1
2
3
4
5
6
7
8
9
10
11#include <linux/if.h>
12#include <linux/module.h>
13#include <linux/err.h>
14#include <linux/slab.h>
15#include <linux/list.h>
16#include <linux/if_ether.h>
17#include <linux/ieee80211.h>
18#include <linux/nl80211.h>
19#include <linux/rtnetlink.h>
20#include <linux/netlink.h>
21#include <linux/nospec.h>
22#include <linux/etherdevice.h>
23#include <linux/if_vlan.h>
24#include <net/net_namespace.h>
25#include <net/genetlink.h>
26#include <net/cfg80211.h>
27#include <net/sock.h>
28#include <net/inet_connection_sock.h>
29#include "core.h"
30#include "nl80211.h"
31#include "reg.h"
32#include "rdev-ops.h"
33
34static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
35 struct genl_info *info,
36 struct cfg80211_crypto_settings *settings,
37 int cipher_limit);
38
39
40static struct genl_family nl80211_fam;
41
42
43enum nl80211_multicast_groups {
44 NL80211_MCGRP_CONFIG,
45 NL80211_MCGRP_SCAN,
46 NL80211_MCGRP_REGULATORY,
47 NL80211_MCGRP_MLME,
48 NL80211_MCGRP_VENDOR,
49 NL80211_MCGRP_NAN,
50 NL80211_MCGRP_TESTMODE
51};
52
53static const struct genl_multicast_group nl80211_mcgrps[] = {
54 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
55 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
56 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
57 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
58 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
59 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
60#ifdef CONFIG_NL80211_TESTMODE
61 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
62#endif
63};
64
65
66static struct wireless_dev *
67__cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev,
68 struct net *netns, struct nlattr **attrs)
69{
70 struct wireless_dev *result = NULL;
71 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
72 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
73 u64 wdev_id = 0;
74 int wiphy_idx = -1;
75 int ifidx = -1;
76
77 if (!have_ifidx && !have_wdev_id)
78 return ERR_PTR(-EINVAL);
79
80 if (have_ifidx)
81 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82 if (have_wdev_id) {
83 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84 wiphy_idx = wdev_id >> 32;
85 }
86
87 if (rdev) {
88 struct wireless_dev *wdev;
89
90 lockdep_assert_held(&rdev->wiphy.mtx);
91
92 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
93 if (have_ifidx && wdev->netdev &&
94 wdev->netdev->ifindex == ifidx) {
95 result = wdev;
96 break;
97 }
98 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
99 result = wdev;
100 break;
101 }
102 }
103
104 return result ?: ERR_PTR(-ENODEV);
105 }
106
107 ASSERT_RTNL();
108
109 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
110 struct wireless_dev *wdev;
111
112 if (wiphy_net(&rdev->wiphy) != netns)
113 continue;
114
115 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
116 continue;
117
118 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
119 if (have_ifidx && wdev->netdev &&
120 wdev->netdev->ifindex == ifidx) {
121 result = wdev;
122 break;
123 }
124 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
125 result = wdev;
126 break;
127 }
128 }
129
130 if (result)
131 break;
132 }
133
134 if (result)
135 return result;
136 return ERR_PTR(-ENODEV);
137}
138
139static struct cfg80211_registered_device *
140__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
141{
142 struct cfg80211_registered_device *rdev = NULL, *tmp;
143 struct net_device *netdev;
144
145 ASSERT_RTNL();
146
147 if (!attrs[NL80211_ATTR_WIPHY] &&
148 !attrs[NL80211_ATTR_IFINDEX] &&
149 !attrs[NL80211_ATTR_WDEV])
150 return ERR_PTR(-EINVAL);
151
152 if (attrs[NL80211_ATTR_WIPHY])
153 rdev = cfg80211_rdev_by_wiphy_idx(
154 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
155
156 if (attrs[NL80211_ATTR_WDEV]) {
157 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
158 struct wireless_dev *wdev;
159 bool found = false;
160
161 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
162 if (tmp) {
163
164 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
165 if (wdev->identifier != (u32)wdev_id)
166 continue;
167 found = true;
168 break;
169 }
170
171 if (!found)
172 tmp = NULL;
173
174 if (rdev && tmp != rdev)
175 return ERR_PTR(-EINVAL);
176 rdev = tmp;
177 }
178 }
179
180 if (attrs[NL80211_ATTR_IFINDEX]) {
181 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
182
183 netdev = __dev_get_by_index(netns, ifindex);
184 if (netdev) {
185 if (netdev->ieee80211_ptr)
186 tmp = wiphy_to_rdev(
187 netdev->ieee80211_ptr->wiphy);
188 else
189 tmp = NULL;
190
191
192 if (!tmp)
193 return ERR_PTR(-EINVAL);
194
195
196 if (rdev && tmp != rdev)
197 return ERR_PTR(-EINVAL);
198
199 rdev = tmp;
200 }
201 }
202
203 if (!rdev)
204 return ERR_PTR(-ENODEV);
205
206 if (netns != wiphy_net(&rdev->wiphy))
207 return ERR_PTR(-ENODEV);
208
209 return rdev;
210}
211
212
213
214
215
216
217
218
219static struct cfg80211_registered_device *
220cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
221{
222 return __cfg80211_rdev_from_attrs(netns, info->attrs);
223}
224
225static int validate_beacon_head(const struct nlattr *attr,
226 struct netlink_ext_ack *extack)
227{
228 const u8 *data = nla_data(attr);
229 unsigned int len = nla_len(attr);
230 const struct element *elem;
231 const struct ieee80211_mgmt *mgmt = (void *)data;
232 unsigned int fixedlen, hdrlen;
233 bool s1g_bcn;
234
235 if (len < offsetofend(typeof(*mgmt), frame_control))
236 goto err;
237
238 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
239 if (s1g_bcn) {
240 fixedlen = offsetof(struct ieee80211_ext,
241 u.s1g_beacon.variable);
242 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
243 } else {
244 fixedlen = offsetof(struct ieee80211_mgmt,
245 u.beacon.variable);
246 hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
247 }
248
249 if (len < fixedlen)
250 goto err;
251
252 if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
253 goto err;
254
255 data += fixedlen;
256 len -= fixedlen;
257
258 for_each_element(elem, data, len) {
259
260 }
261
262 if (for_each_element_completed(elem, data, len))
263 return 0;
264
265err:
266 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
267 return -EINVAL;
268}
269
270static int validate_ie_attr(const struct nlattr *attr,
271 struct netlink_ext_ack *extack)
272{
273 const u8 *data = nla_data(attr);
274 unsigned int len = nla_len(attr);
275 const struct element *elem;
276
277 for_each_element(elem, data, len) {
278
279 }
280
281 if (for_each_element_completed(elem, data, len))
282 return 0;
283
284 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
285 return -EINVAL;
286}
287
288
289static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
290
291static const struct nla_policy
292nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
293 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
294 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
295 .len = U8_MAX },
296 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
297 .len = U8_MAX },
298};
299
300static const struct nla_policy
301nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
302 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
303 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
304 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
305 NLA_POLICY_MAX(NLA_U8, 15),
306 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
307 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
308 NLA_POLICY_MAX(NLA_U8, 15),
309 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
310 NLA_POLICY_MAX(NLA_U8, 31),
311 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
312 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
313 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
314 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
315 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
316 [NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG },
317};
318
319static const struct nla_policy
320nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
321 [NL80211_PMSR_TYPE_FTM] =
322 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
323};
324
325static const struct nla_policy
326nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
327 [NL80211_PMSR_REQ_ATTR_DATA] =
328 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
329 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
330};
331
332static const struct nla_policy
333nl80211_pmsr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
334 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
335 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
336 [NL80211_PMSR_PEER_ATTR_REQ] =
337 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
338 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
339};
340
341static const struct nla_policy
342nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
343 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
344 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
345 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
346 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
347 [NL80211_PMSR_ATTR_PEERS] =
348 NLA_POLICY_NESTED_ARRAY(nl80211_pmsr_peer_attr_policy),
349};
350
351static const struct nla_policy
352he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
353 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
354 NLA_POLICY_RANGE(NLA_U8, 1, 20),
355 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
356 NLA_POLICY_RANGE(NLA_U8, 1, 20),
357 [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
358 NLA_POLICY_RANGE(NLA_U8, 1, 20),
359 [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
360 NLA_POLICY_EXACT_LEN(8),
361 [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
362 NLA_POLICY_EXACT_LEN(8),
363 [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
364};
365
366static const struct nla_policy
367he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
368 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
369 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
370 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
371};
372
373static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
374 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
375 .len = NL80211_MAX_SUPP_RATES },
376 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
377 .len = NL80211_MAX_SUPP_HT_RATES },
378 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
379 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
380 [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
381 [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8,
382 NL80211_RATE_INFO_HE_GI_0_8,
383 NL80211_RATE_INFO_HE_GI_3_2),
384 [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
385 NL80211_RATE_INFO_HE_1XLTF,
386 NL80211_RATE_INFO_HE_4XLTF),
387};
388
389static const struct nla_policy
390nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
391 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
392 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
393 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
394 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
395 [NL80211_TID_CONFIG_ATTR_NOACK] =
396 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
397 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
398 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
399 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
400 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
401 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
402 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
403 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
404 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
405 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
406 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
407 [NL80211_TID_CONFIG_ATTR_TX_RATE] =
408 NLA_POLICY_NESTED(nl80211_txattr_policy),
409};
410
411static const struct nla_policy
412nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
413 [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
414 [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
415 [NL80211_FILS_DISCOVERY_ATTR_TMPL] =
416 NLA_POLICY_RANGE(NLA_BINARY,
417 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
418 IEEE80211_MAX_DATA_LEN),
419};
420
421static const struct nla_policy
422nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
423 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
424 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
425 .len = IEEE80211_MAX_DATA_LEN }
426};
427
428static const struct nla_policy
429sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
430 [NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
431 [NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
432};
433
434static const struct nla_policy
435sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
436 [NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
437 [NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
438};
439
440static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
441 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
442 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
443 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
444 .len = 20-1 },
445 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
446
447 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
448 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
449 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
450 NL80211_EDMG_CHANNELS_MIN,
451 NL80211_EDMG_CHANNELS_MAX),
452 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
453 NL80211_EDMG_BW_CONFIG_MIN,
454 NL80211_EDMG_BW_CONFIG_MAX),
455
456 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
457 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
458 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
459 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
460
461 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
462 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
463 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
464 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
465 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
466 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
467
468 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
469 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
470 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
471
472 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
473 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
474
475 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
476 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
477 .len = WLAN_MAX_KEY_LEN },
478 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
479 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
480 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
481 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
482 [NL80211_ATTR_KEY_TYPE] =
483 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
484
485 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
486 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
487 [NL80211_ATTR_BEACON_HEAD] =
488 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
489 IEEE80211_MAX_DATA_LEN),
490 [NL80211_ATTR_BEACON_TAIL] =
491 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
492 IEEE80211_MAX_DATA_LEN),
493 [NL80211_ATTR_STA_AID] =
494 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
495 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
496 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
497 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
498 .len = NL80211_MAX_SUPP_RATES },
499 [NL80211_ATTR_STA_PLINK_ACTION] =
500 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
501 [NL80211_ATTR_STA_TX_POWER_SETTING] =
502 NLA_POLICY_RANGE(NLA_U8,
503 NL80211_TX_POWER_AUTOMATIC,
504 NL80211_TX_POWER_FIXED),
505 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
506 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
507 [NL80211_ATTR_MNTR_FLAGS] = { },
508 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
509 .len = IEEE80211_MAX_MESH_ID_LEN },
510 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
511
512 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
513 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
514
515 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
516 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
517 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
518 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
519 .len = NL80211_MAX_SUPP_RATES },
520 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
521
522 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
523 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
524
525 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
526
527 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
528 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
529 validate_ie_attr,
530 IEEE80211_MAX_DATA_LEN),
531 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
532 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
533
534 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
535 .len = IEEE80211_MAX_SSID_LEN },
536 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
537 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
538 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
539 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
540 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
541 NL80211_MFP_NO,
542 NL80211_MFP_OPTIONAL),
543 [NL80211_ATTR_STA_FLAGS2] = {
544 .len = sizeof(struct nl80211_sta_flag_update),
545 },
546 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
547 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
548 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
549 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
550 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
551 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
552 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
553 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
554 [NL80211_ATTR_PID] = { .type = NLA_U32 },
555 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
556 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
557 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
558 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
559 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
560 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
561 .len = IEEE80211_MAX_DATA_LEN },
562 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
563 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
564 NL80211_PS_DISABLED,
565 NL80211_PS_ENABLED),
566 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
567 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
568 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
569 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
570 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
571 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
572 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
573 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
574 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
575 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
576 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
577 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
578 [NL80211_ATTR_STA_PLINK_STATE] =
579 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
580 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
581 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
582 [NL80211_ATTR_MESH_PEER_AID] =
583 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
584 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
585 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
586 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
587 [NL80211_ATTR_HIDDEN_SSID] =
588 NLA_POLICY_RANGE(NLA_U32,
589 NL80211_HIDDEN_SSID_NOT_IN_USE,
590 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
591 [NL80211_ATTR_IE_PROBE_RESP] =
592 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
593 IEEE80211_MAX_DATA_LEN),
594 [NL80211_ATTR_IE_ASSOC_RESP] =
595 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
596 IEEE80211_MAX_DATA_LEN),
597 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
598 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
599 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
600 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
601 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
602 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
603 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
604 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
605 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
606 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
607 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
608 .len = IEEE80211_MAX_DATA_LEN },
609 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
610 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
611 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
612 .len = NL80211_HT_CAPABILITY_LEN
613 },
614 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
615 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
616 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
617 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
618 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
619
620
621 [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
622
623 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
624 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
625 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
626 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
627 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
628 NLA_POLICY_RANGE(NLA_U32,
629 NL80211_MESH_POWER_UNKNOWN + 1,
630 NL80211_MESH_POWER_MAX),
631 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
632 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
633 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
634 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
635 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
636 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
637 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
638 .len = NL80211_VHT_CAPABILITY_LEN,
639 },
640 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
641 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
642 .len = IEEE80211_MAX_DATA_LEN },
643 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
644 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
645 NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
646 [NL80211_ATTR_PEER_AID] =
647 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
648 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
649 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
650 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
651 [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
652 [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
653 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
654
655
656
657
658 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
659 NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
660 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
661 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
662 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
663 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
664 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
665 [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
666 IEEE80211_QOS_MAP_LEN_MIN,
667 IEEE80211_QOS_MAP_LEN_MAX),
668 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
669 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
670 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
671 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
672 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
673 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
674 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
675 [NL80211_ATTR_USER_PRIO] =
676 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
677 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
678 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
679 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
680 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
681 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
682 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
683 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
684 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
685 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
686 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
687 [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
688 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
689 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
690 .len = VHT_MUMIMO_GROUPS_DATA_LEN
691 },
692 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
693 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
694 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
695 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
696 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
697 .len = FILS_MAX_KEK_LEN },
698 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
699 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
700 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
701 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
702 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
703 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
704 },
705 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
706 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
707 .len = FILS_ERP_MAX_USERNAME_LEN },
708 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
709 .len = FILS_ERP_MAX_REALM_LEN },
710 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
711 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
712 .len = FILS_ERP_MAX_RRK_LEN },
713 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
714 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
715 [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
716 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
717 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
718
719 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
720 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
721 [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
722 [NL80211_ATTR_HE_CAPABILITY] =
723 NLA_POLICY_RANGE(NLA_BINARY,
724 NL80211_HE_MIN_CAPABILITY_LEN,
725 NL80211_HE_MAX_CAPABILITY_LEN),
726 [NL80211_ATTR_FTM_RESPONDER] =
727 NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
728 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
729 [NL80211_ATTR_PEER_MEASUREMENTS] =
730 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
731 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
732 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
733 .len = SAE_PASSWORD_MAX_LEN },
734 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
735 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
736 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
737 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
738 [NL80211_ATTR_TID_CONFIG] =
739 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
740 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
741 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
742 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
743 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
744 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
745 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
746 [NL80211_ATTR_HE_6GHZ_CAPABILITY] =
747 NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
748 [NL80211_ATTR_FILS_DISCOVERY] =
749 NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
750 [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
751 NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
752 [NL80211_ATTR_S1G_CAPABILITY] =
753 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
754 [NL80211_ATTR_S1G_CAPABILITY_MASK] =
755 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
756 [NL80211_ATTR_SAE_PWE] =
757 NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
758 NL80211_SAE_PWE_BOTH),
759 [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
760 [NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
761 [NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG },
762 [NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 },
763 [NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 },
764 [NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 },
765 [NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy),
766};
767
768
769static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
770 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
771 [NL80211_KEY_IDX] = { .type = NLA_U8 },
772 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
773 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
774 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
775 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
776 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
777 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
778 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
779};
780
781
782static const struct nla_policy
783nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
784 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
785 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
786};
787
788#ifdef CONFIG_PM
789
790static const struct nla_policy
791nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
792 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
793 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
794 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
795 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
796 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
797 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
798 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
799 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
800 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
801 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
802};
803
804static const struct nla_policy
805nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
806 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
807 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
808 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
809 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
810 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
811 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
812 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
813 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
814 },
815 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
816 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
817 },
818 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
819 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
820 [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
821};
822#endif
823
824
825static const struct nla_policy
826nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
827 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
828 [NL80211_ATTR_COALESCE_RULE_CONDITION] =
829 NLA_POLICY_RANGE(NLA_U32,
830 NL80211_COALESCE_CONDITION_MATCH,
831 NL80211_COALESCE_CONDITION_NO_MATCH),
832 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
833};
834
835
836static const struct nla_policy
837nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
838 [NL80211_REKEY_DATA_KEK] = {
839 .type = NLA_BINARY,
840 .len = NL80211_KEK_EXT_LEN
841 },
842 [NL80211_REKEY_DATA_KCK] = {
843 .type = NLA_BINARY,
844 .len = NL80211_KCK_EXT_LEN
845 },
846 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
847 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
848};
849
850static const struct nla_policy
851nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
852 [NL80211_BAND_2GHZ] = { .type = NLA_S32 },
853 [NL80211_BAND_5GHZ] = { .type = NLA_S32 },
854 [NL80211_BAND_6GHZ] = { .type = NLA_S32 },
855 [NL80211_BAND_60GHZ] = { .type = NLA_S32 },
856};
857
858static const struct nla_policy
859nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
860 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
861 .len = IEEE80211_MAX_SSID_LEN },
862 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
863 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
864 [NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
865 NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
866};
867
868static const struct nla_policy
869nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
870 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
871 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
872};
873
874static const struct nla_policy
875nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
876 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
877 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
878 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
879 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
880 },
881};
882
883
884static const struct nla_policy
885nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
886 [NL80211_NAN_FUNC_TYPE] =
887 NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
888 [NL80211_NAN_FUNC_SERVICE_ID] = {
889 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
890 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
891 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
892 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
893 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
894 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
895 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
896 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
897 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
898 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
899 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
900 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
901 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
902 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
903 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
904 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
905};
906
907
908static const struct nla_policy
909nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
910 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
911 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
912 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
913 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
914 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
915};
916
917
918static const struct nla_policy
919nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
920 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
921 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
922 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
923};
924
925int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
926 struct cfg80211_registered_device **rdev,
927 struct wireless_dev **wdev)
928{
929 int err;
930
931 if (!cb->args[0]) {
932 struct nlattr **attrbuf;
933
934 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
935 GFP_KERNEL);
936 if (!attrbuf)
937 return -ENOMEM;
938
939 err = nlmsg_parse_deprecated(cb->nlh,
940 GENL_HDRLEN + nl80211_fam.hdrsize,
941 attrbuf, nl80211_fam.maxattr,
942 nl80211_policy, NULL);
943 if (err) {
944 kfree(attrbuf);
945 return err;
946 }
947
948 rtnl_lock();
949 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk),
950 attrbuf);
951 kfree(attrbuf);
952 if (IS_ERR(*wdev)) {
953 rtnl_unlock();
954 return PTR_ERR(*wdev);
955 }
956 *rdev = wiphy_to_rdev((*wdev)->wiphy);
957 mutex_lock(&(*rdev)->wiphy.mtx);
958 rtnl_unlock();
959
960 cb->args[0] = (*rdev)->wiphy_idx + 1;
961 cb->args[1] = (*wdev)->identifier;
962 } else {
963
964 struct wiphy *wiphy;
965 struct wireless_dev *tmp;
966
967 rtnl_lock();
968 wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
969 if (!wiphy) {
970 rtnl_unlock();
971 return -ENODEV;
972 }
973 *rdev = wiphy_to_rdev(wiphy);
974 *wdev = NULL;
975
976 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
977 if (tmp->identifier == cb->args[1]) {
978 *wdev = tmp;
979 break;
980 }
981 }
982
983 if (!*wdev) {
984 rtnl_unlock();
985 return -ENODEV;
986 }
987 mutex_lock(&(*rdev)->wiphy.mtx);
988 rtnl_unlock();
989 }
990
991 return 0;
992}
993
994
995void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
996 int flags, u8 cmd)
997{
998
999 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
1000}
1001
1002static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
1003 const struct ieee80211_reg_rule *rule)
1004{
1005 int j;
1006 struct nlattr *nl_wmm_rules =
1007 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
1008
1009 if (!nl_wmm_rules)
1010 goto nla_put_failure;
1011
1012 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
1013 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
1014
1015 if (!nl_wmm_rule)
1016 goto nla_put_failure;
1017
1018 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
1019 rule->wmm_rule.client[j].cw_min) ||
1020 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
1021 rule->wmm_rule.client[j].cw_max) ||
1022 nla_put_u8(msg, NL80211_WMMR_AIFSN,
1023 rule->wmm_rule.client[j].aifsn) ||
1024 nla_put_u16(msg, NL80211_WMMR_TXOP,
1025 rule->wmm_rule.client[j].cot))
1026 goto nla_put_failure;
1027
1028 nla_nest_end(msg, nl_wmm_rule);
1029 }
1030 nla_nest_end(msg, nl_wmm_rules);
1031
1032 return 0;
1033
1034nla_put_failure:
1035 return -ENOBUFS;
1036}
1037
1038static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
1039 struct ieee80211_channel *chan,
1040 bool large)
1041{
1042
1043
1044
1045 if (!large && chan->flags &
1046 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
1047 return 0;
1048 if (!large && chan->freq_offset)
1049 return 0;
1050
1051 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
1052 chan->center_freq))
1053 goto nla_put_failure;
1054
1055 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
1056 goto nla_put_failure;
1057
1058 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
1059 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
1060 goto nla_put_failure;
1061 if (chan->flags & IEEE80211_CHAN_NO_IR) {
1062 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
1063 goto nla_put_failure;
1064 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
1065 goto nla_put_failure;
1066 }
1067 if (chan->flags & IEEE80211_CHAN_RADAR) {
1068 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
1069 goto nla_put_failure;
1070 if (large) {
1071 u32 time;
1072
1073 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
1074
1075 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
1076 chan->dfs_state))
1077 goto nla_put_failure;
1078 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
1079 time))
1080 goto nla_put_failure;
1081 if (nla_put_u32(msg,
1082 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
1083 chan->dfs_cac_ms))
1084 goto nla_put_failure;
1085 }
1086 }
1087
1088 if (large) {
1089 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
1090 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
1091 goto nla_put_failure;
1092 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
1093 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
1094 goto nla_put_failure;
1095 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
1096 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
1097 goto nla_put_failure;
1098 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
1099 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
1100 goto nla_put_failure;
1101 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
1102 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
1103 goto nla_put_failure;
1104 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
1105 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
1106 goto nla_put_failure;
1107 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
1108 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
1109 goto nla_put_failure;
1110 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
1111 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
1112 goto nla_put_failure;
1113 if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1114 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1115 goto nla_put_failure;
1116 if ((chan->flags & IEEE80211_CHAN_1MHZ) &&
1117 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ))
1118 goto nla_put_failure;
1119 if ((chan->flags & IEEE80211_CHAN_2MHZ) &&
1120 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ))
1121 goto nla_put_failure;
1122 if ((chan->flags & IEEE80211_CHAN_4MHZ) &&
1123 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ))
1124 goto nla_put_failure;
1125 if ((chan->flags & IEEE80211_CHAN_8MHZ) &&
1126 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ))
1127 goto nla_put_failure;
1128 if ((chan->flags & IEEE80211_CHAN_16MHZ) &&
1129 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ))
1130 goto nla_put_failure;
1131 }
1132
1133 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1134 DBM_TO_MBM(chan->max_power)))
1135 goto nla_put_failure;
1136
1137 if (large) {
1138 const struct ieee80211_reg_rule *rule =
1139 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1140
1141 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1142 if (nl80211_msg_put_wmm_rules(msg, rule))
1143 goto nla_put_failure;
1144 }
1145 }
1146
1147 return 0;
1148
1149 nla_put_failure:
1150 return -ENOBUFS;
1151}
1152
1153static bool nl80211_put_txq_stats(struct sk_buff *msg,
1154 struct cfg80211_txq_stats *txqstats,
1155 int attrtype)
1156{
1157 struct nlattr *txqattr;
1158
1159#define PUT_TXQVAL_U32(attr, memb) do { \
1160 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
1161 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1162 return false; \
1163 } while (0)
1164
1165 txqattr = nla_nest_start_noflag(msg, attrtype);
1166 if (!txqattr)
1167 return false;
1168
1169 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1170 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1171 PUT_TXQVAL_U32(FLOWS, flows);
1172 PUT_TXQVAL_U32(DROPS, drops);
1173 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1174 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1175 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1176 PUT_TXQVAL_U32(COLLISIONS, collisions);
1177 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1178 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1179 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1180 nla_nest_end(msg, txqattr);
1181
1182#undef PUT_TXQVAL_U32
1183 return true;
1184}
1185
1186
1187
1188struct key_parse {
1189 struct key_params p;
1190 int idx;
1191 int type;
1192 bool def, defmgmt, defbeacon;
1193 bool def_uni, def_multi;
1194};
1195
1196static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1197 struct key_parse *k)
1198{
1199 struct nlattr *tb[NL80211_KEY_MAX + 1];
1200 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1201 nl80211_key_policy,
1202 info->extack);
1203 if (err)
1204 return err;
1205
1206 k->def = !!tb[NL80211_KEY_DEFAULT];
1207 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1208 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1209
1210 if (k->def) {
1211 k->def_uni = true;
1212 k->def_multi = true;
1213 }
1214 if (k->defmgmt || k->defbeacon)
1215 k->def_multi = true;
1216
1217 if (tb[NL80211_KEY_IDX])
1218 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1219
1220 if (tb[NL80211_KEY_DATA]) {
1221 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1222 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1223 }
1224
1225 if (tb[NL80211_KEY_SEQ]) {
1226 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1227 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1228 }
1229
1230 if (tb[NL80211_KEY_CIPHER])
1231 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1232
1233 if (tb[NL80211_KEY_TYPE])
1234 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1235
1236 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1237 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1238
1239 err = nla_parse_nested_deprecated(kdt,
1240 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1241 tb[NL80211_KEY_DEFAULT_TYPES],
1242 nl80211_key_default_policy,
1243 info->extack);
1244 if (err)
1245 return err;
1246
1247 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1248 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1249 }
1250
1251 if (tb[NL80211_KEY_MODE])
1252 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1253
1254 return 0;
1255}
1256
1257static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1258{
1259 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1260 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1261 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1262 }
1263
1264 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1265 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1266 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1267 }
1268
1269 if (info->attrs[NL80211_ATTR_KEY_IDX])
1270 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1271
1272 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1273 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1274
1275 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1276 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1277
1278 if (k->def) {
1279 k->def_uni = true;
1280 k->def_multi = true;
1281 }
1282 if (k->defmgmt)
1283 k->def_multi = true;
1284
1285 if (info->attrs[NL80211_ATTR_KEY_TYPE])
1286 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1287
1288 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1289 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1290 int err = nla_parse_nested_deprecated(kdt,
1291 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1292 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1293 nl80211_key_default_policy,
1294 info->extack);
1295 if (err)
1296 return err;
1297
1298 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1299 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1300 }
1301
1302 return 0;
1303}
1304
1305static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1306{
1307 int err;
1308
1309 memset(k, 0, sizeof(*k));
1310 k->idx = -1;
1311 k->type = -1;
1312
1313 if (info->attrs[NL80211_ATTR_KEY])
1314 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1315 else
1316 err = nl80211_parse_key_old(info, k);
1317
1318 if (err)
1319 return err;
1320
1321 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1322 (k->defbeacon ? 1 : 0) > 1) {
1323 GENL_SET_ERR_MSG(info,
1324 "key with multiple default flags is invalid");
1325 return -EINVAL;
1326 }
1327
1328 if (k->defmgmt || k->defbeacon) {
1329 if (k->def_uni || !k->def_multi) {
1330 GENL_SET_ERR_MSG(info,
1331 "defmgmt/defbeacon key must be mcast");
1332 return -EINVAL;
1333 }
1334 }
1335
1336 if (k->idx != -1) {
1337 if (k->defmgmt) {
1338 if (k->idx < 4 || k->idx > 5) {
1339 GENL_SET_ERR_MSG(info,
1340 "defmgmt key idx not 4 or 5");
1341 return -EINVAL;
1342 }
1343 } else if (k->defbeacon) {
1344 if (k->idx < 6 || k->idx > 7) {
1345 GENL_SET_ERR_MSG(info,
1346 "defbeacon key idx not 6 or 7");
1347 return -EINVAL;
1348 }
1349 } else if (k->def) {
1350 if (k->idx < 0 || k->idx > 3) {
1351 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1352 return -EINVAL;
1353 }
1354 } else {
1355 if (k->idx < 0 || k->idx > 7) {
1356 GENL_SET_ERR_MSG(info, "key idx not 0-7");
1357 return -EINVAL;
1358 }
1359 }
1360 }
1361
1362 return 0;
1363}
1364
1365static struct cfg80211_cached_keys *
1366nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1367 struct genl_info *info, bool *no_ht)
1368{
1369 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1370 struct key_parse parse;
1371 struct nlattr *key;
1372 struct cfg80211_cached_keys *result;
1373 int rem, err, def = 0;
1374 bool have_key = false;
1375
1376 nla_for_each_nested(key, keys, rem) {
1377 have_key = true;
1378 break;
1379 }
1380
1381 if (!have_key)
1382 return NULL;
1383
1384 result = kzalloc(sizeof(*result), GFP_KERNEL);
1385 if (!result)
1386 return ERR_PTR(-ENOMEM);
1387
1388 result->def = -1;
1389
1390 nla_for_each_nested(key, keys, rem) {
1391 memset(&parse, 0, sizeof(parse));
1392 parse.idx = -1;
1393
1394 err = nl80211_parse_key_new(info, key, &parse);
1395 if (err)
1396 goto error;
1397 err = -EINVAL;
1398 if (!parse.p.key)
1399 goto error;
1400 if (parse.idx < 0 || parse.idx > 3) {
1401 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1402 goto error;
1403 }
1404 if (parse.def) {
1405 if (def) {
1406 GENL_SET_ERR_MSG(info,
1407 "only one key can be default");
1408 goto error;
1409 }
1410 def = 1;
1411 result->def = parse.idx;
1412 if (!parse.def_uni || !parse.def_multi)
1413 goto error;
1414 } else if (parse.defmgmt)
1415 goto error;
1416 err = cfg80211_validate_key_settings(rdev, &parse.p,
1417 parse.idx, false, NULL);
1418 if (err)
1419 goto error;
1420 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1421 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1422 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1423 err = -EINVAL;
1424 goto error;
1425 }
1426 result->params[parse.idx].cipher = parse.p.cipher;
1427 result->params[parse.idx].key_len = parse.p.key_len;
1428 result->params[parse.idx].key = result->data[parse.idx];
1429 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1430
1431
1432 if (no_ht)
1433 *no_ht = true;
1434 }
1435
1436 if (result->def < 0) {
1437 err = -EINVAL;
1438 GENL_SET_ERR_MSG(info, "need a default/TX key");
1439 goto error;
1440 }
1441
1442 return result;
1443 error:
1444 kfree(result);
1445 return ERR_PTR(err);
1446}
1447
1448static int nl80211_key_allowed(struct wireless_dev *wdev)
1449{
1450 ASSERT_WDEV_LOCK(wdev);
1451
1452 switch (wdev->iftype) {
1453 case NL80211_IFTYPE_AP:
1454 case NL80211_IFTYPE_AP_VLAN:
1455 case NL80211_IFTYPE_P2P_GO:
1456 case NL80211_IFTYPE_MESH_POINT:
1457 break;
1458 case NL80211_IFTYPE_ADHOC:
1459 case NL80211_IFTYPE_STATION:
1460 case NL80211_IFTYPE_P2P_CLIENT:
1461 if (!wdev->current_bss)
1462 return -ENOLINK;
1463 break;
1464 case NL80211_IFTYPE_UNSPECIFIED:
1465 case NL80211_IFTYPE_OCB:
1466 case NL80211_IFTYPE_MONITOR:
1467 case NL80211_IFTYPE_NAN:
1468 case NL80211_IFTYPE_P2P_DEVICE:
1469 case NL80211_IFTYPE_WDS:
1470 case NUM_NL80211_IFTYPES:
1471 return -EINVAL;
1472 }
1473
1474 return 0;
1475}
1476
1477static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1478 u32 freq)
1479{
1480 struct ieee80211_channel *chan;
1481
1482 chan = ieee80211_get_channel_khz(wiphy, freq);
1483 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1484 return NULL;
1485 return chan;
1486}
1487
1488static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1489{
1490 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1491 int i;
1492
1493 if (!nl_modes)
1494 goto nla_put_failure;
1495
1496 i = 0;
1497 while (ifmodes) {
1498 if ((ifmodes & 1) && nla_put_flag(msg, i))
1499 goto nla_put_failure;
1500 ifmodes >>= 1;
1501 i++;
1502 }
1503
1504 nla_nest_end(msg, nl_modes);
1505 return 0;
1506
1507nla_put_failure:
1508 return -ENOBUFS;
1509}
1510
1511static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1512 struct sk_buff *msg,
1513 bool large)
1514{
1515 struct nlattr *nl_combis;
1516 int i, j;
1517
1518 nl_combis = nla_nest_start_noflag(msg,
1519 NL80211_ATTR_INTERFACE_COMBINATIONS);
1520 if (!nl_combis)
1521 goto nla_put_failure;
1522
1523 for (i = 0; i < wiphy->n_iface_combinations; i++) {
1524 const struct ieee80211_iface_combination *c;
1525 struct nlattr *nl_combi, *nl_limits;
1526
1527 c = &wiphy->iface_combinations[i];
1528
1529 nl_combi = nla_nest_start_noflag(msg, i + 1);
1530 if (!nl_combi)
1531 goto nla_put_failure;
1532
1533 nl_limits = nla_nest_start_noflag(msg,
1534 NL80211_IFACE_COMB_LIMITS);
1535 if (!nl_limits)
1536 goto nla_put_failure;
1537
1538 for (j = 0; j < c->n_limits; j++) {
1539 struct nlattr *nl_limit;
1540
1541 nl_limit = nla_nest_start_noflag(msg, j + 1);
1542 if (!nl_limit)
1543 goto nla_put_failure;
1544 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1545 c->limits[j].max))
1546 goto nla_put_failure;
1547 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1548 c->limits[j].types))
1549 goto nla_put_failure;
1550 nla_nest_end(msg, nl_limit);
1551 }
1552
1553 nla_nest_end(msg, nl_limits);
1554
1555 if (c->beacon_int_infra_match &&
1556 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1557 goto nla_put_failure;
1558 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1559 c->num_different_channels) ||
1560 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1561 c->max_interfaces))
1562 goto nla_put_failure;
1563 if (large &&
1564 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1565 c->radar_detect_widths) ||
1566 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1567 c->radar_detect_regions)))
1568 goto nla_put_failure;
1569 if (c->beacon_int_min_gcd &&
1570 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1571 c->beacon_int_min_gcd))
1572 goto nla_put_failure;
1573
1574 nla_nest_end(msg, nl_combi);
1575 }
1576
1577 nla_nest_end(msg, nl_combis);
1578
1579 return 0;
1580nla_put_failure:
1581 return -ENOBUFS;
1582}
1583
1584#ifdef CONFIG_PM
1585static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1586 struct sk_buff *msg)
1587{
1588 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1589 struct nlattr *nl_tcp;
1590
1591 if (!tcp)
1592 return 0;
1593
1594 nl_tcp = nla_nest_start_noflag(msg,
1595 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1596 if (!nl_tcp)
1597 return -ENOBUFS;
1598
1599 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1600 tcp->data_payload_max))
1601 return -ENOBUFS;
1602
1603 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1604 tcp->data_payload_max))
1605 return -ENOBUFS;
1606
1607 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1608 return -ENOBUFS;
1609
1610 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1611 sizeof(*tcp->tok), tcp->tok))
1612 return -ENOBUFS;
1613
1614 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1615 tcp->data_interval_max))
1616 return -ENOBUFS;
1617
1618 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1619 tcp->wake_payload_max))
1620 return -ENOBUFS;
1621
1622 nla_nest_end(msg, nl_tcp);
1623 return 0;
1624}
1625
1626static int nl80211_send_wowlan(struct sk_buff *msg,
1627 struct cfg80211_registered_device *rdev,
1628 bool large)
1629{
1630 struct nlattr *nl_wowlan;
1631
1632 if (!rdev->wiphy.wowlan)
1633 return 0;
1634
1635 nl_wowlan = nla_nest_start_noflag(msg,
1636 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1637 if (!nl_wowlan)
1638 return -ENOBUFS;
1639
1640 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1641 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1642 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1643 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1644 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1645 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1646 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1647 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1648 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1649 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1650 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1651 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1652 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1653 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1654 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1655 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1656 return -ENOBUFS;
1657
1658 if (rdev->wiphy.wowlan->n_patterns) {
1659 struct nl80211_pattern_support pat = {
1660 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1661 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1662 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1663 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1664 };
1665
1666 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1667 sizeof(pat), &pat))
1668 return -ENOBUFS;
1669 }
1670
1671 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1672 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1673 rdev->wiphy.wowlan->max_nd_match_sets))
1674 return -ENOBUFS;
1675
1676 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1677 return -ENOBUFS;
1678
1679 nla_nest_end(msg, nl_wowlan);
1680
1681 return 0;
1682}
1683#endif
1684
1685static int nl80211_send_coalesce(struct sk_buff *msg,
1686 struct cfg80211_registered_device *rdev)
1687{
1688 struct nl80211_coalesce_rule_support rule;
1689
1690 if (!rdev->wiphy.coalesce)
1691 return 0;
1692
1693 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1694 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1695 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1696 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1697 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1698 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1699
1700 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1701 return -ENOBUFS;
1702
1703 return 0;
1704}
1705
1706static int
1707nl80211_send_iftype_data(struct sk_buff *msg,
1708 const struct ieee80211_supported_band *sband,
1709 const struct ieee80211_sband_iftype_data *iftdata)
1710{
1711 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1712
1713 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1714 iftdata->types_mask))
1715 return -ENOBUFS;
1716
1717 if (he_cap->has_he) {
1718 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1719 sizeof(he_cap->he_cap_elem.mac_cap_info),
1720 he_cap->he_cap_elem.mac_cap_info) ||
1721 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1722 sizeof(he_cap->he_cap_elem.phy_cap_info),
1723 he_cap->he_cap_elem.phy_cap_info) ||
1724 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1725 sizeof(he_cap->he_mcs_nss_supp),
1726 &he_cap->he_mcs_nss_supp) ||
1727 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1728 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1729 return -ENOBUFS;
1730 }
1731
1732 if (sband->band == NL80211_BAND_6GHZ &&
1733 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
1734 sizeof(iftdata->he_6ghz_capa),
1735 &iftdata->he_6ghz_capa))
1736 return -ENOBUFS;
1737
1738 if (iftdata->vendor_elems.data && iftdata->vendor_elems.len &&
1739 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS,
1740 iftdata->vendor_elems.len, iftdata->vendor_elems.data))
1741 return -ENOBUFS;
1742
1743 return 0;
1744}
1745
1746static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1747 struct ieee80211_supported_band *sband,
1748 bool large)
1749{
1750 struct nlattr *nl_rates, *nl_rate;
1751 struct ieee80211_rate *rate;
1752 int i;
1753
1754
1755 if (sband->ht_cap.ht_supported &&
1756 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1757 sizeof(sband->ht_cap.mcs),
1758 &sband->ht_cap.mcs) ||
1759 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1760 sband->ht_cap.cap) ||
1761 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1762 sband->ht_cap.ampdu_factor) ||
1763 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1764 sband->ht_cap.ampdu_density)))
1765 return -ENOBUFS;
1766
1767
1768 if (sband->vht_cap.vht_supported &&
1769 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1770 sizeof(sband->vht_cap.vht_mcs),
1771 &sband->vht_cap.vht_mcs) ||
1772 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1773 sband->vht_cap.cap)))
1774 return -ENOBUFS;
1775
1776 if (large && sband->n_iftype_data) {
1777 struct nlattr *nl_iftype_data =
1778 nla_nest_start_noflag(msg,
1779 NL80211_BAND_ATTR_IFTYPE_DATA);
1780 int err;
1781
1782 if (!nl_iftype_data)
1783 return -ENOBUFS;
1784
1785 for (i = 0; i < sband->n_iftype_data; i++) {
1786 struct nlattr *iftdata;
1787
1788 iftdata = nla_nest_start_noflag(msg, i + 1);
1789 if (!iftdata)
1790 return -ENOBUFS;
1791
1792 err = nl80211_send_iftype_data(msg, sband,
1793 &sband->iftype_data[i]);
1794 if (err)
1795 return err;
1796
1797 nla_nest_end(msg, iftdata);
1798 }
1799
1800 nla_nest_end(msg, nl_iftype_data);
1801 }
1802
1803
1804 if (large && sband->edmg_cap.channels &&
1805 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1806 sband->edmg_cap.channels) ||
1807 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1808 sband->edmg_cap.bw_config)))
1809
1810 return -ENOBUFS;
1811
1812
1813 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1814 if (!nl_rates)
1815 return -ENOBUFS;
1816
1817 for (i = 0; i < sband->n_bitrates; i++) {
1818 nl_rate = nla_nest_start_noflag(msg, i);
1819 if (!nl_rate)
1820 return -ENOBUFS;
1821
1822 rate = &sband->bitrates[i];
1823 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1824 rate->bitrate))
1825 return -ENOBUFS;
1826 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1827 nla_put_flag(msg,
1828 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1829 return -ENOBUFS;
1830
1831 nla_nest_end(msg, nl_rate);
1832 }
1833
1834 nla_nest_end(msg, nl_rates);
1835
1836 return 0;
1837}
1838
1839static int
1840nl80211_send_mgmt_stypes(struct sk_buff *msg,
1841 const struct ieee80211_txrx_stypes *mgmt_stypes)
1842{
1843 u16 stypes;
1844 struct nlattr *nl_ftypes, *nl_ifs;
1845 enum nl80211_iftype ift;
1846 int i;
1847
1848 if (!mgmt_stypes)
1849 return 0;
1850
1851 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1852 if (!nl_ifs)
1853 return -ENOBUFS;
1854
1855 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1856 nl_ftypes = nla_nest_start_noflag(msg, ift);
1857 if (!nl_ftypes)
1858 return -ENOBUFS;
1859 i = 0;
1860 stypes = mgmt_stypes[ift].tx;
1861 while (stypes) {
1862 if ((stypes & 1) &&
1863 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1864 (i << 4) | IEEE80211_FTYPE_MGMT))
1865 return -ENOBUFS;
1866 stypes >>= 1;
1867 i++;
1868 }
1869 nla_nest_end(msg, nl_ftypes);
1870 }
1871
1872 nla_nest_end(msg, nl_ifs);
1873
1874 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1875 if (!nl_ifs)
1876 return -ENOBUFS;
1877
1878 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1879 nl_ftypes = nla_nest_start_noflag(msg, ift);
1880 if (!nl_ftypes)
1881 return -ENOBUFS;
1882 i = 0;
1883 stypes = mgmt_stypes[ift].rx;
1884 while (stypes) {
1885 if ((stypes & 1) &&
1886 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1887 (i << 4) | IEEE80211_FTYPE_MGMT))
1888 return -ENOBUFS;
1889 stypes >>= 1;
1890 i++;
1891 }
1892 nla_nest_end(msg, nl_ftypes);
1893 }
1894 nla_nest_end(msg, nl_ifs);
1895
1896 return 0;
1897}
1898
1899#define CMD(op, n) \
1900 do { \
1901 if (rdev->ops->op) { \
1902 i++; \
1903 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1904 goto nla_put_failure; \
1905 } \
1906 } while (0)
1907
1908static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1909 struct sk_buff *msg)
1910{
1911 int i = 0;
1912
1913
1914
1915
1916
1917
1918 CMD(add_virtual_intf, NEW_INTERFACE);
1919 CMD(change_virtual_intf, SET_INTERFACE);
1920 CMD(add_key, NEW_KEY);
1921 CMD(start_ap, START_AP);
1922 CMD(add_station, NEW_STATION);
1923 CMD(add_mpath, NEW_MPATH);
1924 CMD(update_mesh_config, SET_MESH_CONFIG);
1925 CMD(change_bss, SET_BSS);
1926 CMD(auth, AUTHENTICATE);
1927 CMD(assoc, ASSOCIATE);
1928 CMD(deauth, DEAUTHENTICATE);
1929 CMD(disassoc, DISASSOCIATE);
1930 CMD(join_ibss, JOIN_IBSS);
1931 CMD(join_mesh, JOIN_MESH);
1932 CMD(set_pmksa, SET_PMKSA);
1933 CMD(del_pmksa, DEL_PMKSA);
1934 CMD(flush_pmksa, FLUSH_PMKSA);
1935 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1936 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1937 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1938 CMD(mgmt_tx, FRAME);
1939 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1940 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1941 i++;
1942 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1943 goto nla_put_failure;
1944 }
1945 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1946 rdev->ops->join_mesh) {
1947 i++;
1948 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1949 goto nla_put_failure;
1950 }
1951 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1952 CMD(tdls_mgmt, TDLS_MGMT);
1953 CMD(tdls_oper, TDLS_OPER);
1954 }
1955 if (rdev->wiphy.max_sched_scan_reqs)
1956 CMD(sched_scan_start, START_SCHED_SCAN);
1957 CMD(probe_client, PROBE_CLIENT);
1958 CMD(set_noack_map, SET_NOACK_MAP);
1959 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1960 i++;
1961 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1962 goto nla_put_failure;
1963 }
1964 CMD(start_p2p_device, START_P2P_DEVICE);
1965 CMD(set_mcast_rate, SET_MCAST_RATE);
1966#ifdef CONFIG_NL80211_TESTMODE
1967 CMD(testmode_cmd, TESTMODE);
1968#endif
1969
1970 if (rdev->ops->connect || rdev->ops->auth) {
1971 i++;
1972 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1973 goto nla_put_failure;
1974 }
1975
1976 if (rdev->ops->disconnect || rdev->ops->deauth) {
1977 i++;
1978 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1979 goto nla_put_failure;
1980 }
1981
1982 return i;
1983 nla_put_failure:
1984 return -ENOBUFS;
1985}
1986
1987static int
1988nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1989 struct sk_buff *msg)
1990{
1991 struct nlattr *ftm;
1992
1993 if (!cap->ftm.supported)
1994 return 0;
1995
1996 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1997 if (!ftm)
1998 return -ENOBUFS;
1999
2000 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
2001 return -ENOBUFS;
2002 if (cap->ftm.non_asap &&
2003 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
2004 return -ENOBUFS;
2005 if (cap->ftm.request_lci &&
2006 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
2007 return -ENOBUFS;
2008 if (cap->ftm.request_civicloc &&
2009 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
2010 return -ENOBUFS;
2011 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
2012 cap->ftm.preambles))
2013 return -ENOBUFS;
2014 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
2015 cap->ftm.bandwidths))
2016 return -ENOBUFS;
2017 if (cap->ftm.max_bursts_exponent >= 0 &&
2018 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
2019 cap->ftm.max_bursts_exponent))
2020 return -ENOBUFS;
2021 if (cap->ftm.max_ftms_per_burst &&
2022 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
2023 cap->ftm.max_ftms_per_burst))
2024 return -ENOBUFS;
2025 if (cap->ftm.trigger_based &&
2026 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
2027 return -ENOBUFS;
2028 if (cap->ftm.non_trigger_based &&
2029 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
2030 return -ENOBUFS;
2031
2032 nla_nest_end(msg, ftm);
2033 return 0;
2034}
2035
2036static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
2037 struct sk_buff *msg)
2038{
2039 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
2040 struct nlattr *pmsr, *caps;
2041
2042 if (!cap)
2043 return 0;
2044
2045
2046
2047
2048
2049
2050 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
2051 if (!pmsr)
2052 return -ENOBUFS;
2053
2054 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
2055 return -ENOBUFS;
2056
2057 if (cap->report_ap_tsf &&
2058 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
2059 return -ENOBUFS;
2060
2061 if (cap->randomize_mac_addr &&
2062 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
2063 return -ENOBUFS;
2064
2065 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
2066 if (!caps)
2067 return -ENOBUFS;
2068
2069 if (nl80211_send_pmsr_ftm_capa(cap, msg))
2070 return -ENOBUFS;
2071
2072 nla_nest_end(msg, caps);
2073 nla_nest_end(msg, pmsr);
2074
2075 return 0;
2076}
2077
2078static int
2079nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
2080 struct sk_buff *msg)
2081{
2082 int i;
2083 struct nlattr *nested, *nested_akms;
2084 const struct wiphy_iftype_akm_suites *iftype_akms;
2085
2086 if (!rdev->wiphy.num_iftype_akm_suites ||
2087 !rdev->wiphy.iftype_akm_suites)
2088 return 0;
2089
2090 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
2091 if (!nested)
2092 return -ENOBUFS;
2093
2094 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
2095 nested_akms = nla_nest_start(msg, i + 1);
2096 if (!nested_akms)
2097 return -ENOBUFS;
2098
2099 iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
2100
2101 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
2102 iftype_akms->iftypes_mask))
2103 return -ENOBUFS;
2104
2105 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
2106 sizeof(u32) * iftype_akms->n_akm_suites,
2107 iftype_akms->akm_suites)) {
2108 return -ENOBUFS;
2109 }
2110 nla_nest_end(msg, nested_akms);
2111 }
2112
2113 nla_nest_end(msg, nested);
2114
2115 return 0;
2116}
2117
2118static int
2119nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
2120 struct sk_buff *msg)
2121{
2122 struct nlattr *supp;
2123
2124 if (!rdev->wiphy.tid_config_support.vif &&
2125 !rdev->wiphy.tid_config_support.peer)
2126 return 0;
2127
2128 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
2129 if (!supp)
2130 return -ENOSPC;
2131
2132 if (rdev->wiphy.tid_config_support.vif &&
2133 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
2134 rdev->wiphy.tid_config_support.vif,
2135 NL80211_TID_CONFIG_ATTR_PAD))
2136 goto fail;
2137
2138 if (rdev->wiphy.tid_config_support.peer &&
2139 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
2140 rdev->wiphy.tid_config_support.peer,
2141 NL80211_TID_CONFIG_ATTR_PAD))
2142 goto fail;
2143
2144
2145 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2146 rdev->wiphy.tid_config_support.max_retry))
2147 goto fail;
2148 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2149 rdev->wiphy.tid_config_support.max_retry))
2150 goto fail;
2151
2152 nla_nest_end(msg, supp);
2153
2154 return 0;
2155fail:
2156 nla_nest_cancel(msg, supp);
2157 return -ENOBUFS;
2158}
2159
2160static int
2161nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
2162 struct sk_buff *msg)
2163{
2164 struct nlattr *sar_capa, *specs, *sub_freq_range;
2165 u8 num_freq_ranges;
2166 int i;
2167
2168 if (!rdev->wiphy.sar_capa)
2169 return 0;
2170
2171 num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
2172
2173 sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
2174 if (!sar_capa)
2175 return -ENOSPC;
2176
2177 if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
2178 goto fail;
2179
2180 specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
2181 if (!specs)
2182 goto fail;
2183
2184
2185 for (i = 0; i < num_freq_ranges; i++) {
2186 sub_freq_range = nla_nest_start(msg, i + 1);
2187 if (!sub_freq_range)
2188 goto fail;
2189
2190 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
2191 rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
2192 goto fail;
2193
2194 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
2195 rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
2196 goto fail;
2197
2198 nla_nest_end(msg, sub_freq_range);
2199 }
2200
2201 nla_nest_end(msg, specs);
2202 nla_nest_end(msg, sar_capa);
2203
2204 return 0;
2205fail:
2206 nla_nest_cancel(msg, sar_capa);
2207 return -ENOBUFS;
2208}
2209
2210struct nl80211_dump_wiphy_state {
2211 s64 filter_wiphy;
2212 long start;
2213 long split_start, band_start, chan_start, capa_start;
2214 bool split;
2215};
2216
2217static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2218 enum nl80211_commands cmd,
2219 struct sk_buff *msg, u32 portid, u32 seq,
2220 int flags, struct nl80211_dump_wiphy_state *state)
2221{
2222 void *hdr;
2223 struct nlattr *nl_bands, *nl_band;
2224 struct nlattr *nl_freqs, *nl_freq;
2225 struct nlattr *nl_cmds;
2226 enum nl80211_band band;
2227 struct ieee80211_channel *chan;
2228 int i;
2229 const struct ieee80211_txrx_stypes *mgmt_stypes =
2230 rdev->wiphy.mgmt_stypes;
2231 u32 features;
2232
2233 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2234 if (!hdr)
2235 return -ENOBUFS;
2236
2237 if (WARN_ON(!state))
2238 return -EINVAL;
2239
2240 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2241 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2242 wiphy_name(&rdev->wiphy)) ||
2243 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2244 cfg80211_rdev_list_generation))
2245 goto nla_put_failure;
2246
2247 if (cmd != NL80211_CMD_NEW_WIPHY)
2248 goto finish;
2249
2250 switch (state->split_start) {
2251 case 0:
2252 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2253 rdev->wiphy.retry_short) ||
2254 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2255 rdev->wiphy.retry_long) ||
2256 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2257 rdev->wiphy.frag_threshold) ||
2258 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2259 rdev->wiphy.rts_threshold) ||
2260 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2261 rdev->wiphy.coverage_class) ||
2262 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2263 rdev->wiphy.max_scan_ssids) ||
2264 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2265 rdev->wiphy.max_sched_scan_ssids) ||
2266 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2267 rdev->wiphy.max_scan_ie_len) ||
2268 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2269 rdev->wiphy.max_sched_scan_ie_len) ||
2270 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2271 rdev->wiphy.max_match_sets))
2272 goto nla_put_failure;
2273
2274 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2275 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2276 goto nla_put_failure;
2277 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2278 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2279 goto nla_put_failure;
2280 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2281 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2282 goto nla_put_failure;
2283 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2284 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2285 goto nla_put_failure;
2286 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2287 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2288 goto nla_put_failure;
2289 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2290 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2291 goto nla_put_failure;
2292 state->split_start++;
2293 if (state->split)
2294 break;
2295 fallthrough;
2296 case 1:
2297 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2298 sizeof(u32) * rdev->wiphy.n_cipher_suites,
2299 rdev->wiphy.cipher_suites))
2300 goto nla_put_failure;
2301
2302 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2303 rdev->wiphy.max_num_pmkids))
2304 goto nla_put_failure;
2305
2306 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2307 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2308 goto nla_put_failure;
2309
2310 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2311 rdev->wiphy.available_antennas_tx) ||
2312 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2313 rdev->wiphy.available_antennas_rx))
2314 goto nla_put_failure;
2315
2316 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2317 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2318 rdev->wiphy.probe_resp_offload))
2319 goto nla_put_failure;
2320
2321 if ((rdev->wiphy.available_antennas_tx ||
2322 rdev->wiphy.available_antennas_rx) &&
2323 rdev->ops->get_antenna) {
2324 u32 tx_ant = 0, rx_ant = 0;
2325 int res;
2326
2327 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2328 if (!res) {
2329 if (nla_put_u32(msg,
2330 NL80211_ATTR_WIPHY_ANTENNA_TX,
2331 tx_ant) ||
2332 nla_put_u32(msg,
2333 NL80211_ATTR_WIPHY_ANTENNA_RX,
2334 rx_ant))
2335 goto nla_put_failure;
2336 }
2337 }
2338
2339 state->split_start++;
2340 if (state->split)
2341 break;
2342 fallthrough;
2343 case 2:
2344 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2345 rdev->wiphy.interface_modes))
2346 goto nla_put_failure;
2347 state->split_start++;
2348 if (state->split)
2349 break;
2350 fallthrough;
2351 case 3:
2352 nl_bands = nla_nest_start_noflag(msg,
2353 NL80211_ATTR_WIPHY_BANDS);
2354 if (!nl_bands)
2355 goto nla_put_failure;
2356
2357 for (band = state->band_start;
2358 band < (state->split ?
2359 NUM_NL80211_BANDS :
2360 NL80211_BAND_60GHZ + 1);
2361 band++) {
2362 struct ieee80211_supported_band *sband;
2363
2364
2365 if (band > NL80211_BAND_5GHZ && !state->split)
2366 break;
2367
2368 sband = rdev->wiphy.bands[band];
2369
2370 if (!sband)
2371 continue;
2372
2373 nl_band = nla_nest_start_noflag(msg, band);
2374 if (!nl_band)
2375 goto nla_put_failure;
2376
2377 switch (state->chan_start) {
2378 case 0:
2379 if (nl80211_send_band_rateinfo(msg, sband,
2380 state->split))
2381 goto nla_put_failure;
2382 state->chan_start++;
2383 if (state->split)
2384 break;
2385 fallthrough;
2386 default:
2387
2388 nl_freqs = nla_nest_start_noflag(msg,
2389 NL80211_BAND_ATTR_FREQS);
2390 if (!nl_freqs)
2391 goto nla_put_failure;
2392
2393 for (i = state->chan_start - 1;
2394 i < sband->n_channels;
2395 i++) {
2396 nl_freq = nla_nest_start_noflag(msg,
2397 i);
2398 if (!nl_freq)
2399 goto nla_put_failure;
2400
2401 chan = &sband->channels[i];
2402
2403 if (nl80211_msg_put_channel(
2404 msg, &rdev->wiphy, chan,
2405 state->split))
2406 goto nla_put_failure;
2407
2408 nla_nest_end(msg, nl_freq);
2409 if (state->split)
2410 break;
2411 }
2412 if (i < sband->n_channels)
2413 state->chan_start = i + 2;
2414 else
2415 state->chan_start = 0;
2416 nla_nest_end(msg, nl_freqs);
2417 }
2418
2419 nla_nest_end(msg, nl_band);
2420
2421 if (state->split) {
2422
2423 if (state->chan_start)
2424 band--;
2425 break;
2426 }
2427 }
2428 nla_nest_end(msg, nl_bands);
2429
2430 if (band < NUM_NL80211_BANDS)
2431 state->band_start = band + 1;
2432 else
2433 state->band_start = 0;
2434
2435
2436 if (state->band_start == 0 && state->chan_start == 0)
2437 state->split_start++;
2438 if (state->split)
2439 break;
2440 fallthrough;
2441 case 4:
2442 nl_cmds = nla_nest_start_noflag(msg,
2443 NL80211_ATTR_SUPPORTED_COMMANDS);
2444 if (!nl_cmds)
2445 goto nla_put_failure;
2446
2447 i = nl80211_add_commands_unsplit(rdev, msg);
2448 if (i < 0)
2449 goto nla_put_failure;
2450 if (state->split) {
2451 CMD(crit_proto_start, CRIT_PROTOCOL_START);
2452 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2453 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2454 CMD(channel_switch, CHANNEL_SWITCH);
2455 CMD(set_qos_map, SET_QOS_MAP);
2456 if (rdev->wiphy.features &
2457 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2458 CMD(add_tx_ts, ADD_TX_TS);
2459 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2460 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2461 CMD(update_ft_ies, UPDATE_FT_IES);
2462 if (rdev->wiphy.sar_capa)
2463 CMD(set_sar_specs, SET_SAR_SPECS);
2464 }
2465#undef CMD
2466
2467 nla_nest_end(msg, nl_cmds);
2468 state->split_start++;
2469 if (state->split)
2470 break;
2471 fallthrough;
2472 case 5:
2473 if (rdev->ops->remain_on_channel &&
2474 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2475 nla_put_u32(msg,
2476 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2477 rdev->wiphy.max_remain_on_channel_duration))
2478 goto nla_put_failure;
2479
2480 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2481 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2482 goto nla_put_failure;
2483
2484 state->split_start++;
2485 if (state->split)
2486 break;
2487 fallthrough;
2488 case 6:
2489#ifdef CONFIG_PM
2490 if (nl80211_send_wowlan(msg, rdev, state->split))
2491 goto nla_put_failure;
2492 state->split_start++;
2493 if (state->split)
2494 break;
2495#else
2496 state->split_start++;
2497#endif
2498 fallthrough;
2499 case 7:
2500 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2501 rdev->wiphy.software_iftypes))
2502 goto nla_put_failure;
2503
2504 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2505 state->split))
2506 goto nla_put_failure;
2507
2508 state->split_start++;
2509 if (state->split)
2510 break;
2511 fallthrough;
2512 case 8:
2513 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2514 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2515 rdev->wiphy.ap_sme_capa))
2516 goto nla_put_failure;
2517
2518 features = rdev->wiphy.features;
2519
2520
2521
2522
2523
2524 if (state->split)
2525 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2526 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2527 goto nla_put_failure;
2528
2529 if (rdev->wiphy.ht_capa_mod_mask &&
2530 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2531 sizeof(*rdev->wiphy.ht_capa_mod_mask),
2532 rdev->wiphy.ht_capa_mod_mask))
2533 goto nla_put_failure;
2534
2535 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2536 rdev->wiphy.max_acl_mac_addrs &&
2537 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2538 rdev->wiphy.max_acl_mac_addrs))
2539 goto nla_put_failure;
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551 if (state->split)
2552 state->split_start++;
2553 else
2554 state->split_start = 0;
2555 break;
2556 case 9:
2557 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2558 goto nla_put_failure;
2559
2560 if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
2561 rdev->wiphy.max_sched_scan_plans) ||
2562 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
2563 rdev->wiphy.max_sched_scan_plan_interval) ||
2564 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
2565 rdev->wiphy.max_sched_scan_plan_iterations))
2566 goto nla_put_failure;
2567
2568 if (rdev->wiphy.extended_capabilities &&
2569 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2570 rdev->wiphy.extended_capabilities_len,
2571 rdev->wiphy.extended_capabilities) ||
2572 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2573 rdev->wiphy.extended_capabilities_len,
2574 rdev->wiphy.extended_capabilities_mask)))
2575 goto nla_put_failure;
2576
2577 if (rdev->wiphy.vht_capa_mod_mask &&
2578 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2579 sizeof(*rdev->wiphy.vht_capa_mod_mask),
2580 rdev->wiphy.vht_capa_mod_mask))
2581 goto nla_put_failure;
2582
2583 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2584 rdev->wiphy.perm_addr))
2585 goto nla_put_failure;
2586
2587 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2588 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2589 rdev->wiphy.addr_mask))
2590 goto nla_put_failure;
2591
2592 if (rdev->wiphy.n_addresses > 1) {
2593 void *attr;
2594
2595 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2596 if (!attr)
2597 goto nla_put_failure;
2598
2599 for (i = 0; i < rdev->wiphy.n_addresses; i++)
2600 if (nla_put(msg, i + 1, ETH_ALEN,
2601 rdev->wiphy.addresses[i].addr))
2602 goto nla_put_failure;
2603
2604 nla_nest_end(msg, attr);
2605 }
2606
2607 state->split_start++;
2608 break;
2609 case 10:
2610 if (nl80211_send_coalesce(msg, rdev))
2611 goto nla_put_failure;
2612
2613 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2614 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2615 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2616 goto nla_put_failure;
2617
2618 if (rdev->wiphy.max_ap_assoc_sta &&
2619 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2620 rdev->wiphy.max_ap_assoc_sta))
2621 goto nla_put_failure;
2622
2623 state->split_start++;
2624 break;
2625 case 11:
2626 if (rdev->wiphy.n_vendor_commands) {
2627 const struct nl80211_vendor_cmd_info *info;
2628 struct nlattr *nested;
2629
2630 nested = nla_nest_start_noflag(msg,
2631 NL80211_ATTR_VENDOR_DATA);
2632 if (!nested)
2633 goto nla_put_failure;
2634
2635 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2636 info = &rdev->wiphy.vendor_commands[i].info;
2637 if (nla_put(msg, i + 1, sizeof(*info), info))
2638 goto nla_put_failure;
2639 }
2640 nla_nest_end(msg, nested);
2641 }
2642
2643 if (rdev->wiphy.n_vendor_events) {
2644 const struct nl80211_vendor_cmd_info *info;
2645 struct nlattr *nested;
2646
2647 nested = nla_nest_start_noflag(msg,
2648 NL80211_ATTR_VENDOR_EVENTS);
2649 if (!nested)
2650 goto nla_put_failure;
2651
2652 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2653 info = &rdev->wiphy.vendor_events[i];
2654 if (nla_put(msg, i + 1, sizeof(*info), info))
2655 goto nla_put_failure;
2656 }
2657 nla_nest_end(msg, nested);
2658 }
2659 state->split_start++;
2660 break;
2661 case 12:
2662 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2663 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2664 rdev->wiphy.max_num_csa_counters))
2665 goto nla_put_failure;
2666
2667 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2668 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2669 goto nla_put_failure;
2670
2671 if (rdev->wiphy.max_sched_scan_reqs &&
2672 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2673 rdev->wiphy.max_sched_scan_reqs))
2674 goto nla_put_failure;
2675
2676 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2677 sizeof(rdev->wiphy.ext_features),
2678 rdev->wiphy.ext_features))
2679 goto nla_put_failure;
2680
2681 if (rdev->wiphy.bss_select_support) {
2682 struct nlattr *nested;
2683 u32 bss_select_support = rdev->wiphy.bss_select_support;
2684
2685 nested = nla_nest_start_noflag(msg,
2686 NL80211_ATTR_BSS_SELECT);
2687 if (!nested)
2688 goto nla_put_failure;
2689
2690 i = 0;
2691 while (bss_select_support) {
2692 if ((bss_select_support & 1) &&
2693 nla_put_flag(msg, i))
2694 goto nla_put_failure;
2695 i++;
2696 bss_select_support >>= 1;
2697 }
2698 nla_nest_end(msg, nested);
2699 }
2700
2701 state->split_start++;
2702 break;
2703 case 13:
2704 if (rdev->wiphy.num_iftype_ext_capab &&
2705 rdev->wiphy.iftype_ext_capab) {
2706 struct nlattr *nested_ext_capab, *nested;
2707
2708 nested = nla_nest_start_noflag(msg,
2709 NL80211_ATTR_IFTYPE_EXT_CAPA);
2710 if (!nested)
2711 goto nla_put_failure;
2712
2713 for (i = state->capa_start;
2714 i < rdev->wiphy.num_iftype_ext_capab; i++) {
2715 const struct wiphy_iftype_ext_capab *capab;
2716
2717 capab = &rdev->wiphy.iftype_ext_capab[i];
2718
2719 nested_ext_capab = nla_nest_start_noflag(msg,
2720 i);
2721 if (!nested_ext_capab ||
2722 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2723 capab->iftype) ||
2724 nla_put(msg, NL80211_ATTR_EXT_CAPA,
2725 capab->extended_capabilities_len,
2726 capab->extended_capabilities) ||
2727 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2728 capab->extended_capabilities_len,
2729 capab->extended_capabilities_mask))
2730 goto nla_put_failure;
2731
2732 nla_nest_end(msg, nested_ext_capab);
2733 if (state->split)
2734 break;
2735 }
2736 nla_nest_end(msg, nested);
2737 if (i < rdev->wiphy.num_iftype_ext_capab) {
2738 state->capa_start = i + 1;
2739 break;
2740 }
2741 }
2742
2743 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2744 rdev->wiphy.nan_supported_bands))
2745 goto nla_put_failure;
2746
2747 if (wiphy_ext_feature_isset(&rdev->wiphy,
2748 NL80211_EXT_FEATURE_TXQS)) {
2749 struct cfg80211_txq_stats txqstats = {};
2750 int res;
2751
2752 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2753 if (!res &&
2754 !nl80211_put_txq_stats(msg, &txqstats,
2755 NL80211_ATTR_TXQ_STATS))
2756 goto nla_put_failure;
2757
2758 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2759 rdev->wiphy.txq_limit))
2760 goto nla_put_failure;
2761 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2762 rdev->wiphy.txq_memory_limit))
2763 goto nla_put_failure;
2764 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2765 rdev->wiphy.txq_quantum))
2766 goto nla_put_failure;
2767 }
2768
2769 state->split_start++;
2770 break;
2771 case 14:
2772 if (nl80211_send_pmsr_capa(rdev, msg))
2773 goto nla_put_failure;
2774
2775 state->split_start++;
2776 break;
2777 case 15:
2778 if (rdev->wiphy.akm_suites &&
2779 nla_put(msg, NL80211_ATTR_AKM_SUITES,
2780 sizeof(u32) * rdev->wiphy.n_akm_suites,
2781 rdev->wiphy.akm_suites))
2782 goto nla_put_failure;
2783
2784 if (nl80211_put_iftype_akm_suites(rdev, msg))
2785 goto nla_put_failure;
2786
2787 if (nl80211_put_tid_config_support(rdev, msg))
2788 goto nla_put_failure;
2789 state->split_start++;
2790 break;
2791 case 16:
2792 if (nl80211_put_sar_specs(rdev, msg))
2793 goto nla_put_failure;
2794
2795
2796 state->split_start = 0;
2797 break;
2798 }
2799 finish:
2800 genlmsg_end(msg, hdr);
2801 return 0;
2802
2803 nla_put_failure:
2804 genlmsg_cancel(msg, hdr);
2805 return -EMSGSIZE;
2806}
2807
2808static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2809 struct netlink_callback *cb,
2810 struct nl80211_dump_wiphy_state *state)
2811{
2812 struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
2813 int ret;
2814
2815 if (!tb)
2816 return -ENOMEM;
2817
2818 ret = nlmsg_parse_deprecated(cb->nlh,
2819 GENL_HDRLEN + nl80211_fam.hdrsize,
2820 tb, nl80211_fam.maxattr,
2821 nl80211_policy, NULL);
2822
2823 if (ret) {
2824 ret = 0;
2825 goto out;
2826 }
2827
2828 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2829 if (tb[NL80211_ATTR_WIPHY])
2830 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2831 if (tb[NL80211_ATTR_WDEV])
2832 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2833 if (tb[NL80211_ATTR_IFINDEX]) {
2834 struct net_device *netdev;
2835 struct cfg80211_registered_device *rdev;
2836 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2837
2838 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2839 if (!netdev) {
2840 ret = -ENODEV;
2841 goto out;
2842 }
2843 if (netdev->ieee80211_ptr) {
2844 rdev = wiphy_to_rdev(
2845 netdev->ieee80211_ptr->wiphy);
2846 state->filter_wiphy = rdev->wiphy_idx;
2847 }
2848 }
2849
2850 ret = 0;
2851out:
2852 kfree(tb);
2853 return ret;
2854}
2855
2856static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2857{
2858 int idx = 0, ret;
2859 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2860 struct cfg80211_registered_device *rdev;
2861
2862 rtnl_lock();
2863 if (!state) {
2864 state = kzalloc(sizeof(*state), GFP_KERNEL);
2865 if (!state) {
2866 rtnl_unlock();
2867 return -ENOMEM;
2868 }
2869 state->filter_wiphy = -1;
2870 ret = nl80211_dump_wiphy_parse(skb, cb, state);
2871 if (ret) {
2872 kfree(state);
2873 rtnl_unlock();
2874 return ret;
2875 }
2876 cb->args[0] = (long)state;
2877 }
2878
2879 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2880 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2881 continue;
2882 if (++idx <= state->start)
2883 continue;
2884 if (state->filter_wiphy != -1 &&
2885 state->filter_wiphy != rdev->wiphy_idx)
2886 continue;
2887
2888 do {
2889 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2890 skb,
2891 NETLINK_CB(cb->skb).portid,
2892 cb->nlh->nlmsg_seq,
2893 NLM_F_MULTI, state);
2894 if (ret < 0) {
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2909 !skb->len && !state->split &&
2910 cb->min_dump_alloc < 4096) {
2911 cb->min_dump_alloc = 4096;
2912 state->split_start = 0;
2913 rtnl_unlock();
2914 return 1;
2915 }
2916 idx--;
2917 break;
2918 }
2919 } while (state->split_start > 0);
2920 break;
2921 }
2922 rtnl_unlock();
2923
2924 state->start = idx;
2925
2926 return skb->len;
2927}
2928
2929static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2930{
2931 kfree((void *)cb->args[0]);
2932 return 0;
2933}
2934
2935static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2936{
2937 struct sk_buff *msg;
2938 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2939 struct nl80211_dump_wiphy_state state = {};
2940
2941 msg = nlmsg_new(4096, GFP_KERNEL);
2942 if (!msg)
2943 return -ENOMEM;
2944
2945 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2946 info->snd_portid, info->snd_seq, 0,
2947 &state) < 0) {
2948 nlmsg_free(msg);
2949 return -ENOBUFS;
2950 }
2951
2952 return genlmsg_reply(msg, info);
2953}
2954
2955static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2956 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
2957 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
2958 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
2959 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
2960 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
2961};
2962
2963static int parse_txq_params(struct nlattr *tb[],
2964 struct ieee80211_txq_params *txq_params)
2965{
2966 u8 ac;
2967
2968 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2969 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2970 !tb[NL80211_TXQ_ATTR_AIFS])
2971 return -EINVAL;
2972
2973 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2974 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2975 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2976 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2977 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2978
2979 if (ac >= NL80211_NUM_ACS)
2980 return -EINVAL;
2981 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2982 return 0;
2983}
2984
2985static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2986{
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002 return !wdev ||
3003 wdev->iftype == NL80211_IFTYPE_AP ||
3004 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
3005 wdev->iftype == NL80211_IFTYPE_MONITOR ||
3006 wdev->iftype == NL80211_IFTYPE_P2P_GO;
3007}
3008
3009int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3010 struct genl_info *info,
3011 struct cfg80211_chan_def *chandef)
3012{
3013 struct netlink_ext_ack *extack = info->extack;
3014 struct nlattr **attrs = info->attrs;
3015 u32 control_freq;
3016
3017 if (!attrs[NL80211_ATTR_WIPHY_FREQ])
3018 return -EINVAL;
3019
3020 control_freq = MHZ_TO_KHZ(
3021 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3022 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
3023 control_freq +=
3024 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
3025
3026 memset(chandef, 0, sizeof(*chandef));
3027 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
3028 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
3029 chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
3030 chandef->freq1_offset = control_freq % 1000;
3031 chandef->center_freq2 = 0;
3032
3033
3034 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
3035 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3036 "Channel is disabled");
3037 return -EINVAL;
3038 }
3039
3040 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
3041 enum nl80211_channel_type chantype;
3042
3043 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
3044
3045 switch (chantype) {
3046 case NL80211_CHAN_NO_HT:
3047 case NL80211_CHAN_HT20:
3048 case NL80211_CHAN_HT40PLUS:
3049 case NL80211_CHAN_HT40MINUS:
3050 cfg80211_chandef_create(chandef, chandef->chan,
3051 chantype);
3052
3053 if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
3054 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
3055 NL_SET_ERR_MSG_ATTR(extack,
3056 attrs[NL80211_ATTR_CENTER_FREQ1],
3057 "bad center frequency 1");
3058 return -EINVAL;
3059 }
3060
3061 if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
3062 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
3063 NL_SET_ERR_MSG_ATTR(extack,
3064 attrs[NL80211_ATTR_CENTER_FREQ2],
3065 "center frequency 2 can't be used");
3066 return -EINVAL;
3067 }
3068 break;
3069 default:
3070 NL_SET_ERR_MSG_ATTR(extack,
3071 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3072 "invalid channel type");
3073 return -EINVAL;
3074 }
3075 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
3076 chandef->width =
3077 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
3078 if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
3079 chandef->center_freq1 =
3080 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
3081 if (attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET])
3082 chandef->freq1_offset = nla_get_u32(
3083 attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]);
3084 else
3085 chandef->freq1_offset = 0;
3086 }
3087 if (attrs[NL80211_ATTR_CENTER_FREQ2])
3088 chandef->center_freq2 =
3089 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
3090 }
3091
3092 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
3093 chandef->edmg.channels =
3094 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
3095
3096 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
3097 chandef->edmg.bw_config =
3098 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
3099 } else {
3100 chandef->edmg.bw_config = 0;
3101 chandef->edmg.channels = 0;
3102 }
3103
3104 if (!cfg80211_chandef_valid(chandef)) {
3105 NL_SET_ERR_MSG(extack, "invalid channel definition");
3106 return -EINVAL;
3107 }
3108
3109 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
3110 IEEE80211_CHAN_DISABLED)) {
3111 NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
3112 return -EINVAL;
3113 }
3114
3115 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
3116 chandef->width == NL80211_CHAN_WIDTH_10) &&
3117 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
3118 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
3119 return -EINVAL;
3120 }
3121
3122 return 0;
3123}
3124
3125static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
3126 struct net_device *dev,
3127 struct genl_info *info)
3128{
3129 struct cfg80211_chan_def chandef;
3130 int result;
3131 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
3132 struct wireless_dev *wdev = NULL;
3133
3134 if (dev)
3135 wdev = dev->ieee80211_ptr;
3136 if (!nl80211_can_set_dev_channel(wdev))
3137 return -EOPNOTSUPP;
3138 if (wdev)
3139 iftype = wdev->iftype;
3140
3141 result = nl80211_parse_chandef(rdev, info, &chandef);
3142 if (result)
3143 return result;
3144
3145 switch (iftype) {
3146 case NL80211_IFTYPE_AP:
3147 case NL80211_IFTYPE_P2P_GO:
3148 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
3149 iftype)) {
3150 result = -EINVAL;
3151 break;
3152 }
3153 if (wdev->beacon_interval) {
3154 if (!dev || !rdev->ops->set_ap_chanwidth ||
3155 !(rdev->wiphy.features &
3156 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
3157 result = -EBUSY;
3158 break;
3159 }
3160
3161
3162 if (chandef.chan != wdev->preset_chandef.chan) {
3163 result = -EBUSY;
3164 break;
3165 }
3166 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
3167 if (result)
3168 break;
3169 }
3170 wdev->preset_chandef = chandef;
3171 result = 0;
3172 break;
3173 case NL80211_IFTYPE_MESH_POINT:
3174 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
3175 break;
3176 case NL80211_IFTYPE_MONITOR:
3177 result = cfg80211_set_monitor_channel(rdev, &chandef);
3178 break;
3179 default:
3180 result = -EINVAL;
3181 }
3182
3183 return result;
3184}
3185
3186static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
3187{
3188 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3189 struct net_device *netdev = info->user_ptr[1];
3190
3191 return __nl80211_set_channel(rdev, netdev, info);
3192}
3193
3194static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
3195{
3196 struct cfg80211_registered_device *rdev = NULL;
3197 struct net_device *netdev = NULL;
3198 struct wireless_dev *wdev;
3199 int result = 0, rem_txq_params = 0;
3200 struct nlattr *nl_txq_params;
3201 u32 changed;
3202 u8 retry_short = 0, retry_long = 0;
3203 u32 frag_threshold = 0, rts_threshold = 0;
3204 u8 coverage_class = 0;
3205 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3206
3207 rtnl_lock();
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218 if (info->attrs[NL80211_ATTR_IFINDEX]) {
3219 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3220
3221 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3222 if (netdev && netdev->ieee80211_ptr)
3223 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3224 else
3225 netdev = NULL;
3226 }
3227
3228 if (!netdev) {
3229 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3230 info->attrs);
3231 if (IS_ERR(rdev)) {
3232 rtnl_unlock();
3233 return PTR_ERR(rdev);
3234 }
3235 wdev = NULL;
3236 netdev = NULL;
3237 result = 0;
3238 } else
3239 wdev = netdev->ieee80211_ptr;
3240
3241 wiphy_lock(&rdev->wiphy);
3242
3243
3244
3245
3246
3247
3248 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3249 result = cfg80211_dev_rename(
3250 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3251 rtnl_unlock();
3252
3253 if (result)
3254 goto out;
3255
3256 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3257 struct ieee80211_txq_params txq_params;
3258 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3259
3260 if (!rdev->ops->set_txq_params) {
3261 result = -EOPNOTSUPP;
3262 goto out;
3263 }
3264
3265 if (!netdev) {
3266 result = -EINVAL;
3267 goto out;
3268 }
3269
3270 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3271 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3272 result = -EINVAL;
3273 goto out;
3274 }
3275
3276 if (!netif_running(netdev)) {
3277 result = -ENETDOWN;
3278 goto out;
3279 }
3280
3281 nla_for_each_nested(nl_txq_params,
3282 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3283 rem_txq_params) {
3284 result = nla_parse_nested_deprecated(tb,
3285 NL80211_TXQ_ATTR_MAX,
3286 nl_txq_params,
3287 txq_params_policy,
3288 info->extack);
3289 if (result)
3290 goto out;
3291 result = parse_txq_params(tb, &txq_params);
3292 if (result)
3293 goto out;
3294
3295 result = rdev_set_txq_params(rdev, netdev,
3296 &txq_params);
3297 if (result)
3298 goto out;
3299 }
3300 }
3301
3302 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3303 result = __nl80211_set_channel(
3304 rdev,
3305 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3306 info);
3307 if (result)
3308 goto out;
3309 }
3310
3311 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3312 struct wireless_dev *txp_wdev = wdev;
3313 enum nl80211_tx_power_setting type;
3314 int idx, mbm = 0;
3315
3316 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3317 txp_wdev = NULL;
3318
3319 if (!rdev->ops->set_tx_power) {
3320 result = -EOPNOTSUPP;
3321 goto out;
3322 }
3323
3324 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3325 type = nla_get_u32(info->attrs[idx]);
3326
3327 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
3328 (type != NL80211_TX_POWER_AUTOMATIC)) {
3329 result = -EINVAL;
3330 goto out;
3331 }
3332
3333 if (type != NL80211_TX_POWER_AUTOMATIC) {
3334 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
3335 mbm = nla_get_u32(info->attrs[idx]);
3336 }
3337
3338 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
3339 if (result)
3340 goto out;
3341 }
3342
3343 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
3344 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
3345 u32 tx_ant, rx_ant;
3346
3347 if ((!rdev->wiphy.available_antennas_tx &&
3348 !rdev->wiphy.available_antennas_rx) ||
3349 !rdev->ops->set_antenna) {
3350 result = -EOPNOTSUPP;
3351 goto out;
3352 }
3353
3354 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3355 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3356
3357
3358
3359 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3360 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
3361 result = -EINVAL;
3362 goto out;
3363 }
3364
3365 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3366 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3367
3368 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3369 if (result)
3370 goto out;
3371 }
3372
3373 changed = 0;
3374
3375 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3376 retry_short = nla_get_u8(
3377 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3378
3379 changed |= WIPHY_PARAM_RETRY_SHORT;
3380 }
3381
3382 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3383 retry_long = nla_get_u8(
3384 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3385
3386 changed |= WIPHY_PARAM_RETRY_LONG;
3387 }
3388
3389 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3390 frag_threshold = nla_get_u32(
3391 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3392 if (frag_threshold < 256) {
3393 result = -EINVAL;
3394 goto out;
3395 }
3396
3397 if (frag_threshold != (u32) -1) {
3398
3399
3400
3401
3402
3403
3404 frag_threshold &= ~0x1;
3405 }
3406 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3407 }
3408
3409 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3410 rts_threshold = nla_get_u32(
3411 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3412 changed |= WIPHY_PARAM_RTS_THRESHOLD;
3413 }
3414
3415 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3416 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3417 result = -EINVAL;
3418 goto out;
3419 }
3420
3421 coverage_class = nla_get_u8(
3422 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3423 changed |= WIPHY_PARAM_COVERAGE_CLASS;
3424 }
3425
3426 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3427 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION)) {
3428 result = -EOPNOTSUPP;
3429 goto out;
3430 }
3431
3432 changed |= WIPHY_PARAM_DYN_ACK;
3433 }
3434
3435 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3436 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3437 NL80211_EXT_FEATURE_TXQS)) {
3438 result = -EOPNOTSUPP;
3439 goto out;
3440 }
3441 txq_limit = nla_get_u32(
3442 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3443 changed |= WIPHY_PARAM_TXQ_LIMIT;
3444 }
3445
3446 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3447 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3448 NL80211_EXT_FEATURE_TXQS)) {
3449 result = -EOPNOTSUPP;
3450 goto out;
3451 }
3452 txq_memory_limit = nla_get_u32(
3453 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3454 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3455 }
3456
3457 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3458 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3459 NL80211_EXT_FEATURE_TXQS)) {
3460 result = -EOPNOTSUPP;
3461 goto out;
3462 }
3463 txq_quantum = nla_get_u32(
3464 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3465 changed |= WIPHY_PARAM_TXQ_QUANTUM;
3466 }
3467
3468 if (changed) {
3469 u8 old_retry_short, old_retry_long;
3470 u32 old_frag_threshold, old_rts_threshold;
3471 u8 old_coverage_class;
3472 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3473
3474 if (!rdev->ops->set_wiphy_params) {
3475 result = -EOPNOTSUPP;
3476 goto out;
3477 }
3478
3479 old_retry_short = rdev->wiphy.retry_short;
3480 old_retry_long = rdev->wiphy.retry_long;
3481 old_frag_threshold = rdev->wiphy.frag_threshold;
3482 old_rts_threshold = rdev->wiphy.rts_threshold;
3483 old_coverage_class = rdev->wiphy.coverage_class;
3484 old_txq_limit = rdev->wiphy.txq_limit;
3485 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3486 old_txq_quantum = rdev->wiphy.txq_quantum;
3487
3488 if (changed & WIPHY_PARAM_RETRY_SHORT)
3489 rdev->wiphy.retry_short = retry_short;
3490 if (changed & WIPHY_PARAM_RETRY_LONG)
3491 rdev->wiphy.retry_long = retry_long;
3492 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3493 rdev->wiphy.frag_threshold = frag_threshold;
3494 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3495 rdev->wiphy.rts_threshold = rts_threshold;
3496 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3497 rdev->wiphy.coverage_class = coverage_class;
3498 if (changed & WIPHY_PARAM_TXQ_LIMIT)
3499 rdev->wiphy.txq_limit = txq_limit;
3500 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3501 rdev->wiphy.txq_memory_limit = txq_memory_limit;
3502 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3503 rdev->wiphy.txq_quantum = txq_quantum;
3504
3505 result = rdev_set_wiphy_params(rdev, changed);
3506 if (result) {
3507 rdev->wiphy.retry_short = old_retry_short;
3508 rdev->wiphy.retry_long = old_retry_long;
3509 rdev->wiphy.frag_threshold = old_frag_threshold;
3510 rdev->wiphy.rts_threshold = old_rts_threshold;
3511 rdev->wiphy.coverage_class = old_coverage_class;
3512 rdev->wiphy.txq_limit = old_txq_limit;
3513 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3514 rdev->wiphy.txq_quantum = old_txq_quantum;
3515 goto out;
3516 }
3517 }
3518
3519 result = 0;
3520
3521out:
3522 wiphy_unlock(&rdev->wiphy);
3523 return result;
3524}
3525
3526static int nl80211_send_chandef(struct sk_buff *msg,
3527 const struct cfg80211_chan_def *chandef)
3528{
3529 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3530 return -EINVAL;
3531
3532 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3533 chandef->chan->center_freq))
3534 return -ENOBUFS;
3535 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
3536 chandef->chan->freq_offset))
3537 return -ENOBUFS;
3538 switch (chandef->width) {
3539 case NL80211_CHAN_WIDTH_20_NOHT:
3540 case NL80211_CHAN_WIDTH_20:
3541 case NL80211_CHAN_WIDTH_40:
3542 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3543 cfg80211_get_chandef_type(chandef)))
3544 return -ENOBUFS;
3545 break;
3546 default:
3547 break;
3548 }
3549 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3550 return -ENOBUFS;
3551 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3552 return -ENOBUFS;
3553 if (chandef->center_freq2 &&
3554 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3555 return -ENOBUFS;
3556 return 0;
3557}
3558
3559static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3560 struct cfg80211_registered_device *rdev,
3561 struct wireless_dev *wdev,
3562 enum nl80211_commands cmd)
3563{
3564 struct net_device *dev = wdev->netdev;
3565 void *hdr;
3566
3567 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3568 cmd != NL80211_CMD_DEL_INTERFACE &&
3569 cmd != NL80211_CMD_SET_INTERFACE);
3570
3571 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3572 if (!hdr)
3573 return -1;
3574
3575 if (dev &&
3576 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3577 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3578 goto nla_put_failure;
3579
3580 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3581 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3582 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3583 NL80211_ATTR_PAD) ||
3584 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3585 nla_put_u32(msg, NL80211_ATTR_GENERATION,
3586 rdev->devlist_generation ^
3587 (cfg80211_rdev_list_generation << 2)) ||
3588 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3589 goto nla_put_failure;
3590
3591 if (rdev->ops->get_channel) {
3592 int ret;
3593 struct cfg80211_chan_def chandef = {};
3594
3595 ret = rdev_get_channel(rdev, wdev, &chandef);
3596 if (ret == 0) {
3597 if (nl80211_send_chandef(msg, &chandef))
3598 goto nla_put_failure;
3599 }
3600 }
3601
3602 if (rdev->ops->get_tx_power) {
3603 int dbm, ret;
3604
3605 ret = rdev_get_tx_power(rdev, wdev, &dbm);
3606 if (ret == 0 &&
3607 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3608 DBM_TO_MBM(dbm)))
3609 goto nla_put_failure;
3610 }
3611
3612 wdev_lock(wdev);
3613 switch (wdev->iftype) {
3614 case NL80211_IFTYPE_AP:
3615 if (wdev->ssid_len &&
3616 nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3617 goto nla_put_failure_locked;
3618 break;
3619 case NL80211_IFTYPE_STATION:
3620 case NL80211_IFTYPE_P2P_CLIENT:
3621 case NL80211_IFTYPE_ADHOC: {
3622 const u8 *ssid_ie;
3623 if (!wdev->current_bss)
3624 break;
3625 rcu_read_lock();
3626 ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3627 WLAN_EID_SSID);
3628 if (ssid_ie &&
3629 nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3630 goto nla_put_failure_rcu_locked;
3631 rcu_read_unlock();
3632 break;
3633 }
3634 default:
3635
3636 break;
3637 }
3638 wdev_unlock(wdev);
3639
3640 if (rdev->ops->get_txq_stats) {
3641 struct cfg80211_txq_stats txqstats = {};
3642 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3643
3644 if (ret == 0 &&
3645 !nl80211_put_txq_stats(msg, &txqstats,
3646 NL80211_ATTR_TXQ_STATS))
3647 goto nla_put_failure;
3648 }
3649
3650 genlmsg_end(msg, hdr);
3651 return 0;
3652
3653 nla_put_failure_rcu_locked:
3654 rcu_read_unlock();
3655 nla_put_failure_locked:
3656 wdev_unlock(wdev);
3657 nla_put_failure:
3658 genlmsg_cancel(msg, hdr);
3659 return -EMSGSIZE;
3660}
3661
3662static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3663{
3664 int wp_idx = 0;
3665 int if_idx = 0;
3666 int wp_start = cb->args[0];
3667 int if_start = cb->args[1];
3668 int filter_wiphy = -1;
3669 struct cfg80211_registered_device *rdev;
3670 struct wireless_dev *wdev;
3671 int ret;
3672
3673 rtnl_lock();
3674 if (!cb->args[2]) {
3675 struct nl80211_dump_wiphy_state state = {
3676 .filter_wiphy = -1,
3677 };
3678
3679 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3680 if (ret)
3681 goto out_unlock;
3682
3683 filter_wiphy = state.filter_wiphy;
3684
3685
3686
3687
3688
3689 if (filter_wiphy >= 0)
3690 cb->args[2] = filter_wiphy + 1;
3691 else
3692 cb->args[2] = -1;
3693 } else if (cb->args[2] > 0) {
3694 filter_wiphy = cb->args[2] - 1;
3695 }
3696
3697 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3698 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3699 continue;
3700 if (wp_idx < wp_start) {
3701 wp_idx++;
3702 continue;
3703 }
3704
3705 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3706 continue;
3707
3708 if_idx = 0;
3709
3710 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3711 if (if_idx < if_start) {
3712 if_idx++;
3713 continue;
3714 }
3715 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3716 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3717 rdev, wdev,
3718 NL80211_CMD_NEW_INTERFACE) < 0) {
3719 goto out;
3720 }
3721 if_idx++;
3722 }
3723
3724 wp_idx++;
3725 }
3726 out:
3727 cb->args[0] = wp_idx;
3728 cb->args[1] = if_idx;
3729
3730 ret = skb->len;
3731 out_unlock:
3732 rtnl_unlock();
3733
3734 return ret;
3735}
3736
3737static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3738{
3739 struct sk_buff *msg;
3740 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3741 struct wireless_dev *wdev = info->user_ptr[1];
3742
3743 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3744 if (!msg)
3745 return -ENOMEM;
3746
3747 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3748 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3749 nlmsg_free(msg);
3750 return -ENOBUFS;
3751 }
3752
3753 return genlmsg_reply(msg, info);
3754}
3755
3756static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3757 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3758 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3759 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3760 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3761 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3762 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3763};
3764
3765static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3766{
3767 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3768 int flag;
3769
3770 *mntrflags = 0;
3771
3772 if (!nla)
3773 return -EINVAL;
3774
3775 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3776 return -EINVAL;
3777
3778 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3779 if (flags[flag])
3780 *mntrflags |= (1<<flag);
3781
3782 *mntrflags |= MONITOR_FLAG_CHANGED;
3783
3784 return 0;
3785}
3786
3787static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3788 enum nl80211_iftype type,
3789 struct genl_info *info,
3790 struct vif_params *params)
3791{
3792 bool change = false;
3793 int err;
3794
3795 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3796 if (type != NL80211_IFTYPE_MONITOR)
3797 return -EINVAL;
3798
3799 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3800 ¶ms->flags);
3801 if (err)
3802 return err;
3803
3804 change = true;
3805 }
3806
3807 if (params->flags & MONITOR_FLAG_ACTIVE &&
3808 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3809 return -EOPNOTSUPP;
3810
3811 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3812 const u8 *mumimo_groups;
3813 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3814
3815 if (type != NL80211_IFTYPE_MONITOR)
3816 return -EINVAL;
3817
3818 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3819 return -EOPNOTSUPP;
3820
3821 mumimo_groups =
3822 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3823
3824
3825 if ((mumimo_groups[0] & BIT(0)) ||
3826 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3827 return -EINVAL;
3828
3829 params->vht_mumimo_groups = mumimo_groups;
3830 change = true;
3831 }
3832
3833 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3834 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3835
3836 if (type != NL80211_IFTYPE_MONITOR)
3837 return -EINVAL;
3838
3839 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3840 return -EOPNOTSUPP;
3841
3842 params->vht_mumimo_follow_addr =
3843 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3844 change = true;
3845 }
3846
3847 return change ? 1 : 0;
3848}
3849
3850static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3851 struct net_device *netdev, u8 use_4addr,
3852 enum nl80211_iftype iftype)
3853{
3854 if (!use_4addr) {
3855 if (netdev && netif_is_bridge_port(netdev))
3856 return -EBUSY;
3857 return 0;
3858 }
3859
3860 switch (iftype) {
3861 case NL80211_IFTYPE_AP_VLAN:
3862 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3863 return 0;
3864 break;
3865 case NL80211_IFTYPE_STATION:
3866 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3867 return 0;
3868 break;
3869 default:
3870 break;
3871 }
3872
3873 return -EOPNOTSUPP;
3874}
3875
3876static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3877{
3878 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3879 struct vif_params params;
3880 int err;
3881 enum nl80211_iftype otype, ntype;
3882 struct net_device *dev = info->user_ptr[1];
3883 bool change = false;
3884
3885 memset(¶ms, 0, sizeof(params));
3886
3887 otype = ntype = dev->ieee80211_ptr->iftype;
3888
3889 if (info->attrs[NL80211_ATTR_IFTYPE]) {
3890 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3891 if (otype != ntype)
3892 change = true;
3893 }
3894
3895 if (info->attrs[NL80211_ATTR_MESH_ID]) {
3896 struct wireless_dev *wdev = dev->ieee80211_ptr;
3897
3898 if (ntype != NL80211_IFTYPE_MESH_POINT)
3899 return -EINVAL;
3900 if (netif_running(dev))
3901 return -EBUSY;
3902
3903 wdev_lock(wdev);
3904 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3905 IEEE80211_MAX_MESH_ID_LEN);
3906 wdev->mesh_id_up_len =
3907 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3908 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3909 wdev->mesh_id_up_len);
3910 wdev_unlock(wdev);
3911 }
3912
3913 if (info->attrs[NL80211_ATTR_4ADDR]) {
3914 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3915 change = true;
3916 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3917 if (err)
3918 return err;
3919 } else {
3920 params.use_4addr = -1;
3921 }
3922
3923 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms);
3924 if (err < 0)
3925 return err;
3926 if (err > 0)
3927 change = true;
3928
3929 if (change)
3930 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms);
3931 else
3932 err = 0;
3933
3934 if (!err && params.use_4addr != -1)
3935 dev->ieee80211_ptr->use_4addr = params.use_4addr;
3936
3937 if (change && !err) {
3938 struct wireless_dev *wdev = dev->ieee80211_ptr;
3939
3940 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3941 }
3942
3943 return err;
3944}
3945
3946static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3947{
3948 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3949 struct vif_params params;
3950 struct wireless_dev *wdev;
3951 struct sk_buff *msg;
3952 int err;
3953 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3954
3955 memset(¶ms, 0, sizeof(params));
3956
3957 if (!info->attrs[NL80211_ATTR_IFNAME])
3958 return -EINVAL;
3959
3960 if (info->attrs[NL80211_ATTR_IFTYPE])
3961 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3962
3963 if (!rdev->ops->add_virtual_intf)
3964 return -EOPNOTSUPP;
3965
3966 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3967 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3968 info->attrs[NL80211_ATTR_MAC]) {
3969 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3970 ETH_ALEN);
3971 if (!is_valid_ether_addr(params.macaddr))
3972 return -EADDRNOTAVAIL;
3973 }
3974
3975 if (info->attrs[NL80211_ATTR_4ADDR]) {
3976 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3977 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3978 if (err)
3979 return err;
3980 }
3981
3982 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3983 return -EOPNOTSUPP;
3984
3985 err = nl80211_parse_mon_options(rdev, type, info, ¶ms);
3986 if (err < 0)
3987 return err;
3988
3989 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3990 if (!msg)
3991 return -ENOMEM;
3992
3993 wdev = rdev_add_virtual_intf(rdev,
3994 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3995 NET_NAME_USER, type, ¶ms);
3996 if (WARN_ON(!wdev)) {
3997 nlmsg_free(msg);
3998 return -EPROTO;
3999 } else if (IS_ERR(wdev)) {
4000 nlmsg_free(msg);
4001 return PTR_ERR(wdev);
4002 }
4003
4004 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4005 wdev->owner_nlportid = info->snd_portid;
4006
4007 switch (type) {
4008 case NL80211_IFTYPE_MESH_POINT:
4009 if (!info->attrs[NL80211_ATTR_MESH_ID])
4010 break;
4011 wdev_lock(wdev);
4012 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
4013 IEEE80211_MAX_MESH_ID_LEN);
4014 wdev->mesh_id_up_len =
4015 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4016 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4017 wdev->mesh_id_up_len);
4018 wdev_unlock(wdev);
4019 break;
4020 case NL80211_IFTYPE_NAN:
4021 case NL80211_IFTYPE_P2P_DEVICE:
4022
4023
4024
4025
4026 cfg80211_init_wdev(wdev);
4027 cfg80211_register_wdev(rdev, wdev);
4028 break;
4029 default:
4030 break;
4031 }
4032
4033 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4034 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4035 nlmsg_free(msg);
4036 return -ENOBUFS;
4037 }
4038
4039 return genlmsg_reply(msg, info);
4040}
4041
4042static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4043{
4044 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4045 int ret;
4046
4047
4048 cfg80211_destroy_ifaces(rdev);
4049
4050 wiphy_lock(&rdev->wiphy);
4051 ret = _nl80211_new_interface(skb, info);
4052 wiphy_unlock(&rdev->wiphy);
4053
4054 return ret;
4055}
4056
4057static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
4058{
4059 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4060 struct wireless_dev *wdev = info->user_ptr[1];
4061
4062 if (!rdev->ops->del_virtual_intf)
4063 return -EOPNOTSUPP;
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074 mutex_unlock(&rdev->wiphy.mtx);
4075
4076
4077
4078
4079
4080
4081
4082
4083 if (!wdev->netdev)
4084 info->user_ptr[1] = NULL;
4085 else
4086 dev_close(wdev->netdev);
4087
4088 mutex_lock(&rdev->wiphy.mtx);
4089
4090 return rdev_del_virtual_intf(rdev, wdev);
4091}
4092
4093static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
4094{
4095 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4096 struct net_device *dev = info->user_ptr[1];
4097 u16 noack_map;
4098
4099 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
4100 return -EINVAL;
4101
4102 if (!rdev->ops->set_noack_map)
4103 return -EOPNOTSUPP;
4104
4105 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
4106
4107 return rdev_set_noack_map(rdev, dev, noack_map);
4108}
4109
4110struct get_key_cookie {
4111 struct sk_buff *msg;
4112 int error;
4113 int idx;
4114};
4115
4116static void get_key_callback(void *c, struct key_params *params)
4117{
4118 struct nlattr *key;
4119 struct get_key_cookie *cookie = c;
4120
4121 if ((params->key &&
4122 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
4123 params->key_len, params->key)) ||
4124 (params->seq &&
4125 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
4126 params->seq_len, params->seq)) ||
4127 (params->cipher &&
4128 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
4129 params->cipher)))
4130 goto nla_put_failure;
4131
4132 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
4133 if (!key)
4134 goto nla_put_failure;
4135
4136 if ((params->key &&
4137 nla_put(cookie->msg, NL80211_KEY_DATA,
4138 params->key_len, params->key)) ||
4139 (params->seq &&
4140 nla_put(cookie->msg, NL80211_KEY_SEQ,
4141 params->seq_len, params->seq)) ||
4142 (params->cipher &&
4143 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
4144 params->cipher)))
4145 goto nla_put_failure;
4146
4147 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
4148 goto nla_put_failure;
4149
4150 nla_nest_end(cookie->msg, key);
4151
4152 return;
4153 nla_put_failure:
4154 cookie->error = 1;
4155}
4156
4157static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
4158{
4159 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4160 int err;
4161 struct net_device *dev = info->user_ptr[1];
4162 u8 key_idx = 0;
4163 const u8 *mac_addr = NULL;
4164 bool pairwise;
4165 struct get_key_cookie cookie = {
4166 .error = 0,
4167 };
4168 void *hdr;
4169 struct sk_buff *msg;
4170 bool bigtk_support = false;
4171
4172 if (wiphy_ext_feature_isset(&rdev->wiphy,
4173 NL80211_EXT_FEATURE_BEACON_PROTECTION))
4174 bigtk_support = true;
4175
4176 if ((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_STATION ||
4177 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
4178 wiphy_ext_feature_isset(&rdev->wiphy,
4179 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
4180 bigtk_support = true;
4181
4182 if (info->attrs[NL80211_ATTR_KEY_IDX]) {
4183 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
4184
4185 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
4186 GENL_SET_ERR_MSG(info, "BIGTK not supported");
4187 return -EINVAL;
4188 }
4189 }
4190
4191 if (info->attrs[NL80211_ATTR_MAC])
4192 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4193
4194 pairwise = !!mac_addr;
4195 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
4196 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
4197
4198 if (kt != NL80211_KEYTYPE_GROUP &&
4199 kt != NL80211_KEYTYPE_PAIRWISE)
4200 return -EINVAL;
4201 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
4202 }
4203
4204 if (!rdev->ops->get_key)
4205 return -EOPNOTSUPP;
4206
4207 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4208 return -ENOENT;
4209
4210 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4211 if (!msg)
4212 return -ENOMEM;
4213
4214 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4215 NL80211_CMD_NEW_KEY);
4216 if (!hdr)
4217 goto nla_put_failure;
4218
4219 cookie.msg = msg;
4220 cookie.idx = key_idx;
4221
4222 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4223 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
4224 goto nla_put_failure;
4225 if (mac_addr &&
4226 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
4227 goto nla_put_failure;
4228
4229 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
4230 get_key_callback);
4231
4232 if (err)
4233 goto free_msg;
4234
4235 if (cookie.error)
4236 goto nla_put_failure;
4237
4238 genlmsg_end(msg, hdr);
4239 return genlmsg_reply(msg, info);
4240
4241 nla_put_failure:
4242 err = -ENOBUFS;
4243 free_msg:
4244 nlmsg_free(msg);
4245 return err;
4246}
4247
4248static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
4249{
4250 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4251 struct key_parse key;
4252 int err;
4253 struct net_device *dev = info->user_ptr[1];
4254
4255 err = nl80211_parse_key(info, &key);
4256 if (err)
4257 return err;
4258
4259 if (key.idx < 0)
4260 return -EINVAL;
4261
4262
4263
4264
4265 if (!key.def && !key.defmgmt && !key.defbeacon &&
4266 !(key.p.mode == NL80211_KEY_SET_TX))
4267 return -EINVAL;
4268
4269 wdev_lock(dev->ieee80211_ptr);
4270
4271 if (key.def) {
4272 if (!rdev->ops->set_default_key) {
4273 err = -EOPNOTSUPP;
4274 goto out;
4275 }
4276
4277 err = nl80211_key_allowed(dev->ieee80211_ptr);
4278 if (err)
4279 goto out;
4280
4281 err = rdev_set_default_key(rdev, dev, key.idx,
4282 key.def_uni, key.def_multi);
4283
4284 if (err)
4285 goto out;
4286
4287#ifdef CONFIG_CFG80211_WEXT
4288 dev->ieee80211_ptr->wext.default_key = key.idx;
4289#endif
4290 } else if (key.defmgmt) {
4291 if (key.def_uni || !key.def_multi) {
4292 err = -EINVAL;
4293 goto out;
4294 }
4295
4296 if (!rdev->ops->set_default_mgmt_key) {
4297 err = -EOPNOTSUPP;
4298 goto out;
4299 }
4300
4301 err = nl80211_key_allowed(dev->ieee80211_ptr);
4302 if (err)
4303 goto out;
4304
4305 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
4306 if (err)
4307 goto out;
4308
4309#ifdef CONFIG_CFG80211_WEXT
4310 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
4311#endif
4312 } else if (key.defbeacon) {
4313 if (key.def_uni || !key.def_multi) {
4314 err = -EINVAL;
4315 goto out;
4316 }
4317
4318 if (!rdev->ops->set_default_beacon_key) {
4319 err = -EOPNOTSUPP;
4320 goto out;
4321 }
4322
4323 err = nl80211_key_allowed(dev->ieee80211_ptr);
4324 if (err)
4325 goto out;
4326
4327 err = rdev_set_default_beacon_key(rdev, dev, key.idx);
4328 if (err)
4329 goto out;
4330 } else if (key.p.mode == NL80211_KEY_SET_TX &&
4331 wiphy_ext_feature_isset(&rdev->wiphy,
4332 NL80211_EXT_FEATURE_EXT_KEY_ID)) {
4333 u8 *mac_addr = NULL;
4334
4335 if (info->attrs[NL80211_ATTR_MAC])
4336 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4337
4338 if (!mac_addr || key.idx < 0 || key.idx > 1) {
4339 err = -EINVAL;
4340 goto out;
4341 }
4342
4343 err = rdev_add_key(rdev, dev, key.idx,
4344 NL80211_KEYTYPE_PAIRWISE,
4345 mac_addr, &key.p);
4346 } else {
4347 err = -EINVAL;
4348 }
4349 out:
4350 wdev_unlock(dev->ieee80211_ptr);
4351
4352 return err;
4353}
4354
4355static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
4356{
4357 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4358 int err;
4359 struct net_device *dev = info->user_ptr[1];
4360 struct key_parse key;
4361 const u8 *mac_addr = NULL;
4362
4363 err = nl80211_parse_key(info, &key);
4364 if (err)
4365 return err;
4366
4367 if (!key.p.key) {
4368 GENL_SET_ERR_MSG(info, "no key");
4369 return -EINVAL;
4370 }
4371
4372 if (info->attrs[NL80211_ATTR_MAC])
4373 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4374
4375 if (key.type == -1) {
4376 if (mac_addr)
4377 key.type = NL80211_KEYTYPE_PAIRWISE;
4378 else
4379 key.type = NL80211_KEYTYPE_GROUP;
4380 }
4381
4382
4383 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4384 key.type != NL80211_KEYTYPE_GROUP) {
4385 GENL_SET_ERR_MSG(info, "key type not pairwise or group");
4386 return -EINVAL;
4387 }
4388
4389 if (key.type == NL80211_KEYTYPE_GROUP &&
4390 info->attrs[NL80211_ATTR_VLAN_ID])
4391 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
4392
4393 if (!rdev->ops->add_key)
4394 return -EOPNOTSUPP;
4395
4396 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
4397 key.type == NL80211_KEYTYPE_PAIRWISE,
4398 mac_addr)) {
4399 GENL_SET_ERR_MSG(info, "key setting validation failed");
4400 return -EINVAL;
4401 }
4402
4403 wdev_lock(dev->ieee80211_ptr);
4404 err = nl80211_key_allowed(dev->ieee80211_ptr);
4405 if (err)
4406 GENL_SET_ERR_MSG(info, "key not allowed");
4407 if (!err) {
4408 err = rdev_add_key(rdev, dev, key.idx,
4409 key.type == NL80211_KEYTYPE_PAIRWISE,
4410 mac_addr, &key.p);
4411 if (err)
4412 GENL_SET_ERR_MSG(info, "key addition failed");
4413 }
4414 wdev_unlock(dev->ieee80211_ptr);
4415
4416 return err;
4417}
4418
4419static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
4420{
4421 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4422 int err;
4423 struct net_device *dev = info->user_ptr[1];
4424 u8 *mac_addr = NULL;
4425 struct key_parse key;
4426
4427 err = nl80211_parse_key(info, &key);
4428 if (err)
4429 return err;
4430
4431 if (info->attrs[NL80211_ATTR_MAC])
4432 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4433
4434 if (key.type == -1) {
4435 if (mac_addr)
4436 key.type = NL80211_KEYTYPE_PAIRWISE;
4437 else
4438 key.type = NL80211_KEYTYPE_GROUP;
4439 }
4440
4441
4442 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4443 key.type != NL80211_KEYTYPE_GROUP)
4444 return -EINVAL;
4445
4446 if (!cfg80211_valid_key_idx(rdev, key.idx,
4447 key.type == NL80211_KEYTYPE_PAIRWISE))
4448 return -EINVAL;
4449
4450 if (!rdev->ops->del_key)
4451 return -EOPNOTSUPP;
4452
4453 wdev_lock(dev->ieee80211_ptr);
4454 err = nl80211_key_allowed(dev->ieee80211_ptr);
4455
4456 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4457 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4458 err = -ENOENT;
4459
4460 if (!err)
4461 err = rdev_del_key(rdev, dev, key.idx,
4462 key.type == NL80211_KEYTYPE_PAIRWISE,
4463 mac_addr);
4464
4465#ifdef CONFIG_CFG80211_WEXT
4466 if (!err) {
4467 if (key.idx == dev->ieee80211_ptr->wext.default_key)
4468 dev->ieee80211_ptr->wext.default_key = -1;
4469 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
4470 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
4471 }
4472#endif
4473 wdev_unlock(dev->ieee80211_ptr);
4474
4475 return err;
4476}
4477
4478
4479static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4480{
4481 struct nlattr *attr;
4482 int n_entries = 0, tmp;
4483
4484 nla_for_each_nested(attr, nl_attr, tmp) {
4485 if (nla_len(attr) != ETH_ALEN)
4486 return -EINVAL;
4487
4488 n_entries++;
4489 }
4490
4491 return n_entries;
4492}
4493
4494
4495
4496
4497
4498
4499static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
4500 struct genl_info *info)
4501{
4502 enum nl80211_acl_policy acl_policy;
4503 struct nlattr *attr;
4504 struct cfg80211_acl_data *acl;
4505 int i = 0, n_entries, tmp;
4506
4507 if (!wiphy->max_acl_mac_addrs)
4508 return ERR_PTR(-EOPNOTSUPP);
4509
4510 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
4511 return ERR_PTR(-EINVAL);
4512
4513 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
4514 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
4515 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
4516 return ERR_PTR(-EINVAL);
4517
4518 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
4519 return ERR_PTR(-EINVAL);
4520
4521 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
4522 if (n_entries < 0)
4523 return ERR_PTR(n_entries);
4524
4525 if (n_entries > wiphy->max_acl_mac_addrs)
4526 return ERR_PTR(-ENOTSUPP);
4527
4528 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
4529 if (!acl)
4530 return ERR_PTR(-ENOMEM);
4531
4532 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
4533 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
4534 i++;
4535 }
4536
4537 acl->n_acl_entries = n_entries;
4538 acl->acl_policy = acl_policy;
4539
4540 return acl;
4541}
4542
4543static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
4544{
4545 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4546 struct net_device *dev = info->user_ptr[1];
4547 struct cfg80211_acl_data *acl;
4548 int err;
4549
4550 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4551 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4552 return -EOPNOTSUPP;
4553
4554 if (!dev->ieee80211_ptr->beacon_interval)
4555 return -EINVAL;
4556
4557 acl = parse_acl_data(&rdev->wiphy, info);
4558 if (IS_ERR(acl))
4559 return PTR_ERR(acl);
4560
4561 err = rdev_set_mac_acl(rdev, dev, acl);
4562
4563 kfree(acl);
4564
4565 return err;
4566}
4567
4568static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4569 u8 *rates, u8 rates_len)
4570{
4571 u8 i;
4572 u32 mask = 0;
4573
4574 for (i = 0; i < rates_len; i++) {
4575 int rate = (rates[i] & 0x7f) * 5;
4576 int ridx;
4577
4578 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4579 struct ieee80211_rate *srate =
4580 &sband->bitrates[ridx];
4581 if (rate == srate->bitrate) {
4582 mask |= 1 << ridx;
4583 break;
4584 }
4585 }
4586 if (ridx == sband->n_bitrates)
4587 return 0;
4588 }
4589
4590 return mask;
4591}
4592
4593static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4594 u8 *rates, u8 rates_len,
4595 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4596{
4597 u8 i;
4598
4599 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4600
4601 for (i = 0; i < rates_len; i++) {
4602 int ridx, rbit;
4603
4604 ridx = rates[i] / 8;
4605 rbit = BIT(rates[i] % 8);
4606
4607
4608 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4609 return false;
4610
4611
4612 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4613 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4614 mcs[ridx] |= rbit;
4615 else
4616 return false;
4617 }
4618
4619 return true;
4620}
4621
4622static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4623{
4624 u16 mcs_mask = 0;
4625
4626 switch (vht_mcs_map) {
4627 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4628 break;
4629 case IEEE80211_VHT_MCS_SUPPORT_0_7:
4630 mcs_mask = 0x00FF;
4631 break;
4632 case IEEE80211_VHT_MCS_SUPPORT_0_8:
4633 mcs_mask = 0x01FF;
4634 break;
4635 case IEEE80211_VHT_MCS_SUPPORT_0_9:
4636 mcs_mask = 0x03FF;
4637 break;
4638 default:
4639 break;
4640 }
4641
4642 return mcs_mask;
4643}
4644
4645static void vht_build_mcs_mask(u16 vht_mcs_map,
4646 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4647{
4648 u8 nss;
4649
4650 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4651 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4652 vht_mcs_map >>= 2;
4653 }
4654}
4655
4656static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4657 struct nl80211_txrate_vht *txrate,
4658 u16 mcs[NL80211_VHT_NSS_MAX])
4659{
4660 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4661 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4662 u8 i;
4663
4664 if (!sband->vht_cap.vht_supported)
4665 return false;
4666
4667 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4668
4669
4670 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4671
4672 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4673 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4674 mcs[i] = txrate->mcs[i];
4675 else
4676 return false;
4677 }
4678
4679 return true;
4680}
4681
4682static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
4683{
4684 switch (he_mcs_map) {
4685 case IEEE80211_HE_MCS_NOT_SUPPORTED:
4686 return 0;
4687 case IEEE80211_HE_MCS_SUPPORT_0_7:
4688 return 0x00FF;
4689 case IEEE80211_HE_MCS_SUPPORT_0_9:
4690 return 0x03FF;
4691 case IEEE80211_HE_MCS_SUPPORT_0_11:
4692 return 0xFFF;
4693 default:
4694 break;
4695 }
4696 return 0;
4697}
4698
4699static void he_build_mcs_mask(u16 he_mcs_map,
4700 u16 he_mcs_mask[NL80211_HE_NSS_MAX])
4701{
4702 u8 nss;
4703
4704 for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
4705 he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
4706 he_mcs_map >>= 2;
4707 }
4708}
4709
4710static u16 he_get_txmcsmap(struct genl_info *info,
4711 const struct ieee80211_sta_he_cap *he_cap)
4712{
4713 struct net_device *dev = info->user_ptr[1];
4714 struct wireless_dev *wdev = dev->ieee80211_ptr;
4715 __le16 tx_mcs;
4716
4717 switch (wdev->chandef.width) {
4718 case NL80211_CHAN_WIDTH_80P80:
4719 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
4720 break;
4721 case NL80211_CHAN_WIDTH_160:
4722 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
4723 break;
4724 default:
4725 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
4726 break;
4727 }
4728 return le16_to_cpu(tx_mcs);
4729}
4730
4731static bool he_set_mcs_mask(struct genl_info *info,
4732 struct wireless_dev *wdev,
4733 struct ieee80211_supported_band *sband,
4734 struct nl80211_txrate_he *txrate,
4735 u16 mcs[NL80211_HE_NSS_MAX])
4736{
4737 const struct ieee80211_sta_he_cap *he_cap;
4738 u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
4739 u16 tx_mcs_map = 0;
4740 u8 i;
4741
4742 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
4743 if (!he_cap)
4744 return false;
4745
4746 memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
4747
4748 tx_mcs_map = he_get_txmcsmap(info, he_cap);
4749
4750
4751 he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4752
4753 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
4754 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4755 mcs[i] = txrate->mcs[i];
4756 else
4757 return false;
4758 }
4759
4760 return true;
4761}
4762
4763static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4764 struct nlattr *attrs[],
4765 enum nl80211_attrs attr,
4766 struct cfg80211_bitrate_mask *mask,
4767 struct net_device *dev,
4768 bool default_all_enabled)
4769{
4770 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4771 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4772 struct wireless_dev *wdev = dev->ieee80211_ptr;
4773 int rem, i;
4774 struct nlattr *tx_rates;
4775 struct ieee80211_supported_band *sband;
4776 u16 vht_tx_mcs_map, he_tx_mcs_map;
4777
4778 memset(mask, 0, sizeof(*mask));
4779
4780 for (i = 0; i < NUM_NL80211_BANDS; i++) {
4781 const struct ieee80211_sta_he_cap *he_cap;
4782
4783 if (!default_all_enabled)
4784 break;
4785
4786 sband = rdev->wiphy.bands[i];
4787
4788 if (!sband)
4789 continue;
4790
4791 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4792 memcpy(mask->control[i].ht_mcs,
4793 sband->ht_cap.mcs.rx_mask,
4794 sizeof(mask->control[i].ht_mcs));
4795
4796 if (sband->vht_cap.vht_supported) {
4797 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4798 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4799 }
4800
4801 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
4802 if (!he_cap)
4803 continue;
4804
4805 he_tx_mcs_map = he_get_txmcsmap(info, he_cap);
4806 he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
4807
4808 mask->control[i].he_gi = 0xFF;
4809 mask->control[i].he_ltf = 0xFF;
4810 }
4811
4812
4813 if (!attrs[attr])
4814 goto out;
4815
4816
4817
4818
4819 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4820 nla_for_each_nested(tx_rates, attrs[attr], rem) {
4821 enum nl80211_band band = nla_type(tx_rates);
4822 int err;
4823
4824 if (band < 0 || band >= NUM_NL80211_BANDS)
4825 return -EINVAL;
4826 sband = rdev->wiphy.bands[band];
4827 if (sband == NULL)
4828 return -EINVAL;
4829 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4830 tx_rates,
4831 nl80211_txattr_policy,
4832 info->extack);
4833 if (err)
4834 return err;
4835 if (tb[NL80211_TXRATE_LEGACY]) {
4836 mask->control[band].legacy = rateset_to_mask(
4837 sband,
4838 nla_data(tb[NL80211_TXRATE_LEGACY]),
4839 nla_len(tb[NL80211_TXRATE_LEGACY]));
4840 if ((mask->control[band].legacy == 0) &&
4841 nla_len(tb[NL80211_TXRATE_LEGACY]))
4842 return -EINVAL;
4843 }
4844 if (tb[NL80211_TXRATE_HT]) {
4845 if (!ht_rateset_to_mask(
4846 sband,
4847 nla_data(tb[NL80211_TXRATE_HT]),
4848 nla_len(tb[NL80211_TXRATE_HT]),
4849 mask->control[band].ht_mcs))
4850 return -EINVAL;
4851 }
4852
4853 if (tb[NL80211_TXRATE_VHT]) {
4854 if (!vht_set_mcs_mask(
4855 sband,
4856 nla_data(tb[NL80211_TXRATE_VHT]),
4857 mask->control[band].vht_mcs))
4858 return -EINVAL;
4859 }
4860
4861 if (tb[NL80211_TXRATE_GI]) {
4862 mask->control[band].gi =
4863 nla_get_u8(tb[NL80211_TXRATE_GI]);
4864 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4865 return -EINVAL;
4866 }
4867 if (tb[NL80211_TXRATE_HE] &&
4868 !he_set_mcs_mask(info, wdev, sband,
4869 nla_data(tb[NL80211_TXRATE_HE]),
4870 mask->control[band].he_mcs))
4871 return -EINVAL;
4872
4873 if (tb[NL80211_TXRATE_HE_GI])
4874 mask->control[band].he_gi =
4875 nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
4876 if (tb[NL80211_TXRATE_HE_LTF])
4877 mask->control[band].he_ltf =
4878 nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
4879
4880 if (mask->control[band].legacy == 0) {
4881
4882
4883
4884 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4885 rdev->wiphy.bands[band]->vht_cap.vht_supported ||
4886 ieee80211_get_he_iftype_cap(sband, wdev->iftype)))
4887 return -EINVAL;
4888
4889 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4890 if (mask->control[band].ht_mcs[i])
4891 goto out;
4892
4893 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4894 if (mask->control[band].vht_mcs[i])
4895 goto out;
4896
4897 for (i = 0; i < NL80211_HE_NSS_MAX; i++)
4898 if (mask->control[band].he_mcs[i])
4899 goto out;
4900
4901
4902 return -EINVAL;
4903 }
4904 }
4905
4906out:
4907 return 0;
4908}
4909
4910static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4911 enum nl80211_band band,
4912 struct cfg80211_bitrate_mask *beacon_rate)
4913{
4914 u32 count_ht, count_vht, count_he, i;
4915 u32 rate = beacon_rate->control[band].legacy;
4916
4917
4918 if (hweight32(rate) > 1)
4919 return -EINVAL;
4920
4921 count_ht = 0;
4922 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4923 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4924 return -EINVAL;
4925 } else if (beacon_rate->control[band].ht_mcs[i]) {
4926 count_ht++;
4927 if (count_ht > 1)
4928 return -EINVAL;
4929 }
4930 if (count_ht && rate)
4931 return -EINVAL;
4932 }
4933
4934 count_vht = 0;
4935 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4936 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4937 return -EINVAL;
4938 } else if (beacon_rate->control[band].vht_mcs[i]) {
4939 count_vht++;
4940 if (count_vht > 1)
4941 return -EINVAL;
4942 }
4943 if (count_vht && rate)
4944 return -EINVAL;
4945 }
4946
4947 count_he = 0;
4948 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
4949 if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) {
4950 return -EINVAL;
4951 } else if (beacon_rate->control[band].he_mcs[i]) {
4952 count_he++;
4953 if (count_he > 1)
4954 return -EINVAL;
4955 }
4956 if (count_he && rate)
4957 return -EINVAL;
4958 }
4959
4960 if ((count_ht && count_vht && count_he) ||
4961 (!rate && !count_ht && !count_vht && !count_he))
4962 return -EINVAL;
4963
4964 if (rate &&
4965 !wiphy_ext_feature_isset(&rdev->wiphy,
4966 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4967 return -EINVAL;
4968 if (count_ht &&
4969 !wiphy_ext_feature_isset(&rdev->wiphy,
4970 NL80211_EXT_FEATURE_BEACON_RATE_HT))
4971 return -EINVAL;
4972 if (count_vht &&
4973 !wiphy_ext_feature_isset(&rdev->wiphy,
4974 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4975 return -EINVAL;
4976 if (count_he &&
4977 !wiphy_ext_feature_isset(&rdev->wiphy,
4978 NL80211_EXT_FEATURE_BEACON_RATE_HE))
4979 return -EINVAL;
4980
4981 return 0;
4982}
4983
4984static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4985 struct nlattr *attrs[],
4986 struct cfg80211_beacon_data *bcn)
4987{
4988 bool haveinfo = false;
4989 int err;
4990
4991 memset(bcn, 0, sizeof(*bcn));
4992
4993 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4994 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4995 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4996 if (!bcn->head_len)
4997 return -EINVAL;
4998 haveinfo = true;
4999 }
5000
5001 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
5002 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
5003 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
5004 haveinfo = true;
5005 }
5006
5007 if (!haveinfo)
5008 return -EINVAL;
5009
5010 if (attrs[NL80211_ATTR_IE]) {
5011 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
5012 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
5013 }
5014
5015 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
5016 bcn->proberesp_ies =
5017 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5018 bcn->proberesp_ies_len =
5019 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5020 }
5021
5022 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
5023 bcn->assocresp_ies =
5024 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5025 bcn->assocresp_ies_len =
5026 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5027 }
5028
5029 if (attrs[NL80211_ATTR_PROBE_RESP]) {
5030 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
5031 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
5032 }
5033
5034 if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
5035 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
5036
5037 err = nla_parse_nested_deprecated(tb,
5038 NL80211_FTM_RESP_ATTR_MAX,
5039 attrs[NL80211_ATTR_FTM_RESPONDER],
5040 NULL, NULL);
5041 if (err)
5042 return err;
5043
5044 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
5045 wiphy_ext_feature_isset(&rdev->wiphy,
5046 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
5047 bcn->ftm_responder = 1;
5048 else
5049 return -EOPNOTSUPP;
5050
5051 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
5052 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
5053 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
5054 }
5055
5056 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
5057 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5058 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5059 }
5060 } else {
5061 bcn->ftm_responder = -1;
5062 }
5063
5064 return 0;
5065}
5066
5067static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
5068 struct ieee80211_he_obss_pd *he_obss_pd)
5069{
5070 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
5071 int err;
5072
5073 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
5074 he_obss_pd_policy, NULL);
5075 if (err)
5076 return err;
5077
5078 if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
5079 return -EINVAL;
5080
5081 he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
5082
5083 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
5084 he_obss_pd->min_offset =
5085 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
5086 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
5087 he_obss_pd->max_offset =
5088 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
5089 if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
5090 he_obss_pd->non_srg_max_offset =
5091 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
5092
5093 if (he_obss_pd->min_offset > he_obss_pd->max_offset)
5094 return -EINVAL;
5095
5096 if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
5097 memcpy(he_obss_pd->bss_color_bitmap,
5098 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
5099 sizeof(he_obss_pd->bss_color_bitmap));
5100
5101 if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
5102 memcpy(he_obss_pd->partial_bssid_bitmap,
5103 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
5104 sizeof(he_obss_pd->partial_bssid_bitmap));
5105
5106 he_obss_pd->enable = true;
5107
5108 return 0;
5109}
5110
5111static int nl80211_parse_he_bss_color(struct nlattr *attrs,
5112 struct cfg80211_he_bss_color *he_bss_color)
5113{
5114 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
5115 int err;
5116
5117 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
5118 he_bss_color_policy, NULL);
5119 if (err)
5120 return err;
5121
5122 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
5123 return -EINVAL;
5124
5125 he_bss_color->color =
5126 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
5127 he_bss_color->enabled =
5128 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
5129 he_bss_color->partial =
5130 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
5131
5132 return 0;
5133}
5134
5135static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
5136 struct nlattr *attrs,
5137 struct cfg80211_ap_settings *params)
5138{
5139 struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
5140 int ret;
5141 struct cfg80211_fils_discovery *fd = ¶ms->fils_discovery;
5142
5143 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5144 NL80211_EXT_FEATURE_FILS_DISCOVERY))
5145 return -EINVAL;
5146
5147 ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
5148 NULL, NULL);
5149 if (ret)
5150 return ret;
5151
5152 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] ||
5153 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] ||
5154 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
5155 return -EINVAL;
5156
5157 fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5158 fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5159 fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
5160 fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
5161
5162 return 0;
5163}
5164
5165static int
5166nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
5167 struct nlattr *attrs,
5168 struct cfg80211_ap_settings *params)
5169{
5170 struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
5171 int ret;
5172 struct cfg80211_unsol_bcast_probe_resp *presp =
5173 ¶ms->unsol_bcast_probe_resp;
5174
5175 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5176 NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
5177 return -EINVAL;
5178
5179 ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
5180 attrs, NULL, NULL);
5181 if (ret)
5182 return ret;
5183
5184 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] ||
5185 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
5186 return -EINVAL;
5187
5188 presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5189 presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5190 presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
5191 return 0;
5192}
5193
5194static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
5195 const u8 *rates)
5196{
5197 int i;
5198
5199 if (!rates)
5200 return;
5201
5202 for (i = 0; i < rates[1]; i++) {
5203 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
5204 params->ht_required = true;
5205 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
5206 params->vht_required = true;
5207 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
5208 params->he_required = true;
5209 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E)
5210 params->sae_h2e_required = true;
5211 }
5212}
5213
5214
5215
5216
5217
5218
5219static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
5220{
5221 const struct cfg80211_beacon_data *bcn = ¶ms->beacon;
5222 size_t ies_len = bcn->tail_len;
5223 const u8 *ies = bcn->tail;
5224 const u8 *rates;
5225 const u8 *cap;
5226
5227 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
5228 nl80211_check_ap_rate_selectors(params, rates);
5229
5230 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
5231 nl80211_check_ap_rate_selectors(params, rates);
5232
5233 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
5234 if (cap && cap[1] >= sizeof(*params->ht_cap))
5235 params->ht_cap = (void *)(cap + 2);
5236 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
5237 if (cap && cap[1] >= sizeof(*params->vht_cap))
5238 params->vht_cap = (void *)(cap + 2);
5239 cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
5240 if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
5241 params->he_cap = (void *)(cap + 3);
5242 cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
5243 if (cap && cap[1] >= sizeof(*params->he_oper) + 1)
5244 params->he_oper = (void *)(cap + 3);
5245}
5246
5247static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
5248 struct cfg80211_ap_settings *params)
5249{
5250 struct wireless_dev *wdev;
5251 bool ret = false;
5252
5253 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
5254 if (wdev->iftype != NL80211_IFTYPE_AP &&
5255 wdev->iftype != NL80211_IFTYPE_P2P_GO)
5256 continue;
5257
5258 if (!wdev->preset_chandef.chan)
5259 continue;
5260
5261 params->chandef = wdev->preset_chandef;
5262 ret = true;
5263 break;
5264 }
5265
5266 return ret;
5267}
5268
5269static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
5270 enum nl80211_auth_type auth_type,
5271 enum nl80211_commands cmd)
5272{
5273 if (auth_type > NL80211_AUTHTYPE_MAX)
5274 return false;
5275
5276 switch (cmd) {
5277 case NL80211_CMD_AUTHENTICATE:
5278 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5279 auth_type == NL80211_AUTHTYPE_SAE)
5280 return false;
5281 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5282 NL80211_EXT_FEATURE_FILS_STA) &&
5283 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5284 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5285 auth_type == NL80211_AUTHTYPE_FILS_PK))
5286 return false;
5287 return true;
5288 case NL80211_CMD_CONNECT:
5289 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5290 !wiphy_ext_feature_isset(&rdev->wiphy,
5291 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
5292 auth_type == NL80211_AUTHTYPE_SAE)
5293 return false;
5294
5295
5296 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5297 auth_type == NL80211_AUTHTYPE_FILS_PK)
5298 return false;
5299 if (!wiphy_ext_feature_isset(
5300 &rdev->wiphy,
5301 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
5302 auth_type == NL80211_AUTHTYPE_FILS_SK)
5303 return false;
5304 return true;
5305 case NL80211_CMD_START_AP:
5306 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5307 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
5308 auth_type == NL80211_AUTHTYPE_SAE)
5309 return false;
5310
5311 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5312 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5313 auth_type == NL80211_AUTHTYPE_FILS_PK)
5314 return false;
5315 return true;
5316 default:
5317 return false;
5318 }
5319}
5320
5321static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
5322{
5323 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5324 struct net_device *dev = info->user_ptr[1];
5325 struct wireless_dev *wdev = dev->ieee80211_ptr;
5326 struct cfg80211_ap_settings params;
5327 int err;
5328
5329 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5330 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5331 return -EOPNOTSUPP;
5332
5333 if (!rdev->ops->start_ap)
5334 return -EOPNOTSUPP;
5335
5336 if (wdev->beacon_interval)
5337 return -EALREADY;
5338
5339 memset(¶ms, 0, sizeof(params));
5340
5341
5342 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
5343 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
5344 !info->attrs[NL80211_ATTR_BEACON_HEAD])
5345 return -EINVAL;
5346
5347 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon);
5348 if (err)
5349 return err;
5350
5351 params.beacon_interval =
5352 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
5353 params.dtim_period =
5354 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
5355
5356 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
5357 params.beacon_interval);
5358 if (err)
5359 return err;
5360
5361
5362
5363
5364
5365
5366
5367
5368 if (info->attrs[NL80211_ATTR_SSID]) {
5369 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5370 params.ssid_len =
5371 nla_len(info->attrs[NL80211_ATTR_SSID]);
5372 if (params.ssid_len == 0)
5373 return -EINVAL;
5374 }
5375
5376 if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
5377 params.hidden_ssid = nla_get_u32(
5378 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
5379
5380 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
5381
5382 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
5383 params.auth_type = nla_get_u32(
5384 info->attrs[NL80211_ATTR_AUTH_TYPE]);
5385 if (!nl80211_valid_auth_type(rdev, params.auth_type,
5386 NL80211_CMD_START_AP))
5387 return -EINVAL;
5388 } else
5389 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
5390
5391 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto,
5392 NL80211_MAX_NR_CIPHER_SUITES);
5393 if (err)
5394 return err;
5395
5396 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
5397 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
5398 return -EOPNOTSUPP;
5399 params.inactivity_timeout = nla_get_u16(
5400 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
5401 }
5402
5403 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
5404 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5405 return -EINVAL;
5406 params.p2p_ctwindow =
5407 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
5408 if (params.p2p_ctwindow != 0 &&
5409 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
5410 return -EINVAL;
5411 }
5412
5413 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
5414 u8 tmp;
5415
5416 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5417 return -EINVAL;
5418 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
5419 params.p2p_opp_ps = tmp;
5420 if (params.p2p_opp_ps != 0 &&
5421 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
5422 return -EINVAL;
5423 }
5424
5425 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
5426 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
5427 if (err)
5428 return err;
5429 } else if (wdev->preset_chandef.chan) {
5430 params.chandef = wdev->preset_chandef;
5431 } else if (!nl80211_get_ap_channel(rdev, ¶ms))
5432 return -EINVAL;
5433
5434 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
5435 wdev->iftype))
5436 return -EINVAL;
5437
5438 if (info->attrs[NL80211_ATTR_TX_RATES]) {
5439 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
5440 NL80211_ATTR_TX_RATES,
5441 ¶ms.beacon_rate,
5442 dev, false);
5443 if (err)
5444 return err;
5445
5446 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
5447 ¶ms.beacon_rate);
5448 if (err)
5449 return err;
5450 }
5451
5452 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
5453 params.smps_mode =
5454 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
5455 switch (params.smps_mode) {
5456 case NL80211_SMPS_OFF:
5457 break;
5458 case NL80211_SMPS_STATIC:
5459 if (!(rdev->wiphy.features &
5460 NL80211_FEATURE_STATIC_SMPS))
5461 return -EINVAL;
5462 break;
5463 case NL80211_SMPS_DYNAMIC:
5464 if (!(rdev->wiphy.features &
5465 NL80211_FEATURE_DYNAMIC_SMPS))
5466 return -EINVAL;
5467 break;
5468 default:
5469 return -EINVAL;
5470 }
5471 } else {
5472 params.smps_mode = NL80211_SMPS_OFF;
5473 }
5474
5475 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
5476 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
5477 return -EOPNOTSUPP;
5478
5479 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
5480 params.acl = parse_acl_data(&rdev->wiphy, info);
5481 if (IS_ERR(params.acl))
5482 return PTR_ERR(params.acl);
5483 }
5484
5485 params.twt_responder =
5486 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
5487
5488 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
5489 err = nl80211_parse_he_obss_pd(
5490 info->attrs[NL80211_ATTR_HE_OBSS_PD],
5491 ¶ms.he_obss_pd);
5492 if (err)
5493 goto out;
5494 }
5495
5496 if (info->attrs[NL80211_ATTR_HE_BSS_COLOR]) {
5497 err = nl80211_parse_he_bss_color(
5498 info->attrs[NL80211_ATTR_HE_BSS_COLOR],
5499 ¶ms.he_bss_color);
5500 if (err)
5501 goto out;
5502 }
5503
5504 if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
5505 err = nl80211_parse_fils_discovery(rdev,
5506 info->attrs[NL80211_ATTR_FILS_DISCOVERY],
5507 ¶ms);
5508 if (err)
5509 goto out;
5510 }
5511
5512 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
5513 err = nl80211_parse_unsol_bcast_probe_resp(
5514 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
5515 ¶ms);
5516 if (err)
5517 goto out;
5518 }
5519
5520 nl80211_calculate_ap_params(¶ms);
5521
5522 if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
5523 params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
5524
5525 wdev_lock(wdev);
5526 err = rdev_start_ap(rdev, dev, ¶ms);
5527 if (!err) {
5528 wdev->preset_chandef = params.chandef;
5529 wdev->beacon_interval = params.beacon_interval;
5530 wdev->chandef = params.chandef;
5531 wdev->ssid_len = params.ssid_len;
5532 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
5533
5534 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
5535 wdev->conn_owner_nlportid = info->snd_portid;
5536 }
5537 wdev_unlock(wdev);
5538
5539out:
5540 kfree(params.acl);
5541
5542 return err;
5543}
5544
5545static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
5546{
5547 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5548 struct net_device *dev = info->user_ptr[1];
5549 struct wireless_dev *wdev = dev->ieee80211_ptr;
5550 struct cfg80211_beacon_data params;
5551 int err;
5552
5553 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5554 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5555 return -EOPNOTSUPP;
5556
5557 if (!rdev->ops->change_beacon)
5558 return -EOPNOTSUPP;
5559
5560 if (!wdev->beacon_interval)
5561 return -EINVAL;
5562
5563 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms);
5564 if (err)
5565 return err;
5566
5567 wdev_lock(wdev);
5568 err = rdev_change_beacon(rdev, dev, ¶ms);
5569 wdev_unlock(wdev);
5570
5571 return err;
5572}
5573
5574static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
5575{
5576 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5577 struct net_device *dev = info->user_ptr[1];
5578
5579 return cfg80211_stop_ap(rdev, dev, false);
5580}
5581
5582static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
5583 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
5584 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
5585 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
5586 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
5587 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
5588 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
5589};
5590
5591static int parse_station_flags(struct genl_info *info,
5592 enum nl80211_iftype iftype,
5593 struct station_parameters *params)
5594{
5595 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
5596 struct nlattr *nla;
5597 int flag;
5598
5599
5600
5601
5602
5603 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
5604 if (nla) {
5605 struct nl80211_sta_flag_update *sta_flags;
5606
5607 sta_flags = nla_data(nla);
5608 params->sta_flags_mask = sta_flags->mask;
5609 params->sta_flags_set = sta_flags->set;
5610 params->sta_flags_set &= params->sta_flags_mask;
5611 if ((params->sta_flags_mask |
5612 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
5613 return -EINVAL;
5614 return 0;
5615 }
5616
5617
5618
5619 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
5620 if (!nla)
5621 return 0;
5622
5623 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
5624 return -EINVAL;
5625
5626
5627
5628
5629
5630
5631
5632 switch (iftype) {
5633 case NL80211_IFTYPE_AP:
5634 case NL80211_IFTYPE_AP_VLAN:
5635 case NL80211_IFTYPE_P2P_GO:
5636 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5637 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5638 BIT(NL80211_STA_FLAG_WME) |
5639 BIT(NL80211_STA_FLAG_MFP);
5640 break;
5641 case NL80211_IFTYPE_P2P_CLIENT:
5642 case NL80211_IFTYPE_STATION:
5643 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5644 BIT(NL80211_STA_FLAG_TDLS_PEER);
5645 break;
5646 case NL80211_IFTYPE_MESH_POINT:
5647 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5648 BIT(NL80211_STA_FLAG_MFP) |
5649 BIT(NL80211_STA_FLAG_AUTHORIZED);
5650 break;
5651 default:
5652 return -EINVAL;
5653 }
5654
5655 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
5656 if (flags[flag]) {
5657 params->sta_flags_set |= (1<<flag);
5658
5659
5660 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
5661 return -EINVAL;
5662 }
5663 }
5664
5665 return 0;
5666}
5667
5668bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
5669{
5670 struct nlattr *rate;
5671 u32 bitrate;
5672 u16 bitrate_compat;
5673 enum nl80211_rate_info rate_flg;
5674
5675 rate = nla_nest_start_noflag(msg, attr);
5676 if (!rate)
5677 return false;
5678
5679
5680 bitrate = cfg80211_calculate_bitrate(info);
5681
5682 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
5683 if (bitrate > 0 &&
5684 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
5685 return false;
5686 if (bitrate_compat > 0 &&
5687 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
5688 return false;
5689
5690 switch (info->bw) {
5691 case RATE_INFO_BW_5:
5692 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
5693 break;
5694 case RATE_INFO_BW_10:
5695 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
5696 break;
5697 default:
5698 WARN_ON(1);
5699 fallthrough;
5700 case RATE_INFO_BW_20:
5701 rate_flg = 0;
5702 break;
5703 case RATE_INFO_BW_40:
5704 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
5705 break;
5706 case RATE_INFO_BW_80:
5707 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
5708 break;
5709 case RATE_INFO_BW_160:
5710 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
5711 break;
5712 case RATE_INFO_BW_HE_RU:
5713 rate_flg = 0;
5714 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
5715 }
5716
5717 if (rate_flg && nla_put_flag(msg, rate_flg))
5718 return false;
5719
5720 if (info->flags & RATE_INFO_FLAGS_MCS) {
5721 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
5722 return false;
5723 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5724 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5725 return false;
5726 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
5727 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
5728 return false;
5729 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
5730 return false;
5731 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5732 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5733 return false;
5734 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
5735 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
5736 return false;
5737 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
5738 return false;
5739 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
5740 return false;
5741 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
5742 return false;
5743 if (info->bw == RATE_INFO_BW_HE_RU &&
5744 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
5745 info->he_ru_alloc))
5746 return false;
5747 }
5748
5749 nla_nest_end(msg, rate);
5750 return true;
5751}
5752
5753static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
5754 int id)
5755{
5756 void *attr;
5757 int i = 0;
5758
5759 if (!mask)
5760 return true;
5761
5762 attr = nla_nest_start_noflag(msg, id);
5763 if (!attr)
5764 return false;
5765
5766 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
5767 if (!(mask & BIT(i)))
5768 continue;
5769
5770 if (nla_put_u8(msg, i, signal[i]))
5771 return false;
5772 }
5773
5774 nla_nest_end(msg, attr);
5775
5776 return true;
5777}
5778
5779static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
5780 u32 seq, int flags,
5781 struct cfg80211_registered_device *rdev,
5782 struct net_device *dev,
5783 const u8 *mac_addr, struct station_info *sinfo)
5784{
5785 void *hdr;
5786 struct nlattr *sinfoattr, *bss_param;
5787
5788 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
5789 if (!hdr) {
5790 cfg80211_sinfo_release_content(sinfo);
5791 return -1;
5792 }
5793
5794 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5795 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
5796 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
5797 goto nla_put_failure;
5798
5799 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
5800 if (!sinfoattr)
5801 goto nla_put_failure;
5802
5803#define PUT_SINFO(attr, memb, type) do { \
5804 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
5805 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
5806 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
5807 sinfo->memb)) \
5808 goto nla_put_failure; \
5809 } while (0)
5810#define PUT_SINFO_U64(attr, memb) do { \
5811 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
5812 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
5813 sinfo->memb, NL80211_STA_INFO_PAD)) \
5814 goto nla_put_failure; \
5815 } while (0)
5816
5817 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
5818 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
5819 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
5820
5821 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
5822 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
5823 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
5824 (u32)sinfo->rx_bytes))
5825 goto nla_put_failure;
5826
5827 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
5828 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
5829 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
5830 (u32)sinfo->tx_bytes))
5831 goto nla_put_failure;
5832
5833 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
5834 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
5835 PUT_SINFO(LLID, llid, u16);
5836 PUT_SINFO(PLID, plid, u16);
5837 PUT_SINFO(PLINK_STATE, plink_state, u8);
5838 PUT_SINFO_U64(RX_DURATION, rx_duration);
5839 PUT_SINFO_U64(TX_DURATION, tx_duration);
5840
5841 if (wiphy_ext_feature_isset(&rdev->wiphy,
5842 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5843 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
5844
5845 switch (rdev->wiphy.signal_type) {
5846 case CFG80211_SIGNAL_TYPE_MBM:
5847 PUT_SINFO(SIGNAL, signal, u8);
5848 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
5849 break;
5850 default:
5851 break;
5852 }
5853 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
5854 if (!nl80211_put_signal(msg, sinfo->chains,
5855 sinfo->chain_signal,
5856 NL80211_STA_INFO_CHAIN_SIGNAL))
5857 goto nla_put_failure;
5858 }
5859 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
5860 if (!nl80211_put_signal(msg, sinfo->chains,
5861 sinfo->chain_signal_avg,
5862 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
5863 goto nla_put_failure;
5864 }
5865 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
5866 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
5867 NL80211_STA_INFO_TX_BITRATE))
5868 goto nla_put_failure;
5869 }
5870 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
5871 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
5872 NL80211_STA_INFO_RX_BITRATE))
5873 goto nla_put_failure;
5874 }
5875
5876 PUT_SINFO(RX_PACKETS, rx_packets, u32);
5877 PUT_SINFO(TX_PACKETS, tx_packets, u32);
5878 PUT_SINFO(TX_RETRIES, tx_retries, u32);
5879 PUT_SINFO(TX_FAILED, tx_failed, u32);
5880 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
5881 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
5882 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
5883 PUT_SINFO(LOCAL_PM, local_pm, u32);
5884 PUT_SINFO(PEER_PM, peer_pm, u32);
5885 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
5886 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
5887 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
5888
5889 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5890 bss_param = nla_nest_start_noflag(msg,
5891 NL80211_STA_INFO_BSS_PARAM);
5892 if (!bss_param)
5893 goto nla_put_failure;
5894
5895 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5896 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5897 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5898 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5899 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5900 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5901 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5902 sinfo->bss_param.dtim_period) ||
5903 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5904 sinfo->bss_param.beacon_interval))
5905 goto nla_put_failure;
5906
5907 nla_nest_end(msg, bss_param);
5908 }
5909 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5910 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5911 sizeof(struct nl80211_sta_flag_update),
5912 &sinfo->sta_flags))
5913 goto nla_put_failure;
5914
5915 PUT_SINFO_U64(T_OFFSET, t_offset);
5916 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5917 PUT_SINFO_U64(BEACON_RX, rx_beacon);
5918 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5919 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5920 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5921 if (wiphy_ext_feature_isset(&rdev->wiphy,
5922 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5923 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5924 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5925 }
5926
5927#undef PUT_SINFO
5928#undef PUT_SINFO_U64
5929
5930 if (sinfo->pertid) {
5931 struct nlattr *tidsattr;
5932 int tid;
5933
5934 tidsattr = nla_nest_start_noflag(msg,
5935 NL80211_STA_INFO_TID_STATS);
5936 if (!tidsattr)
5937 goto nla_put_failure;
5938
5939 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5940 struct cfg80211_tid_stats *tidstats;
5941 struct nlattr *tidattr;
5942
5943 tidstats = &sinfo->pertid[tid];
5944
5945 if (!tidstats->filled)
5946 continue;
5947
5948 tidattr = nla_nest_start_noflag(msg, tid + 1);
5949 if (!tidattr)
5950 goto nla_put_failure;
5951
5952#define PUT_TIDVAL_U64(attr, memb) do { \
5953 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
5954 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
5955 tidstats->memb, NL80211_TID_STATS_PAD)) \
5956 goto nla_put_failure; \
5957 } while (0)
5958
5959 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5960 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5961 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5962 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5963
5964#undef PUT_TIDVAL_U64
5965 if ((tidstats->filled &
5966 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5967 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5968 NL80211_TID_STATS_TXQ_STATS))
5969 goto nla_put_failure;
5970
5971 nla_nest_end(msg, tidattr);
5972 }
5973
5974 nla_nest_end(msg, tidsattr);
5975 }
5976
5977 nla_nest_end(msg, sinfoattr);
5978
5979 if (sinfo->assoc_req_ies_len &&
5980 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5981 sinfo->assoc_req_ies))
5982 goto nla_put_failure;
5983
5984 cfg80211_sinfo_release_content(sinfo);
5985 genlmsg_end(msg, hdr);
5986 return 0;
5987
5988 nla_put_failure:
5989 cfg80211_sinfo_release_content(sinfo);
5990 genlmsg_cancel(msg, hdr);
5991 return -EMSGSIZE;
5992}
5993
5994static int nl80211_dump_station(struct sk_buff *skb,
5995 struct netlink_callback *cb)
5996{
5997 struct station_info sinfo;
5998 struct cfg80211_registered_device *rdev;
5999 struct wireless_dev *wdev;
6000 u8 mac_addr[ETH_ALEN];
6001 int sta_idx = cb->args[2];
6002 int err;
6003
6004 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6005 if (err)
6006 return err;
6007
6008 __acquire(&rdev->wiphy.mtx);
6009
6010 if (!wdev->netdev) {
6011 err = -EINVAL;
6012 goto out_err;
6013 }
6014
6015 if (!rdev->ops->dump_station) {
6016 err = -EOPNOTSUPP;
6017 goto out_err;
6018 }
6019
6020 while (1) {
6021 memset(&sinfo, 0, sizeof(sinfo));
6022 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
6023 mac_addr, &sinfo);
6024 if (err == -ENOENT)
6025 break;
6026 if (err)
6027 goto out_err;
6028
6029 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
6030 NETLINK_CB(cb->skb).portid,
6031 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6032 rdev, wdev->netdev, mac_addr,
6033 &sinfo) < 0)
6034 goto out;
6035
6036 sta_idx++;
6037 }
6038
6039 out:
6040 cb->args[2] = sta_idx;
6041 err = skb->len;
6042 out_err:
6043 wiphy_unlock(&rdev->wiphy);
6044
6045 return err;
6046}
6047
6048static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
6049{
6050 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6051 struct net_device *dev = info->user_ptr[1];
6052 struct station_info sinfo;
6053 struct sk_buff *msg;
6054 u8 *mac_addr = NULL;
6055 int err;
6056
6057 memset(&sinfo, 0, sizeof(sinfo));
6058
6059 if (!info->attrs[NL80211_ATTR_MAC])
6060 return -EINVAL;
6061
6062 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6063
6064 if (!rdev->ops->get_station)
6065 return -EOPNOTSUPP;
6066
6067 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
6068 if (err)
6069 return err;
6070
6071 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6072 if (!msg) {
6073 cfg80211_sinfo_release_content(&sinfo);
6074 return -ENOMEM;
6075 }
6076
6077 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
6078 info->snd_portid, info->snd_seq, 0,
6079 rdev, dev, mac_addr, &sinfo) < 0) {
6080 nlmsg_free(msg);
6081 return -ENOBUFS;
6082 }
6083
6084 return genlmsg_reply(msg, info);
6085}
6086
6087int cfg80211_check_station_change(struct wiphy *wiphy,
6088 struct station_parameters *params,
6089 enum cfg80211_station_type statype)
6090{
6091 if (params->listen_interval != -1 &&
6092 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6093 return -EINVAL;
6094
6095 if (params->support_p2p_ps != -1 &&
6096 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6097 return -EINVAL;
6098
6099 if (params->aid &&
6100 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
6101 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6102 return -EINVAL;
6103
6104
6105 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
6106
6107 switch (statype) {
6108 case CFG80211_STA_MESH_PEER_KERNEL:
6109 case CFG80211_STA_MESH_PEER_USER:
6110
6111
6112
6113
6114
6115 if (params->sta_flags_mask &
6116 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6117 BIT(NL80211_STA_FLAG_MFP) |
6118 BIT(NL80211_STA_FLAG_AUTHORIZED)))
6119 return -EINVAL;
6120 break;
6121 case CFG80211_STA_TDLS_PEER_SETUP:
6122 case CFG80211_STA_TDLS_PEER_ACTIVE:
6123 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6124 return -EINVAL;
6125
6126 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6127 break;
6128 default:
6129
6130 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
6131 return -EINVAL;
6132 if (params->local_pm)
6133 return -EINVAL;
6134 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
6135 return -EINVAL;
6136 }
6137
6138 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
6139 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
6140
6141 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
6142 return -EINVAL;
6143
6144
6145
6146
6147
6148 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6149 }
6150
6151 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
6152 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
6153
6154 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
6155 return -EINVAL;
6156 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
6157 return -EINVAL;
6158 if (params->supported_rates)
6159 return -EINVAL;
6160 if (params->ext_capab || params->ht_capa || params->vht_capa ||
6161 params->he_capa)
6162 return -EINVAL;
6163 }
6164
6165 if (statype != CFG80211_STA_AP_CLIENT &&
6166 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
6167 if (params->vlan)
6168 return -EINVAL;
6169 }
6170
6171 switch (statype) {
6172 case CFG80211_STA_AP_MLME_CLIENT:
6173
6174 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
6175 return -EOPNOTSUPP;
6176 break;
6177 case CFG80211_STA_AP_CLIENT:
6178 case CFG80211_STA_AP_CLIENT_UNASSOC:
6179
6180 if (params->sta_flags_mask &
6181 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
6182 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6183 BIT(NL80211_STA_FLAG_ASSOCIATED) |
6184 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
6185 BIT(NL80211_STA_FLAG_WME) |
6186 BIT(NL80211_STA_FLAG_MFP)))
6187 return -EINVAL;
6188
6189
6190 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6191 params->sta_flags_mask &
6192 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6193 BIT(NL80211_STA_FLAG_ASSOCIATED)))
6194 return -EINVAL;
6195 break;
6196 case CFG80211_STA_IBSS:
6197 case CFG80211_STA_AP_STA:
6198
6199 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
6200 return -EINVAL;
6201 break;
6202 case CFG80211_STA_TDLS_PEER_SETUP:
6203
6204 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
6205 BIT(NL80211_STA_FLAG_WME)))
6206 return -EINVAL;
6207
6208 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
6209 !params->supported_rates)
6210 return -EINVAL;
6211 break;
6212 case CFG80211_STA_TDLS_PEER_ACTIVE:
6213
6214 return -EINVAL;
6215 case CFG80211_STA_MESH_PEER_KERNEL:
6216 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
6217 return -EINVAL;
6218 break;
6219 case CFG80211_STA_MESH_PEER_USER:
6220 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
6221 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
6222 return -EINVAL;
6223 break;
6224 }
6225
6226
6227
6228
6229
6230
6231 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
6232 statype != CFG80211_STA_TDLS_PEER_SETUP)
6233 params->opmode_notif_used = false;
6234
6235 return 0;
6236}
6237EXPORT_SYMBOL(cfg80211_check_station_change);
6238
6239
6240
6241
6242static struct net_device *get_vlan(struct genl_info *info,
6243 struct cfg80211_registered_device *rdev)
6244{
6245 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
6246 struct net_device *v;
6247 int ret;
6248
6249 if (!vlanattr)
6250 return NULL;
6251
6252 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
6253 if (!v)
6254 return ERR_PTR(-ENODEV);
6255
6256 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
6257 ret = -EINVAL;
6258 goto error;
6259 }
6260
6261 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
6262 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6263 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6264 ret = -EINVAL;
6265 goto error;
6266 }
6267
6268 if (!netif_running(v)) {
6269 ret = -ENETDOWN;
6270 goto error;
6271 }
6272
6273 return v;
6274 error:
6275 dev_put(v);
6276 return ERR_PTR(ret);
6277}
6278
6279static const struct nla_policy
6280nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
6281 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
6282 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
6283};
6284
6285static int nl80211_parse_sta_wme(struct genl_info *info,
6286 struct station_parameters *params)
6287{
6288 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
6289 struct nlattr *nla;
6290 int err;
6291
6292
6293 if (!info->attrs[NL80211_ATTR_STA_WME])
6294 return 0;
6295
6296 nla = info->attrs[NL80211_ATTR_STA_WME];
6297 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
6298 nl80211_sta_wme_policy,
6299 info->extack);
6300 if (err)
6301 return err;
6302
6303 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
6304 params->uapsd_queues = nla_get_u8(
6305 tb[NL80211_STA_WME_UAPSD_QUEUES]);
6306 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
6307 return -EINVAL;
6308
6309 if (tb[NL80211_STA_WME_MAX_SP])
6310 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
6311
6312 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
6313 return -EINVAL;
6314
6315 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
6316
6317 return 0;
6318}
6319
6320static int nl80211_parse_sta_channel_info(struct genl_info *info,
6321 struct station_parameters *params)
6322{
6323 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
6324 params->supported_channels =
6325 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
6326 params->supported_channels_len =
6327 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
6328
6329
6330
6331
6332
6333 if (params->supported_channels_len % 2)
6334 return -EINVAL;
6335 }
6336
6337 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
6338 params->supported_oper_classes =
6339 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
6340 params->supported_oper_classes_len =
6341 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
6342 }
6343 return 0;
6344}
6345
6346static int nl80211_set_station_tdls(struct genl_info *info,
6347 struct station_parameters *params)
6348{
6349 int err;
6350
6351 if (info->attrs[NL80211_ATTR_PEER_AID])
6352 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
6353 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
6354 params->ht_capa =
6355 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
6356 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
6357 params->vht_capa =
6358 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
6359 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
6360 params->he_capa =
6361 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6362 params->he_capa_len =
6363 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6364 }
6365
6366 err = nl80211_parse_sta_channel_info(info, params);
6367 if (err)
6368 return err;
6369
6370 return nl80211_parse_sta_wme(info, params);
6371}
6372
6373static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
6374 struct station_parameters *params)
6375{
6376 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6377 int idx;
6378
6379 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
6380 if (!rdev->ops->set_tx_power ||
6381 !wiphy_ext_feature_isset(&rdev->wiphy,
6382 NL80211_EXT_FEATURE_STA_TX_PWR))
6383 return -EOPNOTSUPP;
6384
6385 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
6386 params->txpwr.type = nla_get_u8(info->attrs[idx]);
6387
6388 if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
6389 idx = NL80211_ATTR_STA_TX_POWER;
6390
6391 if (info->attrs[idx])
6392 params->txpwr.power =
6393 nla_get_s16(info->attrs[idx]);
6394 else
6395 return -EINVAL;
6396 }
6397 params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
6398 }
6399
6400 return 0;
6401}
6402
6403static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
6404{
6405 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6406 struct net_device *dev = info->user_ptr[1];
6407 struct station_parameters params;
6408 u8 *mac_addr;
6409 int err;
6410
6411 memset(¶ms, 0, sizeof(params));
6412
6413 if (!rdev->ops->change_station)
6414 return -EOPNOTSUPP;
6415
6416
6417
6418
6419
6420
6421 if (info->attrs[NL80211_ATTR_STA_AID])
6422 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
6423
6424 if (info->attrs[NL80211_ATTR_VLAN_ID])
6425 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
6426
6427 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
6428 params.listen_interval =
6429 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
6430 else
6431 params.listen_interval = -1;
6432
6433 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
6434 params.support_p2p_ps =
6435 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
6436 else
6437 params.support_p2p_ps = -1;
6438
6439 if (!info->attrs[NL80211_ATTR_MAC])
6440 return -EINVAL;
6441
6442 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6443
6444 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
6445 params.supported_rates =
6446 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6447 params.supported_rates_len =
6448 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6449 }
6450
6451 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
6452 params.capability =
6453 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
6454 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
6455 }
6456
6457 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
6458 params.ext_capab =
6459 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6460 params.ext_capab_len =
6461 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6462 }
6463
6464 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
6465 return -EINVAL;
6466
6467 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
6468 params.plink_action =
6469 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
6470
6471 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
6472 params.plink_state =
6473 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
6474 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
6475 params.peer_aid = nla_get_u16(
6476 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
6477 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
6478 }
6479
6480 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
6481 params.local_pm = nla_get_u32(
6482 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
6483
6484 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6485 params.opmode_notif_used = true;
6486 params.opmode_notif =
6487 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6488 }
6489
6490 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
6491 params.he_6ghz_capa =
6492 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
6493
6494 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6495 params.airtime_weight =
6496 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6497
6498 if (params.airtime_weight &&
6499 !wiphy_ext_feature_isset(&rdev->wiphy,
6500 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6501 return -EOPNOTSUPP;
6502
6503 err = nl80211_parse_sta_txpower_setting(info, ¶ms);
6504 if (err)
6505 return err;
6506
6507
6508 err = nl80211_set_station_tdls(info, ¶ms);
6509 if (err)
6510 return err;
6511
6512 params.vlan = get_vlan(info, rdev);
6513 if (IS_ERR(params.vlan))
6514 return PTR_ERR(params.vlan);
6515
6516 switch (dev->ieee80211_ptr->iftype) {
6517 case NL80211_IFTYPE_AP:
6518 case NL80211_IFTYPE_AP_VLAN:
6519 case NL80211_IFTYPE_P2P_GO:
6520 case NL80211_IFTYPE_P2P_CLIENT:
6521 case NL80211_IFTYPE_STATION:
6522 case NL80211_IFTYPE_ADHOC:
6523 case NL80211_IFTYPE_MESH_POINT:
6524 break;
6525 default:
6526 err = -EOPNOTSUPP;
6527 goto out_put_vlan;
6528 }
6529
6530
6531 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
6532
6533 out_put_vlan:
6534 dev_put(params.vlan);
6535
6536 return err;
6537}
6538
6539static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
6540{
6541 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6542 int err;
6543 struct net_device *dev = info->user_ptr[1];
6544 struct station_parameters params;
6545 u8 *mac_addr = NULL;
6546 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6547 BIT(NL80211_STA_FLAG_ASSOCIATED);
6548
6549 memset(¶ms, 0, sizeof(params));
6550
6551 if (!rdev->ops->add_station)
6552 return -EOPNOTSUPP;
6553
6554 if (!info->attrs[NL80211_ATTR_MAC])
6555 return -EINVAL;
6556
6557 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
6558 return -EINVAL;
6559
6560 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
6561 return -EINVAL;
6562
6563 if (!info->attrs[NL80211_ATTR_STA_AID] &&
6564 !info->attrs[NL80211_ATTR_PEER_AID])
6565 return -EINVAL;
6566
6567 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6568 params.supported_rates =
6569 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6570 params.supported_rates_len =
6571 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6572 params.listen_interval =
6573 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
6574
6575 if (info->attrs[NL80211_ATTR_VLAN_ID])
6576 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
6577
6578 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
6579 params.support_p2p_ps =
6580 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
6581 } else {
6582
6583
6584
6585
6586 params.support_p2p_ps =
6587 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
6588 }
6589
6590 if (info->attrs[NL80211_ATTR_PEER_AID])
6591 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
6592 else
6593 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
6594
6595 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
6596 params.capability =
6597 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
6598 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
6599 }
6600
6601 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
6602 params.ext_capab =
6603 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6604 params.ext_capab_len =
6605 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6606 }
6607
6608 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
6609 params.ht_capa =
6610 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
6611
6612 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
6613 params.vht_capa =
6614 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
6615
6616 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
6617 params.he_capa =
6618 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6619 params.he_capa_len =
6620 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6621 }
6622
6623 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
6624 params.he_6ghz_capa =
6625 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
6626
6627 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6628 params.opmode_notif_used = true;
6629 params.opmode_notif =
6630 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6631 }
6632
6633 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
6634 params.plink_action =
6635 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
6636
6637 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6638 params.airtime_weight =
6639 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6640
6641 if (params.airtime_weight &&
6642 !wiphy_ext_feature_isset(&rdev->wiphy,
6643 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6644 return -EOPNOTSUPP;
6645
6646 err = nl80211_parse_sta_txpower_setting(info, ¶ms);
6647 if (err)
6648 return err;
6649
6650 err = nl80211_parse_sta_channel_info(info, ¶ms);
6651 if (err)
6652 return err;
6653
6654 err = nl80211_parse_sta_wme(info, ¶ms);
6655 if (err)
6656 return err;
6657
6658 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
6659 return -EINVAL;
6660
6661
6662
6663
6664
6665
6666 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
6667 params.ht_capa = NULL;
6668 params.vht_capa = NULL;
6669
6670
6671 if (params.he_capa_len || params.he_6ghz_capa)
6672 return -EINVAL;
6673 }
6674
6675
6676 if (params.he_6ghz_capa && (params.ht_capa || params.vht_capa))
6677 return -EINVAL;
6678
6679
6680 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
6681
6682 switch (dev->ieee80211_ptr->iftype) {
6683 case NL80211_IFTYPE_AP:
6684 case NL80211_IFTYPE_AP_VLAN:
6685 case NL80211_IFTYPE_P2P_GO:
6686
6687 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
6688 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
6689 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6690
6691
6692 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6693 info->attrs[NL80211_ATTR_PEER_AID])
6694 return -EINVAL;
6695
6696 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6697
6698
6699 if (!(rdev->wiphy.features &
6700 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6701 params.sta_flags_mask & auth_assoc)
6702 return -EINVAL;
6703
6704
6705
6706
6707
6708
6709
6710
6711
6712
6713
6714 if (!(params.sta_flags_mask & auth_assoc)) {
6715 params.sta_flags_mask |= auth_assoc;
6716 params.sta_flags_set |= auth_assoc;
6717 }
6718
6719
6720 params.vlan = get_vlan(info, rdev);
6721 if (IS_ERR(params.vlan))
6722 return PTR_ERR(params.vlan);
6723 break;
6724 case NL80211_IFTYPE_MESH_POINT:
6725
6726 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6727
6728
6729 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
6730 return -EINVAL;
6731
6732 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6733 info->attrs[NL80211_ATTR_PEER_AID])
6734 return -EINVAL;
6735 break;
6736 case NL80211_IFTYPE_STATION:
6737 case NL80211_IFTYPE_P2P_CLIENT:
6738
6739 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6740
6741
6742 if (params.sta_flags_mask &
6743 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
6744 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
6745 return -EINVAL;
6746
6747 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6748 return -EINVAL;
6749
6750 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
6751 return -EOPNOTSUPP;
6752
6753 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
6754 return -EOPNOTSUPP;
6755
6756
6757
6758
6759 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
6760 break;
6761 default:
6762 return -EOPNOTSUPP;
6763 }
6764
6765
6766
6767 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
6768
6769 dev_put(params.vlan);
6770 return err;
6771}
6772
6773static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
6774{
6775 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6776 struct net_device *dev = info->user_ptr[1];
6777 struct station_del_parameters params;
6778
6779 memset(¶ms, 0, sizeof(params));
6780
6781 if (info->attrs[NL80211_ATTR_MAC])
6782 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
6783
6784 switch (dev->ieee80211_ptr->iftype) {
6785 case NL80211_IFTYPE_AP:
6786 case NL80211_IFTYPE_AP_VLAN:
6787 case NL80211_IFTYPE_MESH_POINT:
6788 case NL80211_IFTYPE_P2P_GO:
6789
6790 break;
6791 case NL80211_IFTYPE_ADHOC:
6792
6793 if (wiphy_ext_feature_isset(&rdev->wiphy,
6794 NL80211_EXT_FEATURE_DEL_IBSS_STA))
6795 break;
6796 return -EINVAL;
6797 default:
6798 return -EINVAL;
6799 }
6800
6801 if (!rdev->ops->del_station)
6802 return -EOPNOTSUPP;
6803
6804 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
6805 params.subtype =
6806 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
6807 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
6808 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
6809 return -EINVAL;
6810 } else {
6811
6812 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
6813 }
6814
6815 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
6816 params.reason_code =
6817 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6818 if (params.reason_code == 0)
6819 return -EINVAL;
6820 } else {
6821
6822 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
6823 }
6824
6825 return rdev_del_station(rdev, dev, ¶ms);
6826}
6827
6828static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
6829 int flags, struct net_device *dev,
6830 u8 *dst, u8 *next_hop,
6831 struct mpath_info *pinfo)
6832{
6833 void *hdr;
6834 struct nlattr *pinfoattr;
6835
6836 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
6837 if (!hdr)
6838 return -1;
6839
6840 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6841 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
6842 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
6843 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
6844 goto nla_put_failure;
6845
6846 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
6847 if (!pinfoattr)
6848 goto nla_put_failure;
6849 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
6850 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
6851 pinfo->frame_qlen))
6852 goto nla_put_failure;
6853 if (((pinfo->filled & MPATH_INFO_SN) &&
6854 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
6855 ((pinfo->filled & MPATH_INFO_METRIC) &&
6856 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
6857 pinfo->metric)) ||
6858 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
6859 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
6860 pinfo->exptime)) ||
6861 ((pinfo->filled & MPATH_INFO_FLAGS) &&
6862 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
6863 pinfo->flags)) ||
6864 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
6865 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
6866 pinfo->discovery_timeout)) ||
6867 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
6868 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
6869 pinfo->discovery_retries)) ||
6870 ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
6871 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
6872 pinfo->hop_count)) ||
6873 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
6874 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
6875 pinfo->path_change_count)))
6876 goto nla_put_failure;
6877
6878 nla_nest_end(msg, pinfoattr);
6879
6880 genlmsg_end(msg, hdr);
6881 return 0;
6882
6883 nla_put_failure:
6884 genlmsg_cancel(msg, hdr);
6885 return -EMSGSIZE;
6886}
6887
6888static int nl80211_dump_mpath(struct sk_buff *skb,
6889 struct netlink_callback *cb)
6890{
6891 struct mpath_info pinfo;
6892 struct cfg80211_registered_device *rdev;
6893 struct wireless_dev *wdev;
6894 u8 dst[ETH_ALEN];
6895 u8 next_hop[ETH_ALEN];
6896 int path_idx = cb->args[2];
6897 int err;
6898
6899 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6900 if (err)
6901 return err;
6902
6903 __acquire(&rdev->wiphy.mtx);
6904
6905 if (!rdev->ops->dump_mpath) {
6906 err = -EOPNOTSUPP;
6907 goto out_err;
6908 }
6909
6910 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6911 err = -EOPNOTSUPP;
6912 goto out_err;
6913 }
6914
6915 while (1) {
6916 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6917 next_hop, &pinfo);
6918 if (err == -ENOENT)
6919 break;
6920 if (err)
6921 goto out_err;
6922
6923 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6924 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6925 wdev->netdev, dst, next_hop,
6926 &pinfo) < 0)
6927 goto out;
6928
6929 path_idx++;
6930 }
6931
6932 out:
6933 cb->args[2] = path_idx;
6934 err = skb->len;
6935 out_err:
6936 wiphy_unlock(&rdev->wiphy);
6937 return err;
6938}
6939
6940static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6941{
6942 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6943 int err;
6944 struct net_device *dev = info->user_ptr[1];
6945 struct mpath_info pinfo;
6946 struct sk_buff *msg;
6947 u8 *dst = NULL;
6948 u8 next_hop[ETH_ALEN];
6949
6950 memset(&pinfo, 0, sizeof(pinfo));
6951
6952 if (!info->attrs[NL80211_ATTR_MAC])
6953 return -EINVAL;
6954
6955 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6956
6957 if (!rdev->ops->get_mpath)
6958 return -EOPNOTSUPP;
6959
6960 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6961 return -EOPNOTSUPP;
6962
6963 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6964 if (err)
6965 return err;
6966
6967 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6968 if (!msg)
6969 return -ENOMEM;
6970
6971 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6972 dev, dst, next_hop, &pinfo) < 0) {
6973 nlmsg_free(msg);
6974 return -ENOBUFS;
6975 }
6976
6977 return genlmsg_reply(msg, info);
6978}
6979
6980static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6981{
6982 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6983 struct net_device *dev = info->user_ptr[1];
6984 u8 *dst = NULL;
6985 u8 *next_hop = NULL;
6986
6987 if (!info->attrs[NL80211_ATTR_MAC])
6988 return -EINVAL;
6989
6990 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6991 return -EINVAL;
6992
6993 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6994 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6995
6996 if (!rdev->ops->change_mpath)
6997 return -EOPNOTSUPP;
6998
6999 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7000 return -EOPNOTSUPP;
7001
7002 return rdev_change_mpath(rdev, dev, dst, next_hop);
7003}
7004
7005static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
7006{
7007 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7008 struct net_device *dev = info->user_ptr[1];
7009 u8 *dst = NULL;
7010 u8 *next_hop = NULL;
7011
7012 if (!info->attrs[NL80211_ATTR_MAC])
7013 return -EINVAL;
7014
7015 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
7016 return -EINVAL;
7017
7018 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7019 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
7020
7021 if (!rdev->ops->add_mpath)
7022 return -EOPNOTSUPP;
7023
7024 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7025 return -EOPNOTSUPP;
7026
7027 return rdev_add_mpath(rdev, dev, dst, next_hop);
7028}
7029
7030static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
7031{
7032 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7033 struct net_device *dev = info->user_ptr[1];
7034 u8 *dst = NULL;
7035
7036 if (info->attrs[NL80211_ATTR_MAC])
7037 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7038
7039 if (!rdev->ops->del_mpath)
7040 return -EOPNOTSUPP;
7041
7042 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7043 return -EOPNOTSUPP;
7044
7045 return rdev_del_mpath(rdev, dev, dst);
7046}
7047
7048static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
7049{
7050 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7051 int err;
7052 struct net_device *dev = info->user_ptr[1];
7053 struct mpath_info pinfo;
7054 struct sk_buff *msg;
7055 u8 *dst = NULL;
7056 u8 mpp[ETH_ALEN];
7057
7058 memset(&pinfo, 0, sizeof(pinfo));
7059
7060 if (!info->attrs[NL80211_ATTR_MAC])
7061 return -EINVAL;
7062
7063 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7064
7065 if (!rdev->ops->get_mpp)
7066 return -EOPNOTSUPP;
7067
7068 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7069 return -EOPNOTSUPP;
7070
7071 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
7072 if (err)
7073 return err;
7074
7075 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7076 if (!msg)
7077 return -ENOMEM;
7078
7079 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
7080 dev, dst, mpp, &pinfo) < 0) {
7081 nlmsg_free(msg);
7082 return -ENOBUFS;
7083 }
7084
7085 return genlmsg_reply(msg, info);
7086}
7087
7088static int nl80211_dump_mpp(struct sk_buff *skb,
7089 struct netlink_callback *cb)
7090{
7091 struct mpath_info pinfo;
7092 struct cfg80211_registered_device *rdev;
7093 struct wireless_dev *wdev;
7094 u8 dst[ETH_ALEN];
7095 u8 mpp[ETH_ALEN];
7096 int path_idx = cb->args[2];
7097 int err;
7098
7099 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
7100 if (err)
7101 return err;
7102
7103 __acquire(&rdev->wiphy.mtx);
7104
7105 if (!rdev->ops->dump_mpp) {
7106 err = -EOPNOTSUPP;
7107 goto out_err;
7108 }
7109
7110 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
7111 err = -EOPNOTSUPP;
7112 goto out_err;
7113 }
7114
7115 while (1) {
7116 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
7117 mpp, &pinfo);
7118 if (err == -ENOENT)
7119 break;
7120 if (err)
7121 goto out_err;
7122
7123 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
7124 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7125 wdev->netdev, dst, mpp,
7126 &pinfo) < 0)
7127 goto out;
7128
7129 path_idx++;
7130 }
7131
7132 out:
7133 cb->args[2] = path_idx;
7134 err = skb->len;
7135 out_err:
7136 wiphy_unlock(&rdev->wiphy);
7137 return err;
7138}
7139
7140static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
7141{
7142 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7143 struct net_device *dev = info->user_ptr[1];
7144 struct wireless_dev *wdev = dev->ieee80211_ptr;
7145 struct bss_parameters params;
7146 int err;
7147
7148 memset(¶ms, 0, sizeof(params));
7149
7150 params.use_cts_prot = -1;
7151 params.use_short_preamble = -1;
7152 params.use_short_slot_time = -1;
7153 params.ap_isolate = -1;
7154 params.ht_opmode = -1;
7155 params.p2p_ctwindow = -1;
7156 params.p2p_opp_ps = -1;
7157
7158 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
7159 params.use_cts_prot =
7160 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
7161 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
7162 params.use_short_preamble =
7163 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
7164 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
7165 params.use_short_slot_time =
7166 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
7167 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
7168 params.basic_rates =
7169 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7170 params.basic_rates_len =
7171 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7172 }
7173 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
7174 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
7175 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
7176 params.ht_opmode =
7177 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
7178
7179 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
7180 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7181 return -EINVAL;
7182 params.p2p_ctwindow =
7183 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
7184 if (params.p2p_ctwindow != 0 &&
7185 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
7186 return -EINVAL;
7187 }
7188
7189 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
7190 u8 tmp;
7191
7192 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7193 return -EINVAL;
7194 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
7195 params.p2p_opp_ps = tmp;
7196 if (params.p2p_opp_ps &&
7197 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
7198 return -EINVAL;
7199 }
7200
7201 if (!rdev->ops->change_bss)
7202 return -EOPNOTSUPP;
7203
7204 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
7205 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7206 return -EOPNOTSUPP;
7207
7208 wdev_lock(wdev);
7209 err = rdev_change_bss(rdev, dev, ¶ms);
7210 wdev_unlock(wdev);
7211
7212 return err;
7213}
7214
7215static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
7216{
7217 char *data = NULL;
7218 bool is_indoor;
7219 enum nl80211_user_reg_hint_type user_reg_hint_type;
7220 u32 owner_nlportid;
7221
7222
7223
7224
7225
7226
7227
7228 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
7229 return -EINPROGRESS;
7230
7231 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
7232 user_reg_hint_type =
7233 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
7234 else
7235 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
7236
7237 switch (user_reg_hint_type) {
7238 case NL80211_USER_REG_HINT_USER:
7239 case NL80211_USER_REG_HINT_CELL_BASE:
7240 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7241 return -EINVAL;
7242
7243 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7244 return regulatory_hint_user(data, user_reg_hint_type);
7245 case NL80211_USER_REG_HINT_INDOOR:
7246 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
7247 owner_nlportid = info->snd_portid;
7248 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
7249 } else {
7250 owner_nlportid = 0;
7251 is_indoor = true;
7252 }
7253
7254 return regulatory_hint_indoor(is_indoor, owner_nlportid);
7255 default:
7256 return -EINVAL;
7257 }
7258}
7259
7260static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
7261{
7262 return reg_reload_regdb();
7263}
7264
7265static int nl80211_get_mesh_config(struct sk_buff *skb,
7266 struct genl_info *info)
7267{
7268 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7269 struct net_device *dev = info->user_ptr[1];
7270 struct wireless_dev *wdev = dev->ieee80211_ptr;
7271 struct mesh_config cur_params;
7272 int err = 0;
7273 void *hdr;
7274 struct nlattr *pinfoattr;
7275 struct sk_buff *msg;
7276
7277 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
7278 return -EOPNOTSUPP;
7279
7280 if (!rdev->ops->get_mesh_config)
7281 return -EOPNOTSUPP;
7282
7283 wdev_lock(wdev);
7284
7285 if (!wdev->mesh_id_len)
7286 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
7287 else
7288 err = rdev_get_mesh_config(rdev, dev, &cur_params);
7289 wdev_unlock(wdev);
7290
7291 if (err)
7292 return err;
7293
7294
7295 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7296 if (!msg)
7297 return -ENOMEM;
7298 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7299 NL80211_CMD_GET_MESH_CONFIG);
7300 if (!hdr)
7301 goto out;
7302 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
7303 if (!pinfoattr)
7304 goto nla_put_failure;
7305 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7306 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
7307 cur_params.dot11MeshRetryTimeout) ||
7308 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
7309 cur_params.dot11MeshConfirmTimeout) ||
7310 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
7311 cur_params.dot11MeshHoldingTimeout) ||
7312 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
7313 cur_params.dot11MeshMaxPeerLinks) ||
7314 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
7315 cur_params.dot11MeshMaxRetries) ||
7316 nla_put_u8(msg, NL80211_MESHCONF_TTL,
7317 cur_params.dot11MeshTTL) ||
7318 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
7319 cur_params.element_ttl) ||
7320 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
7321 cur_params.auto_open_plinks) ||
7322 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
7323 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
7324 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
7325 cur_params.dot11MeshHWMPmaxPREQretries) ||
7326 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
7327 cur_params.path_refresh_time) ||
7328 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
7329 cur_params.min_discovery_timeout) ||
7330 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
7331 cur_params.dot11MeshHWMPactivePathTimeout) ||
7332 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
7333 cur_params.dot11MeshHWMPpreqMinInterval) ||
7334 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
7335 cur_params.dot11MeshHWMPperrMinInterval) ||
7336 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
7337 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
7338 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
7339 cur_params.dot11MeshHWMPRootMode) ||
7340 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
7341 cur_params.dot11MeshHWMPRannInterval) ||
7342 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
7343 cur_params.dot11MeshGateAnnouncementProtocol) ||
7344 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
7345 cur_params.dot11MeshForwarding) ||
7346 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
7347 cur_params.rssi_threshold) ||
7348 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
7349 cur_params.ht_opmode) ||
7350 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
7351 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
7352 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
7353 cur_params.dot11MeshHWMProotInterval) ||
7354 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
7355 cur_params.dot11MeshHWMPconfirmationInterval) ||
7356 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
7357 cur_params.power_mode) ||
7358 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
7359 cur_params.dot11MeshAwakeWindowDuration) ||
7360 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
7361 cur_params.plink_timeout) ||
7362 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
7363 cur_params.dot11MeshConnectedToMeshGate) ||
7364 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
7365 cur_params.dot11MeshNolearn) ||
7366 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
7367 cur_params.dot11MeshConnectedToAuthServer))
7368 goto nla_put_failure;
7369 nla_nest_end(msg, pinfoattr);
7370 genlmsg_end(msg, hdr);
7371 return genlmsg_reply(msg, info);
7372
7373 nla_put_failure:
7374 out:
7375 nlmsg_free(msg);
7376 return -ENOBUFS;
7377}
7378
7379static const struct nla_policy
7380nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
7381 [NL80211_MESHCONF_RETRY_TIMEOUT] =
7382 NLA_POLICY_RANGE(NLA_U16, 1, 255),
7383 [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
7384 NLA_POLICY_RANGE(NLA_U16, 1, 255),
7385 [NL80211_MESHCONF_HOLDING_TIMEOUT] =
7386 NLA_POLICY_RANGE(NLA_U16, 1, 255),
7387 [NL80211_MESHCONF_MAX_PEER_LINKS] =
7388 NLA_POLICY_RANGE(NLA_U16, 0, 255),
7389 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
7390 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
7391 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
7392 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
7393 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
7394 NLA_POLICY_RANGE(NLA_U32, 1, 255),
7395 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
7396 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
7397 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
7398 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
7399 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
7400 NLA_POLICY_MIN(NLA_U16, 1),
7401 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
7402 NLA_POLICY_MIN(NLA_U16, 1),
7403 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
7404 NLA_POLICY_MIN(NLA_U16, 1),
7405 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
7406 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
7407 NLA_POLICY_MIN(NLA_U16, 1),
7408 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
7409 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
7410 [NL80211_MESHCONF_RSSI_THRESHOLD] =
7411 NLA_POLICY_RANGE(NLA_S32, -255, 0),
7412 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
7413 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
7414 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
7415 NLA_POLICY_MIN(NLA_U16, 1),
7416 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
7417 NLA_POLICY_MIN(NLA_U16, 1),
7418 [NL80211_MESHCONF_POWER_MODE] =
7419 NLA_POLICY_RANGE(NLA_U32,
7420 NL80211_MESH_POWER_ACTIVE,
7421 NL80211_MESH_POWER_MAX),
7422 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
7423 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
7424 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7425 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7426 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7427};
7428
7429static const struct nla_policy
7430 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
7431 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
7432 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
7433 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
7434 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
7435 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
7436 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
7437 [NL80211_MESH_SETUP_IE] =
7438 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
7439 IEEE80211_MAX_DATA_LEN),
7440 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
7441};
7442
7443static int nl80211_parse_mesh_config(struct genl_info *info,
7444 struct mesh_config *cfg,
7445 u32 *mask_out)
7446{
7447 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
7448 u32 mask = 0;
7449 u16 ht_opmode;
7450
7451#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
7452do { \
7453 if (tb[attr]) { \
7454 cfg->param = fn(tb[attr]); \
7455 mask |= BIT((attr) - 1); \
7456 } \
7457} while (0)
7458
7459 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
7460 return -EINVAL;
7461 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
7462 return -EINVAL;
7463
7464
7465
7466 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
7467
7468
7469 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
7470 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
7471 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
7472 NL80211_MESHCONF_CONFIRM_TIMEOUT,
7473 nla_get_u16);
7474 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
7475 NL80211_MESHCONF_HOLDING_TIMEOUT,
7476 nla_get_u16);
7477 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
7478 NL80211_MESHCONF_MAX_PEER_LINKS,
7479 nla_get_u16);
7480 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
7481 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
7482 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
7483 NL80211_MESHCONF_TTL, nla_get_u8);
7484 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
7485 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
7486 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
7487 NL80211_MESHCONF_AUTO_OPEN_PLINKS,
7488 nla_get_u8);
7489 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
7490 mask,
7491 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
7492 nla_get_u32);
7493 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
7494 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
7495 nla_get_u8);
7496 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
7497 NL80211_MESHCONF_PATH_REFRESH_TIME,
7498 nla_get_u32);
7499 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
7500 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
7501 return -EINVAL;
7502 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
7503 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
7504 nla_get_u16);
7505 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
7506 mask,
7507 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
7508 nla_get_u32);
7509 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
7510 (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
7511 cfg->dot11MeshHWMPactivePathTimeout > 65535))
7512 return -EINVAL;
7513 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
7514 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
7515 nla_get_u16);
7516 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
7517 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
7518 nla_get_u16);
7519 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7520 dot11MeshHWMPnetDiameterTraversalTime, mask,
7521 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
7522 nla_get_u16);
7523 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
7524 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
7525 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
7526 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
7527 nla_get_u16);
7528 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
7529 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
7530 nla_get_u8);
7531 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
7532 NL80211_MESHCONF_FORWARDING, nla_get_u8);
7533 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
7534 NL80211_MESHCONF_RSSI_THRESHOLD,
7535 nla_get_s32);
7536 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
7537 NL80211_MESHCONF_CONNECTED_TO_GATE,
7538 nla_get_u8);
7539 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
7540 NL80211_MESHCONF_CONNECTED_TO_AS,
7541 nla_get_u8);
7542
7543
7544
7545
7546 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
7547 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
7548
7549 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
7550 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
7551 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
7552 return -EINVAL;
7553
7554
7555 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
7556
7557 cfg->ht_opmode = ht_opmode;
7558 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
7559 }
7560 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7561 dot11MeshHWMPactivePathToRootTimeout, mask,
7562 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
7563 nla_get_u32);
7564 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
7565 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
7566 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
7567 return -EINVAL;
7568 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
7569 NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
7570 nla_get_u16);
7571 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
7572 mask,
7573 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
7574 nla_get_u16);
7575 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
7576 NL80211_MESHCONF_POWER_MODE, nla_get_u32);
7577 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
7578 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
7579 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
7580 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
7581 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
7582 NL80211_MESHCONF_NOLEARN, nla_get_u8);
7583 if (mask_out)
7584 *mask_out = mask;
7585
7586 return 0;
7587
7588#undef FILL_IN_MESH_PARAM_IF_SET
7589}
7590
7591static int nl80211_parse_mesh_setup(struct genl_info *info,
7592 struct mesh_setup *setup)
7593{
7594 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7595 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
7596
7597 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
7598 return -EINVAL;
7599 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
7600 return -EINVAL;
7601
7602 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
7603 setup->sync_method =
7604 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
7605 IEEE80211_SYNC_METHOD_VENDOR :
7606 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
7607
7608 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
7609 setup->path_sel_proto =
7610 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
7611 IEEE80211_PATH_PROTOCOL_VENDOR :
7612 IEEE80211_PATH_PROTOCOL_HWMP;
7613
7614 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
7615 setup->path_metric =
7616 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
7617 IEEE80211_PATH_METRIC_VENDOR :
7618 IEEE80211_PATH_METRIC_AIRTIME;
7619
7620 if (tb[NL80211_MESH_SETUP_IE]) {
7621 struct nlattr *ieattr =
7622 tb[NL80211_MESH_SETUP_IE];
7623 setup->ie = nla_data(ieattr);
7624 setup->ie_len = nla_len(ieattr);
7625 }
7626 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
7627 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
7628 return -EINVAL;
7629 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
7630 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
7631 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
7632 if (setup->is_secure)
7633 setup->user_mpm = true;
7634
7635 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
7636 if (!setup->user_mpm)
7637 return -EINVAL;
7638 setup->auth_id =
7639 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
7640 }
7641
7642 return 0;
7643}
7644
7645static int nl80211_update_mesh_config(struct sk_buff *skb,
7646 struct genl_info *info)
7647{
7648 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7649 struct net_device *dev = info->user_ptr[1];
7650 struct wireless_dev *wdev = dev->ieee80211_ptr;
7651 struct mesh_config cfg;
7652 u32 mask;
7653 int err;
7654
7655 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
7656 return -EOPNOTSUPP;
7657
7658 if (!rdev->ops->update_mesh_config)
7659 return -EOPNOTSUPP;
7660
7661 err = nl80211_parse_mesh_config(info, &cfg, &mask);
7662 if (err)
7663 return err;
7664
7665 wdev_lock(wdev);
7666 if (!wdev->mesh_id_len)
7667 err = -ENOLINK;
7668
7669 if (!err)
7670 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
7671
7672 wdev_unlock(wdev);
7673
7674 return err;
7675}
7676
7677static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
7678 struct sk_buff *msg)
7679{
7680 struct nlattr *nl_reg_rules;
7681 unsigned int i;
7682
7683 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
7684 (regdom->dfs_region &&
7685 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
7686 goto nla_put_failure;
7687
7688 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
7689 if (!nl_reg_rules)
7690 goto nla_put_failure;
7691
7692 for (i = 0; i < regdom->n_reg_rules; i++) {
7693 struct nlattr *nl_reg_rule;
7694 const struct ieee80211_reg_rule *reg_rule;
7695 const struct ieee80211_freq_range *freq_range;
7696 const struct ieee80211_power_rule *power_rule;
7697 unsigned int max_bandwidth_khz;
7698
7699 reg_rule = ®dom->reg_rules[i];
7700 freq_range = ®_rule->freq_range;
7701 power_rule = ®_rule->power_rule;
7702
7703 nl_reg_rule = nla_nest_start_noflag(msg, i);
7704 if (!nl_reg_rule)
7705 goto nla_put_failure;
7706
7707 max_bandwidth_khz = freq_range->max_bandwidth_khz;
7708 if (!max_bandwidth_khz)
7709 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
7710 reg_rule);
7711
7712 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
7713 reg_rule->flags) ||
7714 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
7715 freq_range->start_freq_khz) ||
7716 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
7717 freq_range->end_freq_khz) ||
7718 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
7719 max_bandwidth_khz) ||
7720 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
7721 power_rule->max_antenna_gain) ||
7722 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
7723 power_rule->max_eirp) ||
7724 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
7725 reg_rule->dfs_cac_ms))
7726 goto nla_put_failure;
7727
7728 nla_nest_end(msg, nl_reg_rule);
7729 }
7730
7731 nla_nest_end(msg, nl_reg_rules);
7732 return 0;
7733
7734nla_put_failure:
7735 return -EMSGSIZE;
7736}
7737
7738static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
7739{
7740 const struct ieee80211_regdomain *regdom = NULL;
7741 struct cfg80211_registered_device *rdev;
7742 struct wiphy *wiphy = NULL;
7743 struct sk_buff *msg;
7744 void *hdr;
7745
7746 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7747 if (!msg)
7748 return -ENOBUFS;
7749
7750 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7751 NL80211_CMD_GET_REG);
7752 if (!hdr)
7753 goto put_failure;
7754
7755 rtnl_lock();
7756
7757 if (info->attrs[NL80211_ATTR_WIPHY]) {
7758 bool self_managed;
7759
7760 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
7761 if (IS_ERR(rdev)) {
7762 nlmsg_free(msg);
7763 rtnl_unlock();
7764 return PTR_ERR(rdev);
7765 }
7766
7767 wiphy = &rdev->wiphy;
7768 self_managed = wiphy->regulatory_flags &
7769 REGULATORY_WIPHY_SELF_MANAGED;
7770 regdom = get_wiphy_regdom(wiphy);
7771
7772
7773 if (WARN_ON(!regdom && self_managed)) {
7774 nlmsg_free(msg);
7775 rtnl_unlock();
7776 return -EINVAL;
7777 }
7778
7779 if (regdom &&
7780 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7781 goto nla_put_failure;
7782 }
7783
7784 if (!wiphy && reg_last_request_cell_base() &&
7785 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7786 NL80211_USER_REG_HINT_CELL_BASE))
7787 goto nla_put_failure;
7788
7789 rcu_read_lock();
7790
7791 if (!regdom)
7792 regdom = rcu_dereference(cfg80211_regdomain);
7793
7794 if (nl80211_put_regdom(regdom, msg))
7795 goto nla_put_failure_rcu;
7796
7797 rcu_read_unlock();
7798
7799 genlmsg_end(msg, hdr);
7800 rtnl_unlock();
7801 return genlmsg_reply(msg, info);
7802
7803nla_put_failure_rcu:
7804 rcu_read_unlock();
7805nla_put_failure:
7806 rtnl_unlock();
7807put_failure:
7808 nlmsg_free(msg);
7809 return -EMSGSIZE;
7810}
7811
7812static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
7813 u32 seq, int flags, struct wiphy *wiphy,
7814 const struct ieee80211_regdomain *regdom)
7815{
7816 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7817 NL80211_CMD_GET_REG);
7818
7819 if (!hdr)
7820 return -1;
7821
7822 genl_dump_check_consistent(cb, hdr);
7823
7824 if (nl80211_put_regdom(regdom, msg))
7825 goto nla_put_failure;
7826
7827 if (!wiphy && reg_last_request_cell_base() &&
7828 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7829 NL80211_USER_REG_HINT_CELL_BASE))
7830 goto nla_put_failure;
7831
7832 if (wiphy &&
7833 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7834 goto nla_put_failure;
7835
7836 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
7837 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
7838 goto nla_put_failure;
7839
7840 genlmsg_end(msg, hdr);
7841 return 0;
7842
7843nla_put_failure:
7844 genlmsg_cancel(msg, hdr);
7845 return -EMSGSIZE;
7846}
7847
7848static int nl80211_get_reg_dump(struct sk_buff *skb,
7849 struct netlink_callback *cb)
7850{
7851 const struct ieee80211_regdomain *regdom = NULL;
7852 struct cfg80211_registered_device *rdev;
7853 int err, reg_idx, start = cb->args[2];
7854
7855 rtnl_lock();
7856
7857 if (cfg80211_regdomain && start == 0) {
7858 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7859 NLM_F_MULTI, NULL,
7860 rtnl_dereference(cfg80211_regdomain));
7861 if (err < 0)
7862 goto out_err;
7863 }
7864
7865
7866 reg_idx = 1;
7867 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
7868 regdom = get_wiphy_regdom(&rdev->wiphy);
7869 if (!regdom)
7870 continue;
7871
7872 if (++reg_idx <= start)
7873 continue;
7874
7875 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7876 NLM_F_MULTI, &rdev->wiphy, regdom);
7877 if (err < 0) {
7878 reg_idx--;
7879 break;
7880 }
7881 }
7882
7883 cb->args[2] = reg_idx;
7884 err = skb->len;
7885out_err:
7886 rtnl_unlock();
7887 return err;
7888}
7889
7890#ifdef CONFIG_CFG80211_CRDA_SUPPORT
7891static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
7892 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
7893 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
7894 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
7895 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
7896 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
7897 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
7898 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
7899};
7900
7901static int parse_reg_rule(struct nlattr *tb[],
7902 struct ieee80211_reg_rule *reg_rule)
7903{
7904 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
7905 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
7906
7907 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
7908 return -EINVAL;
7909 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
7910 return -EINVAL;
7911 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
7912 return -EINVAL;
7913 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
7914 return -EINVAL;
7915 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
7916 return -EINVAL;
7917
7918 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
7919
7920 freq_range->start_freq_khz =
7921 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
7922 freq_range->end_freq_khz =
7923 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7924 freq_range->max_bandwidth_khz =
7925 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7926
7927 power_rule->max_eirp =
7928 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7929
7930 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7931 power_rule->max_antenna_gain =
7932 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7933
7934 if (tb[NL80211_ATTR_DFS_CAC_TIME])
7935 reg_rule->dfs_cac_ms =
7936 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7937
7938 return 0;
7939}
7940
7941static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7942{
7943 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7944 struct nlattr *nl_reg_rule;
7945 char *alpha2;
7946 int rem_reg_rules, r;
7947 u32 num_rules = 0, rule_idx = 0;
7948 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7949 struct ieee80211_regdomain *rd;
7950
7951 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7952 return -EINVAL;
7953
7954 if (!info->attrs[NL80211_ATTR_REG_RULES])
7955 return -EINVAL;
7956
7957 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7958
7959 if (info->attrs[NL80211_ATTR_DFS_REGION])
7960 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7961
7962 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7963 rem_reg_rules) {
7964 num_rules++;
7965 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7966 return -EINVAL;
7967 }
7968
7969 rtnl_lock();
7970 if (!reg_is_valid_request(alpha2)) {
7971 r = -EINVAL;
7972 goto out;
7973 }
7974
7975 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7976 if (!rd) {
7977 r = -ENOMEM;
7978 goto out;
7979 }
7980
7981 rd->n_reg_rules = num_rules;
7982 rd->alpha2[0] = alpha2[0];
7983 rd->alpha2[1] = alpha2[1];
7984
7985
7986
7987
7988
7989 if (reg_supported_dfs_region(dfs_region))
7990 rd->dfs_region = dfs_region;
7991
7992 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7993 rem_reg_rules) {
7994 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7995 nl_reg_rule, reg_rule_policy,
7996 info->extack);
7997 if (r)
7998 goto bad_reg;
7999 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
8000 if (r)
8001 goto bad_reg;
8002
8003 rule_idx++;
8004
8005 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
8006 r = -EINVAL;
8007 goto bad_reg;
8008 }
8009 }
8010
8011 r = set_regdom(rd, REGD_SOURCE_CRDA);
8012
8013 rd = NULL;
8014 bad_reg:
8015 kfree(rd);
8016 out:
8017 rtnl_unlock();
8018 return r;
8019}
8020#endif
8021
8022static int validate_scan_freqs(struct nlattr *freqs)
8023{
8024 struct nlattr *attr1, *attr2;
8025 int n_channels = 0, tmp1, tmp2;
8026
8027 nla_for_each_nested(attr1, freqs, tmp1)
8028 if (nla_len(attr1) != sizeof(u32))
8029 return 0;
8030
8031 nla_for_each_nested(attr1, freqs, tmp1) {
8032 n_channels++;
8033
8034
8035
8036
8037
8038
8039
8040
8041
8042 nla_for_each_nested(attr2, freqs, tmp2)
8043 if (attr1 != attr2 &&
8044 nla_get_u32(attr1) == nla_get_u32(attr2))
8045 return 0;
8046 }
8047
8048 return n_channels;
8049}
8050
8051static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
8052{
8053 return b < NUM_NL80211_BANDS && wiphy->bands[b];
8054}
8055
8056static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
8057 struct cfg80211_bss_selection *bss_select)
8058{
8059 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
8060 struct nlattr *nest;
8061 int err;
8062 bool found = false;
8063 int i;
8064
8065
8066 nest = nla_data(nla);
8067 if (!nla_ok(nest, nla_len(nest)))
8068 return -EINVAL;
8069
8070 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
8071 nest, nl80211_bss_select_policy,
8072 NULL);
8073 if (err)
8074 return err;
8075
8076
8077 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
8078 if (attr[i]) {
8079 if (found)
8080 return -EINVAL;
8081 found = true;
8082 }
8083 }
8084
8085 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
8086
8087 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
8088 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
8089
8090 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
8091 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
8092 bss_select->param.band_pref =
8093 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
8094 if (!is_band_valid(wiphy, bss_select->param.band_pref))
8095 return -EINVAL;
8096 }
8097
8098 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
8099 struct nl80211_bss_select_rssi_adjust *adj_param;
8100
8101 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
8102 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
8103 bss_select->param.adjust.band = adj_param->band;
8104 bss_select->param.adjust.delta = adj_param->delta;
8105 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
8106 return -EINVAL;
8107 }
8108
8109
8110 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
8111 return -EINVAL;
8112
8113 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
8114 return -EINVAL;
8115
8116 return 0;
8117}
8118
8119int nl80211_parse_random_mac(struct nlattr **attrs,
8120 u8 *mac_addr, u8 *mac_addr_mask)
8121{
8122 int i;
8123
8124 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
8125 eth_zero_addr(mac_addr);
8126 eth_zero_addr(mac_addr_mask);
8127 mac_addr[0] = 0x2;
8128 mac_addr_mask[0] = 0x3;
8129
8130 return 0;
8131 }
8132
8133
8134 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
8135 return -EINVAL;
8136
8137 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
8138 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
8139
8140
8141 if (!is_multicast_ether_addr(mac_addr_mask) ||
8142 is_multicast_ether_addr(mac_addr))
8143 return -EINVAL;
8144
8145
8146
8147
8148
8149
8150 for (i = 0; i < ETH_ALEN; i++)
8151 mac_addr[i] &= mac_addr_mask[i];
8152
8153 return 0;
8154}
8155
8156static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
8157{
8158 ASSERT_WDEV_LOCK(wdev);
8159
8160 if (!cfg80211_beaconing_iface_active(wdev))
8161 return true;
8162
8163 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
8164 return true;
8165
8166 return regulatory_pre_cac_allowed(wdev->wiphy);
8167}
8168
8169static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
8170 enum nl80211_ext_feature_index feat)
8171{
8172 if (!(flags & flag))
8173 return true;
8174 if (wiphy_ext_feature_isset(wiphy, feat))
8175 return true;
8176 return false;
8177}
8178
8179static int
8180nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
8181 void *request, struct nlattr **attrs,
8182 bool is_sched_scan)
8183{
8184 u8 *mac_addr, *mac_addr_mask;
8185 u32 *flags;
8186 enum nl80211_feature_flags randomness_flag;
8187
8188 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
8189 return 0;
8190
8191 if (is_sched_scan) {
8192 struct cfg80211_sched_scan_request *req = request;
8193
8194 randomness_flag = wdev ?
8195 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
8196 NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
8197 flags = &req->flags;
8198 mac_addr = req->mac_addr;
8199 mac_addr_mask = req->mac_addr_mask;
8200 } else {
8201 struct cfg80211_scan_request *req = request;
8202
8203 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
8204 flags = &req->flags;
8205 mac_addr = req->mac_addr;
8206 mac_addr_mask = req->mac_addr_mask;
8207 }
8208
8209 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
8210
8211 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
8212 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
8213 !nl80211_check_scan_feat(wiphy, *flags,
8214 NL80211_SCAN_FLAG_LOW_SPAN,
8215 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
8216 !nl80211_check_scan_feat(wiphy, *flags,
8217 NL80211_SCAN_FLAG_LOW_POWER,
8218 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
8219 !nl80211_check_scan_feat(wiphy, *flags,
8220 NL80211_SCAN_FLAG_HIGH_ACCURACY,
8221 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
8222 !nl80211_check_scan_feat(wiphy, *flags,
8223 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
8224 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
8225 !nl80211_check_scan_feat(wiphy, *flags,
8226 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
8227 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
8228 !nl80211_check_scan_feat(wiphy, *flags,
8229 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
8230 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
8231 !nl80211_check_scan_feat(wiphy, *flags,
8232 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
8233 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
8234 !nl80211_check_scan_feat(wiphy, *flags,
8235 NL80211_SCAN_FLAG_RANDOM_SN,
8236 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
8237 !nl80211_check_scan_feat(wiphy, *flags,
8238 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
8239 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
8240 return -EOPNOTSUPP;
8241
8242 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
8243 int err;
8244
8245 if (!(wiphy->features & randomness_flag) ||
8246 (wdev && wdev->current_bss))
8247 return -EOPNOTSUPP;
8248
8249 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
8250 if (err)
8251 return err;
8252 }
8253
8254 return 0;
8255}
8256
8257static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
8258{
8259 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8260 struct wireless_dev *wdev = info->user_ptr[1];
8261 struct cfg80211_scan_request *request;
8262 struct nlattr *scan_freqs = NULL;
8263 bool scan_freqs_khz = false;
8264 struct nlattr *attr;
8265 struct wiphy *wiphy;
8266 int err, tmp, n_ssids = 0, n_channels, i;
8267 size_t ie_len;
8268
8269 wiphy = &rdev->wiphy;
8270
8271 if (wdev->iftype == NL80211_IFTYPE_NAN)
8272 return -EOPNOTSUPP;
8273
8274 if (!rdev->ops->scan)
8275 return -EOPNOTSUPP;
8276
8277 if (rdev->scan_req || rdev->scan_msg)
8278 return -EBUSY;
8279
8280 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
8281 if (!wiphy_ext_feature_isset(wiphy,
8282 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
8283 return -EOPNOTSUPP;
8284 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
8285 scan_freqs_khz = true;
8286 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
8287 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
8288
8289 if (scan_freqs) {
8290 n_channels = validate_scan_freqs(scan_freqs);
8291 if (!n_channels)
8292 return -EINVAL;
8293 } else {
8294 n_channels = ieee80211_get_num_supported_channels(wiphy);
8295 }
8296
8297 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
8298 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
8299 n_ssids++;
8300
8301 if (n_ssids > wiphy->max_scan_ssids)
8302 return -EINVAL;
8303
8304 if (info->attrs[NL80211_ATTR_IE])
8305 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8306 else
8307 ie_len = 0;
8308
8309 if (ie_len > wiphy->max_scan_ie_len)
8310 return -EINVAL;
8311
8312 request = kzalloc(sizeof(*request)
8313 + sizeof(*request->ssids) * n_ssids
8314 + sizeof(*request->channels) * n_channels
8315 + ie_len, GFP_KERNEL);
8316 if (!request)
8317 return -ENOMEM;
8318
8319 if (n_ssids)
8320 request->ssids = (void *)&request->channels[n_channels];
8321 request->n_ssids = n_ssids;
8322 if (ie_len) {
8323 if (n_ssids)
8324 request->ie = (void *)(request->ssids + n_ssids);
8325 else
8326 request->ie = (void *)(request->channels + n_channels);
8327 }
8328
8329 i = 0;
8330 if (scan_freqs) {
8331
8332 nla_for_each_nested(attr, scan_freqs, tmp) {
8333 struct ieee80211_channel *chan;
8334 int freq = nla_get_u32(attr);
8335
8336 if (!scan_freqs_khz)
8337 freq = MHZ_TO_KHZ(freq);
8338
8339 chan = ieee80211_get_channel_khz(wiphy, freq);
8340 if (!chan) {
8341 err = -EINVAL;
8342 goto out_free;
8343 }
8344
8345
8346 if (chan->flags & IEEE80211_CHAN_DISABLED)
8347 continue;
8348
8349 request->channels[i] = chan;
8350 i++;
8351 }
8352 } else {
8353 enum nl80211_band band;
8354
8355
8356 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8357 int j;
8358
8359 if (!wiphy->bands[band])
8360 continue;
8361 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8362 struct ieee80211_channel *chan;
8363
8364 chan = &wiphy->bands[band]->channels[j];
8365
8366 if (chan->flags & IEEE80211_CHAN_DISABLED)
8367 continue;
8368
8369 request->channels[i] = chan;
8370 i++;
8371 }
8372 }
8373 }
8374
8375 if (!i) {
8376 err = -EINVAL;
8377 goto out_free;
8378 }
8379
8380 request->n_channels = i;
8381
8382 wdev_lock(wdev);
8383 if (!cfg80211_off_channel_oper_allowed(wdev)) {
8384 struct ieee80211_channel *chan;
8385
8386 if (request->n_channels != 1) {
8387 wdev_unlock(wdev);
8388 err = -EBUSY;
8389 goto out_free;
8390 }
8391
8392 chan = request->channels[0];
8393 if (chan->center_freq != wdev->chandef.chan->center_freq) {
8394 wdev_unlock(wdev);
8395 err = -EBUSY;
8396 goto out_free;
8397 }
8398 }
8399 wdev_unlock(wdev);
8400
8401 i = 0;
8402 if (n_ssids) {
8403 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
8404 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8405 err = -EINVAL;
8406 goto out_free;
8407 }
8408 request->ssids[i].ssid_len = nla_len(attr);
8409 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
8410 i++;
8411 }
8412 }
8413
8414 if (info->attrs[NL80211_ATTR_IE]) {
8415 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8416 memcpy((void *)request->ie,
8417 nla_data(info->attrs[NL80211_ATTR_IE]),
8418 request->ie_len);
8419 }
8420
8421 for (i = 0; i < NUM_NL80211_BANDS; i++)
8422 if (wiphy->bands[i])
8423 request->rates[i] =
8424 (1 << wiphy->bands[i]->n_bitrates) - 1;
8425
8426 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
8427 nla_for_each_nested(attr,
8428 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
8429 tmp) {
8430 enum nl80211_band band = nla_type(attr);
8431
8432 if (band < 0 || band >= NUM_NL80211_BANDS) {
8433 err = -EINVAL;
8434 goto out_free;
8435 }
8436
8437 if (!wiphy->bands[band])
8438 continue;
8439
8440 err = ieee80211_get_ratemask(wiphy->bands[band],
8441 nla_data(attr),
8442 nla_len(attr),
8443 &request->rates[band]);
8444 if (err)
8445 goto out_free;
8446 }
8447 }
8448
8449 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
8450 request->duration =
8451 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
8452 request->duration_mandatory =
8453 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
8454 }
8455
8456 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
8457 false);
8458 if (err)
8459 goto out_free;
8460
8461 request->no_cck =
8462 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
8463
8464
8465
8466
8467
8468
8469
8470
8471
8472
8473 if (info->attrs[NL80211_ATTR_BSSID])
8474 memcpy(request->bssid,
8475 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
8476 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
8477 info->attrs[NL80211_ATTR_MAC])
8478 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
8479 ETH_ALEN);
8480 else
8481 eth_broadcast_addr(request->bssid);
8482
8483 request->wdev = wdev;
8484 request->wiphy = &rdev->wiphy;
8485 request->scan_start = jiffies;
8486
8487 rdev->scan_req = request;
8488 err = cfg80211_scan(rdev);
8489
8490 if (err)
8491 goto out_free;
8492
8493 nl80211_send_scan_start(rdev, wdev);
8494 dev_hold(wdev->netdev);
8495
8496 return 0;
8497
8498 out_free:
8499 rdev->scan_req = NULL;
8500 kfree(request);
8501
8502 return err;
8503}
8504
8505static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
8506{
8507 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8508 struct wireless_dev *wdev = info->user_ptr[1];
8509
8510 if (!rdev->ops->abort_scan)
8511 return -EOPNOTSUPP;
8512
8513 if (rdev->scan_msg)
8514 return 0;
8515
8516 if (!rdev->scan_req)
8517 return -ENOENT;
8518
8519 rdev_abort_scan(rdev, wdev);
8520 return 0;
8521}
8522
8523static int
8524nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
8525 struct cfg80211_sched_scan_request *request,
8526 struct nlattr **attrs)
8527{
8528 int tmp, err, i = 0;
8529 struct nlattr *attr;
8530
8531 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8532 u32 interval;
8533
8534
8535
8536
8537
8538
8539
8540 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
8541 if (!interval)
8542 return -EINVAL;
8543
8544 request->scan_plans[0].interval =
8545 DIV_ROUND_UP(interval, MSEC_PER_SEC);
8546 if (!request->scan_plans[0].interval)
8547 return -EINVAL;
8548
8549 if (request->scan_plans[0].interval >
8550 wiphy->max_sched_scan_plan_interval)
8551 request->scan_plans[0].interval =
8552 wiphy->max_sched_scan_plan_interval;
8553
8554 return 0;
8555 }
8556
8557 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
8558 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
8559
8560 if (WARN_ON(i >= n_plans))
8561 return -EINVAL;
8562
8563 err = nla_parse_nested_deprecated(plan,
8564 NL80211_SCHED_SCAN_PLAN_MAX,
8565 attr, nl80211_plan_policy,
8566 NULL);
8567 if (err)
8568 return err;
8569
8570 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
8571 return -EINVAL;
8572
8573 request->scan_plans[i].interval =
8574 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
8575 if (!request->scan_plans[i].interval ||
8576 request->scan_plans[i].interval >
8577 wiphy->max_sched_scan_plan_interval)
8578 return -EINVAL;
8579
8580 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
8581 request->scan_plans[i].iterations =
8582 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
8583 if (!request->scan_plans[i].iterations ||
8584 (request->scan_plans[i].iterations >
8585 wiphy->max_sched_scan_plan_iterations))
8586 return -EINVAL;
8587 } else if (i < n_plans - 1) {
8588
8589
8590
8591
8592 return -EINVAL;
8593 }
8594
8595 i++;
8596 }
8597
8598
8599
8600
8601
8602 if (request->scan_plans[n_plans - 1].iterations)
8603 return -EINVAL;
8604
8605 return 0;
8606}
8607
8608static int
8609nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
8610 struct cfg80211_match_set *match_sets,
8611 struct nlattr *tb_band_rssi,
8612 s32 rssi_thold)
8613{
8614 struct nlattr *attr;
8615 int i, tmp, ret = 0;
8616
8617 if (!wiphy_ext_feature_isset(wiphy,
8618 NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
8619 if (tb_band_rssi)
8620 ret = -EOPNOTSUPP;
8621 else
8622 for (i = 0; i < NUM_NL80211_BANDS; i++)
8623 match_sets->per_band_rssi_thold[i] =
8624 NL80211_SCAN_RSSI_THOLD_OFF;
8625 return ret;
8626 }
8627
8628 for (i = 0; i < NUM_NL80211_BANDS; i++)
8629 match_sets->per_band_rssi_thold[i] = rssi_thold;
8630
8631 nla_for_each_nested(attr, tb_band_rssi, tmp) {
8632 enum nl80211_band band = nla_type(attr);
8633
8634 if (band < 0 || band >= NUM_NL80211_BANDS)
8635 return -EINVAL;
8636
8637 match_sets->per_band_rssi_thold[band] = nla_get_s32(attr);
8638 }
8639
8640 return 0;
8641}
8642
8643static struct cfg80211_sched_scan_request *
8644nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
8645 struct nlattr **attrs, int max_match_sets)
8646{
8647 struct cfg80211_sched_scan_request *request;
8648 struct nlattr *attr;
8649 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
8650 enum nl80211_band band;
8651 size_t ie_len;
8652 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
8653 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
8654
8655 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8656 n_channels = validate_scan_freqs(
8657 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
8658 if (!n_channels)
8659 return ERR_PTR(-EINVAL);
8660 } else {
8661 n_channels = ieee80211_get_num_supported_channels(wiphy);
8662 }
8663
8664 if (attrs[NL80211_ATTR_SCAN_SSIDS])
8665 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8666 tmp)
8667 n_ssids++;
8668
8669 if (n_ssids > wiphy->max_sched_scan_ssids)
8670 return ERR_PTR(-EINVAL);
8671
8672
8673
8674
8675
8676
8677
8678
8679
8680
8681 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8682 nla_for_each_nested(attr,
8683 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8684 tmp) {
8685 struct nlattr *rssi;
8686
8687 err = nla_parse_nested_deprecated(tb,
8688 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8689 attr,
8690 nl80211_match_policy,
8691 NULL);
8692 if (err)
8693 return ERR_PTR(err);
8694
8695
8696 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
8697 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
8698 return ERR_PTR(-EINVAL);
8699
8700
8701 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
8702 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
8703 n_match_sets++;
8704 continue;
8705 }
8706 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8707 if (rssi)
8708 default_match_rssi = nla_get_s32(rssi);
8709 }
8710 }
8711
8712
8713 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
8714 n_match_sets = 1;
8715
8716 if (n_match_sets > max_match_sets)
8717 return ERR_PTR(-EINVAL);
8718
8719 if (attrs[NL80211_ATTR_IE])
8720 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
8721 else
8722 ie_len = 0;
8723
8724 if (ie_len > wiphy->max_sched_scan_ie_len)
8725 return ERR_PTR(-EINVAL);
8726
8727 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8728
8729
8730
8731
8732 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8733 return ERR_PTR(-EINVAL);
8734
8735 nla_for_each_nested(attr,
8736 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
8737 n_plans++;
8738 } else {
8739
8740
8741
8742
8743
8744
8745 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8746 return ERR_PTR(-EINVAL);
8747
8748 n_plans = 1;
8749 }
8750
8751 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
8752 return ERR_PTR(-EINVAL);
8753
8754 if (!wiphy_ext_feature_isset(
8755 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
8756 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
8757 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
8758 return ERR_PTR(-EINVAL);
8759
8760 request = kzalloc(sizeof(*request)
8761 + sizeof(*request->ssids) * n_ssids
8762 + sizeof(*request->match_sets) * n_match_sets
8763 + sizeof(*request->scan_plans) * n_plans
8764 + sizeof(*request->channels) * n_channels
8765 + ie_len, GFP_KERNEL);
8766 if (!request)
8767 return ERR_PTR(-ENOMEM);
8768
8769 if (n_ssids)
8770 request->ssids = (void *)&request->channels[n_channels];
8771 request->n_ssids = n_ssids;
8772 if (ie_len) {
8773 if (n_ssids)
8774 request->ie = (void *)(request->ssids + n_ssids);
8775 else
8776 request->ie = (void *)(request->channels + n_channels);
8777 }
8778
8779 if (n_match_sets) {
8780 if (request->ie)
8781 request->match_sets = (void *)(request->ie + ie_len);
8782 else if (n_ssids)
8783 request->match_sets =
8784 (void *)(request->ssids + n_ssids);
8785 else
8786 request->match_sets =
8787 (void *)(request->channels + n_channels);
8788 }
8789 request->n_match_sets = n_match_sets;
8790
8791 if (n_match_sets)
8792 request->scan_plans = (void *)(request->match_sets +
8793 n_match_sets);
8794 else if (request->ie)
8795 request->scan_plans = (void *)(request->ie + ie_len);
8796 else if (n_ssids)
8797 request->scan_plans = (void *)(request->ssids + n_ssids);
8798 else
8799 request->scan_plans = (void *)(request->channels + n_channels);
8800
8801 request->n_scan_plans = n_plans;
8802
8803 i = 0;
8804 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8805
8806 nla_for_each_nested(attr,
8807 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
8808 tmp) {
8809 struct ieee80211_channel *chan;
8810
8811 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
8812
8813 if (!chan) {
8814 err = -EINVAL;
8815 goto out_free;
8816 }
8817
8818
8819 if (chan->flags & IEEE80211_CHAN_DISABLED)
8820 continue;
8821
8822 request->channels[i] = chan;
8823 i++;
8824 }
8825 } else {
8826
8827 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8828 int j;
8829
8830 if (!wiphy->bands[band])
8831 continue;
8832 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8833 struct ieee80211_channel *chan;
8834
8835 chan = &wiphy->bands[band]->channels[j];
8836
8837 if (chan->flags & IEEE80211_CHAN_DISABLED)
8838 continue;
8839
8840 request->channels[i] = chan;
8841 i++;
8842 }
8843 }
8844 }
8845
8846 if (!i) {
8847 err = -EINVAL;
8848 goto out_free;
8849 }
8850
8851 request->n_channels = i;
8852
8853 i = 0;
8854 if (n_ssids) {
8855 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8856 tmp) {
8857 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8858 err = -EINVAL;
8859 goto out_free;
8860 }
8861 request->ssids[i].ssid_len = nla_len(attr);
8862 memcpy(request->ssids[i].ssid, nla_data(attr),
8863 nla_len(attr));
8864 i++;
8865 }
8866 }
8867
8868 i = 0;
8869 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8870 nla_for_each_nested(attr,
8871 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8872 tmp) {
8873 struct nlattr *ssid, *bssid, *rssi;
8874
8875 err = nla_parse_nested_deprecated(tb,
8876 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8877 attr,
8878 nl80211_match_policy,
8879 NULL);
8880 if (err)
8881 goto out_free;
8882 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
8883 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
8884
8885 if (!ssid && !bssid) {
8886 i++;
8887 continue;
8888 }
8889
8890 if (WARN_ON(i >= n_match_sets)) {
8891
8892
8893
8894
8895 err = -EINVAL;
8896 goto out_free;
8897 }
8898
8899 if (ssid) {
8900 memcpy(request->match_sets[i].ssid.ssid,
8901 nla_data(ssid), nla_len(ssid));
8902 request->match_sets[i].ssid.ssid_len =
8903 nla_len(ssid);
8904 }
8905 if (bssid)
8906 memcpy(request->match_sets[i].bssid,
8907 nla_data(bssid), ETH_ALEN);
8908
8909
8910 request->match_sets[i].rssi_thold = default_match_rssi;
8911 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8912 if (rssi)
8913 request->match_sets[i].rssi_thold =
8914 nla_get_s32(rssi);
8915
8916
8917 err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
8918 &request->match_sets[i],
8919 tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
8920 request->match_sets[i].rssi_thold);
8921 if (err)
8922 goto out_free;
8923
8924 i++;
8925 }
8926
8927
8928 if (i == 0 && n_match_sets)
8929 request->match_sets[0].rssi_thold = default_match_rssi;
8930
8931 request->min_rssi_thold = INT_MAX;
8932 for (i = 0; i < n_match_sets; i++)
8933 request->min_rssi_thold =
8934 min(request->match_sets[i].rssi_thold,
8935 request->min_rssi_thold);
8936 } else {
8937 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8938 }
8939
8940 if (ie_len) {
8941 request->ie_len = ie_len;
8942 memcpy((void *)request->ie,
8943 nla_data(attrs[NL80211_ATTR_IE]),
8944 request->ie_len);
8945 }
8946
8947 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8948 if (err)
8949 goto out_free;
8950
8951 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8952 request->delay =
8953 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8954
8955 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8956 request->relative_rssi = nla_get_s8(
8957 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8958 request->relative_rssi_set = true;
8959 }
8960
8961 if (request->relative_rssi_set &&
8962 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8963 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8964
8965 rssi_adjust = nla_data(
8966 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8967 request->rssi_adjust.band = rssi_adjust->band;
8968 request->rssi_adjust.delta = rssi_adjust->delta;
8969 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8970 err = -EINVAL;
8971 goto out_free;
8972 }
8973 }
8974
8975 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8976 if (err)
8977 goto out_free;
8978
8979 request->scan_start = jiffies;
8980
8981 return request;
8982
8983out_free:
8984 kfree(request);
8985 return ERR_PTR(err);
8986}
8987
8988static int nl80211_start_sched_scan(struct sk_buff *skb,
8989 struct genl_info *info)
8990{
8991 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8992 struct net_device *dev = info->user_ptr[1];
8993 struct wireless_dev *wdev = dev->ieee80211_ptr;
8994 struct cfg80211_sched_scan_request *sched_scan_req;
8995 bool want_multi;
8996 int err;
8997
8998 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8999 return -EOPNOTSUPP;
9000
9001 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
9002 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
9003 if (err)
9004 return err;
9005
9006 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
9007 info->attrs,
9008 rdev->wiphy.max_match_sets);
9009
9010 err = PTR_ERR_OR_ZERO(sched_scan_req);
9011 if (err)
9012 goto out_err;
9013
9014
9015
9016
9017 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
9018 sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
9019
9020 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
9021 if (err)
9022 goto out_free;
9023
9024 sched_scan_req->dev = dev;
9025 sched_scan_req->wiphy = &rdev->wiphy;
9026
9027 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9028 sched_scan_req->owner_nlportid = info->snd_portid;
9029
9030 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
9031
9032 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
9033 return 0;
9034
9035out_free:
9036 kfree(sched_scan_req);
9037out_err:
9038 return err;
9039}
9040
9041static int nl80211_stop_sched_scan(struct sk_buff *skb,
9042 struct genl_info *info)
9043{
9044 struct cfg80211_sched_scan_request *req;
9045 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9046 u64 cookie;
9047
9048 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
9049 return -EOPNOTSUPP;
9050
9051 if (info->attrs[NL80211_ATTR_COOKIE]) {
9052 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9053 return __cfg80211_stop_sched_scan(rdev, cookie, false);
9054 }
9055
9056 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
9057 struct cfg80211_sched_scan_request,
9058 list);
9059 if (!req || req->reqid ||
9060 (req->owner_nlportid &&
9061 req->owner_nlportid != info->snd_portid))
9062 return -ENOENT;
9063
9064 return cfg80211_stop_sched_scan_req(rdev, req, false);
9065}
9066
9067static int nl80211_start_radar_detection(struct sk_buff *skb,
9068 struct genl_info *info)
9069{
9070 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9071 struct net_device *dev = info->user_ptr[1];
9072 struct wireless_dev *wdev = dev->ieee80211_ptr;
9073 struct wiphy *wiphy = wdev->wiphy;
9074 struct cfg80211_chan_def chandef;
9075 enum nl80211_dfs_regions dfs_region;
9076 unsigned int cac_time_ms;
9077 int err;
9078
9079 dfs_region = reg_get_dfs_region(wiphy);
9080 if (dfs_region == NL80211_DFS_UNSET)
9081 return -EINVAL;
9082
9083 err = nl80211_parse_chandef(rdev, info, &chandef);
9084 if (err)
9085 return err;
9086
9087 if (netif_carrier_ok(dev))
9088 return -EBUSY;
9089
9090 if (wdev->cac_started)
9091 return -EBUSY;
9092
9093 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
9094 if (err < 0)
9095 return err;
9096
9097 if (err == 0)
9098 return -EINVAL;
9099
9100 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
9101 return -EINVAL;
9102
9103
9104 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
9105 return -EOPNOTSUPP;
9106
9107 if (!rdev->ops->start_radar_detection)
9108 return -EOPNOTSUPP;
9109
9110 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
9111 if (WARN_ON(!cac_time_ms))
9112 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
9113
9114 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
9115 if (!err) {
9116 wdev->chandef = chandef;
9117 wdev->cac_started = true;
9118 wdev->cac_start_time = jiffies;
9119 wdev->cac_time_ms = cac_time_ms;
9120 }
9121 return err;
9122}
9123
9124static int nl80211_notify_radar_detection(struct sk_buff *skb,
9125 struct genl_info *info)
9126{
9127 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9128 struct net_device *dev = info->user_ptr[1];
9129 struct wireless_dev *wdev = dev->ieee80211_ptr;
9130 struct wiphy *wiphy = wdev->wiphy;
9131 struct cfg80211_chan_def chandef;
9132 enum nl80211_dfs_regions dfs_region;
9133 int err;
9134
9135 dfs_region = reg_get_dfs_region(wiphy);
9136 if (dfs_region == NL80211_DFS_UNSET) {
9137 GENL_SET_ERR_MSG(info,
9138 "DFS Region is not set. Unexpected Radar indication");
9139 return -EINVAL;
9140 }
9141
9142 err = nl80211_parse_chandef(rdev, info, &chandef);
9143 if (err) {
9144 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
9145 return err;
9146 }
9147
9148 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
9149 if (err < 0) {
9150 GENL_SET_ERR_MSG(info, "chandef is invalid");
9151 return err;
9152 }
9153
9154 if (err == 0) {
9155 GENL_SET_ERR_MSG(info,
9156 "Unexpected Radar indication for chandef/iftype");
9157 return -EINVAL;
9158 }
9159
9160
9161
9162
9163 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
9164 return 0;
9165
9166 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
9167
9168 cfg80211_sched_dfs_chan_update(rdev);
9169
9170 rdev->radar_chandef = chandef;
9171
9172
9173 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
9174
9175 return 0;
9176}
9177
9178static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
9179{
9180 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9181 struct net_device *dev = info->user_ptr[1];
9182 struct wireless_dev *wdev = dev->ieee80211_ptr;
9183 struct cfg80211_csa_settings params;
9184 struct nlattr **csa_attrs = NULL;
9185 int err;
9186 bool need_new_beacon = false;
9187 bool need_handle_dfs_flag = true;
9188 int len, i;
9189 u32 cs_count;
9190
9191 if (!rdev->ops->channel_switch ||
9192 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
9193 return -EOPNOTSUPP;
9194
9195 switch (dev->ieee80211_ptr->iftype) {
9196 case NL80211_IFTYPE_AP:
9197 case NL80211_IFTYPE_P2P_GO:
9198 need_new_beacon = true;
9199
9200
9201
9202
9203
9204 need_handle_dfs_flag = false;
9205
9206
9207 if (!wdev->beacon_interval)
9208 return -ENOTCONN;
9209 break;
9210 case NL80211_IFTYPE_ADHOC:
9211 if (!wdev->ssid_len)
9212 return -ENOTCONN;
9213 break;
9214 case NL80211_IFTYPE_MESH_POINT:
9215 if (!wdev->mesh_id_len)
9216 return -ENOTCONN;
9217 break;
9218 default:
9219 return -EOPNOTSUPP;
9220 }
9221
9222 memset(¶ms, 0, sizeof(params));
9223 params.beacon_csa.ftm_responder = -1;
9224
9225 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
9226 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
9227 return -EINVAL;
9228
9229
9230 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
9231 return -EINVAL;
9232
9233
9234
9235
9236 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
9237 if (cs_count > 255)
9238 return -EINVAL;
9239
9240 params.count = cs_count;
9241
9242 if (!need_new_beacon)
9243 goto skip_beacons;
9244
9245 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_after);
9246 if (err)
9247 return err;
9248
9249 csa_attrs = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*csa_attrs),
9250 GFP_KERNEL);
9251 if (!csa_attrs)
9252 return -ENOMEM;
9253
9254 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
9255 info->attrs[NL80211_ATTR_CSA_IES],
9256 nl80211_policy, info->extack);
9257 if (err)
9258 goto free;
9259
9260 err = nl80211_parse_beacon(rdev, csa_attrs, ¶ms.beacon_csa);
9261 if (err)
9262 goto free;
9263
9264 if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
9265 err = -EINVAL;
9266 goto free;
9267 }
9268
9269 len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
9270 if (!len || (len % sizeof(u16))) {
9271 err = -EINVAL;
9272 goto free;
9273 }
9274
9275 params.n_counter_offsets_beacon = len / sizeof(u16);
9276 if (rdev->wiphy.max_num_csa_counters &&
9277 (params.n_counter_offsets_beacon >
9278 rdev->wiphy.max_num_csa_counters)) {
9279 err = -EINVAL;
9280 goto free;
9281 }
9282
9283 params.counter_offsets_beacon =
9284 nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
9285
9286
9287 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
9288 u16 offset = params.counter_offsets_beacon[i];
9289
9290 if (offset >= params.beacon_csa.tail_len) {
9291 err = -EINVAL;
9292 goto free;
9293 }
9294
9295 if (params.beacon_csa.tail[offset] != params.count) {
9296 err = -EINVAL;
9297 goto free;
9298 }
9299 }
9300
9301 if (csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
9302 len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
9303 if (!len || (len % sizeof(u16))) {
9304 err = -EINVAL;
9305 goto free;
9306 }
9307
9308 params.n_counter_offsets_presp = len / sizeof(u16);
9309 if (rdev->wiphy.max_num_csa_counters &&
9310 (params.n_counter_offsets_presp >
9311 rdev->wiphy.max_num_csa_counters)) {
9312 err = -EINVAL;
9313 goto free;
9314 }
9315
9316 params.counter_offsets_presp =
9317 nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
9318
9319
9320 for (i = 0; i < params.n_counter_offsets_presp; i++) {
9321 u16 offset = params.counter_offsets_presp[i];
9322
9323 if (offset >= params.beacon_csa.probe_resp_len) {
9324 err = -EINVAL;
9325 goto free;
9326 }
9327
9328 if (params.beacon_csa.probe_resp[offset] !=
9329 params.count) {
9330 err = -EINVAL;
9331 goto free;
9332 }
9333 }
9334 }
9335
9336skip_beacons:
9337 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
9338 if (err)
9339 goto free;
9340
9341 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
9342 wdev->iftype)) {
9343 err = -EINVAL;
9344 goto free;
9345 }
9346
9347 err = cfg80211_chandef_dfs_required(wdev->wiphy,
9348 ¶ms.chandef,
9349 wdev->iftype);
9350 if (err < 0)
9351 goto free;
9352
9353 if (err > 0) {
9354 params.radar_required = true;
9355 if (need_handle_dfs_flag &&
9356 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
9357 err = -EINVAL;
9358 goto free;
9359 }
9360 }
9361
9362 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
9363 params.block_tx = true;
9364
9365 wdev_lock(wdev);
9366 err = rdev_channel_switch(rdev, dev, ¶ms);
9367 wdev_unlock(wdev);
9368
9369free:
9370 kfree(csa_attrs);
9371 return err;
9372}
9373
9374static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
9375 u32 seq, int flags,
9376 struct cfg80211_registered_device *rdev,
9377 struct wireless_dev *wdev,
9378 struct cfg80211_internal_bss *intbss)
9379{
9380 struct cfg80211_bss *res = &intbss->pub;
9381 const struct cfg80211_bss_ies *ies;
9382 void *hdr;
9383 struct nlattr *bss;
9384
9385 ASSERT_WDEV_LOCK(wdev);
9386
9387 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
9388 NL80211_CMD_NEW_SCAN_RESULTS);
9389 if (!hdr)
9390 return -1;
9391
9392 genl_dump_check_consistent(cb, hdr);
9393
9394 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
9395 goto nla_put_failure;
9396 if (wdev->netdev &&
9397 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
9398 goto nla_put_failure;
9399 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
9400 NL80211_ATTR_PAD))
9401 goto nla_put_failure;
9402
9403 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
9404 if (!bss)
9405 goto nla_put_failure;
9406 if ((!is_zero_ether_addr(res->bssid) &&
9407 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
9408 goto nla_put_failure;
9409
9410 rcu_read_lock();
9411
9412 if (rcu_access_pointer(res->proberesp_ies) &&
9413 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
9414 goto fail_unlock_rcu;
9415
9416
9417
9418
9419 ies = rcu_dereference(res->ies);
9420 if (ies) {
9421 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
9422 NL80211_BSS_PAD))
9423 goto fail_unlock_rcu;
9424 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
9425 ies->len, ies->data))
9426 goto fail_unlock_rcu;
9427 }
9428
9429
9430 ies = rcu_dereference(res->beacon_ies);
9431 if (ies && ies->from_beacon) {
9432 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
9433 NL80211_BSS_PAD))
9434 goto fail_unlock_rcu;
9435 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
9436 ies->len, ies->data))
9437 goto fail_unlock_rcu;
9438 }
9439 rcu_read_unlock();
9440
9441 if (res->beacon_interval &&
9442 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
9443 goto nla_put_failure;
9444 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
9445 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
9446 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
9447 res->channel->freq_offset) ||
9448 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
9449 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
9450 jiffies_to_msecs(jiffies - intbss->ts)))
9451 goto nla_put_failure;
9452
9453 if (intbss->parent_tsf &&
9454 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
9455 intbss->parent_tsf, NL80211_BSS_PAD) ||
9456 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
9457 intbss->parent_bssid)))
9458 goto nla_put_failure;
9459
9460 if (intbss->ts_boottime &&
9461 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
9462 intbss->ts_boottime, NL80211_BSS_PAD))
9463 goto nla_put_failure;
9464
9465 if (!nl80211_put_signal(msg, intbss->pub.chains,
9466 intbss->pub.chain_signal,
9467 NL80211_BSS_CHAIN_SIGNAL))
9468 goto nla_put_failure;
9469
9470 switch (rdev->wiphy.signal_type) {
9471 case CFG80211_SIGNAL_TYPE_MBM:
9472 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
9473 goto nla_put_failure;
9474 break;
9475 case CFG80211_SIGNAL_TYPE_UNSPEC:
9476 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
9477 goto nla_put_failure;
9478 break;
9479 default:
9480 break;
9481 }
9482
9483 switch (wdev->iftype) {
9484 case NL80211_IFTYPE_P2P_CLIENT:
9485 case NL80211_IFTYPE_STATION:
9486 if (intbss == wdev->current_bss &&
9487 nla_put_u32(msg, NL80211_BSS_STATUS,
9488 NL80211_BSS_STATUS_ASSOCIATED))
9489 goto nla_put_failure;
9490 break;
9491 case NL80211_IFTYPE_ADHOC:
9492 if (intbss == wdev->current_bss &&
9493 nla_put_u32(msg, NL80211_BSS_STATUS,
9494 NL80211_BSS_STATUS_IBSS_JOINED))
9495 goto nla_put_failure;
9496 break;
9497 default:
9498 break;
9499 }
9500
9501 nla_nest_end(msg, bss);
9502
9503 genlmsg_end(msg, hdr);
9504 return 0;
9505
9506 fail_unlock_rcu:
9507 rcu_read_unlock();
9508 nla_put_failure:
9509 genlmsg_cancel(msg, hdr);
9510 return -EMSGSIZE;
9511}
9512
9513static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
9514{
9515 struct cfg80211_registered_device *rdev;
9516 struct cfg80211_internal_bss *scan;
9517 struct wireless_dev *wdev;
9518 int start = cb->args[2], idx = 0;
9519 int err;
9520
9521 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9522 if (err)
9523 return err;
9524
9525 __acquire(&rdev->wiphy.mtx);
9526
9527 wdev_lock(wdev);
9528 spin_lock_bh(&rdev->bss_lock);
9529
9530
9531
9532
9533
9534
9535
9536 if (start == 0)
9537 cfg80211_bss_expire(rdev);
9538
9539 cb->seq = rdev->bss_generation;
9540
9541 list_for_each_entry(scan, &rdev->bss_list, list) {
9542 if (++idx <= start)
9543 continue;
9544 if (nl80211_send_bss(skb, cb,
9545 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9546 rdev, wdev, scan) < 0) {
9547 idx--;
9548 break;
9549 }
9550 }
9551
9552 spin_unlock_bh(&rdev->bss_lock);
9553 wdev_unlock(wdev);
9554
9555 cb->args[2] = idx;
9556 wiphy_unlock(&rdev->wiphy);
9557
9558 return skb->len;
9559}
9560
9561static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
9562 int flags, struct net_device *dev,
9563 bool allow_radio_stats,
9564 struct survey_info *survey)
9565{
9566 void *hdr;
9567 struct nlattr *infoattr;
9568
9569
9570 if (!survey->channel && !allow_radio_stats)
9571 return 0;
9572
9573 hdr = nl80211hdr_put(msg, portid, seq, flags,
9574 NL80211_CMD_NEW_SURVEY_RESULTS);
9575 if (!hdr)
9576 return -ENOMEM;
9577
9578 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
9579 goto nla_put_failure;
9580
9581 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
9582 if (!infoattr)
9583 goto nla_put_failure;
9584
9585 if (survey->channel &&
9586 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
9587 survey->channel->center_freq))
9588 goto nla_put_failure;
9589
9590 if (survey->channel && survey->channel->freq_offset &&
9591 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
9592 survey->channel->freq_offset))
9593 goto nla_put_failure;
9594
9595 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
9596 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
9597 goto nla_put_failure;
9598 if ((survey->filled & SURVEY_INFO_IN_USE) &&
9599 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
9600 goto nla_put_failure;
9601 if ((survey->filled & SURVEY_INFO_TIME) &&
9602 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
9603 survey->time, NL80211_SURVEY_INFO_PAD))
9604 goto nla_put_failure;
9605 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
9606 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
9607 survey->time_busy, NL80211_SURVEY_INFO_PAD))
9608 goto nla_put_failure;
9609 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
9610 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
9611 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
9612 goto nla_put_failure;
9613 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
9614 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
9615 survey->time_rx, NL80211_SURVEY_INFO_PAD))
9616 goto nla_put_failure;
9617 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
9618 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
9619 survey->time_tx, NL80211_SURVEY_INFO_PAD))
9620 goto nla_put_failure;
9621 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
9622 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
9623 survey->time_scan, NL80211_SURVEY_INFO_PAD))
9624 goto nla_put_failure;
9625 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
9626 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
9627 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
9628 goto nla_put_failure;
9629
9630 nla_nest_end(msg, infoattr);
9631
9632 genlmsg_end(msg, hdr);
9633 return 0;
9634
9635 nla_put_failure:
9636 genlmsg_cancel(msg, hdr);
9637 return -EMSGSIZE;
9638}
9639
9640static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
9641{
9642 struct nlattr **attrbuf;
9643 struct survey_info survey;
9644 struct cfg80211_registered_device *rdev;
9645 struct wireless_dev *wdev;
9646 int survey_idx = cb->args[2];
9647 int res;
9648 bool radio_stats;
9649
9650 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
9651 if (!attrbuf)
9652 return -ENOMEM;
9653
9654 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9655 if (res) {
9656 kfree(attrbuf);
9657 return res;
9658 }
9659
9660 __acquire(&rdev->wiphy.mtx);
9661
9662
9663 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
9664
9665 if (!wdev->netdev) {
9666 res = -EINVAL;
9667 goto out_err;
9668 }
9669
9670 if (!rdev->ops->dump_survey) {
9671 res = -EOPNOTSUPP;
9672 goto out_err;
9673 }
9674
9675 while (1) {
9676 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
9677 if (res == -ENOENT)
9678 break;
9679 if (res)
9680 goto out_err;
9681
9682
9683 if (survey.channel &&
9684 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
9685 survey_idx++;
9686 continue;
9687 }
9688
9689 if (nl80211_send_survey(skb,
9690 NETLINK_CB(cb->skb).portid,
9691 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9692 wdev->netdev, radio_stats, &survey) < 0)
9693 goto out;
9694 survey_idx++;
9695 }
9696
9697 out:
9698 cb->args[2] = survey_idx;
9699 res = skb->len;
9700 out_err:
9701 kfree(attrbuf);
9702 wiphy_unlock(&rdev->wiphy);
9703 return res;
9704}
9705
9706static bool nl80211_valid_wpa_versions(u32 wpa_versions)
9707{
9708 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
9709 NL80211_WPA_VERSION_2 |
9710 NL80211_WPA_VERSION_3));
9711}
9712
9713static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
9714{
9715 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9716 struct net_device *dev = info->user_ptr[1];
9717 struct ieee80211_channel *chan;
9718 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
9719 int err, ssid_len, ie_len = 0, auth_data_len = 0;
9720 enum nl80211_auth_type auth_type;
9721 struct key_parse key;
9722 bool local_state_change;
9723 u32 freq;
9724
9725 if (!info->attrs[NL80211_ATTR_MAC])
9726 return -EINVAL;
9727
9728 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
9729 return -EINVAL;
9730
9731 if (!info->attrs[NL80211_ATTR_SSID])
9732 return -EINVAL;
9733
9734 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9735 return -EINVAL;
9736
9737 err = nl80211_parse_key(info, &key);
9738 if (err)
9739 return err;
9740
9741 if (key.idx >= 0) {
9742 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
9743 return -EINVAL;
9744 if (!key.p.key || !key.p.key_len)
9745 return -EINVAL;
9746 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
9747 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
9748 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
9749 key.p.key_len != WLAN_KEY_LEN_WEP104))
9750 return -EINVAL;
9751 if (key.idx > 3)
9752 return -EINVAL;
9753 } else {
9754 key.p.key_len = 0;
9755 key.p.key = NULL;
9756 }
9757
9758 if (key.idx >= 0) {
9759 int i;
9760 bool ok = false;
9761
9762 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
9763 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
9764 ok = true;
9765 break;
9766 }
9767 }
9768 if (!ok)
9769 return -EINVAL;
9770 }
9771
9772 if (!rdev->ops->auth)
9773 return -EOPNOTSUPP;
9774
9775 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9776 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9777 return -EOPNOTSUPP;
9778
9779 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9780 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
9781 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
9782 freq +=
9783 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
9784
9785 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
9786 if (!chan)
9787 return -EINVAL;
9788
9789 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9790 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9791
9792 if (info->attrs[NL80211_ATTR_IE]) {
9793 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9794 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9795 }
9796
9797 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9798 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
9799 return -EINVAL;
9800
9801 if ((auth_type == NL80211_AUTHTYPE_SAE ||
9802 auth_type == NL80211_AUTHTYPE_FILS_SK ||
9803 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
9804 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
9805 !info->attrs[NL80211_ATTR_AUTH_DATA])
9806 return -EINVAL;
9807
9808 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
9809 if (auth_type != NL80211_AUTHTYPE_SAE &&
9810 auth_type != NL80211_AUTHTYPE_FILS_SK &&
9811 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
9812 auth_type != NL80211_AUTHTYPE_FILS_PK)
9813 return -EINVAL;
9814 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
9815 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
9816 }
9817
9818 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9819
9820
9821
9822
9823
9824 if (local_state_change)
9825 return 0;
9826
9827 wdev_lock(dev->ieee80211_ptr);
9828 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
9829 ssid, ssid_len, ie, ie_len,
9830 key.p.key, key.p.key_len, key.idx,
9831 auth_data, auth_data_len);
9832 wdev_unlock(dev->ieee80211_ptr);
9833 return err;
9834}
9835
9836static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
9837 struct genl_info *info)
9838{
9839 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9840 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
9841 return -EINVAL;
9842 }
9843
9844 if (!rdev->ops->tx_control_port ||
9845 !wiphy_ext_feature_isset(&rdev->wiphy,
9846 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
9847 return -EOPNOTSUPP;
9848
9849 return 0;
9850}
9851
9852static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
9853 struct genl_info *info,
9854 struct cfg80211_crypto_settings *settings,
9855 int cipher_limit)
9856{
9857 memset(settings, 0, sizeof(*settings));
9858
9859 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
9860
9861 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
9862 u16 proto;
9863
9864 proto = nla_get_u16(
9865 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
9866 settings->control_port_ethertype = cpu_to_be16(proto);
9867 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
9868 proto != ETH_P_PAE)
9869 return -EINVAL;
9870 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
9871 settings->control_port_no_encrypt = true;
9872 } else
9873 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
9874
9875 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9876 int r = validate_pae_over_nl80211(rdev, info);
9877
9878 if (r < 0)
9879 return r;
9880
9881 settings->control_port_over_nl80211 = true;
9882
9883 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
9884 settings->control_port_no_preauth = true;
9885 }
9886
9887 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
9888 void *data;
9889 int len, i;
9890
9891 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9892 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9893 settings->n_ciphers_pairwise = len / sizeof(u32);
9894
9895 if (len % sizeof(u32))
9896 return -EINVAL;
9897
9898 if (settings->n_ciphers_pairwise > cipher_limit)
9899 return -EINVAL;
9900
9901 memcpy(settings->ciphers_pairwise, data, len);
9902
9903 for (i = 0; i < settings->n_ciphers_pairwise; i++)
9904 if (!cfg80211_supported_cipher_suite(
9905 &rdev->wiphy,
9906 settings->ciphers_pairwise[i]))
9907 return -EINVAL;
9908 }
9909
9910 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
9911 settings->cipher_group =
9912 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
9913 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
9914 settings->cipher_group))
9915 return -EINVAL;
9916 }
9917
9918 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
9919 settings->wpa_versions =
9920 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
9921 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
9922 return -EINVAL;
9923 }
9924
9925 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
9926 void *data;
9927 int len;
9928
9929 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
9930 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
9931 settings->n_akm_suites = len / sizeof(u32);
9932
9933 if (len % sizeof(u32))
9934 return -EINVAL;
9935
9936 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
9937 return -EINVAL;
9938
9939 memcpy(settings->akm_suites, data, len);
9940 }
9941
9942 if (info->attrs[NL80211_ATTR_PMK]) {
9943 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
9944 return -EINVAL;
9945 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9946 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
9947 !wiphy_ext_feature_isset(&rdev->wiphy,
9948 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
9949 return -EINVAL;
9950 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9951 }
9952
9953 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
9954 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9955 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
9956 !wiphy_ext_feature_isset(&rdev->wiphy,
9957 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
9958 return -EINVAL;
9959 settings->sae_pwd =
9960 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9961 settings->sae_pwd_len =
9962 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9963 }
9964
9965 if (info->attrs[NL80211_ATTR_SAE_PWE])
9966 settings->sae_pwe =
9967 nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
9968 else
9969 settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
9970
9971 return 0;
9972}
9973
9974static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
9975{
9976 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9977 struct net_device *dev = info->user_ptr[1];
9978 struct ieee80211_channel *chan;
9979 struct cfg80211_assoc_request req = {};
9980 const u8 *bssid, *ssid;
9981 int err, ssid_len = 0;
9982 u32 freq;
9983
9984 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9985 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9986 return -EPERM;
9987
9988 if (!info->attrs[NL80211_ATTR_MAC] ||
9989 !info->attrs[NL80211_ATTR_SSID] ||
9990 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9991 return -EINVAL;
9992
9993 if (!rdev->ops->assoc)
9994 return -EOPNOTSUPP;
9995
9996 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9997 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9998 return -EOPNOTSUPP;
9999
10000 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10001
10002 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
10003 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
10004 freq +=
10005 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
10006 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
10007 if (!chan)
10008 return -EINVAL;
10009
10010 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10011 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10012
10013 if (info->attrs[NL80211_ATTR_IE]) {
10014 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10015 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10016 }
10017
10018 if (info->attrs[NL80211_ATTR_USE_MFP]) {
10019 enum nl80211_mfp mfp =
10020 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
10021 if (mfp == NL80211_MFP_REQUIRED)
10022 req.use_mfp = true;
10023 else if (mfp != NL80211_MFP_NO)
10024 return -EINVAL;
10025 }
10026
10027 if (info->attrs[NL80211_ATTR_PREV_BSSID])
10028 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
10029
10030 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
10031 req.flags |= ASSOC_REQ_DISABLE_HT;
10032
10033 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10034 memcpy(&req.ht_capa_mask,
10035 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10036 sizeof(req.ht_capa_mask));
10037
10038 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10039 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10040 return -EINVAL;
10041 memcpy(&req.ht_capa,
10042 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10043 sizeof(req.ht_capa));
10044 }
10045
10046 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10047 req.flags |= ASSOC_REQ_DISABLE_VHT;
10048
10049 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
10050 req.flags |= ASSOC_REQ_DISABLE_HE;
10051
10052 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10053 memcpy(&req.vht_capa_mask,
10054 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10055 sizeof(req.vht_capa_mask));
10056
10057 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10058 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10059 return -EINVAL;
10060 memcpy(&req.vht_capa,
10061 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10062 sizeof(req.vht_capa));
10063 }
10064
10065 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10066 if (!((rdev->wiphy.features &
10067 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10068 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10069 !wiphy_ext_feature_isset(&rdev->wiphy,
10070 NL80211_EXT_FEATURE_RRM))
10071 return -EINVAL;
10072 req.flags |= ASSOC_REQ_USE_RRM;
10073 }
10074
10075 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
10076 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
10077 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
10078 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
10079 return -EINVAL;
10080 req.fils_nonces =
10081 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
10082 }
10083
10084 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
10085 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
10086 return -EINVAL;
10087 memcpy(&req.s1g_capa_mask,
10088 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
10089 sizeof(req.s1g_capa_mask));
10090 }
10091
10092 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
10093 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
10094 return -EINVAL;
10095 memcpy(&req.s1g_capa,
10096 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
10097 sizeof(req.s1g_capa));
10098 }
10099
10100 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
10101 if (!err) {
10102 wdev_lock(dev->ieee80211_ptr);
10103
10104 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
10105 ssid, ssid_len, &req);
10106
10107 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10108 dev->ieee80211_ptr->conn_owner_nlportid =
10109 info->snd_portid;
10110 memcpy(dev->ieee80211_ptr->disconnect_bssid,
10111 bssid, ETH_ALEN);
10112 }
10113
10114 wdev_unlock(dev->ieee80211_ptr);
10115 }
10116
10117 return err;
10118}
10119
10120static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
10121{
10122 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10123 struct net_device *dev = info->user_ptr[1];
10124 const u8 *ie = NULL, *bssid;
10125 int ie_len = 0, err;
10126 u16 reason_code;
10127 bool local_state_change;
10128
10129 if (dev->ieee80211_ptr->conn_owner_nlportid &&
10130 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10131 return -EPERM;
10132
10133 if (!info->attrs[NL80211_ATTR_MAC])
10134 return -EINVAL;
10135
10136 if (!info->attrs[NL80211_ATTR_REASON_CODE])
10137 return -EINVAL;
10138
10139 if (!rdev->ops->deauth)
10140 return -EOPNOTSUPP;
10141
10142 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10143 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10144 return -EOPNOTSUPP;
10145
10146 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10147
10148 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10149 if (reason_code == 0) {
10150
10151 return -EINVAL;
10152 }
10153
10154 if (info->attrs[NL80211_ATTR_IE]) {
10155 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10156 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10157 }
10158
10159 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
10160
10161 wdev_lock(dev->ieee80211_ptr);
10162 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
10163 local_state_change);
10164 wdev_unlock(dev->ieee80211_ptr);
10165 return err;
10166}
10167
10168static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
10169{
10170 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10171 struct net_device *dev = info->user_ptr[1];
10172 const u8 *ie = NULL, *bssid;
10173 int ie_len = 0, err;
10174 u16 reason_code;
10175 bool local_state_change;
10176
10177 if (dev->ieee80211_ptr->conn_owner_nlportid &&
10178 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10179 return -EPERM;
10180
10181 if (!info->attrs[NL80211_ATTR_MAC])
10182 return -EINVAL;
10183
10184 if (!info->attrs[NL80211_ATTR_REASON_CODE])
10185 return -EINVAL;
10186
10187 if (!rdev->ops->disassoc)
10188 return -EOPNOTSUPP;
10189
10190 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10191 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10192 return -EOPNOTSUPP;
10193
10194 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10195
10196 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10197 if (reason_code == 0) {
10198
10199 return -EINVAL;
10200 }
10201
10202 if (info->attrs[NL80211_ATTR_IE]) {
10203 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10204 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10205 }
10206
10207 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
10208
10209 wdev_lock(dev->ieee80211_ptr);
10210 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
10211 local_state_change);
10212 wdev_unlock(dev->ieee80211_ptr);
10213 return err;
10214}
10215
10216static bool
10217nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
10218 int mcast_rate[NUM_NL80211_BANDS],
10219 int rateval)
10220{
10221 struct wiphy *wiphy = &rdev->wiphy;
10222 bool found = false;
10223 int band, i;
10224
10225 for (band = 0; band < NUM_NL80211_BANDS; band++) {
10226 struct ieee80211_supported_band *sband;
10227
10228 sband = wiphy->bands[band];
10229 if (!sband)
10230 continue;
10231
10232 for (i = 0; i < sband->n_bitrates; i++) {
10233 if (sband->bitrates[i].bitrate == rateval) {
10234 mcast_rate[band] = i + 1;
10235 found = true;
10236 break;
10237 }
10238 }
10239 }
10240
10241 return found;
10242}
10243
10244static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
10245{
10246 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10247 struct net_device *dev = info->user_ptr[1];
10248 struct cfg80211_ibss_params ibss;
10249 struct wiphy *wiphy;
10250 struct cfg80211_cached_keys *connkeys = NULL;
10251 int err;
10252
10253 memset(&ibss, 0, sizeof(ibss));
10254
10255 if (!info->attrs[NL80211_ATTR_SSID] ||
10256 !nla_len(info->attrs[NL80211_ATTR_SSID]))
10257 return -EINVAL;
10258
10259 ibss.beacon_interval = 100;
10260
10261 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
10262 ibss.beacon_interval =
10263 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10264
10265 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
10266 ibss.beacon_interval);
10267 if (err)
10268 return err;
10269
10270 if (!rdev->ops->join_ibss)
10271 return -EOPNOTSUPP;
10272
10273 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
10274 return -EOPNOTSUPP;
10275
10276 wiphy = &rdev->wiphy;
10277
10278 if (info->attrs[NL80211_ATTR_MAC]) {
10279 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10280
10281 if (!is_valid_ether_addr(ibss.bssid))
10282 return -EINVAL;
10283 }
10284 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10285 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10286
10287 if (info->attrs[NL80211_ATTR_IE]) {
10288 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10289 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10290 }
10291
10292 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
10293 if (err)
10294 return err;
10295
10296 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
10297 NL80211_IFTYPE_ADHOC))
10298 return -EINVAL;
10299
10300 switch (ibss.chandef.width) {
10301 case NL80211_CHAN_WIDTH_5:
10302 case NL80211_CHAN_WIDTH_10:
10303 case NL80211_CHAN_WIDTH_20_NOHT:
10304 break;
10305 case NL80211_CHAN_WIDTH_20:
10306 case NL80211_CHAN_WIDTH_40:
10307 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
10308 return -EINVAL;
10309 break;
10310 case NL80211_CHAN_WIDTH_80:
10311 case NL80211_CHAN_WIDTH_80P80:
10312 case NL80211_CHAN_WIDTH_160:
10313 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
10314 return -EINVAL;
10315 if (!wiphy_ext_feature_isset(&rdev->wiphy,
10316 NL80211_EXT_FEATURE_VHT_IBSS))
10317 return -EINVAL;
10318 break;
10319 default:
10320 return -EINVAL;
10321 }
10322
10323 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
10324 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
10325
10326 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10327 u8 *rates =
10328 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10329 int n_rates =
10330 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10331 struct ieee80211_supported_band *sband =
10332 wiphy->bands[ibss.chandef.chan->band];
10333
10334 err = ieee80211_get_ratemask(sband, rates, n_rates,
10335 &ibss.basic_rates);
10336 if (err)
10337 return err;
10338 }
10339
10340 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10341 memcpy(&ibss.ht_capa_mask,
10342 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10343 sizeof(ibss.ht_capa_mask));
10344
10345 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10346 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10347 return -EINVAL;
10348 memcpy(&ibss.ht_capa,
10349 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10350 sizeof(ibss.ht_capa));
10351 }
10352
10353 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
10354 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
10355 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10356 return -EINVAL;
10357
10358 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
10359 bool no_ht = false;
10360
10361 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
10362 if (IS_ERR(connkeys))
10363 return PTR_ERR(connkeys);
10364
10365 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
10366 no_ht) {
10367 kfree_sensitive(connkeys);
10368 return -EINVAL;
10369 }
10370 }
10371
10372 ibss.control_port =
10373 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
10374
10375 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10376 int r = validate_pae_over_nl80211(rdev, info);
10377
10378 if (r < 0) {
10379 kfree_sensitive(connkeys);
10380 return r;
10381 }
10382
10383 ibss.control_port_over_nl80211 = true;
10384 }
10385
10386 ibss.userspace_handles_dfs =
10387 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10388
10389 wdev_lock(dev->ieee80211_ptr);
10390 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
10391 if (err)
10392 kfree_sensitive(connkeys);
10393 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
10394 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10395 wdev_unlock(dev->ieee80211_ptr);
10396
10397 return err;
10398}
10399
10400static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
10401{
10402 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10403 struct net_device *dev = info->user_ptr[1];
10404
10405 if (!rdev->ops->leave_ibss)
10406 return -EOPNOTSUPP;
10407
10408 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
10409 return -EOPNOTSUPP;
10410
10411 return cfg80211_leave_ibss(rdev, dev, false);
10412}
10413
10414static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
10415{
10416 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10417 struct net_device *dev = info->user_ptr[1];
10418 int mcast_rate[NUM_NL80211_BANDS];
10419 u32 nla_rate;
10420 int err;
10421
10422 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
10423 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
10424 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
10425 return -EOPNOTSUPP;
10426
10427 if (!rdev->ops->set_mcast_rate)
10428 return -EOPNOTSUPP;
10429
10430 memset(mcast_rate, 0, sizeof(mcast_rate));
10431
10432 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
10433 return -EINVAL;
10434
10435 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
10436 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
10437 return -EINVAL;
10438
10439 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
10440
10441 return err;
10442}
10443
10444static struct sk_buff *
10445__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
10446 struct wireless_dev *wdev, int approxlen,
10447 u32 portid, u32 seq, enum nl80211_commands cmd,
10448 enum nl80211_attrs attr,
10449 const struct nl80211_vendor_cmd_info *info,
10450 gfp_t gfp)
10451{
10452 struct sk_buff *skb;
10453 void *hdr;
10454 struct nlattr *data;
10455
10456 skb = nlmsg_new(approxlen + 100, gfp);
10457 if (!skb)
10458 return NULL;
10459
10460 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
10461 if (!hdr) {
10462 kfree_skb(skb);
10463 return NULL;
10464 }
10465
10466 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
10467 goto nla_put_failure;
10468
10469 if (info) {
10470 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
10471 info->vendor_id))
10472 goto nla_put_failure;
10473 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
10474 info->subcmd))
10475 goto nla_put_failure;
10476 }
10477
10478 if (wdev) {
10479 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
10480 wdev_id(wdev), NL80211_ATTR_PAD))
10481 goto nla_put_failure;
10482 if (wdev->netdev &&
10483 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
10484 wdev->netdev->ifindex))
10485 goto nla_put_failure;
10486 }
10487
10488 data = nla_nest_start_noflag(skb, attr);
10489 if (!data)
10490 goto nla_put_failure;
10491
10492 ((void **)skb->cb)[0] = rdev;
10493 ((void **)skb->cb)[1] = hdr;
10494 ((void **)skb->cb)[2] = data;
10495
10496 return skb;
10497
10498 nla_put_failure:
10499 kfree_skb(skb);
10500 return NULL;
10501}
10502
10503struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
10504 struct wireless_dev *wdev,
10505 enum nl80211_commands cmd,
10506 enum nl80211_attrs attr,
10507 unsigned int portid,
10508 int vendor_event_idx,
10509 int approxlen, gfp_t gfp)
10510{
10511 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10512 const struct nl80211_vendor_cmd_info *info;
10513
10514 switch (cmd) {
10515 case NL80211_CMD_TESTMODE:
10516 if (WARN_ON(vendor_event_idx != -1))
10517 return NULL;
10518 info = NULL;
10519 break;
10520 case NL80211_CMD_VENDOR:
10521 if (WARN_ON(vendor_event_idx < 0 ||
10522 vendor_event_idx >= wiphy->n_vendor_events))
10523 return NULL;
10524 info = &wiphy->vendor_events[vendor_event_idx];
10525 break;
10526 default:
10527 WARN_ON(1);
10528 return NULL;
10529 }
10530
10531 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
10532 cmd, attr, info, gfp);
10533}
10534EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
10535
10536void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
10537{
10538 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
10539 void *hdr = ((void **)skb->cb)[1];
10540 struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
10541 struct nlattr *data = ((void **)skb->cb)[2];
10542 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
10543
10544
10545 memset(skb->cb, 0, sizeof(skb->cb));
10546
10547 nla_nest_end(skb, data);
10548 genlmsg_end(skb, hdr);
10549
10550 if (nlhdr->nlmsg_pid) {
10551 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
10552 nlhdr->nlmsg_pid);
10553 } else {
10554 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
10555 mcgrp = NL80211_MCGRP_VENDOR;
10556
10557 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
10558 skb, 0, mcgrp, gfp);
10559 }
10560}
10561EXPORT_SYMBOL(__cfg80211_send_event_skb);
10562
10563#ifdef CONFIG_NL80211_TESTMODE
10564static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
10565{
10566 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10567 struct wireless_dev *wdev;
10568 int err;
10569
10570 lockdep_assert_held(&rdev->wiphy.mtx);
10571
10572 wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
10573 info->attrs);
10574
10575 if (!rdev->ops->testmode_cmd)
10576 return -EOPNOTSUPP;
10577
10578 if (IS_ERR(wdev)) {
10579 err = PTR_ERR(wdev);
10580 if (err != -EINVAL)
10581 return err;
10582 wdev = NULL;
10583 } else if (wdev->wiphy != &rdev->wiphy) {
10584 return -EINVAL;
10585 }
10586
10587 if (!info->attrs[NL80211_ATTR_TESTDATA])
10588 return -EINVAL;
10589
10590 rdev->cur_cmd_info = info;
10591 err = rdev_testmode_cmd(rdev, wdev,
10592 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
10593 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
10594 rdev->cur_cmd_info = NULL;
10595
10596 return err;
10597}
10598
10599static int nl80211_testmode_dump(struct sk_buff *skb,
10600 struct netlink_callback *cb)
10601{
10602 struct cfg80211_registered_device *rdev;
10603 struct nlattr **attrbuf = NULL;
10604 int err;
10605 long phy_idx;
10606 void *data = NULL;
10607 int data_len = 0;
10608
10609 rtnl_lock();
10610
10611 if (cb->args[0]) {
10612
10613
10614
10615
10616 phy_idx = cb->args[0] - 1;
10617
10618 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
10619 if (!rdev) {
10620 err = -ENOENT;
10621 goto out_err;
10622 }
10623 } else {
10624 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
10625 GFP_KERNEL);
10626 if (!attrbuf) {
10627 err = -ENOMEM;
10628 goto out_err;
10629 }
10630
10631 err = nlmsg_parse_deprecated(cb->nlh,
10632 GENL_HDRLEN + nl80211_fam.hdrsize,
10633 attrbuf, nl80211_fam.maxattr,
10634 nl80211_policy, NULL);
10635 if (err)
10636 goto out_err;
10637
10638 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
10639 if (IS_ERR(rdev)) {
10640 err = PTR_ERR(rdev);
10641 goto out_err;
10642 }
10643 phy_idx = rdev->wiphy_idx;
10644
10645 if (attrbuf[NL80211_ATTR_TESTDATA])
10646 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
10647 }
10648
10649 if (cb->args[1]) {
10650 data = nla_data((void *)cb->args[1]);
10651 data_len = nla_len((void *)cb->args[1]);
10652 }
10653
10654 if (!rdev->ops->testmode_dump) {
10655 err = -EOPNOTSUPP;
10656 goto out_err;
10657 }
10658
10659 while (1) {
10660 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
10661 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10662 NL80211_CMD_TESTMODE);
10663 struct nlattr *tmdata;
10664
10665 if (!hdr)
10666 break;
10667
10668 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
10669 genlmsg_cancel(skb, hdr);
10670 break;
10671 }
10672
10673 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
10674 if (!tmdata) {
10675 genlmsg_cancel(skb, hdr);
10676 break;
10677 }
10678 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
10679 nla_nest_end(skb, tmdata);
10680
10681 if (err == -ENOBUFS || err == -ENOENT) {
10682 genlmsg_cancel(skb, hdr);
10683 break;
10684 } else if (err) {
10685 genlmsg_cancel(skb, hdr);
10686 goto out_err;
10687 }
10688
10689 genlmsg_end(skb, hdr);
10690 }
10691
10692 err = skb->len;
10693
10694 cb->args[0] = phy_idx + 1;
10695 out_err:
10696 kfree(attrbuf);
10697 rtnl_unlock();
10698 return err;
10699}
10700#endif
10701
10702static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
10703{
10704 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10705 struct net_device *dev = info->user_ptr[1];
10706 struct cfg80211_connect_params connect;
10707 struct wiphy *wiphy;
10708 struct cfg80211_cached_keys *connkeys = NULL;
10709 u32 freq = 0;
10710 int err;
10711
10712 memset(&connect, 0, sizeof(connect));
10713
10714 if (!info->attrs[NL80211_ATTR_SSID] ||
10715 !nla_len(info->attrs[NL80211_ATTR_SSID]))
10716 return -EINVAL;
10717
10718 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10719 connect.auth_type =
10720 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10721 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
10722 NL80211_CMD_CONNECT))
10723 return -EINVAL;
10724 } else
10725 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
10726
10727 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
10728
10729 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
10730 !wiphy_ext_feature_isset(&rdev->wiphy,
10731 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
10732 return -EINVAL;
10733 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
10734
10735 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
10736 NL80211_MAX_NR_CIPHER_SUITES);
10737 if (err)
10738 return err;
10739
10740 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10741 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10742 return -EOPNOTSUPP;
10743
10744 wiphy = &rdev->wiphy;
10745
10746 connect.bg_scan_period = -1;
10747 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
10748 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
10749 connect.bg_scan_period =
10750 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
10751 }
10752
10753 if (info->attrs[NL80211_ATTR_MAC])
10754 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10755 else if (info->attrs[NL80211_ATTR_MAC_HINT])
10756 connect.bssid_hint =
10757 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
10758 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10759 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10760
10761 if (info->attrs[NL80211_ATTR_IE]) {
10762 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10763 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10764 }
10765
10766 if (info->attrs[NL80211_ATTR_USE_MFP]) {
10767 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
10768 if (connect.mfp == NL80211_MFP_OPTIONAL &&
10769 !wiphy_ext_feature_isset(&rdev->wiphy,
10770 NL80211_EXT_FEATURE_MFP_OPTIONAL))
10771 return -EOPNOTSUPP;
10772 } else {
10773 connect.mfp = NL80211_MFP_NO;
10774 }
10775
10776 if (info->attrs[NL80211_ATTR_PREV_BSSID])
10777 connect.prev_bssid =
10778 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
10779
10780 if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
10781 freq = MHZ_TO_KHZ(nla_get_u32(
10782 info->attrs[NL80211_ATTR_WIPHY_FREQ]));
10783 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
10784 freq +=
10785 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
10786
10787 if (freq) {
10788 connect.channel = nl80211_get_valid_chan(wiphy, freq);
10789 if (!connect.channel)
10790 return -EINVAL;
10791 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
10792 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
10793 freq = MHZ_TO_KHZ(freq);
10794 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
10795 if (!connect.channel_hint)
10796 return -EINVAL;
10797 }
10798
10799 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
10800 connect.edmg.channels =
10801 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
10802
10803 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
10804 connect.edmg.bw_config =
10805 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
10806 }
10807
10808 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
10809 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
10810 if (IS_ERR(connkeys))
10811 return PTR_ERR(connkeys);
10812 }
10813
10814 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
10815 connect.flags |= ASSOC_REQ_DISABLE_HT;
10816
10817 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10818 memcpy(&connect.ht_capa_mask,
10819 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10820 sizeof(connect.ht_capa_mask));
10821
10822 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10823 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
10824 kfree_sensitive(connkeys);
10825 return -EINVAL;
10826 }
10827 memcpy(&connect.ht_capa,
10828 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10829 sizeof(connect.ht_capa));
10830 }
10831
10832 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10833 connect.flags |= ASSOC_REQ_DISABLE_VHT;
10834
10835 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
10836 connect.flags |= ASSOC_REQ_DISABLE_HE;
10837
10838 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10839 memcpy(&connect.vht_capa_mask,
10840 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10841 sizeof(connect.vht_capa_mask));
10842
10843 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10844 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
10845 kfree_sensitive(connkeys);
10846 return -EINVAL;
10847 }
10848 memcpy(&connect.vht_capa,
10849 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10850 sizeof(connect.vht_capa));
10851 }
10852
10853 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10854 if (!((rdev->wiphy.features &
10855 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10856 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10857 !wiphy_ext_feature_isset(&rdev->wiphy,
10858 NL80211_EXT_FEATURE_RRM)) {
10859 kfree_sensitive(connkeys);
10860 return -EINVAL;
10861 }
10862 connect.flags |= ASSOC_REQ_USE_RRM;
10863 }
10864
10865 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
10866 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
10867 kfree_sensitive(connkeys);
10868 return -EOPNOTSUPP;
10869 }
10870
10871 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
10872
10873 if (connect.bssid) {
10874 kfree_sensitive(connkeys);
10875 return -EINVAL;
10876 }
10877
10878 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
10879 wiphy, &connect.bss_select);
10880 if (err) {
10881 kfree_sensitive(connkeys);
10882 return err;
10883 }
10884 }
10885
10886 if (wiphy_ext_feature_isset(&rdev->wiphy,
10887 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
10888 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10889 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10890 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10891 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10892 connect.fils_erp_username =
10893 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10894 connect.fils_erp_username_len =
10895 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10896 connect.fils_erp_realm =
10897 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10898 connect.fils_erp_realm_len =
10899 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10900 connect.fils_erp_next_seq_num =
10901 nla_get_u16(
10902 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10903 connect.fils_erp_rrk =
10904 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10905 connect.fils_erp_rrk_len =
10906 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10907 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10908 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10909 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10910 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10911 kfree_sensitive(connkeys);
10912 return -EINVAL;
10913 }
10914
10915 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
10916 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10917 kfree_sensitive(connkeys);
10918 GENL_SET_ERR_MSG(info,
10919 "external auth requires connection ownership");
10920 return -EINVAL;
10921 }
10922 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
10923 }
10924
10925 wdev_lock(dev->ieee80211_ptr);
10926
10927 err = cfg80211_connect(rdev, dev, &connect, connkeys,
10928 connect.prev_bssid);
10929 if (err)
10930 kfree_sensitive(connkeys);
10931
10932 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10933 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10934 if (connect.bssid)
10935 memcpy(dev->ieee80211_ptr->disconnect_bssid,
10936 connect.bssid, ETH_ALEN);
10937 else
10938 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
10939 }
10940
10941 wdev_unlock(dev->ieee80211_ptr);
10942
10943 return err;
10944}
10945
10946static int nl80211_update_connect_params(struct sk_buff *skb,
10947 struct genl_info *info)
10948{
10949 struct cfg80211_connect_params connect = {};
10950 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10951 struct net_device *dev = info->user_ptr[1];
10952 struct wireless_dev *wdev = dev->ieee80211_ptr;
10953 bool fils_sk_offload;
10954 u32 auth_type;
10955 u32 changed = 0;
10956 int ret;
10957
10958 if (!rdev->ops->update_connect_params)
10959 return -EOPNOTSUPP;
10960
10961 if (info->attrs[NL80211_ATTR_IE]) {
10962 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10963 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10964 changed |= UPDATE_ASSOC_IES;
10965 }
10966
10967 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
10968 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
10969
10970
10971
10972
10973
10974
10975 if (fils_sk_offload &&
10976 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10977 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10978 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10979 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10980 connect.fils_erp_username =
10981 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10982 connect.fils_erp_username_len =
10983 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10984 connect.fils_erp_realm =
10985 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10986 connect.fils_erp_realm_len =
10987 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10988 connect.fils_erp_next_seq_num =
10989 nla_get_u16(
10990 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10991 connect.fils_erp_rrk =
10992 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10993 connect.fils_erp_rrk_len =
10994 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10995 changed |= UPDATE_FILS_ERP_INFO;
10996 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10997 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10998 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10999 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
11000 return -EINVAL;
11001 }
11002
11003 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
11004 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
11005 if (!nl80211_valid_auth_type(rdev, auth_type,
11006 NL80211_CMD_CONNECT))
11007 return -EINVAL;
11008
11009 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
11010 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
11011 return -EINVAL;
11012
11013 connect.auth_type = auth_type;
11014 changed |= UPDATE_AUTH_TYPE;
11015 }
11016
11017 wdev_lock(dev->ieee80211_ptr);
11018 if (!wdev->current_bss)
11019 ret = -ENOLINK;
11020 else
11021 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
11022 wdev_unlock(dev->ieee80211_ptr);
11023
11024 return ret;
11025}
11026
11027static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
11028{
11029 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11030 struct net_device *dev = info->user_ptr[1];
11031 u16 reason;
11032 int ret;
11033
11034 if (dev->ieee80211_ptr->conn_owner_nlportid &&
11035 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11036 return -EPERM;
11037
11038 if (!info->attrs[NL80211_ATTR_REASON_CODE])
11039 reason = WLAN_REASON_DEAUTH_LEAVING;
11040 else
11041 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
11042
11043 if (reason == 0)
11044 return -EINVAL;
11045
11046 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11047 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11048 return -EOPNOTSUPP;
11049
11050 wdev_lock(dev->ieee80211_ptr);
11051 ret = cfg80211_disconnect(rdev, dev, reason, true);
11052 wdev_unlock(dev->ieee80211_ptr);
11053 return ret;
11054}
11055
11056static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
11057{
11058 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11059 struct net *net;
11060 int err;
11061
11062 if (info->attrs[NL80211_ATTR_PID]) {
11063 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
11064
11065 net = get_net_ns_by_pid(pid);
11066 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
11067 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
11068
11069 net = get_net_ns_by_fd(fd);
11070 } else {
11071 return -EINVAL;
11072 }
11073
11074 if (IS_ERR(net))
11075 return PTR_ERR(net);
11076
11077 err = 0;
11078
11079
11080 if (!net_eq(wiphy_net(&rdev->wiphy), net))
11081 err = cfg80211_switch_netns(rdev, net);
11082
11083 put_net(net);
11084 return err;
11085}
11086
11087static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
11088{
11089 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11090 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
11091 struct cfg80211_pmksa *pmksa) = NULL;
11092 struct net_device *dev = info->user_ptr[1];
11093 struct cfg80211_pmksa pmksa;
11094
11095 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
11096
11097 if (!info->attrs[NL80211_ATTR_PMKID])
11098 return -EINVAL;
11099
11100 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
11101
11102 if (info->attrs[NL80211_ATTR_MAC]) {
11103 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11104 } else if (info->attrs[NL80211_ATTR_SSID] &&
11105 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
11106 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
11107 info->attrs[NL80211_ATTR_PMK])) {
11108 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11109 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11110 pmksa.cache_id =
11111 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
11112 } else {
11113 return -EINVAL;
11114 }
11115 if (info->attrs[NL80211_ATTR_PMK]) {
11116 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
11117 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
11118 }
11119
11120 if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
11121 pmksa.pmk_lifetime =
11122 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
11123
11124 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
11125 pmksa.pmk_reauth_threshold =
11126 nla_get_u8(
11127 info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
11128
11129 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11130 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
11131 !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
11132 wiphy_ext_feature_isset(&rdev->wiphy,
11133 NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
11134 return -EOPNOTSUPP;
11135
11136 switch (info->genlhdr->cmd) {
11137 case NL80211_CMD_SET_PMKSA:
11138 rdev_ops = rdev->ops->set_pmksa;
11139 break;
11140 case NL80211_CMD_DEL_PMKSA:
11141 rdev_ops = rdev->ops->del_pmksa;
11142 break;
11143 default:
11144 WARN_ON(1);
11145 break;
11146 }
11147
11148 if (!rdev_ops)
11149 return -EOPNOTSUPP;
11150
11151 return rdev_ops(&rdev->wiphy, dev, &pmksa);
11152}
11153
11154static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
11155{
11156 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11157 struct net_device *dev = info->user_ptr[1];
11158
11159 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11160 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11161 return -EOPNOTSUPP;
11162
11163 if (!rdev->ops->flush_pmksa)
11164 return -EOPNOTSUPP;
11165
11166 return rdev_flush_pmksa(rdev, dev);
11167}
11168
11169static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
11170{
11171 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11172 struct net_device *dev = info->user_ptr[1];
11173 u8 action_code, dialog_token;
11174 u32 peer_capability = 0;
11175 u16 status_code;
11176 u8 *peer;
11177 bool initiator;
11178
11179 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
11180 !rdev->ops->tdls_mgmt)
11181 return -EOPNOTSUPP;
11182
11183 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
11184 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
11185 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
11186 !info->attrs[NL80211_ATTR_IE] ||
11187 !info->attrs[NL80211_ATTR_MAC])
11188 return -EINVAL;
11189
11190 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
11191 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
11192 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
11193 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
11194 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
11195 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
11196 peer_capability =
11197 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
11198
11199 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
11200 dialog_token, status_code, peer_capability,
11201 initiator,
11202 nla_data(info->attrs[NL80211_ATTR_IE]),
11203 nla_len(info->attrs[NL80211_ATTR_IE]));
11204}
11205
11206static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
11207{
11208 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11209 struct net_device *dev = info->user_ptr[1];
11210 enum nl80211_tdls_operation operation;
11211 u8 *peer;
11212
11213 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
11214 !rdev->ops->tdls_oper)
11215 return -EOPNOTSUPP;
11216
11217 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
11218 !info->attrs[NL80211_ATTR_MAC])
11219 return -EINVAL;
11220
11221 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
11222 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
11223
11224 return rdev_tdls_oper(rdev, dev, peer, operation);
11225}
11226
11227static int nl80211_remain_on_channel(struct sk_buff *skb,
11228 struct genl_info *info)
11229{
11230 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11231 struct wireless_dev *wdev = info->user_ptr[1];
11232 struct cfg80211_chan_def chandef;
11233 const struct cfg80211_chan_def *compat_chandef;
11234 struct sk_buff *msg;
11235 void *hdr;
11236 u64 cookie;
11237 u32 duration;
11238 int err;
11239
11240 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
11241 !info->attrs[NL80211_ATTR_DURATION])
11242 return -EINVAL;
11243
11244 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
11245
11246 if (!rdev->ops->remain_on_channel ||
11247 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
11248 return -EOPNOTSUPP;
11249
11250
11251
11252
11253
11254 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
11255 duration > rdev->wiphy.max_remain_on_channel_duration)
11256 return -EINVAL;
11257
11258 err = nl80211_parse_chandef(rdev, info, &chandef);
11259 if (err)
11260 return err;
11261
11262 wdev_lock(wdev);
11263 if (!cfg80211_off_channel_oper_allowed(wdev) &&
11264 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
11265 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
11266 &chandef);
11267 if (compat_chandef != &chandef) {
11268 wdev_unlock(wdev);
11269 return -EBUSY;
11270 }
11271 }
11272 wdev_unlock(wdev);
11273
11274 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11275 if (!msg)
11276 return -ENOMEM;
11277
11278 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11279 NL80211_CMD_REMAIN_ON_CHANNEL);
11280 if (!hdr) {
11281 err = -ENOBUFS;
11282 goto free_msg;
11283 }
11284
11285 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
11286 duration, &cookie);
11287
11288 if (err)
11289 goto free_msg;
11290
11291 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11292 NL80211_ATTR_PAD))
11293 goto nla_put_failure;
11294
11295 genlmsg_end(msg, hdr);
11296
11297 return genlmsg_reply(msg, info);
11298
11299 nla_put_failure:
11300 err = -ENOBUFS;
11301 free_msg:
11302 nlmsg_free(msg);
11303 return err;
11304}
11305
11306static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
11307 struct genl_info *info)
11308{
11309 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11310 struct wireless_dev *wdev = info->user_ptr[1];
11311 u64 cookie;
11312
11313 if (!info->attrs[NL80211_ATTR_COOKIE])
11314 return -EINVAL;
11315
11316 if (!rdev->ops->cancel_remain_on_channel)
11317 return -EOPNOTSUPP;
11318
11319 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11320
11321 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
11322}
11323
11324static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
11325 struct genl_info *info)
11326{
11327 struct cfg80211_bitrate_mask mask;
11328 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11329 struct net_device *dev = info->user_ptr[1];
11330 int err;
11331
11332 if (!rdev->ops->set_bitrate_mask)
11333 return -EOPNOTSUPP;
11334
11335 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
11336 NL80211_ATTR_TX_RATES, &mask,
11337 dev, true);
11338 if (err)
11339 return err;
11340
11341 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
11342}
11343
11344static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
11345{
11346 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11347 struct wireless_dev *wdev = info->user_ptr[1];
11348 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
11349
11350 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
11351 return -EINVAL;
11352
11353 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
11354 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
11355
11356 switch (wdev->iftype) {
11357 case NL80211_IFTYPE_STATION:
11358 case NL80211_IFTYPE_ADHOC:
11359 case NL80211_IFTYPE_P2P_CLIENT:
11360 case NL80211_IFTYPE_AP:
11361 case NL80211_IFTYPE_AP_VLAN:
11362 case NL80211_IFTYPE_MESH_POINT:
11363 case NL80211_IFTYPE_P2P_GO:
11364 case NL80211_IFTYPE_P2P_DEVICE:
11365 break;
11366 case NL80211_IFTYPE_NAN:
11367 default:
11368 return -EOPNOTSUPP;
11369 }
11370
11371
11372 if (!rdev->ops->mgmt_tx)
11373 return -EOPNOTSUPP;
11374
11375 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
11376 !wiphy_ext_feature_isset(&rdev->wiphy,
11377 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
11378 GENL_SET_ERR_MSG(info,
11379 "multicast RX registrations are not supported");
11380 return -EOPNOTSUPP;
11381 }
11382
11383 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
11384 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
11385 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
11386 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
11387 info->extack);
11388}
11389
11390static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
11391{
11392 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11393 struct wireless_dev *wdev = info->user_ptr[1];
11394 struct cfg80211_chan_def chandef;
11395 int err;
11396 void *hdr = NULL;
11397 u64 cookie;
11398 struct sk_buff *msg = NULL;
11399 struct cfg80211_mgmt_tx_params params = {
11400 .dont_wait_for_ack =
11401 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
11402 };
11403
11404 if (!info->attrs[NL80211_ATTR_FRAME])
11405 return -EINVAL;
11406
11407 if (!rdev->ops->mgmt_tx)
11408 return -EOPNOTSUPP;
11409
11410 switch (wdev->iftype) {
11411 case NL80211_IFTYPE_P2P_DEVICE:
11412 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
11413 return -EINVAL;
11414 break;
11415 case NL80211_IFTYPE_STATION:
11416 case NL80211_IFTYPE_ADHOC:
11417 case NL80211_IFTYPE_P2P_CLIENT:
11418 case NL80211_IFTYPE_AP:
11419 case NL80211_IFTYPE_AP_VLAN:
11420 case NL80211_IFTYPE_MESH_POINT:
11421 case NL80211_IFTYPE_P2P_GO:
11422 break;
11423 case NL80211_IFTYPE_NAN:
11424 default:
11425 return -EOPNOTSUPP;
11426 }
11427
11428 if (info->attrs[NL80211_ATTR_DURATION]) {
11429 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
11430 return -EINVAL;
11431 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
11432
11433
11434
11435
11436
11437 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
11438 params.wait > rdev->wiphy.max_remain_on_channel_duration)
11439 return -EINVAL;
11440 }
11441
11442 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
11443
11444 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
11445 return -EINVAL;
11446
11447 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
11448
11449
11450
11451
11452 chandef.chan = NULL;
11453 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11454 err = nl80211_parse_chandef(rdev, info, &chandef);
11455 if (err)
11456 return err;
11457 }
11458
11459 if (!chandef.chan && params.offchan)
11460 return -EINVAL;
11461
11462 wdev_lock(wdev);
11463 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
11464 wdev_unlock(wdev);
11465 return -EBUSY;
11466 }
11467 wdev_unlock(wdev);
11468
11469 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
11470 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
11471
11472 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
11473 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
11474 int i;
11475
11476 if (len % sizeof(u16))
11477 return -EINVAL;
11478
11479 params.n_csa_offsets = len / sizeof(u16);
11480 params.csa_offsets =
11481 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
11482
11483
11484 for (i = 0; i < params.n_csa_offsets; i++) {
11485 if (params.csa_offsets[i] >= params.len)
11486 return -EINVAL;
11487 }
11488 }
11489
11490 if (!params.dont_wait_for_ack) {
11491 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11492 if (!msg)
11493 return -ENOMEM;
11494
11495 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11496 NL80211_CMD_FRAME);
11497 if (!hdr) {
11498 err = -ENOBUFS;
11499 goto free_msg;
11500 }
11501 }
11502
11503 params.chan = chandef.chan;
11504 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie);
11505 if (err)
11506 goto free_msg;
11507
11508 if (msg) {
11509 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11510 NL80211_ATTR_PAD))
11511 goto nla_put_failure;
11512
11513 genlmsg_end(msg, hdr);
11514 return genlmsg_reply(msg, info);
11515 }
11516
11517 return 0;
11518
11519 nla_put_failure:
11520 err = -ENOBUFS;
11521 free_msg:
11522 nlmsg_free(msg);
11523 return err;
11524}
11525
11526static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
11527{
11528 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11529 struct wireless_dev *wdev = info->user_ptr[1];
11530 u64 cookie;
11531
11532 if (!info->attrs[NL80211_ATTR_COOKIE])
11533 return -EINVAL;
11534
11535 if (!rdev->ops->mgmt_tx_cancel_wait)
11536 return -EOPNOTSUPP;
11537
11538 switch (wdev->iftype) {
11539 case NL80211_IFTYPE_STATION:
11540 case NL80211_IFTYPE_ADHOC:
11541 case NL80211_IFTYPE_P2P_CLIENT:
11542 case NL80211_IFTYPE_AP:
11543 case NL80211_IFTYPE_AP_VLAN:
11544 case NL80211_IFTYPE_P2P_GO:
11545 case NL80211_IFTYPE_P2P_DEVICE:
11546 break;
11547 case NL80211_IFTYPE_NAN:
11548 default:
11549 return -EOPNOTSUPP;
11550 }
11551
11552 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11553
11554 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
11555}
11556
11557static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
11558{
11559 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11560 struct wireless_dev *wdev;
11561 struct net_device *dev = info->user_ptr[1];
11562 u8 ps_state;
11563 bool state;
11564 int err;
11565
11566 if (!info->attrs[NL80211_ATTR_PS_STATE])
11567 return -EINVAL;
11568
11569 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
11570
11571 wdev = dev->ieee80211_ptr;
11572
11573 if (!rdev->ops->set_power_mgmt)
11574 return -EOPNOTSUPP;
11575
11576 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
11577
11578 if (state == wdev->ps)
11579 return 0;
11580
11581 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
11582 if (!err)
11583 wdev->ps = state;
11584 return err;
11585}
11586
11587static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
11588{
11589 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11590 enum nl80211_ps_state ps_state;
11591 struct wireless_dev *wdev;
11592 struct net_device *dev = info->user_ptr[1];
11593 struct sk_buff *msg;
11594 void *hdr;
11595 int err;
11596
11597 wdev = dev->ieee80211_ptr;
11598
11599 if (!rdev->ops->set_power_mgmt)
11600 return -EOPNOTSUPP;
11601
11602 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11603 if (!msg)
11604 return -ENOMEM;
11605
11606 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11607 NL80211_CMD_GET_POWER_SAVE);
11608 if (!hdr) {
11609 err = -ENOBUFS;
11610 goto free_msg;
11611 }
11612
11613 if (wdev->ps)
11614 ps_state = NL80211_PS_ENABLED;
11615 else
11616 ps_state = NL80211_PS_DISABLED;
11617
11618 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
11619 goto nla_put_failure;
11620
11621 genlmsg_end(msg, hdr);
11622 return genlmsg_reply(msg, info);
11623
11624 nla_put_failure:
11625 err = -ENOBUFS;
11626 free_msg:
11627 nlmsg_free(msg);
11628 return err;
11629}
11630
11631static const struct nla_policy
11632nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
11633 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
11634 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
11635 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
11636 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
11637 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
11638 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
11639 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
11640};
11641
11642static int nl80211_set_cqm_txe(struct genl_info *info,
11643 u32 rate, u32 pkts, u32 intvl)
11644{
11645 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11646 struct net_device *dev = info->user_ptr[1];
11647 struct wireless_dev *wdev = dev->ieee80211_ptr;
11648
11649 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
11650 return -EINVAL;
11651
11652 if (!rdev->ops->set_cqm_txe_config)
11653 return -EOPNOTSUPP;
11654
11655 if (wdev->iftype != NL80211_IFTYPE_STATION &&
11656 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11657 return -EOPNOTSUPP;
11658
11659 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
11660}
11661
11662static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
11663 struct net_device *dev)
11664{
11665 struct wireless_dev *wdev = dev->ieee80211_ptr;
11666 s32 last, low, high;
11667 u32 hyst;
11668 int i, n, low_index;
11669 int err;
11670
11671
11672 if (!wdev->cqm_config)
11673 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
11674
11675
11676
11677
11678
11679
11680
11681 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
11682 rdev->ops->get_station) {
11683 struct station_info sinfo = {};
11684 u8 *mac_addr;
11685
11686 mac_addr = wdev->current_bss->pub.bssid;
11687
11688 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
11689 if (err)
11690 return err;
11691
11692 cfg80211_sinfo_release_content(&sinfo);
11693 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
11694 wdev->cqm_config->last_rssi_event_value =
11695 (s8) sinfo.rx_beacon_signal_avg;
11696 }
11697
11698 last = wdev->cqm_config->last_rssi_event_value;
11699 hyst = wdev->cqm_config->rssi_hyst;
11700 n = wdev->cqm_config->n_rssi_thresholds;
11701
11702 for (i = 0; i < n; i++) {
11703 i = array_index_nospec(i, n);
11704 if (last < wdev->cqm_config->rssi_thresholds[i])
11705 break;
11706 }
11707
11708 low_index = i - 1;
11709 if (low_index >= 0) {
11710 low_index = array_index_nospec(low_index, n);
11711 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
11712 } else {
11713 low = S32_MIN;
11714 }
11715 if (i < n) {
11716 i = array_index_nospec(i, n);
11717 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
11718 } else {
11719 high = S32_MAX;
11720 }
11721
11722 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
11723}
11724
11725static int nl80211_set_cqm_rssi(struct genl_info *info,
11726 const s32 *thresholds, int n_thresholds,
11727 u32 hysteresis)
11728{
11729 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11730 struct net_device *dev = info->user_ptr[1];
11731 struct wireless_dev *wdev = dev->ieee80211_ptr;
11732 int i, err;
11733 s32 prev = S32_MIN;
11734
11735
11736 for (i = 0; i < n_thresholds; i++) {
11737 if (thresholds[i] > 0 || thresholds[i] <= prev)
11738 return -EINVAL;
11739
11740 prev = thresholds[i];
11741 }
11742
11743 if (wdev->iftype != NL80211_IFTYPE_STATION &&
11744 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11745 return -EOPNOTSUPP;
11746
11747 wdev_lock(wdev);
11748 cfg80211_cqm_config_free(wdev);
11749 wdev_unlock(wdev);
11750
11751 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
11752 if (n_thresholds == 0 || thresholds[0] == 0)
11753 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
11754
11755 return rdev_set_cqm_rssi_config(rdev, dev,
11756 thresholds[0], hysteresis);
11757 }
11758
11759 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11760 NL80211_EXT_FEATURE_CQM_RSSI_LIST))
11761 return -EOPNOTSUPP;
11762
11763 if (n_thresholds == 1 && thresholds[0] == 0)
11764 n_thresholds = 0;
11765
11766 wdev_lock(wdev);
11767 if (n_thresholds) {
11768 struct cfg80211_cqm_config *cqm_config;
11769
11770 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
11771 n_thresholds * sizeof(s32), GFP_KERNEL);
11772 if (!cqm_config) {
11773 err = -ENOMEM;
11774 goto unlock;
11775 }
11776
11777 cqm_config->rssi_hyst = hysteresis;
11778 cqm_config->n_rssi_thresholds = n_thresholds;
11779 memcpy(cqm_config->rssi_thresholds, thresholds,
11780 n_thresholds * sizeof(s32));
11781
11782 wdev->cqm_config = cqm_config;
11783 }
11784
11785 err = cfg80211_cqm_rssi_update(rdev, dev);
11786
11787unlock:
11788 wdev_unlock(wdev);
11789
11790 return err;
11791}
11792
11793static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
11794{
11795 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
11796 struct nlattr *cqm;
11797 int err;
11798
11799 cqm = info->attrs[NL80211_ATTR_CQM];
11800 if (!cqm)
11801 return -EINVAL;
11802
11803 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
11804 nl80211_attr_cqm_policy,
11805 info->extack);
11806 if (err)
11807 return err;
11808
11809 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
11810 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
11811 const s32 *thresholds =
11812 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11813 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11814 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
11815
11816 if (len % 4)
11817 return -EINVAL;
11818
11819 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
11820 hysteresis);
11821 }
11822
11823 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
11824 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
11825 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
11826 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
11827 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
11828 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
11829
11830 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
11831 }
11832
11833 return -EINVAL;
11834}
11835
11836static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
11837{
11838 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11839 struct net_device *dev = info->user_ptr[1];
11840 struct ocb_setup setup = {};
11841 int err;
11842
11843 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11844 if (err)
11845 return err;
11846
11847 return cfg80211_join_ocb(rdev, dev, &setup);
11848}
11849
11850static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
11851{
11852 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11853 struct net_device *dev = info->user_ptr[1];
11854
11855 return cfg80211_leave_ocb(rdev, dev);
11856}
11857
11858static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
11859{
11860 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11861 struct net_device *dev = info->user_ptr[1];
11862 struct mesh_config cfg;
11863 struct mesh_setup setup;
11864 int err;
11865
11866
11867 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
11868 memcpy(&setup, &default_mesh_setup, sizeof(setup));
11869
11870 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
11871
11872 err = nl80211_parse_mesh_config(info, &cfg, NULL);
11873 if (err)
11874 return err;
11875 }
11876
11877 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
11878 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
11879 return -EINVAL;
11880
11881 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
11882 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
11883
11884 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11885 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
11886 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11887 return -EINVAL;
11888
11889 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
11890 setup.beacon_interval =
11891 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11892
11893 err = cfg80211_validate_beacon_int(rdev,
11894 NL80211_IFTYPE_MESH_POINT,
11895 setup.beacon_interval);
11896 if (err)
11897 return err;
11898 }
11899
11900 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
11901 setup.dtim_period =
11902 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
11903 if (setup.dtim_period < 1 || setup.dtim_period > 100)
11904 return -EINVAL;
11905 }
11906
11907 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
11908
11909 err = nl80211_parse_mesh_setup(info, &setup);
11910 if (err)
11911 return err;
11912 }
11913
11914 if (setup.user_mpm)
11915 cfg.auto_open_plinks = false;
11916
11917 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11918 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11919 if (err)
11920 return err;
11921 } else {
11922
11923 setup.chandef.chan = NULL;
11924 }
11925
11926 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11927 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11928 int n_rates =
11929 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11930 struct ieee80211_supported_band *sband;
11931
11932 if (!setup.chandef.chan)
11933 return -EINVAL;
11934
11935 sband = rdev->wiphy.bands[setup.chandef.chan->band];
11936
11937 err = ieee80211_get_ratemask(sband, rates, n_rates,
11938 &setup.basic_rates);
11939 if (err)
11940 return err;
11941 }
11942
11943 if (info->attrs[NL80211_ATTR_TX_RATES]) {
11944 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
11945 NL80211_ATTR_TX_RATES,
11946 &setup.beacon_rate,
11947 dev, false);
11948 if (err)
11949 return err;
11950
11951 if (!setup.chandef.chan)
11952 return -EINVAL;
11953
11954 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
11955 &setup.beacon_rate);
11956 if (err)
11957 return err;
11958 }
11959
11960 setup.userspace_handles_dfs =
11961 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11962
11963 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11964 int r = validate_pae_over_nl80211(rdev, info);
11965
11966 if (r < 0)
11967 return r;
11968
11969 setup.control_port_over_nl80211 = true;
11970 }
11971
11972 wdev_lock(dev->ieee80211_ptr);
11973 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
11974 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
11975 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11976 wdev_unlock(dev->ieee80211_ptr);
11977
11978 return err;
11979}
11980
11981static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
11982{
11983 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11984 struct net_device *dev = info->user_ptr[1];
11985
11986 return cfg80211_leave_mesh(rdev, dev);
11987}
11988
11989#ifdef CONFIG_PM
11990static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
11991 struct cfg80211_registered_device *rdev)
11992{
11993 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
11994 struct nlattr *nl_pats, *nl_pat;
11995 int i, pat_len;
11996
11997 if (!wowlan->n_patterns)
11998 return 0;
11999
12000 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
12001 if (!nl_pats)
12002 return -ENOBUFS;
12003
12004 for (i = 0; i < wowlan->n_patterns; i++) {
12005 nl_pat = nla_nest_start_noflag(msg, i + 1);
12006 if (!nl_pat)
12007 return -ENOBUFS;
12008 pat_len = wowlan->patterns[i].pattern_len;
12009 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
12010 wowlan->patterns[i].mask) ||
12011 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
12012 wowlan->patterns[i].pattern) ||
12013 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
12014 wowlan->patterns[i].pkt_offset))
12015 return -ENOBUFS;
12016 nla_nest_end(msg, nl_pat);
12017 }
12018 nla_nest_end(msg, nl_pats);
12019
12020 return 0;
12021}
12022
12023static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
12024 struct cfg80211_wowlan_tcp *tcp)
12025{
12026 struct nlattr *nl_tcp;
12027
12028 if (!tcp)
12029 return 0;
12030
12031 nl_tcp = nla_nest_start_noflag(msg,
12032 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
12033 if (!nl_tcp)
12034 return -ENOBUFS;
12035
12036 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
12037 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
12038 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
12039 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
12040 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
12041 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
12042 tcp->payload_len, tcp->payload) ||
12043 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
12044 tcp->data_interval) ||
12045 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
12046 tcp->wake_len, tcp->wake_data) ||
12047 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
12048 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
12049 return -ENOBUFS;
12050
12051 if (tcp->payload_seq.len &&
12052 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
12053 sizeof(tcp->payload_seq), &tcp->payload_seq))
12054 return -ENOBUFS;
12055
12056 if (tcp->payload_tok.len &&
12057 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
12058 sizeof(tcp->payload_tok) + tcp->tokens_size,
12059 &tcp->payload_tok))
12060 return -ENOBUFS;
12061
12062 nla_nest_end(msg, nl_tcp);
12063
12064 return 0;
12065}
12066
12067static int nl80211_send_wowlan_nd(struct sk_buff *msg,
12068 struct cfg80211_sched_scan_request *req)
12069{
12070 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
12071 int i;
12072
12073 if (!req)
12074 return 0;
12075
12076 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
12077 if (!nd)
12078 return -ENOBUFS;
12079
12080 if (req->n_scan_plans == 1 &&
12081 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
12082 req->scan_plans[0].interval * 1000))
12083 return -ENOBUFS;
12084
12085 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
12086 return -ENOBUFS;
12087
12088 if (req->relative_rssi_set) {
12089 struct nl80211_bss_select_rssi_adjust rssi_adjust;
12090
12091 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
12092 req->relative_rssi))
12093 return -ENOBUFS;
12094
12095 rssi_adjust.band = req->rssi_adjust.band;
12096 rssi_adjust.delta = req->rssi_adjust.delta;
12097 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
12098 sizeof(rssi_adjust), &rssi_adjust))
12099 return -ENOBUFS;
12100 }
12101
12102 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
12103 if (!freqs)
12104 return -ENOBUFS;
12105
12106 for (i = 0; i < req->n_channels; i++) {
12107 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
12108 return -ENOBUFS;
12109 }
12110
12111 nla_nest_end(msg, freqs);
12112
12113 if (req->n_match_sets) {
12114 matches = nla_nest_start_noflag(msg,
12115 NL80211_ATTR_SCHED_SCAN_MATCH);
12116 if (!matches)
12117 return -ENOBUFS;
12118
12119 for (i = 0; i < req->n_match_sets; i++) {
12120 match = nla_nest_start_noflag(msg, i);
12121 if (!match)
12122 return -ENOBUFS;
12123
12124 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
12125 req->match_sets[i].ssid.ssid_len,
12126 req->match_sets[i].ssid.ssid))
12127 return -ENOBUFS;
12128 nla_nest_end(msg, match);
12129 }
12130 nla_nest_end(msg, matches);
12131 }
12132
12133 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
12134 if (!scan_plans)
12135 return -ENOBUFS;
12136
12137 for (i = 0; i < req->n_scan_plans; i++) {
12138 scan_plan = nla_nest_start_noflag(msg, i + 1);
12139 if (!scan_plan)
12140 return -ENOBUFS;
12141
12142 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
12143 req->scan_plans[i].interval) ||
12144 (req->scan_plans[i].iterations &&
12145 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
12146 req->scan_plans[i].iterations)))
12147 return -ENOBUFS;
12148 nla_nest_end(msg, scan_plan);
12149 }
12150 nla_nest_end(msg, scan_plans);
12151
12152 nla_nest_end(msg, nd);
12153
12154 return 0;
12155}
12156
12157static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
12158{
12159 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12160 struct sk_buff *msg;
12161 void *hdr;
12162 u32 size = NLMSG_DEFAULT_SIZE;
12163
12164 if (!rdev->wiphy.wowlan)
12165 return -EOPNOTSUPP;
12166
12167 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
12168
12169 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
12170 rdev->wiphy.wowlan_config->tcp->payload_len +
12171 rdev->wiphy.wowlan_config->tcp->wake_len +
12172 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
12173 }
12174
12175 msg = nlmsg_new(size, GFP_KERNEL);
12176 if (!msg)
12177 return -ENOMEM;
12178
12179 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12180 NL80211_CMD_GET_WOWLAN);
12181 if (!hdr)
12182 goto nla_put_failure;
12183
12184 if (rdev->wiphy.wowlan_config) {
12185 struct nlattr *nl_wowlan;
12186
12187 nl_wowlan = nla_nest_start_noflag(msg,
12188 NL80211_ATTR_WOWLAN_TRIGGERS);
12189 if (!nl_wowlan)
12190 goto nla_put_failure;
12191
12192 if ((rdev->wiphy.wowlan_config->any &&
12193 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
12194 (rdev->wiphy.wowlan_config->disconnect &&
12195 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
12196 (rdev->wiphy.wowlan_config->magic_pkt &&
12197 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
12198 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
12199 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
12200 (rdev->wiphy.wowlan_config->eap_identity_req &&
12201 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
12202 (rdev->wiphy.wowlan_config->four_way_handshake &&
12203 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
12204 (rdev->wiphy.wowlan_config->rfkill_release &&
12205 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
12206 goto nla_put_failure;
12207
12208 if (nl80211_send_wowlan_patterns(msg, rdev))
12209 goto nla_put_failure;
12210
12211 if (nl80211_send_wowlan_tcp(msg,
12212 rdev->wiphy.wowlan_config->tcp))
12213 goto nla_put_failure;
12214
12215 if (nl80211_send_wowlan_nd(
12216 msg,
12217 rdev->wiphy.wowlan_config->nd_config))
12218 goto nla_put_failure;
12219
12220 nla_nest_end(msg, nl_wowlan);
12221 }
12222
12223 genlmsg_end(msg, hdr);
12224 return genlmsg_reply(msg, info);
12225
12226nla_put_failure:
12227 nlmsg_free(msg);
12228 return -ENOBUFS;
12229}
12230
12231static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
12232 struct nlattr *attr,
12233 struct cfg80211_wowlan *trig)
12234{
12235 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
12236 struct cfg80211_wowlan_tcp *cfg;
12237 struct nl80211_wowlan_tcp_data_token *tok = NULL;
12238 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
12239 u32 size;
12240 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
12241 int err, port;
12242
12243 if (!rdev->wiphy.wowlan->tcp)
12244 return -EINVAL;
12245
12246 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
12247 nl80211_wowlan_tcp_policy, NULL);
12248 if (err)
12249 return err;
12250
12251 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
12252 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
12253 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
12254 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
12255 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
12256 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
12257 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
12258 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
12259 return -EINVAL;
12260
12261 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
12262 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
12263 return -EINVAL;
12264
12265 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
12266 rdev->wiphy.wowlan->tcp->data_interval_max ||
12267 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
12268 return -EINVAL;
12269
12270 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
12271 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
12272 return -EINVAL;
12273
12274 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
12275 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
12276 return -EINVAL;
12277
12278 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
12279 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
12280
12281 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
12282 tokens_size = tokln - sizeof(*tok);
12283
12284 if (!tok->len || tokens_size % tok->len)
12285 return -EINVAL;
12286 if (!rdev->wiphy.wowlan->tcp->tok)
12287 return -EINVAL;
12288 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
12289 return -EINVAL;
12290 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
12291 return -EINVAL;
12292 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
12293 return -EINVAL;
12294 if (tok->offset + tok->len > data_size)
12295 return -EINVAL;
12296 }
12297
12298 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
12299 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
12300 if (!rdev->wiphy.wowlan->tcp->seq)
12301 return -EINVAL;
12302 if (seq->len == 0 || seq->len > 4)
12303 return -EINVAL;
12304 if (seq->len + seq->offset > data_size)
12305 return -EINVAL;
12306 }
12307
12308 size = sizeof(*cfg);
12309 size += data_size;
12310 size += wake_size + wake_mask_size;
12311 size += tokens_size;
12312
12313 cfg = kzalloc(size, GFP_KERNEL);
12314 if (!cfg)
12315 return -ENOMEM;
12316 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
12317 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
12318 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
12319 ETH_ALEN);
12320 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
12321 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
12322 else
12323 port = 0;
12324#ifdef CONFIG_INET
12325
12326 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
12327 IPPROTO_TCP, &cfg->sock, 1);
12328 if (err) {
12329 kfree(cfg);
12330 return err;
12331 }
12332 if (inet_csk_get_port(cfg->sock->sk, port)) {
12333 sock_release(cfg->sock);
12334 kfree(cfg);
12335 return -EADDRINUSE;
12336 }
12337 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
12338#else
12339 if (!port) {
12340 kfree(cfg);
12341 return -EINVAL;
12342 }
12343 cfg->src_port = port;
12344#endif
12345
12346 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
12347 cfg->payload_len = data_size;
12348 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
12349 memcpy((void *)cfg->payload,
12350 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
12351 data_size);
12352 if (seq)
12353 cfg->payload_seq = *seq;
12354 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
12355 cfg->wake_len = wake_size;
12356 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
12357 memcpy((void *)cfg->wake_data,
12358 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
12359 wake_size);
12360 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
12361 data_size + wake_size;
12362 memcpy((void *)cfg->wake_mask,
12363 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
12364 wake_mask_size);
12365 if (tok) {
12366 cfg->tokens_size = tokens_size;
12367 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
12368 }
12369
12370 trig->tcp = cfg;
12371
12372 return 0;
12373}
12374
12375static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
12376 const struct wiphy_wowlan_support *wowlan,
12377 struct nlattr *attr,
12378 struct cfg80211_wowlan *trig)
12379{
12380 struct nlattr **tb;
12381 int err;
12382
12383 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
12384 if (!tb)
12385 return -ENOMEM;
12386
12387 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
12388 err = -EOPNOTSUPP;
12389 goto out;
12390 }
12391
12392 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
12393 nl80211_policy, NULL);
12394 if (err)
12395 goto out;
12396
12397 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
12398 wowlan->max_nd_match_sets);
12399 err = PTR_ERR_OR_ZERO(trig->nd_config);
12400 if (err)
12401 trig->nd_config = NULL;
12402
12403out:
12404 kfree(tb);
12405 return err;
12406}
12407
12408static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
12409{
12410 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12411 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
12412 struct cfg80211_wowlan new_triggers = {};
12413 struct cfg80211_wowlan *ntrig;
12414 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
12415 int err, i;
12416 bool prev_enabled = rdev->wiphy.wowlan_config;
12417 bool regular = false;
12418
12419 if (!wowlan)
12420 return -EOPNOTSUPP;
12421
12422 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
12423 cfg80211_rdev_free_wowlan(rdev);
12424 rdev->wiphy.wowlan_config = NULL;
12425 goto set_wakeup;
12426 }
12427
12428 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
12429 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
12430 nl80211_wowlan_policy, info->extack);
12431 if (err)
12432 return err;
12433
12434 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
12435 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
12436 return -EINVAL;
12437 new_triggers.any = true;
12438 }
12439
12440 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
12441 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
12442 return -EINVAL;
12443 new_triggers.disconnect = true;
12444 regular = true;
12445 }
12446
12447 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
12448 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
12449 return -EINVAL;
12450 new_triggers.magic_pkt = true;
12451 regular = true;
12452 }
12453
12454 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
12455 return -EINVAL;
12456
12457 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
12458 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
12459 return -EINVAL;
12460 new_triggers.gtk_rekey_failure = true;
12461 regular = true;
12462 }
12463
12464 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
12465 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
12466 return -EINVAL;
12467 new_triggers.eap_identity_req = true;
12468 regular = true;
12469 }
12470
12471 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
12472 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
12473 return -EINVAL;
12474 new_triggers.four_way_handshake = true;
12475 regular = true;
12476 }
12477
12478 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
12479 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
12480 return -EINVAL;
12481 new_triggers.rfkill_release = true;
12482 regular = true;
12483 }
12484
12485 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
12486 struct nlattr *pat;
12487 int n_patterns = 0;
12488 int rem, pat_len, mask_len, pkt_offset;
12489 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
12490
12491 regular = true;
12492
12493 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
12494 rem)
12495 n_patterns++;
12496 if (n_patterns > wowlan->n_patterns)
12497 return -EINVAL;
12498
12499 new_triggers.patterns = kcalloc(n_patterns,
12500 sizeof(new_triggers.patterns[0]),
12501 GFP_KERNEL);
12502 if (!new_triggers.patterns)
12503 return -ENOMEM;
12504
12505 new_triggers.n_patterns = n_patterns;
12506 i = 0;
12507
12508 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
12509 rem) {
12510 u8 *mask_pat;
12511
12512 err = nla_parse_nested_deprecated(pat_tb,
12513 MAX_NL80211_PKTPAT,
12514 pat,
12515 nl80211_packet_pattern_policy,
12516 info->extack);
12517 if (err)
12518 goto error;
12519
12520 err = -EINVAL;
12521 if (!pat_tb[NL80211_PKTPAT_MASK] ||
12522 !pat_tb[NL80211_PKTPAT_PATTERN])
12523 goto error;
12524 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
12525 mask_len = DIV_ROUND_UP(pat_len, 8);
12526 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
12527 goto error;
12528 if (pat_len > wowlan->pattern_max_len ||
12529 pat_len < wowlan->pattern_min_len)
12530 goto error;
12531
12532 if (!pat_tb[NL80211_PKTPAT_OFFSET])
12533 pkt_offset = 0;
12534 else
12535 pkt_offset = nla_get_u32(
12536 pat_tb[NL80211_PKTPAT_OFFSET]);
12537 if (pkt_offset > wowlan->max_pkt_offset)
12538 goto error;
12539 new_triggers.patterns[i].pkt_offset = pkt_offset;
12540
12541 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12542 if (!mask_pat) {
12543 err = -ENOMEM;
12544 goto error;
12545 }
12546 new_triggers.patterns[i].mask = mask_pat;
12547 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12548 mask_len);
12549 mask_pat += mask_len;
12550 new_triggers.patterns[i].pattern = mask_pat;
12551 new_triggers.patterns[i].pattern_len = pat_len;
12552 memcpy(mask_pat,
12553 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12554 pat_len);
12555 i++;
12556 }
12557 }
12558
12559 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
12560 regular = true;
12561 err = nl80211_parse_wowlan_tcp(
12562 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
12563 &new_triggers);
12564 if (err)
12565 goto error;
12566 }
12567
12568 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
12569 regular = true;
12570 err = nl80211_parse_wowlan_nd(
12571 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
12572 &new_triggers);
12573 if (err)
12574 goto error;
12575 }
12576
12577
12578
12579
12580
12581
12582
12583 if (new_triggers.any && regular) {
12584 err = -EINVAL;
12585 goto error;
12586 }
12587
12588 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
12589 if (!ntrig) {
12590 err = -ENOMEM;
12591 goto error;
12592 }
12593 cfg80211_rdev_free_wowlan(rdev);
12594 rdev->wiphy.wowlan_config = ntrig;
12595
12596 set_wakeup:
12597 if (rdev->ops->set_wakeup &&
12598 prev_enabled != !!rdev->wiphy.wowlan_config)
12599 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
12600
12601 return 0;
12602 error:
12603 for (i = 0; i < new_triggers.n_patterns; i++)
12604 kfree(new_triggers.patterns[i].mask);
12605 kfree(new_triggers.patterns);
12606 if (new_triggers.tcp && new_triggers.tcp->sock)
12607 sock_release(new_triggers.tcp->sock);
12608 kfree(new_triggers.tcp);
12609 kfree(new_triggers.nd_config);
12610 return err;
12611}
12612#endif
12613
12614static int nl80211_send_coalesce_rules(struct sk_buff *msg,
12615 struct cfg80211_registered_device *rdev)
12616{
12617 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
12618 int i, j, pat_len;
12619 struct cfg80211_coalesce_rules *rule;
12620
12621 if (!rdev->coalesce->n_rules)
12622 return 0;
12623
12624 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
12625 if (!nl_rules)
12626 return -ENOBUFS;
12627
12628 for (i = 0; i < rdev->coalesce->n_rules; i++) {
12629 nl_rule = nla_nest_start_noflag(msg, i + 1);
12630 if (!nl_rule)
12631 return -ENOBUFS;
12632
12633 rule = &rdev->coalesce->rules[i];
12634 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
12635 rule->delay))
12636 return -ENOBUFS;
12637
12638 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
12639 rule->condition))
12640 return -ENOBUFS;
12641
12642 nl_pats = nla_nest_start_noflag(msg,
12643 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
12644 if (!nl_pats)
12645 return -ENOBUFS;
12646
12647 for (j = 0; j < rule->n_patterns; j++) {
12648 nl_pat = nla_nest_start_noflag(msg, j + 1);
12649 if (!nl_pat)
12650 return -ENOBUFS;
12651 pat_len = rule->patterns[j].pattern_len;
12652 if (nla_put(msg, NL80211_PKTPAT_MASK,
12653 DIV_ROUND_UP(pat_len, 8),
12654 rule->patterns[j].mask) ||
12655 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
12656 rule->patterns[j].pattern) ||
12657 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
12658 rule->patterns[j].pkt_offset))
12659 return -ENOBUFS;
12660 nla_nest_end(msg, nl_pat);
12661 }
12662 nla_nest_end(msg, nl_pats);
12663 nla_nest_end(msg, nl_rule);
12664 }
12665 nla_nest_end(msg, nl_rules);
12666
12667 return 0;
12668}
12669
12670static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
12671{
12672 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12673 struct sk_buff *msg;
12674 void *hdr;
12675
12676 if (!rdev->wiphy.coalesce)
12677 return -EOPNOTSUPP;
12678
12679 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12680 if (!msg)
12681 return -ENOMEM;
12682
12683 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12684 NL80211_CMD_GET_COALESCE);
12685 if (!hdr)
12686 goto nla_put_failure;
12687
12688 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
12689 goto nla_put_failure;
12690
12691 genlmsg_end(msg, hdr);
12692 return genlmsg_reply(msg, info);
12693
12694nla_put_failure:
12695 nlmsg_free(msg);
12696 return -ENOBUFS;
12697}
12698
12699void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
12700{
12701 struct cfg80211_coalesce *coalesce = rdev->coalesce;
12702 int i, j;
12703 struct cfg80211_coalesce_rules *rule;
12704
12705 if (!coalesce)
12706 return;
12707
12708 for (i = 0; i < coalesce->n_rules; i++) {
12709 rule = &coalesce->rules[i];
12710 for (j = 0; j < rule->n_patterns; j++)
12711 kfree(rule->patterns[j].mask);
12712 kfree(rule->patterns);
12713 }
12714 kfree(coalesce->rules);
12715 kfree(coalesce);
12716 rdev->coalesce = NULL;
12717}
12718
12719static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
12720 struct nlattr *rule,
12721 struct cfg80211_coalesce_rules *new_rule)
12722{
12723 int err, i;
12724 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12725 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
12726 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
12727 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
12728
12729 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
12730 rule, nl80211_coalesce_policy, NULL);
12731 if (err)
12732 return err;
12733
12734 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
12735 new_rule->delay =
12736 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
12737 if (new_rule->delay > coalesce->max_delay)
12738 return -EINVAL;
12739
12740 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
12741 new_rule->condition =
12742 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
12743
12744 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
12745 return -EINVAL;
12746
12747 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12748 rem)
12749 n_patterns++;
12750 if (n_patterns > coalesce->n_patterns)
12751 return -EINVAL;
12752
12753 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
12754 GFP_KERNEL);
12755 if (!new_rule->patterns)
12756 return -ENOMEM;
12757
12758 new_rule->n_patterns = n_patterns;
12759 i = 0;
12760
12761 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12762 rem) {
12763 u8 *mask_pat;
12764
12765 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
12766 pat,
12767 nl80211_packet_pattern_policy,
12768 NULL);
12769 if (err)
12770 return err;
12771
12772 if (!pat_tb[NL80211_PKTPAT_MASK] ||
12773 !pat_tb[NL80211_PKTPAT_PATTERN])
12774 return -EINVAL;
12775 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
12776 mask_len = DIV_ROUND_UP(pat_len, 8);
12777 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
12778 return -EINVAL;
12779 if (pat_len > coalesce->pattern_max_len ||
12780 pat_len < coalesce->pattern_min_len)
12781 return -EINVAL;
12782
12783 if (!pat_tb[NL80211_PKTPAT_OFFSET])
12784 pkt_offset = 0;
12785 else
12786 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
12787 if (pkt_offset > coalesce->max_pkt_offset)
12788 return -EINVAL;
12789 new_rule->patterns[i].pkt_offset = pkt_offset;
12790
12791 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12792 if (!mask_pat)
12793 return -ENOMEM;
12794
12795 new_rule->patterns[i].mask = mask_pat;
12796 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12797 mask_len);
12798
12799 mask_pat += mask_len;
12800 new_rule->patterns[i].pattern = mask_pat;
12801 new_rule->patterns[i].pattern_len = pat_len;
12802 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12803 pat_len);
12804 i++;
12805 }
12806
12807 return 0;
12808}
12809
12810static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
12811{
12812 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12813 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12814 struct cfg80211_coalesce new_coalesce = {};
12815 struct cfg80211_coalesce *n_coalesce;
12816 int err, rem_rule, n_rules = 0, i, j;
12817 struct nlattr *rule;
12818 struct cfg80211_coalesce_rules *tmp_rule;
12819
12820 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
12821 return -EOPNOTSUPP;
12822
12823 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
12824 cfg80211_rdev_free_coalesce(rdev);
12825 rdev_set_coalesce(rdev, NULL);
12826 return 0;
12827 }
12828
12829 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12830 rem_rule)
12831 n_rules++;
12832 if (n_rules > coalesce->n_rules)
12833 return -EINVAL;
12834
12835 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
12836 GFP_KERNEL);
12837 if (!new_coalesce.rules)
12838 return -ENOMEM;
12839
12840 new_coalesce.n_rules = n_rules;
12841 i = 0;
12842
12843 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12844 rem_rule) {
12845 err = nl80211_parse_coalesce_rule(rdev, rule,
12846 &new_coalesce.rules[i]);
12847 if (err)
12848 goto error;
12849
12850 i++;
12851 }
12852
12853 err = rdev_set_coalesce(rdev, &new_coalesce);
12854 if (err)
12855 goto error;
12856
12857 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
12858 if (!n_coalesce) {
12859 err = -ENOMEM;
12860 goto error;
12861 }
12862 cfg80211_rdev_free_coalesce(rdev);
12863 rdev->coalesce = n_coalesce;
12864
12865 return 0;
12866error:
12867 for (i = 0; i < new_coalesce.n_rules; i++) {
12868 tmp_rule = &new_coalesce.rules[i];
12869 for (j = 0; j < tmp_rule->n_patterns; j++)
12870 kfree(tmp_rule->patterns[j].mask);
12871 kfree(tmp_rule->patterns);
12872 }
12873 kfree(new_coalesce.rules);
12874
12875 return err;
12876}
12877
12878static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
12879{
12880 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12881 struct net_device *dev = info->user_ptr[1];
12882 struct wireless_dev *wdev = dev->ieee80211_ptr;
12883 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
12884 struct cfg80211_gtk_rekey_data rekey_data = {};
12885 int err;
12886
12887 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
12888 return -EINVAL;
12889
12890 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
12891 info->attrs[NL80211_ATTR_REKEY_DATA],
12892 nl80211_rekey_policy, info->extack);
12893 if (err)
12894 return err;
12895
12896 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
12897 !tb[NL80211_REKEY_DATA_KCK])
12898 return -EINVAL;
12899 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
12900 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
12901 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
12902 return -ERANGE;
12903 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
12904 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
12905 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KCK_EXT_LEN))
12906 return -ERANGE;
12907
12908 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
12909 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
12910 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
12911 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
12912 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
12913 if (tb[NL80211_REKEY_DATA_AKM])
12914 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
12915
12916 wdev_lock(wdev);
12917 if (!wdev->current_bss) {
12918 err = -ENOTCONN;
12919 goto out;
12920 }
12921
12922 if (!rdev->ops->set_rekey_data) {
12923 err = -EOPNOTSUPP;
12924 goto out;
12925 }
12926
12927 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
12928 out:
12929 wdev_unlock(wdev);
12930 return err;
12931}
12932
12933static int nl80211_register_unexpected_frame(struct sk_buff *skb,
12934 struct genl_info *info)
12935{
12936 struct net_device *dev = info->user_ptr[1];
12937 struct wireless_dev *wdev = dev->ieee80211_ptr;
12938
12939 if (wdev->iftype != NL80211_IFTYPE_AP &&
12940 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12941 return -EINVAL;
12942
12943 if (wdev->ap_unexpected_nlportid)
12944 return -EBUSY;
12945
12946 wdev->ap_unexpected_nlportid = info->snd_portid;
12947 return 0;
12948}
12949
12950static int nl80211_probe_client(struct sk_buff *skb,
12951 struct genl_info *info)
12952{
12953 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12954 struct net_device *dev = info->user_ptr[1];
12955 struct wireless_dev *wdev = dev->ieee80211_ptr;
12956 struct sk_buff *msg;
12957 void *hdr;
12958 const u8 *addr;
12959 u64 cookie;
12960 int err;
12961
12962 if (wdev->iftype != NL80211_IFTYPE_AP &&
12963 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12964 return -EOPNOTSUPP;
12965
12966 if (!info->attrs[NL80211_ATTR_MAC])
12967 return -EINVAL;
12968
12969 if (!rdev->ops->probe_client)
12970 return -EOPNOTSUPP;
12971
12972 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12973 if (!msg)
12974 return -ENOMEM;
12975
12976 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12977 NL80211_CMD_PROBE_CLIENT);
12978 if (!hdr) {
12979 err = -ENOBUFS;
12980 goto free_msg;
12981 }
12982
12983 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12984
12985 err = rdev_probe_client(rdev, dev, addr, &cookie);
12986 if (err)
12987 goto free_msg;
12988
12989 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12990 NL80211_ATTR_PAD))
12991 goto nla_put_failure;
12992
12993 genlmsg_end(msg, hdr);
12994
12995 return genlmsg_reply(msg, info);
12996
12997 nla_put_failure:
12998 err = -ENOBUFS;
12999 free_msg:
13000 nlmsg_free(msg);
13001 return err;
13002}
13003
13004static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
13005{
13006 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13007 struct cfg80211_beacon_registration *reg, *nreg;
13008 int rv;
13009
13010 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
13011 return -EOPNOTSUPP;
13012
13013 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
13014 if (!nreg)
13015 return -ENOMEM;
13016
13017
13018 spin_lock_bh(&rdev->beacon_registrations_lock);
13019 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
13020 if (reg->nlportid == info->snd_portid) {
13021 rv = -EALREADY;
13022 goto out_err;
13023 }
13024 }
13025
13026 nreg->nlportid = info->snd_portid;
13027 list_add(&nreg->list, &rdev->beacon_registrations);
13028
13029 spin_unlock_bh(&rdev->beacon_registrations_lock);
13030
13031 return 0;
13032out_err:
13033 spin_unlock_bh(&rdev->beacon_registrations_lock);
13034 kfree(nreg);
13035 return rv;
13036}
13037
13038static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
13039{
13040 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13041 struct wireless_dev *wdev = info->user_ptr[1];
13042 int err;
13043
13044 if (!rdev->ops->start_p2p_device)
13045 return -EOPNOTSUPP;
13046
13047 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
13048 return -EOPNOTSUPP;
13049
13050 if (wdev_running(wdev))
13051 return 0;
13052
13053 if (rfkill_blocked(rdev->wiphy.rfkill))
13054 return -ERFKILL;
13055
13056 err = rdev_start_p2p_device(rdev, wdev);
13057 if (err)
13058 return err;
13059
13060 wdev->is_running = true;
13061 rdev->opencount++;
13062
13063 return 0;
13064}
13065
13066static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
13067{
13068 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13069 struct wireless_dev *wdev = info->user_ptr[1];
13070
13071 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
13072 return -EOPNOTSUPP;
13073
13074 if (!rdev->ops->stop_p2p_device)
13075 return -EOPNOTSUPP;
13076
13077 cfg80211_stop_p2p_device(rdev, wdev);
13078
13079 return 0;
13080}
13081
13082static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
13083{
13084 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13085 struct wireless_dev *wdev = info->user_ptr[1];
13086 struct cfg80211_nan_conf conf = {};
13087 int err;
13088
13089 if (wdev->iftype != NL80211_IFTYPE_NAN)
13090 return -EOPNOTSUPP;
13091
13092 if (wdev_running(wdev))
13093 return -EEXIST;
13094
13095 if (rfkill_blocked(rdev->wiphy.rfkill))
13096 return -ERFKILL;
13097
13098 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
13099 return -EINVAL;
13100
13101 conf.master_pref =
13102 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
13103
13104 if (info->attrs[NL80211_ATTR_BANDS]) {
13105 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
13106
13107 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
13108 return -EOPNOTSUPP;
13109
13110 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
13111 return -EINVAL;
13112
13113 conf.bands = bands;
13114 }
13115
13116 err = rdev_start_nan(rdev, wdev, &conf);
13117 if (err)
13118 return err;
13119
13120 wdev->is_running = true;
13121 rdev->opencount++;
13122
13123 return 0;
13124}
13125
13126static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
13127{
13128 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13129 struct wireless_dev *wdev = info->user_ptr[1];
13130
13131 if (wdev->iftype != NL80211_IFTYPE_NAN)
13132 return -EOPNOTSUPP;
13133
13134 cfg80211_stop_nan(rdev, wdev);
13135
13136 return 0;
13137}
13138
13139static int validate_nan_filter(struct nlattr *filter_attr)
13140{
13141 struct nlattr *attr;
13142 int len = 0, n_entries = 0, rem;
13143
13144 nla_for_each_nested(attr, filter_attr, rem) {
13145 len += nla_len(attr);
13146 n_entries++;
13147 }
13148
13149 if (len >= U8_MAX)
13150 return -EINVAL;
13151
13152 return n_entries;
13153}
13154
13155static int handle_nan_filter(struct nlattr *attr_filter,
13156 struct cfg80211_nan_func *func,
13157 bool tx)
13158{
13159 struct nlattr *attr;
13160 int n_entries, rem, i;
13161 struct cfg80211_nan_func_filter *filter;
13162
13163 n_entries = validate_nan_filter(attr_filter);
13164 if (n_entries < 0)
13165 return n_entries;
13166
13167 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
13168
13169 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
13170 if (!filter)
13171 return -ENOMEM;
13172
13173 i = 0;
13174 nla_for_each_nested(attr, attr_filter, rem) {
13175 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
13176 filter[i].len = nla_len(attr);
13177 i++;
13178 }
13179 if (tx) {
13180 func->num_tx_filters = n_entries;
13181 func->tx_filters = filter;
13182 } else {
13183 func->num_rx_filters = n_entries;
13184 func->rx_filters = filter;
13185 }
13186
13187 return 0;
13188}
13189
13190static int nl80211_nan_add_func(struct sk_buff *skb,
13191 struct genl_info *info)
13192{
13193 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13194 struct wireless_dev *wdev = info->user_ptr[1];
13195 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
13196 struct cfg80211_nan_func *func;
13197 struct sk_buff *msg = NULL;
13198 void *hdr = NULL;
13199 int err = 0;
13200
13201 if (wdev->iftype != NL80211_IFTYPE_NAN)
13202 return -EOPNOTSUPP;
13203
13204 if (!wdev_running(wdev))
13205 return -ENOTCONN;
13206
13207 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
13208 return -EINVAL;
13209
13210 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
13211 info->attrs[NL80211_ATTR_NAN_FUNC],
13212 nl80211_nan_func_policy,
13213 info->extack);
13214 if (err)
13215 return err;
13216
13217 func = kzalloc(sizeof(*func), GFP_KERNEL);
13218 if (!func)
13219 return -ENOMEM;
13220
13221 func->cookie = cfg80211_assign_cookie(rdev);
13222
13223 if (!tb[NL80211_NAN_FUNC_TYPE]) {
13224 err = -EINVAL;
13225 goto out;
13226 }
13227
13228
13229 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
13230
13231 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
13232 err = -EINVAL;
13233 goto out;
13234 }
13235
13236 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
13237 sizeof(func->service_id));
13238
13239 func->close_range =
13240 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
13241
13242 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
13243 func->serv_spec_info_len =
13244 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
13245 func->serv_spec_info =
13246 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
13247 func->serv_spec_info_len,
13248 GFP_KERNEL);
13249 if (!func->serv_spec_info) {
13250 err = -ENOMEM;
13251 goto out;
13252 }
13253 }
13254
13255 if (tb[NL80211_NAN_FUNC_TTL])
13256 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
13257
13258 switch (func->type) {
13259 case NL80211_NAN_FUNC_PUBLISH:
13260 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
13261 err = -EINVAL;
13262 goto out;
13263 }
13264
13265 func->publish_type =
13266 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
13267 func->publish_bcast =
13268 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
13269
13270 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
13271 func->publish_bcast) {
13272 err = -EINVAL;
13273 goto out;
13274 }
13275 break;
13276 case NL80211_NAN_FUNC_SUBSCRIBE:
13277 func->subscribe_active =
13278 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
13279 break;
13280 case NL80211_NAN_FUNC_FOLLOW_UP:
13281 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
13282 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
13283 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
13284 err = -EINVAL;
13285 goto out;
13286 }
13287
13288 func->followup_id =
13289 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
13290 func->followup_reqid =
13291 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
13292 memcpy(func->followup_dest.addr,
13293 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
13294 sizeof(func->followup_dest.addr));
13295 if (func->ttl) {
13296 err = -EINVAL;
13297 goto out;
13298 }
13299 break;
13300 default:
13301 err = -EINVAL;
13302 goto out;
13303 }
13304
13305 if (tb[NL80211_NAN_FUNC_SRF]) {
13306 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
13307
13308 err = nla_parse_nested_deprecated(srf_tb,
13309 NL80211_NAN_SRF_ATTR_MAX,
13310 tb[NL80211_NAN_FUNC_SRF],
13311 nl80211_nan_srf_policy,
13312 info->extack);
13313 if (err)
13314 goto out;
13315
13316 func->srf_include =
13317 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
13318
13319 if (srf_tb[NL80211_NAN_SRF_BF]) {
13320 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
13321 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
13322 err = -EINVAL;
13323 goto out;
13324 }
13325
13326 func->srf_bf_len =
13327 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
13328 func->srf_bf =
13329 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
13330 func->srf_bf_len, GFP_KERNEL);
13331 if (!func->srf_bf) {
13332 err = -ENOMEM;
13333 goto out;
13334 }
13335
13336 func->srf_bf_idx =
13337 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
13338 } else {
13339 struct nlattr *attr, *mac_attr =
13340 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
13341 int n_entries, rem, i = 0;
13342
13343 if (!mac_attr) {
13344 err = -EINVAL;
13345 goto out;
13346 }
13347
13348 n_entries = validate_acl_mac_addrs(mac_attr);
13349 if (n_entries <= 0) {
13350 err = -EINVAL;
13351 goto out;
13352 }
13353
13354 func->srf_num_macs = n_entries;
13355 func->srf_macs =
13356 kcalloc(n_entries, sizeof(*func->srf_macs),
13357 GFP_KERNEL);
13358 if (!func->srf_macs) {
13359 err = -ENOMEM;
13360 goto out;
13361 }
13362
13363 nla_for_each_nested(attr, mac_attr, rem)
13364 memcpy(func->srf_macs[i++].addr, nla_data(attr),
13365 sizeof(*func->srf_macs));
13366 }
13367 }
13368
13369 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
13370 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
13371 func, true);
13372 if (err)
13373 goto out;
13374 }
13375
13376 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
13377 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
13378 func, false);
13379 if (err)
13380 goto out;
13381 }
13382
13383 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13384 if (!msg) {
13385 err = -ENOMEM;
13386 goto out;
13387 }
13388
13389 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13390 NL80211_CMD_ADD_NAN_FUNCTION);
13391
13392 if (WARN_ON(!hdr)) {
13393 err = -ENOMEM;
13394 goto out;
13395 }
13396
13397 err = rdev_add_nan_func(rdev, wdev, func);
13398out:
13399 if (err < 0) {
13400 cfg80211_free_nan_func(func);
13401 nlmsg_free(msg);
13402 return err;
13403 }
13404
13405
13406 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
13407 NL80211_ATTR_PAD))
13408 goto nla_put_failure;
13409
13410 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
13411 if (!func_attr)
13412 goto nla_put_failure;
13413
13414 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
13415 func->instance_id))
13416 goto nla_put_failure;
13417
13418 nla_nest_end(msg, func_attr);
13419
13420 genlmsg_end(msg, hdr);
13421 return genlmsg_reply(msg, info);
13422
13423nla_put_failure:
13424 nlmsg_free(msg);
13425 return -ENOBUFS;
13426}
13427
13428static int nl80211_nan_del_func(struct sk_buff *skb,
13429 struct genl_info *info)
13430{
13431 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13432 struct wireless_dev *wdev = info->user_ptr[1];
13433 u64 cookie;
13434
13435 if (wdev->iftype != NL80211_IFTYPE_NAN)
13436 return -EOPNOTSUPP;
13437
13438 if (!wdev_running(wdev))
13439 return -ENOTCONN;
13440
13441 if (!info->attrs[NL80211_ATTR_COOKIE])
13442 return -EINVAL;
13443
13444 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
13445
13446 rdev_del_nan_func(rdev, wdev, cookie);
13447
13448 return 0;
13449}
13450
13451static int nl80211_nan_change_config(struct sk_buff *skb,
13452 struct genl_info *info)
13453{
13454 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13455 struct wireless_dev *wdev = info->user_ptr[1];
13456 struct cfg80211_nan_conf conf = {};
13457 u32 changed = 0;
13458
13459 if (wdev->iftype != NL80211_IFTYPE_NAN)
13460 return -EOPNOTSUPP;
13461
13462 if (!wdev_running(wdev))
13463 return -ENOTCONN;
13464
13465 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
13466 conf.master_pref =
13467 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
13468 if (conf.master_pref <= 1 || conf.master_pref == 255)
13469 return -EINVAL;
13470
13471 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
13472 }
13473
13474 if (info->attrs[NL80211_ATTR_BANDS]) {
13475 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
13476
13477 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
13478 return -EOPNOTSUPP;
13479
13480 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
13481 return -EINVAL;
13482
13483 conf.bands = bands;
13484 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
13485 }
13486
13487 if (!changed)
13488 return -EINVAL;
13489
13490 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
13491}
13492
13493void cfg80211_nan_match(struct wireless_dev *wdev,
13494 struct cfg80211_nan_match_params *match, gfp_t gfp)
13495{
13496 struct wiphy *wiphy = wdev->wiphy;
13497 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13498 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
13499 struct sk_buff *msg;
13500 void *hdr;
13501
13502 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
13503 return;
13504
13505 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13506 if (!msg)
13507 return;
13508
13509 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
13510 if (!hdr) {
13511 nlmsg_free(msg);
13512 return;
13513 }
13514
13515 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13516 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13517 wdev->netdev->ifindex)) ||
13518 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13519 NL80211_ATTR_PAD))
13520 goto nla_put_failure;
13521
13522 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
13523 NL80211_ATTR_PAD) ||
13524 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
13525 goto nla_put_failure;
13526
13527 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
13528 if (!match_attr)
13529 goto nla_put_failure;
13530
13531 local_func_attr = nla_nest_start_noflag(msg,
13532 NL80211_NAN_MATCH_FUNC_LOCAL);
13533 if (!local_func_attr)
13534 goto nla_put_failure;
13535
13536 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
13537 goto nla_put_failure;
13538
13539 nla_nest_end(msg, local_func_attr);
13540
13541 peer_func_attr = nla_nest_start_noflag(msg,
13542 NL80211_NAN_MATCH_FUNC_PEER);
13543 if (!peer_func_attr)
13544 goto nla_put_failure;
13545
13546 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
13547 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
13548 goto nla_put_failure;
13549
13550 if (match->info && match->info_len &&
13551 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
13552 match->info))
13553 goto nla_put_failure;
13554
13555 nla_nest_end(msg, peer_func_attr);
13556 nla_nest_end(msg, match_attr);
13557 genlmsg_end(msg, hdr);
13558
13559 if (!wdev->owner_nlportid)
13560 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13561 msg, 0, NL80211_MCGRP_NAN, gfp);
13562 else
13563 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
13564 wdev->owner_nlportid);
13565
13566 return;
13567
13568nla_put_failure:
13569 nlmsg_free(msg);
13570}
13571EXPORT_SYMBOL(cfg80211_nan_match);
13572
13573void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
13574 u8 inst_id,
13575 enum nl80211_nan_func_term_reason reason,
13576 u64 cookie, gfp_t gfp)
13577{
13578 struct wiphy *wiphy = wdev->wiphy;
13579 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13580 struct sk_buff *msg;
13581 struct nlattr *func_attr;
13582 void *hdr;
13583
13584 if (WARN_ON(!inst_id))
13585 return;
13586
13587 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13588 if (!msg)
13589 return;
13590
13591 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
13592 if (!hdr) {
13593 nlmsg_free(msg);
13594 return;
13595 }
13596
13597 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13598 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13599 wdev->netdev->ifindex)) ||
13600 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13601 NL80211_ATTR_PAD))
13602 goto nla_put_failure;
13603
13604 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
13605 NL80211_ATTR_PAD))
13606 goto nla_put_failure;
13607
13608 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
13609 if (!func_attr)
13610 goto nla_put_failure;
13611
13612 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
13613 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
13614 goto nla_put_failure;
13615
13616 nla_nest_end(msg, func_attr);
13617 genlmsg_end(msg, hdr);
13618
13619 if (!wdev->owner_nlportid)
13620 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13621 msg, 0, NL80211_MCGRP_NAN, gfp);
13622 else
13623 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
13624 wdev->owner_nlportid);
13625
13626 return;
13627
13628nla_put_failure:
13629 nlmsg_free(msg);
13630}
13631EXPORT_SYMBOL(cfg80211_nan_func_terminated);
13632
13633static int nl80211_get_protocol_features(struct sk_buff *skb,
13634 struct genl_info *info)
13635{
13636 void *hdr;
13637 struct sk_buff *msg;
13638
13639 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13640 if (!msg)
13641 return -ENOMEM;
13642
13643 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13644 NL80211_CMD_GET_PROTOCOL_FEATURES);
13645 if (!hdr)
13646 goto nla_put_failure;
13647
13648 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
13649 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
13650 goto nla_put_failure;
13651
13652 genlmsg_end(msg, hdr);
13653 return genlmsg_reply(msg, info);
13654
13655 nla_put_failure:
13656 kfree_skb(msg);
13657 return -ENOBUFS;
13658}
13659
13660static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
13661{
13662 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13663 struct cfg80211_update_ft_ies_params ft_params;
13664 struct net_device *dev = info->user_ptr[1];
13665
13666 if (!rdev->ops->update_ft_ies)
13667 return -EOPNOTSUPP;
13668
13669 if (!info->attrs[NL80211_ATTR_MDID] ||
13670 !info->attrs[NL80211_ATTR_IE])
13671 return -EINVAL;
13672
13673 memset(&ft_params, 0, sizeof(ft_params));
13674 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
13675 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13676 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13677
13678 return rdev_update_ft_ies(rdev, dev, &ft_params);
13679}
13680
13681static int nl80211_crit_protocol_start(struct sk_buff *skb,
13682 struct genl_info *info)
13683{
13684 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13685 struct wireless_dev *wdev = info->user_ptr[1];
13686 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
13687 u16 duration;
13688 int ret;
13689
13690 if (!rdev->ops->crit_proto_start)
13691 return -EOPNOTSUPP;
13692
13693 if (WARN_ON(!rdev->ops->crit_proto_stop))
13694 return -EINVAL;
13695
13696 if (rdev->crit_proto_nlportid)
13697 return -EBUSY;
13698
13699
13700 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
13701 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
13702
13703 if (proto >= NUM_NL80211_CRIT_PROTO)
13704 return -EINVAL;
13705
13706
13707 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
13708 return -EINVAL;
13709
13710 duration =
13711 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
13712
13713 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
13714 if (!ret)
13715 rdev->crit_proto_nlportid = info->snd_portid;
13716
13717 return ret;
13718}
13719
13720static int nl80211_crit_protocol_stop(struct sk_buff *skb,
13721 struct genl_info *info)
13722{
13723 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13724 struct wireless_dev *wdev = info->user_ptr[1];
13725
13726 if (!rdev->ops->crit_proto_stop)
13727 return -EOPNOTSUPP;
13728
13729 if (rdev->crit_proto_nlportid) {
13730 rdev->crit_proto_nlportid = 0;
13731 rdev_crit_proto_stop(rdev, wdev);
13732 }
13733 return 0;
13734}
13735
13736static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
13737 struct nlattr *attr,
13738 struct netlink_ext_ack *extack)
13739{
13740 if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
13741 if (attr->nla_type & NLA_F_NESTED) {
13742 NL_SET_ERR_MSG_ATTR(extack, attr,
13743 "unexpected nested data");
13744 return -EINVAL;
13745 }
13746
13747 return 0;
13748 }
13749
13750 if (!(attr->nla_type & NLA_F_NESTED)) {
13751 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
13752 return -EINVAL;
13753 }
13754
13755 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
13756}
13757
13758static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
13759{
13760 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13761 struct wireless_dev *wdev =
13762 __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
13763 info->attrs);
13764 int i, err;
13765 u32 vid, subcmd;
13766
13767 if (!rdev->wiphy.vendor_commands)
13768 return -EOPNOTSUPP;
13769
13770 if (IS_ERR(wdev)) {
13771 err = PTR_ERR(wdev);
13772 if (err != -EINVAL)
13773 return err;
13774 wdev = NULL;
13775 } else if (wdev->wiphy != &rdev->wiphy) {
13776 return -EINVAL;
13777 }
13778
13779 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
13780 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
13781 return -EINVAL;
13782
13783 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
13784 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
13785 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
13786 const struct wiphy_vendor_command *vcmd;
13787 void *data = NULL;
13788 int len = 0;
13789
13790 vcmd = &rdev->wiphy.vendor_commands[i];
13791
13792 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13793 continue;
13794
13795 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13796 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13797 if (!wdev)
13798 return -EINVAL;
13799 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13800 !wdev->netdev)
13801 return -EINVAL;
13802
13803 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13804 if (!wdev_running(wdev))
13805 return -ENETDOWN;
13806 }
13807 } else {
13808 wdev = NULL;
13809 }
13810
13811 if (!vcmd->doit)
13812 return -EOPNOTSUPP;
13813
13814 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
13815 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13816 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13817
13818 err = nl80211_vendor_check_policy(vcmd,
13819 info->attrs[NL80211_ATTR_VENDOR_DATA],
13820 info->extack);
13821 if (err)
13822 return err;
13823 }
13824
13825 rdev->cur_cmd_info = info;
13826 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
13827 rdev->cur_cmd_info = NULL;
13828 return err;
13829 }
13830
13831 return -EOPNOTSUPP;
13832}
13833
13834static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
13835 struct netlink_callback *cb,
13836 struct cfg80211_registered_device **rdev,
13837 struct wireless_dev **wdev)
13838{
13839 struct nlattr **attrbuf;
13840 u32 vid, subcmd;
13841 unsigned int i;
13842 int vcmd_idx = -1;
13843 int err;
13844 void *data = NULL;
13845 unsigned int data_len = 0;
13846
13847 if (cb->args[0]) {
13848
13849 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
13850 struct wireless_dev *tmp;
13851
13852 if (!wiphy)
13853 return -ENODEV;
13854 *rdev = wiphy_to_rdev(wiphy);
13855 *wdev = NULL;
13856
13857 if (cb->args[1]) {
13858 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
13859 if (tmp->identifier == cb->args[1] - 1) {
13860 *wdev = tmp;
13861 break;
13862 }
13863 }
13864 }
13865
13866
13867 return 0;
13868 }
13869
13870 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
13871 if (!attrbuf)
13872 return -ENOMEM;
13873
13874 err = nlmsg_parse_deprecated(cb->nlh,
13875 GENL_HDRLEN + nl80211_fam.hdrsize,
13876 attrbuf, nl80211_fam.maxattr,
13877 nl80211_policy, NULL);
13878 if (err)
13879 goto out;
13880
13881 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
13882 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
13883 err = -EINVAL;
13884 goto out;
13885 }
13886
13887 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf);
13888 if (IS_ERR(*wdev))
13889 *wdev = NULL;
13890
13891 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
13892 if (IS_ERR(*rdev)) {
13893 err = PTR_ERR(*rdev);
13894 goto out;
13895 }
13896
13897 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
13898 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
13899
13900 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
13901 const struct wiphy_vendor_command *vcmd;
13902
13903 vcmd = &(*rdev)->wiphy.vendor_commands[i];
13904
13905 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13906 continue;
13907
13908 if (!vcmd->dumpit) {
13909 err = -EOPNOTSUPP;
13910 goto out;
13911 }
13912
13913 vcmd_idx = i;
13914 break;
13915 }
13916
13917 if (vcmd_idx < 0) {
13918 err = -EOPNOTSUPP;
13919 goto out;
13920 }
13921
13922 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
13923 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13924 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13925
13926 err = nl80211_vendor_check_policy(
13927 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
13928 attrbuf[NL80211_ATTR_VENDOR_DATA],
13929 cb->extack);
13930 if (err)
13931 goto out;
13932 }
13933
13934
13935 cb->args[0] = (*rdev)->wiphy_idx + 1;
13936
13937 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
13938 cb->args[2] = vcmd_idx;
13939 cb->args[3] = (unsigned long)data;
13940 cb->args[4] = data_len;
13941
13942
13943 err = 0;
13944out:
13945 kfree(attrbuf);
13946 return err;
13947}
13948
13949static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
13950 struct netlink_callback *cb)
13951{
13952 struct cfg80211_registered_device *rdev;
13953 struct wireless_dev *wdev;
13954 unsigned int vcmd_idx;
13955 const struct wiphy_vendor_command *vcmd;
13956 void *data;
13957 int data_len;
13958 int err;
13959 struct nlattr *vendor_data;
13960
13961 rtnl_lock();
13962 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
13963 if (err)
13964 goto out;
13965
13966 vcmd_idx = cb->args[2];
13967 data = (void *)cb->args[3];
13968 data_len = cb->args[4];
13969 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
13970
13971 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13972 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13973 if (!wdev) {
13974 err = -EINVAL;
13975 goto out;
13976 }
13977 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13978 !wdev->netdev) {
13979 err = -EINVAL;
13980 goto out;
13981 }
13982
13983 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13984 if (!wdev_running(wdev)) {
13985 err = -ENETDOWN;
13986 goto out;
13987 }
13988 }
13989 }
13990
13991 while (1) {
13992 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13993 cb->nlh->nlmsg_seq, NLM_F_MULTI,
13994 NL80211_CMD_VENDOR);
13995 if (!hdr)
13996 break;
13997
13998 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13999 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
14000 wdev_id(wdev),
14001 NL80211_ATTR_PAD))) {
14002 genlmsg_cancel(skb, hdr);
14003 break;
14004 }
14005
14006 vendor_data = nla_nest_start_noflag(skb,
14007 NL80211_ATTR_VENDOR_DATA);
14008 if (!vendor_data) {
14009 genlmsg_cancel(skb, hdr);
14010 break;
14011 }
14012
14013 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
14014 (unsigned long *)&cb->args[5]);
14015 nla_nest_end(skb, vendor_data);
14016
14017 if (err == -ENOBUFS || err == -ENOENT) {
14018 genlmsg_cancel(skb, hdr);
14019 break;
14020 } else if (err <= 0) {
14021 genlmsg_cancel(skb, hdr);
14022 goto out;
14023 }
14024
14025 genlmsg_end(skb, hdr);
14026 }
14027
14028 err = skb->len;
14029 out:
14030 rtnl_unlock();
14031 return err;
14032}
14033
14034struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
14035 enum nl80211_commands cmd,
14036 enum nl80211_attrs attr,
14037 int approxlen)
14038{
14039 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14040
14041 if (WARN_ON(!rdev->cur_cmd_info))
14042 return NULL;
14043
14044 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
14045 rdev->cur_cmd_info->snd_portid,
14046 rdev->cur_cmd_info->snd_seq,
14047 cmd, attr, NULL, GFP_KERNEL);
14048}
14049EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
14050
14051int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
14052{
14053 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
14054 void *hdr = ((void **)skb->cb)[1];
14055 struct nlattr *data = ((void **)skb->cb)[2];
14056
14057
14058 memset(skb->cb, 0, sizeof(skb->cb));
14059
14060 if (WARN_ON(!rdev->cur_cmd_info)) {
14061 kfree_skb(skb);
14062 return -EINVAL;
14063 }
14064
14065 nla_nest_end(skb, data);
14066 genlmsg_end(skb, hdr);
14067 return genlmsg_reply(skb, rdev->cur_cmd_info);
14068}
14069EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
14070
14071unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
14072{
14073 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14074
14075 if (WARN_ON(!rdev->cur_cmd_info))
14076 return 0;
14077
14078 return rdev->cur_cmd_info->snd_portid;
14079}
14080EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
14081
14082static int nl80211_set_qos_map(struct sk_buff *skb,
14083 struct genl_info *info)
14084{
14085 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14086 struct cfg80211_qos_map *qos_map = NULL;
14087 struct net_device *dev = info->user_ptr[1];
14088 u8 *pos, len, num_des, des_len, des;
14089 int ret;
14090
14091 if (!rdev->ops->set_qos_map)
14092 return -EOPNOTSUPP;
14093
14094 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
14095 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
14096 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
14097
14098 if (len % 2)
14099 return -EINVAL;
14100
14101 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
14102 if (!qos_map)
14103 return -ENOMEM;
14104
14105 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
14106 if (num_des) {
14107 des_len = num_des *
14108 sizeof(struct cfg80211_dscp_exception);
14109 memcpy(qos_map->dscp_exception, pos, des_len);
14110 qos_map->num_des = num_des;
14111 for (des = 0; des < num_des; des++) {
14112 if (qos_map->dscp_exception[des].up > 7) {
14113 kfree(qos_map);
14114 return -EINVAL;
14115 }
14116 }
14117 pos += des_len;
14118 }
14119 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
14120 }
14121
14122 wdev_lock(dev->ieee80211_ptr);
14123 ret = nl80211_key_allowed(dev->ieee80211_ptr);
14124 if (!ret)
14125 ret = rdev_set_qos_map(rdev, dev, qos_map);
14126 wdev_unlock(dev->ieee80211_ptr);
14127
14128 kfree(qos_map);
14129 return ret;
14130}
14131
14132static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
14133{
14134 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14135 struct net_device *dev = info->user_ptr[1];
14136 struct wireless_dev *wdev = dev->ieee80211_ptr;
14137 const u8 *peer;
14138 u8 tsid, up;
14139 u16 admitted_time = 0;
14140 int err;
14141
14142 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
14143 return -EOPNOTSUPP;
14144
14145 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
14146 !info->attrs[NL80211_ATTR_USER_PRIO])
14147 return -EINVAL;
14148
14149 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
14150 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
14151
14152
14153 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
14154
14155
14156
14157
14158 return -EINVAL;
14159 }
14160
14161 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14162
14163 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
14164 admitted_time =
14165 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
14166 if (!admitted_time)
14167 return -EINVAL;
14168 }
14169
14170 wdev_lock(wdev);
14171 switch (wdev->iftype) {
14172 case NL80211_IFTYPE_STATION:
14173 case NL80211_IFTYPE_P2P_CLIENT:
14174 if (wdev->current_bss)
14175 break;
14176 err = -ENOTCONN;
14177 goto out;
14178 default:
14179 err = -EOPNOTSUPP;
14180 goto out;
14181 }
14182
14183 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
14184
14185 out:
14186 wdev_unlock(wdev);
14187 return err;
14188}
14189
14190static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
14191{
14192 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14193 struct net_device *dev = info->user_ptr[1];
14194 struct wireless_dev *wdev = dev->ieee80211_ptr;
14195 const u8 *peer;
14196 u8 tsid;
14197 int err;
14198
14199 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
14200 return -EINVAL;
14201
14202 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
14203 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14204
14205 wdev_lock(wdev);
14206 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
14207 wdev_unlock(wdev);
14208
14209 return err;
14210}
14211
14212static int nl80211_tdls_channel_switch(struct sk_buff *skb,
14213 struct genl_info *info)
14214{
14215 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14216 struct net_device *dev = info->user_ptr[1];
14217 struct wireless_dev *wdev = dev->ieee80211_ptr;
14218 struct cfg80211_chan_def chandef = {};
14219 const u8 *addr;
14220 u8 oper_class;
14221 int err;
14222
14223 if (!rdev->ops->tdls_channel_switch ||
14224 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
14225 return -EOPNOTSUPP;
14226
14227 switch (dev->ieee80211_ptr->iftype) {
14228 case NL80211_IFTYPE_STATION:
14229 case NL80211_IFTYPE_P2P_CLIENT:
14230 break;
14231 default:
14232 return -EOPNOTSUPP;
14233 }
14234
14235 if (!info->attrs[NL80211_ATTR_MAC] ||
14236 !info->attrs[NL80211_ATTR_OPER_CLASS])
14237 return -EINVAL;
14238
14239 err = nl80211_parse_chandef(rdev, info, &chandef);
14240 if (err)
14241 return err;
14242
14243
14244
14245
14246
14247
14248 if (chandef.chan->band == NL80211_BAND_2GHZ &&
14249 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
14250 chandef.width != NL80211_CHAN_WIDTH_20)
14251 return -EINVAL;
14252
14253
14254 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
14255 wdev->iftype))
14256 return -EINVAL;
14257
14258
14259 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
14260 return -EINVAL;
14261
14262 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14263 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
14264
14265 wdev_lock(wdev);
14266 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
14267 wdev_unlock(wdev);
14268
14269 return err;
14270}
14271
14272static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
14273 struct genl_info *info)
14274{
14275 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14276 struct net_device *dev = info->user_ptr[1];
14277 struct wireless_dev *wdev = dev->ieee80211_ptr;
14278 const u8 *addr;
14279
14280 if (!rdev->ops->tdls_channel_switch ||
14281 !rdev->ops->tdls_cancel_channel_switch ||
14282 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
14283 return -EOPNOTSUPP;
14284
14285 switch (dev->ieee80211_ptr->iftype) {
14286 case NL80211_IFTYPE_STATION:
14287 case NL80211_IFTYPE_P2P_CLIENT:
14288 break;
14289 default:
14290 return -EOPNOTSUPP;
14291 }
14292
14293 if (!info->attrs[NL80211_ATTR_MAC])
14294 return -EINVAL;
14295
14296 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14297
14298 wdev_lock(wdev);
14299 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
14300 wdev_unlock(wdev);
14301
14302 return 0;
14303}
14304
14305static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
14306 struct genl_info *info)
14307{
14308 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14309 struct net_device *dev = info->user_ptr[1];
14310 struct wireless_dev *wdev = dev->ieee80211_ptr;
14311 const struct nlattr *nla;
14312 bool enabled;
14313
14314 if (!rdev->ops->set_multicast_to_unicast)
14315 return -EOPNOTSUPP;
14316
14317 if (wdev->iftype != NL80211_IFTYPE_AP &&
14318 wdev->iftype != NL80211_IFTYPE_P2P_GO)
14319 return -EOPNOTSUPP;
14320
14321 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
14322 enabled = nla_get_flag(nla);
14323
14324 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
14325}
14326
14327static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
14328{
14329 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14330 struct net_device *dev = info->user_ptr[1];
14331 struct wireless_dev *wdev = dev->ieee80211_ptr;
14332 struct cfg80211_pmk_conf pmk_conf = {};
14333 int ret;
14334
14335 if (wdev->iftype != NL80211_IFTYPE_STATION &&
14336 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14337 return -EOPNOTSUPP;
14338
14339 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14340 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
14341 return -EOPNOTSUPP;
14342
14343 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
14344 return -EINVAL;
14345
14346 wdev_lock(wdev);
14347 if (!wdev->current_bss) {
14348 ret = -ENOTCONN;
14349 goto out;
14350 }
14351
14352 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
14353 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
14354 ret = -EINVAL;
14355 goto out;
14356 }
14357
14358 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
14359 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
14360 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
14361 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
14362 ret = -EINVAL;
14363 goto out;
14364 }
14365
14366 if (info->attrs[NL80211_ATTR_PMKR0_NAME])
14367 pmk_conf.pmk_r0_name =
14368 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
14369
14370 ret = rdev_set_pmk(rdev, dev, &pmk_conf);
14371out:
14372 wdev_unlock(wdev);
14373 return ret;
14374}
14375
14376static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
14377{
14378 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14379 struct net_device *dev = info->user_ptr[1];
14380 struct wireless_dev *wdev = dev->ieee80211_ptr;
14381 const u8 *aa;
14382 int ret;
14383
14384 if (wdev->iftype != NL80211_IFTYPE_STATION &&
14385 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14386 return -EOPNOTSUPP;
14387
14388 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14389 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
14390 return -EOPNOTSUPP;
14391
14392 if (!info->attrs[NL80211_ATTR_MAC])
14393 return -EINVAL;
14394
14395 wdev_lock(wdev);
14396 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
14397 ret = rdev_del_pmk(rdev, dev, aa);
14398 wdev_unlock(wdev);
14399
14400 return ret;
14401}
14402
14403static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
14404{
14405 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14406 struct net_device *dev = info->user_ptr[1];
14407 struct cfg80211_external_auth_params params;
14408
14409 if (!rdev->ops->external_auth)
14410 return -EOPNOTSUPP;
14411
14412 if (!info->attrs[NL80211_ATTR_SSID] &&
14413 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
14414 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
14415 return -EINVAL;
14416
14417 if (!info->attrs[NL80211_ATTR_BSSID])
14418 return -EINVAL;
14419
14420 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
14421 return -EINVAL;
14422
14423 memset(¶ms, 0, sizeof(params));
14424
14425 if (info->attrs[NL80211_ATTR_SSID]) {
14426 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
14427 if (params.ssid.ssid_len == 0)
14428 return -EINVAL;
14429 memcpy(params.ssid.ssid,
14430 nla_data(info->attrs[NL80211_ATTR_SSID]),
14431 params.ssid.ssid_len);
14432 }
14433
14434 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
14435 ETH_ALEN);
14436
14437 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
14438
14439 if (info->attrs[NL80211_ATTR_PMKID])
14440 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
14441
14442 return rdev_external_auth(rdev, dev, ¶ms);
14443}
14444
14445static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
14446{
14447 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
14448 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14449 struct net_device *dev = info->user_ptr[1];
14450 struct wireless_dev *wdev = dev->ieee80211_ptr;
14451 const u8 *buf;
14452 size_t len;
14453 u8 *dest;
14454 u16 proto;
14455 bool noencrypt;
14456 u64 cookie = 0;
14457 int err;
14458
14459 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14460 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
14461 return -EOPNOTSUPP;
14462
14463 if (!rdev->ops->tx_control_port)
14464 return -EOPNOTSUPP;
14465
14466 if (!info->attrs[NL80211_ATTR_FRAME] ||
14467 !info->attrs[NL80211_ATTR_MAC] ||
14468 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
14469 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
14470 return -EINVAL;
14471 }
14472
14473 wdev_lock(wdev);
14474
14475 switch (wdev->iftype) {
14476 case NL80211_IFTYPE_AP:
14477 case NL80211_IFTYPE_P2P_GO:
14478 case NL80211_IFTYPE_MESH_POINT:
14479 break;
14480 case NL80211_IFTYPE_ADHOC:
14481 case NL80211_IFTYPE_STATION:
14482 case NL80211_IFTYPE_P2P_CLIENT:
14483 if (wdev->current_bss)
14484 break;
14485 err = -ENOTCONN;
14486 goto out;
14487 default:
14488 err = -EOPNOTSUPP;
14489 goto out;
14490 }
14491
14492 wdev_unlock(wdev);
14493
14494 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14495 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14496 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
14497 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
14498 noencrypt =
14499 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
14500
14501 err = rdev_tx_control_port(rdev, dev, buf, len,
14502 dest, cpu_to_be16(proto), noencrypt,
14503 dont_wait_for_ack ? NULL : &cookie);
14504 if (!err && !dont_wait_for_ack)
14505 nl_set_extack_cookie_u64(info->extack, cookie);
14506 return err;
14507 out:
14508 wdev_unlock(wdev);
14509 return err;
14510}
14511
14512static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
14513 struct genl_info *info)
14514{
14515 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14516 struct net_device *dev = info->user_ptr[1];
14517 struct wireless_dev *wdev = dev->ieee80211_ptr;
14518 struct cfg80211_ftm_responder_stats ftm_stats = {};
14519 struct sk_buff *msg;
14520 void *hdr;
14521 struct nlattr *ftm_stats_attr;
14522 int err;
14523
14524 if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
14525 return -EOPNOTSUPP;
14526
14527 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
14528 if (err)
14529 return err;
14530
14531 if (!ftm_stats.filled)
14532 return -ENODATA;
14533
14534 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14535 if (!msg)
14536 return -ENOMEM;
14537
14538 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14539 NL80211_CMD_GET_FTM_RESPONDER_STATS);
14540 if (!hdr)
14541 goto nla_put_failure;
14542
14543 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
14544 goto nla_put_failure;
14545
14546 ftm_stats_attr = nla_nest_start_noflag(msg,
14547 NL80211_ATTR_FTM_RESPONDER_STATS);
14548 if (!ftm_stats_attr)
14549 goto nla_put_failure;
14550
14551#define SET_FTM(field, name, type) \
14552 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
14553 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
14554 ftm_stats.field)) \
14555 goto nla_put_failure; } while (0)
14556#define SET_FTM_U64(field, name) \
14557 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
14558 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
14559 ftm_stats.field, NL80211_FTM_STATS_PAD)) \
14560 goto nla_put_failure; } while (0)
14561
14562 SET_FTM(success_num, SUCCESS_NUM, u32);
14563 SET_FTM(partial_num, PARTIAL_NUM, u32);
14564 SET_FTM(failed_num, FAILED_NUM, u32);
14565 SET_FTM(asap_num, ASAP_NUM, u32);
14566 SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
14567 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
14568 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
14569 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
14570 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
14571#undef SET_FTM
14572
14573 nla_nest_end(msg, ftm_stats_attr);
14574
14575 genlmsg_end(msg, hdr);
14576 return genlmsg_reply(msg, info);
14577
14578nla_put_failure:
14579 nlmsg_free(msg);
14580 return -ENOBUFS;
14581}
14582
14583static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
14584{
14585 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14586 struct cfg80211_update_owe_info owe_info;
14587 struct net_device *dev = info->user_ptr[1];
14588
14589 if (!rdev->ops->update_owe_info)
14590 return -EOPNOTSUPP;
14591
14592 if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
14593 !info->attrs[NL80211_ATTR_MAC])
14594 return -EINVAL;
14595
14596 memset(&owe_info, 0, sizeof(owe_info));
14597 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
14598 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
14599
14600 if (info->attrs[NL80211_ATTR_IE]) {
14601 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
14602 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
14603 }
14604
14605 return rdev_update_owe_info(rdev, dev, &owe_info);
14606}
14607
14608static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
14609{
14610 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14611 struct net_device *dev = info->user_ptr[1];
14612 struct wireless_dev *wdev = dev->ieee80211_ptr;
14613 struct station_info sinfo = {};
14614 const u8 *buf;
14615 size_t len;
14616 u8 *dest;
14617 int err;
14618
14619 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
14620 return -EOPNOTSUPP;
14621
14622 if (!info->attrs[NL80211_ATTR_MAC] ||
14623 !info->attrs[NL80211_ATTR_FRAME]) {
14624 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
14625 return -EINVAL;
14626 }
14627
14628 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
14629 return -EOPNOTSUPP;
14630
14631 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
14632 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14633 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14634
14635 if (len < sizeof(struct ethhdr))
14636 return -EINVAL;
14637
14638 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
14639 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
14640 return -EINVAL;
14641
14642 err = rdev_get_station(rdev, dev, dest, &sinfo);
14643 if (err)
14644 return err;
14645
14646 cfg80211_sinfo_release_content(&sinfo);
14647
14648 return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
14649}
14650
14651static int parse_tid_conf(struct cfg80211_registered_device *rdev,
14652 struct nlattr *attrs[], struct net_device *dev,
14653 struct cfg80211_tid_cfg *tid_conf,
14654 struct genl_info *info, const u8 *peer)
14655{
14656 struct netlink_ext_ack *extack = info->extack;
14657 u64 mask;
14658 int err;
14659
14660 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
14661 return -EINVAL;
14662
14663 tid_conf->config_override =
14664 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
14665 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
14666
14667 if (tid_conf->config_override) {
14668 if (rdev->ops->reset_tid_config) {
14669 err = rdev_reset_tid_config(rdev, dev, peer,
14670 tid_conf->tids);
14671 if (err)
14672 return err;
14673 } else {
14674 return -EINVAL;
14675 }
14676 }
14677
14678 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
14679 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
14680 tid_conf->noack =
14681 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
14682 }
14683
14684 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
14685 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
14686 tid_conf->retry_short =
14687 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
14688
14689 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
14690 return -EINVAL;
14691 }
14692
14693 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
14694 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
14695 tid_conf->retry_long =
14696 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
14697
14698 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
14699 return -EINVAL;
14700 }
14701
14702 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
14703 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
14704 tid_conf->ampdu =
14705 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
14706 }
14707
14708 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
14709 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
14710 tid_conf->rtscts =
14711 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
14712 }
14713
14714 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
14715 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
14716 tid_conf->amsdu =
14717 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
14718 }
14719
14720 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
14721 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
14722
14723 tid_conf->txrate_type = nla_get_u8(attrs[idx]);
14724
14725 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
14726 attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
14727 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
14728 &tid_conf->txrate_mask, dev,
14729 true);
14730 if (err)
14731 return err;
14732
14733 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
14734 }
14735 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
14736 }
14737
14738 if (peer)
14739 mask = rdev->wiphy.tid_config_support.peer;
14740 else
14741 mask = rdev->wiphy.tid_config_support.vif;
14742
14743 if (tid_conf->mask & ~mask) {
14744 NL_SET_ERR_MSG(extack, "unsupported TID configuration");
14745 return -ENOTSUPP;
14746 }
14747
14748 return 0;
14749}
14750
14751static int nl80211_set_tid_config(struct sk_buff *skb,
14752 struct genl_info *info)
14753{
14754 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14755 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
14756 struct net_device *dev = info->user_ptr[1];
14757 struct cfg80211_tid_config *tid_config;
14758 struct nlattr *tid;
14759 int conf_idx = 0, rem_conf;
14760 int ret = -EINVAL;
14761 u32 num_conf = 0;
14762
14763 if (!info->attrs[NL80211_ATTR_TID_CONFIG])
14764 return -EINVAL;
14765
14766 if (!rdev->ops->set_tid_config)
14767 return -EOPNOTSUPP;
14768
14769 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14770 rem_conf)
14771 num_conf++;
14772
14773 tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
14774 GFP_KERNEL);
14775 if (!tid_config)
14776 return -ENOMEM;
14777
14778 tid_config->n_tid_conf = num_conf;
14779
14780 if (info->attrs[NL80211_ATTR_MAC])
14781 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14782
14783 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14784 rem_conf) {
14785 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
14786 tid, NULL, NULL);
14787
14788 if (ret)
14789 goto bad_tid_conf;
14790
14791 ret = parse_tid_conf(rdev, attrs, dev,
14792 &tid_config->tid_conf[conf_idx],
14793 info, tid_config->peer);
14794 if (ret)
14795 goto bad_tid_conf;
14796
14797 conf_idx++;
14798 }
14799
14800 ret = rdev_set_tid_config(rdev, dev, tid_config);
14801
14802bad_tid_conf:
14803 kfree(tid_config);
14804 return ret;
14805}
14806
14807static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info)
14808{
14809 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14810 struct cfg80211_color_change_settings params = {};
14811 struct net_device *dev = info->user_ptr[1];
14812 struct wireless_dev *wdev = dev->ieee80211_ptr;
14813 struct nlattr **tb;
14814 u16 offset;
14815 int err;
14816
14817 if (!rdev->ops->color_change)
14818 return -EOPNOTSUPP;
14819
14820 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14821 NL80211_EXT_FEATURE_BSS_COLOR))
14822 return -EOPNOTSUPP;
14823
14824 if (wdev->iftype != NL80211_IFTYPE_AP)
14825 return -EOPNOTSUPP;
14826
14827 if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] ||
14828 !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] ||
14829 !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS])
14830 return -EINVAL;
14831
14832 params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]);
14833 params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]);
14834
14835 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_next);
14836 if (err)
14837 return err;
14838
14839 tb = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*tb), GFP_KERNEL);
14840 if (!tb)
14841 return -ENOMEM;
14842
14843 err = nla_parse_nested(tb, NL80211_ATTR_MAX,
14844 info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS],
14845 nl80211_policy, info->extack);
14846 if (err)
14847 goto out;
14848
14849 err = nl80211_parse_beacon(rdev, tb, ¶ms.beacon_color_change);
14850 if (err)
14851 goto out;
14852
14853 if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
14854 err = -EINVAL;
14855 goto out;
14856 }
14857
14858 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) {
14859 err = -EINVAL;
14860 goto out;
14861 }
14862
14863 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
14864 if (offset >= params.beacon_color_change.tail_len) {
14865 err = -EINVAL;
14866 goto out;
14867 }
14868
14869 if (params.beacon_color_change.tail[offset] != params.count) {
14870 err = -EINVAL;
14871 goto out;
14872 }
14873
14874 params.counter_offset_beacon = offset;
14875
14876 if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
14877 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) !=
14878 sizeof(u16)) {
14879 err = -EINVAL;
14880 goto out;
14881 }
14882
14883 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
14884 if (offset >= params.beacon_color_change.probe_resp_len) {
14885 err = -EINVAL;
14886 goto out;
14887 }
14888
14889 if (params.beacon_color_change.probe_resp[offset] !=
14890 params.count) {
14891 err = -EINVAL;
14892 goto out;
14893 }
14894
14895 params.counter_offset_presp = offset;
14896 }
14897
14898 wdev_lock(wdev);
14899 err = rdev_color_change(rdev, dev, ¶ms);
14900 wdev_unlock(wdev);
14901
14902out:
14903 kfree(tb);
14904 return err;
14905}
14906
14907#define NL80211_FLAG_NEED_WIPHY 0x01
14908#define NL80211_FLAG_NEED_NETDEV 0x02
14909#define NL80211_FLAG_NEED_RTNL 0x04
14910#define NL80211_FLAG_CHECK_NETDEV_UP 0x08
14911#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
14912 NL80211_FLAG_CHECK_NETDEV_UP)
14913#define NL80211_FLAG_NEED_WDEV 0x10
14914
14915#define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
14916 NL80211_FLAG_CHECK_NETDEV_UP)
14917#define NL80211_FLAG_CLEAR_SKB 0x20
14918#define NL80211_FLAG_NO_WIPHY_MTX 0x40
14919
14920static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
14921 struct genl_info *info)
14922{
14923 struct cfg80211_registered_device *rdev = NULL;
14924 struct wireless_dev *wdev;
14925 struct net_device *dev;
14926
14927 rtnl_lock();
14928 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
14929 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
14930 if (IS_ERR(rdev)) {
14931 rtnl_unlock();
14932 return PTR_ERR(rdev);
14933 }
14934 info->user_ptr[0] = rdev;
14935 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
14936 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14937 wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info),
14938 info->attrs);
14939 if (IS_ERR(wdev)) {
14940 rtnl_unlock();
14941 return PTR_ERR(wdev);
14942 }
14943
14944 dev = wdev->netdev;
14945 rdev = wiphy_to_rdev(wdev->wiphy);
14946
14947 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
14948 if (!dev) {
14949 rtnl_unlock();
14950 return -EINVAL;
14951 }
14952
14953 info->user_ptr[1] = dev;
14954 } else {
14955 info->user_ptr[1] = wdev;
14956 }
14957
14958 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
14959 !wdev_running(wdev)) {
14960 rtnl_unlock();
14961 return -ENETDOWN;
14962 }
14963
14964 dev_hold(dev);
14965 info->user_ptr[0] = rdev;
14966 }
14967
14968 if (rdev && !(ops->internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
14969 wiphy_lock(&rdev->wiphy);
14970
14971 __release(&rdev->wiphy.mtx);
14972 }
14973 if (!(ops->internal_flags & NL80211_FLAG_NEED_RTNL))
14974 rtnl_unlock();
14975
14976 return 0;
14977}
14978
14979static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
14980 struct genl_info *info)
14981{
14982 if (info->user_ptr[1]) {
14983 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14984 struct wireless_dev *wdev = info->user_ptr[1];
14985
14986 dev_put(wdev->netdev);
14987 } else {
14988 dev_put(info->user_ptr[1]);
14989 }
14990 }
14991
14992 if (info->user_ptr[0] &&
14993 !(ops->internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
14994 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14995
14996
14997 __acquire(&rdev->wiphy.mtx);
14998 wiphy_unlock(&rdev->wiphy);
14999 }
15000
15001 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
15002 rtnl_unlock();
15003
15004
15005
15006
15007
15008
15009 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
15010 struct nlmsghdr *nlh = nlmsg_hdr(skb);
15011
15012 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
15013 }
15014}
15015
15016static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
15017 struct cfg80211_sar_specs *sar_specs,
15018 struct nlattr *spec[], int index)
15019{
15020 u32 range_index, i;
15021
15022 if (!sar_specs || !spec)
15023 return -EINVAL;
15024
15025 if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
15026 !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
15027 return -EINVAL;
15028
15029 range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
15030
15031
15032 if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
15033 return -EINVAL;
15034
15035
15036 for (i = 0; i < index; i++) {
15037 if (sar_specs->sub_specs[i].freq_range_index == range_index)
15038 return -EINVAL;
15039 }
15040
15041 sar_specs->sub_specs[index].power =
15042 nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
15043
15044 sar_specs->sub_specs[index].freq_range_index = range_index;
15045
15046 return 0;
15047}
15048
15049static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
15050{
15051 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15052 struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
15053 struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
15054 struct cfg80211_sar_specs *sar_spec;
15055 enum nl80211_sar_type type;
15056 struct nlattr *spec_list;
15057 u32 specs;
15058 int rem, err;
15059
15060 if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
15061 return -EOPNOTSUPP;
15062
15063 if (!info->attrs[NL80211_ATTR_SAR_SPEC])
15064 return -EINVAL;
15065
15066 nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
15067 info->attrs[NL80211_ATTR_SAR_SPEC],
15068 NULL, NULL);
15069
15070 if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
15071 return -EINVAL;
15072
15073 type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
15074 if (type != rdev->wiphy.sar_capa->type)
15075 return -EINVAL;
15076
15077 specs = 0;
15078 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
15079 specs++;
15080
15081 if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
15082 return -EINVAL;
15083
15084 sar_spec = kzalloc(sizeof(*sar_spec) +
15085 specs * sizeof(struct cfg80211_sar_sub_specs),
15086 GFP_KERNEL);
15087 if (!sar_spec)
15088 return -ENOMEM;
15089
15090 sar_spec->type = type;
15091 specs = 0;
15092 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
15093 nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
15094 spec_list, NULL, NULL);
15095
15096 switch (type) {
15097 case NL80211_SAR_TYPE_POWER:
15098 if (nl80211_set_sar_sub_specs(rdev, sar_spec,
15099 spec, specs)) {
15100 err = -EINVAL;
15101 goto error;
15102 }
15103 break;
15104 default:
15105 err = -EINVAL;
15106 goto error;
15107 }
15108 specs++;
15109 }
15110
15111 sar_spec->num_sub_specs = specs;
15112
15113 rdev->cur_cmd_info = info;
15114 err = rdev_set_sar_specs(rdev, sar_spec);
15115 rdev->cur_cmd_info = NULL;
15116error:
15117 kfree(sar_spec);
15118 return err;
15119}
15120
15121static const struct genl_ops nl80211_ops[] = {
15122 {
15123 .cmd = NL80211_CMD_GET_WIPHY,
15124 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15125 .doit = nl80211_get_wiphy,
15126 .dumpit = nl80211_dump_wiphy,
15127 .done = nl80211_dump_wiphy_done,
15128
15129 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15130 },
15131};
15132
15133static const struct genl_small_ops nl80211_small_ops[] = {
15134 {
15135 .cmd = NL80211_CMD_SET_WIPHY,
15136 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15137 .doit = nl80211_set_wiphy,
15138 .flags = GENL_UNS_ADMIN_PERM,
15139 },
15140 {
15141 .cmd = NL80211_CMD_GET_INTERFACE,
15142 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15143 .doit = nl80211_get_interface,
15144 .dumpit = nl80211_dump_interface,
15145
15146 .internal_flags = NL80211_FLAG_NEED_WDEV,
15147 },
15148 {
15149 .cmd = NL80211_CMD_SET_INTERFACE,
15150 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15151 .doit = nl80211_set_interface,
15152 .flags = GENL_UNS_ADMIN_PERM,
15153 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15154 NL80211_FLAG_NEED_RTNL,
15155 },
15156 {
15157 .cmd = NL80211_CMD_NEW_INTERFACE,
15158 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15159 .doit = nl80211_new_interface,
15160 .flags = GENL_UNS_ADMIN_PERM,
15161 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15162 NL80211_FLAG_NEED_RTNL |
15163
15164 NL80211_FLAG_NO_WIPHY_MTX,
15165 },
15166 {
15167 .cmd = NL80211_CMD_DEL_INTERFACE,
15168 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15169 .doit = nl80211_del_interface,
15170 .flags = GENL_UNS_ADMIN_PERM,
15171 .internal_flags = NL80211_FLAG_NEED_WDEV |
15172 NL80211_FLAG_NEED_RTNL,
15173 },
15174 {
15175 .cmd = NL80211_CMD_GET_KEY,
15176 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15177 .doit = nl80211_get_key,
15178 .flags = GENL_UNS_ADMIN_PERM,
15179 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15180 },
15181 {
15182 .cmd = NL80211_CMD_SET_KEY,
15183 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15184 .doit = nl80211_set_key,
15185 .flags = GENL_UNS_ADMIN_PERM,
15186 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15187 NL80211_FLAG_CLEAR_SKB,
15188 },
15189 {
15190 .cmd = NL80211_CMD_NEW_KEY,
15191 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15192 .doit = nl80211_new_key,
15193 .flags = GENL_UNS_ADMIN_PERM,
15194 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15195 NL80211_FLAG_CLEAR_SKB,
15196 },
15197 {
15198 .cmd = NL80211_CMD_DEL_KEY,
15199 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15200 .doit = nl80211_del_key,
15201 .flags = GENL_UNS_ADMIN_PERM,
15202 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15203 },
15204 {
15205 .cmd = NL80211_CMD_SET_BEACON,
15206 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15207 .flags = GENL_UNS_ADMIN_PERM,
15208 .doit = nl80211_set_beacon,
15209 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15210 },
15211 {
15212 .cmd = NL80211_CMD_START_AP,
15213 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15214 .flags = GENL_UNS_ADMIN_PERM,
15215 .doit = nl80211_start_ap,
15216 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15217 },
15218 {
15219 .cmd = NL80211_CMD_STOP_AP,
15220 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15221 .flags = GENL_UNS_ADMIN_PERM,
15222 .doit = nl80211_stop_ap,
15223 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15224 },
15225 {
15226 .cmd = NL80211_CMD_GET_STATION,
15227 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15228 .doit = nl80211_get_station,
15229 .dumpit = nl80211_dump_station,
15230 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15231 },
15232 {
15233 .cmd = NL80211_CMD_SET_STATION,
15234 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15235 .doit = nl80211_set_station,
15236 .flags = GENL_UNS_ADMIN_PERM,
15237 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15238 },
15239 {
15240 .cmd = NL80211_CMD_NEW_STATION,
15241 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15242 .doit = nl80211_new_station,
15243 .flags = GENL_UNS_ADMIN_PERM,
15244 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15245 },
15246 {
15247 .cmd = NL80211_CMD_DEL_STATION,
15248 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15249 .doit = nl80211_del_station,
15250 .flags = GENL_UNS_ADMIN_PERM,
15251 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15252 },
15253 {
15254 .cmd = NL80211_CMD_GET_MPATH,
15255 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15256 .doit = nl80211_get_mpath,
15257 .dumpit = nl80211_dump_mpath,
15258 .flags = GENL_UNS_ADMIN_PERM,
15259 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15260 },
15261 {
15262 .cmd = NL80211_CMD_GET_MPP,
15263 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15264 .doit = nl80211_get_mpp,
15265 .dumpit = nl80211_dump_mpp,
15266 .flags = GENL_UNS_ADMIN_PERM,
15267 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15268 },
15269 {
15270 .cmd = NL80211_CMD_SET_MPATH,
15271 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15272 .doit = nl80211_set_mpath,
15273 .flags = GENL_UNS_ADMIN_PERM,
15274 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15275 },
15276 {
15277 .cmd = NL80211_CMD_NEW_MPATH,
15278 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15279 .doit = nl80211_new_mpath,
15280 .flags = GENL_UNS_ADMIN_PERM,
15281 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15282 },
15283 {
15284 .cmd = NL80211_CMD_DEL_MPATH,
15285 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15286 .doit = nl80211_del_mpath,
15287 .flags = GENL_UNS_ADMIN_PERM,
15288 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15289 },
15290 {
15291 .cmd = NL80211_CMD_SET_BSS,
15292 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15293 .doit = nl80211_set_bss,
15294 .flags = GENL_UNS_ADMIN_PERM,
15295 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15296 },
15297 {
15298 .cmd = NL80211_CMD_GET_REG,
15299 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15300 .doit = nl80211_get_reg_do,
15301 .dumpit = nl80211_get_reg_dump,
15302 .internal_flags = 0,
15303
15304 },
15305#ifdef CONFIG_CFG80211_CRDA_SUPPORT
15306 {
15307 .cmd = NL80211_CMD_SET_REG,
15308 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15309 .doit = nl80211_set_reg,
15310 .flags = GENL_ADMIN_PERM,
15311 .internal_flags = 0,
15312 },
15313#endif
15314 {
15315 .cmd = NL80211_CMD_REQ_SET_REG,
15316 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15317 .doit = nl80211_req_set_reg,
15318 .flags = GENL_ADMIN_PERM,
15319 },
15320 {
15321 .cmd = NL80211_CMD_RELOAD_REGDB,
15322 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15323 .doit = nl80211_reload_regdb,
15324 .flags = GENL_ADMIN_PERM,
15325 },
15326 {
15327 .cmd = NL80211_CMD_GET_MESH_CONFIG,
15328 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15329 .doit = nl80211_get_mesh_config,
15330
15331 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15332 },
15333 {
15334 .cmd = NL80211_CMD_SET_MESH_CONFIG,
15335 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15336 .doit = nl80211_update_mesh_config,
15337 .flags = GENL_UNS_ADMIN_PERM,
15338 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15339 },
15340 {
15341 .cmd = NL80211_CMD_TRIGGER_SCAN,
15342 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15343 .doit = nl80211_trigger_scan,
15344 .flags = GENL_UNS_ADMIN_PERM,
15345 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15346 },
15347 {
15348 .cmd = NL80211_CMD_ABORT_SCAN,
15349 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15350 .doit = nl80211_abort_scan,
15351 .flags = GENL_UNS_ADMIN_PERM,
15352 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15353 },
15354 {
15355 .cmd = NL80211_CMD_GET_SCAN,
15356 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15357 .dumpit = nl80211_dump_scan,
15358 },
15359 {
15360 .cmd = NL80211_CMD_START_SCHED_SCAN,
15361 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15362 .doit = nl80211_start_sched_scan,
15363 .flags = GENL_UNS_ADMIN_PERM,
15364 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15365 },
15366 {
15367 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
15368 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15369 .doit = nl80211_stop_sched_scan,
15370 .flags = GENL_UNS_ADMIN_PERM,
15371 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15372 },
15373 {
15374 .cmd = NL80211_CMD_AUTHENTICATE,
15375 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15376 .doit = nl80211_authenticate,
15377 .flags = GENL_UNS_ADMIN_PERM,
15378 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15379 0 |
15380 NL80211_FLAG_CLEAR_SKB,
15381 },
15382 {
15383 .cmd = NL80211_CMD_ASSOCIATE,
15384 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15385 .doit = nl80211_associate,
15386 .flags = GENL_UNS_ADMIN_PERM,
15387 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15388 0 |
15389 NL80211_FLAG_CLEAR_SKB,
15390 },
15391 {
15392 .cmd = NL80211_CMD_DEAUTHENTICATE,
15393 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15394 .doit = nl80211_deauthenticate,
15395 .flags = GENL_UNS_ADMIN_PERM,
15396 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15397 },
15398 {
15399 .cmd = NL80211_CMD_DISASSOCIATE,
15400 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15401 .doit = nl80211_disassociate,
15402 .flags = GENL_UNS_ADMIN_PERM,
15403 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15404 },
15405 {
15406 .cmd = NL80211_CMD_JOIN_IBSS,
15407 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15408 .doit = nl80211_join_ibss,
15409 .flags = GENL_UNS_ADMIN_PERM,
15410 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15411 },
15412 {
15413 .cmd = NL80211_CMD_LEAVE_IBSS,
15414 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15415 .doit = nl80211_leave_ibss,
15416 .flags = GENL_UNS_ADMIN_PERM,
15417 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15418 },
15419#ifdef CONFIG_NL80211_TESTMODE
15420 {
15421 .cmd = NL80211_CMD_TESTMODE,
15422 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15423 .doit = nl80211_testmode_do,
15424 .dumpit = nl80211_testmode_dump,
15425 .flags = GENL_UNS_ADMIN_PERM,
15426 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15427 },
15428#endif
15429 {
15430 .cmd = NL80211_CMD_CONNECT,
15431 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15432 .doit = nl80211_connect,
15433 .flags = GENL_UNS_ADMIN_PERM,
15434 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15435 0 |
15436 NL80211_FLAG_CLEAR_SKB,
15437 },
15438 {
15439 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
15440 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15441 .doit = nl80211_update_connect_params,
15442 .flags = GENL_ADMIN_PERM,
15443 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15444 0 |
15445 NL80211_FLAG_CLEAR_SKB,
15446 },
15447 {
15448 .cmd = NL80211_CMD_DISCONNECT,
15449 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15450 .doit = nl80211_disconnect,
15451 .flags = GENL_UNS_ADMIN_PERM,
15452 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15453 },
15454 {
15455 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
15456 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15457 .doit = nl80211_wiphy_netns,
15458 .flags = GENL_UNS_ADMIN_PERM,
15459 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15460 NL80211_FLAG_NEED_RTNL |
15461 NL80211_FLAG_NO_WIPHY_MTX,
15462 },
15463 {
15464 .cmd = NL80211_CMD_GET_SURVEY,
15465 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15466 .dumpit = nl80211_dump_survey,
15467 },
15468 {
15469 .cmd = NL80211_CMD_SET_PMKSA,
15470 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15471 .doit = nl80211_setdel_pmksa,
15472 .flags = GENL_UNS_ADMIN_PERM,
15473 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15474 0 |
15475 NL80211_FLAG_CLEAR_SKB,
15476 },
15477 {
15478 .cmd = NL80211_CMD_DEL_PMKSA,
15479 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15480 .doit = nl80211_setdel_pmksa,
15481 .flags = GENL_UNS_ADMIN_PERM,
15482 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15483 },
15484 {
15485 .cmd = NL80211_CMD_FLUSH_PMKSA,
15486 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15487 .doit = nl80211_flush_pmksa,
15488 .flags = GENL_UNS_ADMIN_PERM,
15489 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15490 },
15491 {
15492 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
15493 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15494 .doit = nl80211_remain_on_channel,
15495 .flags = GENL_UNS_ADMIN_PERM,
15496 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15497 },
15498 {
15499 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15500 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15501 .doit = nl80211_cancel_remain_on_channel,
15502 .flags = GENL_UNS_ADMIN_PERM,
15503 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15504 },
15505 {
15506 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
15507 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15508 .doit = nl80211_set_tx_bitrate_mask,
15509 .flags = GENL_UNS_ADMIN_PERM,
15510 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15511 },
15512 {
15513 .cmd = NL80211_CMD_REGISTER_FRAME,
15514 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15515 .doit = nl80211_register_mgmt,
15516 .flags = GENL_UNS_ADMIN_PERM,
15517 .internal_flags = NL80211_FLAG_NEED_WDEV,
15518 },
15519 {
15520 .cmd = NL80211_CMD_FRAME,
15521 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15522 .doit = nl80211_tx_mgmt,
15523 .flags = GENL_UNS_ADMIN_PERM,
15524 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15525 },
15526 {
15527 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
15528 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15529 .doit = nl80211_tx_mgmt_cancel_wait,
15530 .flags = GENL_UNS_ADMIN_PERM,
15531 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15532 },
15533 {
15534 .cmd = NL80211_CMD_SET_POWER_SAVE,
15535 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15536 .doit = nl80211_set_power_save,
15537 .flags = GENL_UNS_ADMIN_PERM,
15538 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15539 },
15540 {
15541 .cmd = NL80211_CMD_GET_POWER_SAVE,
15542 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15543 .doit = nl80211_get_power_save,
15544
15545 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15546 },
15547 {
15548 .cmd = NL80211_CMD_SET_CQM,
15549 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15550 .doit = nl80211_set_cqm,
15551 .flags = GENL_UNS_ADMIN_PERM,
15552 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15553 },
15554 {
15555 .cmd = NL80211_CMD_SET_CHANNEL,
15556 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15557 .doit = nl80211_set_channel,
15558 .flags = GENL_UNS_ADMIN_PERM,
15559 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15560 },
15561 {
15562 .cmd = NL80211_CMD_JOIN_MESH,
15563 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15564 .doit = nl80211_join_mesh,
15565 .flags = GENL_UNS_ADMIN_PERM,
15566 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15567 },
15568 {
15569 .cmd = NL80211_CMD_LEAVE_MESH,
15570 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15571 .doit = nl80211_leave_mesh,
15572 .flags = GENL_UNS_ADMIN_PERM,
15573 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15574 },
15575 {
15576 .cmd = NL80211_CMD_JOIN_OCB,
15577 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15578 .doit = nl80211_join_ocb,
15579 .flags = GENL_UNS_ADMIN_PERM,
15580 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15581 },
15582 {
15583 .cmd = NL80211_CMD_LEAVE_OCB,
15584 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15585 .doit = nl80211_leave_ocb,
15586 .flags = GENL_UNS_ADMIN_PERM,
15587 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15588 },
15589#ifdef CONFIG_PM
15590 {
15591 .cmd = NL80211_CMD_GET_WOWLAN,
15592 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15593 .doit = nl80211_get_wowlan,
15594
15595 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15596 },
15597 {
15598 .cmd = NL80211_CMD_SET_WOWLAN,
15599 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15600 .doit = nl80211_set_wowlan,
15601 .flags = GENL_UNS_ADMIN_PERM,
15602 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15603 },
15604#endif
15605 {
15606 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
15607 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15608 .doit = nl80211_set_rekey_data,
15609 .flags = GENL_UNS_ADMIN_PERM,
15610 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15611 0 |
15612 NL80211_FLAG_CLEAR_SKB,
15613 },
15614 {
15615 .cmd = NL80211_CMD_TDLS_MGMT,
15616 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15617 .doit = nl80211_tdls_mgmt,
15618 .flags = GENL_UNS_ADMIN_PERM,
15619 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15620 },
15621 {
15622 .cmd = NL80211_CMD_TDLS_OPER,
15623 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15624 .doit = nl80211_tdls_oper,
15625 .flags = GENL_UNS_ADMIN_PERM,
15626 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15627 },
15628 {
15629 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
15630 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15631 .doit = nl80211_register_unexpected_frame,
15632 .flags = GENL_UNS_ADMIN_PERM,
15633 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15634 },
15635 {
15636 .cmd = NL80211_CMD_PROBE_CLIENT,
15637 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15638 .doit = nl80211_probe_client,
15639 .flags = GENL_UNS_ADMIN_PERM,
15640 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15641 },
15642 {
15643 .cmd = NL80211_CMD_REGISTER_BEACONS,
15644 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15645 .doit = nl80211_register_beacons,
15646 .flags = GENL_UNS_ADMIN_PERM,
15647 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15648 },
15649 {
15650 .cmd = NL80211_CMD_SET_NOACK_MAP,
15651 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15652 .doit = nl80211_set_noack_map,
15653 .flags = GENL_UNS_ADMIN_PERM,
15654 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15655 },
15656 {
15657 .cmd = NL80211_CMD_START_P2P_DEVICE,
15658 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15659 .doit = nl80211_start_p2p_device,
15660 .flags = GENL_UNS_ADMIN_PERM,
15661 .internal_flags = NL80211_FLAG_NEED_WDEV |
15662 NL80211_FLAG_NEED_RTNL,
15663 },
15664 {
15665 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
15666 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15667 .doit = nl80211_stop_p2p_device,
15668 .flags = GENL_UNS_ADMIN_PERM,
15669 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15670 NL80211_FLAG_NEED_RTNL,
15671 },
15672 {
15673 .cmd = NL80211_CMD_START_NAN,
15674 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15675 .doit = nl80211_start_nan,
15676 .flags = GENL_ADMIN_PERM,
15677 .internal_flags = NL80211_FLAG_NEED_WDEV |
15678 NL80211_FLAG_NEED_RTNL,
15679 },
15680 {
15681 .cmd = NL80211_CMD_STOP_NAN,
15682 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15683 .doit = nl80211_stop_nan,
15684 .flags = GENL_ADMIN_PERM,
15685 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15686 NL80211_FLAG_NEED_RTNL,
15687 },
15688 {
15689 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
15690 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15691 .doit = nl80211_nan_add_func,
15692 .flags = GENL_ADMIN_PERM,
15693 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15694 },
15695 {
15696 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
15697 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15698 .doit = nl80211_nan_del_func,
15699 .flags = GENL_ADMIN_PERM,
15700 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15701 },
15702 {
15703 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
15704 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15705 .doit = nl80211_nan_change_config,
15706 .flags = GENL_ADMIN_PERM,
15707 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15708 },
15709 {
15710 .cmd = NL80211_CMD_SET_MCAST_RATE,
15711 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15712 .doit = nl80211_set_mcast_rate,
15713 .flags = GENL_UNS_ADMIN_PERM,
15714 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15715 },
15716 {
15717 .cmd = NL80211_CMD_SET_MAC_ACL,
15718 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15719 .doit = nl80211_set_mac_acl,
15720 .flags = GENL_UNS_ADMIN_PERM,
15721 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15722 },
15723 {
15724 .cmd = NL80211_CMD_RADAR_DETECT,
15725 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15726 .doit = nl80211_start_radar_detection,
15727 .flags = GENL_UNS_ADMIN_PERM,
15728 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15729 },
15730 {
15731 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
15732 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15733 .doit = nl80211_get_protocol_features,
15734 },
15735 {
15736 .cmd = NL80211_CMD_UPDATE_FT_IES,
15737 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15738 .doit = nl80211_update_ft_ies,
15739 .flags = GENL_UNS_ADMIN_PERM,
15740 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15741 },
15742 {
15743 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
15744 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15745 .doit = nl80211_crit_protocol_start,
15746 .flags = GENL_UNS_ADMIN_PERM,
15747 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15748 },
15749 {
15750 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
15751 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15752 .doit = nl80211_crit_protocol_stop,
15753 .flags = GENL_UNS_ADMIN_PERM,
15754 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15755 },
15756 {
15757 .cmd = NL80211_CMD_GET_COALESCE,
15758 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15759 .doit = nl80211_get_coalesce,
15760 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15761 },
15762 {
15763 .cmd = NL80211_CMD_SET_COALESCE,
15764 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15765 .doit = nl80211_set_coalesce,
15766 .flags = GENL_UNS_ADMIN_PERM,
15767 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15768 },
15769 {
15770 .cmd = NL80211_CMD_CHANNEL_SWITCH,
15771 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15772 .doit = nl80211_channel_switch,
15773 .flags = GENL_UNS_ADMIN_PERM,
15774 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15775 },
15776 {
15777 .cmd = NL80211_CMD_VENDOR,
15778 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15779 .doit = nl80211_vendor_cmd,
15780 .dumpit = nl80211_vendor_cmd_dump,
15781 .flags = GENL_UNS_ADMIN_PERM,
15782 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15783 0 |
15784 NL80211_FLAG_CLEAR_SKB,
15785 },
15786 {
15787 .cmd = NL80211_CMD_SET_QOS_MAP,
15788 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15789 .doit = nl80211_set_qos_map,
15790 .flags = GENL_UNS_ADMIN_PERM,
15791 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15792 },
15793 {
15794 .cmd = NL80211_CMD_ADD_TX_TS,
15795 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15796 .doit = nl80211_add_tx_ts,
15797 .flags = GENL_UNS_ADMIN_PERM,
15798 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15799 },
15800 {
15801 .cmd = NL80211_CMD_DEL_TX_TS,
15802 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15803 .doit = nl80211_del_tx_ts,
15804 .flags = GENL_UNS_ADMIN_PERM,
15805 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15806 },
15807 {
15808 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
15809 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15810 .doit = nl80211_tdls_channel_switch,
15811 .flags = GENL_UNS_ADMIN_PERM,
15812 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15813 },
15814 {
15815 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
15816 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15817 .doit = nl80211_tdls_cancel_channel_switch,
15818 .flags = GENL_UNS_ADMIN_PERM,
15819 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15820 },
15821 {
15822 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
15823 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15824 .doit = nl80211_set_multicast_to_unicast,
15825 .flags = GENL_UNS_ADMIN_PERM,
15826 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15827 },
15828 {
15829 .cmd = NL80211_CMD_SET_PMK,
15830 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15831 .doit = nl80211_set_pmk,
15832 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15833 0 |
15834 NL80211_FLAG_CLEAR_SKB,
15835 },
15836 {
15837 .cmd = NL80211_CMD_DEL_PMK,
15838 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15839 .doit = nl80211_del_pmk,
15840 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15841 },
15842 {
15843 .cmd = NL80211_CMD_EXTERNAL_AUTH,
15844 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15845 .doit = nl80211_external_auth,
15846 .flags = GENL_ADMIN_PERM,
15847 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15848 },
15849 {
15850 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
15851 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15852 .doit = nl80211_tx_control_port,
15853 .flags = GENL_UNS_ADMIN_PERM,
15854 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15855 },
15856 {
15857 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
15858 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15859 .doit = nl80211_get_ftm_responder_stats,
15860 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15861 },
15862 {
15863 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
15864 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15865 .doit = nl80211_pmsr_start,
15866 .flags = GENL_UNS_ADMIN_PERM,
15867 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15868 },
15869 {
15870 .cmd = NL80211_CMD_NOTIFY_RADAR,
15871 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15872 .doit = nl80211_notify_radar_detection,
15873 .flags = GENL_UNS_ADMIN_PERM,
15874 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15875 },
15876 {
15877 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
15878 .doit = nl80211_update_owe_info,
15879 .flags = GENL_ADMIN_PERM,
15880 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15881 },
15882 {
15883 .cmd = NL80211_CMD_PROBE_MESH_LINK,
15884 .doit = nl80211_probe_mesh_link,
15885 .flags = GENL_UNS_ADMIN_PERM,
15886 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15887 },
15888 {
15889 .cmd = NL80211_CMD_SET_TID_CONFIG,
15890 .doit = nl80211_set_tid_config,
15891 .flags = GENL_UNS_ADMIN_PERM,
15892 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15893 },
15894 {
15895 .cmd = NL80211_CMD_SET_SAR_SPECS,
15896 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15897 .doit = nl80211_set_sar_specs,
15898 .flags = GENL_UNS_ADMIN_PERM,
15899 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15900 NL80211_FLAG_NEED_RTNL,
15901 },
15902 {
15903 .cmd = NL80211_CMD_COLOR_CHANGE_REQUEST,
15904 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15905 .doit = nl80211_color_change,
15906 .flags = GENL_UNS_ADMIN_PERM,
15907 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15908 NL80211_FLAG_NEED_RTNL,
15909 },
15910};
15911
15912static struct genl_family nl80211_fam __ro_after_init = {
15913 .name = NL80211_GENL_NAME,
15914 .hdrsize = 0,
15915 .version = 1,
15916 .maxattr = NL80211_ATTR_MAX,
15917 .policy = nl80211_policy,
15918 .netnsok = true,
15919 .pre_doit = nl80211_pre_doit,
15920 .post_doit = nl80211_post_doit,
15921 .module = THIS_MODULE,
15922 .ops = nl80211_ops,
15923 .n_ops = ARRAY_SIZE(nl80211_ops),
15924 .small_ops = nl80211_small_ops,
15925 .n_small_ops = ARRAY_SIZE(nl80211_small_ops),
15926 .mcgrps = nl80211_mcgrps,
15927 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
15928 .parallel_ops = true,
15929};
15930
15931
15932
15933void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
15934 enum nl80211_commands cmd)
15935{
15936 struct sk_buff *msg;
15937 struct nl80211_dump_wiphy_state state = {};
15938
15939 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
15940 cmd != NL80211_CMD_DEL_WIPHY);
15941
15942 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15943 if (!msg)
15944 return;
15945
15946 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
15947 nlmsg_free(msg);
15948 return;
15949 }
15950
15951 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15952 NL80211_MCGRP_CONFIG, GFP_KERNEL);
15953}
15954
15955void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
15956 struct wireless_dev *wdev,
15957 enum nl80211_commands cmd)
15958{
15959 struct sk_buff *msg;
15960
15961 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15962 if (!msg)
15963 return;
15964
15965 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
15966 nlmsg_free(msg);
15967 return;
15968 }
15969
15970 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15971 NL80211_MCGRP_CONFIG, GFP_KERNEL);
15972}
15973
15974static int nl80211_add_scan_req(struct sk_buff *msg,
15975 struct cfg80211_registered_device *rdev)
15976{
15977 struct cfg80211_scan_request *req = rdev->scan_req;
15978 struct nlattr *nest;
15979 int i;
15980 struct cfg80211_scan_info *info;
15981
15982 if (WARN_ON(!req))
15983 return 0;
15984
15985 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
15986 if (!nest)
15987 goto nla_put_failure;
15988 for (i = 0; i < req->n_ssids; i++) {
15989 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
15990 goto nla_put_failure;
15991 }
15992 nla_nest_end(msg, nest);
15993
15994 if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
15995 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
15996 if (!nest)
15997 goto nla_put_failure;
15998 for (i = 0; i < req->n_channels; i++) {
15999 if (nla_put_u32(msg, i,
16000 ieee80211_channel_to_khz(req->channels[i])))
16001 goto nla_put_failure;
16002 }
16003 nla_nest_end(msg, nest);
16004 } else {
16005 nest = nla_nest_start_noflag(msg,
16006 NL80211_ATTR_SCAN_FREQUENCIES);
16007 if (!nest)
16008 goto nla_put_failure;
16009 for (i = 0; i < req->n_channels; i++) {
16010 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
16011 goto nla_put_failure;
16012 }
16013 nla_nest_end(msg, nest);
16014 }
16015
16016 if (req->ie &&
16017 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
16018 goto nla_put_failure;
16019
16020 if (req->flags &&
16021 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
16022 goto nla_put_failure;
16023
16024 info = rdev->int_scan_req ? &rdev->int_scan_req->info :
16025 &rdev->scan_req->info;
16026 if (info->scan_start_tsf &&
16027 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
16028 info->scan_start_tsf, NL80211_BSS_PAD) ||
16029 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
16030 info->tsf_bssid)))
16031 goto nla_put_failure;
16032
16033 return 0;
16034 nla_put_failure:
16035 return -ENOBUFS;
16036}
16037
16038static int nl80211_prep_scan_msg(struct sk_buff *msg,
16039 struct cfg80211_registered_device *rdev,
16040 struct wireless_dev *wdev,
16041 u32 portid, u32 seq, int flags,
16042 u32 cmd)
16043{
16044 void *hdr;
16045
16046 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
16047 if (!hdr)
16048 return -1;
16049
16050 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16051 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16052 wdev->netdev->ifindex)) ||
16053 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16054 NL80211_ATTR_PAD))
16055 goto nla_put_failure;
16056
16057
16058 nl80211_add_scan_req(msg, rdev);
16059
16060 genlmsg_end(msg, hdr);
16061 return 0;
16062
16063 nla_put_failure:
16064 genlmsg_cancel(msg, hdr);
16065 return -EMSGSIZE;
16066}
16067
16068static int
16069nl80211_prep_sched_scan_msg(struct sk_buff *msg,
16070 struct cfg80211_sched_scan_request *req, u32 cmd)
16071{
16072 void *hdr;
16073
16074 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16075 if (!hdr)
16076 return -1;
16077
16078 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
16079 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
16080 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
16081 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
16082 NL80211_ATTR_PAD))
16083 goto nla_put_failure;
16084
16085 genlmsg_end(msg, hdr);
16086 return 0;
16087
16088 nla_put_failure:
16089 genlmsg_cancel(msg, hdr);
16090 return -EMSGSIZE;
16091}
16092
16093void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
16094 struct wireless_dev *wdev)
16095{
16096 struct sk_buff *msg;
16097
16098 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16099 if (!msg)
16100 return;
16101
16102 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
16103 NL80211_CMD_TRIGGER_SCAN) < 0) {
16104 nlmsg_free(msg);
16105 return;
16106 }
16107
16108 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16109 NL80211_MCGRP_SCAN, GFP_KERNEL);
16110}
16111
16112struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
16113 struct wireless_dev *wdev, bool aborted)
16114{
16115 struct sk_buff *msg;
16116
16117 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16118 if (!msg)
16119 return NULL;
16120
16121 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
16122 aborted ? NL80211_CMD_SCAN_ABORTED :
16123 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
16124 nlmsg_free(msg);
16125 return NULL;
16126 }
16127
16128 return msg;
16129}
16130
16131
16132void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
16133 struct sk_buff *msg)
16134{
16135 if (!msg)
16136 return;
16137
16138 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16139 NL80211_MCGRP_SCAN, GFP_KERNEL);
16140}
16141
16142void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
16143{
16144 struct sk_buff *msg;
16145
16146 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16147 if (!msg)
16148 return;
16149
16150 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
16151 nlmsg_free(msg);
16152 return;
16153 }
16154
16155 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
16156 NL80211_MCGRP_SCAN, GFP_KERNEL);
16157}
16158
16159static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
16160 struct regulatory_request *request)
16161{
16162
16163 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
16164 goto nla_put_failure;
16165
16166 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
16167 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16168 NL80211_REGDOM_TYPE_WORLD))
16169 goto nla_put_failure;
16170 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
16171 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16172 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
16173 goto nla_put_failure;
16174 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
16175 request->intersect) {
16176 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16177 NL80211_REGDOM_TYPE_INTERSECTION))
16178 goto nla_put_failure;
16179 } else {
16180 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16181 NL80211_REGDOM_TYPE_COUNTRY) ||
16182 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
16183 request->alpha2))
16184 goto nla_put_failure;
16185 }
16186
16187 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
16188 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
16189
16190 if (wiphy &&
16191 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
16192 goto nla_put_failure;
16193
16194 if (wiphy &&
16195 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
16196 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
16197 goto nla_put_failure;
16198 }
16199
16200 return true;
16201
16202nla_put_failure:
16203 return false;
16204}
16205
16206
16207
16208
16209
16210void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
16211 struct regulatory_request *request)
16212{
16213 struct sk_buff *msg;
16214 void *hdr;
16215
16216 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16217 if (!msg)
16218 return;
16219
16220 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
16221 if (!hdr)
16222 goto nla_put_failure;
16223
16224 if (!nl80211_reg_change_event_fill(msg, request))
16225 goto nla_put_failure;
16226
16227 genlmsg_end(msg, hdr);
16228
16229 rcu_read_lock();
16230 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
16231 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
16232 rcu_read_unlock();
16233
16234 return;
16235
16236nla_put_failure:
16237 nlmsg_free(msg);
16238}
16239
16240static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
16241 struct net_device *netdev,
16242 const u8 *buf, size_t len,
16243 enum nl80211_commands cmd, gfp_t gfp,
16244 int uapsd_queues, const u8 *req_ies,
16245 size_t req_ies_len, bool reconnect)
16246{
16247 struct sk_buff *msg;
16248 void *hdr;
16249
16250 msg = nlmsg_new(100 + len + req_ies_len, gfp);
16251 if (!msg)
16252 return;
16253
16254 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16255 if (!hdr) {
16256 nlmsg_free(msg);
16257 return;
16258 }
16259
16260 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16261 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16262 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16263 (req_ies &&
16264 nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
16265 goto nla_put_failure;
16266
16267 if (reconnect && nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED))
16268 goto nla_put_failure;
16269
16270 if (uapsd_queues >= 0) {
16271 struct nlattr *nla_wmm =
16272 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
16273 if (!nla_wmm)
16274 goto nla_put_failure;
16275
16276 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
16277 uapsd_queues))
16278 goto nla_put_failure;
16279
16280 nla_nest_end(msg, nla_wmm);
16281 }
16282
16283 genlmsg_end(msg, hdr);
16284
16285 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16286 NL80211_MCGRP_MLME, gfp);
16287 return;
16288
16289 nla_put_failure:
16290 nlmsg_free(msg);
16291}
16292
16293void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
16294 struct net_device *netdev, const u8 *buf,
16295 size_t len, gfp_t gfp)
16296{
16297 nl80211_send_mlme_event(rdev, netdev, buf, len,
16298 NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0,
16299 false);
16300}
16301
16302void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
16303 struct net_device *netdev, const u8 *buf,
16304 size_t len, gfp_t gfp, int uapsd_queues,
16305 const u8 *req_ies, size_t req_ies_len)
16306{
16307 nl80211_send_mlme_event(rdev, netdev, buf, len,
16308 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
16309 req_ies, req_ies_len, false);
16310}
16311
16312void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
16313 struct net_device *netdev, const u8 *buf,
16314 size_t len, bool reconnect, gfp_t gfp)
16315{
16316 nl80211_send_mlme_event(rdev, netdev, buf, len,
16317 NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0,
16318 reconnect);
16319}
16320
16321void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
16322 struct net_device *netdev, const u8 *buf,
16323 size_t len, bool reconnect, gfp_t gfp)
16324{
16325 nl80211_send_mlme_event(rdev, netdev, buf, len,
16326 NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0,
16327 reconnect);
16328}
16329
16330void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
16331 size_t len)
16332{
16333 struct wireless_dev *wdev = dev->ieee80211_ptr;
16334 struct wiphy *wiphy = wdev->wiphy;
16335 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16336 const struct ieee80211_mgmt *mgmt = (void *)buf;
16337 u32 cmd;
16338
16339 if (WARN_ON(len < 2))
16340 return;
16341
16342 if (ieee80211_is_deauth(mgmt->frame_control)) {
16343 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
16344 } else if (ieee80211_is_disassoc(mgmt->frame_control)) {
16345 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
16346 } else if (ieee80211_is_beacon(mgmt->frame_control)) {
16347 if (wdev->unprot_beacon_reported &&
16348 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
16349 return;
16350 cmd = NL80211_CMD_UNPROT_BEACON;
16351 wdev->unprot_beacon_reported = jiffies;
16352 } else {
16353 return;
16354 }
16355
16356 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
16357 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
16358 NULL, 0, false);
16359}
16360EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
16361
16362static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
16363 struct net_device *netdev, int cmd,
16364 const u8 *addr, gfp_t gfp)
16365{
16366 struct sk_buff *msg;
16367 void *hdr;
16368
16369 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16370 if (!msg)
16371 return;
16372
16373 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16374 if (!hdr) {
16375 nlmsg_free(msg);
16376 return;
16377 }
16378
16379 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16380 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16381 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
16382 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
16383 goto nla_put_failure;
16384
16385 genlmsg_end(msg, hdr);
16386
16387 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16388 NL80211_MCGRP_MLME, gfp);
16389 return;
16390
16391 nla_put_failure:
16392 nlmsg_free(msg);
16393}
16394
16395void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
16396 struct net_device *netdev, const u8 *addr,
16397 gfp_t gfp)
16398{
16399 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
16400 addr, gfp);
16401}
16402
16403void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
16404 struct net_device *netdev, const u8 *addr,
16405 gfp_t gfp)
16406{
16407 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
16408 addr, gfp);
16409}
16410
16411void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
16412 struct net_device *netdev,
16413 struct cfg80211_connect_resp_params *cr,
16414 gfp_t gfp)
16415{
16416 struct sk_buff *msg;
16417 void *hdr;
16418
16419 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
16420 cr->fils.kek_len + cr->fils.pmk_len +
16421 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
16422 if (!msg)
16423 return;
16424
16425 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
16426 if (!hdr) {
16427 nlmsg_free(msg);
16428 return;
16429 }
16430
16431 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16432 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16433 (cr->bssid &&
16434 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
16435 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
16436 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
16437 cr->status) ||
16438 (cr->status < 0 &&
16439 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
16440 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
16441 cr->timeout_reason))) ||
16442 (cr->req_ie &&
16443 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
16444 (cr->resp_ie &&
16445 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
16446 cr->resp_ie)) ||
16447 (cr->fils.update_erp_next_seq_num &&
16448 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
16449 cr->fils.erp_next_seq_num)) ||
16450 (cr->status == WLAN_STATUS_SUCCESS &&
16451 ((cr->fils.kek &&
16452 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
16453 cr->fils.kek)) ||
16454 (cr->fils.pmk &&
16455 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
16456 (cr->fils.pmkid &&
16457 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
16458 goto nla_put_failure;
16459
16460 genlmsg_end(msg, hdr);
16461
16462 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16463 NL80211_MCGRP_MLME, gfp);
16464 return;
16465
16466 nla_put_failure:
16467 nlmsg_free(msg);
16468}
16469
16470void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
16471 struct net_device *netdev,
16472 struct cfg80211_roam_info *info, gfp_t gfp)
16473{
16474 struct sk_buff *msg;
16475 void *hdr;
16476 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
16477
16478 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
16479 info->fils.kek_len + info->fils.pmk_len +
16480 (info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
16481 if (!msg)
16482 return;
16483
16484 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
16485 if (!hdr) {
16486 nlmsg_free(msg);
16487 return;
16488 }
16489
16490 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16491 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16492 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
16493 (info->req_ie &&
16494 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
16495 info->req_ie)) ||
16496 (info->resp_ie &&
16497 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
16498 info->resp_ie)) ||
16499 (info->fils.update_erp_next_seq_num &&
16500 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
16501 info->fils.erp_next_seq_num)) ||
16502 (info->fils.kek &&
16503 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
16504 info->fils.kek)) ||
16505 (info->fils.pmk &&
16506 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
16507 (info->fils.pmkid &&
16508 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
16509 goto nla_put_failure;
16510
16511 genlmsg_end(msg, hdr);
16512
16513 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16514 NL80211_MCGRP_MLME, gfp);
16515 return;
16516
16517 nla_put_failure:
16518 nlmsg_free(msg);
16519}
16520
16521void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
16522 struct net_device *netdev, const u8 *bssid)
16523{
16524 struct sk_buff *msg;
16525 void *hdr;
16526
16527 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16528 if (!msg)
16529 return;
16530
16531 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
16532 if (!hdr) {
16533 nlmsg_free(msg);
16534 return;
16535 }
16536
16537 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16538 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16539 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16540 goto nla_put_failure;
16541
16542 genlmsg_end(msg, hdr);
16543
16544 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16545 NL80211_MCGRP_MLME, GFP_KERNEL);
16546 return;
16547
16548 nla_put_failure:
16549 nlmsg_free(msg);
16550}
16551
16552void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
16553 struct net_device *netdev, u16 reason,
16554 const u8 *ie, size_t ie_len, bool from_ap)
16555{
16556 struct sk_buff *msg;
16557 void *hdr;
16558
16559 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
16560 if (!msg)
16561 return;
16562
16563 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
16564 if (!hdr) {
16565 nlmsg_free(msg);
16566 return;
16567 }
16568
16569 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16570 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16571 (reason &&
16572 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
16573 (from_ap &&
16574 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
16575 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
16576 goto nla_put_failure;
16577
16578 genlmsg_end(msg, hdr);
16579
16580 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16581 NL80211_MCGRP_MLME, GFP_KERNEL);
16582 return;
16583
16584 nla_put_failure:
16585 nlmsg_free(msg);
16586}
16587
16588void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
16589 struct net_device *netdev, const u8 *bssid,
16590 gfp_t gfp)
16591{
16592 struct sk_buff *msg;
16593 void *hdr;
16594
16595 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16596 if (!msg)
16597 return;
16598
16599 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
16600 if (!hdr) {
16601 nlmsg_free(msg);
16602 return;
16603 }
16604
16605 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16606 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16607 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16608 goto nla_put_failure;
16609
16610 genlmsg_end(msg, hdr);
16611
16612 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16613 NL80211_MCGRP_MLME, gfp);
16614 return;
16615
16616 nla_put_failure:
16617 nlmsg_free(msg);
16618}
16619
16620void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
16621 const u8 *ie, u8 ie_len,
16622 int sig_dbm, gfp_t gfp)
16623{
16624 struct wireless_dev *wdev = dev->ieee80211_ptr;
16625 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16626 struct sk_buff *msg;
16627 void *hdr;
16628
16629 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
16630 return;
16631
16632 trace_cfg80211_notify_new_peer_candidate(dev, addr);
16633
16634 msg = nlmsg_new(100 + ie_len, gfp);
16635 if (!msg)
16636 return;
16637
16638 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
16639 if (!hdr) {
16640 nlmsg_free(msg);
16641 return;
16642 }
16643
16644 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16645 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16646 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16647 (ie_len && ie &&
16648 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
16649 (sig_dbm &&
16650 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
16651 goto nla_put_failure;
16652
16653 genlmsg_end(msg, hdr);
16654
16655 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16656 NL80211_MCGRP_MLME, gfp);
16657 return;
16658
16659 nla_put_failure:
16660 nlmsg_free(msg);
16661}
16662EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
16663
16664void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
16665 struct net_device *netdev, const u8 *addr,
16666 enum nl80211_key_type key_type, int key_id,
16667 const u8 *tsc, gfp_t gfp)
16668{
16669 struct sk_buff *msg;
16670 void *hdr;
16671
16672 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16673 if (!msg)
16674 return;
16675
16676 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
16677 if (!hdr) {
16678 nlmsg_free(msg);
16679 return;
16680 }
16681
16682 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16683 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16684 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
16685 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
16686 (key_id != -1 &&
16687 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
16688 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
16689 goto nla_put_failure;
16690
16691 genlmsg_end(msg, hdr);
16692
16693 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16694 NL80211_MCGRP_MLME, gfp);
16695 return;
16696
16697 nla_put_failure:
16698 nlmsg_free(msg);
16699}
16700
16701void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
16702 struct ieee80211_channel *channel_before,
16703 struct ieee80211_channel *channel_after)
16704{
16705 struct sk_buff *msg;
16706 void *hdr;
16707 struct nlattr *nl_freq;
16708
16709 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
16710 if (!msg)
16711 return;
16712
16713 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
16714 if (!hdr) {
16715 nlmsg_free(msg);
16716 return;
16717 }
16718
16719
16720
16721
16722
16723 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
16724 goto nla_put_failure;
16725
16726
16727 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
16728 if (!nl_freq)
16729 goto nla_put_failure;
16730
16731 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
16732 goto nla_put_failure;
16733 nla_nest_end(msg, nl_freq);
16734
16735
16736 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
16737 if (!nl_freq)
16738 goto nla_put_failure;
16739
16740 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
16741 goto nla_put_failure;
16742 nla_nest_end(msg, nl_freq);
16743
16744 genlmsg_end(msg, hdr);
16745
16746 rcu_read_lock();
16747 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
16748 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
16749 rcu_read_unlock();
16750
16751 return;
16752
16753nla_put_failure:
16754 nlmsg_free(msg);
16755}
16756
16757static void nl80211_send_remain_on_chan_event(
16758 int cmd, struct cfg80211_registered_device *rdev,
16759 struct wireless_dev *wdev, u64 cookie,
16760 struct ieee80211_channel *chan,
16761 unsigned int duration, gfp_t gfp)
16762{
16763 struct sk_buff *msg;
16764 void *hdr;
16765
16766 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16767 if (!msg)
16768 return;
16769
16770 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16771 if (!hdr) {
16772 nlmsg_free(msg);
16773 return;
16774 }
16775
16776 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16777 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16778 wdev->netdev->ifindex)) ||
16779 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16780 NL80211_ATTR_PAD) ||
16781 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
16782 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
16783 NL80211_CHAN_NO_HT) ||
16784 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16785 NL80211_ATTR_PAD))
16786 goto nla_put_failure;
16787
16788 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
16789 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
16790 goto nla_put_failure;
16791
16792 genlmsg_end(msg, hdr);
16793
16794 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16795 NL80211_MCGRP_MLME, gfp);
16796 return;
16797
16798 nla_put_failure:
16799 nlmsg_free(msg);
16800}
16801
16802void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
16803 struct ieee80211_channel *chan,
16804 unsigned int duration, gfp_t gfp)
16805{
16806 struct wiphy *wiphy = wdev->wiphy;
16807 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16808
16809 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
16810 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
16811 rdev, wdev, cookie, chan,
16812 duration, gfp);
16813}
16814EXPORT_SYMBOL(cfg80211_ready_on_channel);
16815
16816void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
16817 struct ieee80211_channel *chan,
16818 gfp_t gfp)
16819{
16820 struct wiphy *wiphy = wdev->wiphy;
16821 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16822
16823 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
16824 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
16825 rdev, wdev, cookie, chan, 0, gfp);
16826}
16827EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
16828
16829void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
16830 struct ieee80211_channel *chan,
16831 gfp_t gfp)
16832{
16833 struct wiphy *wiphy = wdev->wiphy;
16834 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16835
16836 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
16837 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
16838 rdev, wdev, cookie, chan, 0, gfp);
16839}
16840EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
16841
16842void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
16843 struct station_info *sinfo, gfp_t gfp)
16844{
16845 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16846 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16847 struct sk_buff *msg;
16848
16849 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
16850
16851 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16852 if (!msg)
16853 return;
16854
16855 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
16856 rdev, dev, mac_addr, sinfo) < 0) {
16857 nlmsg_free(msg);
16858 return;
16859 }
16860
16861 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16862 NL80211_MCGRP_MLME, gfp);
16863}
16864EXPORT_SYMBOL(cfg80211_new_sta);
16865
16866void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
16867 struct station_info *sinfo, gfp_t gfp)
16868{
16869 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16870 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16871 struct sk_buff *msg;
16872 struct station_info empty_sinfo = {};
16873
16874 if (!sinfo)
16875 sinfo = &empty_sinfo;
16876
16877 trace_cfg80211_del_sta(dev, mac_addr);
16878
16879 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16880 if (!msg) {
16881 cfg80211_sinfo_release_content(sinfo);
16882 return;
16883 }
16884
16885 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
16886 rdev, dev, mac_addr, sinfo) < 0) {
16887 nlmsg_free(msg);
16888 return;
16889 }
16890
16891 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16892 NL80211_MCGRP_MLME, gfp);
16893}
16894EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
16895
16896void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
16897 enum nl80211_connect_failed_reason reason,
16898 gfp_t gfp)
16899{
16900 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16901 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16902 struct sk_buff *msg;
16903 void *hdr;
16904
16905 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
16906 if (!msg)
16907 return;
16908
16909 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
16910 if (!hdr) {
16911 nlmsg_free(msg);
16912 return;
16913 }
16914
16915 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16916 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
16917 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
16918 goto nla_put_failure;
16919
16920 genlmsg_end(msg, hdr);
16921
16922 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16923 NL80211_MCGRP_MLME, gfp);
16924 return;
16925
16926 nla_put_failure:
16927 nlmsg_free(msg);
16928}
16929EXPORT_SYMBOL(cfg80211_conn_failed);
16930
16931static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
16932 const u8 *addr, gfp_t gfp)
16933{
16934 struct wireless_dev *wdev = dev->ieee80211_ptr;
16935 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16936 struct sk_buff *msg;
16937 void *hdr;
16938 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
16939
16940 if (!nlportid)
16941 return false;
16942
16943 msg = nlmsg_new(100, gfp);
16944 if (!msg)
16945 return true;
16946
16947 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16948 if (!hdr) {
16949 nlmsg_free(msg);
16950 return true;
16951 }
16952
16953 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16954 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16955 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
16956 goto nla_put_failure;
16957
16958 genlmsg_end(msg, hdr);
16959 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16960 return true;
16961
16962 nla_put_failure:
16963 nlmsg_free(msg);
16964 return true;
16965}
16966
16967bool cfg80211_rx_spurious_frame(struct net_device *dev,
16968 const u8 *addr, gfp_t gfp)
16969{
16970 struct wireless_dev *wdev = dev->ieee80211_ptr;
16971 bool ret;
16972
16973 trace_cfg80211_rx_spurious_frame(dev, addr);
16974
16975 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16976 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
16977 trace_cfg80211_return_bool(false);
16978 return false;
16979 }
16980 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
16981 addr, gfp);
16982 trace_cfg80211_return_bool(ret);
16983 return ret;
16984}
16985EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
16986
16987bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
16988 const u8 *addr, gfp_t gfp)
16989{
16990 struct wireless_dev *wdev = dev->ieee80211_ptr;
16991 bool ret;
16992
16993 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
16994
16995 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16996 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
16997 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
16998 trace_cfg80211_return_bool(false);
16999 return false;
17000 }
17001 ret = __nl80211_unexpected_frame(dev,
17002 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
17003 addr, gfp);
17004 trace_cfg80211_return_bool(ret);
17005 return ret;
17006}
17007EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
17008
17009int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
17010 struct wireless_dev *wdev, u32 nlportid,
17011 int freq, int sig_dbm,
17012 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
17013{
17014 struct net_device *netdev = wdev->netdev;
17015 struct sk_buff *msg;
17016 void *hdr;
17017
17018 msg = nlmsg_new(100 + len, gfp);
17019 if (!msg)
17020 return -ENOMEM;
17021
17022 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
17023 if (!hdr) {
17024 nlmsg_free(msg);
17025 return -ENOMEM;
17026 }
17027
17028 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17029 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
17030 netdev->ifindex)) ||
17031 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17032 NL80211_ATTR_PAD) ||
17033 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(freq)) ||
17034 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, freq % 1000) ||
17035 (sig_dbm &&
17036 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
17037 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
17038 (flags &&
17039 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
17040 goto nla_put_failure;
17041
17042 genlmsg_end(msg, hdr);
17043
17044 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
17045
17046 nla_put_failure:
17047 nlmsg_free(msg);
17048 return -ENOBUFS;
17049}
17050
17051static void nl80211_frame_tx_status(struct wireless_dev *wdev, u64 cookie,
17052 const u8 *buf, size_t len, bool ack,
17053 gfp_t gfp, enum nl80211_commands command)
17054{
17055 struct wiphy *wiphy = wdev->wiphy;
17056 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17057 struct net_device *netdev = wdev->netdev;
17058 struct sk_buff *msg;
17059 void *hdr;
17060
17061 if (command == NL80211_CMD_FRAME_TX_STATUS)
17062 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
17063 else
17064 trace_cfg80211_control_port_tx_status(wdev, cookie, ack);
17065
17066 msg = nlmsg_new(100 + len, gfp);
17067 if (!msg)
17068 return;
17069
17070 hdr = nl80211hdr_put(msg, 0, 0, 0, command);
17071 if (!hdr) {
17072 nlmsg_free(msg);
17073 return;
17074 }
17075
17076 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17077 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
17078 netdev->ifindex)) ||
17079 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17080 NL80211_ATTR_PAD) ||
17081 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
17082 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
17083 NL80211_ATTR_PAD) ||
17084 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
17085 goto nla_put_failure;
17086
17087 genlmsg_end(msg, hdr);
17088
17089 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17090 NL80211_MCGRP_MLME, gfp);
17091 return;
17092
17093nla_put_failure:
17094 nlmsg_free(msg);
17095}
17096
17097void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
17098 const u8 *buf, size_t len, bool ack,
17099 gfp_t gfp)
17100{
17101 nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
17102 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
17103}
17104EXPORT_SYMBOL(cfg80211_control_port_tx_status);
17105
17106void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
17107 const u8 *buf, size_t len, bool ack, gfp_t gfp)
17108{
17109 nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
17110 NL80211_CMD_FRAME_TX_STATUS);
17111}
17112EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
17113
17114static int __nl80211_rx_control_port(struct net_device *dev,
17115 struct sk_buff *skb,
17116 bool unencrypted, gfp_t gfp)
17117{
17118 struct wireless_dev *wdev = dev->ieee80211_ptr;
17119 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17120 struct ethhdr *ehdr = eth_hdr(skb);
17121 const u8 *addr = ehdr->h_source;
17122 u16 proto = be16_to_cpu(skb->protocol);
17123 struct sk_buff *msg;
17124 void *hdr;
17125 struct nlattr *frame;
17126
17127 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
17128
17129 if (!nlportid)
17130 return -ENOENT;
17131
17132 msg = nlmsg_new(100 + skb->len, gfp);
17133 if (!msg)
17134 return -ENOMEM;
17135
17136 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
17137 if (!hdr) {
17138 nlmsg_free(msg);
17139 return -ENOBUFS;
17140 }
17141
17142 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17143 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17144 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17145 NL80211_ATTR_PAD) ||
17146 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
17147 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
17148 (unencrypted && nla_put_flag(msg,
17149 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
17150 goto nla_put_failure;
17151
17152 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
17153 if (!frame)
17154 goto nla_put_failure;
17155
17156 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
17157 genlmsg_end(msg, hdr);
17158
17159 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
17160
17161 nla_put_failure:
17162 nlmsg_free(msg);
17163 return -ENOBUFS;
17164}
17165
17166bool cfg80211_rx_control_port(struct net_device *dev,
17167 struct sk_buff *skb, bool unencrypted)
17168{
17169 int ret;
17170
17171 trace_cfg80211_rx_control_port(dev, skb, unencrypted);
17172 ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
17173 trace_cfg80211_return_bool(ret == 0);
17174 return ret == 0;
17175}
17176EXPORT_SYMBOL(cfg80211_rx_control_port);
17177
17178static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
17179 const char *mac, gfp_t gfp)
17180{
17181 struct wireless_dev *wdev = dev->ieee80211_ptr;
17182 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17183 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17184 void **cb;
17185
17186 if (!msg)
17187 return NULL;
17188
17189 cb = (void **)msg->cb;
17190
17191 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
17192 if (!cb[0]) {
17193 nlmsg_free(msg);
17194 return NULL;
17195 }
17196
17197 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17198 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
17199 goto nla_put_failure;
17200
17201 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
17202 goto nla_put_failure;
17203
17204 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
17205 if (!cb[1])
17206 goto nla_put_failure;
17207
17208 cb[2] = rdev;
17209
17210 return msg;
17211 nla_put_failure:
17212 nlmsg_free(msg);
17213 return NULL;
17214}
17215
17216static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
17217{
17218 void **cb = (void **)msg->cb;
17219 struct cfg80211_registered_device *rdev = cb[2];
17220
17221 nla_nest_end(msg, cb[1]);
17222 genlmsg_end(msg, cb[0]);
17223
17224 memset(msg->cb, 0, sizeof(msg->cb));
17225
17226 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17227 NL80211_MCGRP_MLME, gfp);
17228}
17229
17230void cfg80211_cqm_rssi_notify(struct net_device *dev,
17231 enum nl80211_cqm_rssi_threshold_event rssi_event,
17232 s32 rssi_level, gfp_t gfp)
17233{
17234 struct sk_buff *msg;
17235 struct wireless_dev *wdev = dev->ieee80211_ptr;
17236 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17237
17238 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
17239
17240 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
17241 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
17242 return;
17243
17244 if (wdev->cqm_config) {
17245 wdev->cqm_config->last_rssi_event_value = rssi_level;
17246
17247 cfg80211_cqm_rssi_update(rdev, dev);
17248
17249 if (rssi_level == 0)
17250 rssi_level = wdev->cqm_config->last_rssi_event_value;
17251 }
17252
17253 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
17254 if (!msg)
17255 return;
17256
17257 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
17258 rssi_event))
17259 goto nla_put_failure;
17260
17261 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
17262 rssi_level))
17263 goto nla_put_failure;
17264
17265 cfg80211_send_cqm(msg, gfp);
17266
17267 return;
17268
17269 nla_put_failure:
17270 nlmsg_free(msg);
17271}
17272EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
17273
17274void cfg80211_cqm_txe_notify(struct net_device *dev,
17275 const u8 *peer, u32 num_packets,
17276 u32 rate, u32 intvl, gfp_t gfp)
17277{
17278 struct sk_buff *msg;
17279
17280 msg = cfg80211_prepare_cqm(dev, peer, gfp);
17281 if (!msg)
17282 return;
17283
17284 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
17285 goto nla_put_failure;
17286
17287 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
17288 goto nla_put_failure;
17289
17290 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
17291 goto nla_put_failure;
17292
17293 cfg80211_send_cqm(msg, gfp);
17294 return;
17295
17296 nla_put_failure:
17297 nlmsg_free(msg);
17298}
17299EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
17300
17301void cfg80211_cqm_pktloss_notify(struct net_device *dev,
17302 const u8 *peer, u32 num_packets, gfp_t gfp)
17303{
17304 struct sk_buff *msg;
17305
17306 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
17307
17308 msg = cfg80211_prepare_cqm(dev, peer, gfp);
17309 if (!msg)
17310 return;
17311
17312 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
17313 goto nla_put_failure;
17314
17315 cfg80211_send_cqm(msg, gfp);
17316 return;
17317
17318 nla_put_failure:
17319 nlmsg_free(msg);
17320}
17321EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
17322
17323void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
17324{
17325 struct sk_buff *msg;
17326
17327 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
17328 if (!msg)
17329 return;
17330
17331 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
17332 goto nla_put_failure;
17333
17334 cfg80211_send_cqm(msg, gfp);
17335 return;
17336
17337 nla_put_failure:
17338 nlmsg_free(msg);
17339}
17340EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
17341
17342static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
17343 struct net_device *netdev, const u8 *bssid,
17344 const u8 *replay_ctr, gfp_t gfp)
17345{
17346 struct sk_buff *msg;
17347 struct nlattr *rekey_attr;
17348 void *hdr;
17349
17350 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17351 if (!msg)
17352 return;
17353
17354 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
17355 if (!hdr) {
17356 nlmsg_free(msg);
17357 return;
17358 }
17359
17360 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17361 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17362 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
17363 goto nla_put_failure;
17364
17365 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
17366 if (!rekey_attr)
17367 goto nla_put_failure;
17368
17369 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
17370 NL80211_REPLAY_CTR_LEN, replay_ctr))
17371 goto nla_put_failure;
17372
17373 nla_nest_end(msg, rekey_attr);
17374
17375 genlmsg_end(msg, hdr);
17376
17377 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17378 NL80211_MCGRP_MLME, gfp);
17379 return;
17380
17381 nla_put_failure:
17382 nlmsg_free(msg);
17383}
17384
17385void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
17386 const u8 *replay_ctr, gfp_t gfp)
17387{
17388 struct wireless_dev *wdev = dev->ieee80211_ptr;
17389 struct wiphy *wiphy = wdev->wiphy;
17390 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17391
17392 trace_cfg80211_gtk_rekey_notify(dev, bssid);
17393 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
17394}
17395EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
17396
17397static void
17398nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
17399 struct net_device *netdev, int index,
17400 const u8 *bssid, bool preauth, gfp_t gfp)
17401{
17402 struct sk_buff *msg;
17403 struct nlattr *attr;
17404 void *hdr;
17405
17406 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17407 if (!msg)
17408 return;
17409
17410 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
17411 if (!hdr) {
17412 nlmsg_free(msg);
17413 return;
17414 }
17415
17416 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17417 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
17418 goto nla_put_failure;
17419
17420 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
17421 if (!attr)
17422 goto nla_put_failure;
17423
17424 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
17425 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
17426 (preauth &&
17427 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
17428 goto nla_put_failure;
17429
17430 nla_nest_end(msg, attr);
17431
17432 genlmsg_end(msg, hdr);
17433
17434 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17435 NL80211_MCGRP_MLME, gfp);
17436 return;
17437
17438 nla_put_failure:
17439 nlmsg_free(msg);
17440}
17441
17442void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
17443 const u8 *bssid, bool preauth, gfp_t gfp)
17444{
17445 struct wireless_dev *wdev = dev->ieee80211_ptr;
17446 struct wiphy *wiphy = wdev->wiphy;
17447 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17448
17449 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
17450 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
17451}
17452EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
17453
17454static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
17455 struct net_device *netdev,
17456 struct cfg80211_chan_def *chandef,
17457 gfp_t gfp,
17458 enum nl80211_commands notif,
17459 u8 count, bool quiet)
17460{
17461 struct sk_buff *msg;
17462 void *hdr;
17463
17464 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17465 if (!msg)
17466 return;
17467
17468 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
17469 if (!hdr) {
17470 nlmsg_free(msg);
17471 return;
17472 }
17473
17474 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
17475 goto nla_put_failure;
17476
17477 if (nl80211_send_chandef(msg, chandef))
17478 goto nla_put_failure;
17479
17480 if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) {
17481 if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))
17482 goto nla_put_failure;
17483 if (quiet &&
17484 nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX))
17485 goto nla_put_failure;
17486 }
17487
17488 genlmsg_end(msg, hdr);
17489
17490 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17491 NL80211_MCGRP_MLME, gfp);
17492 return;
17493
17494 nla_put_failure:
17495 nlmsg_free(msg);
17496}
17497
17498void cfg80211_ch_switch_notify(struct net_device *dev,
17499 struct cfg80211_chan_def *chandef)
17500{
17501 struct wireless_dev *wdev = dev->ieee80211_ptr;
17502 struct wiphy *wiphy = wdev->wiphy;
17503 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17504
17505 ASSERT_WDEV_LOCK(wdev);
17506
17507 trace_cfg80211_ch_switch_notify(dev, chandef);
17508
17509 wdev->chandef = *chandef;
17510 wdev->preset_chandef = *chandef;
17511
17512 if (wdev->iftype == NL80211_IFTYPE_STATION &&
17513 !WARN_ON(!wdev->current_bss))
17514 cfg80211_update_assoc_bss_entry(wdev, chandef->chan);
17515
17516 cfg80211_sched_dfs_chan_update(rdev);
17517
17518 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
17519 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false);
17520}
17521EXPORT_SYMBOL(cfg80211_ch_switch_notify);
17522
17523void cfg80211_ch_switch_started_notify(struct net_device *dev,
17524 struct cfg80211_chan_def *chandef,
17525 u8 count, bool quiet)
17526{
17527 struct wireless_dev *wdev = dev->ieee80211_ptr;
17528 struct wiphy *wiphy = wdev->wiphy;
17529 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17530
17531 trace_cfg80211_ch_switch_started_notify(dev, chandef);
17532
17533 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
17534 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY,
17535 count, quiet);
17536}
17537EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
17538
17539int cfg80211_bss_color_notify(struct net_device *dev, gfp_t gfp,
17540 enum nl80211_commands cmd, u8 count,
17541 u64 color_bitmap)
17542{
17543 struct wireless_dev *wdev = dev->ieee80211_ptr;
17544 struct wiphy *wiphy = wdev->wiphy;
17545 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17546 struct sk_buff *msg;
17547 void *hdr;
17548
17549 ASSERT_WDEV_LOCK(wdev);
17550
17551 trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap);
17552
17553 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17554 if (!msg)
17555 return -ENOMEM;
17556
17557 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
17558 if (!hdr)
17559 goto nla_put_failure;
17560
17561 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
17562 goto nla_put_failure;
17563
17564 if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED &&
17565 nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count))
17566 goto nla_put_failure;
17567
17568 if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION &&
17569 nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP,
17570 color_bitmap, NL80211_ATTR_PAD))
17571 goto nla_put_failure;
17572
17573 genlmsg_end(msg, hdr);
17574
17575 return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
17576 msg, 0, NL80211_MCGRP_MLME, gfp);
17577
17578nla_put_failure:
17579 nlmsg_free(msg);
17580 return -EINVAL;
17581}
17582EXPORT_SYMBOL(cfg80211_bss_color_notify);
17583
17584void
17585nl80211_radar_notify(struct cfg80211_registered_device *rdev,
17586 const struct cfg80211_chan_def *chandef,
17587 enum nl80211_radar_event event,
17588 struct net_device *netdev, gfp_t gfp)
17589{
17590 struct sk_buff *msg;
17591 void *hdr;
17592
17593 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17594 if (!msg)
17595 return;
17596
17597 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
17598 if (!hdr) {
17599 nlmsg_free(msg);
17600 return;
17601 }
17602
17603 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
17604 goto nla_put_failure;
17605
17606
17607 if (netdev) {
17608 struct wireless_dev *wdev = netdev->ieee80211_ptr;
17609
17610 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17611 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17612 NL80211_ATTR_PAD))
17613 goto nla_put_failure;
17614 }
17615
17616 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
17617 goto nla_put_failure;
17618
17619 if (nl80211_send_chandef(msg, chandef))
17620 goto nla_put_failure;
17621
17622 genlmsg_end(msg, hdr);
17623
17624 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17625 NL80211_MCGRP_MLME, gfp);
17626 return;
17627
17628 nla_put_failure:
17629 nlmsg_free(msg);
17630}
17631
17632void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
17633 struct sta_opmode_info *sta_opmode,
17634 gfp_t gfp)
17635{
17636 struct sk_buff *msg;
17637 struct wireless_dev *wdev = dev->ieee80211_ptr;
17638 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17639 void *hdr;
17640
17641 if (WARN_ON(!mac))
17642 return;
17643
17644 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17645 if (!msg)
17646 return;
17647
17648 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
17649 if (!hdr) {
17650 nlmsg_free(msg);
17651 return;
17652 }
17653
17654 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
17655 goto nla_put_failure;
17656
17657 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
17658 goto nla_put_failure;
17659
17660 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
17661 goto nla_put_failure;
17662
17663 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
17664 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
17665 goto nla_put_failure;
17666
17667 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
17668 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
17669 goto nla_put_failure;
17670
17671 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
17672 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
17673 goto nla_put_failure;
17674
17675 genlmsg_end(msg, hdr);
17676
17677 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17678 NL80211_MCGRP_MLME, gfp);
17679
17680 return;
17681
17682nla_put_failure:
17683 nlmsg_free(msg);
17684}
17685EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
17686
17687void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
17688 u64 cookie, bool acked, s32 ack_signal,
17689 bool is_valid_ack_signal, gfp_t gfp)
17690{
17691 struct wireless_dev *wdev = dev->ieee80211_ptr;
17692 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17693 struct sk_buff *msg;
17694 void *hdr;
17695
17696 trace_cfg80211_probe_status(dev, addr, cookie, acked);
17697
17698 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17699
17700 if (!msg)
17701 return;
17702
17703 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
17704 if (!hdr) {
17705 nlmsg_free(msg);
17706 return;
17707 }
17708
17709 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17710 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17711 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
17712 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
17713 NL80211_ATTR_PAD) ||
17714 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
17715 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
17716 ack_signal)))
17717 goto nla_put_failure;
17718
17719 genlmsg_end(msg, hdr);
17720
17721 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17722 NL80211_MCGRP_MLME, gfp);
17723 return;
17724
17725 nla_put_failure:
17726 nlmsg_free(msg);
17727}
17728EXPORT_SYMBOL(cfg80211_probe_status);
17729
17730void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
17731 size_t len, int freq, int sig_dbm)
17732{
17733 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17734 struct sk_buff *msg;
17735 void *hdr;
17736 struct cfg80211_beacon_registration *reg;
17737
17738 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
17739
17740 spin_lock_bh(&rdev->beacon_registrations_lock);
17741 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
17742 msg = nlmsg_new(len + 100, GFP_ATOMIC);
17743 if (!msg) {
17744 spin_unlock_bh(&rdev->beacon_registrations_lock);
17745 return;
17746 }
17747
17748 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
17749 if (!hdr)
17750 goto nla_put_failure;
17751
17752 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17753 (freq &&
17754 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
17755 KHZ_TO_MHZ(freq)) ||
17756 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
17757 freq % 1000))) ||
17758 (sig_dbm &&
17759 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
17760 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
17761 goto nla_put_failure;
17762
17763 genlmsg_end(msg, hdr);
17764
17765 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
17766 }
17767 spin_unlock_bh(&rdev->beacon_registrations_lock);
17768 return;
17769
17770 nla_put_failure:
17771 spin_unlock_bh(&rdev->beacon_registrations_lock);
17772 nlmsg_free(msg);
17773}
17774EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
17775
17776#ifdef CONFIG_PM
17777static int cfg80211_net_detect_results(struct sk_buff *msg,
17778 struct cfg80211_wowlan_wakeup *wakeup)
17779{
17780 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
17781 struct nlattr *nl_results, *nl_match, *nl_freqs;
17782 int i, j;
17783
17784 nl_results = nla_nest_start_noflag(msg,
17785 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
17786 if (!nl_results)
17787 return -EMSGSIZE;
17788
17789 for (i = 0; i < nd->n_matches; i++) {
17790 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
17791
17792 nl_match = nla_nest_start_noflag(msg, i);
17793 if (!nl_match)
17794 break;
17795
17796
17797
17798
17799
17800
17801
17802
17803 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
17804 match->ssid.ssid)) {
17805 nla_nest_cancel(msg, nl_match);
17806 goto out;
17807 }
17808
17809 if (match->n_channels) {
17810 nl_freqs = nla_nest_start_noflag(msg,
17811 NL80211_ATTR_SCAN_FREQUENCIES);
17812 if (!nl_freqs) {
17813 nla_nest_cancel(msg, nl_match);
17814 goto out;
17815 }
17816
17817 for (j = 0; j < match->n_channels; j++) {
17818 if (nla_put_u32(msg, j, match->channels[j])) {
17819 nla_nest_cancel(msg, nl_freqs);
17820 nla_nest_cancel(msg, nl_match);
17821 goto out;
17822 }
17823 }
17824
17825 nla_nest_end(msg, nl_freqs);
17826 }
17827
17828 nla_nest_end(msg, nl_match);
17829 }
17830
17831out:
17832 nla_nest_end(msg, nl_results);
17833 return 0;
17834}
17835
17836void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
17837 struct cfg80211_wowlan_wakeup *wakeup,
17838 gfp_t gfp)
17839{
17840 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17841 struct sk_buff *msg;
17842 void *hdr;
17843 int size = 200;
17844
17845 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
17846
17847 if (wakeup)
17848 size += wakeup->packet_present_len;
17849
17850 msg = nlmsg_new(size, gfp);
17851 if (!msg)
17852 return;
17853
17854 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
17855 if (!hdr)
17856 goto free_msg;
17857
17858 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17859 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17860 NL80211_ATTR_PAD))
17861 goto free_msg;
17862
17863 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
17864 wdev->netdev->ifindex))
17865 goto free_msg;
17866
17867 if (wakeup) {
17868 struct nlattr *reasons;
17869
17870 reasons = nla_nest_start_noflag(msg,
17871 NL80211_ATTR_WOWLAN_TRIGGERS);
17872 if (!reasons)
17873 goto free_msg;
17874
17875 if (wakeup->disconnect &&
17876 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
17877 goto free_msg;
17878 if (wakeup->magic_pkt &&
17879 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
17880 goto free_msg;
17881 if (wakeup->gtk_rekey_failure &&
17882 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
17883 goto free_msg;
17884 if (wakeup->eap_identity_req &&
17885 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
17886 goto free_msg;
17887 if (wakeup->four_way_handshake &&
17888 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
17889 goto free_msg;
17890 if (wakeup->rfkill_release &&
17891 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
17892 goto free_msg;
17893
17894 if (wakeup->pattern_idx >= 0 &&
17895 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
17896 wakeup->pattern_idx))
17897 goto free_msg;
17898
17899 if (wakeup->tcp_match &&
17900 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
17901 goto free_msg;
17902
17903 if (wakeup->tcp_connlost &&
17904 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
17905 goto free_msg;
17906
17907 if (wakeup->tcp_nomoretokens &&
17908 nla_put_flag(msg,
17909 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
17910 goto free_msg;
17911
17912 if (wakeup->packet) {
17913 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
17914 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
17915
17916 if (!wakeup->packet_80211) {
17917 pkt_attr =
17918 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
17919 len_attr =
17920 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
17921 }
17922
17923 if (wakeup->packet_len &&
17924 nla_put_u32(msg, len_attr, wakeup->packet_len))
17925 goto free_msg;
17926
17927 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
17928 wakeup->packet))
17929 goto free_msg;
17930 }
17931
17932 if (wakeup->net_detect &&
17933 cfg80211_net_detect_results(msg, wakeup))
17934 goto free_msg;
17935
17936 nla_nest_end(msg, reasons);
17937 }
17938
17939 genlmsg_end(msg, hdr);
17940
17941 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17942 NL80211_MCGRP_MLME, gfp);
17943 return;
17944
17945 free_msg:
17946 nlmsg_free(msg);
17947}
17948EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
17949#endif
17950
17951void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
17952 enum nl80211_tdls_operation oper,
17953 u16 reason_code, gfp_t gfp)
17954{
17955 struct wireless_dev *wdev = dev->ieee80211_ptr;
17956 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17957 struct sk_buff *msg;
17958 void *hdr;
17959
17960 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
17961 reason_code);
17962
17963 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17964 if (!msg)
17965 return;
17966
17967 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
17968 if (!hdr) {
17969 nlmsg_free(msg);
17970 return;
17971 }
17972
17973 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17974 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17975 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
17976 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
17977 (reason_code > 0 &&
17978 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
17979 goto nla_put_failure;
17980
17981 genlmsg_end(msg, hdr);
17982
17983 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17984 NL80211_MCGRP_MLME, gfp);
17985 return;
17986
17987 nla_put_failure:
17988 nlmsg_free(msg);
17989}
17990EXPORT_SYMBOL(cfg80211_tdls_oper_request);
17991
17992static int nl80211_netlink_notify(struct notifier_block * nb,
17993 unsigned long state,
17994 void *_notify)
17995{
17996 struct netlink_notify *notify = _notify;
17997 struct cfg80211_registered_device *rdev;
17998 struct wireless_dev *wdev;
17999 struct cfg80211_beacon_registration *reg, *tmp;
18000
18001 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
18002 return NOTIFY_DONE;
18003
18004 rcu_read_lock();
18005
18006 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
18007 struct cfg80211_sched_scan_request *sched_scan_req;
18008
18009 list_for_each_entry_rcu(sched_scan_req,
18010 &rdev->sched_scan_req_list,
18011 list) {
18012 if (sched_scan_req->owner_nlportid == notify->portid) {
18013 sched_scan_req->nl_owner_dead = true;
18014 schedule_work(&rdev->sched_scan_stop_wk);
18015 }
18016 }
18017
18018 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
18019 cfg80211_mlme_unregister_socket(wdev, notify->portid);
18020
18021 if (wdev->owner_nlportid == notify->portid) {
18022 wdev->nl_owner_dead = true;
18023 schedule_work(&rdev->destroy_work);
18024 } else if (wdev->conn_owner_nlportid == notify->portid) {
18025 schedule_work(&wdev->disconnect_wk);
18026 }
18027
18028 cfg80211_release_pmsr(wdev, notify->portid);
18029 }
18030
18031 spin_lock_bh(&rdev->beacon_registrations_lock);
18032 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
18033 list) {
18034 if (reg->nlportid == notify->portid) {
18035 list_del(®->list);
18036 kfree(reg);
18037 break;
18038 }
18039 }
18040 spin_unlock_bh(&rdev->beacon_registrations_lock);
18041 }
18042
18043 rcu_read_unlock();
18044
18045
18046
18047
18048
18049 regulatory_netlink_notify(notify->portid);
18050 return NOTIFY_OK;
18051}
18052
18053static struct notifier_block nl80211_netlink_notifier = {
18054 .notifier_call = nl80211_netlink_notify,
18055};
18056
18057void cfg80211_ft_event(struct net_device *netdev,
18058 struct cfg80211_ft_event_params *ft_event)
18059{
18060 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
18061 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18062 struct sk_buff *msg;
18063 void *hdr;
18064
18065 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
18066
18067 if (!ft_event->target_ap)
18068 return;
18069
18070 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
18071 GFP_KERNEL);
18072 if (!msg)
18073 return;
18074
18075 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
18076 if (!hdr)
18077 goto out;
18078
18079 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18080 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18081 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
18082 goto out;
18083
18084 if (ft_event->ies &&
18085 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
18086 goto out;
18087 if (ft_event->ric_ies &&
18088 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
18089 ft_event->ric_ies))
18090 goto out;
18091
18092 genlmsg_end(msg, hdr);
18093
18094 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18095 NL80211_MCGRP_MLME, GFP_KERNEL);
18096 return;
18097 out:
18098 nlmsg_free(msg);
18099}
18100EXPORT_SYMBOL(cfg80211_ft_event);
18101
18102void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
18103{
18104 struct cfg80211_registered_device *rdev;
18105 struct sk_buff *msg;
18106 void *hdr;
18107 u32 nlportid;
18108
18109 rdev = wiphy_to_rdev(wdev->wiphy);
18110 if (!rdev->crit_proto_nlportid)
18111 return;
18112
18113 nlportid = rdev->crit_proto_nlportid;
18114 rdev->crit_proto_nlportid = 0;
18115
18116 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18117 if (!msg)
18118 return;
18119
18120 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
18121 if (!hdr)
18122 goto nla_put_failure;
18123
18124 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18125 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
18126 NL80211_ATTR_PAD))
18127 goto nla_put_failure;
18128
18129 genlmsg_end(msg, hdr);
18130
18131 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
18132 return;
18133
18134 nla_put_failure:
18135 nlmsg_free(msg);
18136}
18137EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
18138
18139void nl80211_send_ap_stopped(struct wireless_dev *wdev)
18140{
18141 struct wiphy *wiphy = wdev->wiphy;
18142 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18143 struct sk_buff *msg;
18144 void *hdr;
18145
18146 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18147 if (!msg)
18148 return;
18149
18150 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
18151 if (!hdr)
18152 goto out;
18153
18154 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18155 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
18156 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
18157 NL80211_ATTR_PAD))
18158 goto out;
18159
18160 genlmsg_end(msg, hdr);
18161
18162 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
18163 NL80211_MCGRP_MLME, GFP_KERNEL);
18164 return;
18165 out:
18166 nlmsg_free(msg);
18167}
18168
18169int cfg80211_external_auth_request(struct net_device *dev,
18170 struct cfg80211_external_auth_params *params,
18171 gfp_t gfp)
18172{
18173 struct wireless_dev *wdev = dev->ieee80211_ptr;
18174 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
18175 struct sk_buff *msg;
18176 void *hdr;
18177
18178 if (!wdev->conn_owner_nlportid)
18179 return -EINVAL;
18180
18181 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18182 if (!msg)
18183 return -ENOMEM;
18184
18185 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
18186 if (!hdr)
18187 goto nla_put_failure;
18188
18189 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18190 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18191 nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
18192 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
18193 params->action) ||
18194 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
18195 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
18196 params->ssid.ssid))
18197 goto nla_put_failure;
18198
18199 genlmsg_end(msg, hdr);
18200 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
18201 wdev->conn_owner_nlportid);
18202 return 0;
18203
18204 nla_put_failure:
18205 nlmsg_free(msg);
18206 return -ENOBUFS;
18207}
18208EXPORT_SYMBOL(cfg80211_external_auth_request);
18209
18210void cfg80211_update_owe_info_event(struct net_device *netdev,
18211 struct cfg80211_update_owe_info *owe_info,
18212 gfp_t gfp)
18213{
18214 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
18215 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18216 struct sk_buff *msg;
18217 void *hdr;
18218
18219 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
18220
18221 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18222 if (!msg)
18223 return;
18224
18225 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
18226 if (!hdr)
18227 goto nla_put_failure;
18228
18229 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18230 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18231 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
18232 goto nla_put_failure;
18233
18234 if (!owe_info->ie_len ||
18235 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
18236 goto nla_put_failure;
18237
18238 genlmsg_end(msg, hdr);
18239
18240 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18241 NL80211_MCGRP_MLME, gfp);
18242 return;
18243
18244nla_put_failure:
18245 genlmsg_cancel(msg, hdr);
18246 nlmsg_free(msg);
18247}
18248EXPORT_SYMBOL(cfg80211_update_owe_info_event);
18249
18250
18251
18252int __init nl80211_init(void)
18253{
18254 int err;
18255
18256 err = genl_register_family(&nl80211_fam);
18257 if (err)
18258 return err;
18259
18260 err = netlink_register_notifier(&nl80211_netlink_notifier);
18261 if (err)
18262 goto err_out;
18263
18264 return 0;
18265 err_out:
18266 genl_unregister_family(&nl80211_fam);
18267 return err;
18268}
18269
18270void nl80211_exit(void)
18271{
18272 netlink_unregister_notifier(&nl80211_netlink_notifier);
18273 genl_unregister_family(&nl80211_fam);
18274}
18275
