;
9971 } else {
9972
9973 setup.chandef.chan = NULL;
9974 }
9975
9976 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9977 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9978 int n_rates =
9979 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9980 struct ieee80211_supported_band *sband;
9981
9982 if (!setup.chandef.chan)
9983 return -EINVAL;
9984
9985 sband = rdev->wiphy.bands[setup.chandef.chan->band];
9986
9987 err = ieee80211_get_ratemask(sband, rates, n_rates,
9988 &setup.basic_rates);
9989 if (err)
9990 return err;
9991 }
9992
9993 if (info->attrs[NL80211_ATTR_TX_RATES]) {
9994 err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
9995 if (err)
9996 return err;
9997
9998 if (!setup.chandef.chan)
9999 return -EINVAL;
10000
10001 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
10002 &setup.beacon_rate);
10003 if (err)
10004 return err;
10005 }
10006
10007 setup.userspace_handles_dfs =
10008 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10009
10010 return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
10011}
10012
10013static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
10014{
10015 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10016 struct net_device *dev = info->user_ptr[1];
10017
10018 return cfg80211_leave_mesh(rdev, dev);
10019}
10020
10021#ifdef CONFIG_PM
10022static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
10023 struct cfg80211_registered_device *rdev)
10024{
10025 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
10026 struct nlattr *nl_pats, *nl_pat;
10027 int i, pat_len;
10028
10029 if (!wowlan->n_patterns)
10030 return 0;
10031
10032 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
10033 if (!nl_pats)
10034 return -ENOBUFS;
10035
10036 for (i = 0; i < wowlan->n_patterns; i++) {
10037 nl_pat = nla_nest_start(msg, i + 1);
10038 if (!nl_pat)
10039 return -ENOBUFS;
10040 pat_len = wowlan->patterns[i].pattern_len;
10041 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
10042 wowlan->patterns[i].mask) ||
10043 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10044 wowlan->patterns[i].pattern) ||
10045 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10046 wowlan->patterns[i].pkt_offset))
10047 return -ENOBUFS;
10048 nla_nest_end(msg, nl_pat);
10049 }
10050 nla_nest_end(msg, nl_pats);
10051
10052 return 0;
10053}
10054
10055static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
10056 struct cfg80211_wowlan_tcp *tcp)
10057{
10058 struct nlattr *nl_tcp;
10059
10060 if (!tcp)
10061 return 0;
10062
10063 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
10064 if (!nl_tcp)
10065 return -ENOBUFS;
10066
10067 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
10068 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
10069 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
10070 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
10071 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
10072 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
10073 tcp->payload_len, tcp->payload) ||
10074 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
10075 tcp->data_interval) ||
10076 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
10077 tcp->wake_len, tcp->wake_data) ||
10078 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
10079 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
10080 return -ENOBUFS;
10081
10082 if (tcp->payload_seq.len &&
10083 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
10084 sizeof(tcp->payload_seq), &tcp->payload_seq))
10085 return -ENOBUFS;
10086
10087 if (tcp->payload_tok.len &&
10088 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
10089 sizeof(tcp->payload_tok) + tcp->tokens_size,
10090 &tcp->payload_tok))
10091 return -ENOBUFS;
10092
10093 nla_nest_end(msg, nl_tcp);
10094
10095 return 0;
10096}
10097
10098static int nl80211_send_wowlan_nd(struct sk_buff *msg,
10099 struct cfg80211_sched_scan_request *req)
10100{
10101 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
10102 int i;
10103
10104 if (!req)
10105 return 0;
10106
10107 nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
10108 if (!nd)
10109 return -ENOBUFS;
10110
10111 if (req->n_scan_plans == 1 &&
10112 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
10113 req->scan_plans[0].interval * 1000))
10114 return -ENOBUFS;
10115
10116 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
10117 return -ENOBUFS;
10118
10119 if (req->relative_rssi_set) {
10120 struct nl80211_bss_select_rssi_adjust rssi_adjust;
10121
10122 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
10123 req->relative_rssi))
10124 return -ENOBUFS;
10125
10126 rssi_adjust.band = req->rssi_adjust.band;
10127 rssi_adjust.delta = req->rssi_adjust.delta;
10128 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
10129 sizeof(rssi_adjust), &rssi_adjust))
10130 return -ENOBUFS;
10131 }
10132
10133 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10134 if (!freqs)
10135 return -ENOBUFS;
10136
10137 for (i = 0; i < req->n_channels; i++) {
10138 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
10139 return -ENOBUFS;
10140 }
10141
10142 nla_nest_end(msg, freqs);
10143
10144 if (req->n_match_sets) {
10145 matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
10146 if (!matches)
10147 return -ENOBUFS;
10148
10149 for (i = 0; i < req->n_match_sets; i++) {
10150 match = nla_nest_start(msg, i);
10151 if (!match)
10152 return -ENOBUFS;
10153
10154 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
10155 req->match_sets[i].ssid.ssid_len,
10156 req->match_sets[i].ssid.ssid))
10157 return -ENOBUFS;
10158 nla_nest_end(msg, match);
10159 }
10160 nla_nest_end(msg, matches);
10161 }
10162
10163 scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
10164 if (!scan_plans)
10165 return -ENOBUFS;
10166
10167 for (i = 0; i < req->n_scan_plans; i++) {
10168 scan_plan = nla_nest_start(msg, i + 1);
10169 if (!scan_plan)
10170 return -ENOBUFS;
10171
10172 if (!scan_plan ||
10173 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
10174 req->scan_plans[i].interval) ||
10175 (req->scan_plans[i].iterations &&
10176 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
10177 req->scan_plans[i].iterations)))
10178 return -ENOBUFS;
10179 nla_nest_end(msg, scan_plan);
10180 }
10181 nla_nest_end(msg, scan_plans);
10182
10183 nla_nest_end(msg, nd);
10184
10185 return 0;
10186}
10187
10188static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
10189{
10190 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10191 struct sk_buff *msg;
10192 void *hdr;
10193 u32 size = NLMSG_DEFAULT_SIZE;
10194
10195 if (!rdev->wiphy.wowlan)
10196 return -EOPNOTSUPP;
10197
10198 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
10199
10200 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
10201 rdev->wiphy.wowlan_config->tcp->payload_len +
10202 rdev->wiphy.wowlan_config->tcp->wake_len +
10203 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
10204 }
10205
10206 msg = nlmsg_new(size, GFP_KERNEL);
10207 if (!msg)
10208 return -ENOMEM;
10209
10210 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10211 NL80211_CMD_GET_WOWLAN);
10212 if (!hdr)
10213 goto nla_put_failure;
10214
10215 if (rdev->wiphy.wowlan_config) {
10216 struct nlattr *nl_wowlan;
10217
10218 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
10219 if (!nl_wowlan)
10220 goto nla_put_failure;
10221
10222 if ((rdev->wiphy.wowlan_config->any &&
10223 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
10224 (rdev->wiphy.wowlan_config->disconnect &&
10225 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
10226 (rdev->wiphy.wowlan_config->magic_pkt &&
10227 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
10228 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
10229 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
10230 (rdev->wiphy.wowlan_config->eap_identity_req &&
10231 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
10232 (rdev->wiphy.wowlan_config->four_way_handshake &&
10233 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
10234 (rdev->wiphy.wowlan_config->rfkill_release &&
10235 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
10236 goto nla_put_failure;
10237
10238 if (nl80211_send_wowlan_patterns(msg, rdev))
10239 goto nla_put_failure;
10240
10241 if (nl80211_send_wowlan_tcp(msg,
10242 rdev->wiphy.wowlan_config->tcp))
10243 goto nla_put_failure;
10244
10245 if (nl80211_send_wowlan_nd(
10246 msg,
10247 rdev->wiphy.wowlan_config->nd_config))
10248 goto nla_put_failure;
10249
10250 nla_nest_end(msg, nl_wowlan);
10251 }
10252
10253 genlmsg_end(msg, hdr);
10254 return genlmsg_reply(msg, info);
10255
10256nla_put_failure:
10257 nlmsg_free(msg);
10258 return -ENOBUFS;
10259}
10260
10261static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
10262 struct nlattr *attr,
10263 struct cfg80211_wowlan *trig)
10264{
10265 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
10266 struct cfg80211_wowlan_tcp *cfg;
10267 struct nl80211_wowlan_tcp_data_token *tok = NULL;
10268 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
10269 u32 size;
10270 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
10271 int err, port;
10272
10273 if (!rdev->wiphy.wowlan->tcp)
10274 return -EINVAL;
10275
10276 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TCP, attr,
10277 nl80211_wowlan_tcp_policy, NULL);
10278 if (err)
10279 return err;
10280
10281 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
10282 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
10283 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
10284 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
10285 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
10286 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
10287 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
10288 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
10289 return -EINVAL;
10290
10291 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
10292 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
10293 return -EINVAL;
10294
10295 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
10296 rdev->wiphy.wowlan->tcp->data_interval_max ||
10297 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
10298 return -EINVAL;
10299
10300 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
10301 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
10302 return -EINVAL;
10303
10304 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
10305 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
10306 return -EINVAL;
10307
10308 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
10309 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10310
10311 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10312 tokens_size = tokln - sizeof(*tok);
10313
10314 if (!tok->len || tokens_size % tok->len)
10315 return -EINVAL;
10316 if (!rdev->wiphy.wowlan->tcp->tok)
10317 return -EINVAL;
10318 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
10319 return -EINVAL;
10320 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
10321 return -EINVAL;
10322 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
10323 return -EINVAL;
10324 if (tok->offset + tok->len > data_size)
10325 return -EINVAL;
10326 }
10327
10328 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
10329 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
10330 if (!rdev->wiphy.wowlan->tcp->seq)
10331 return -EINVAL;
10332 if (seq->len == 0 || seq->len > 4)
10333 return -EINVAL;
10334 if (seq->len + seq->offset > data_size)
10335 return -EINVAL;
10336 }
10337
10338 size = sizeof(*cfg);
10339 size += data_size;
10340 size += wake_size + wake_mask_size;
10341 size += tokens_size;
10342
10343 cfg = kzalloc(size, GFP_KERNEL);
10344 if (!cfg)
10345 return -ENOMEM;
10346 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
10347 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
10348 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
10349 ETH_ALEN);
10350 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
10351 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
10352 else
10353 port = 0;
10354#ifdef CONFIG_INET
10355
10356 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
10357 IPPROTO_TCP, &cfg->sock, 1);
10358 if (err) {
10359 kfree(cfg);
10360 return err;
10361 }
10362 if (inet_csk_get_port(cfg->sock->sk, port)) {
10363 sock_release(cfg->sock);
10364 kfree(cfg);
10365 return -EADDRINUSE;
10366 }
10367 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
10368#else
10369 if (!port) {
10370 kfree(cfg);
10371 return -EINVAL;
10372 }
10373 cfg->src_port = port;
10374#endif
10375
10376 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
10377 cfg->payload_len = data_size;
10378 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
10379 memcpy((void *)cfg->payload,
10380 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
10381 data_size);
10382 if (seq)
10383 cfg->payload_seq = *seq;
10384 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
10385 cfg->wake_len = wake_size;
10386 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
10387 memcpy((void *)cfg->wake_data,
10388 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
10389 wake_size);
10390 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
10391 data_size + wake_size;
10392 memcpy((void *)cfg->wake_mask,
10393 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
10394 wake_mask_size);
10395 if (tok) {
10396 cfg->tokens_size = tokens_size;
10397 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
10398 }
10399
10400 trig->tcp = cfg;
10401
10402 return 0;
10403}
10404
10405static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
10406 const struct wiphy_wowlan_support *wowlan,
10407 struct nlattr *attr,
10408 struct cfg80211_wowlan *trig)
10409{
10410 struct nlattr **tb;
10411 int err;
10412
10413 tb = kzalloc(NUM_NL80211_ATTR * sizeof(*tb), GFP_KERNEL);
10414 if (!tb)
10415 return -ENOMEM;
10416
10417 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
10418 err = -EOPNOTSUPP;
10419 goto out;
10420 }
10421
10422 err = nla_parse_nested(tb, NL80211_ATTR_MAX, attr, nl80211_policy,
10423 NULL);
10424 if (err)
10425 goto out;
10426
10427 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
10428 wowlan->max_nd_match_sets);
10429 err = PTR_ERR_OR_ZERO(trig->nd_config);
10430 if (err)
10431 trig->nd_config = NULL;
10432
10433out:
10434 kfree(tb);
10435 return err;
10436}
10437
10438static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
10439{
10440 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10441 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
10442 struct cfg80211_wowlan new_triggers = {};
10443 struct cfg80211_wowlan *ntrig;
10444 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
10445 int err, i;
10446 bool prev_enabled = rdev->wiphy.wowlan_config;
10447 bool regular = false;
10448
10449 if (!wowlan)
10450 return -EOPNOTSUPP;
10451
10452 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
10453 cfg80211_rdev_free_wowlan(rdev);
10454 rdev->wiphy.wowlan_config = NULL;
10455 goto set_wakeup;
10456 }
10457
10458 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TRIG,
10459 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
10460 nl80211_wowlan_policy, info->extack);
10461 if (err)
10462 return err;
10463
10464 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
10465 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
10466 return -EINVAL;
10467 new_triggers.any = true;
10468 }
10469
10470 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
10471 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
10472 return -EINVAL;
10473 new_triggers.disconnect = true;
10474 regular = true;
10475 }
10476
10477 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
10478 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
10479 return -EINVAL;
10480 new_triggers.magic_pkt = true;
10481 regular = true;
10482 }
10483
10484 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
10485 return -EINVAL;
10486
10487 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
10488 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
10489 return -EINVAL;
10490 new_triggers.gtk_rekey_failure = true;
10491 regular = true;
10492 }
10493
10494 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
10495 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
10496 return -EINVAL;
10497 new_triggers.eap_identity_req = true;
10498 regular = true;
10499 }
10500
10501 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
10502 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
10503 return -EINVAL;
10504 new_triggers.four_way_handshake = true;
10505 regular = true;
10506 }
10507
10508 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
10509 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
10510 return -EINVAL;
10511 new_triggers.rfkill_release = true;
10512 regular = true;
10513 }
10514
10515 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
10516 struct nlattr *pat;
10517 int n_patterns = 0;
10518 int rem, pat_len, mask_len, pkt_offset;
10519 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
10520
10521 regular = true;
10522
10523 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
10524 rem)
10525 n_patterns++;
10526 if (n_patterns > wowlan->n_patterns)
10527 return -EINVAL;
10528
10529 new_triggers.patterns = kcalloc(n_patterns,
10530 sizeof(new_triggers.patterns[0]),
10531 GFP_KERNEL);
10532 if (!new_triggers.patterns)
10533 return -ENOMEM;
10534
10535 new_triggers.n_patterns = n_patterns;
10536 i = 0;
10537
10538 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
10539 rem) {
10540 u8 *mask_pat;
10541
10542 nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
10543 nl80211_packet_pattern_policy,
10544 info->extack);
10545 err = -EINVAL;
10546 if (!pat_tb[NL80211_PKTPAT_MASK] ||
10547 !pat_tb[NL80211_PKTPAT_PATTERN])
10548 goto error;
10549 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
10550 mask_len = DIV_ROUND_UP(pat_len, 8);
10551 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
10552 goto error;
10553 if (pat_len > wowlan->pattern_max_len ||
10554 pat_len < wowlan->pattern_min_len)
10555 goto error;
10556
10557 if (!pat_tb[NL80211_PKTPAT_OFFSET])
10558 pkt_offset = 0;
10559 else
10560 pkt_offset = nla_get_u32(
10561 pat_tb[NL80211_PKTPAT_OFFSET]);
10562 if (pkt_offset > wowlan->max_pkt_offset)
10563 goto error;
10564 new_triggers.patterns[i].pkt_offset = pkt_offset;
10565
10566 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
10567 if (!mask_pat) {
10568 err = -ENOMEM;
10569 goto error;
10570 }
10571 new_triggers.patterns[i].mask = mask_pat;
10572 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
10573 mask_len);
10574 mask_pat += mask_len;
10575 new_triggers.patterns[i].pattern = mask_pat;
10576 new_triggers.patterns[i].pattern_len = pat_len;
10577 memcpy(mask_pat,
10578 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
10579 pat_len);
10580 i++;
10581 }
10582 }
10583
10584 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
10585 regular = true;
10586 err = nl80211_parse_wowlan_tcp(
10587 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
10588 &new_triggers);
10589 if (err)
10590 goto error;
10591 }
10592
10593 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
10594 regular = true;
10595 err = nl80211_parse_wowlan_nd(
10596 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
10597 &new_triggers);
10598 if (err)
10599 goto error;
10600 }
10601
10602
10603
10604
10605
10606
10607
10608 if (new_triggers.any && regular) {
10609 err = -EINVAL;
10610 goto error;
10611 }
10612
10613 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
10614 if (!ntrig) {
10615 err = -ENOMEM;
10616 goto error;
10617 }
10618 cfg80211_rdev_free_wowlan(rdev);
10619 rdev->wiphy.wowlan_config = ntrig;
10620
10621 set_wakeup:
10622 if (rdev->ops->set_wakeup &&
10623 prev_enabled != !!rdev->wiphy.wowlan_config)
10624 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
10625
10626 return 0;
10627 error:
10628 for (i = 0; i < new_triggers.n_patterns; i++)
10629 kfree(new_triggers.patterns[i].mask);
10630 kfree(new_triggers.patterns);
10631 if (new_triggers.tcp && new_triggers.tcp->sock)
10632 sock_release(new_triggers.tcp->sock);
10633 kfree(new_triggers.tcp);
10634 kfree(new_triggers.nd_config);
10635 return err;
10636}
10637#endif
10638
10639static int nl80211_send_coalesce_rules(struct sk_buff *msg,
10640 struct cfg80211_registered_device *rdev)
10641{
10642 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
10643 int i, j, pat_len;
10644 struct cfg80211_coalesce_rules *rule;
10645
10646 if (!rdev->coalesce->n_rules)
10647 return 0;
10648
10649 nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
10650 if (!nl_rules)
10651 return -ENOBUFS;
10652
10653 for (i = 0; i < rdev->coalesce->n_rules; i++) {
10654 nl_rule = nla_nest_start(msg, i + 1);
10655 if (!nl_rule)
10656 return -ENOBUFS;
10657
10658 rule = &rdev->coalesce->rules[i];
10659 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
10660 rule->delay))
10661 return -ENOBUFS;
10662
10663 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
10664 rule->condition))
10665 return -ENOBUFS;
10666
10667 nl_pats = nla_nest_start(msg,
10668 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
10669 if (!nl_pats)
10670 return -ENOBUFS;
10671
10672 for (j = 0; j < rule->n_patterns; j++) {
10673 nl_pat = nla_nest_start(msg, j + 1);
10674 if (!nl_pat)
10675 return -ENOBUFS;
10676 pat_len = rule->patterns[j].pattern_len;
10677 if (nla_put(msg, NL80211_PKTPAT_MASK,
10678 DIV_ROUND_UP(pat_len, 8),
10679 rule->patterns[j].mask) ||
10680 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10681 rule->patterns[j].pattern) ||
10682 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10683 rule->patterns[j].pkt_offset))
10684 return -ENOBUFS;
10685 nla_nest_end(msg, nl_pat);
10686 }
10687 nla_nest_end(msg, nl_pats);
10688 nla_nest_end(msg, nl_rule);
10689 }
10690 nla_nest_end(msg, nl_rules);
10691
10692 return 0;
10693}
10694
10695static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
10696{
10697 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10698 struct sk_buff *msg;
10699 void *hdr;
10700
10701 if (!rdev->wiphy.coalesce)
10702 return -EOPNOTSUPP;
10703
10704 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10705 if (!msg)
10706 return -ENOMEM;
10707
10708 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10709 NL80211_CMD_GET_COALESCE);
10710 if (!hdr)
10711 goto nla_put_failure;
10712
10713 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
10714 goto nla_put_failure;
10715
10716 genlmsg_end(msg, hdr);
10717 return genlmsg_reply(msg, info);
10718
10719nla_put_failure:
10720 nlmsg_free(msg);
10721 return -ENOBUFS;
10722}
10723
10724void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
10725{
10726 struct cfg80211_coalesce *coalesce = rdev->coalesce;
10727 int i, j;
10728 struct cfg80211_coalesce_rules *rule;
10729
10730 if (!coalesce)
10731 return;
10732
10733 for (i = 0; i < coalesce->n_rules; i++) {
10734 rule = &coalesce->rules[i];
10735 for (j = 0; j < rule->n_patterns; j++)
10736 kfree(rule->patterns[j].mask);
10737 kfree(rule->patterns);
10738 }
10739 kfree(coalesce->rules);
10740 kfree(coalesce);
10741 rdev->coalesce = NULL;
10742}
10743
10744static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
10745 struct nlattr *rule,
10746 struct cfg80211_coalesce_rules *new_rule)
10747{
10748 int err, i;
10749 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10750 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
10751 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
10752 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
10753
10754 err = nla_parse_nested(tb, NL80211_ATTR_COALESCE_RULE_MAX, rule,
10755 nl80211_coalesce_policy, NULL);
10756 if (err)
10757 return err;
10758
10759 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
10760 new_rule->delay =
10761 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
10762 if (new_rule->delay > coalesce->max_delay)
10763 return -EINVAL;
10764
10765 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
10766 new_rule->condition =
10767 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
10768 if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
10769 new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
10770 return -EINVAL;
10771
10772 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
10773 return -EINVAL;
10774
10775 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10776 rem)
10777 n_patterns++;
10778 if (n_patterns > coalesce->n_patterns)
10779 return -EINVAL;
10780
10781 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
10782 GFP_KERNEL);
10783 if (!new_rule->patterns)
10784 return -ENOMEM;
10785
10786 new_rule->n_patterns = n_patterns;
10787 i = 0;
10788
10789 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10790 rem) {
10791 u8 *mask_pat;
10792
10793 nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
10794 nl80211_packet_pattern_policy, NULL);
10795 if (!pat_tb[NL80211_PKTPAT_MASK] ||
10796 !pat_tb[NL80211_PKTPAT_PATTERN])
10797 return -EINVAL;
10798 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
10799 mask_len = DIV_ROUND_UP(pat_len, 8);
10800 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
10801 return -EINVAL;
10802 if (pat_len > coalesce->pattern_max_len ||
10803 pat_len < coalesce->pattern_min_len)
10804 return -EINVAL;
10805
10806 if (!pat_tb[NL80211_PKTPAT_OFFSET])
10807 pkt_offset = 0;
10808 else
10809 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
10810 if (pkt_offset > coalesce->max_pkt_offset)
10811 return -EINVAL;
10812 new_rule->patterns[i].pkt_offset = pkt_offset;
10813
10814 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
10815 if (!mask_pat)
10816 return -ENOMEM;
10817
10818 new_rule->patterns[i].mask = mask_pat;
10819 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
10820 mask_len);
10821
10822 mask_pat += mask_len;
10823 new_rule->patterns[i].pattern = mask_pat;
10824 new_rule->patterns[i].pattern_len = pat_len;
10825 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
10826 pat_len);
10827 i++;
10828 }
10829
10830 return 0;
10831}
10832
10833static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
10834{
10835 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10836 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10837 struct cfg80211_coalesce new_coalesce = {};
10838 struct cfg80211_coalesce *n_coalesce;
10839 int err, rem_rule, n_rules = 0, i, j;
10840 struct nlattr *rule;
10841 struct cfg80211_coalesce_rules *tmp_rule;
10842
10843 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
10844 return -EOPNOTSUPP;
10845
10846 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
10847 cfg80211_rdev_free_coalesce(rdev);
10848 rdev_set_coalesce(rdev, NULL);
10849 return 0;
10850 }
10851
10852 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10853 rem_rule)
10854 n_rules++;
10855 if (n_rules > coalesce->n_rules)
10856 return -EINVAL;
10857
10858 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
10859 GFP_KERNEL);
10860 if (!new_coalesce.rules)
10861 return -ENOMEM;
10862
10863 new_coalesce.n_rules = n_rules;
10864 i = 0;
10865
10866 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10867 rem_rule) {
10868 err = nl80211_parse_coalesce_rule(rdev, rule,
10869 &new_coalesce.rules[i]);
10870 if (err)
10871 goto error;
10872
10873 i++;
10874 }
10875
10876 err = rdev_set_coalesce(rdev, &new_coalesce);
10877 if (err)
10878 goto error;
10879
10880 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
10881 if (!n_coalesce) {
10882 err = -ENOMEM;
10883 goto error;
10884 }
10885 cfg80211_rdev_free_coalesce(rdev);
10886 rdev->coalesce = n_coalesce;
10887
10888 return 0;
10889error:
10890 for (i = 0; i < new_coalesce.n_rules; i++) {
10891 tmp_rule = &new_coalesce.rules[i];
10892 for (j = 0; j < tmp_rule->n_patterns; j++)
10893 kfree(tmp_rule->patterns[j].mask);
10894 kfree(tmp_rule->patterns);
10895 }
10896 kfree(new_coalesce.rules);
10897
10898 return err;
10899}
10900
10901static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
10902{
10903 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10904 struct net_device *dev = info->user_ptr[1];
10905 struct wireless_dev *wdev = dev->ieee80211_ptr;
10906 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
10907 struct cfg80211_gtk_rekey_data rekey_data;
10908 int err;
10909
10910 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
10911 return -EINVAL;
10912
10913 err = nla_parse_nested(tb, MAX_NL80211_REKEY_DATA,
10914 info->attrs[NL80211_ATTR_REKEY_DATA],
10915 nl80211_rekey_policy, info->extack);
10916 if (err)
10917 return err;
10918
10919 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
10920 !tb[NL80211_REKEY_DATA_KCK])
10921 return -EINVAL;
10922 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
10923 return -ERANGE;
10924 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
10925 return -ERANGE;
10926 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
10927 return -ERANGE;
10928
10929 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
10930 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
10931 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
10932
10933 wdev_lock(wdev);
10934 if (!wdev->current_bss) {
10935 err = -ENOTCONN;
10936 goto out;
10937 }
10938
10939 if (!rdev->ops->set_rekey_data) {
10940 err = -EOPNOTSUPP;
10941 goto out;
10942 }
10943
10944 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
10945 out:
10946 wdev_unlock(wdev);
10947 return err;
10948}
10949
10950static int nl80211_register_unexpected_frame(struct sk_buff *skb,
10951 struct genl_info *info)
10952{
10953 struct net_device *dev = info->user_ptr[1];
10954 struct wireless_dev *wdev = dev->ieee80211_ptr;
10955
10956 if (wdev->iftype != NL80211_IFTYPE_AP &&
10957 wdev->iftype != NL80211_IFTYPE_P2P_GO)
10958 return -EINVAL;
10959
10960 if (wdev->ap_unexpected_nlportid)
10961 return -EBUSY;
10962
10963 wdev->ap_unexpected_nlportid = info->snd_portid;
10964 return 0;
10965}
10966
10967static int nl80211_probe_client(struct sk_buff *skb,
10968 struct genl_info *info)
10969{
10970 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10971 struct net_device *dev = info->user_ptr[1];
10972 struct wireless_dev *wdev = dev->ieee80211_ptr;
10973 struct sk_buff *msg;
10974 void *hdr;
10975 const u8 *addr;
10976 u64 cookie;
10977 int err;
10978
10979 if (wdev->iftype != NL80211_IFTYPE_AP &&
10980 wdev->iftype != NL80211_IFTYPE_P2P_GO)
10981 return -EOPNOTSUPP;
10982
10983 if (!info->attrs[NL80211_ATTR_MAC])
10984 return -EINVAL;
10985
10986 if (!rdev->ops->probe_client)
10987 return -EOPNOTSUPP;
10988
10989 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10990 if (!msg)
10991 return -ENOMEM;
10992
10993 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10994 NL80211_CMD_PROBE_CLIENT);
10995 if (!hdr) {
10996 err = -ENOBUFS;
10997 goto free_msg;
10998 }
10999
11000 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
11001
11002 err = rdev_probe_client(rdev, dev, addr, &cookie);
11003 if (err)
11004 goto free_msg;
11005
11006 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11007 NL80211_ATTR_PAD))
11008 goto nla_put_failure;
11009
11010 genlmsg_end(msg, hdr);
11011
11012 return genlmsg_reply(msg, info);
11013
11014 nla_put_failure:
11015 err = -ENOBUFS;
11016 free_msg:
11017 nlmsg_free(msg);
11018 return err;
11019}
11020
11021static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
11022{
11023 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11024 struct cfg80211_beacon_registration *reg, *nreg;
11025 int rv;
11026
11027 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
11028 return -EOPNOTSUPP;
11029
11030 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
11031 if (!nreg)
11032 return -ENOMEM;
11033
11034
11035 spin_lock_bh(&rdev->beacon_registrations_lock);
11036 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11037 if (reg->nlportid == info->snd_portid) {
11038 rv = -EALREADY;
11039 goto out_err;
11040 }
11041 }
11042
11043 nreg->nlportid = info->snd_portid;
11044 list_add(&nreg->list, &rdev->beacon_registrations);
11045
11046 spin_unlock_bh(&rdev->beacon_registrations_lock);
11047
11048 return 0;
11049out_err:
11050 spin_unlock_bh(&rdev->beacon_registrations_lock);
11051 kfree(nreg);
11052 return rv;
11053}
11054
11055static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
11056{
11057 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11058 struct wireless_dev *wdev = info->user_ptr[1];
11059 int err;
11060
11061 if (!rdev->ops->start_p2p_device)
11062 return -EOPNOTSUPP;
11063
11064 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11065 return -EOPNOTSUPP;
11066
11067 if (wdev_running(wdev))
11068 return 0;
11069
11070 if (rfkill_blocked(rdev->rfkill))
11071 return -ERFKILL;
11072
11073 err = rdev_start_p2p_device(rdev, wdev);
11074 if (err)
11075 return err;
11076
11077 wdev->is_running = true;
11078 rdev->opencount++;
11079
11080 return 0;
11081}
11082
11083static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
11084{
11085 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11086 struct wireless_dev *wdev = info->user_ptr[1];
11087
11088 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11089 return -EOPNOTSUPP;
11090
11091 if (!rdev->ops->stop_p2p_device)
11092 return -EOPNOTSUPP;
11093
11094 cfg80211_stop_p2p_device(rdev, wdev);
11095
11096 return 0;
11097}
11098
11099static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
11100{
11101 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11102 struct wireless_dev *wdev = info->user_ptr[1];
11103 struct cfg80211_nan_conf conf = {};
11104 int err;
11105
11106 if (wdev->iftype != NL80211_IFTYPE_NAN)
11107 return -EOPNOTSUPP;
11108
11109 if (wdev_running(wdev))
11110 return -EEXIST;
11111
11112 if (rfkill_blocked(rdev->rfkill))
11113 return -ERFKILL;
11114
11115 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
11116 return -EINVAL;
11117
11118 conf.master_pref =
11119 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11120 if (!conf.master_pref)
11121 return -EINVAL;
11122
11123 if (info->attrs[NL80211_ATTR_BANDS]) {
11124 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11125
11126 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11127 return -EOPNOTSUPP;
11128
11129 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11130 return -EINVAL;
11131
11132 conf.bands = bands;
11133 }
11134
11135 err = rdev_start_nan(rdev, wdev, &conf);
11136 if (err)
11137 return err;
11138
11139 wdev->is_running = true;
11140 rdev->opencount++;
11141
11142 return 0;
11143}
11144
11145static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
11146{
11147 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11148 struct wireless_dev *wdev = info->user_ptr[1];
11149
11150 if (wdev->iftype != NL80211_IFTYPE_NAN)
11151 return -EOPNOTSUPP;
11152
11153 cfg80211_stop_nan(rdev, wdev);
11154
11155 return 0;
11156}
11157
11158static int validate_nan_filter(struct nlattr *filter_attr)
11159{
11160 struct nlattr *attr;
11161 int len = 0, n_entries = 0, rem;
11162
11163 nla_for_each_nested(attr, filter_attr, rem) {
11164 len += nla_len(attr);
11165 n_entries++;
11166 }
11167
11168 if (len >= U8_MAX)
11169 return -EINVAL;
11170
11171 return n_entries;
11172}
11173
11174static int handle_nan_filter(struct nlattr *attr_filter,
11175 struct cfg80211_nan_func *func,
11176 bool tx)
11177{
11178 struct nlattr *attr;
11179 int n_entries, rem, i;
11180 struct cfg80211_nan_func_filter *filter;
11181
11182 n_entries = validate_nan_filter(attr_filter);
11183 if (n_entries < 0)
11184 return n_entries;
11185
11186 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
11187
11188 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
11189 if (!filter)
11190 return -ENOMEM;
11191
11192 i = 0;
11193 nla_for_each_nested(attr, attr_filter, rem) {
11194 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
11195 filter[i].len = nla_len(attr);
11196 i++;
11197 }
11198 if (tx) {
11199 func->num_tx_filters = n_entries;
11200 func->tx_filters = filter;
11201 } else {
11202 func->num_rx_filters = n_entries;
11203 func->rx_filters = filter;
11204 }
11205
11206 return 0;
11207}
11208
11209static int nl80211_nan_add_func(struct sk_buff *skb,
11210 struct genl_info *info)
11211{
11212 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11213 struct wireless_dev *wdev = info->user_ptr[1];
11214 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
11215 struct cfg80211_nan_func *func;
11216 struct sk_buff *msg = NULL;
11217 void *hdr = NULL;
11218 int err = 0;
11219
11220 if (wdev->iftype != NL80211_IFTYPE_NAN)
11221 return -EOPNOTSUPP;
11222
11223 if (!wdev_running(wdev))
11224 return -ENOTCONN;
11225
11226 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
11227 return -EINVAL;
11228
11229 err = nla_parse_nested(tb, NL80211_NAN_FUNC_ATTR_MAX,
11230 info->attrs[NL80211_ATTR_NAN_FUNC],
11231 nl80211_nan_func_policy, info->extack);
11232 if (err)
11233 return err;
11234
11235 func = kzalloc(sizeof(*func), GFP_KERNEL);
11236 if (!func)
11237 return -ENOMEM;
11238
11239 func->cookie = wdev->wiphy->cookie_counter++;
11240
11241 if (!tb[NL80211_NAN_FUNC_TYPE] ||
11242 nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
11243 err = -EINVAL;
11244 goto out;
11245 }
11246
11247
11248 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
11249
11250 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
11251 err = -EINVAL;
11252 goto out;
11253 }
11254
11255 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
11256 sizeof(func->service_id));
11257
11258 func->close_range =
11259 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
11260
11261 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
11262 func->serv_spec_info_len =
11263 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
11264 func->serv_spec_info =
11265 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
11266 func->serv_spec_info_len,
11267 GFP_KERNEL);
11268 if (!func->serv_spec_info) {
11269 err = -ENOMEM;
11270 goto out;
11271 }
11272 }
11273
11274 if (tb[NL80211_NAN_FUNC_TTL])
11275 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
11276
11277 switch (func->type) {
11278 case NL80211_NAN_FUNC_PUBLISH:
11279 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
11280 err = -EINVAL;
11281 goto out;
11282 }
11283
11284 func->publish_type =
11285 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
11286 func->publish_bcast =
11287 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
11288
11289 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
11290 func->publish_bcast) {
11291 err = -EINVAL;
11292 goto out;
11293 }
11294 break;
11295 case NL80211_NAN_FUNC_SUBSCRIBE:
11296 func->subscribe_active =
11297 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
11298 break;
11299 case NL80211_NAN_FUNC_FOLLOW_UP:
11300 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
11301 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]) {
11302 err = -EINVAL;
11303 goto out;
11304 }
11305
11306 func->followup_id =
11307 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
11308 func->followup_reqid =
11309 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
11310 memcpy(func->followup_dest.addr,
11311 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
11312 sizeof(func->followup_dest.addr));
11313 if (func->ttl) {
11314 err = -EINVAL;
11315 goto out;
11316 }
11317 break;
11318 default:
11319 err = -EINVAL;
11320 goto out;
11321 }
11322
11323 if (tb[NL80211_NAN_FUNC_SRF]) {
11324 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
11325
11326 err = nla_parse_nested(srf_tb, NL80211_NAN_SRF_ATTR_MAX,
11327 tb[NL80211_NAN_FUNC_SRF],
11328 nl80211_nan_srf_policy, info->extack);
11329 if (err)
11330 goto out;
11331
11332 func->srf_include =
11333 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
11334
11335 if (srf_tb[NL80211_NAN_SRF_BF]) {
11336 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
11337 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
11338 err = -EINVAL;
11339 goto out;
11340 }
11341
11342 func->srf_bf_len =
11343 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
11344 func->srf_bf =
11345 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
11346 func->srf_bf_len, GFP_KERNEL);
11347 if (!func->srf_bf) {
11348 err = -ENOMEM;
11349 goto out;
11350 }
11351
11352 func->srf_bf_idx =
11353 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
11354 } else {
11355 struct nlattr *attr, *mac_attr =
11356 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
11357 int n_entries, rem, i = 0;
11358
11359 if (!mac_attr) {
11360 err = -EINVAL;
11361 goto out;
11362 }
11363
11364 n_entries = validate_acl_mac_addrs(mac_attr);
11365 if (n_entries <= 0) {
11366 err = -EINVAL;
11367 goto out;
11368 }
11369
11370 func->srf_num_macs = n_entries;
11371 func->srf_macs =
11372 kzalloc(sizeof(*func->srf_macs) * n_entries,
11373 GFP_KERNEL);
11374 if (!func->srf_macs) {
11375 err = -ENOMEM;
11376 goto out;
11377 }
11378
11379 nla_for_each_nested(attr, mac_attr, rem)
11380 memcpy(func->srf_macs[i++].addr, nla_data(attr),
11381 sizeof(*func->srf_macs));
11382 }
11383 }
11384
11385 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
11386 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
11387 func, true);
11388 if (err)
11389 goto out;
11390 }
11391
11392 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
11393 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
11394 func, false);
11395 if (err)
11396 goto out;
11397 }
11398
11399 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11400 if (!msg) {
11401 err = -ENOMEM;
11402 goto out;
11403 }
11404
11405 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11406 NL80211_CMD_ADD_NAN_FUNCTION);
11407
11408 if (WARN_ON(!hdr)) {
11409 err = -ENOMEM;
11410 goto out;
11411 }
11412
11413 err = rdev_add_nan_func(rdev, wdev, func);
11414out:
11415 if (err < 0) {
11416 cfg80211_free_nan_func(func);
11417 nlmsg_free(msg);
11418 return err;
11419 }
11420
11421
11422 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
11423 NL80211_ATTR_PAD))
11424 goto nla_put_failure;
11425
11426 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
11427 if (!func_attr)
11428 goto nla_put_failure;
11429
11430 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
11431 func->instance_id))
11432 goto nla_put_failure;
11433
11434 nla_nest_end(msg, func_attr);
11435
11436 genlmsg_end(msg, hdr);
11437 return genlmsg_reply(msg, info);
11438
11439nla_put_failure:
11440 nlmsg_free(msg);
11441 return -ENOBUFS;
11442}
11443
11444static int nl80211_nan_del_func(struct sk_buff *skb,
11445 struct genl_info *info)
11446{
11447 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11448 struct wireless_dev *wdev = info->user_ptr[1];
11449 u64 cookie;
11450
11451 if (wdev->iftype != NL80211_IFTYPE_NAN)
11452 return -EOPNOTSUPP;
11453
11454 if (!wdev_running(wdev))
11455 return -ENOTCONN;
11456
11457 if (!info->attrs[NL80211_ATTR_COOKIE])
11458 return -EINVAL;
11459
11460 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11461
11462 rdev_del_nan_func(rdev, wdev, cookie);
11463
11464 return 0;
11465}
11466
11467static int nl80211_nan_change_config(struct sk_buff *skb,
11468 struct genl_info *info)
11469{
11470 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11471 struct wireless_dev *wdev = info->user_ptr[1];
11472 struct cfg80211_nan_conf conf = {};
11473 u32 changed = 0;
11474
11475 if (wdev->iftype != NL80211_IFTYPE_NAN)
11476 return -EOPNOTSUPP;
11477
11478 if (!wdev_running(wdev))
11479 return -ENOTCONN;
11480
11481 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
11482 conf.master_pref =
11483 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11484 if (conf.master_pref <= 1 || conf.master_pref == 255)
11485 return -EINVAL;
11486
11487 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
11488 }
11489
11490 if (info->attrs[NL80211_ATTR_BANDS]) {
11491 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11492
11493 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11494 return -EOPNOTSUPP;
11495
11496 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11497 return -EINVAL;
11498
11499 conf.bands = bands;
11500 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
11501 }
11502
11503 if (!changed)
11504 return -EINVAL;
11505
11506 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
11507}
11508
11509void cfg80211_nan_match(struct wireless_dev *wdev,
11510 struct cfg80211_nan_match_params *match, gfp_t gfp)
11511{
11512 struct wiphy *wiphy = wdev->wiphy;
11513 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11514 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
11515 struct sk_buff *msg;
11516 void *hdr;
11517
11518 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
11519 return;
11520
11521 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11522 if (!msg)
11523 return;
11524
11525 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
11526 if (!hdr) {
11527 nlmsg_free(msg);
11528 return;
11529 }
11530
11531 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11532 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11533 wdev->netdev->ifindex)) ||
11534 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11535 NL80211_ATTR_PAD))
11536 goto nla_put_failure;
11537
11538 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
11539 NL80211_ATTR_PAD) ||
11540 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
11541 goto nla_put_failure;
11542
11543 match_attr = nla_nest_start(msg, NL80211_ATTR_NAN_MATCH);
11544 if (!match_attr)
11545 goto nla_put_failure;
11546
11547 local_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_LOCAL);
11548 if (!local_func_attr)
11549 goto nla_put_failure;
11550
11551 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
11552 goto nla_put_failure;
11553
11554 nla_nest_end(msg, local_func_attr);
11555
11556 peer_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_PEER);
11557 if (!peer_func_attr)
11558 goto nla_put_failure;
11559
11560 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
11561 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
11562 goto nla_put_failure;
11563
11564 if (match->info && match->info_len &&
11565 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
11566 match->info))
11567 goto nla_put_failure;
11568
11569 nla_nest_end(msg, peer_func_attr);
11570 nla_nest_end(msg, match_attr);
11571 genlmsg_end(msg, hdr);
11572
11573 if (!wdev->owner_nlportid)
11574 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11575 msg, 0, NL80211_MCGRP_NAN, gfp);
11576 else
11577 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
11578 wdev->owner_nlportid);
11579
11580 return;
11581
11582nla_put_failure:
11583 nlmsg_free(msg);
11584}
11585EXPORT_SYMBOL(cfg80211_nan_match);
11586
11587void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
11588 u8 inst_id,
11589 enum nl80211_nan_func_term_reason reason,
11590 u64 cookie, gfp_t gfp)
11591{
11592 struct wiphy *wiphy = wdev->wiphy;
11593 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11594 struct sk_buff *msg;
11595 struct nlattr *func_attr;
11596 void *hdr;
11597
11598 if (WARN_ON(!inst_id))
11599 return;
11600
11601 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11602 if (!msg)
11603 return;
11604
11605 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
11606 if (!hdr) {
11607 nlmsg_free(msg);
11608 return;
11609 }
11610
11611 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11612 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11613 wdev->netdev->ifindex)) ||
11614 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11615 NL80211_ATTR_PAD))
11616 goto nla_put_failure;
11617
11618 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11619 NL80211_ATTR_PAD))
11620 goto nla_put_failure;
11621
11622 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
11623 if (!func_attr)
11624 goto nla_put_failure;
11625
11626 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
11627 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
11628 goto nla_put_failure;
11629
11630 nla_nest_end(msg, func_attr);
11631 genlmsg_end(msg, hdr);
11632
11633 if (!wdev->owner_nlportid)
11634 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11635 msg, 0, NL80211_MCGRP_NAN, gfp);
11636 else
11637 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
11638 wdev->owner_nlportid);
11639
11640 return;
11641
11642nla_put_failure:
11643 nlmsg_free(msg);
11644}
11645EXPORT_SYMBOL(cfg80211_nan_func_terminated);
11646
11647static int nl80211_get_protocol_features(struct sk_buff *skb,
11648 struct genl_info *info)
11649{
11650 void *hdr;
11651 struct sk_buff *msg;
11652
11653 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11654 if (!msg)
11655 return -ENOMEM;
11656
11657 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11658 NL80211_CMD_GET_PROTOCOL_FEATURES);
11659 if (!hdr)
11660 goto nla_put_failure;
11661
11662 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
11663 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
11664 goto nla_put_failure;
11665
11666 genlmsg_end(msg, hdr);
11667 return genlmsg_reply(msg, info);
11668
11669 nla_put_failure:
11670 kfree_skb(msg);
11671 return -ENOBUFS;
11672}
11673
11674static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
11675{
11676 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11677 struct cfg80211_update_ft_ies_params ft_params;
11678 struct net_device *dev = info->user_ptr[1];
11679
11680 if (!rdev->ops->update_ft_ies)
11681 return -EOPNOTSUPP;
11682
11683 if (!info->attrs[NL80211_ATTR_MDID] ||
11684 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
11685 return -EINVAL;
11686
11687 memset(&ft_params, 0, sizeof(ft_params));
11688 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
11689 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11690 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11691
11692 return rdev_update_ft_ies(rdev, dev, &ft_params);
11693}
11694
11695static int nl80211_crit_protocol_start(struct sk_buff *skb,
11696 struct genl_info *info)
11697{
11698 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11699 struct wireless_dev *wdev = info->user_ptr[1];
11700 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
11701 u16 duration;
11702 int ret;
11703
11704 if (!rdev->ops->crit_proto_start)
11705 return -EOPNOTSUPP;
11706
11707 if (WARN_ON(!rdev->ops->crit_proto_stop))
11708 return -EINVAL;
11709
11710 if (rdev->crit_proto_nlportid)
11711 return -EBUSY;
11712
11713
11714 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
11715 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
11716
11717 if (proto >= NUM_NL80211_CRIT_PROTO)
11718 return -EINVAL;
11719
11720
11721 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
11722 return -EINVAL;
11723
11724 duration =
11725 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
11726
11727 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
11728 return -ERANGE;
11729
11730 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
11731 if (!ret)
11732 rdev->crit_proto_nlportid = info->snd_portid;
11733
11734 return ret;
11735}
11736
11737static int nl80211_crit_protocol_stop(struct sk_buff *skb,
11738 struct genl_info *info)
11739{
11740 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11741 struct wireless_dev *wdev = info->user_ptr[1];
11742
11743 if (!rdev->ops->crit_proto_stop)
11744 return -EOPNOTSUPP;
11745
11746 if (rdev->crit_proto_nlportid) {
11747 rdev->crit_proto_nlportid = 0;
11748 rdev_crit_proto_stop(rdev, wdev);
11749 }
11750 return 0;
11751}
11752
11753static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
11754{
11755 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11756 struct wireless_dev *wdev =
11757 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
11758 int i, err;
11759 u32 vid, subcmd;
11760
11761 if (!rdev->wiphy.vendor_commands)
11762 return -EOPNOTSUPP;
11763
11764 if (IS_ERR(wdev)) {
11765 err = PTR_ERR(wdev);
11766 if (err != -EINVAL)
11767 return err;
11768 wdev = NULL;
11769 } else if (wdev->wiphy != &rdev->wiphy) {
11770 return -EINVAL;
11771 }
11772
11773 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
11774 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
11775 return -EINVAL;
11776
11777 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
11778 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
11779 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
11780 const struct wiphy_vendor_command *vcmd;
11781 void *data = NULL;
11782 int len = 0;
11783
11784 vcmd = &rdev->wiphy.vendor_commands[i];
11785
11786 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
11787 continue;
11788
11789 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
11790 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
11791 if (!wdev)
11792 return -EINVAL;
11793 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
11794 !wdev->netdev)
11795 return -EINVAL;
11796
11797 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
11798 if (!wdev_running(wdev))
11799 return -ENETDOWN;
11800 }
11801
11802 if (!vcmd->doit)
11803 return -EOPNOTSUPP;
11804 } else {
11805 wdev = NULL;
11806 }
11807
11808 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
11809 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
11810 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
11811 }
11812
11813 rdev->cur_cmd_info = info;
11814 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
11815 data, len);
11816 rdev->cur_cmd_info = NULL;
11817 return err;
11818 }
11819
11820 return -EOPNOTSUPP;
11821}
11822
11823static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
11824 struct netlink_callback *cb,
11825 struct cfg80211_registered_device **rdev,
11826 struct wireless_dev **wdev)
11827{
11828 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
11829 u32 vid, subcmd;
11830 unsigned int i;
11831 int vcmd_idx = -1;
11832 int err;
11833 void *data = NULL;
11834 unsigned int data_len = 0;
11835
11836 if (cb->args[0]) {
11837
11838 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
11839 struct wireless_dev *tmp;
11840
11841 if (!wiphy)
11842 return -ENODEV;
11843 *rdev = wiphy_to_rdev(wiphy);
11844 *wdev = NULL;
11845
11846 if (cb->args[1]) {
11847 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
11848 if (tmp->identifier == cb->args[1] - 1) {
11849 *wdev = tmp;
11850 break;
11851 }
11852 }
11853 }
11854
11855
11856 return 0;
11857 }
11858
11859 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, attrbuf,
11860 nl80211_fam.maxattr, nl80211_policy, NULL);
11861 if (err)
11862 return err;
11863
11864 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
11865 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD])
11866 return -EINVAL;
11867
11868 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
11869 if (IS_ERR(*wdev))
11870 *wdev = NULL;
11871
11872 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
11873 if (IS_ERR(*rdev))
11874 return PTR_ERR(*rdev);
11875
11876 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
11877 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
11878
11879 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
11880 const struct wiphy_vendor_command *vcmd;
11881
11882 vcmd = &(*rdev)->wiphy.vendor_commands[i];
11883
11884 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
11885 continue;
11886
11887 if (!vcmd->dumpit)
11888 return -EOPNOTSUPP;
11889
11890 vcmd_idx = i;
11891 break;
11892 }
11893
11894 if (vcmd_idx < 0)
11895 return -EOPNOTSUPP;
11896
11897 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
11898 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
11899 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
11900 }
11901
11902
11903 cb->args[0] = (*rdev)->wiphy_idx + 1;
11904
11905 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
11906 cb->args[2] = vcmd_idx;
11907 cb->args[3] = (unsigned long)data;
11908 cb->args[4] = data_len;
11909
11910
11911 return 0;
11912}
11913
11914static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
11915 struct netlink_callback *cb)
11916{
11917 struct cfg80211_registered_device *rdev;
11918 struct wireless_dev *wdev;
11919 unsigned int vcmd_idx;
11920 const struct wiphy_vendor_command *vcmd;
11921 void *data;
11922 int data_len;
11923 int err;
11924 struct nlattr *vendor_data;
11925
11926 rtnl_lock();
11927 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
11928 if (err)
11929 goto out;
11930
11931 vcmd_idx = cb->args[2];
11932 data = (void *)cb->args[3];
11933 data_len = cb->args[4];
11934 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
11935
11936 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
11937 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
11938 if (!wdev) {
11939 err = -EINVAL;
11940 goto out;
11941 }
11942 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
11943 !wdev->netdev) {
11944 err = -EINVAL;
11945 goto out;
11946 }
11947
11948 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
11949 if (!wdev_running(wdev)) {
11950 err = -ENETDOWN;
11951 goto out;
11952 }
11953 }
11954 }
11955
11956 while (1) {
11957 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
11958 cb->nlh->nlmsg_seq, NLM_F_MULTI,
11959 NL80211_CMD_VENDOR);
11960 if (!hdr)
11961 break;
11962
11963 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11964 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
11965 wdev_id(wdev),
11966 NL80211_ATTR_PAD))) {
11967 genlmsg_cancel(skb, hdr);
11968 break;
11969 }
11970
11971 vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
11972 if (!vendor_data) {
11973 genlmsg_cancel(skb, hdr);
11974 break;
11975 }
11976
11977 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
11978 (unsigned long *)&cb->args[5]);
11979 nla_nest_end(skb, vendor_data);
11980
11981 if (err == -ENOBUFS || err == -ENOENT) {
11982 genlmsg_cancel(skb, hdr);
11983 break;
11984 } else if (err) {
11985 genlmsg_cancel(skb, hdr);
11986 goto out;
11987 }
11988
11989 genlmsg_end(skb, hdr);
11990 }
11991
11992 err = skb->len;
11993 out:
11994 rtnl_unlock();
11995 return err;
11996}
11997
11998struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
11999 enum nl80211_commands cmd,
12000 enum nl80211_attrs attr,
12001 int approxlen)
12002{
12003 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12004
12005 if (WARN_ON(!rdev->cur_cmd_info))
12006 return NULL;
12007
12008 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
12009 rdev->cur_cmd_info->snd_portid,
12010 rdev->cur_cmd_info->snd_seq,
12011 cmd, attr, NULL, GFP_KERNEL);
12012}
12013EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
12014
12015int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
12016{
12017 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
12018 void *hdr = ((void **)skb->cb)[1];
12019 struct nlattr *data = ((void **)skb->cb)[2];
12020
12021
12022 memset(skb->cb, 0, sizeof(skb->cb));
12023
12024 if (WARN_ON(!rdev->cur_cmd_info)) {
12025 kfree_skb(skb);
12026 return -EINVAL;
12027 }
12028
12029 nla_nest_end(skb, data);
12030 genlmsg_end(skb, hdr);
12031 return genlmsg_reply(skb, rdev->cur_cmd_info);
12032}
12033EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
12034
12035static int nl80211_set_qos_map(struct sk_buff *skb,
12036 struct genl_info *info)
12037{
12038 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12039 struct cfg80211_qos_map *qos_map = NULL;
12040 struct net_device *dev = info->user_ptr[1];
12041 u8 *pos, len, num_des, des_len, des;
12042 int ret;
12043
12044 if (!rdev->ops->set_qos_map)
12045 return -EOPNOTSUPP;
12046
12047 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
12048 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
12049 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
12050
12051 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
12052 len > IEEE80211_QOS_MAP_LEN_MAX)
12053 return -EINVAL;
12054
12055 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
12056 if (!qos_map)
12057 return -ENOMEM;
12058
12059 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
12060 if (num_des) {
12061 des_len = num_des *
12062 sizeof(struct cfg80211_dscp_exception);
12063 memcpy(qos_map->dscp_exception, pos, des_len);
12064 qos_map->num_des = num_des;
12065 for (des = 0; des < num_des; des++) {
12066 if (qos_map->dscp_exception[des].up > 7) {
12067 kfree(qos_map);
12068 return -EINVAL;
12069 }
12070 }
12071 pos += des_len;
12072 }
12073 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
12074 }
12075
12076 wdev_lock(dev->ieee80211_ptr);
12077 ret = nl80211_key_allowed(dev->ieee80211_ptr);
12078 if (!ret)
12079 ret = rdev_set_qos_map(rdev, dev, qos_map);
12080 wdev_unlock(dev->ieee80211_ptr);
12081
12082 kfree(qos_map);
12083 return ret;
12084}
12085
12086static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
12087{
12088 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12089 struct net_device *dev = info->user_ptr[1];
12090 struct wireless_dev *wdev = dev->ieee80211_ptr;
12091 const u8 *peer;
12092 u8 tsid, up;
12093 u16 admitted_time = 0;
12094 int err;
12095
12096 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
12097 return -EOPNOTSUPP;
12098
12099 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
12100 !info->attrs[NL80211_ATTR_USER_PRIO])
12101 return -EINVAL;
12102
12103 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12104 if (tsid >= IEEE80211_NUM_TIDS)
12105 return -EINVAL;
12106
12107 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
12108 if (up >= IEEE80211_NUM_UPS)
12109 return -EINVAL;
12110
12111
12112 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
12113
12114
12115
12116
12117 return -EINVAL;
12118 }
12119
12120 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12121
12122 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
12123 admitted_time =
12124 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
12125 if (!admitted_time)
12126 return -EINVAL;
12127 }
12128
12129 wdev_lock(wdev);
12130 switch (wdev->iftype) {
12131 case NL80211_IFTYPE_STATION:
12132 case NL80211_IFTYPE_P2P_CLIENT:
12133 if (wdev->current_bss)
12134 break;
12135 err = -ENOTCONN;
12136 goto out;
12137 default:
12138 err = -EOPNOTSUPP;
12139 goto out;
12140 }
12141
12142 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
12143
12144 out:
12145 wdev_unlock(wdev);
12146 return err;
12147}
12148
12149static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
12150{
12151 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12152 struct net_device *dev = info->user_ptr[1];
12153 struct wireless_dev *wdev = dev->ieee80211_ptr;
12154 const u8 *peer;
12155 u8 tsid;
12156 int err;
12157
12158 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
12159 return -EINVAL;
12160
12161 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12162 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12163
12164 wdev_lock(wdev);
12165 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
12166 wdev_unlock(wdev);
12167
12168 return err;
12169}
12170
12171static int nl80211_tdls_channel_switch(struct sk_buff *skb,
12172 struct genl_info *info)
12173{
12174 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12175 struct net_device *dev = info->user_ptr[1];
12176 struct wireless_dev *wdev = dev->ieee80211_ptr;
12177 struct cfg80211_chan_def chandef = {};
12178 const u8 *addr;
12179 u8 oper_class;
12180 int err;
12181
12182 if (!rdev->ops->tdls_channel_switch ||
12183 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12184 return -EOPNOTSUPP;
12185
12186 switch (dev->ieee80211_ptr->iftype) {
12187 case NL80211_IFTYPE_STATION:
12188 case NL80211_IFTYPE_P2P_CLIENT:
12189 break;
12190 default:
12191 return -EOPNOTSUPP;
12192 }
12193
12194 if (!info->attrs[NL80211_ATTR_MAC] ||
12195 !info->attrs[NL80211_ATTR_OPER_CLASS])
12196 return -EINVAL;
12197
12198 err = nl80211_parse_chandef(rdev, info, &chandef);
12199 if (err)
12200 return err;
12201
12202
12203
12204
12205
12206
12207 if (chandef.chan->band == NL80211_BAND_2GHZ &&
12208 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
12209 chandef.width != NL80211_CHAN_WIDTH_20)
12210 return -EINVAL;
12211
12212
12213 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
12214 wdev->iftype))
12215 return -EINVAL;
12216
12217
12218 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
12219 return -EINVAL;
12220
12221 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12222 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
12223
12224 wdev_lock(wdev);
12225 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
12226 wdev_unlock(wdev);
12227
12228 return err;
12229}
12230
12231static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
12232 struct genl_info *info)
12233{
12234 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12235 struct net_device *dev = info->user_ptr[1];
12236 struct wireless_dev *wdev = dev->ieee80211_ptr;
12237 const u8 *addr;
12238
12239 if (!rdev->ops->tdls_channel_switch ||
12240 !rdev->ops->tdls_cancel_channel_switch ||
12241 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12242 return -EOPNOTSUPP;
12243
12244 switch (dev->ieee80211_ptr->iftype) {
12245 case NL80211_IFTYPE_STATION:
12246 case NL80211_IFTYPE_P2P_CLIENT:
12247 break;
12248 default:
12249 return -EOPNOTSUPP;
12250 }
12251
12252 if (!info->attrs[NL80211_ATTR_MAC])
12253 return -EINVAL;
12254
12255 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12256
12257 wdev_lock(wdev);
12258 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
12259 wdev_unlock(wdev);
12260
12261 return 0;
12262}
12263
12264static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
12265 struct genl_info *info)
12266{
12267 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12268 struct net_device *dev = info->user_ptr[1];
12269 struct wireless_dev *wdev = dev->ieee80211_ptr;
12270 const struct nlattr *nla;
12271 bool enabled;
12272
12273 if (!rdev->ops->set_multicast_to_unicast)
12274 return -EOPNOTSUPP;
12275
12276 if (wdev->iftype != NL80211_IFTYPE_AP &&
12277 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12278 return -EOPNOTSUPP;
12279
12280 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
12281 enabled = nla_get_flag(nla);
12282
12283 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
12284}
12285
12286static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
12287{
12288 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12289 struct net_device *dev = info->user_ptr[1];
12290 struct wireless_dev *wdev = dev->ieee80211_ptr;
12291 struct cfg80211_pmk_conf pmk_conf = {};
12292 int ret;
12293
12294 if (wdev->iftype != NL80211_IFTYPE_STATION &&
12295 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12296 return -EOPNOTSUPP;
12297
12298 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12299 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12300 return -EOPNOTSUPP;
12301
12302 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
12303 return -EINVAL;
12304
12305 wdev_lock(wdev);
12306 if (!wdev->current_bss) {
12307 ret = -ENOTCONN;
12308 goto out;
12309 }
12310
12311 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12312 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
12313 ret = -EINVAL;
12314 goto out;
12315 }
12316
12317 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12318 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
12319 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
12320 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
12321 ret = -EINVAL;
12322 goto out;
12323 }
12324
12325 if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
12326 int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12327
12328 if (r0_name_len != WLAN_PMK_NAME_LEN) {
12329 ret = -EINVAL;
12330 goto out;
12331 }
12332
12333 pmk_conf.pmk_r0_name =
12334 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12335 }
12336
12337 ret = rdev_set_pmk(rdev, dev, &pmk_conf);
12338out:
12339 wdev_unlock(wdev);
12340 return ret;
12341}
12342
12343static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
12344{
12345 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12346 struct net_device *dev = info->user_ptr[1];
12347 struct wireless_dev *wdev = dev->ieee80211_ptr;
12348 const u8 *aa;
12349 int ret;
12350
12351 if (wdev->iftype != NL80211_IFTYPE_STATION &&
12352 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12353 return -EOPNOTSUPP;
12354
12355 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12356 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12357 return -EOPNOTSUPP;
12358
12359 if (!info->attrs[NL80211_ATTR_MAC])
12360 return -EINVAL;
12361
12362 wdev_lock(wdev);
12363 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12364 ret = rdev_del_pmk(rdev, dev, aa);
12365 wdev_unlock(wdev);
12366
12367 return ret;
12368}
12369
12370#define NL80211_FLAG_NEED_WIPHY 0x01
12371#define NL80211_FLAG_NEED_NETDEV 0x02
12372#define NL80211_FLAG_NEED_RTNL 0x04
12373#define NL80211_FLAG_CHECK_NETDEV_UP 0x08
12374#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
12375 NL80211_FLAG_CHECK_NETDEV_UP)
12376#define NL80211_FLAG_NEED_WDEV 0x10
12377
12378#define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
12379 NL80211_FLAG_CHECK_NETDEV_UP)
12380#define NL80211_FLAG_CLEAR_SKB 0x20
12381
12382static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
12383 struct genl_info *info)
12384{
12385 struct cfg80211_registered_device *rdev;
12386 struct wireless_dev *wdev;
12387 struct net_device *dev;
12388 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
12389
12390 if (rtnl)
12391 rtnl_lock();
12392
12393 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
12394 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
12395 if (IS_ERR(rdev)) {
12396 if (rtnl)
12397 rtnl_unlock();
12398 return PTR_ERR(rdev);
12399 }
12400 info->user_ptr[0] = rdev;
12401 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
12402 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
12403 ASSERT_RTNL();
12404
12405 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
12406 info->attrs);
12407 if (IS_ERR(wdev)) {
12408 if (rtnl)
12409 rtnl_unlock();
12410 return PTR_ERR(wdev);
12411 }
12412
12413 dev = wdev->netdev;
12414 rdev = wiphy_to_rdev(wdev->wiphy);
12415
12416 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
12417 if (!dev) {
12418 if (rtnl)
12419 rtnl_unlock();
12420 return -EINVAL;
12421 }
12422
12423 info->user_ptr[1] = dev;
12424 } else {
12425 info->user_ptr[1] = wdev;
12426 }
12427
12428 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
12429 !wdev_running(wdev)) {
12430 if (rtnl)
12431 rtnl_unlock();
12432 return -ENETDOWN;
12433 }
12434
12435 if (dev)
12436 dev_hold(dev);
12437
12438 info->user_ptr[0] = rdev;
12439 }
12440
12441 return 0;
12442}
12443
12444static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
12445 struct genl_info *info)
12446{
12447 if (info->user_ptr[1]) {
12448 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
12449 struct wireless_dev *wdev = info->user_ptr[1];
12450
12451 if (wdev->netdev)
12452 dev_put(wdev->netdev);
12453 } else {
12454 dev_put(info->user_ptr[1]);
12455 }
12456 }
12457
12458 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
12459 rtnl_unlock();
12460
12461
12462
12463
12464
12465
12466 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
12467 struct nlmsghdr *nlh = nlmsg_hdr(skb);
12468
12469 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
12470 }
12471}
12472
12473static const struct genl_ops nl80211_ops[] = {
12474 {
12475 .cmd = NL80211_CMD_GET_WIPHY,
12476 .doit = nl80211_get_wiphy,
12477 .dumpit = nl80211_dump_wiphy,
12478 .done = nl80211_dump_wiphy_done,
12479 .policy = nl80211_policy,
12480
12481 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12482 NL80211_FLAG_NEED_RTNL,
12483 },
12484 {
12485 .cmd = NL80211_CMD_SET_WIPHY,
12486 .doit = nl80211_set_wiphy,
12487 .policy = nl80211_policy,
12488 .flags = GENL_UNS_ADMIN_PERM,
12489 .internal_flags = NL80211_FLAG_NEED_RTNL,
12490 },
12491 {
12492 .cmd = NL80211_CMD_GET_INTERFACE,
12493 .doit = nl80211_get_interface,
12494 .dumpit = nl80211_dump_interface,
12495 .policy = nl80211_policy,
12496
12497 .internal_flags = NL80211_FLAG_NEED_WDEV |
12498 NL80211_FLAG_NEED_RTNL,
12499 },
12500 {
12501 .cmd = NL80211_CMD_SET_INTERFACE,
12502 .doit = nl80211_set_interface,
12503 .policy = nl80211_policy,
12504 .flags = GENL_UNS_ADMIN_PERM,
12505 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12506 NL80211_FLAG_NEED_RTNL,
12507 },
12508 {
12509 .cmd = NL80211_CMD_NEW_INTERFACE,
12510 .doit = nl80211_new_interface,
12511 .policy = nl80211_policy,
12512 .flags = GENL_UNS_ADMIN_PERM,
12513 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12514 NL80211_FLAG_NEED_RTNL,
12515 },
12516 {
12517 .cmd = NL80211_CMD_DEL_INTERFACE,
12518 .doit = nl80211_del_interface,
12519 .policy = nl80211_policy,
12520 .flags = GENL_UNS_ADMIN_PERM,
12521 .internal_flags = NL80211_FLAG_NEED_WDEV |
12522 NL80211_FLAG_NEED_RTNL,
12523 },
12524 {
12525 .cmd = NL80211_CMD_GET_KEY,
12526 .doit = nl80211_get_key,
12527 .policy = nl80211_policy,
12528 .flags = GENL_UNS_ADMIN_PERM,
12529 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12530 NL80211_FLAG_NEED_RTNL,
12531 },
12532 {
12533 .cmd = NL80211_CMD_SET_KEY,
12534 .doit = nl80211_set_key,
12535 .policy = nl80211_policy,
12536 .flags = GENL_UNS_ADMIN_PERM,
12537 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12538 NL80211_FLAG_NEED_RTNL |
12539 NL80211_FLAG_CLEAR_SKB,
12540 },
12541 {
12542 .cmd = NL80211_CMD_NEW_KEY,
12543 .doit = nl80211_new_key,
12544 .policy = nl80211_policy,
12545 .flags = GENL_UNS_ADMIN_PERM,
12546 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12547 NL80211_FLAG_NEED_RTNL |
12548 NL80211_FLAG_CLEAR_SKB,
12549 },
12550 {
12551 .cmd = NL80211_CMD_DEL_KEY,
12552 .doit = nl80211_del_key,
12553 .policy = nl80211_policy,
12554 .flags = GENL_UNS_ADMIN_PERM,
12555 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12556 NL80211_FLAG_NEED_RTNL,
12557 },
12558 {
12559 .cmd = NL80211_CMD_SET_BEACON,
12560 .policy = nl80211_policy,
12561 .flags = GENL_UNS_ADMIN_PERM,
12562 .doit = nl80211_set_beacon,
12563 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12564 NL80211_FLAG_NEED_RTNL,
12565 },
12566 {
12567 .cmd = NL80211_CMD_START_AP,
12568 .policy = nl80211_policy,
12569 .flags = GENL_UNS_ADMIN_PERM,
12570 .doit = nl80211_start_ap,
12571 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12572 NL80211_FLAG_NEED_RTNL,
12573 },
12574 {
12575 .cmd = NL80211_CMD_STOP_AP,
12576 .policy = nl80211_policy,
12577 .flags = GENL_UNS_ADMIN_PERM,
12578 .doit = nl80211_stop_ap,
12579 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12580 NL80211_FLAG_NEED_RTNL,
12581 },
12582 {
12583 .cmd = NL80211_CMD_GET_STATION,
12584 .doit = nl80211_get_station,
12585 .dumpit = nl80211_dump_station,
12586 .policy = nl80211_policy,
12587 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12588 NL80211_FLAG_NEED_RTNL,
12589 },
12590 {
12591 .cmd = NL80211_CMD_SET_STATION,
12592 .doit = nl80211_set_station,
12593 .policy = nl80211_policy,
12594 .flags = GENL_UNS_ADMIN_PERM,
12595 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12596 NL80211_FLAG_NEED_RTNL,
12597 },
12598 {
12599 .cmd = NL80211_CMD_NEW_STATION,
12600 .doit = nl80211_new_station,
12601 .policy = nl80211_policy,
12602 .flags = GENL_UNS_ADMIN_PERM,
12603 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12604 NL80211_FLAG_NEED_RTNL,
12605 },
12606 {
12607 .cmd = NL80211_CMD_DEL_STATION,
12608 .doit = nl80211_del_station,
12609 .policy = nl80211_policy,
12610 .flags = GENL_UNS_ADMIN_PERM,
12611 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12612 NL80211_FLAG_NEED_RTNL,
12613 },
12614 {
12615 .cmd = NL80211_CMD_GET_MPATH,
12616 .doit = nl80211_get_mpath,
12617 .dumpit = nl80211_dump_mpath,
12618 .policy = nl80211_policy,
12619 .flags = GENL_UNS_ADMIN_PERM,
12620 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12621 NL80211_FLAG_NEED_RTNL,
12622 },
12623 {
12624 .cmd = NL80211_CMD_GET_MPP,
12625 .doit = nl80211_get_mpp,
12626 .dumpit = nl80211_dump_mpp,
12627 .policy = nl80211_policy,
12628 .flags = GENL_UNS_ADMIN_PERM,
12629 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12630 NL80211_FLAG_NEED_RTNL,
12631 },
12632 {
12633 .cmd = NL80211_CMD_SET_MPATH,
12634 .doit = nl80211_set_mpath,
12635 .policy = nl80211_policy,
12636 .flags = GENL_UNS_ADMIN_PERM,
12637 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12638 NL80211_FLAG_NEED_RTNL,
12639 },
12640 {
12641 .cmd = NL80211_CMD_NEW_MPATH,
12642 .doit = nl80211_new_mpath,
12643 .policy = nl80211_policy,
12644 .flags = GENL_UNS_ADMIN_PERM,
12645 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12646 NL80211_FLAG_NEED_RTNL,
12647 },
12648 {
12649 .cmd = NL80211_CMD_DEL_MPATH,
12650 .doit = nl80211_del_mpath,
12651 .policy = nl80211_policy,
12652 .flags = GENL_UNS_ADMIN_PERM,
12653 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12654 NL80211_FLAG_NEED_RTNL,
12655 },
12656 {
12657 .cmd = NL80211_CMD_SET_BSS,
12658 .doit = nl80211_set_bss,
12659 .policy = nl80211_policy,
12660 .flags = GENL_UNS_ADMIN_PERM,
12661 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12662 NL80211_FLAG_NEED_RTNL,
12663 },
12664 {
12665 .cmd = NL80211_CMD_GET_REG,
12666 .doit = nl80211_get_reg_do,
12667 .dumpit = nl80211_get_reg_dump,
12668 .policy = nl80211_policy,
12669 .internal_flags = NL80211_FLAG_NEED_RTNL,
12670
12671 },
12672#ifdef CONFIG_CFG80211_CRDA_SUPPORT
12673 {
12674 .cmd = NL80211_CMD_SET_REG,
12675 .doit = nl80211_set_reg,
12676 .policy = nl80211_policy,
12677 .flags = GENL_ADMIN_PERM,
12678 .internal_flags = NL80211_FLAG_NEED_RTNL,
12679 },
12680#endif
12681 {
12682 .cmd = NL80211_CMD_REQ_SET_REG,
12683 .doit = nl80211_req_set_reg,
12684 .policy = nl80211_policy,
12685 .flags = GENL_ADMIN_PERM,
12686 },
12687 {
12688 .cmd = NL80211_CMD_GET_MESH_CONFIG,
12689 .doit = nl80211_get_mesh_config,
12690 .policy = nl80211_policy,
12691
12692 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12693 NL80211_FLAG_NEED_RTNL,
12694 },
12695 {
12696 .cmd = NL80211_CMD_SET_MESH_CONFIG,
12697 .doit = nl80211_update_mesh_config,
12698 .policy = nl80211_policy,
12699 .flags = GENL_UNS_ADMIN_PERM,
12700 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12701 NL80211_FLAG_NEED_RTNL,
12702 },
12703 {
12704 .cmd = NL80211_CMD_TRIGGER_SCAN,
12705 .doit = nl80211_trigger_scan,
12706 .policy = nl80211_policy,
12707 .flags = GENL_UNS_ADMIN_PERM,
12708 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12709 NL80211_FLAG_NEED_RTNL,
12710 },
12711 {
12712 .cmd = NL80211_CMD_ABORT_SCAN,
12713 .doit = nl80211_abort_scan,
12714 .policy = nl80211_policy,
12715 .flags = GENL_UNS_ADMIN_PERM,
12716 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12717 NL80211_FLAG_NEED_RTNL,
12718 },
12719 {
12720 .cmd = NL80211_CMD_GET_SCAN,
12721 .policy = nl80211_policy,
12722 .dumpit = nl80211_dump_scan,
12723 },
12724 {
12725 .cmd = NL80211_CMD_START_SCHED_SCAN,
12726 .doit = nl80211_start_sched_scan,
12727 .policy = nl80211_policy,
12728 .flags = GENL_UNS_ADMIN_PERM,
12729 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12730 NL80211_FLAG_NEED_RTNL,
12731 },
12732 {
12733 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
12734 .doit = nl80211_stop_sched_scan,
12735 .policy = nl80211_policy,
12736 .flags = GENL_UNS_ADMIN_PERM,
12737 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12738 NL80211_FLAG_NEED_RTNL,
12739 },
12740 {
12741 .cmd = NL80211_CMD_AUTHENTICATE,
12742 .doit = nl80211_authenticate,
12743 .policy = nl80211_policy,
12744 .flags = GENL_UNS_ADMIN_PERM,
12745 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12746 NL80211_FLAG_NEED_RTNL |
12747 NL80211_FLAG_CLEAR_SKB,
12748 },
12749 {
12750 .cmd = NL80211_CMD_ASSOCIATE,
12751 .doit = nl80211_associate,
12752 .policy = nl80211_policy,
12753 .flags = GENL_UNS_ADMIN_PERM,
12754 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12755 NL80211_FLAG_NEED_RTNL,
12756 },
12757 {
12758 .cmd = NL80211_CMD_DEAUTHENTICATE,
12759 .doit = nl80211_deauthenticate,
12760 .policy = nl80211_policy,
12761 .flags = GENL_UNS_ADMIN_PERM,
12762 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12763 NL80211_FLAG_NEED_RTNL,
12764 },
12765 {
12766 .cmd = NL80211_CMD_DISASSOCIATE,
12767 .doit = nl80211_disassociate,
12768 .policy = nl80211_policy,
12769 .flags = GENL_UNS_ADMIN_PERM,
12770 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12771 NL80211_FLAG_NEED_RTNL,
12772 },
12773 {
12774 .cmd = NL80211_CMD_JOIN_IBSS,
12775 .doit = nl80211_join_ibss,
12776 .policy = nl80211_policy,
12777 .flags = GENL_UNS_ADMIN_PERM,
12778 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12779 NL80211_FLAG_NEED_RTNL,
12780 },
12781 {
12782 .cmd = NL80211_CMD_LEAVE_IBSS,
12783 .doit = nl80211_leave_ibss,
12784 .policy = nl80211_policy,
12785 .flags = GENL_UNS_ADMIN_PERM,
12786 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12787 NL80211_FLAG_NEED_RTNL,
12788 },
12789#ifdef CONFIG_NL80211_TESTMODE
12790 {
12791 .cmd = NL80211_CMD_TESTMODE,
12792 .doit = nl80211_testmode_do,
12793 .dumpit = nl80211_testmode_dump,
12794 .policy = nl80211_policy,
12795 .flags = GENL_UNS_ADMIN_PERM,
12796 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12797 NL80211_FLAG_NEED_RTNL,
12798 },
12799#endif
12800 {
12801 .cmd = NL80211_CMD_CONNECT,
12802 .doit = nl80211_connect,
12803 .policy = nl80211_policy,
12804 .flags = GENL_UNS_ADMIN_PERM,
12805 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12806 NL80211_FLAG_NEED_RTNL,
12807 },
12808 {
12809 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
12810 .doit = nl80211_update_connect_params,
12811 .policy = nl80211_policy,
12812 .flags = GENL_ADMIN_PERM,
12813 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12814 NL80211_FLAG_NEED_RTNL,
12815 },
12816 {
12817 .cmd = NL80211_CMD_DISCONNECT,
12818 .doit = nl80211_disconnect,
12819 .policy = nl80211_policy,
12820 .flags = GENL_UNS_ADMIN_PERM,
12821 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12822 NL80211_FLAG_NEED_RTNL,
12823 },
12824 {
12825 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
12826 .doit = nl80211_wiphy_netns,
12827 .policy = nl80211_policy,
12828 .flags = GENL_UNS_ADMIN_PERM,
12829 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12830 NL80211_FLAG_NEED_RTNL,
12831 },
12832 {
12833 .cmd = NL80211_CMD_GET_SURVEY,
12834 .policy = nl80211_policy,
12835 .dumpit = nl80211_dump_survey,
12836 },
12837 {
12838 .cmd = NL80211_CMD_SET_PMKSA,
12839 .doit = nl80211_setdel_pmksa,
12840 .policy = nl80211_policy,
12841 .flags = GENL_UNS_ADMIN_PERM,
12842 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12843 NL80211_FLAG_NEED_RTNL,
12844 },
12845 {
12846 .cmd = NL80211_CMD_DEL_PMKSA,
12847 .doit = nl80211_setdel_pmksa,
12848 .policy = nl80211_policy,
12849 .flags = GENL_UNS_ADMIN_PERM,
12850 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12851 NL80211_FLAG_NEED_RTNL,
12852 },
12853 {
12854 .cmd = NL80211_CMD_FLUSH_PMKSA,
12855 .doit = nl80211_flush_pmksa,
12856 .policy = nl80211_policy,
12857 .flags = GENL_UNS_ADMIN_PERM,
12858 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12859 NL80211_FLAG_NEED_RTNL,
12860 },
12861 {
12862 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
12863 .doit = nl80211_remain_on_channel,
12864 .policy = nl80211_policy,
12865 .flags = GENL_UNS_ADMIN_PERM,
12866 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12867 NL80211_FLAG_NEED_RTNL,
12868 },
12869 {
12870 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
12871 .doit = nl80211_cancel_remain_on_channel,
12872 .policy = nl80211_policy,
12873 .flags = GENL_UNS_ADMIN_PERM,
12874 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12875 NL80211_FLAG_NEED_RTNL,
12876 },
12877 {
12878 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
12879 .doit = nl80211_set_tx_bitrate_mask,
12880 .policy = nl80211_policy,
12881 .flags = GENL_UNS_ADMIN_PERM,
12882 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12883 NL80211_FLAG_NEED_RTNL,
12884 },
12885 {
12886 .cmd = NL80211_CMD_REGISTER_FRAME,
12887 .doit = nl80211_register_mgmt,
12888 .policy = nl80211_policy,
12889 .flags = GENL_UNS_ADMIN_PERM,
12890 .internal_flags = NL80211_FLAG_NEED_WDEV |
12891 NL80211_FLAG_NEED_RTNL,
12892 },
12893 {
12894 .cmd = NL80211_CMD_FRAME,
12895 .doit = nl80211_tx_mgmt,
12896 .policy = nl80211_policy,
12897 .flags = GENL_UNS_ADMIN_PERM,
12898 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12899 NL80211_FLAG_NEED_RTNL,
12900 },
12901 {
12902 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
12903 .doit = nl80211_tx_mgmt_cancel_wait,
12904 .policy = nl80211_policy,
12905 .flags = GENL_UNS_ADMIN_PERM,
12906 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12907 NL80211_FLAG_NEED_RTNL,
12908 },
12909 {
12910 .cmd = NL80211_CMD_SET_POWER_SAVE,
12911 .doit = nl80211_set_power_save,
12912 .policy = nl80211_policy,
12913 .flags = GENL_UNS_ADMIN_PERM,
12914 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12915 NL80211_FLAG_NEED_RTNL,
12916 },
12917 {
12918 .cmd = NL80211_CMD_GET_POWER_SAVE,
12919 .doit = nl80211_get_power_save,
12920 .policy = nl80211_policy,
12921
12922 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12923 NL80211_FLAG_NEED_RTNL,
12924 },
12925 {
12926 .cmd = NL80211_CMD_SET_CQM,
12927 .doit = nl80211_set_cqm,
12928 .policy = nl80211_policy,
12929 .flags = GENL_UNS_ADMIN_PERM,
12930 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12931 NL80211_FLAG_NEED_RTNL,
12932 },
12933 {
12934 .cmd = NL80211_CMD_SET_CHANNEL,
12935 .doit = nl80211_set_channel,
12936 .policy = nl80211_policy,
12937 .flags = GENL_UNS_ADMIN_PERM,
12938 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12939 NL80211_FLAG_NEED_RTNL,
12940 },
12941 {
12942 .cmd = NL80211_CMD_SET_WDS_PEER,
12943 .doit = nl80211_set_wds_peer,
12944 .policy = nl80211_policy,
12945 .flags = GENL_UNS_ADMIN_PERM,
12946 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12947 NL80211_FLAG_NEED_RTNL,
12948 },
12949 {
12950 .cmd = NL80211_CMD_JOIN_MESH,
12951 .doit = nl80211_join_mesh,
12952 .policy = nl80211_policy,
12953 .flags = GENL_UNS_ADMIN_PERM,
12954 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12955 NL80211_FLAG_NEED_RTNL,
12956 },
12957 {
12958 .cmd = NL80211_CMD_LEAVE_MESH,
12959 .doit = nl80211_leave_mesh,
12960 .policy = nl80211_policy,
12961 .flags = GENL_UNS_ADMIN_PERM,
12962 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12963 NL80211_FLAG_NEED_RTNL,
12964 },
12965 {
12966 .cmd = NL80211_CMD_JOIN_OCB,
12967 .doit = nl80211_join_ocb,
12968 .policy = nl80211_policy,
12969 .flags = GENL_UNS_ADMIN_PERM,
12970 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12971 NL80211_FLAG_NEED_RTNL,
12972 },
12973 {
12974 .cmd = NL80211_CMD_LEAVE_OCB,
12975 .doit = nl80211_leave_ocb,
12976 .policy = nl80211_policy,
12977 .flags = GENL_UNS_ADMIN_PERM,
12978 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12979 NL80211_FLAG_NEED_RTNL,
12980 },
12981#ifdef CONFIG_PM
12982 {
12983 .cmd = NL80211_CMD_GET_WOWLAN,
12984 .doit = nl80211_get_wowlan,
12985 .policy = nl80211_policy,
12986
12987 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12988 NL80211_FLAG_NEED_RTNL,
12989 },
12990 {
12991 .cmd = NL80211_CMD_SET_WOWLAN,
12992 .doit = nl80211_set_wowlan,
12993 .policy = nl80211_policy,
12994 .flags = GENL_UNS_ADMIN_PERM,
12995 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12996 NL80211_FLAG_NEED_RTNL,
12997 },
12998#endif
12999 {
13000 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
13001 .doit = nl80211_set_rekey_data,
13002 .policy = nl80211_policy,
13003 .flags = GENL_UNS_ADMIN_PERM,
13004 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13005 NL80211_FLAG_NEED_RTNL |
13006 NL80211_FLAG_CLEAR_SKB,
13007 },
13008 {
13009 .cmd = NL80211_CMD_TDLS_MGMT,
13010 .doit = nl80211_tdls_mgmt,
13011 .policy = nl80211_policy,
13012 .flags = GENL_UNS_ADMIN_PERM,
13013 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13014 NL80211_FLAG_NEED_RTNL,
13015 },
13016 {
13017 .cmd = NL80211_CMD_TDLS_OPER,
13018 .doit = nl80211_tdls_oper,
13019 .policy = nl80211_policy,
13020 .flags = GENL_UNS_ADMIN_PERM,
13021 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13022 NL80211_FLAG_NEED_RTNL,
13023 },
13024 {
13025 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
13026 .doit = nl80211_register_unexpected_frame,
13027 .policy = nl80211_policy,
13028 .flags = GENL_UNS_ADMIN_PERM,
13029 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13030 NL80211_FLAG_NEED_RTNL,
13031 },
13032 {
13033 .cmd = NL80211_CMD_PROBE_CLIENT,
13034 .doit = nl80211_probe_client,
13035 .policy = nl80211_policy,
13036 .flags = GENL_UNS_ADMIN_PERM,
13037 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13038 NL80211_FLAG_NEED_RTNL,
13039 },
13040 {
13041 .cmd = NL80211_CMD_REGISTER_BEACONS,
13042 .doit = nl80211_register_beacons,
13043 .policy = nl80211_policy,
13044 .flags = GENL_UNS_ADMIN_PERM,
13045 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13046 NL80211_FLAG_NEED_RTNL,
13047 },
13048 {
13049 .cmd = NL80211_CMD_SET_NOACK_MAP,
13050 .doit = nl80211_set_noack_map,
13051 .policy = nl80211_policy,
13052 .flags = GENL_UNS_ADMIN_PERM,
13053 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13054 NL80211_FLAG_NEED_RTNL,
13055 },
13056 {
13057 .cmd = NL80211_CMD_START_P2P_DEVICE,
13058 .doit = nl80211_start_p2p_device,
13059 .policy = nl80211_policy,
13060 .flags = GENL_UNS_ADMIN_PERM,
13061 .internal_flags = NL80211_FLAG_NEED_WDEV |
13062 NL80211_FLAG_NEED_RTNL,
13063 },
13064 {
13065 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
13066 .doit = nl80211_stop_p2p_device,
13067 .policy = nl80211_policy,
13068 .flags = GENL_UNS_ADMIN_PERM,
13069 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13070 NL80211_FLAG_NEED_RTNL,
13071 },
13072 {
13073 .cmd = NL80211_CMD_START_NAN,
13074 .doit = nl80211_start_nan,
13075 .policy = nl80211_policy,
13076 .flags = GENL_ADMIN_PERM,
13077 .internal_flags = NL80211_FLAG_NEED_WDEV |
13078 NL80211_FLAG_NEED_RTNL,
13079 },
13080 {
13081 .cmd = NL80211_CMD_STOP_NAN,
13082 .doit = nl80211_stop_nan,
13083 .policy = nl80211_policy,
13084 .flags = GENL_ADMIN_PERM,
13085 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13086 NL80211_FLAG_NEED_RTNL,
13087 },
13088 {
13089 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
13090 .doit = nl80211_nan_add_func,
13091 .policy = nl80211_policy,
13092 .flags = GENL_ADMIN_PERM,
13093 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13094 NL80211_FLAG_NEED_RTNL,
13095 },
13096 {
13097 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
13098 .doit = nl80211_nan_del_func,
13099 .policy = nl80211_policy,
13100 .flags = GENL_ADMIN_PERM,
13101 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13102 NL80211_FLAG_NEED_RTNL,
13103 },
13104 {
13105 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
13106 .doit = nl80211_nan_change_config,
13107 .policy = nl80211_policy,
13108 .flags = GENL_ADMIN_PERM,
13109 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13110 NL80211_FLAG_NEED_RTNL,
13111 },
13112 {
13113 .cmd = NL80211_CMD_SET_MCAST_RATE,
13114 .doit = nl80211_set_mcast_rate,
13115 .policy = nl80211_policy,
13116 .flags = GENL_UNS_ADMIN_PERM,
13117 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13118 NL80211_FLAG_NEED_RTNL,
13119 },
13120 {
13121 .cmd = NL80211_CMD_SET_MAC_ACL,
13122 .doit = nl80211_set_mac_acl,
13123 .policy = nl80211_policy,
13124 .flags = GENL_UNS_ADMIN_PERM,
13125 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13126 NL80211_FLAG_NEED_RTNL,
13127 },
13128 {
13129 .cmd = NL80211_CMD_RADAR_DETECT,
13130 .doit = nl80211_start_radar_detection,
13131 .policy = nl80211_policy,
13132 .flags = GENL_UNS_ADMIN_PERM,
13133 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13134 NL80211_FLAG_NEED_RTNL,
13135 },
13136 {
13137 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
13138 .doit = nl80211_get_protocol_features,
13139 .policy = nl80211_policy,
13140 },
13141 {
13142 .cmd = NL80211_CMD_UPDATE_FT_IES,
13143 .doit = nl80211_update_ft_ies,
13144 .policy = nl80211_policy,
13145 .flags = GENL_UNS_ADMIN_PERM,
13146 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13147 NL80211_FLAG_NEED_RTNL,
13148 },
13149 {
13150 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
13151 .doit = nl80211_crit_protocol_start,
13152 .policy = nl80211_policy,
13153 .flags = GENL_UNS_ADMIN_PERM,
13154 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13155 NL80211_FLAG_NEED_RTNL,
13156 },
13157 {
13158 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
13159 .doit = nl80211_crit_protocol_stop,
13160 .policy = nl80211_policy,
13161 .flags = GENL_UNS_ADMIN_PERM,
13162 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13163 NL80211_FLAG_NEED_RTNL,
13164 },
13165 {
13166 .cmd = NL80211_CMD_GET_COALESCE,
13167 .doit = nl80211_get_coalesce,
13168 .policy = nl80211_policy,
13169 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13170 NL80211_FLAG_NEED_RTNL,
13171 },
13172 {
13173 .cmd = NL80211_CMD_SET_COALESCE,
13174 .doit = nl80211_set_coalesce,
13175 .policy = nl80211_policy,
13176 .flags = GENL_UNS_ADMIN_PERM,
13177 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13178 NL80211_FLAG_NEED_RTNL,
13179 },
13180 {
13181 .cmd = NL80211_CMD_CHANNEL_SWITCH,
13182 .doit = nl80211_channel_switch,
13183 .policy = nl80211_policy,
13184 .flags = GENL_UNS_ADMIN_PERM,
13185 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13186 NL80211_FLAG_NEED_RTNL,
13187 },
13188 {
13189 .cmd = NL80211_CMD_VENDOR,
13190 .doit = nl80211_vendor_cmd,
13191 .dumpit = nl80211_vendor_cmd_dump,
13192 .policy = nl80211_policy,
13193 .flags = GENL_UNS_ADMIN_PERM,
13194 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13195 NL80211_FLAG_NEED_RTNL,
13196 },
13197 {
13198 .cmd = NL80211_CMD_SET_QOS_MAP,
13199 .doit = nl80211_set_qos_map,
13200 .policy = nl80211_policy,
13201 .flags = GENL_UNS_ADMIN_PERM,
13202 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13203 NL80211_FLAG_NEED_RTNL,
13204 },
13205 {
13206 .cmd = NL80211_CMD_ADD_TX_TS,
13207 .doit = nl80211_add_tx_ts,
13208 .policy = nl80211_policy,
13209 .flags = GENL_UNS_ADMIN_PERM,
13210 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13211 NL80211_FLAG_NEED_RTNL,
13212 },
13213 {
13214 .cmd = NL80211_CMD_DEL_TX_TS,
13215 .doit = nl80211_del_tx_ts,
13216 .policy = nl80211_policy,
13217 .flags = GENL_UNS_ADMIN_PERM,
13218 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13219 NL80211_FLAG_NEED_RTNL,
13220 },
13221 {
13222 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
13223 .doit = nl80211_tdls_channel_switch,
13224 .policy = nl80211_policy,
13225 .flags = GENL_UNS_ADMIN_PERM,
13226 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13227 NL80211_FLAG_NEED_RTNL,
13228 },
13229 {
13230 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
13231 .doit = nl80211_tdls_cancel_channel_switch,
13232 .policy = nl80211_policy,
13233 .flags = GENL_UNS_ADMIN_PERM,
13234 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13235 NL80211_FLAG_NEED_RTNL,
13236 },
13237 {
13238 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
13239 .doit = nl80211_set_multicast_to_unicast,
13240 .policy = nl80211_policy,
13241 .flags = GENL_UNS_ADMIN_PERM,
13242 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13243 NL80211_FLAG_NEED_RTNL,
13244 },
13245 {
13246 .cmd = NL80211_CMD_SET_PMK,
13247 .doit = nl80211_set_pmk,
13248 .policy = nl80211_policy,
13249 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13250 NL80211_FLAG_NEED_RTNL,
13251 },
13252 {
13253 .cmd = NL80211_CMD_DEL_PMK,
13254 .doit = nl80211_del_pmk,
13255 .policy = nl80211_policy,
13256 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13257 NL80211_FLAG_NEED_RTNL,
13258 },
13259
13260};
13261
13262static struct genl_family nl80211_fam __ro_after_init = {
13263 .name = NL80211_GENL_NAME,
13264 .hdrsize = 0,
13265 .version = 1,
13266 .maxattr = NL80211_ATTR_MAX,
13267 .netnsok = true,
13268 .pre_doit = nl80211_pre_doit,
13269 .post_doit = nl80211_post_doit,
13270 .module = THIS_MODULE,
13271 .ops = nl80211_ops,
13272 .n_ops = ARRAY_SIZE(nl80211_ops),
13273 .mcgrps = nl80211_mcgrps,
13274 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
13275};
13276
13277
13278
13279void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
13280 enum nl80211_commands cmd)
13281{
13282 struct sk_buff *msg;
13283 struct nl80211_dump_wiphy_state state = {};
13284
13285 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
13286 cmd != NL80211_CMD_DEL_WIPHY);
13287
13288 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13289 if (!msg)
13290 return;
13291
13292 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
13293 nlmsg_free(msg);
13294 return;
13295 }
13296
13297 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13298 NL80211_MCGRP_CONFIG, GFP_KERNEL);
13299}
13300
13301void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
13302 struct wireless_dev *wdev,
13303 enum nl80211_commands cmd)
13304{
13305 struct sk_buff *msg;
13306
13307 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
13308 cmd != NL80211_CMD_DEL_INTERFACE);
13309
13310 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13311 if (!msg)
13312 return;
13313
13314 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev,
13315 cmd == NL80211_CMD_DEL_INTERFACE) < 0) {
13316 nlmsg_free(msg);
13317 return;
13318 }
13319
13320 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13321 NL80211_MCGRP_CONFIG, GFP_KERNEL);
13322}
13323
13324static int nl80211_add_scan_req(struct sk_buff *msg,
13325 struct cfg80211_registered_device *rdev)
13326{
13327 struct cfg80211_scan_request *req = rdev->scan_req;
13328 struct nlattr *nest;
13329 int i;
13330
13331 if (WARN_ON(!req))
13332 return 0;
13333
13334 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
13335 if (!nest)
13336 goto nla_put_failure;
13337 for (i = 0; i < req->n_ssids; i++) {
13338 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
13339 goto nla_put_failure;
13340 }
13341 nla_nest_end(msg, nest);
13342
13343 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
13344 if (!nest)
13345 goto nla_put_failure;
13346 for (i = 0; i < req->n_channels; i++) {
13347 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
13348 goto nla_put_failure;
13349 }
13350 nla_nest_end(msg, nest);
13351
13352 if (req->ie &&
13353 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
13354 goto nla_put_failure;
13355
13356 if (req->flags &&
13357 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
13358 goto nla_put_failure;
13359
13360 if (req->info.scan_start_tsf &&
13361 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
13362 req->info.scan_start_tsf, NL80211_BSS_PAD) ||
13363 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
13364 req->info.tsf_bssid)))
13365 goto nla_put_failure;
13366
13367 return 0;
13368 nla_put_failure:
13369 return -ENOBUFS;
13370}
13371
13372static int nl80211_prep_scan_msg(struct sk_buff *msg,
13373 struct cfg80211_registered_device *rdev,
13374 struct wireless_dev *wdev,
13375 u32 portid, u32 seq, int flags,
13376 u32 cmd)
13377{
13378 void *hdr;
13379
13380 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
13381 if (!hdr)
13382 return -1;
13383
13384 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13385 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13386 wdev->netdev->ifindex)) ||
13387 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13388 NL80211_ATTR_PAD))
13389 goto nla_put_failure;
13390
13391
13392 nl80211_add_scan_req(msg, rdev);
13393
13394 genlmsg_end(msg, hdr);
13395 return 0;
13396
13397 nla_put_failure:
13398 genlmsg_cancel(msg, hdr);
13399 return -EMSGSIZE;
13400}
13401
13402static int
13403nl80211_prep_sched_scan_msg(struct sk_buff *msg,
13404 struct cfg80211_sched_scan_request *req, u32 cmd)
13405{
13406 void *hdr;
13407
13408 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13409 if (!hdr)
13410 return -1;
13411
13412 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
13413 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
13414 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
13415 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
13416 NL80211_ATTR_PAD))
13417 goto nla_put_failure;
13418
13419 genlmsg_end(msg, hdr);
13420 return 0;
13421
13422 nla_put_failure:
13423 genlmsg_cancel(msg, hdr);
13424 return -EMSGSIZE;
13425}
13426
13427void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
13428 struct wireless_dev *wdev)
13429{
13430 struct sk_buff *msg;
13431
13432 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13433 if (!msg)
13434 return;
13435
13436 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
13437 NL80211_CMD_TRIGGER_SCAN) < 0) {
13438 nlmsg_free(msg);
13439 return;
13440 }
13441
13442 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13443 NL80211_MCGRP_SCAN, GFP_KERNEL);
13444}
13445
13446struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
13447 struct wireless_dev *wdev, bool aborted)
13448{
13449 struct sk_buff *msg;
13450
13451 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13452 if (!msg)
13453 return NULL;
13454
13455 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
13456 aborted ? NL80211_CMD_SCAN_ABORTED :
13457 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
13458 nlmsg_free(msg);
13459 return NULL;
13460 }
13461
13462 return msg;
13463}
13464
13465
13466void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
13467 struct sk_buff *msg)
13468{
13469 if (!msg)
13470 return;
13471
13472 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13473 NL80211_MCGRP_SCAN, GFP_KERNEL);
13474}
13475
13476void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
13477{
13478 struct sk_buff *msg;
13479
13480 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13481 if (!msg)
13482 return;
13483
13484 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
13485 nlmsg_free(msg);
13486 return;
13487 }
13488
13489 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
13490 NL80211_MCGRP_SCAN, GFP_KERNEL);
13491}
13492
13493static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
13494 struct regulatory_request *request)
13495{
13496
13497 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
13498 goto nla_put_failure;
13499
13500 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
13501 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13502 NL80211_REGDOM_TYPE_WORLD))
13503 goto nla_put_failure;
13504 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
13505 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13506 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
13507 goto nla_put_failure;
13508 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
13509 request->intersect) {
13510 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13511 NL80211_REGDOM_TYPE_INTERSECTION))
13512 goto nla_put_failure;
13513 } else {
13514 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13515 NL80211_REGDOM_TYPE_COUNTRY) ||
13516 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
13517 request->alpha2))
13518 goto nla_put_failure;
13519 }
13520
13521 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
13522 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
13523
13524 if (wiphy &&
13525 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
13526 goto nla_put_failure;
13527
13528 if (wiphy &&
13529 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
13530 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
13531 goto nla_put_failure;
13532 }
13533
13534 return true;
13535
13536nla_put_failure:
13537 return false;
13538}
13539
13540
13541
13542
13543
13544void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
13545 struct regulatory_request *request)
13546{
13547 struct sk_buff *msg;
13548 void *hdr;
13549
13550 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13551 if (!msg)
13552 return;
13553
13554 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
13555 if (!hdr) {
13556 nlmsg_free(msg);
13557 return;
13558 }
13559
13560 if (nl80211_reg_change_event_fill(msg, request) == false)
13561 goto nla_put_failure;
13562
13563 genlmsg_end(msg, hdr);
13564
13565 rcu_read_lock();
13566 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
13567 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
13568 rcu_read_unlock();
13569
13570 return;
13571
13572nla_put_failure:
13573 genlmsg_cancel(msg, hdr);
13574 nlmsg_free(msg);
13575}
13576
13577static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
13578 struct net_device *netdev,
13579 const u8 *buf, size_t len,
13580 enum nl80211_commands cmd, gfp_t gfp,
13581 int uapsd_queues)
13582{
13583 struct sk_buff *msg;
13584 void *hdr;
13585
13586 msg = nlmsg_new(100 + len, gfp);
13587 if (!msg)
13588 return;
13589
13590 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13591 if (!hdr) {
13592 nlmsg_free(msg);
13593 return;
13594 }
13595
13596 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13597 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13598 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
13599 goto nla_put_failure;
13600
13601 if (uapsd_queues >= 0) {
13602 struct nlattr *nla_wmm =
13603 nla_nest_start(msg, NL80211_ATTR_STA_WME);
13604 if (!nla_wmm)
13605 goto nla_put_failure;
13606
13607 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
13608 uapsd_queues))
13609 goto nla_put_failure;
13610
13611 nla_nest_end(msg, nla_wmm);
13612 }
13613
13614 genlmsg_end(msg, hdr);
13615
13616 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13617 NL80211_MCGRP_MLME, gfp);
13618 return;
13619
13620 nla_put_failure:
13621 genlmsg_cancel(msg, hdr);
13622 nlmsg_free(msg);
13623}
13624
13625void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
13626 struct net_device *netdev, const u8 *buf,
13627 size_t len, gfp_t gfp)
13628{
13629 nl80211_send_mlme_event(rdev, netdev, buf, len,
13630 NL80211_CMD_AUTHENTICATE, gfp, -1);
13631}
13632
13633void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
13634 struct net_device *netdev, const u8 *buf,
13635 size_t len, gfp_t gfp, int uapsd_queues)
13636{
13637 nl80211_send_mlme_event(rdev, netdev, buf, len,
13638 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
13639}
13640
13641void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
13642 struct net_device *netdev, const u8 *buf,
13643 size_t len, gfp_t gfp)
13644{
13645 nl80211_send_mlme_event(rdev, netdev, buf, len,
13646 NL80211_CMD_DEAUTHENTICATE, gfp, -1);
13647}
13648
13649void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
13650 struct net_device *netdev, const u8 *buf,
13651 size_t len, gfp_t gfp)
13652{
13653 nl80211_send_mlme_event(rdev, netdev, buf, len,
13654 NL80211_CMD_DISASSOCIATE, gfp, -1);
13655}
13656
13657void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
13658 size_t len)
13659{
13660 struct wireless_dev *wdev = dev->ieee80211_ptr;
13661 struct wiphy *wiphy = wdev->wiphy;
13662 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13663 const struct ieee80211_mgmt *mgmt = (void *)buf;
13664 u32 cmd;
13665
13666 if (WARN_ON(len < 2))
13667 return;
13668
13669 if (ieee80211_is_deauth(mgmt->frame_control))
13670 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
13671 else
13672 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
13673
13674 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
13675 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
13676}
13677EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
13678
13679static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
13680 struct net_device *netdev, int cmd,
13681 const u8 *addr, gfp_t gfp)
13682{
13683 struct sk_buff *msg;
13684 void *hdr;
13685
13686 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13687 if (!msg)
13688 return;
13689
13690 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13691 if (!hdr) {
13692 nlmsg_free(msg);
13693 return;
13694 }
13695
13696 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13697 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13698 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
13699 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
13700 goto nla_put_failure;
13701
13702 genlmsg_end(msg, hdr);
13703
13704 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13705 NL80211_MCGRP_MLME, gfp);
13706 return;
13707
13708 nla_put_failure:
13709 genlmsg_cancel(msg, hdr);
13710 nlmsg_free(msg);
13711}
13712
13713void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
13714 struct net_device *netdev, const u8 *addr,
13715 gfp_t gfp)
13716{
13717 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
13718 addr, gfp);
13719}
13720
13721void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
13722 struct net_device *netdev, const u8 *addr,
13723 gfp_t gfp)
13724{
13725 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
13726 addr, gfp);
13727}
13728
13729void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
13730 struct net_device *netdev,
13731 struct cfg80211_connect_resp_params *cr,
13732 gfp_t gfp)
13733{
13734 struct sk_buff *msg;
13735 void *hdr;
13736
13737 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
13738 cr->fils_kek_len + cr->pmk_len +
13739 (cr->pmkid ? WLAN_PMKID_LEN : 0), gfp);
13740 if (!msg)
13741 return;
13742
13743 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
13744 if (!hdr) {
13745 nlmsg_free(msg);
13746 return;
13747 }
13748
13749 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13750 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13751 (cr->bssid &&
13752 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
13753 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
13754 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
13755 cr->status) ||
13756 (cr->status < 0 &&
13757 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
13758 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
13759 cr->timeout_reason))) ||
13760 (cr->req_ie &&
13761 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
13762 (cr->resp_ie &&
13763 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
13764 cr->resp_ie)) ||
13765 (cr->update_erp_next_seq_num &&
13766 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
13767 cr->fils_erp_next_seq_num)) ||
13768 (cr->status == WLAN_STATUS_SUCCESS &&
13769 ((cr->fils_kek &&
13770 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils_kek_len,
13771 cr->fils_kek)) ||
13772 (cr->pmk &&
13773 nla_put(msg, NL80211_ATTR_PMK, cr->pmk_len, cr->pmk)) ||
13774 (cr->pmkid &&
13775 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->pmkid)))))
13776 goto nla_put_failure;
13777
13778 genlmsg_end(msg, hdr);
13779
13780 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13781 NL80211_MCGRP_MLME, gfp);
13782 return;
13783
13784 nla_put_failure:
13785 genlmsg_cancel(msg, hdr);
13786 nlmsg_free(msg);
13787}
13788
13789void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
13790 struct net_device *netdev,
13791 struct cfg80211_roam_info *info, gfp_t gfp)
13792{
13793 struct sk_buff *msg;
13794 void *hdr;
13795 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
13796
13797 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len, gfp);
13798 if (!msg)
13799 return;
13800
13801 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
13802 if (!hdr) {
13803 nlmsg_free(msg);
13804 return;
13805 }
13806
13807 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13808 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13809 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
13810 (info->req_ie &&
13811 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
13812 info->req_ie)) ||
13813 (info->resp_ie &&
13814 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
13815 info->resp_ie)) ||
13816 (info->authorized &&
13817 nla_put_flag(msg, NL80211_ATTR_PORT_AUTHORIZED)))
13818 goto nla_put_failure;
13819
13820 genlmsg_end(msg, hdr);
13821
13822 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13823 NL80211_MCGRP_MLME, gfp);
13824 return;
13825
13826 nla_put_failure:
13827 genlmsg_cancel(msg, hdr);
13828 nlmsg_free(msg);
13829}
13830
13831void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
13832 struct net_device *netdev, u16 reason,
13833 const u8 *ie, size_t ie_len, bool from_ap)
13834{
13835 struct sk_buff *msg;
13836 void *hdr;
13837
13838 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
13839 if (!msg)
13840 return;
13841
13842 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
13843 if (!hdr) {
13844 nlmsg_free(msg);
13845 return;
13846 }
13847
13848 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13849 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13850 (from_ap && reason &&
13851 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
13852 (from_ap &&
13853 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
13854 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
13855 goto nla_put_failure;
13856
13857 genlmsg_end(msg, hdr);
13858
13859 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13860 NL80211_MCGRP_MLME, GFP_KERNEL);
13861 return;
13862
13863 nla_put_failure:
13864 genlmsg_cancel(msg, hdr);
13865 nlmsg_free(msg);
13866}
13867
13868void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
13869 struct net_device *netdev, const u8 *bssid,
13870 gfp_t gfp)
13871{
13872 struct sk_buff *msg;
13873 void *hdr;
13874
13875 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13876 if (!msg)
13877 return;
13878
13879 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
13880 if (!hdr) {
13881 nlmsg_free(msg);
13882 return;
13883 }
13884
13885 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13886 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13887 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
13888 goto nla_put_failure;
13889
13890 genlmsg_end(msg, hdr);
13891
13892 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13893 NL80211_MCGRP_MLME, gfp);
13894 return;
13895
13896 nla_put_failure:
13897 genlmsg_cancel(msg, hdr);
13898 nlmsg_free(msg);
13899}
13900
13901void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
13902 const u8* ie, u8 ie_len, gfp_t gfp)
13903{
13904 struct wireless_dev *wdev = dev->ieee80211_ptr;
13905 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
13906 struct sk_buff *msg;
13907 void *hdr;
13908
13909 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
13910 return;
13911
13912 trace_cfg80211_notify_new_peer_candidate(dev, addr);
13913
13914 msg = nlmsg_new(100 + ie_len, gfp);
13915 if (!msg)
13916 return;
13917
13918 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
13919 if (!hdr) {
13920 nlmsg_free(msg);
13921 return;
13922 }
13923
13924 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13925 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
13926 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
13927 (ie_len && ie &&
13928 nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
13929 goto nla_put_failure;
13930
13931 genlmsg_end(msg, hdr);
13932
13933 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13934 NL80211_MCGRP_MLME, gfp);
13935 return;
13936
13937 nla_put_failure:
13938 genlmsg_cancel(msg, hdr);
13939 nlmsg_free(msg);
13940}
13941EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
13942
13943void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
13944 struct net_device *netdev, const u8 *addr,
13945 enum nl80211_key_type key_type, int key_id,
13946 const u8 *tsc, gfp_t gfp)
13947{
13948 struct sk_buff *msg;
13949 void *hdr;
13950
13951 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13952 if (!msg)
13953 return;
13954
13955 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
13956 if (!hdr) {
13957 nlmsg_free(msg);
13958 return;
13959 }
13960
13961 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13962 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13963 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
13964 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
13965 (key_id != -1 &&
13966 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
13967 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
13968 goto nla_put_failure;
13969
13970 genlmsg_end(msg, hdr);
13971
13972 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13973 NL80211_MCGRP_MLME, gfp);
13974 return;
13975
13976 nla_put_failure:
13977 genlmsg_cancel(msg, hdr);
13978 nlmsg_free(msg);
13979}
13980
13981void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
13982 struct ieee80211_channel *channel_before,
13983 struct ieee80211_channel *channel_after)
13984{
13985 struct sk_buff *msg;
13986 void *hdr;
13987 struct nlattr *nl_freq;
13988
13989 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
13990 if (!msg)
13991 return;
13992
13993 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
13994 if (!hdr) {
13995 nlmsg_free(msg);
13996 return;
13997 }
13998
13999
14000
14001
14002
14003 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
14004 goto nla_put_failure;
14005
14006
14007 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
14008 if (!nl_freq)
14009 goto nla_put_failure;
14010 if (nl80211_msg_put_channel(msg, channel_before, false))
14011 goto nla_put_failure;
14012 nla_nest_end(msg, nl_freq);
14013
14014
14015 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
14016 if (!nl_freq)
14017 goto nla_put_failure;
14018 if (nl80211_msg_put_channel(msg, channel_after, false))
14019 goto nla_put_failure;
14020 nla_nest_end(msg, nl_freq);
14021
14022 genlmsg_end(msg, hdr);
14023
14024 rcu_read_lock();
14025 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14026 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
14027 rcu_read_unlock();
14028
14029 return;
14030
14031nla_put_failure:
14032 genlmsg_cancel(msg, hdr);
14033 nlmsg_free(msg);
14034}
14035
14036static void nl80211_send_remain_on_chan_event(
14037 int cmd, struct cfg80211_registered_device *rdev,
14038 struct wireless_dev *wdev, u64 cookie,
14039 struct ieee80211_channel *chan,
14040 unsigned int duration, gfp_t gfp)
14041{
14042 struct sk_buff *msg;
14043 void *hdr;
14044
14045 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14046 if (!msg)
14047 return;
14048
14049 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14050 if (!hdr) {
14051 nlmsg_free(msg);
14052 return;
14053 }
14054
14055 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14056 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14057 wdev->netdev->ifindex)) ||
14058 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14059 NL80211_ATTR_PAD) ||
14060 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
14061 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
14062 NL80211_CHAN_NO_HT) ||
14063 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14064 NL80211_ATTR_PAD))
14065 goto nla_put_failure;
14066
14067 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
14068 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
14069 goto nla_put_failure;
14070
14071 genlmsg_end(msg, hdr);
14072
14073 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14074 NL80211_MCGRP_MLME, gfp);
14075 return;
14076
14077 nla_put_failure:
14078 genlmsg_cancel(msg, hdr);
14079 nlmsg_free(msg);
14080}
14081
14082void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
14083 struct ieee80211_channel *chan,
14084 unsigned int duration, gfp_t gfp)
14085{
14086 struct wiphy *wiphy = wdev->wiphy;
14087 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14088
14089 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
14090 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
14091 rdev, wdev, cookie, chan,
14092 duration, gfp);
14093}
14094EXPORT_SYMBOL(cfg80211_ready_on_channel);
14095
14096void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
14097 struct ieee80211_channel *chan,
14098 gfp_t gfp)
14099{
14100 struct wiphy *wiphy = wdev->wiphy;
14101 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14102
14103 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
14104 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14105 rdev, wdev, cookie, chan, 0, gfp);
14106}
14107EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
14108
14109void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
14110 struct station_info *sinfo, gfp_t gfp)
14111{
14112 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14113 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14114 struct sk_buff *msg;
14115
14116 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
14117
14118 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14119 if (!msg)
14120 return;
14121
14122 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
14123 rdev, dev, mac_addr, sinfo) < 0) {
14124 nlmsg_free(msg);
14125 return;
14126 }
14127
14128 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14129 NL80211_MCGRP_MLME, gfp);
14130}
14131EXPORT_SYMBOL(cfg80211_new_sta);
14132
14133void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
14134 struct station_info *sinfo, gfp_t gfp)
14135{
14136 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14137 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14138 struct sk_buff *msg;
14139 struct station_info empty_sinfo = {};
14140
14141 if (!sinfo)
14142 sinfo = &empty_sinfo;
14143
14144 trace_cfg80211_del_sta(dev, mac_addr);
14145
14146 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14147 if (!msg)
14148 return;
14149
14150 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
14151 rdev, dev, mac_addr, sinfo) < 0) {
14152 nlmsg_free(msg);
14153 return;
14154 }
14155
14156 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14157 NL80211_MCGRP_MLME, gfp);
14158}
14159EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
14160
14161void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
14162 enum nl80211_connect_failed_reason reason,
14163 gfp_t gfp)
14164{
14165 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14166 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14167 struct sk_buff *msg;
14168 void *hdr;
14169
14170 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
14171 if (!msg)
14172 return;
14173
14174 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
14175 if (!hdr) {
14176 nlmsg_free(msg);
14177 return;
14178 }
14179
14180 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14181 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
14182 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
14183 goto nla_put_failure;
14184
14185 genlmsg_end(msg, hdr);
14186
14187 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14188 NL80211_MCGRP_MLME, gfp);
14189 return;
14190
14191 nla_put_failure:
14192 genlmsg_cancel(msg, hdr);
14193 nlmsg_free(msg);
14194}
14195EXPORT_SYMBOL(cfg80211_conn_failed);
14196
14197static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
14198 const u8 *addr, gfp_t gfp)
14199{
14200 struct wireless_dev *wdev = dev->ieee80211_ptr;
14201 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14202 struct sk_buff *msg;
14203 void *hdr;
14204 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
14205
14206 if (!nlportid)
14207 return false;
14208
14209 msg = nlmsg_new(100, gfp);
14210 if (!msg)
14211 return true;
14212
14213 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14214 if (!hdr) {
14215 nlmsg_free(msg);
14216 return true;
14217 }
14218
14219 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14220 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14221 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
14222 goto nla_put_failure;
14223
14224 genlmsg_end(msg, hdr);
14225 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
14226 return true;
14227
14228 nla_put_failure:
14229 genlmsg_cancel(msg, hdr);
14230 nlmsg_free(msg);
14231 return true;
14232}
14233
14234bool cfg80211_rx_spurious_frame(struct net_device *dev,
14235 const u8 *addr, gfp_t gfp)
14236{
14237 struct wireless_dev *wdev = dev->ieee80211_ptr;
14238 bool ret;
14239
14240 trace_cfg80211_rx_spurious_frame(dev, addr);
14241
14242 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
14243 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
14244 trace_cfg80211_return_bool(false);
14245 return false;
14246 }
14247 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
14248 addr, gfp);
14249 trace_cfg80211_return_bool(ret);
14250 return ret;
14251}
14252EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
14253
14254bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
14255 const u8 *addr, gfp_t gfp)
14256{
14257 struct wireless_dev *wdev = dev->ieee80211_ptr;
14258 bool ret;
14259
14260 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
14261
14262 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
14263 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
14264 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
14265 trace_cfg80211_return_bool(false);
14266 return false;
14267 }
14268 ret = __nl80211_unexpected_frame(dev,
14269 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
14270 addr, gfp);
14271 trace_cfg80211_return_bool(ret);
14272 return ret;
14273}
14274EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
14275
14276int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
14277 struct wireless_dev *wdev, u32 nlportid,
14278 int freq, int sig_dbm,
14279 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
14280{
14281 struct net_device *netdev = wdev->netdev;
14282 struct sk_buff *msg;
14283 void *hdr;
14284
14285 msg = nlmsg_new(100 + len, gfp);
14286 if (!msg)
14287 return -ENOMEM;
14288
14289 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
14290 if (!hdr) {
14291 nlmsg_free(msg);
14292 return -ENOMEM;
14293 }
14294
14295 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14296 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14297 netdev->ifindex)) ||
14298 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14299 NL80211_ATTR_PAD) ||
14300 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
14301 (sig_dbm &&
14302 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
14303 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14304 (flags &&
14305 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
14306 goto nla_put_failure;
14307
14308 genlmsg_end(msg, hdr);
14309
14310 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
14311
14312 nla_put_failure:
14313 genlmsg_cancel(msg, hdr);
14314 nlmsg_free(msg);
14315 return -ENOBUFS;
14316}
14317
14318void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
14319 const u8 *buf, size_t len, bool ack, gfp_t gfp)
14320{
14321 struct wiphy *wiphy = wdev->wiphy;
14322 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14323 struct net_device *netdev = wdev->netdev;
14324 struct sk_buff *msg;
14325 void *hdr;
14326
14327 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
14328
14329 msg = nlmsg_new(100 + len, gfp);
14330 if (!msg)
14331 return;
14332
14333 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
14334 if (!hdr) {
14335 nlmsg_free(msg);
14336 return;
14337 }
14338
14339 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14340 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14341 netdev->ifindex)) ||
14342 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14343 NL80211_ATTR_PAD) ||
14344 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14345 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14346 NL80211_ATTR_PAD) ||
14347 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
14348 goto nla_put_failure;
14349
14350 genlmsg_end(msg, hdr);
14351
14352 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14353 NL80211_MCGRP_MLME, gfp);
14354 return;
14355
14356 nla_put_failure:
14357 genlmsg_cancel(msg, hdr);
14358 nlmsg_free(msg);
14359}
14360EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
14361
14362static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
14363 const char *mac, gfp_t gfp)
14364{
14365 struct wireless_dev *wdev = dev->ieee80211_ptr;
14366 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14367 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14368 void **cb;
14369
14370 if (!msg)
14371 return NULL;
14372
14373 cb = (void **)msg->cb;
14374
14375 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
14376 if (!cb[0]) {
14377 nlmsg_free(msg);
14378 return NULL;
14379 }
14380
14381 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14382 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
14383 goto nla_put_failure;
14384
14385 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
14386 goto nla_put_failure;
14387
14388 cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
14389 if (!cb[1])
14390 goto nla_put_failure;
14391
14392 cb[2] = rdev;
14393
14394 return msg;
14395 nla_put_failure:
14396 nlmsg_free(msg);
14397 return NULL;
14398}
14399
14400static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
14401{
14402 void **cb = (void **)msg->cb;
14403 struct cfg80211_registered_device *rdev = cb[2];
14404
14405 nla_nest_end(msg, cb[1]);
14406 genlmsg_end(msg, cb[0]);
14407
14408 memset(msg->cb, 0, sizeof(msg->cb));
14409
14410 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14411 NL80211_MCGRP_MLME, gfp);
14412}
14413
14414void cfg80211_cqm_rssi_notify(struct net_device *dev,
14415 enum nl80211_cqm_rssi_threshold_event rssi_event,
14416 s32 rssi_level, gfp_t gfp)
14417{
14418 struct sk_buff *msg;
14419 struct wireless_dev *wdev = dev->ieee80211_ptr;
14420 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14421
14422 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
14423
14424 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
14425 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
14426 return;
14427
14428 if (wdev->cqm_config) {
14429 wdev->cqm_config->last_rssi_event_value = rssi_level;
14430
14431 cfg80211_cqm_rssi_update(rdev, dev);
14432
14433 if (rssi_level == 0)
14434 rssi_level = wdev->cqm_config->last_rssi_event_value;
14435 }
14436
14437 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
14438 if (!msg)
14439 return;
14440
14441 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
14442 rssi_event))
14443 goto nla_put_failure;
14444
14445 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
14446 rssi_level))
14447 goto nla_put_failure;
14448
14449 cfg80211_send_cqm(msg, gfp);
14450
14451 return;
14452
14453 nla_put_failure:
14454 nlmsg_free(msg);
14455}
14456EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
14457
14458void cfg80211_cqm_txe_notify(struct net_device *dev,
14459 const u8 *peer, u32 num_packets,
14460 u32 rate, u32 intvl, gfp_t gfp)
14461{
14462 struct sk_buff *msg;
14463
14464 msg = cfg80211_prepare_cqm(dev, peer, gfp);
14465 if (!msg)
14466 return;
14467
14468 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
14469 goto nla_put_failure;
14470
14471 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
14472 goto nla_put_failure;
14473
14474 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
14475 goto nla_put_failure;
14476
14477 cfg80211_send_cqm(msg, gfp);
14478 return;
14479
14480 nla_put_failure:
14481 nlmsg_free(msg);
14482}
14483EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
14484
14485void cfg80211_cqm_pktloss_notify(struct net_device *dev,
14486 const u8 *peer, u32 num_packets, gfp_t gfp)
14487{
14488 struct sk_buff *msg;
14489
14490 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
14491
14492 msg = cfg80211_prepare_cqm(dev, peer, gfp);
14493 if (!msg)
14494 return;
14495
14496 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
14497 goto nla_put_failure;
14498
14499 cfg80211_send_cqm(msg, gfp);
14500 return;
14501
14502 nla_put_failure:
14503 nlmsg_free(msg);
14504}
14505EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
14506
14507void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
14508{
14509 struct sk_buff *msg;
14510
14511 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
14512 if (!msg)
14513 return;
14514
14515 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
14516 goto nla_put_failure;
14517
14518 cfg80211_send_cqm(msg, gfp);
14519 return;
14520
14521 nla_put_failure:
14522 nlmsg_free(msg);
14523}
14524EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
14525
14526static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
14527 struct net_device *netdev, const u8 *bssid,
14528 const u8 *replay_ctr, gfp_t gfp)
14529{
14530 struct sk_buff *msg;
14531 struct nlattr *rekey_attr;
14532 void *hdr;
14533
14534 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14535 if (!msg)
14536 return;
14537
14538 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
14539 if (!hdr) {
14540 nlmsg_free(msg);
14541 return;
14542 }
14543
14544 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14545 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14546 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14547 goto nla_put_failure;
14548
14549 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
14550 if (!rekey_attr)
14551 goto nla_put_failure;
14552
14553 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
14554 NL80211_REPLAY_CTR_LEN, replay_ctr))
14555 goto nla_put_failure;
14556
14557 nla_nest_end(msg, rekey_attr);
14558
14559 genlmsg_end(msg, hdr);
14560
14561 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14562 NL80211_MCGRP_MLME, gfp);
14563 return;
14564
14565 nla_put_failure:
14566 genlmsg_cancel(msg, hdr);
14567 nlmsg_free(msg);
14568}
14569
14570void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
14571 const u8 *replay_ctr, gfp_t gfp)
14572{
14573 struct wireless_dev *wdev = dev->ieee80211_ptr;
14574 struct wiphy *wiphy = wdev->wiphy;
14575 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14576
14577 trace_cfg80211_gtk_rekey_notify(dev, bssid);
14578 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
14579}
14580EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
14581
14582static void
14583nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
14584 struct net_device *netdev, int index,
14585 const u8 *bssid, bool preauth, gfp_t gfp)
14586{
14587 struct sk_buff *msg;
14588 struct nlattr *attr;
14589 void *hdr;
14590
14591 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14592 if (!msg)
14593 return;
14594
14595 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
14596 if (!hdr) {
14597 nlmsg_free(msg);
14598 return;
14599 }
14600
14601 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14602 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
14603 goto nla_put_failure;
14604
14605 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
14606 if (!attr)
14607 goto nla_put_failure;
14608
14609 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
14610 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
14611 (preauth &&
14612 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
14613 goto nla_put_failure;
14614
14615 nla_nest_end(msg, attr);
14616
14617 genlmsg_end(msg, hdr);
14618
14619 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14620 NL80211_MCGRP_MLME, gfp);
14621 return;
14622
14623 nla_put_failure:
14624 genlmsg_cancel(msg, hdr);
14625 nlmsg_free(msg);
14626}
14627
14628void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
14629 const u8 *bssid, bool preauth, gfp_t gfp)
14630{
14631 struct wireless_dev *wdev = dev->ieee80211_ptr;
14632 struct wiphy *wiphy = wdev->wiphy;
14633 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14634
14635 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
14636 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
14637}
14638EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
14639
14640static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
14641 struct net_device *netdev,
14642 struct cfg80211_chan_def *chandef,
14643 gfp_t gfp,
14644 enum nl80211_commands notif,
14645 u8 count)
14646{
14647 struct sk_buff *msg;
14648 void *hdr;
14649
14650 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14651 if (!msg)
14652 return;
14653
14654 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
14655 if (!hdr) {
14656 nlmsg_free(msg);
14657 return;
14658 }
14659
14660 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
14661 goto nla_put_failure;
14662
14663 if (nl80211_send_chandef(msg, chandef))
14664 goto nla_put_failure;
14665
14666 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
14667 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
14668 goto nla_put_failure;
14669
14670 genlmsg_end(msg, hdr);
14671
14672 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14673 NL80211_MCGRP_MLME, gfp);
14674 return;
14675
14676 nla_put_failure:
14677 genlmsg_cancel(msg, hdr);
14678 nlmsg_free(msg);
14679}
14680
14681void cfg80211_ch_switch_notify(struct net_device *dev,
14682 struct cfg80211_chan_def *chandef)
14683{
14684 struct wireless_dev *wdev = dev->ieee80211_ptr;
14685 struct wiphy *wiphy = wdev->wiphy;
14686 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14687
14688 ASSERT_WDEV_LOCK(wdev);
14689
14690 trace_cfg80211_ch_switch_notify(dev, chandef);
14691
14692 wdev->chandef = *chandef;
14693 wdev->preset_chandef = *chandef;
14694 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
14695 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
14696}
14697EXPORT_SYMBOL(cfg80211_ch_switch_notify);
14698
14699void cfg80211_ch_switch_started_notify(struct net_device *dev,
14700 struct cfg80211_chan_def *chandef,
14701 u8 count)
14702{
14703 struct wireless_dev *wdev = dev->ieee80211_ptr;
14704 struct wiphy *wiphy = wdev->wiphy;
14705 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14706
14707 trace_cfg80211_ch_switch_started_notify(dev, chandef);
14708
14709 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
14710 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
14711}
14712EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
14713
14714void
14715nl80211_radar_notify(struct cfg80211_registered_device *rdev,
14716 const struct cfg80211_chan_def *chandef,
14717 enum nl80211_radar_event event,
14718 struct net_device *netdev, gfp_t gfp)
14719{
14720 struct sk_buff *msg;
14721 void *hdr;
14722
14723 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14724 if (!msg)
14725 return;
14726
14727 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
14728 if (!hdr) {
14729 nlmsg_free(msg);
14730 return;
14731 }
14732
14733 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
14734 goto nla_put_failure;
14735
14736
14737 if (netdev) {
14738 struct wireless_dev *wdev = netdev->ieee80211_ptr;
14739
14740 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14741 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14742 NL80211_ATTR_PAD))
14743 goto nla_put_failure;
14744 }
14745
14746 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
14747 goto nla_put_failure;
14748
14749 if (nl80211_send_chandef(msg, chandef))
14750 goto nla_put_failure;
14751
14752 genlmsg_end(msg, hdr);
14753
14754 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14755 NL80211_MCGRP_MLME, gfp);
14756 return;
14757
14758 nla_put_failure:
14759 genlmsg_cancel(msg, hdr);
14760 nlmsg_free(msg);
14761}
14762
14763void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
14764 u64 cookie, bool acked, gfp_t gfp)
14765{
14766 struct wireless_dev *wdev = dev->ieee80211_ptr;
14767 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14768 struct sk_buff *msg;
14769 void *hdr;
14770
14771 trace_cfg80211_probe_status(dev, addr, cookie, acked);
14772
14773 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14774
14775 if (!msg)
14776 return;
14777
14778 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
14779 if (!hdr) {
14780 nlmsg_free(msg);
14781 return;
14782 }
14783
14784 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14785 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14786 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
14787 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14788 NL80211_ATTR_PAD) ||
14789 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
14790 goto nla_put_failure;
14791
14792 genlmsg_end(msg, hdr);
14793
14794 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14795 NL80211_MCGRP_MLME, gfp);
14796 return;
14797
14798 nla_put_failure:
14799 genlmsg_cancel(msg, hdr);
14800 nlmsg_free(msg);
14801}
14802EXPORT_SYMBOL(cfg80211_probe_status);
14803
14804void cfg80211_report_obss_beacon(struct wiphy *wiphy,
14805 const u8 *frame, size_t len,
14806 int freq, int sig_dbm)
14807{
14808 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14809 struct sk_buff *msg;
14810 void *hdr;
14811 struct cfg80211_beacon_registration *reg;
14812
14813 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
14814
14815 spin_lock_bh(&rdev->beacon_registrations_lock);
14816 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
14817 msg = nlmsg_new(len + 100, GFP_ATOMIC);
14818 if (!msg) {
14819 spin_unlock_bh(&rdev->beacon_registrations_lock);
14820 return;
14821 }
14822
14823 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
14824 if (!hdr)
14825 goto nla_put_failure;
14826
14827 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14828 (freq &&
14829 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
14830 (sig_dbm &&
14831 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
14832 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
14833 goto nla_put_failure;
14834
14835 genlmsg_end(msg, hdr);
14836
14837 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
14838 }
14839 spin_unlock_bh(&rdev->beacon_registrations_lock);
14840 return;
14841
14842 nla_put_failure:
14843 spin_unlock_bh(&rdev->beacon_registrations_lock);
14844 if (hdr)
14845 genlmsg_cancel(msg, hdr);
14846 nlmsg_free(msg);
14847}
14848EXPORT_SYMBOL(cfg80211_report_obss_beacon);
14849
14850#ifdef CONFIG_PM
14851static int cfg80211_net_detect_results(struct sk_buff *msg,
14852 struct cfg80211_wowlan_wakeup *wakeup)
14853{
14854 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
14855 struct nlattr *nl_results, *nl_match, *nl_freqs;
14856 int i, j;
14857
14858 nl_results = nla_nest_start(
14859 msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
14860 if (!nl_results)
14861 return -EMSGSIZE;
14862
14863 for (i = 0; i < nd->n_matches; i++) {
14864 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
14865
14866 nl_match = nla_nest_start(msg, i);
14867 if (!nl_match)
14868 break;
14869
14870
14871
14872
14873
14874
14875
14876
14877 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
14878 match->ssid.ssid)) {
14879 nla_nest_cancel(msg, nl_match);
14880 goto out;
14881 }
14882
14883 if (match->n_channels) {
14884 nl_freqs = nla_nest_start(
14885 msg, NL80211_ATTR_SCAN_FREQUENCIES);
14886 if (!nl_freqs) {
14887 nla_nest_cancel(msg, nl_match);
14888 goto out;
14889 }
14890
14891 for (j = 0; j < match->n_channels; j++) {
14892 if (nla_put_u32(msg, j, match->channels[j])) {
14893 nla_nest_cancel(msg, nl_freqs);
14894 nla_nest_cancel(msg, nl_match);
14895 goto out;
14896 }
14897 }
14898
14899 nla_nest_end(msg, nl_freqs);
14900 }
14901
14902 nla_nest_end(msg, nl_match);
14903 }
14904
14905out:
14906 nla_nest_end(msg, nl_results);
14907 return 0;
14908}
14909
14910void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
14911 struct cfg80211_wowlan_wakeup *wakeup,
14912 gfp_t gfp)
14913{
14914 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14915 struct sk_buff *msg;
14916 void *hdr;
14917 int size = 200;
14918
14919 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
14920
14921 if (wakeup)
14922 size += wakeup->packet_present_len;
14923
14924 msg = nlmsg_new(size, gfp);
14925 if (!msg)
14926 return;
14927
14928 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
14929 if (!hdr)
14930 goto free_msg;
14931
14932 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14933 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14934 NL80211_ATTR_PAD))
14935 goto free_msg;
14936
14937 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14938 wdev->netdev->ifindex))
14939 goto free_msg;
14940
14941 if (wakeup) {
14942 struct nlattr *reasons;
14943
14944 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
14945 if (!reasons)
14946 goto free_msg;
14947
14948 if (wakeup->disconnect &&
14949 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
14950 goto free_msg;
14951 if (wakeup->magic_pkt &&
14952 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
14953 goto free_msg;
14954 if (wakeup->gtk_rekey_failure &&
14955 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
14956 goto free_msg;
14957 if (wakeup->eap_identity_req &&
14958 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
14959 goto free_msg;
14960 if (wakeup->four_way_handshake &&
14961 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
14962 goto free_msg;
14963 if (wakeup->rfkill_release &&
14964 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
14965 goto free_msg;
14966
14967 if (wakeup->pattern_idx >= 0 &&
14968 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
14969 wakeup->pattern_idx))
14970 goto free_msg;
14971
14972 if (wakeup->tcp_match &&
14973 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
14974 goto free_msg;
14975
14976 if (wakeup->tcp_connlost &&
14977 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
14978 goto free_msg;
14979
14980 if (wakeup->tcp_nomoretokens &&
14981 nla_put_flag(msg,
14982 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
14983 goto free_msg;
14984
14985 if (wakeup->packet) {
14986 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
14987 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
14988
14989 if (!wakeup->packet_80211) {
14990 pkt_attr =
14991 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
14992 len_attr =
14993 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
14994 }
14995
14996 if (wakeup->packet_len &&
14997 nla_put_u32(msg, len_attr, wakeup->packet_len))
14998 goto free_msg;
14999
15000 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
15001 wakeup->packet))
15002 goto free_msg;
15003 }
15004
15005 if (wakeup->net_detect &&
15006 cfg80211_net_detect_results(msg, wakeup))
15007 goto free_msg;
15008
15009 nla_nest_end(msg, reasons);
15010 }
15011
15012 genlmsg_end(msg, hdr);
15013
15014 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15015 NL80211_MCGRP_MLME, gfp);
15016 return;
15017
15018 free_msg:
15019 nlmsg_free(msg);
15020}
15021EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
15022#endif
15023
15024void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
15025 enum nl80211_tdls_operation oper,
15026 u16 reason_code, gfp_t gfp)
15027{
15028 struct wireless_dev *wdev = dev->ieee80211_ptr;
15029 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15030 struct sk_buff *msg;
15031 void *hdr;
15032
15033 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
15034 reason_code);
15035
15036 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15037 if (!msg)
15038 return;
15039
15040 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
15041 if (!hdr) {
15042 nlmsg_free(msg);
15043 return;
15044 }
15045
15046 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15047 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15048 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
15049 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
15050 (reason_code > 0 &&
15051 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
15052 goto nla_put_failure;
15053
15054 genlmsg_end(msg, hdr);
15055
15056 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15057 NL80211_MCGRP_MLME, gfp);
15058 return;
15059
15060 nla_put_failure:
15061 genlmsg_cancel(msg, hdr);
15062 nlmsg_free(msg);
15063}
15064EXPORT_SYMBOL(cfg80211_tdls_oper_request);
15065
15066static int nl80211_netlink_notify(struct notifier_block * nb,
15067 unsigned long state,
15068 void *_notify)
15069{
15070 struct netlink_notify *notify = _notify;
15071 struct cfg80211_registered_device *rdev;
15072 struct wireless_dev *wdev;
15073 struct cfg80211_beacon_registration *reg, *tmp;
15074
15075 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
15076 return NOTIFY_DONE;
15077
15078 rcu_read_lock();
15079
15080 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
15081 struct cfg80211_sched_scan_request *sched_scan_req;
15082
15083 list_for_each_entry_rcu(sched_scan_req,
15084 &rdev->sched_scan_req_list,
15085 list) {
15086 if (sched_scan_req->owner_nlportid == notify->portid) {
15087 sched_scan_req->nl_owner_dead = true;
15088 schedule_work(&rdev->sched_scan_stop_wk);
15089 }
15090 }
15091
15092 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
15093 cfg80211_mlme_unregister_socket(wdev, notify->portid);
15094
15095 if (wdev->owner_nlportid == notify->portid) {
15096 wdev->nl_owner_dead = true;
15097 schedule_work(&rdev->destroy_work);
15098 } else if (wdev->conn_owner_nlportid == notify->portid) {
15099 schedule_work(&wdev->disconnect_wk);
15100 }
15101 }
15102
15103 spin_lock_bh(&rdev->beacon_registrations_lock);
15104 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
15105 list) {
15106 if (reg->nlportid == notify->portid) {
15107 list_del(®->list);
15108 kfree(reg);
15109 break;
15110 }
15111 }
15112 spin_unlock_bh(&rdev->beacon_registrations_lock);
15113 }
15114
15115 rcu_read_unlock();
15116
15117
15118
15119
15120
15121 regulatory_netlink_notify(notify->portid);
15122 return NOTIFY_OK;
15123}
15124
15125static struct notifier_block nl80211_netlink_notifier = {
15126 .notifier_call = nl80211_netlink_notify,
15127};
15128
15129void cfg80211_ft_event(struct net_device *netdev,
15130 struct cfg80211_ft_event_params *ft_event)
15131{
15132 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
15133 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15134 struct sk_buff *msg;
15135 void *hdr;
15136
15137 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
15138
15139 if (!ft_event->target_ap)
15140 return;
15141
15142 msg = nlmsg_new(100 + ft_event->ric_ies_len, GFP_KERNEL);
15143 if (!msg)
15144 return;
15145
15146 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
15147 if (!hdr)
15148 goto out;
15149
15150 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15151 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15152 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
15153 goto out;
15154
15155 if (ft_event->ies &&
15156 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
15157 goto out;
15158 if (ft_event->ric_ies &&
15159 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
15160 ft_event->ric_ies))
15161 goto out;
15162
15163 genlmsg_end(msg, hdr);
15164
15165 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15166 NL80211_MCGRP_MLME, GFP_KERNEL);
15167 return;
15168 out:
15169 nlmsg_free(msg);
15170}
15171EXPORT_SYMBOL(cfg80211_ft_event);
15172
15173void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
15174{
15175 struct cfg80211_registered_device *rdev;
15176 struct sk_buff *msg;
15177 void *hdr;
15178 u32 nlportid;
15179
15180 rdev = wiphy_to_rdev(wdev->wiphy);
15181 if (!rdev->crit_proto_nlportid)
15182 return;
15183
15184 nlportid = rdev->crit_proto_nlportid;
15185 rdev->crit_proto_nlportid = 0;
15186
15187 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15188 if (!msg)
15189 return;
15190
15191 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
15192 if (!hdr)
15193 goto nla_put_failure;
15194
15195 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15196 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15197 NL80211_ATTR_PAD))
15198 goto nla_put_failure;
15199
15200 genlmsg_end(msg, hdr);
15201
15202 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15203 return;
15204
15205 nla_put_failure:
15206 if (hdr)
15207 genlmsg_cancel(msg, hdr);
15208 nlmsg_free(msg);
15209}
15210EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
15211
15212void nl80211_send_ap_stopped(struct wireless_dev *wdev)
15213{
15214 struct wiphy *wiphy = wdev->wiphy;
15215 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15216 struct sk_buff *msg;
15217 void *hdr;
15218
15219 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15220 if (!msg)
15221 return;
15222
15223 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
15224 if (!hdr)
15225 goto out;
15226
15227 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15228 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
15229 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15230 NL80211_ATTR_PAD))
15231 goto out;
15232
15233 genlmsg_end(msg, hdr);
15234
15235 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
15236 NL80211_MCGRP_MLME, GFP_KERNEL);
15237 return;
15238 out:
15239 nlmsg_free(msg);
15240}
15241
15242
15243
15244int __init nl80211_init(void)
15245{
15246 int err;
15247
15248 err = genl_register_family(&nl80211_fam);
15249 if (err)
15250 return err;
15251
15252 err = netlink_register_notifier(&nl80211_netlink_notifier);
15253 if (err)
15254 goto err_out;
15255
15256 return 0;
15257 err_out:
15258 genl_unregister_family(&nl80211_fam);
15259 return err;
15260}
15261
15262void nl80211_exit(void)
15263{
15264 netlink_unregister_notifier(&nl80211_netlink_notifier);
15265 genl_unregister_family(&nl80211_fam);
15266}
15267
