1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2013-2014 Intel Mobile Communications GmbH 6 * Copyright 2015-2017 Intel Deutschland GmbH 7 * Copyright (C) 2018 Intel Corporation 8 */ 9 10 #include <linux/if.h> 11 #include <linux/module.h> 12 #include <linux/err.h> 13 #include <linux/slab.h> 14 #include <linux/list.h> 15 #include <linux/if_ether.h> 16 #include <linux/ieee80211.h> 17 #include <linux/nl80211.h> 18 #include <linux/rtnetlink.h> 19 #include <linux/netlink.h> 20 #include <linux/nospec.h> 21 #include <linux/etherdevice.h> 22 #include <net/net_namespace.h> 23 #include <net/genetlink.h> 24 #include <net/cfg80211.h> 25 #include <net/sock.h> 26 #include <net/inet_connection_sock.h> 27 #include "core.h" 28 #include "nl80211.h" 29 #include "reg.h" 30 #include "rdev-ops.h" 31 32 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 33 struct genl_info *info, 34 struct cfg80211_crypto_settings *settings, 35 int cipher_limit); 36 37 /* the netlink family */ 38 static struct genl_family nl80211_fam; 39 40 /* multicast groups */ 41 enum nl80211_multicast_groups { 42 NL80211_MCGRP_CONFIG, 43 NL80211_MCGRP_SCAN, 44 NL80211_MCGRP_REGULATORY, 45 NL80211_MCGRP_MLME, 46 NL80211_MCGRP_VENDOR, 47 NL80211_MCGRP_NAN, 48 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */ 49 }; 50 51 static const struct genl_multicast_group nl80211_mcgrps[] = { 52 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG }, 53 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN }, 54 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG }, 55 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME }, 56 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR }, 57 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN }, 58 #ifdef CONFIG_NL80211_TESTMODE 59 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE } 60 #endif 61 }; 62 63 /* returns ERR_PTR values */ 64 static struct wireless_dev * 65 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs) 66 { 67 struct cfg80211_registered_device *rdev; 68 struct wireless_dev *result = NULL; 69 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX]; 70 bool have_wdev_id = attrs[NL80211_ATTR_WDEV]; 71 u64 wdev_id; 72 int wiphy_idx = -1; 73 int ifidx = -1; 74 75 ASSERT_RTNL(); 76 77 if (!have_ifidx && !have_wdev_id) 78 return ERR_PTR(-EINVAL); 79 80 if (have_ifidx) 81 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 82 if (have_wdev_id) { 83 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 84 wiphy_idx = wdev_id >> 32; 85 } 86 87 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 88 struct wireless_dev *wdev; 89 90 if (wiphy_net(&rdev->wiphy) != netns) 91 continue; 92 93 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx) 94 continue; 95 96 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 97 if (have_ifidx && wdev->netdev && 98 wdev->netdev->ifindex == ifidx) { 99 result = wdev; 100 break; 101 } 102 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 103 result = wdev; 104 break; 105 } 106 } 107 108 if (result) 109 break; 110 } 111 112 if (result) 113 return result; 114 return ERR_PTR(-ENODEV); 115 } 116 117 static struct cfg80211_registered_device * 118 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs) 119 { 120 struct cfg80211_registered_device *rdev = NULL, *tmp; 121 struct net_device *netdev; 122 123 ASSERT_RTNL(); 124 125 if (!attrs[NL80211_ATTR_WIPHY] && 126 !attrs[NL80211_ATTR_IFINDEX] && 127 !attrs[NL80211_ATTR_WDEV]) 128 return ERR_PTR(-EINVAL); 129 130 if (attrs[NL80211_ATTR_WIPHY]) 131 rdev = cfg80211_rdev_by_wiphy_idx( 132 nla_get_u32(attrs[NL80211_ATTR_WIPHY])); 133 134 if (attrs[NL80211_ATTR_WDEV]) { 135 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 136 struct wireless_dev *wdev; 137 bool found = false; 138 139 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32); 140 if (tmp) { 141 /* make sure wdev exists */ 142 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) { 143 if (wdev->identifier != (u32)wdev_id) 144 continue; 145 found = true; 146 break; 147 } 148 149 if (!found) 150 tmp = NULL; 151 152 if (rdev && tmp != rdev) 153 return ERR_PTR(-EINVAL); 154 rdev = tmp; 155 } 156 } 157 158 if (attrs[NL80211_ATTR_IFINDEX]) { 159 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 160 161 netdev = __dev_get_by_index(netns, ifindex); 162 if (netdev) { 163 if (netdev->ieee80211_ptr) 164 tmp = wiphy_to_rdev( 165 netdev->ieee80211_ptr->wiphy); 166 else 167 tmp = NULL; 168 169 /* not wireless device -- return error */ 170 if (!tmp) 171 return ERR_PTR(-EINVAL); 172 173 /* mismatch -- return error */ 174 if (rdev && tmp != rdev) 175 return ERR_PTR(-EINVAL); 176 177 rdev = tmp; 178 } 179 } 180 181 if (!rdev) 182 return ERR_PTR(-ENODEV); 183 184 if (netns != wiphy_net(&rdev->wiphy)) 185 return ERR_PTR(-ENODEV); 186 187 return rdev; 188 } 189 190 /* 191 * This function returns a pointer to the driver 192 * that the genl_info item that is passed refers to. 193 * 194 * The result of this can be a PTR_ERR and hence must 195 * be checked with IS_ERR() for errors. 196 */ 197 static struct cfg80211_registered_device * 198 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info) 199 { 200 return __cfg80211_rdev_from_attrs(netns, info->attrs); 201 } 202 203 /* policy for the attributes */ 204 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { 205 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 206 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 207 .len = 20-1 }, 208 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 209 210 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 211 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 212 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 }, 213 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 }, 214 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 }, 215 216 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 217 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 218 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 219 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 220 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 221 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG }, 222 223 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 224 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 225 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 226 227 [NL80211_ATTR_MAC] = { .len = ETH_ALEN }, 228 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN }, 229 230 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 231 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 232 .len = WLAN_MAX_KEY_LEN }, 233 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 234 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 235 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 236 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 237 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 }, 238 239 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 240 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 241 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 242 .len = IEEE80211_MAX_DATA_LEN }, 243 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 244 .len = IEEE80211_MAX_DATA_LEN }, 245 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 246 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 247 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 248 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 249 .len = NL80211_MAX_SUPP_RATES }, 250 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 251 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 252 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 253 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 254 .len = IEEE80211_MAX_MESH_ID_LEN }, 255 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 256 257 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 258 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 259 260 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 261 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 262 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 263 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 264 .len = NL80211_MAX_SUPP_RATES }, 265 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 266 267 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 268 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 269 270 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN }, 271 272 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 273 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 274 .len = IEEE80211_MAX_DATA_LEN }, 275 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 276 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 277 278 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 279 .len = IEEE80211_MAX_SSID_LEN }, 280 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 281 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 282 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 283 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 284 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 285 [NL80211_ATTR_STA_FLAGS2] = { 286 .len = sizeof(struct nl80211_sta_flag_update), 287 }, 288 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 289 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 290 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 291 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG }, 292 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 293 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 294 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 295 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 296 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 297 [NL80211_ATTR_PMKID] = { .len = WLAN_PMKID_LEN }, 298 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 299 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 300 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 301 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 302 .len = IEEE80211_MAX_DATA_LEN }, 303 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 304 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 305 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 306 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 307 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 308 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 309 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 310 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 311 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 312 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 313 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 314 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 315 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 316 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 317 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, 318 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 319 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 320 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 321 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 }, 322 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY, 323 .len = IEEE80211_MAX_DATA_LEN }, 324 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY, 325 .len = IEEE80211_MAX_DATA_LEN }, 326 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 327 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 328 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 329 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 330 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 331 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 332 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 333 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 334 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG }, 335 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 336 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 337 .len = IEEE80211_MAX_DATA_LEN }, 338 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 339 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 340 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 341 .len = NL80211_HT_CAPABILITY_LEN 342 }, 343 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 344 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 345 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 346 [NL80211_ATTR_WDEV] = { .type = NLA_U64 }, 347 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 }, 348 [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, }, 349 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN }, 350 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 }, 351 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 }, 352 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 }, 353 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = {. type = NLA_U32 }, 354 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 }, 355 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED }, 356 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 }, 357 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, }, 358 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, }, 359 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG }, 360 [NL80211_ATTR_VHT_CAPABILITY_MASK] = { 361 .len = NL80211_VHT_CAPABILITY_LEN, 362 }, 363 [NL80211_ATTR_MDID] = { .type = NLA_U16 }, 364 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY, 365 .len = IEEE80211_MAX_DATA_LEN }, 366 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 }, 367 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 }, 368 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG }, 369 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED }, 370 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY }, 371 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY }, 372 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY }, 373 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY }, 374 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG }, 375 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 }, 376 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 }, 377 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 }, 378 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY }, 379 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY, 380 .len = IEEE80211_QOS_MAP_LEN_MAX }, 381 [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN }, 382 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 }, 383 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 }, 384 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG }, 385 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY }, 386 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG }, 387 [NL80211_ATTR_TSID] = { .type = NLA_U8 }, 388 [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 }, 389 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 }, 390 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 }, 391 [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN }, 392 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG }, 393 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 }, 394 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 }, 395 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG }, 396 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG }, 397 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED }, 398 [NL80211_ATTR_STA_SUPPORT_P2P_PS] = { .type = NLA_U8 }, 399 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = { 400 .len = VHT_MUMIMO_GROUPS_DATA_LEN 401 }, 402 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN }, 403 [NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 }, 404 [NL80211_ATTR_BANDS] = { .type = NLA_U32 }, 405 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED }, 406 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY, 407 .len = FILS_MAX_KEK_LEN }, 408 [NL80211_ATTR_FILS_NONCES] = { .len = 2 * FILS_NONCE_LEN }, 409 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, }, 410 [NL80211_ATTR_BSSID] = { .len = ETH_ALEN }, 411 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 }, 412 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = { 413 .len = sizeof(struct nl80211_bss_select_rssi_adjust) 414 }, 415 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 }, 416 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY, 417 .len = FILS_ERP_MAX_USERNAME_LEN }, 418 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY, 419 .len = FILS_ERP_MAX_REALM_LEN }, 420 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 }, 421 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY, 422 .len = FILS_ERP_MAX_RRK_LEN }, 423 [NL80211_ATTR_FILS_CACHE_ID] = { .len = 2 }, 424 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN }, 425 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG }, 426 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG }, 427 428 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 }, 429 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 }, 430 [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 }, 431 }; 432 433 /* policy for the key attributes */ 434 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 435 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 436 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 437 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 438 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 439 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 440 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 441 [NL80211_KEY_TYPE] = { .type = NLA_U32 }, 442 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 443 }; 444 445 /* policy for the key default flags */ 446 static const struct nla_policy 447 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 448 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 449 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 450 }; 451 452 #ifdef CONFIG_PM 453 /* policy for WoWLAN attributes */ 454 static const struct nla_policy 455 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 456 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 457 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 458 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 459 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 460 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 461 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 462 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 463 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 464 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED }, 465 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED }, 466 }; 467 468 static const struct nla_policy 469 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = { 470 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 }, 471 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 }, 472 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN }, 473 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 }, 474 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 }, 475 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 }, 476 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = { 477 .len = sizeof(struct nl80211_wowlan_tcp_data_seq) 478 }, 479 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = { 480 .len = sizeof(struct nl80211_wowlan_tcp_data_token) 481 }, 482 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 }, 483 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 }, 484 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 }, 485 }; 486 #endif /* CONFIG_PM */ 487 488 /* policy for coalesce rule attributes */ 489 static const struct nla_policy 490 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = { 491 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 }, 492 [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 }, 493 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED }, 494 }; 495 496 /* policy for GTK rekey offload attributes */ 497 static const struct nla_policy 498 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 499 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN }, 500 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN }, 501 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN }, 502 }; 503 504 static const struct nla_policy 505 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 506 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY, 507 .len = IEEE80211_MAX_SSID_LEN }, 508 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = { .len = ETH_ALEN }, 509 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 }, 510 }; 511 512 static const struct nla_policy 513 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = { 514 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 }, 515 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 }, 516 }; 517 518 static const struct nla_policy 519 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = { 520 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG }, 521 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 }, 522 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = { 523 .len = sizeof(struct nl80211_bss_select_rssi_adjust) 524 }, 525 }; 526 527 /* policy for NAN function attributes */ 528 static const struct nla_policy 529 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = { 530 [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 }, 531 [NL80211_NAN_FUNC_SERVICE_ID] = { 532 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN }, 533 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 }, 534 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG }, 535 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG }, 536 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 }, 537 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 }, 538 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = { .len = ETH_ALEN }, 539 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG }, 540 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 }, 541 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY, 542 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN }, 543 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED }, 544 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED }, 545 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED }, 546 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 }, 547 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 }, 548 }; 549 550 /* policy for Service Response Filter attributes */ 551 static const struct nla_policy 552 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = { 553 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG }, 554 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY, 555 .len = NL80211_NAN_FUNC_SRF_MAX_LEN }, 556 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 }, 557 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED }, 558 }; 559 560 /* policy for packet pattern attributes */ 561 static const struct nla_policy 562 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = { 563 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, }, 564 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, }, 565 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 }, 566 }; 567 568 static int nl80211_prepare_wdev_dump(struct sk_buff *skb, 569 struct netlink_callback *cb, 570 struct cfg80211_registered_device **rdev, 571 struct wireless_dev **wdev) 572 { 573 int err; 574 575 if (!cb->args[0]) { 576 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 577 genl_family_attrbuf(&nl80211_fam), 578 nl80211_fam.maxattr, nl80211_policy, NULL); 579 if (err) 580 return err; 581 582 *wdev = __cfg80211_wdev_from_attrs( 583 sock_net(skb->sk), 584 genl_family_attrbuf(&nl80211_fam)); 585 if (IS_ERR(*wdev)) 586 return PTR_ERR(*wdev); 587 *rdev = wiphy_to_rdev((*wdev)->wiphy); 588 /* 0 is the first index - add 1 to parse only once */ 589 cb->args[0] = (*rdev)->wiphy_idx + 1; 590 cb->args[1] = (*wdev)->identifier; 591 } else { 592 /* subtract the 1 again here */ 593 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1); 594 struct wireless_dev *tmp; 595 596 if (!wiphy) 597 return -ENODEV; 598 *rdev = wiphy_to_rdev(wiphy); 599 *wdev = NULL; 600 601 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) { 602 if (tmp->identifier == cb->args[1]) { 603 *wdev = tmp; 604 break; 605 } 606 } 607 608 if (!*wdev) 609 return -ENODEV; 610 } 611 612 return 0; 613 } 614 615 /* IE validation */ 616 static bool is_valid_ie_attr(const struct nlattr *attr) 617 { 618 const u8 *pos; 619 int len; 620 621 if (!attr) 622 return true; 623 624 pos = nla_data(attr); 625 len = nla_len(attr); 626 627 while (len) { 628 u8 elemlen; 629 630 if (len < 2) 631 return false; 632 len -= 2; 633 634 elemlen = pos[1]; 635 if (elemlen > len) 636 return false; 637 638 len -= elemlen; 639 pos += 2 + elemlen; 640 } 641 642 return true; 643 } 644 645 /* message building helper */ 646 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq, 647 int flags, u8 cmd) 648 { 649 /* since there is no private header just add the generic one */ 650 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd); 651 } 652 653 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg, 654 const struct ieee80211_reg_rule *rule) 655 { 656 int j; 657 struct nlattr *nl_wmm_rules = 658 nla_nest_start(msg, NL80211_FREQUENCY_ATTR_WMM); 659 660 if (!nl_wmm_rules) 661 goto nla_put_failure; 662 663 for (j = 0; j < IEEE80211_NUM_ACS; j++) { 664 struct nlattr *nl_wmm_rule = nla_nest_start(msg, j); 665 666 if (!nl_wmm_rule) 667 goto nla_put_failure; 668 669 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN, 670 rule->wmm_rule->client[j].cw_min) || 671 nla_put_u16(msg, NL80211_WMMR_CW_MAX, 672 rule->wmm_rule->client[j].cw_max) || 673 nla_put_u8(msg, NL80211_WMMR_AIFSN, 674 rule->wmm_rule->client[j].aifsn) || 675 nla_put_u8(msg, NL80211_WMMR_TXOP, 676 rule->wmm_rule->client[j].cot)) 677 goto nla_put_failure; 678 679 nla_nest_end(msg, nl_wmm_rule); 680 } 681 nla_nest_end(msg, nl_wmm_rules); 682 683 return 0; 684 685 nla_put_failure: 686 return -ENOBUFS; 687 } 688 689 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy, 690 struct ieee80211_channel *chan, 691 bool large) 692 { 693 /* Some channels must be completely excluded from the 694 * list to protect old user-space tools from breaking 695 */ 696 if (!large && chan->flags & 697 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ)) 698 return 0; 699 700 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ, 701 chan->center_freq)) 702 goto nla_put_failure; 703 704 if ((chan->flags & IEEE80211_CHAN_DISABLED) && 705 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) 706 goto nla_put_failure; 707 if (chan->flags & IEEE80211_CHAN_NO_IR) { 708 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR)) 709 goto nla_put_failure; 710 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS)) 711 goto nla_put_failure; 712 } 713 if (chan->flags & IEEE80211_CHAN_RADAR) { 714 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 715 goto nla_put_failure; 716 if (large) { 717 u32 time; 718 719 time = elapsed_jiffies_msecs(chan->dfs_state_entered); 720 721 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE, 722 chan->dfs_state)) 723 goto nla_put_failure; 724 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME, 725 time)) 726 goto nla_put_failure; 727 if (nla_put_u32(msg, 728 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME, 729 chan->dfs_cac_ms)) 730 goto nla_put_failure; 731 } 732 } 733 734 if (large) { 735 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) && 736 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS)) 737 goto nla_put_failure; 738 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) && 739 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS)) 740 goto nla_put_failure; 741 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) && 742 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ)) 743 goto nla_put_failure; 744 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) && 745 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ)) 746 goto nla_put_failure; 747 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) && 748 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY)) 749 goto nla_put_failure; 750 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) && 751 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT)) 752 goto nla_put_failure; 753 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) && 754 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ)) 755 goto nla_put_failure; 756 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) && 757 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ)) 758 goto nla_put_failure; 759 } 760 761 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 762 DBM_TO_MBM(chan->max_power))) 763 goto nla_put_failure; 764 765 if (large) { 766 const struct ieee80211_reg_rule *rule = 767 freq_reg_info(wiphy, chan->center_freq); 768 769 if (!IS_ERR(rule) && rule->wmm_rule) { 770 if (nl80211_msg_put_wmm_rules(msg, rule)) 771 goto nla_put_failure; 772 } 773 } 774 775 return 0; 776 777 nla_put_failure: 778 return -ENOBUFS; 779 } 780 781 static bool nl80211_put_txq_stats(struct sk_buff *msg, 782 struct cfg80211_txq_stats *txqstats, 783 int attrtype) 784 { 785 struct nlattr *txqattr; 786 787 #define PUT_TXQVAL_U32(attr, memb) do { \ 788 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \ 789 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \ 790 return false; \ 791 } while (0) 792 793 txqattr = nla_nest_start(msg, attrtype); 794 if (!txqattr) 795 return false; 796 797 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes); 798 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets); 799 PUT_TXQVAL_U32(FLOWS, flows); 800 PUT_TXQVAL_U32(DROPS, drops); 801 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks); 802 PUT_TXQVAL_U32(OVERLIMIT, overlimit); 803 PUT_TXQVAL_U32(OVERMEMORY, overmemory); 804 PUT_TXQVAL_U32(COLLISIONS, collisions); 805 PUT_TXQVAL_U32(TX_BYTES, tx_bytes); 806 PUT_TXQVAL_U32(TX_PACKETS, tx_packets); 807 PUT_TXQVAL_U32(MAX_FLOWS, max_flows); 808 nla_nest_end(msg, txqattr); 809 810 #undef PUT_TXQVAL_U32 811 return true; 812 } 813 814 /* netlink command implementations */ 815 816 struct key_parse { 817 struct key_params p; 818 int idx; 819 int type; 820 bool def, defmgmt; 821 bool def_uni, def_multi; 822 }; 823 824 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key, 825 struct key_parse *k) 826 { 827 struct nlattr *tb[NL80211_KEY_MAX + 1]; 828 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 829 nl80211_key_policy, info->extack); 830 if (err) 831 return err; 832 833 k->def = !!tb[NL80211_KEY_DEFAULT]; 834 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 835 836 if (k->def) { 837 k->def_uni = true; 838 k->def_multi = true; 839 } 840 if (k->defmgmt) 841 k->def_multi = true; 842 843 if (tb[NL80211_KEY_IDX]) 844 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 845 846 if (tb[NL80211_KEY_DATA]) { 847 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 848 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 849 } 850 851 if (tb[NL80211_KEY_SEQ]) { 852 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 853 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 854 } 855 856 if (tb[NL80211_KEY_CIPHER]) 857 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 858 859 if (tb[NL80211_KEY_TYPE]) { 860 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 861 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 862 return genl_err_attr(info, -EINVAL, 863 tb[NL80211_KEY_TYPE]); 864 } 865 866 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 867 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 868 869 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 870 tb[NL80211_KEY_DEFAULT_TYPES], 871 nl80211_key_default_policy, 872 info->extack); 873 if (err) 874 return err; 875 876 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 877 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 878 } 879 880 return 0; 881 } 882 883 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 884 { 885 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 886 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 887 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 888 } 889 890 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 891 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 892 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 893 } 894 895 if (info->attrs[NL80211_ATTR_KEY_IDX]) 896 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 897 898 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 899 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 900 901 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 902 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 903 904 if (k->def) { 905 k->def_uni = true; 906 k->def_multi = true; 907 } 908 if (k->defmgmt) 909 k->def_multi = true; 910 911 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 912 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 913 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) { 914 GENL_SET_ERR_MSG(info, "key type out of range"); 915 return -EINVAL; 916 } 917 } 918 919 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 920 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 921 int err = nla_parse_nested(kdt, 922 NUM_NL80211_KEY_DEFAULT_TYPES - 1, 923 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 924 nl80211_key_default_policy, 925 info->extack); 926 if (err) 927 return err; 928 929 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 930 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 931 } 932 933 return 0; 934 } 935 936 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 937 { 938 int err; 939 940 memset(k, 0, sizeof(*k)); 941 k->idx = -1; 942 k->type = -1; 943 944 if (info->attrs[NL80211_ATTR_KEY]) 945 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k); 946 else 947 err = nl80211_parse_key_old(info, k); 948 949 if (err) 950 return err; 951 952 if (k->def && k->defmgmt) { 953 GENL_SET_ERR_MSG(info, "key with def && defmgmt is invalid"); 954 return -EINVAL; 955 } 956 957 if (k->defmgmt) { 958 if (k->def_uni || !k->def_multi) { 959 GENL_SET_ERR_MSG(info, "defmgmt key must be mcast"); 960 return -EINVAL; 961 } 962 } 963 964 if (k->idx != -1) { 965 if (k->defmgmt) { 966 if (k->idx < 4 || k->idx > 5) { 967 GENL_SET_ERR_MSG(info, 968 "defmgmt key idx not 4 or 5"); 969 return -EINVAL; 970 } 971 } else if (k->def) { 972 if (k->idx < 0 || k->idx > 3) { 973 GENL_SET_ERR_MSG(info, "def key idx not 0-3"); 974 return -EINVAL; 975 } 976 } else { 977 if (k->idx < 0 || k->idx > 5) { 978 GENL_SET_ERR_MSG(info, "key idx not 0-5"); 979 return -EINVAL; 980 } 981 } 982 } 983 984 return 0; 985 } 986 987 static struct cfg80211_cached_keys * 988 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 989 struct genl_info *info, bool *no_ht) 990 { 991 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS]; 992 struct key_parse parse; 993 struct nlattr *key; 994 struct cfg80211_cached_keys *result; 995 int rem, err, def = 0; 996 bool have_key = false; 997 998 nla_for_each_nested(key, keys, rem) { 999 have_key = true; 1000 break; 1001 } 1002 1003 if (!have_key) 1004 return NULL; 1005 1006 result = kzalloc(sizeof(*result), GFP_KERNEL); 1007 if (!result) 1008 return ERR_PTR(-ENOMEM); 1009 1010 result->def = -1; 1011 1012 nla_for_each_nested(key, keys, rem) { 1013 memset(&parse, 0, sizeof(parse)); 1014 parse.idx = -1; 1015 1016 err = nl80211_parse_key_new(info, key, &parse); 1017 if (err) 1018 goto error; 1019 err = -EINVAL; 1020 if (!parse.p.key) 1021 goto error; 1022 if (parse.idx < 0 || parse.idx > 3) { 1023 GENL_SET_ERR_MSG(info, "key index out of range [0-3]"); 1024 goto error; 1025 } 1026 if (parse.def) { 1027 if (def) { 1028 GENL_SET_ERR_MSG(info, 1029 "only one key can be default"); 1030 goto error; 1031 } 1032 def = 1; 1033 result->def = parse.idx; 1034 if (!parse.def_uni || !parse.def_multi) 1035 goto error; 1036 } else if (parse.defmgmt) 1037 goto error; 1038 err = cfg80211_validate_key_settings(rdev, &parse.p, 1039 parse.idx, false, NULL); 1040 if (err) 1041 goto error; 1042 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 && 1043 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) { 1044 GENL_SET_ERR_MSG(info, "connect key must be WEP"); 1045 err = -EINVAL; 1046 goto error; 1047 } 1048 result->params[parse.idx].cipher = parse.p.cipher; 1049 result->params[parse.idx].key_len = parse.p.key_len; 1050 result->params[parse.idx].key = result->data[parse.idx]; 1051 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 1052 1053 /* must be WEP key if we got here */ 1054 if (no_ht) 1055 *no_ht = true; 1056 } 1057 1058 if (result->def < 0) { 1059 err = -EINVAL; 1060 GENL_SET_ERR_MSG(info, "need a default/TX key"); 1061 goto error; 1062 } 1063 1064 return result; 1065 error: 1066 kfree(result); 1067 return ERR_PTR(err); 1068 } 1069 1070 static int nl80211_key_allowed(struct wireless_dev *wdev) 1071 { 1072 ASSERT_WDEV_LOCK(wdev); 1073 1074 switch (wdev->iftype) { 1075 case NL80211_IFTYPE_AP: 1076 case NL80211_IFTYPE_AP_VLAN: 1077 case NL80211_IFTYPE_P2P_GO: 1078 case NL80211_IFTYPE_MESH_POINT: 1079 break; 1080 case NL80211_IFTYPE_ADHOC: 1081 case NL80211_IFTYPE_STATION: 1082 case NL80211_IFTYPE_P2P_CLIENT: 1083 if (!wdev->current_bss) 1084 return -ENOLINK; 1085 break; 1086 case NL80211_IFTYPE_UNSPECIFIED: 1087 case NL80211_IFTYPE_OCB: 1088 case NL80211_IFTYPE_MONITOR: 1089 case NL80211_IFTYPE_NAN: 1090 case NL80211_IFTYPE_P2P_DEVICE: 1091 case NL80211_IFTYPE_WDS: 1092 case NUM_NL80211_IFTYPES: 1093 return -EINVAL; 1094 } 1095 1096 return 0; 1097 } 1098 1099 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy, 1100 struct nlattr *tb) 1101 { 1102 struct ieee80211_channel *chan; 1103 1104 if (tb == NULL) 1105 return NULL; 1106 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb)); 1107 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) 1108 return NULL; 1109 return chan; 1110 } 1111 1112 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 1113 { 1114 struct nlattr *nl_modes = nla_nest_start(msg, attr); 1115 int i; 1116 1117 if (!nl_modes) 1118 goto nla_put_failure; 1119 1120 i = 0; 1121 while (ifmodes) { 1122 if ((ifmodes & 1) && nla_put_flag(msg, i)) 1123 goto nla_put_failure; 1124 ifmodes >>= 1; 1125 i++; 1126 } 1127 1128 nla_nest_end(msg, nl_modes); 1129 return 0; 1130 1131 nla_put_failure: 1132 return -ENOBUFS; 1133 } 1134 1135 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 1136 struct sk_buff *msg, 1137 bool large) 1138 { 1139 struct nlattr *nl_combis; 1140 int i, j; 1141 1142 nl_combis = nla_nest_start(msg, 1143 NL80211_ATTR_INTERFACE_COMBINATIONS); 1144 if (!nl_combis) 1145 goto nla_put_failure; 1146 1147 for (i = 0; i < wiphy->n_iface_combinations; i++) { 1148 const struct ieee80211_iface_combination *c; 1149 struct nlattr *nl_combi, *nl_limits; 1150 1151 c = &wiphy->iface_combinations[i]; 1152 1153 nl_combi = nla_nest_start(msg, i + 1); 1154 if (!nl_combi) 1155 goto nla_put_failure; 1156 1157 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS); 1158 if (!nl_limits) 1159 goto nla_put_failure; 1160 1161 for (j = 0; j < c->n_limits; j++) { 1162 struct nlattr *nl_limit; 1163 1164 nl_limit = nla_nest_start(msg, j + 1); 1165 if (!nl_limit) 1166 goto nla_put_failure; 1167 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, 1168 c->limits[j].max)) 1169 goto nla_put_failure; 1170 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 1171 c->limits[j].types)) 1172 goto nla_put_failure; 1173 nla_nest_end(msg, nl_limit); 1174 } 1175 1176 nla_nest_end(msg, nl_limits); 1177 1178 if (c->beacon_int_infra_match && 1179 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH)) 1180 goto nla_put_failure; 1181 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 1182 c->num_different_channels) || 1183 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM, 1184 c->max_interfaces)) 1185 goto nla_put_failure; 1186 if (large && 1187 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS, 1188 c->radar_detect_widths) || 1189 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS, 1190 c->radar_detect_regions))) 1191 goto nla_put_failure; 1192 if (c->beacon_int_min_gcd && 1193 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD, 1194 c->beacon_int_min_gcd)) 1195 goto nla_put_failure; 1196 1197 nla_nest_end(msg, nl_combi); 1198 } 1199 1200 nla_nest_end(msg, nl_combis); 1201 1202 return 0; 1203 nla_put_failure: 1204 return -ENOBUFS; 1205 } 1206 1207 #ifdef CONFIG_PM 1208 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev, 1209 struct sk_buff *msg) 1210 { 1211 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp; 1212 struct nlattr *nl_tcp; 1213 1214 if (!tcp) 1215 return 0; 1216 1217 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION); 1218 if (!nl_tcp) 1219 return -ENOBUFS; 1220 1221 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 1222 tcp->data_payload_max)) 1223 return -ENOBUFS; 1224 1225 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 1226 tcp->data_payload_max)) 1227 return -ENOBUFS; 1228 1229 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ)) 1230 return -ENOBUFS; 1231 1232 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 1233 sizeof(*tcp->tok), tcp->tok)) 1234 return -ENOBUFS; 1235 1236 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 1237 tcp->data_interval_max)) 1238 return -ENOBUFS; 1239 1240 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 1241 tcp->wake_payload_max)) 1242 return -ENOBUFS; 1243 1244 nla_nest_end(msg, nl_tcp); 1245 return 0; 1246 } 1247 1248 static int nl80211_send_wowlan(struct sk_buff *msg, 1249 struct cfg80211_registered_device *rdev, 1250 bool large) 1251 { 1252 struct nlattr *nl_wowlan; 1253 1254 if (!rdev->wiphy.wowlan) 1255 return 0; 1256 1257 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 1258 if (!nl_wowlan) 1259 return -ENOBUFS; 1260 1261 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) && 1262 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 1263 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) && 1264 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 1265 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) && 1266 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 1267 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) && 1268 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) || 1269 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) && 1270 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 1271 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) && 1272 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 1273 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) && 1274 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 1275 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) && 1276 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 1277 return -ENOBUFS; 1278 1279 if (rdev->wiphy.wowlan->n_patterns) { 1280 struct nl80211_pattern_support pat = { 1281 .max_patterns = rdev->wiphy.wowlan->n_patterns, 1282 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len, 1283 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len, 1284 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset, 1285 }; 1286 1287 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1288 sizeof(pat), &pat)) 1289 return -ENOBUFS; 1290 } 1291 1292 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) && 1293 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT, 1294 rdev->wiphy.wowlan->max_nd_match_sets)) 1295 return -ENOBUFS; 1296 1297 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg)) 1298 return -ENOBUFS; 1299 1300 nla_nest_end(msg, nl_wowlan); 1301 1302 return 0; 1303 } 1304 #endif 1305 1306 static int nl80211_send_coalesce(struct sk_buff *msg, 1307 struct cfg80211_registered_device *rdev) 1308 { 1309 struct nl80211_coalesce_rule_support rule; 1310 1311 if (!rdev->wiphy.coalesce) 1312 return 0; 1313 1314 rule.max_rules = rdev->wiphy.coalesce->n_rules; 1315 rule.max_delay = rdev->wiphy.coalesce->max_delay; 1316 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns; 1317 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len; 1318 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len; 1319 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset; 1320 1321 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule)) 1322 return -ENOBUFS; 1323 1324 return 0; 1325 } 1326 1327 static int nl80211_send_band_rateinfo(struct sk_buff *msg, 1328 struct ieee80211_supported_band *sband) 1329 { 1330 struct nlattr *nl_rates, *nl_rate; 1331 struct ieee80211_rate *rate; 1332 int i; 1333 1334 /* add HT info */ 1335 if (sband->ht_cap.ht_supported && 1336 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET, 1337 sizeof(sband->ht_cap.mcs), 1338 &sband->ht_cap.mcs) || 1339 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA, 1340 sband->ht_cap.cap) || 1341 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 1342 sband->ht_cap.ampdu_factor) || 1343 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 1344 sband->ht_cap.ampdu_density))) 1345 return -ENOBUFS; 1346 1347 /* add VHT info */ 1348 if (sband->vht_cap.vht_supported && 1349 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET, 1350 sizeof(sband->vht_cap.vht_mcs), 1351 &sband->vht_cap.vht_mcs) || 1352 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA, 1353 sband->vht_cap.cap))) 1354 return -ENOBUFS; 1355 1356 /* add bitrates */ 1357 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 1358 if (!nl_rates) 1359 return -ENOBUFS; 1360 1361 for (i = 0; i < sband->n_bitrates; i++) { 1362 nl_rate = nla_nest_start(msg, i); 1363 if (!nl_rate) 1364 return -ENOBUFS; 1365 1366 rate = &sband->bitrates[i]; 1367 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE, 1368 rate->bitrate)) 1369 return -ENOBUFS; 1370 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) && 1371 nla_put_flag(msg, 1372 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE)) 1373 return -ENOBUFS; 1374 1375 nla_nest_end(msg, nl_rate); 1376 } 1377 1378 nla_nest_end(msg, nl_rates); 1379 1380 return 0; 1381 } 1382 1383 static int 1384 nl80211_send_mgmt_stypes(struct sk_buff *msg, 1385 const struct ieee80211_txrx_stypes *mgmt_stypes) 1386 { 1387 u16 stypes; 1388 struct nlattr *nl_ftypes, *nl_ifs; 1389 enum nl80211_iftype ift; 1390 int i; 1391 1392 if (!mgmt_stypes) 1393 return 0; 1394 1395 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES); 1396 if (!nl_ifs) 1397 return -ENOBUFS; 1398 1399 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1400 nl_ftypes = nla_nest_start(msg, ift); 1401 if (!nl_ftypes) 1402 return -ENOBUFS; 1403 i = 0; 1404 stypes = mgmt_stypes[ift].tx; 1405 while (stypes) { 1406 if ((stypes & 1) && 1407 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1408 (i << 4) | IEEE80211_FTYPE_MGMT)) 1409 return -ENOBUFS; 1410 stypes >>= 1; 1411 i++; 1412 } 1413 nla_nest_end(msg, nl_ftypes); 1414 } 1415 1416 nla_nest_end(msg, nl_ifs); 1417 1418 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES); 1419 if (!nl_ifs) 1420 return -ENOBUFS; 1421 1422 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1423 nl_ftypes = nla_nest_start(msg, ift); 1424 if (!nl_ftypes) 1425 return -ENOBUFS; 1426 i = 0; 1427 stypes = mgmt_stypes[ift].rx; 1428 while (stypes) { 1429 if ((stypes & 1) && 1430 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1431 (i << 4) | IEEE80211_FTYPE_MGMT)) 1432 return -ENOBUFS; 1433 stypes >>= 1; 1434 i++; 1435 } 1436 nla_nest_end(msg, nl_ftypes); 1437 } 1438 nla_nest_end(msg, nl_ifs); 1439 1440 return 0; 1441 } 1442 1443 #define CMD(op, n) \ 1444 do { \ 1445 if (rdev->ops->op) { \ 1446 i++; \ 1447 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \ 1448 goto nla_put_failure; \ 1449 } \ 1450 } while (0) 1451 1452 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev, 1453 struct sk_buff *msg) 1454 { 1455 int i = 0; 1456 1457 /* 1458 * do *NOT* add anything into this function, new things need to be 1459 * advertised only to new versions of userspace that can deal with 1460 * the split (and they can't possibly care about new features... 1461 */ 1462 CMD(add_virtual_intf, NEW_INTERFACE); 1463 CMD(change_virtual_intf, SET_INTERFACE); 1464 CMD(add_key, NEW_KEY); 1465 CMD(start_ap, START_AP); 1466 CMD(add_station, NEW_STATION); 1467 CMD(add_mpath, NEW_MPATH); 1468 CMD(update_mesh_config, SET_MESH_CONFIG); 1469 CMD(change_bss, SET_BSS); 1470 CMD(auth, AUTHENTICATE); 1471 CMD(assoc, ASSOCIATE); 1472 CMD(deauth, DEAUTHENTICATE); 1473 CMD(disassoc, DISASSOCIATE); 1474 CMD(join_ibss, JOIN_IBSS); 1475 CMD(join_mesh, JOIN_MESH); 1476 CMD(set_pmksa, SET_PMKSA); 1477 CMD(del_pmksa, DEL_PMKSA); 1478 CMD(flush_pmksa, FLUSH_PMKSA); 1479 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 1480 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 1481 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 1482 CMD(mgmt_tx, FRAME); 1483 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 1484 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 1485 i++; 1486 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS)) 1487 goto nla_put_failure; 1488 } 1489 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap || 1490 rdev->ops->join_mesh) { 1491 i++; 1492 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL)) 1493 goto nla_put_failure; 1494 } 1495 CMD(set_wds_peer, SET_WDS_PEER); 1496 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 1497 CMD(tdls_mgmt, TDLS_MGMT); 1498 CMD(tdls_oper, TDLS_OPER); 1499 } 1500 if (rdev->wiphy.max_sched_scan_reqs) 1501 CMD(sched_scan_start, START_SCHED_SCAN); 1502 CMD(probe_client, PROBE_CLIENT); 1503 CMD(set_noack_map, SET_NOACK_MAP); 1504 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 1505 i++; 1506 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 1507 goto nla_put_failure; 1508 } 1509 CMD(start_p2p_device, START_P2P_DEVICE); 1510 CMD(set_mcast_rate, SET_MCAST_RATE); 1511 #ifdef CONFIG_NL80211_TESTMODE 1512 CMD(testmode_cmd, TESTMODE); 1513 #endif 1514 1515 if (rdev->ops->connect || rdev->ops->auth) { 1516 i++; 1517 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT)) 1518 goto nla_put_failure; 1519 } 1520 1521 if (rdev->ops->disconnect || rdev->ops->deauth) { 1522 i++; 1523 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT)) 1524 goto nla_put_failure; 1525 } 1526 1527 return i; 1528 nla_put_failure: 1529 return -ENOBUFS; 1530 } 1531 1532 struct nl80211_dump_wiphy_state { 1533 s64 filter_wiphy; 1534 long start; 1535 long split_start, band_start, chan_start, capa_start; 1536 bool split; 1537 }; 1538 1539 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev, 1540 enum nl80211_commands cmd, 1541 struct sk_buff *msg, u32 portid, u32 seq, 1542 int flags, struct nl80211_dump_wiphy_state *state) 1543 { 1544 void *hdr; 1545 struct nlattr *nl_bands, *nl_band; 1546 struct nlattr *nl_freqs, *nl_freq; 1547 struct nlattr *nl_cmds; 1548 enum nl80211_band band; 1549 struct ieee80211_channel *chan; 1550 int i; 1551 const struct ieee80211_txrx_stypes *mgmt_stypes = 1552 rdev->wiphy.mgmt_stypes; 1553 u32 features; 1554 1555 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 1556 if (!hdr) 1557 return -ENOBUFS; 1558 1559 if (WARN_ON(!state)) 1560 return -EINVAL; 1561 1562 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 1563 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, 1564 wiphy_name(&rdev->wiphy)) || 1565 nla_put_u32(msg, NL80211_ATTR_GENERATION, 1566 cfg80211_rdev_list_generation)) 1567 goto nla_put_failure; 1568 1569 if (cmd != NL80211_CMD_NEW_WIPHY) 1570 goto finish; 1571 1572 switch (state->split_start) { 1573 case 0: 1574 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 1575 rdev->wiphy.retry_short) || 1576 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 1577 rdev->wiphy.retry_long) || 1578 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 1579 rdev->wiphy.frag_threshold) || 1580 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 1581 rdev->wiphy.rts_threshold) || 1582 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 1583 rdev->wiphy.coverage_class) || 1584 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 1585 rdev->wiphy.max_scan_ssids) || 1586 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 1587 rdev->wiphy.max_sched_scan_ssids) || 1588 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 1589 rdev->wiphy.max_scan_ie_len) || 1590 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 1591 rdev->wiphy.max_sched_scan_ie_len) || 1592 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS, 1593 rdev->wiphy.max_match_sets) || 1594 nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS, 1595 rdev->wiphy.max_sched_scan_plans) || 1596 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL, 1597 rdev->wiphy.max_sched_scan_plan_interval) || 1598 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS, 1599 rdev->wiphy.max_sched_scan_plan_iterations)) 1600 goto nla_put_failure; 1601 1602 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) && 1603 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN)) 1604 goto nla_put_failure; 1605 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) && 1606 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH)) 1607 goto nla_put_failure; 1608 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 1609 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD)) 1610 goto nla_put_failure; 1611 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) && 1612 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT)) 1613 goto nla_put_failure; 1614 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) && 1615 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT)) 1616 goto nla_put_failure; 1617 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) && 1618 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) 1619 goto nla_put_failure; 1620 state->split_start++; 1621 if (state->split) 1622 break; 1623 case 1: 1624 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES, 1625 sizeof(u32) * rdev->wiphy.n_cipher_suites, 1626 rdev->wiphy.cipher_suites)) 1627 goto nla_put_failure; 1628 1629 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 1630 rdev->wiphy.max_num_pmkids)) 1631 goto nla_put_failure; 1632 1633 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 1634 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE)) 1635 goto nla_put_failure; 1636 1637 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 1638 rdev->wiphy.available_antennas_tx) || 1639 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 1640 rdev->wiphy.available_antennas_rx)) 1641 goto nla_put_failure; 1642 1643 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) && 1644 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 1645 rdev->wiphy.probe_resp_offload)) 1646 goto nla_put_failure; 1647 1648 if ((rdev->wiphy.available_antennas_tx || 1649 rdev->wiphy.available_antennas_rx) && 1650 rdev->ops->get_antenna) { 1651 u32 tx_ant = 0, rx_ant = 0; 1652 int res; 1653 1654 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant); 1655 if (!res) { 1656 if (nla_put_u32(msg, 1657 NL80211_ATTR_WIPHY_ANTENNA_TX, 1658 tx_ant) || 1659 nla_put_u32(msg, 1660 NL80211_ATTR_WIPHY_ANTENNA_RX, 1661 rx_ant)) 1662 goto nla_put_failure; 1663 } 1664 } 1665 1666 state->split_start++; 1667 if (state->split) 1668 break; 1669 case 2: 1670 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 1671 rdev->wiphy.interface_modes)) 1672 goto nla_put_failure; 1673 state->split_start++; 1674 if (state->split) 1675 break; 1676 case 3: 1677 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 1678 if (!nl_bands) 1679 goto nla_put_failure; 1680 1681 for (band = state->band_start; 1682 band < NUM_NL80211_BANDS; band++) { 1683 struct ieee80211_supported_band *sband; 1684 1685 sband = rdev->wiphy.bands[band]; 1686 1687 if (!sband) 1688 continue; 1689 1690 nl_band = nla_nest_start(msg, band); 1691 if (!nl_band) 1692 goto nla_put_failure; 1693 1694 switch (state->chan_start) { 1695 case 0: 1696 if (nl80211_send_band_rateinfo(msg, sband)) 1697 goto nla_put_failure; 1698 state->chan_start++; 1699 if (state->split) 1700 break; 1701 default: 1702 /* add frequencies */ 1703 nl_freqs = nla_nest_start( 1704 msg, NL80211_BAND_ATTR_FREQS); 1705 if (!nl_freqs) 1706 goto nla_put_failure; 1707 1708 for (i = state->chan_start - 1; 1709 i < sband->n_channels; 1710 i++) { 1711 nl_freq = nla_nest_start(msg, i); 1712 if (!nl_freq) 1713 goto nla_put_failure; 1714 1715 chan = &sband->channels[i]; 1716 1717 if (nl80211_msg_put_channel( 1718 msg, &rdev->wiphy, chan, 1719 state->split)) 1720 goto nla_put_failure; 1721 1722 nla_nest_end(msg, nl_freq); 1723 if (state->split) 1724 break; 1725 } 1726 if (i < sband->n_channels) 1727 state->chan_start = i + 2; 1728 else 1729 state->chan_start = 0; 1730 nla_nest_end(msg, nl_freqs); 1731 } 1732 1733 nla_nest_end(msg, nl_band); 1734 1735 if (state->split) { 1736 /* start again here */ 1737 if (state->chan_start) 1738 band--; 1739 break; 1740 } 1741 } 1742 nla_nest_end(msg, nl_bands); 1743 1744 if (band < NUM_NL80211_BANDS) 1745 state->band_start = band + 1; 1746 else 1747 state->band_start = 0; 1748 1749 /* if bands & channels are done, continue outside */ 1750 if (state->band_start == 0 && state->chan_start == 0) 1751 state->split_start++; 1752 if (state->split) 1753 break; 1754 case 4: 1755 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 1756 if (!nl_cmds) 1757 goto nla_put_failure; 1758 1759 i = nl80211_add_commands_unsplit(rdev, msg); 1760 if (i < 0) 1761 goto nla_put_failure; 1762 if (state->split) { 1763 CMD(crit_proto_start, CRIT_PROTOCOL_START); 1764 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP); 1765 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH) 1766 CMD(channel_switch, CHANNEL_SWITCH); 1767 CMD(set_qos_map, SET_QOS_MAP); 1768 if (rdev->wiphy.features & 1769 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION) 1770 CMD(add_tx_ts, ADD_TX_TS); 1771 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST); 1772 CMD(update_connect_params, UPDATE_CONNECT_PARAMS); 1773 } 1774 #undef CMD 1775 1776 nla_nest_end(msg, nl_cmds); 1777 state->split_start++; 1778 if (state->split) 1779 break; 1780 case 5: 1781 if (rdev->ops->remain_on_channel && 1782 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) && 1783 nla_put_u32(msg, 1784 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 1785 rdev->wiphy.max_remain_on_channel_duration)) 1786 goto nla_put_failure; 1787 1788 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) && 1789 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) 1790 goto nla_put_failure; 1791 1792 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes)) 1793 goto nla_put_failure; 1794 state->split_start++; 1795 if (state->split) 1796 break; 1797 case 6: 1798 #ifdef CONFIG_PM 1799 if (nl80211_send_wowlan(msg, rdev, state->split)) 1800 goto nla_put_failure; 1801 state->split_start++; 1802 if (state->split) 1803 break; 1804 #else 1805 state->split_start++; 1806 #endif 1807 case 7: 1808 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 1809 rdev->wiphy.software_iftypes)) 1810 goto nla_put_failure; 1811 1812 if (nl80211_put_iface_combinations(&rdev->wiphy, msg, 1813 state->split)) 1814 goto nla_put_failure; 1815 1816 state->split_start++; 1817 if (state->split) 1818 break; 1819 case 8: 1820 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) && 1821 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME, 1822 rdev->wiphy.ap_sme_capa)) 1823 goto nla_put_failure; 1824 1825 features = rdev->wiphy.features; 1826 /* 1827 * We can only add the per-channel limit information if the 1828 * dump is split, otherwise it makes it too big. Therefore 1829 * only advertise it in that case. 1830 */ 1831 if (state->split) 1832 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS; 1833 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features)) 1834 goto nla_put_failure; 1835 1836 if (rdev->wiphy.ht_capa_mod_mask && 1837 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 1838 sizeof(*rdev->wiphy.ht_capa_mod_mask), 1839 rdev->wiphy.ht_capa_mod_mask)) 1840 goto nla_put_failure; 1841 1842 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME && 1843 rdev->wiphy.max_acl_mac_addrs && 1844 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX, 1845 rdev->wiphy.max_acl_mac_addrs)) 1846 goto nla_put_failure; 1847 1848 /* 1849 * Any information below this point is only available to 1850 * applications that can deal with it being split. This 1851 * helps ensure that newly added capabilities don't break 1852 * older tools by overrunning their buffers. 1853 * 1854 * We still increment split_start so that in the split 1855 * case we'll continue with more data in the next round, 1856 * but break unconditionally so unsplit data stops here. 1857 */ 1858 state->split_start++; 1859 break; 1860 case 9: 1861 if (rdev->wiphy.extended_capabilities && 1862 (nla_put(msg, NL80211_ATTR_EXT_CAPA, 1863 rdev->wiphy.extended_capabilities_len, 1864 rdev->wiphy.extended_capabilities) || 1865 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK, 1866 rdev->wiphy.extended_capabilities_len, 1867 rdev->wiphy.extended_capabilities_mask))) 1868 goto nla_put_failure; 1869 1870 if (rdev->wiphy.vht_capa_mod_mask && 1871 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, 1872 sizeof(*rdev->wiphy.vht_capa_mod_mask), 1873 rdev->wiphy.vht_capa_mod_mask)) 1874 goto nla_put_failure; 1875 1876 state->split_start++; 1877 break; 1878 case 10: 1879 if (nl80211_send_coalesce(msg, rdev)) 1880 goto nla_put_failure; 1881 1882 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) && 1883 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) || 1884 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ))) 1885 goto nla_put_failure; 1886 1887 if (rdev->wiphy.max_ap_assoc_sta && 1888 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA, 1889 rdev->wiphy.max_ap_assoc_sta)) 1890 goto nla_put_failure; 1891 1892 state->split_start++; 1893 break; 1894 case 11: 1895 if (rdev->wiphy.n_vendor_commands) { 1896 const struct nl80211_vendor_cmd_info *info; 1897 struct nlattr *nested; 1898 1899 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA); 1900 if (!nested) 1901 goto nla_put_failure; 1902 1903 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) { 1904 info = &rdev->wiphy.vendor_commands[i].info; 1905 if (nla_put(msg, i + 1, sizeof(*info), info)) 1906 goto nla_put_failure; 1907 } 1908 nla_nest_end(msg, nested); 1909 } 1910 1911 if (rdev->wiphy.n_vendor_events) { 1912 const struct nl80211_vendor_cmd_info *info; 1913 struct nlattr *nested; 1914 1915 nested = nla_nest_start(msg, 1916 NL80211_ATTR_VENDOR_EVENTS); 1917 if (!nested) 1918 goto nla_put_failure; 1919 1920 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) { 1921 info = &rdev->wiphy.vendor_events[i]; 1922 if (nla_put(msg, i + 1, sizeof(*info), info)) 1923 goto nla_put_failure; 1924 } 1925 nla_nest_end(msg, nested); 1926 } 1927 state->split_start++; 1928 break; 1929 case 12: 1930 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH && 1931 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS, 1932 rdev->wiphy.max_num_csa_counters)) 1933 goto nla_put_failure; 1934 1935 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 1936 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 1937 goto nla_put_failure; 1938 1939 if (rdev->wiphy.max_sched_scan_reqs && 1940 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS, 1941 rdev->wiphy.max_sched_scan_reqs)) 1942 goto nla_put_failure; 1943 1944 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES, 1945 sizeof(rdev->wiphy.ext_features), 1946 rdev->wiphy.ext_features)) 1947 goto nla_put_failure; 1948 1949 if (rdev->wiphy.bss_select_support) { 1950 struct nlattr *nested; 1951 u32 bss_select_support = rdev->wiphy.bss_select_support; 1952 1953 nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT); 1954 if (!nested) 1955 goto nla_put_failure; 1956 1957 i = 0; 1958 while (bss_select_support) { 1959 if ((bss_select_support & 1) && 1960 nla_put_flag(msg, i)) 1961 goto nla_put_failure; 1962 i++; 1963 bss_select_support >>= 1; 1964 } 1965 nla_nest_end(msg, nested); 1966 } 1967 1968 state->split_start++; 1969 break; 1970 case 13: 1971 if (rdev->wiphy.num_iftype_ext_capab && 1972 rdev->wiphy.iftype_ext_capab) { 1973 struct nlattr *nested_ext_capab, *nested; 1974 1975 nested = nla_nest_start(msg, 1976 NL80211_ATTR_IFTYPE_EXT_CAPA); 1977 if (!nested) 1978 goto nla_put_failure; 1979 1980 for (i = state->capa_start; 1981 i < rdev->wiphy.num_iftype_ext_capab; i++) { 1982 const struct wiphy_iftype_ext_capab *capab; 1983 1984 capab = &rdev->wiphy.iftype_ext_capab[i]; 1985 1986 nested_ext_capab = nla_nest_start(msg, i); 1987 if (!nested_ext_capab || 1988 nla_put_u32(msg, NL80211_ATTR_IFTYPE, 1989 capab->iftype) || 1990 nla_put(msg, NL80211_ATTR_EXT_CAPA, 1991 capab->extended_capabilities_len, 1992 capab->extended_capabilities) || 1993 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK, 1994 capab->extended_capabilities_len, 1995 capab->extended_capabilities_mask)) 1996 goto nla_put_failure; 1997 1998 nla_nest_end(msg, nested_ext_capab); 1999 if (state->split) 2000 break; 2001 } 2002 nla_nest_end(msg, nested); 2003 if (i < rdev->wiphy.num_iftype_ext_capab) { 2004 state->capa_start = i + 1; 2005 break; 2006 } 2007 } 2008 2009 if (nla_put_u32(msg, NL80211_ATTR_BANDS, 2010 rdev->wiphy.nan_supported_bands)) 2011 goto nla_put_failure; 2012 2013 if (wiphy_ext_feature_isset(&rdev->wiphy, 2014 NL80211_EXT_FEATURE_TXQS)) { 2015 struct cfg80211_txq_stats txqstats = {}; 2016 int res; 2017 2018 res = rdev_get_txq_stats(rdev, NULL, &txqstats); 2019 if (!res && 2020 !nl80211_put_txq_stats(msg, &txqstats, 2021 NL80211_ATTR_TXQ_STATS)) 2022 goto nla_put_failure; 2023 2024 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT, 2025 rdev->wiphy.txq_limit)) 2026 goto nla_put_failure; 2027 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT, 2028 rdev->wiphy.txq_memory_limit)) 2029 goto nla_put_failure; 2030 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM, 2031 rdev->wiphy.txq_quantum)) 2032 goto nla_put_failure; 2033 } 2034 2035 /* done */ 2036 state->split_start = 0; 2037 break; 2038 } 2039 finish: 2040 genlmsg_end(msg, hdr); 2041 return 0; 2042 2043 nla_put_failure: 2044 genlmsg_cancel(msg, hdr); 2045 return -EMSGSIZE; 2046 } 2047 2048 static int nl80211_dump_wiphy_parse(struct sk_buff *skb, 2049 struct netlink_callback *cb, 2050 struct nl80211_dump_wiphy_state *state) 2051 { 2052 struct nlattr **tb = genl_family_attrbuf(&nl80211_fam); 2053 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, tb, 2054 nl80211_fam.maxattr, nl80211_policy, NULL); 2055 /* ignore parse errors for backward compatibility */ 2056 if (ret) 2057 return 0; 2058 2059 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP]; 2060 if (tb[NL80211_ATTR_WIPHY]) 2061 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 2062 if (tb[NL80211_ATTR_WDEV]) 2063 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32; 2064 if (tb[NL80211_ATTR_IFINDEX]) { 2065 struct net_device *netdev; 2066 struct cfg80211_registered_device *rdev; 2067 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 2068 2069 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 2070 if (!netdev) 2071 return -ENODEV; 2072 if (netdev->ieee80211_ptr) { 2073 rdev = wiphy_to_rdev( 2074 netdev->ieee80211_ptr->wiphy); 2075 state->filter_wiphy = rdev->wiphy_idx; 2076 } 2077 } 2078 2079 return 0; 2080 } 2081 2082 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 2083 { 2084 int idx = 0, ret; 2085 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0]; 2086 struct cfg80211_registered_device *rdev; 2087 2088 rtnl_lock(); 2089 if (!state) { 2090 state = kzalloc(sizeof(*state), GFP_KERNEL); 2091 if (!state) { 2092 rtnl_unlock(); 2093 return -ENOMEM; 2094 } 2095 state->filter_wiphy = -1; 2096 ret = nl80211_dump_wiphy_parse(skb, cb, state); 2097 if (ret) { 2098 kfree(state); 2099 rtnl_unlock(); 2100 return ret; 2101 } 2102 cb->args[0] = (long)state; 2103 } 2104 2105 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 2106 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 2107 continue; 2108 if (++idx <= state->start) 2109 continue; 2110 if (state->filter_wiphy != -1 && 2111 state->filter_wiphy != rdev->wiphy_idx) 2112 continue; 2113 /* attempt to fit multiple wiphy data chunks into the skb */ 2114 do { 2115 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, 2116 skb, 2117 NETLINK_CB(cb->skb).portid, 2118 cb->nlh->nlmsg_seq, 2119 NLM_F_MULTI, state); 2120 if (ret < 0) { 2121 /* 2122 * If sending the wiphy data didn't fit (ENOBUFS 2123 * or EMSGSIZE returned), this SKB is still 2124 * empty (so it's not too big because another 2125 * wiphy dataset is already in the skb) and 2126 * we've not tried to adjust the dump allocation 2127 * yet ... then adjust the alloc size to be 2128 * bigger, and return 1 but with the empty skb. 2129 * This results in an empty message being RX'ed 2130 * in userspace, but that is ignored. 2131 * 2132 * We can then retry with the larger buffer. 2133 */ 2134 if ((ret == -ENOBUFS || ret == -EMSGSIZE) && 2135 !skb->len && !state->split && 2136 cb->min_dump_alloc < 4096) { 2137 cb->min_dump_alloc = 4096; 2138 state->split_start = 0; 2139 rtnl_unlock(); 2140 return 1; 2141 } 2142 idx--; 2143 break; 2144 } 2145 } while (state->split_start > 0); 2146 break; 2147 } 2148 rtnl_unlock(); 2149 2150 state->start = idx; 2151 2152 return skb->len; 2153 } 2154 2155 static int nl80211_dump_wiphy_done(struct netlink_callback *cb) 2156 { 2157 kfree((void *)cb->args[0]); 2158 return 0; 2159 } 2160 2161 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 2162 { 2163 struct sk_buff *msg; 2164 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2165 struct nl80211_dump_wiphy_state state = {}; 2166 2167 msg = nlmsg_new(4096, GFP_KERNEL); 2168 if (!msg) 2169 return -ENOMEM; 2170 2171 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg, 2172 info->snd_portid, info->snd_seq, 0, 2173 &state) < 0) { 2174 nlmsg_free(msg); 2175 return -ENOBUFS; 2176 } 2177 2178 return genlmsg_reply(msg, info); 2179 } 2180 2181 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 2182 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 2183 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 2184 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 2185 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 2186 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 2187 }; 2188 2189 static int parse_txq_params(struct nlattr *tb[], 2190 struct ieee80211_txq_params *txq_params) 2191 { 2192 u8 ac; 2193 2194 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || 2195 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 2196 !tb[NL80211_TXQ_ATTR_AIFS]) 2197 return -EINVAL; 2198 2199 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); 2200 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 2201 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 2202 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 2203 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 2204 2205 if (ac >= NL80211_NUM_ACS) 2206 return -EINVAL; 2207 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS); 2208 return 0; 2209 } 2210 2211 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 2212 { 2213 /* 2214 * You can only set the channel explicitly for WDS interfaces, 2215 * all others have their channel managed via their respective 2216 * "establish a connection" command (connect, join, ...) 2217 * 2218 * For AP/GO and mesh mode, the channel can be set with the 2219 * channel userspace API, but is only stored and passed to the 2220 * low-level driver when the AP starts or the mesh is joined. 2221 * This is for backward compatibility, userspace can also give 2222 * the channel in the start-ap or join-mesh commands instead. 2223 * 2224 * Monitors are special as they are normally slaved to 2225 * whatever else is going on, so they have their own special 2226 * operation to set the monitor channel if possible. 2227 */ 2228 return !wdev || 2229 wdev->iftype == NL80211_IFTYPE_AP || 2230 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 2231 wdev->iftype == NL80211_IFTYPE_MONITOR || 2232 wdev->iftype == NL80211_IFTYPE_P2P_GO; 2233 } 2234 2235 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev, 2236 struct genl_info *info, 2237 struct cfg80211_chan_def *chandef) 2238 { 2239 u32 control_freq; 2240 2241 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 2242 return -EINVAL; 2243 2244 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 2245 2246 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq); 2247 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 2248 chandef->center_freq1 = control_freq; 2249 chandef->center_freq2 = 0; 2250 2251 /* Primary channel not allowed */ 2252 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) 2253 return -EINVAL; 2254 2255 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 2256 enum nl80211_channel_type chantype; 2257 2258 chantype = nla_get_u32( 2259 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 2260 2261 switch (chantype) { 2262 case NL80211_CHAN_NO_HT: 2263 case NL80211_CHAN_HT20: 2264 case NL80211_CHAN_HT40PLUS: 2265 case NL80211_CHAN_HT40MINUS: 2266 cfg80211_chandef_create(chandef, chandef->chan, 2267 chantype); 2268 /* user input for center_freq is incorrect */ 2269 if (info->attrs[NL80211_ATTR_CENTER_FREQ1] && 2270 chandef->center_freq1 != nla_get_u32( 2271 info->attrs[NL80211_ATTR_CENTER_FREQ1])) 2272 return -EINVAL; 2273 /* center_freq2 must be zero */ 2274 if (info->attrs[NL80211_ATTR_CENTER_FREQ2] && 2275 nla_get_u32(info->attrs[NL80211_ATTR_CENTER_FREQ2])) 2276 return -EINVAL; 2277 break; 2278 default: 2279 return -EINVAL; 2280 } 2281 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) { 2282 chandef->width = 2283 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]); 2284 if (info->attrs[NL80211_ATTR_CENTER_FREQ1]) 2285 chandef->center_freq1 = 2286 nla_get_u32( 2287 info->attrs[NL80211_ATTR_CENTER_FREQ1]); 2288 if (info->attrs[NL80211_ATTR_CENTER_FREQ2]) 2289 chandef->center_freq2 = 2290 nla_get_u32( 2291 info->attrs[NL80211_ATTR_CENTER_FREQ2]); 2292 } 2293 2294 if (!cfg80211_chandef_valid(chandef)) 2295 return -EINVAL; 2296 2297 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef, 2298 IEEE80211_CHAN_DISABLED)) 2299 return -EINVAL; 2300 2301 if ((chandef->width == NL80211_CHAN_WIDTH_5 || 2302 chandef->width == NL80211_CHAN_WIDTH_10) && 2303 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) 2304 return -EINVAL; 2305 2306 return 0; 2307 } 2308 2309 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 2310 struct net_device *dev, 2311 struct genl_info *info) 2312 { 2313 struct cfg80211_chan_def chandef; 2314 int result; 2315 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR; 2316 struct wireless_dev *wdev = NULL; 2317 2318 if (dev) 2319 wdev = dev->ieee80211_ptr; 2320 if (!nl80211_can_set_dev_channel(wdev)) 2321 return -EOPNOTSUPP; 2322 if (wdev) 2323 iftype = wdev->iftype; 2324 2325 result = nl80211_parse_chandef(rdev, info, &chandef); 2326 if (result) 2327 return result; 2328 2329 switch (iftype) { 2330 case NL80211_IFTYPE_AP: 2331 case NL80211_IFTYPE_P2P_GO: 2332 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef, 2333 iftype)) { 2334 result = -EINVAL; 2335 break; 2336 } 2337 if (wdev->beacon_interval) { 2338 if (!dev || !rdev->ops->set_ap_chanwidth || 2339 !(rdev->wiphy.features & 2340 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) { 2341 result = -EBUSY; 2342 break; 2343 } 2344 2345 /* Only allow dynamic channel width changes */ 2346 if (chandef.chan != wdev->preset_chandef.chan) { 2347 result = -EBUSY; 2348 break; 2349 } 2350 result = rdev_set_ap_chanwidth(rdev, dev, &chandef); 2351 if (result) 2352 break; 2353 } 2354 wdev->preset_chandef = chandef; 2355 result = 0; 2356 break; 2357 case NL80211_IFTYPE_MESH_POINT: 2358 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef); 2359 break; 2360 case NL80211_IFTYPE_MONITOR: 2361 result = cfg80211_set_monitor_channel(rdev, &chandef); 2362 break; 2363 default: 2364 result = -EINVAL; 2365 } 2366 2367 return result; 2368 } 2369 2370 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 2371 { 2372 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2373 struct net_device *netdev = info->user_ptr[1]; 2374 2375 return __nl80211_set_channel(rdev, netdev, info); 2376 } 2377 2378 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info) 2379 { 2380 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2381 struct net_device *dev = info->user_ptr[1]; 2382 struct wireless_dev *wdev = dev->ieee80211_ptr; 2383 const u8 *bssid; 2384 2385 if (!info->attrs[NL80211_ATTR_MAC]) 2386 return -EINVAL; 2387 2388 if (netif_running(dev)) 2389 return -EBUSY; 2390 2391 if (!rdev->ops->set_wds_peer) 2392 return -EOPNOTSUPP; 2393 2394 if (wdev->iftype != NL80211_IFTYPE_WDS) 2395 return -EOPNOTSUPP; 2396 2397 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 2398 return rdev_set_wds_peer(rdev, dev, bssid); 2399 } 2400 2401 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 2402 { 2403 struct cfg80211_registered_device *rdev; 2404 struct net_device *netdev = NULL; 2405 struct wireless_dev *wdev; 2406 int result = 0, rem_txq_params = 0; 2407 struct nlattr *nl_txq_params; 2408 u32 changed; 2409 u8 retry_short = 0, retry_long = 0; 2410 u32 frag_threshold = 0, rts_threshold = 0; 2411 u8 coverage_class = 0; 2412 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0; 2413 2414 ASSERT_RTNL(); 2415 2416 /* 2417 * Try to find the wiphy and netdev. Normally this 2418 * function shouldn't need the netdev, but this is 2419 * done for backward compatibility -- previously 2420 * setting the channel was done per wiphy, but now 2421 * it is per netdev. Previous userland like hostapd 2422 * also passed a netdev to set_wiphy, so that it is 2423 * possible to let that go to the right netdev! 2424 */ 2425 2426 if (info->attrs[NL80211_ATTR_IFINDEX]) { 2427 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 2428 2429 netdev = __dev_get_by_index(genl_info_net(info), ifindex); 2430 if (netdev && netdev->ieee80211_ptr) 2431 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy); 2432 else 2433 netdev = NULL; 2434 } 2435 2436 if (!netdev) { 2437 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info), 2438 info->attrs); 2439 if (IS_ERR(rdev)) 2440 return PTR_ERR(rdev); 2441 wdev = NULL; 2442 netdev = NULL; 2443 result = 0; 2444 } else 2445 wdev = netdev->ieee80211_ptr; 2446 2447 /* 2448 * end workaround code, by now the rdev is available 2449 * and locked, and wdev may or may not be NULL. 2450 */ 2451 2452 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 2453 result = cfg80211_dev_rename( 2454 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 2455 2456 if (result) 2457 return result; 2458 2459 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 2460 struct ieee80211_txq_params txq_params; 2461 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 2462 2463 if (!rdev->ops->set_txq_params) 2464 return -EOPNOTSUPP; 2465 2466 if (!netdev) 2467 return -EINVAL; 2468 2469 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2470 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2471 return -EINVAL; 2472 2473 if (!netif_running(netdev)) 2474 return -ENETDOWN; 2475 2476 nla_for_each_nested(nl_txq_params, 2477 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 2478 rem_txq_params) { 2479 result = nla_parse_nested(tb, NL80211_TXQ_ATTR_MAX, 2480 nl_txq_params, 2481 txq_params_policy, 2482 info->extack); 2483 if (result) 2484 return result; 2485 result = parse_txq_params(tb, &txq_params); 2486 if (result) 2487 return result; 2488 2489 result = rdev_set_txq_params(rdev, netdev, 2490 &txq_params); 2491 if (result) 2492 return result; 2493 } 2494 } 2495 2496 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 2497 result = __nl80211_set_channel( 2498 rdev, 2499 nl80211_can_set_dev_channel(wdev) ? netdev : NULL, 2500 info); 2501 if (result) 2502 return result; 2503 } 2504 2505 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 2506 struct wireless_dev *txp_wdev = wdev; 2507 enum nl80211_tx_power_setting type; 2508 int idx, mbm = 0; 2509 2510 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER)) 2511 txp_wdev = NULL; 2512 2513 if (!rdev->ops->set_tx_power) 2514 return -EOPNOTSUPP; 2515 2516 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 2517 type = nla_get_u32(info->attrs[idx]); 2518 2519 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 2520 (type != NL80211_TX_POWER_AUTOMATIC)) 2521 return -EINVAL; 2522 2523 if (type != NL80211_TX_POWER_AUTOMATIC) { 2524 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 2525 mbm = nla_get_u32(info->attrs[idx]); 2526 } 2527 2528 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm); 2529 if (result) 2530 return result; 2531 } 2532 2533 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 2534 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 2535 u32 tx_ant, rx_ant; 2536 2537 if ((!rdev->wiphy.available_antennas_tx && 2538 !rdev->wiphy.available_antennas_rx) || 2539 !rdev->ops->set_antenna) 2540 return -EOPNOTSUPP; 2541 2542 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 2543 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 2544 2545 /* reject antenna configurations which don't match the 2546 * available antenna masks, except for the "all" mask */ 2547 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 2548 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) 2549 return -EINVAL; 2550 2551 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 2552 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 2553 2554 result = rdev_set_antenna(rdev, tx_ant, rx_ant); 2555 if (result) 2556 return result; 2557 } 2558 2559 changed = 0; 2560 2561 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 2562 retry_short = nla_get_u8( 2563 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 2564 if (retry_short == 0) 2565 return -EINVAL; 2566 2567 changed |= WIPHY_PARAM_RETRY_SHORT; 2568 } 2569 2570 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 2571 retry_long = nla_get_u8( 2572 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 2573 if (retry_long == 0) 2574 return -EINVAL; 2575 2576 changed |= WIPHY_PARAM_RETRY_LONG; 2577 } 2578 2579 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 2580 frag_threshold = nla_get_u32( 2581 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 2582 if (frag_threshold < 256) 2583 return -EINVAL; 2584 2585 if (frag_threshold != (u32) -1) { 2586 /* 2587 * Fragments (apart from the last one) are required to 2588 * have even length. Make the fragmentation code 2589 * simpler by stripping LSB should someone try to use 2590 * odd threshold value. 2591 */ 2592 frag_threshold &= ~0x1; 2593 } 2594 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 2595 } 2596 2597 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 2598 rts_threshold = nla_get_u32( 2599 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 2600 changed |= WIPHY_PARAM_RTS_THRESHOLD; 2601 } 2602 2603 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 2604 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) 2605 return -EINVAL; 2606 2607 coverage_class = nla_get_u8( 2608 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 2609 changed |= WIPHY_PARAM_COVERAGE_CLASS; 2610 } 2611 2612 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) { 2613 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION)) 2614 return -EOPNOTSUPP; 2615 2616 changed |= WIPHY_PARAM_DYN_ACK; 2617 } 2618 2619 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) { 2620 if (!wiphy_ext_feature_isset(&rdev->wiphy, 2621 NL80211_EXT_FEATURE_TXQS)) 2622 return -EOPNOTSUPP; 2623 txq_limit = nla_get_u32( 2624 info->attrs[NL80211_ATTR_TXQ_LIMIT]); 2625 changed |= WIPHY_PARAM_TXQ_LIMIT; 2626 } 2627 2628 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) { 2629 if (!wiphy_ext_feature_isset(&rdev->wiphy, 2630 NL80211_EXT_FEATURE_TXQS)) 2631 return -EOPNOTSUPP; 2632 txq_memory_limit = nla_get_u32( 2633 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]); 2634 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT; 2635 } 2636 2637 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) { 2638 if (!wiphy_ext_feature_isset(&rdev->wiphy, 2639 NL80211_EXT_FEATURE_TXQS)) 2640 return -EOPNOTSUPP; 2641 txq_quantum = nla_get_u32( 2642 info->attrs[NL80211_ATTR_TXQ_QUANTUM]); 2643 changed |= WIPHY_PARAM_TXQ_QUANTUM; 2644 } 2645 2646 if (changed) { 2647 u8 old_retry_short, old_retry_long; 2648 u32 old_frag_threshold, old_rts_threshold; 2649 u8 old_coverage_class; 2650 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum; 2651 2652 if (!rdev->ops->set_wiphy_params) 2653 return -EOPNOTSUPP; 2654 2655 old_retry_short = rdev->wiphy.retry_short; 2656 old_retry_long = rdev->wiphy.retry_long; 2657 old_frag_threshold = rdev->wiphy.frag_threshold; 2658 old_rts_threshold = rdev->wiphy.rts_threshold; 2659 old_coverage_class = rdev->wiphy.coverage_class; 2660 old_txq_limit = rdev->wiphy.txq_limit; 2661 old_txq_memory_limit = rdev->wiphy.txq_memory_limit; 2662 old_txq_quantum = rdev->wiphy.txq_quantum; 2663 2664 if (changed & WIPHY_PARAM_RETRY_SHORT) 2665 rdev->wiphy.retry_short = retry_short; 2666 if (changed & WIPHY_PARAM_RETRY_LONG) 2667 rdev->wiphy.retry_long = retry_long; 2668 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 2669 rdev->wiphy.frag_threshold = frag_threshold; 2670 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 2671 rdev->wiphy.rts_threshold = rts_threshold; 2672 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 2673 rdev->wiphy.coverage_class = coverage_class; 2674 if (changed & WIPHY_PARAM_TXQ_LIMIT) 2675 rdev->wiphy.txq_limit = txq_limit; 2676 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT) 2677 rdev->wiphy.txq_memory_limit = txq_memory_limit; 2678 if (changed & WIPHY_PARAM_TXQ_QUANTUM) 2679 rdev->wiphy.txq_quantum = txq_quantum; 2680 2681 result = rdev_set_wiphy_params(rdev, changed); 2682 if (result) { 2683 rdev->wiphy.retry_short = old_retry_short; 2684 rdev->wiphy.retry_long = old_retry_long; 2685 rdev->wiphy.frag_threshold = old_frag_threshold; 2686 rdev->wiphy.rts_threshold = old_rts_threshold; 2687 rdev->wiphy.coverage_class = old_coverage_class; 2688 rdev->wiphy.txq_limit = old_txq_limit; 2689 rdev->wiphy.txq_memory_limit = old_txq_memory_limit; 2690 rdev->wiphy.txq_quantum = old_txq_quantum; 2691 return result; 2692 } 2693 } 2694 return 0; 2695 } 2696 2697 static inline u64 wdev_id(struct wireless_dev *wdev) 2698 { 2699 return (u64)wdev->identifier | 2700 ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32); 2701 } 2702 2703 static int nl80211_send_chandef(struct sk_buff *msg, 2704 const struct cfg80211_chan_def *chandef) 2705 { 2706 if (WARN_ON(!cfg80211_chandef_valid(chandef))) 2707 return -EINVAL; 2708 2709 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 2710 chandef->chan->center_freq)) 2711 return -ENOBUFS; 2712 switch (chandef->width) { 2713 case NL80211_CHAN_WIDTH_20_NOHT: 2714 case NL80211_CHAN_WIDTH_20: 2715 case NL80211_CHAN_WIDTH_40: 2716 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 2717 cfg80211_get_chandef_type(chandef))) 2718 return -ENOBUFS; 2719 break; 2720 default: 2721 break; 2722 } 2723 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width)) 2724 return -ENOBUFS; 2725 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1)) 2726 return -ENOBUFS; 2727 if (chandef->center_freq2 && 2728 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2)) 2729 return -ENOBUFS; 2730 return 0; 2731 } 2732 2733 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags, 2734 struct cfg80211_registered_device *rdev, 2735 struct wireless_dev *wdev, bool removal) 2736 { 2737 struct net_device *dev = wdev->netdev; 2738 u8 cmd = NL80211_CMD_NEW_INTERFACE; 2739 void *hdr; 2740 2741 if (removal) 2742 cmd = NL80211_CMD_DEL_INTERFACE; 2743 2744 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 2745 if (!hdr) 2746 return -1; 2747 2748 if (dev && 2749 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2750 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name))) 2751 goto nla_put_failure; 2752 2753 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 2754 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) || 2755 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 2756 NL80211_ATTR_PAD) || 2757 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) || 2758 nla_put_u32(msg, NL80211_ATTR_GENERATION, 2759 rdev->devlist_generation ^ 2760 (cfg80211_rdev_list_generation << 2))) 2761 goto nla_put_failure; 2762 2763 if (rdev->ops->get_channel) { 2764 int ret; 2765 struct cfg80211_chan_def chandef; 2766 2767 ret = rdev_get_channel(rdev, wdev, &chandef); 2768 if (ret == 0) { 2769 if (nl80211_send_chandef(msg, &chandef)) 2770 goto nla_put_failure; 2771 } 2772 } 2773 2774 if (rdev->ops->get_tx_power) { 2775 int dbm, ret; 2776 2777 ret = rdev_get_tx_power(rdev, wdev, &dbm); 2778 if (ret == 0 && 2779 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL, 2780 DBM_TO_MBM(dbm))) 2781 goto nla_put_failure; 2782 } 2783 2784 wdev_lock(wdev); 2785 switch (wdev->iftype) { 2786 case NL80211_IFTYPE_AP: 2787 if (wdev->ssid_len && 2788 nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid)) 2789 goto nla_put_failure_locked; 2790 break; 2791 case NL80211_IFTYPE_STATION: 2792 case NL80211_IFTYPE_P2P_CLIENT: 2793 case NL80211_IFTYPE_ADHOC: { 2794 const u8 *ssid_ie; 2795 if (!wdev->current_bss) 2796 break; 2797 rcu_read_lock(); 2798 ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub, 2799 WLAN_EID_SSID); 2800 if (ssid_ie && 2801 nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2)) 2802 goto nla_put_failure_rcu_locked; 2803 rcu_read_unlock(); 2804 break; 2805 } 2806 default: 2807 /* nothing */ 2808 break; 2809 } 2810 wdev_unlock(wdev); 2811 2812 if (rdev->ops->get_txq_stats) { 2813 struct cfg80211_txq_stats txqstats = {}; 2814 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats); 2815 2816 if (ret == 0 && 2817 !nl80211_put_txq_stats(msg, &txqstats, 2818 NL80211_ATTR_TXQ_STATS)) 2819 goto nla_put_failure; 2820 } 2821 2822 genlmsg_end(msg, hdr); 2823 return 0; 2824 2825 nla_put_failure_rcu_locked: 2826 rcu_read_unlock(); 2827 nla_put_failure_locked: 2828 wdev_unlock(wdev); 2829 nla_put_failure: 2830 genlmsg_cancel(msg, hdr); 2831 return -EMSGSIZE; 2832 } 2833 2834 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 2835 { 2836 int wp_idx = 0; 2837 int if_idx = 0; 2838 int wp_start = cb->args[0]; 2839 int if_start = cb->args[1]; 2840 int filter_wiphy = -1; 2841 struct cfg80211_registered_device *rdev; 2842 struct wireless_dev *wdev; 2843 int ret; 2844 2845 rtnl_lock(); 2846 if (!cb->args[2]) { 2847 struct nl80211_dump_wiphy_state state = { 2848 .filter_wiphy = -1, 2849 }; 2850 2851 ret = nl80211_dump_wiphy_parse(skb, cb, &state); 2852 if (ret) 2853 goto out_unlock; 2854 2855 filter_wiphy = state.filter_wiphy; 2856 2857 /* 2858 * if filtering, set cb->args[2] to +1 since 0 is the default 2859 * value needed to determine that parsing is necessary. 2860 */ 2861 if (filter_wiphy >= 0) 2862 cb->args[2] = filter_wiphy + 1; 2863 else 2864 cb->args[2] = -1; 2865 } else if (cb->args[2] > 0) { 2866 filter_wiphy = cb->args[2] - 1; 2867 } 2868 2869 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 2870 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 2871 continue; 2872 if (wp_idx < wp_start) { 2873 wp_idx++; 2874 continue; 2875 } 2876 2877 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx) 2878 continue; 2879 2880 if_idx = 0; 2881 2882 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 2883 if (if_idx < if_start) { 2884 if_idx++; 2885 continue; 2886 } 2887 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid, 2888 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2889 rdev, wdev, false) < 0) { 2890 goto out; 2891 } 2892 if_idx++; 2893 } 2894 2895 wp_idx++; 2896 } 2897 out: 2898 cb->args[0] = wp_idx; 2899 cb->args[1] = if_idx; 2900 2901 ret = skb->len; 2902 out_unlock: 2903 rtnl_unlock(); 2904 2905 return ret; 2906 } 2907 2908 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 2909 { 2910 struct sk_buff *msg; 2911 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2912 struct wireless_dev *wdev = info->user_ptr[1]; 2913 2914 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2915 if (!msg) 2916 return -ENOMEM; 2917 2918 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 2919 rdev, wdev, false) < 0) { 2920 nlmsg_free(msg); 2921 return -ENOBUFS; 2922 } 2923 2924 return genlmsg_reply(msg, info); 2925 } 2926 2927 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 2928 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 2929 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 2930 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 2931 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 2932 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 2933 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG }, 2934 }; 2935 2936 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 2937 { 2938 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 2939 int flag; 2940 2941 *mntrflags = 0; 2942 2943 if (!nla) 2944 return -EINVAL; 2945 2946 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, nla, 2947 mntr_flags_policy, NULL)) 2948 return -EINVAL; 2949 2950 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 2951 if (flags[flag]) 2952 *mntrflags |= (1<<flag); 2953 2954 *mntrflags |= MONITOR_FLAG_CHANGED; 2955 2956 return 0; 2957 } 2958 2959 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev, 2960 enum nl80211_iftype type, 2961 struct genl_info *info, 2962 struct vif_params *params) 2963 { 2964 bool change = false; 2965 int err; 2966 2967 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 2968 if (type != NL80211_IFTYPE_MONITOR) 2969 return -EINVAL; 2970 2971 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 2972 ¶ms->flags); 2973 if (err) 2974 return err; 2975 2976 change = true; 2977 } 2978 2979 if (params->flags & MONITOR_FLAG_ACTIVE && 2980 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR)) 2981 return -EOPNOTSUPP; 2982 2983 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) { 2984 const u8 *mumimo_groups; 2985 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER; 2986 2987 if (type != NL80211_IFTYPE_MONITOR) 2988 return -EINVAL; 2989 2990 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag)) 2991 return -EOPNOTSUPP; 2992 2993 mumimo_groups = 2994 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]); 2995 2996 /* bits 0 and 63 are reserved and must be zero */ 2997 if ((mumimo_groups[0] & BIT(0)) || 2998 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7))) 2999 return -EINVAL; 3000 3001 params->vht_mumimo_groups = mumimo_groups; 3002 change = true; 3003 } 3004 3005 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) { 3006 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER; 3007 3008 if (type != NL80211_IFTYPE_MONITOR) 3009 return -EINVAL; 3010 3011 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag)) 3012 return -EOPNOTSUPP; 3013 3014 params->vht_mumimo_follow_addr = 3015 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]); 3016 change = true; 3017 } 3018 3019 return change ? 1 : 0; 3020 } 3021 3022 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 3023 struct net_device *netdev, u8 use_4addr, 3024 enum nl80211_iftype iftype) 3025 { 3026 if (!use_4addr) { 3027 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 3028 return -EBUSY; 3029 return 0; 3030 } 3031 3032 switch (iftype) { 3033 case NL80211_IFTYPE_AP_VLAN: 3034 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 3035 return 0; 3036 break; 3037 case NL80211_IFTYPE_STATION: 3038 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 3039 return 0; 3040 break; 3041 default: 3042 break; 3043 } 3044 3045 return -EOPNOTSUPP; 3046 } 3047 3048 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 3049 { 3050 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3051 struct vif_params params; 3052 int err; 3053 enum nl80211_iftype otype, ntype; 3054 struct net_device *dev = info->user_ptr[1]; 3055 bool change = false; 3056 3057 memset(¶ms, 0, sizeof(params)); 3058 3059 otype = ntype = dev->ieee80211_ptr->iftype; 3060 3061 if (info->attrs[NL80211_ATTR_IFTYPE]) { 3062 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 3063 if (otype != ntype) 3064 change = true; 3065 if (ntype > NL80211_IFTYPE_MAX) 3066 return -EINVAL; 3067 } 3068 3069 if (info->attrs[NL80211_ATTR_MESH_ID]) { 3070 struct wireless_dev *wdev = dev->ieee80211_ptr; 3071 3072 if (ntype != NL80211_IFTYPE_MESH_POINT) 3073 return -EINVAL; 3074 if (netif_running(dev)) 3075 return -EBUSY; 3076 3077 wdev_lock(wdev); 3078 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 3079 IEEE80211_MAX_MESH_ID_LEN); 3080 wdev->mesh_id_up_len = 3081 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 3082 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 3083 wdev->mesh_id_up_len); 3084 wdev_unlock(wdev); 3085 } 3086 3087 if (info->attrs[NL80211_ATTR_4ADDR]) { 3088 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 3089 change = true; 3090 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 3091 if (err) 3092 return err; 3093 } else { 3094 params.use_4addr = -1; 3095 } 3096 3097 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms); 3098 if (err < 0) 3099 return err; 3100 if (err > 0) 3101 change = true; 3102 3103 if (change) 3104 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms); 3105 else 3106 err = 0; 3107 3108 if (!err && params.use_4addr != -1) 3109 dev->ieee80211_ptr->use_4addr = params.use_4addr; 3110 3111 return err; 3112 } 3113 3114 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 3115 { 3116 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3117 struct vif_params params; 3118 struct wireless_dev *wdev; 3119 struct sk_buff *msg; 3120 int err; 3121 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 3122 3123 /* to avoid failing a new interface creation due to pending removal */ 3124 cfg80211_destroy_ifaces(rdev); 3125 3126 memset(¶ms, 0, sizeof(params)); 3127 3128 if (!info->attrs[NL80211_ATTR_IFNAME]) 3129 return -EINVAL; 3130 3131 if (info->attrs[NL80211_ATTR_IFTYPE]) { 3132 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 3133 if (type > NL80211_IFTYPE_MAX) 3134 return -EINVAL; 3135 } 3136 3137 if (!rdev->ops->add_virtual_intf || 3138 !(rdev->wiphy.interface_modes & (1 << type))) 3139 return -EOPNOTSUPP; 3140 3141 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN || 3142 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) && 3143 info->attrs[NL80211_ATTR_MAC]) { 3144 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC], 3145 ETH_ALEN); 3146 if (!is_valid_ether_addr(params.macaddr)) 3147 return -EADDRNOTAVAIL; 3148 } 3149 3150 if (info->attrs[NL80211_ATTR_4ADDR]) { 3151 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 3152 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 3153 if (err) 3154 return err; 3155 } 3156 3157 err = nl80211_parse_mon_options(rdev, type, info, ¶ms); 3158 if (err < 0) 3159 return err; 3160 3161 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3162 if (!msg) 3163 return -ENOMEM; 3164 3165 wdev = rdev_add_virtual_intf(rdev, 3166 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 3167 NET_NAME_USER, type, ¶ms); 3168 if (WARN_ON(!wdev)) { 3169 nlmsg_free(msg); 3170 return -EPROTO; 3171 } else if (IS_ERR(wdev)) { 3172 nlmsg_free(msg); 3173 return PTR_ERR(wdev); 3174 } 3175 3176 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 3177 wdev->owner_nlportid = info->snd_portid; 3178 3179 switch (type) { 3180 case NL80211_IFTYPE_MESH_POINT: 3181 if (!info->attrs[NL80211_ATTR_MESH_ID]) 3182 break; 3183 wdev_lock(wdev); 3184 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 3185 IEEE80211_MAX_MESH_ID_LEN); 3186 wdev->mesh_id_up_len = 3187 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 3188 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 3189 wdev->mesh_id_up_len); 3190 wdev_unlock(wdev); 3191 break; 3192 case NL80211_IFTYPE_NAN: 3193 case NL80211_IFTYPE_P2P_DEVICE: 3194 /* 3195 * P2P Device and NAN do not have a netdev, so don't go 3196 * through the netdev notifier and must be added here 3197 */ 3198 mutex_init(&wdev->mtx); 3199 INIT_LIST_HEAD(&wdev->event_list); 3200 spin_lock_init(&wdev->event_lock); 3201 INIT_LIST_HEAD(&wdev->mgmt_registrations); 3202 spin_lock_init(&wdev->mgmt_registrations_lock); 3203 3204 wdev->identifier = ++rdev->wdev_id; 3205 list_add_rcu(&wdev->list, &rdev->wiphy.wdev_list); 3206 rdev->devlist_generation++; 3207 break; 3208 default: 3209 break; 3210 } 3211 3212 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 3213 rdev, wdev, false) < 0) { 3214 nlmsg_free(msg); 3215 return -ENOBUFS; 3216 } 3217 3218 /* 3219 * For wdevs which have no associated netdev object (e.g. of type 3220 * NL80211_IFTYPE_P2P_DEVICE), emit the NEW_INTERFACE event here. 3221 * For all other types, the event will be generated from the 3222 * netdev notifier 3223 */ 3224 if (!wdev->netdev) 3225 nl80211_notify_iface(rdev, wdev, NL80211_CMD_NEW_INTERFACE); 3226 3227 return genlmsg_reply(msg, info); 3228 } 3229 3230 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 3231 { 3232 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3233 struct wireless_dev *wdev = info->user_ptr[1]; 3234 3235 if (!rdev->ops->del_virtual_intf) 3236 return -EOPNOTSUPP; 3237 3238 /* 3239 * If we remove a wireless device without a netdev then clear 3240 * user_ptr[1] so that nl80211_post_doit won't dereference it 3241 * to check if it needs to do dev_put(). Otherwise it crashes 3242 * since the wdev has been freed, unlike with a netdev where 3243 * we need the dev_put() for the netdev to really be freed. 3244 */ 3245 if (!wdev->netdev) 3246 info->user_ptr[1] = NULL; 3247 3248 return rdev_del_virtual_intf(rdev, wdev); 3249 } 3250 3251 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 3252 { 3253 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3254 struct net_device *dev = info->user_ptr[1]; 3255 u16 noack_map; 3256 3257 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 3258 return -EINVAL; 3259 3260 if (!rdev->ops->set_noack_map) 3261 return -EOPNOTSUPP; 3262 3263 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 3264 3265 return rdev_set_noack_map(rdev, dev, noack_map); 3266 } 3267 3268 struct get_key_cookie { 3269 struct sk_buff *msg; 3270 int error; 3271 int idx; 3272 }; 3273 3274 static void get_key_callback(void *c, struct key_params *params) 3275 { 3276 struct nlattr *key; 3277 struct get_key_cookie *cookie = c; 3278 3279 if ((params->key && 3280 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA, 3281 params->key_len, params->key)) || 3282 (params->seq && 3283 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ, 3284 params->seq_len, params->seq)) || 3285 (params->cipher && 3286 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 3287 params->cipher))) 3288 goto nla_put_failure; 3289 3290 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 3291 if (!key) 3292 goto nla_put_failure; 3293 3294 if ((params->key && 3295 nla_put(cookie->msg, NL80211_KEY_DATA, 3296 params->key_len, params->key)) || 3297 (params->seq && 3298 nla_put(cookie->msg, NL80211_KEY_SEQ, 3299 params->seq_len, params->seq)) || 3300 (params->cipher && 3301 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER, 3302 params->cipher))) 3303 goto nla_put_failure; 3304 3305 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx)) 3306 goto nla_put_failure; 3307 3308 nla_nest_end(cookie->msg, key); 3309 3310 return; 3311 nla_put_failure: 3312 cookie->error = 1; 3313 } 3314 3315 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 3316 { 3317 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3318 int err; 3319 struct net_device *dev = info->user_ptr[1]; 3320 u8 key_idx = 0; 3321 const u8 *mac_addr = NULL; 3322 bool pairwise; 3323 struct get_key_cookie cookie = { 3324 .error = 0, 3325 }; 3326 void *hdr; 3327 struct sk_buff *msg; 3328 3329 if (info->attrs[NL80211_ATTR_KEY_IDX]) 3330 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 3331 3332 if (key_idx > 5) 3333 return -EINVAL; 3334 3335 if (info->attrs[NL80211_ATTR_MAC]) 3336 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3337 3338 pairwise = !!mac_addr; 3339 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 3340 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 3341 3342 if (kt >= NUM_NL80211_KEYTYPES) 3343 return -EINVAL; 3344 if (kt != NL80211_KEYTYPE_GROUP && 3345 kt != NL80211_KEYTYPE_PAIRWISE) 3346 return -EINVAL; 3347 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 3348 } 3349 3350 if (!rdev->ops->get_key) 3351 return -EOPNOTSUPP; 3352 3353 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 3354 return -ENOENT; 3355 3356 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3357 if (!msg) 3358 return -ENOMEM; 3359 3360 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 3361 NL80211_CMD_NEW_KEY); 3362 if (!hdr) 3363 goto nla_put_failure; 3364 3365 cookie.msg = msg; 3366 cookie.idx = key_idx; 3367 3368 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3369 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx)) 3370 goto nla_put_failure; 3371 if (mac_addr && 3372 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 3373 goto nla_put_failure; 3374 3375 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie, 3376 get_key_callback); 3377 3378 if (err) 3379 goto free_msg; 3380 3381 if (cookie.error) 3382 goto nla_put_failure; 3383 3384 genlmsg_end(msg, hdr); 3385 return genlmsg_reply(msg, info); 3386 3387 nla_put_failure: 3388 err = -ENOBUFS; 3389 free_msg: 3390 nlmsg_free(msg); 3391 return err; 3392 } 3393 3394 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 3395 { 3396 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3397 struct key_parse key; 3398 int err; 3399 struct net_device *dev = info->user_ptr[1]; 3400 3401 err = nl80211_parse_key(info, &key); 3402 if (err) 3403 return err; 3404 3405 if (key.idx < 0) 3406 return -EINVAL; 3407 3408 /* only support setting default key */ 3409 if (!key.def && !key.defmgmt) 3410 return -EINVAL; 3411 3412 wdev_lock(dev->ieee80211_ptr); 3413 3414 if (key.def) { 3415 if (!rdev->ops->set_default_key) { 3416 err = -EOPNOTSUPP; 3417 goto out; 3418 } 3419 3420 err = nl80211_key_allowed(dev->ieee80211_ptr); 3421 if (err) 3422 goto out; 3423 3424 err = rdev_set_default_key(rdev, dev, key.idx, 3425 key.def_uni, key.def_multi); 3426 3427 if (err) 3428 goto out; 3429 3430 #ifdef CONFIG_CFG80211_WEXT 3431 dev->ieee80211_ptr->wext.default_key = key.idx; 3432 #endif 3433 } else { 3434 if (key.def_uni || !key.def_multi) { 3435 err = -EINVAL; 3436 goto out; 3437 } 3438 3439 if (!rdev->ops->set_default_mgmt_key) { 3440 err = -EOPNOTSUPP; 3441 goto out; 3442 } 3443 3444 err = nl80211_key_allowed(dev->ieee80211_ptr); 3445 if (err) 3446 goto out; 3447 3448 err = rdev_set_default_mgmt_key(rdev, dev, key.idx); 3449 if (err) 3450 goto out; 3451 3452 #ifdef CONFIG_CFG80211_WEXT 3453 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 3454 #endif 3455 } 3456 3457 out: 3458 wdev_unlock(dev->ieee80211_ptr); 3459 3460 return err; 3461 } 3462 3463 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 3464 { 3465 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3466 int err; 3467 struct net_device *dev = info->user_ptr[1]; 3468 struct key_parse key; 3469 const u8 *mac_addr = NULL; 3470 3471 err = nl80211_parse_key(info, &key); 3472 if (err) 3473 return err; 3474 3475 if (!key.p.key) 3476 return -EINVAL; 3477 3478 if (info->attrs[NL80211_ATTR_MAC]) 3479 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3480 3481 if (key.type == -1) { 3482 if (mac_addr) 3483 key.type = NL80211_KEYTYPE_PAIRWISE; 3484 else 3485 key.type = NL80211_KEYTYPE_GROUP; 3486 } 3487 3488 /* for now */ 3489 if (key.type != NL80211_KEYTYPE_PAIRWISE && 3490 key.type != NL80211_KEYTYPE_GROUP) 3491 return -EINVAL; 3492 3493 if (!rdev->ops->add_key) 3494 return -EOPNOTSUPP; 3495 3496 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 3497 key.type == NL80211_KEYTYPE_PAIRWISE, 3498 mac_addr)) 3499 return -EINVAL; 3500 3501 wdev_lock(dev->ieee80211_ptr); 3502 err = nl80211_key_allowed(dev->ieee80211_ptr); 3503 if (!err) 3504 err = rdev_add_key(rdev, dev, key.idx, 3505 key.type == NL80211_KEYTYPE_PAIRWISE, 3506 mac_addr, &key.p); 3507 wdev_unlock(dev->ieee80211_ptr); 3508 3509 return err; 3510 } 3511 3512 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 3513 { 3514 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3515 int err; 3516 struct net_device *dev = info->user_ptr[1]; 3517 u8 *mac_addr = NULL; 3518 struct key_parse key; 3519 3520 err = nl80211_parse_key(info, &key); 3521 if (err) 3522 return err; 3523 3524 if (info->attrs[NL80211_ATTR_MAC]) 3525 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3526 3527 if (key.type == -1) { 3528 if (mac_addr) 3529 key.type = NL80211_KEYTYPE_PAIRWISE; 3530 else 3531 key.type = NL80211_KEYTYPE_GROUP; 3532 } 3533 3534 /* for now */ 3535 if (key.type != NL80211_KEYTYPE_PAIRWISE && 3536 key.type != NL80211_KEYTYPE_GROUP) 3537 return -EINVAL; 3538 3539 if (!rdev->ops->del_key) 3540 return -EOPNOTSUPP; 3541 3542 wdev_lock(dev->ieee80211_ptr); 3543 err = nl80211_key_allowed(dev->ieee80211_ptr); 3544 3545 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr && 3546 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 3547 err = -ENOENT; 3548 3549 if (!err) 3550 err = rdev_del_key(rdev, dev, key.idx, 3551 key.type == NL80211_KEYTYPE_PAIRWISE, 3552 mac_addr); 3553 3554 #ifdef CONFIG_CFG80211_WEXT 3555 if (!err) { 3556 if (key.idx == dev->ieee80211_ptr->wext.default_key) 3557 dev->ieee80211_ptr->wext.default_key = -1; 3558 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 3559 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 3560 } 3561 #endif 3562 wdev_unlock(dev->ieee80211_ptr); 3563 3564 return err; 3565 } 3566 3567 /* This function returns an error or the number of nested attributes */ 3568 static int validate_acl_mac_addrs(struct nlattr *nl_attr) 3569 { 3570 struct nlattr *attr; 3571 int n_entries = 0, tmp; 3572 3573 nla_for_each_nested(attr, nl_attr, tmp) { 3574 if (nla_len(attr) != ETH_ALEN) 3575 return -EINVAL; 3576 3577 n_entries++; 3578 } 3579 3580 return n_entries; 3581 } 3582 3583 /* 3584 * This function parses ACL information and allocates memory for ACL data. 3585 * On successful return, the calling function is responsible to free the 3586 * ACL buffer returned by this function. 3587 */ 3588 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy, 3589 struct genl_info *info) 3590 { 3591 enum nl80211_acl_policy acl_policy; 3592 struct nlattr *attr; 3593 struct cfg80211_acl_data *acl; 3594 int i = 0, n_entries, tmp; 3595 3596 if (!wiphy->max_acl_mac_addrs) 3597 return ERR_PTR(-EOPNOTSUPP); 3598 3599 if (!info->attrs[NL80211_ATTR_ACL_POLICY]) 3600 return ERR_PTR(-EINVAL); 3601 3602 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]); 3603 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED && 3604 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED) 3605 return ERR_PTR(-EINVAL); 3606 3607 if (!info->attrs[NL80211_ATTR_MAC_ADDRS]) 3608 return ERR_PTR(-EINVAL); 3609 3610 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]); 3611 if (n_entries < 0) 3612 return ERR_PTR(n_entries); 3613 3614 if (n_entries > wiphy->max_acl_mac_addrs) 3615 return ERR_PTR(-ENOTSUPP); 3616 3617 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries), 3618 GFP_KERNEL); 3619 if (!acl) 3620 return ERR_PTR(-ENOMEM); 3621 3622 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) { 3623 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN); 3624 i++; 3625 } 3626 3627 acl->n_acl_entries = n_entries; 3628 acl->acl_policy = acl_policy; 3629 3630 return acl; 3631 } 3632 3633 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info) 3634 { 3635 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3636 struct net_device *dev = info->user_ptr[1]; 3637 struct cfg80211_acl_data *acl; 3638 int err; 3639 3640 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3641 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3642 return -EOPNOTSUPP; 3643 3644 if (!dev->ieee80211_ptr->beacon_interval) 3645 return -EINVAL; 3646 3647 acl = parse_acl_data(&rdev->wiphy, info); 3648 if (IS_ERR(acl)) 3649 return PTR_ERR(acl); 3650 3651 err = rdev_set_mac_acl(rdev, dev, acl); 3652 3653 kfree(acl); 3654 3655 return err; 3656 } 3657 3658 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 3659 u8 *rates, u8 rates_len) 3660 { 3661 u8 i; 3662 u32 mask = 0; 3663 3664 for (i = 0; i < rates_len; i++) { 3665 int rate = (rates[i] & 0x7f) * 5; 3666 int ridx; 3667 3668 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 3669 struct ieee80211_rate *srate = 3670 &sband->bitrates[ridx]; 3671 if (rate == srate->bitrate) { 3672 mask |= 1 << ridx; 3673 break; 3674 } 3675 } 3676 if (ridx == sband->n_bitrates) 3677 return 0; /* rate not found */ 3678 } 3679 3680 return mask; 3681 } 3682 3683 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 3684 u8 *rates, u8 rates_len, 3685 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 3686 { 3687 u8 i; 3688 3689 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 3690 3691 for (i = 0; i < rates_len; i++) { 3692 int ridx, rbit; 3693 3694 ridx = rates[i] / 8; 3695 rbit = BIT(rates[i] % 8); 3696 3697 /* check validity */ 3698 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 3699 return false; 3700 3701 /* check availability */ 3702 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 3703 mcs[ridx] |= rbit; 3704 else 3705 return false; 3706 } 3707 3708 return true; 3709 } 3710 3711 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map) 3712 { 3713 u16 mcs_mask = 0; 3714 3715 switch (vht_mcs_map) { 3716 case IEEE80211_VHT_MCS_NOT_SUPPORTED: 3717 break; 3718 case IEEE80211_VHT_MCS_SUPPORT_0_7: 3719 mcs_mask = 0x00FF; 3720 break; 3721 case IEEE80211_VHT_MCS_SUPPORT_0_8: 3722 mcs_mask = 0x01FF; 3723 break; 3724 case IEEE80211_VHT_MCS_SUPPORT_0_9: 3725 mcs_mask = 0x03FF; 3726 break; 3727 default: 3728 break; 3729 } 3730 3731 return mcs_mask; 3732 } 3733 3734 static void vht_build_mcs_mask(u16 vht_mcs_map, 3735 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX]) 3736 { 3737 u8 nss; 3738 3739 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) { 3740 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03); 3741 vht_mcs_map >>= 2; 3742 } 3743 } 3744 3745 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband, 3746 struct nl80211_txrate_vht *txrate, 3747 u16 mcs[NL80211_VHT_NSS_MAX]) 3748 { 3749 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map); 3750 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {}; 3751 u8 i; 3752 3753 if (!sband->vht_cap.vht_supported) 3754 return false; 3755 3756 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX); 3757 3758 /* Build vht_mcs_mask from VHT capabilities */ 3759 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask); 3760 3761 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) { 3762 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i]) 3763 mcs[i] = txrate->mcs[i]; 3764 else 3765 return false; 3766 } 3767 3768 return true; 3769 } 3770 3771 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 3772 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 3773 .len = NL80211_MAX_SUPP_RATES }, 3774 [NL80211_TXRATE_HT] = { .type = NLA_BINARY, 3775 .len = NL80211_MAX_SUPP_HT_RATES }, 3776 [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)}, 3777 [NL80211_TXRATE_GI] = { .type = NLA_U8 }, 3778 }; 3779 3780 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info, 3781 struct cfg80211_bitrate_mask *mask) 3782 { 3783 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 3784 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3785 int rem, i; 3786 struct nlattr *tx_rates; 3787 struct ieee80211_supported_band *sband; 3788 u16 vht_tx_mcs_map; 3789 3790 memset(mask, 0, sizeof(*mask)); 3791 /* Default to all rates enabled */ 3792 for (i = 0; i < NUM_NL80211_BANDS; i++) { 3793 sband = rdev->wiphy.bands[i]; 3794 3795 if (!sband) 3796 continue; 3797 3798 mask->control[i].legacy = (1 << sband->n_bitrates) - 1; 3799 memcpy(mask->control[i].ht_mcs, 3800 sband->ht_cap.mcs.rx_mask, 3801 sizeof(mask->control[i].ht_mcs)); 3802 3803 if (!sband->vht_cap.vht_supported) 3804 continue; 3805 3806 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map); 3807 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs); 3808 } 3809 3810 /* if no rates are given set it back to the defaults */ 3811 if (!info->attrs[NL80211_ATTR_TX_RATES]) 3812 goto out; 3813 3814 /* The nested attribute uses enum nl80211_band as the index. This maps 3815 * directly to the enum nl80211_band values used in cfg80211. 3816 */ 3817 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 3818 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) { 3819 enum nl80211_band band = nla_type(tx_rates); 3820 int err; 3821 3822 if (band < 0 || band >= NUM_NL80211_BANDS) 3823 return -EINVAL; 3824 sband = rdev->wiphy.bands[band]; 3825 if (sband == NULL) 3826 return -EINVAL; 3827 err = nla_parse_nested(tb, NL80211_TXRATE_MAX, tx_rates, 3828 nl80211_txattr_policy, info->extack); 3829 if (err) 3830 return err; 3831 if (tb[NL80211_TXRATE_LEGACY]) { 3832 mask->control[band].legacy = rateset_to_mask( 3833 sband, 3834 nla_data(tb[NL80211_TXRATE_LEGACY]), 3835 nla_len(tb[NL80211_TXRATE_LEGACY])); 3836 if ((mask->control[band].legacy == 0) && 3837 nla_len(tb[NL80211_TXRATE_LEGACY])) 3838 return -EINVAL; 3839 } 3840 if (tb[NL80211_TXRATE_HT]) { 3841 if (!ht_rateset_to_mask( 3842 sband, 3843 nla_data(tb[NL80211_TXRATE_HT]), 3844 nla_len(tb[NL80211_TXRATE_HT]), 3845 mask->control[band].ht_mcs)) 3846 return -EINVAL; 3847 } 3848 if (tb[NL80211_TXRATE_VHT]) { 3849 if (!vht_set_mcs_mask( 3850 sband, 3851 nla_data(tb[NL80211_TXRATE_VHT]), 3852 mask->control[band].vht_mcs)) 3853 return -EINVAL; 3854 } 3855 if (tb[NL80211_TXRATE_GI]) { 3856 mask->control[band].gi = 3857 nla_get_u8(tb[NL80211_TXRATE_GI]); 3858 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI) 3859 return -EINVAL; 3860 } 3861 3862 if (mask->control[band].legacy == 0) { 3863 /* don't allow empty legacy rates if HT or VHT 3864 * are not even supported. 3865 */ 3866 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported || 3867 rdev->wiphy.bands[band]->vht_cap.vht_supported)) 3868 return -EINVAL; 3869 3870 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 3871 if (mask->control[band].ht_mcs[i]) 3872 goto out; 3873 3874 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) 3875 if (mask->control[band].vht_mcs[i]) 3876 goto out; 3877 3878 /* legacy and mcs rates may not be both empty */ 3879 return -EINVAL; 3880 } 3881 } 3882 3883 out: 3884 return 0; 3885 } 3886 3887 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev, 3888 enum nl80211_band band, 3889 struct cfg80211_bitrate_mask *beacon_rate) 3890 { 3891 u32 count_ht, count_vht, i; 3892 u32 rate = beacon_rate->control[band].legacy; 3893 3894 /* Allow only one rate */ 3895 if (hweight32(rate) > 1) 3896 return -EINVAL; 3897 3898 count_ht = 0; 3899 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) { 3900 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) { 3901 return -EINVAL; 3902 } else if (beacon_rate->control[band].ht_mcs[i]) { 3903 count_ht++; 3904 if (count_ht > 1) 3905 return -EINVAL; 3906 } 3907 if (count_ht && rate) 3908 return -EINVAL; 3909 } 3910 3911 count_vht = 0; 3912 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) { 3913 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) { 3914 return -EINVAL; 3915 } else if (beacon_rate->control[band].vht_mcs[i]) { 3916 count_vht++; 3917 if (count_vht > 1) 3918 return -EINVAL; 3919 } 3920 if (count_vht && rate) 3921 return -EINVAL; 3922 } 3923 3924 if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht)) 3925 return -EINVAL; 3926 3927 if (rate && 3928 !wiphy_ext_feature_isset(&rdev->wiphy, 3929 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY)) 3930 return -EINVAL; 3931 if (count_ht && 3932 !wiphy_ext_feature_isset(&rdev->wiphy, 3933 NL80211_EXT_FEATURE_BEACON_RATE_HT)) 3934 return -EINVAL; 3935 if (count_vht && 3936 !wiphy_ext_feature_isset(&rdev->wiphy, 3937 NL80211_EXT_FEATURE_BEACON_RATE_VHT)) 3938 return -EINVAL; 3939 3940 return 0; 3941 } 3942 3943 static int nl80211_parse_beacon(struct nlattr *attrs[], 3944 struct cfg80211_beacon_data *bcn) 3945 { 3946 bool haveinfo = false; 3947 3948 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) || 3949 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) || 3950 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) || 3951 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP])) 3952 return -EINVAL; 3953 3954 memset(bcn, 0, sizeof(*bcn)); 3955 3956 if (attrs[NL80211_ATTR_BEACON_HEAD]) { 3957 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]); 3958 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]); 3959 if (!bcn->head_len) 3960 return -EINVAL; 3961 haveinfo = true; 3962 } 3963 3964 if (attrs[NL80211_ATTR_BEACON_TAIL]) { 3965 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]); 3966 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]); 3967 haveinfo = true; 3968 } 3969 3970 if (!haveinfo) 3971 return -EINVAL; 3972 3973 if (attrs[NL80211_ATTR_IE]) { 3974 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]); 3975 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]); 3976 } 3977 3978 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) { 3979 bcn->proberesp_ies = 3980 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]); 3981 bcn->proberesp_ies_len = 3982 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]); 3983 } 3984 3985 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 3986 bcn->assocresp_ies = 3987 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]); 3988 bcn->assocresp_ies_len = 3989 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]); 3990 } 3991 3992 if (attrs[NL80211_ATTR_PROBE_RESP]) { 3993 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]); 3994 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]); 3995 } 3996 3997 return 0; 3998 } 3999 4000 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params, 4001 const u8 *rates) 4002 { 4003 int i; 4004 4005 if (!rates) 4006 return; 4007 4008 for (i = 0; i < rates[1]; i++) { 4009 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 4010 params->ht_required = true; 4011 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY) 4012 params->vht_required = true; 4013 } 4014 } 4015 4016 /* 4017 * Since the nl80211 API didn't include, from the beginning, attributes about 4018 * HT/VHT requirements/capabilities, we parse them out of the IEs for the 4019 * benefit of drivers that rebuild IEs in the firmware. 4020 */ 4021 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params) 4022 { 4023 const struct cfg80211_beacon_data *bcn = ¶ms->beacon; 4024 size_t ies_len = bcn->tail_len; 4025 const u8 *ies = bcn->tail; 4026 const u8 *rates; 4027 const u8 *cap; 4028 4029 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len); 4030 nl80211_check_ap_rate_selectors(params, rates); 4031 4032 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len); 4033 nl80211_check_ap_rate_selectors(params, rates); 4034 4035 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len); 4036 if (cap && cap[1] >= sizeof(*params->ht_cap)) 4037 params->ht_cap = (void *)(cap + 2); 4038 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len); 4039 if (cap && cap[1] >= sizeof(*params->vht_cap)) 4040 params->vht_cap = (void *)(cap + 2); 4041 } 4042 4043 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev, 4044 struct cfg80211_ap_settings *params) 4045 { 4046 struct wireless_dev *wdev; 4047 bool ret = false; 4048 4049 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 4050 if (wdev->iftype != NL80211_IFTYPE_AP && 4051 wdev->iftype != NL80211_IFTYPE_P2P_GO) 4052 continue; 4053 4054 if (!wdev->preset_chandef.chan) 4055 continue; 4056 4057 params->chandef = wdev->preset_chandef; 4058 ret = true; 4059 break; 4060 } 4061 4062 return ret; 4063 } 4064 4065 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev, 4066 enum nl80211_auth_type auth_type, 4067 enum nl80211_commands cmd) 4068 { 4069 if (auth_type > NL80211_AUTHTYPE_MAX) 4070 return false; 4071 4072 switch (cmd) { 4073 case NL80211_CMD_AUTHENTICATE: 4074 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && 4075 auth_type == NL80211_AUTHTYPE_SAE) 4076 return false; 4077 if (!wiphy_ext_feature_isset(&rdev->wiphy, 4078 NL80211_EXT_FEATURE_FILS_STA) && 4079 (auth_type == NL80211_AUTHTYPE_FILS_SK || 4080 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 4081 auth_type == NL80211_AUTHTYPE_FILS_PK)) 4082 return false; 4083 return true; 4084 case NL80211_CMD_CONNECT: 4085 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && 4086 auth_type == NL80211_AUTHTYPE_SAE) 4087 return false; 4088 4089 /* FILS with SK PFS or PK not supported yet */ 4090 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 4091 auth_type == NL80211_AUTHTYPE_FILS_PK) 4092 return false; 4093 if (!wiphy_ext_feature_isset( 4094 &rdev->wiphy, 4095 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) && 4096 auth_type == NL80211_AUTHTYPE_FILS_SK) 4097 return false; 4098 return true; 4099 case NL80211_CMD_START_AP: 4100 /* SAE not supported yet */ 4101 if (auth_type == NL80211_AUTHTYPE_SAE) 4102 return false; 4103 /* FILS not supported yet */ 4104 if (auth_type == NL80211_AUTHTYPE_FILS_SK || 4105 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 4106 auth_type == NL80211_AUTHTYPE_FILS_PK) 4107 return false; 4108 return true; 4109 default: 4110 return false; 4111 } 4112 } 4113 4114 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 4115 { 4116 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4117 struct net_device *dev = info->user_ptr[1]; 4118 struct wireless_dev *wdev = dev->ieee80211_ptr; 4119 struct cfg80211_ap_settings params; 4120 int err; 4121 4122 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 4123 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4124 return -EOPNOTSUPP; 4125 4126 if (!rdev->ops->start_ap) 4127 return -EOPNOTSUPP; 4128 4129 if (wdev->beacon_interval) 4130 return -EALREADY; 4131 4132 memset(¶ms, 0, sizeof(params)); 4133 4134 /* these are required for START_AP */ 4135 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 4136 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 4137 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 4138 return -EINVAL; 4139 4140 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon); 4141 if (err) 4142 return err; 4143 4144 params.beacon_interval = 4145 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 4146 params.dtim_period = 4147 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 4148 4149 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype, 4150 params.beacon_interval); 4151 if (err) 4152 return err; 4153 4154 /* 4155 * In theory, some of these attributes should be required here 4156 * but since they were not used when the command was originally 4157 * added, keep them optional for old user space programs to let 4158 * them continue to work with drivers that do not need the 4159 * additional information -- drivers must check! 4160 */ 4161 if (info->attrs[NL80211_ATTR_SSID]) { 4162 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4163 params.ssid_len = 4164 nla_len(info->attrs[NL80211_ATTR_SSID]); 4165 if (params.ssid_len == 0 || 4166 params.ssid_len > IEEE80211_MAX_SSID_LEN) 4167 return -EINVAL; 4168 } 4169 4170 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) { 4171 params.hidden_ssid = nla_get_u32( 4172 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 4173 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE && 4174 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN && 4175 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS) 4176 return -EINVAL; 4177 } 4178 4179 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 4180 4181 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 4182 params.auth_type = nla_get_u32( 4183 info->attrs[NL80211_ATTR_AUTH_TYPE]); 4184 if (!nl80211_valid_auth_type(rdev, params.auth_type, 4185 NL80211_CMD_START_AP)) 4186 return -EINVAL; 4187 } else 4188 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 4189 4190 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto, 4191 NL80211_MAX_NR_CIPHER_SUITES); 4192 if (err) 4193 return err; 4194 4195 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 4196 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) 4197 return -EOPNOTSUPP; 4198 params.inactivity_timeout = nla_get_u16( 4199 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 4200 } 4201 4202 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 4203 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4204 return -EINVAL; 4205 params.p2p_ctwindow = 4206 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 4207 if (params.p2p_ctwindow > 127) 4208 return -EINVAL; 4209 if (params.p2p_ctwindow != 0 && 4210 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 4211 return -EINVAL; 4212 } 4213 4214 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 4215 u8 tmp; 4216 4217 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4218 return -EINVAL; 4219 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 4220 if (tmp > 1) 4221 return -EINVAL; 4222 params.p2p_opp_ps = tmp; 4223 if (params.p2p_opp_ps != 0 && 4224 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 4225 return -EINVAL; 4226 } 4227 4228 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 4229 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef); 4230 if (err) 4231 return err; 4232 } else if (wdev->preset_chandef.chan) { 4233 params.chandef = wdev->preset_chandef; 4234 } else if (!nl80211_get_ap_channel(rdev, ¶ms)) 4235 return -EINVAL; 4236 4237 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef, 4238 wdev->iftype)) 4239 return -EINVAL; 4240 4241 if (info->attrs[NL80211_ATTR_TX_RATES]) { 4242 err = nl80211_parse_tx_bitrate_mask(info, ¶ms.beacon_rate); 4243 if (err) 4244 return err; 4245 4246 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band, 4247 ¶ms.beacon_rate); 4248 if (err) 4249 return err; 4250 } 4251 4252 if (info->attrs[NL80211_ATTR_SMPS_MODE]) { 4253 params.smps_mode = 4254 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]); 4255 switch (params.smps_mode) { 4256 case NL80211_SMPS_OFF: 4257 break; 4258 case NL80211_SMPS_STATIC: 4259 if (!(rdev->wiphy.features & 4260 NL80211_FEATURE_STATIC_SMPS)) 4261 return -EINVAL; 4262 break; 4263 case NL80211_SMPS_DYNAMIC: 4264 if (!(rdev->wiphy.features & 4265 NL80211_FEATURE_DYNAMIC_SMPS)) 4266 return -EINVAL; 4267 break; 4268 default: 4269 return -EINVAL; 4270 } 4271 } else { 4272 params.smps_mode = NL80211_SMPS_OFF; 4273 } 4274 4275 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]); 4276 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) 4277 return -EOPNOTSUPP; 4278 4279 if (info->attrs[NL80211_ATTR_ACL_POLICY]) { 4280 params.acl = parse_acl_data(&rdev->wiphy, info); 4281 if (IS_ERR(params.acl)) 4282 return PTR_ERR(params.acl); 4283 } 4284 4285 nl80211_calculate_ap_params(¶ms); 4286 4287 wdev_lock(wdev); 4288 err = rdev_start_ap(rdev, dev, ¶ms); 4289 if (!err) { 4290 wdev->preset_chandef = params.chandef; 4291 wdev->beacon_interval = params.beacon_interval; 4292 wdev->chandef = params.chandef; 4293 wdev->ssid_len = params.ssid_len; 4294 memcpy(wdev->ssid, params.ssid, wdev->ssid_len); 4295 4296 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 4297 wdev->conn_owner_nlportid = info->snd_portid; 4298 } 4299 wdev_unlock(wdev); 4300 4301 kfree(params.acl); 4302 4303 return err; 4304 } 4305 4306 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 4307 { 4308 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4309 struct net_device *dev = info->user_ptr[1]; 4310 struct wireless_dev *wdev = dev->ieee80211_ptr; 4311 struct cfg80211_beacon_data params; 4312 int err; 4313 4314 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 4315 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4316 return -EOPNOTSUPP; 4317 4318 if (!rdev->ops->change_beacon) 4319 return -EOPNOTSUPP; 4320 4321 if (!wdev->beacon_interval) 4322 return -EINVAL; 4323 4324 err = nl80211_parse_beacon(info->attrs, ¶ms); 4325 if (err) 4326 return err; 4327 4328 wdev_lock(wdev); 4329 err = rdev_change_beacon(rdev, dev, ¶ms); 4330 wdev_unlock(wdev); 4331 4332 return err; 4333 } 4334 4335 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 4336 { 4337 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4338 struct net_device *dev = info->user_ptr[1]; 4339 4340 return cfg80211_stop_ap(rdev, dev, false); 4341 } 4342 4343 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 4344 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 4345 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 4346 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 4347 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 4348 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 4349 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 4350 }; 4351 4352 static int parse_station_flags(struct genl_info *info, 4353 enum nl80211_iftype iftype, 4354 struct station_parameters *params) 4355 { 4356 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 4357 struct nlattr *nla; 4358 int flag; 4359 4360 /* 4361 * Try parsing the new attribute first so userspace 4362 * can specify both for older kernels. 4363 */ 4364 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 4365 if (nla) { 4366 struct nl80211_sta_flag_update *sta_flags; 4367 4368 sta_flags = nla_data(nla); 4369 params->sta_flags_mask = sta_flags->mask; 4370 params->sta_flags_set = sta_flags->set; 4371 params->sta_flags_set &= params->sta_flags_mask; 4372 if ((params->sta_flags_mask | 4373 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 4374 return -EINVAL; 4375 return 0; 4376 } 4377 4378 /* if present, parse the old attribute */ 4379 4380 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 4381 if (!nla) 4382 return 0; 4383 4384 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, nla, 4385 sta_flags_policy, info->extack)) 4386 return -EINVAL; 4387 4388 /* 4389 * Only allow certain flags for interface types so that 4390 * other attributes are silently ignored. Remember that 4391 * this is backward compatibility code with old userspace 4392 * and shouldn't be hit in other cases anyway. 4393 */ 4394 switch (iftype) { 4395 case NL80211_IFTYPE_AP: 4396 case NL80211_IFTYPE_AP_VLAN: 4397 case NL80211_IFTYPE_P2P_GO: 4398 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 4399 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 4400 BIT(NL80211_STA_FLAG_WME) | 4401 BIT(NL80211_STA_FLAG_MFP); 4402 break; 4403 case NL80211_IFTYPE_P2P_CLIENT: 4404 case NL80211_IFTYPE_STATION: 4405 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 4406 BIT(NL80211_STA_FLAG_TDLS_PEER); 4407 break; 4408 case NL80211_IFTYPE_MESH_POINT: 4409 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 4410 BIT(NL80211_STA_FLAG_MFP) | 4411 BIT(NL80211_STA_FLAG_AUTHORIZED); 4412 default: 4413 return -EINVAL; 4414 } 4415 4416 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) { 4417 if (flags[flag]) { 4418 params->sta_flags_set |= (1<<flag); 4419 4420 /* no longer support new API additions in old API */ 4421 if (flag > NL80211_STA_FLAG_MAX_OLD_API) 4422 return -EINVAL; 4423 } 4424 } 4425 4426 return 0; 4427 } 4428 4429 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, 4430 int attr) 4431 { 4432 struct nlattr *rate; 4433 u32 bitrate; 4434 u16 bitrate_compat; 4435 enum nl80211_rate_info rate_flg; 4436 4437 rate = nla_nest_start(msg, attr); 4438 if (!rate) 4439 return false; 4440 4441 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 4442 bitrate = cfg80211_calculate_bitrate(info); 4443 /* report 16-bit bitrate only if we can */ 4444 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0; 4445 if (bitrate > 0 && 4446 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) 4447 return false; 4448 if (bitrate_compat > 0 && 4449 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) 4450 return false; 4451 4452 switch (info->bw) { 4453 case RATE_INFO_BW_5: 4454 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH; 4455 break; 4456 case RATE_INFO_BW_10: 4457 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH; 4458 break; 4459 default: 4460 WARN_ON(1); 4461 /* fall through */ 4462 case RATE_INFO_BW_20: 4463 rate_flg = 0; 4464 break; 4465 case RATE_INFO_BW_40: 4466 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH; 4467 break; 4468 case RATE_INFO_BW_80: 4469 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH; 4470 break; 4471 case RATE_INFO_BW_160: 4472 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH; 4473 break; 4474 } 4475 4476 if (rate_flg && nla_put_flag(msg, rate_flg)) 4477 return false; 4478 4479 if (info->flags & RATE_INFO_FLAGS_MCS) { 4480 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) 4481 return false; 4482 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 4483 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 4484 return false; 4485 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) { 4486 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs)) 4487 return false; 4488 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss)) 4489 return false; 4490 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 4491 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 4492 return false; 4493 } 4494 4495 nla_nest_end(msg, rate); 4496 return true; 4497 } 4498 4499 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal, 4500 int id) 4501 { 4502 void *attr; 4503 int i = 0; 4504 4505 if (!mask) 4506 return true; 4507 4508 attr = nla_nest_start(msg, id); 4509 if (!attr) 4510 return false; 4511 4512 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) { 4513 if (!(mask & BIT(i))) 4514 continue; 4515 4516 if (nla_put_u8(msg, i, signal[i])) 4517 return false; 4518 } 4519 4520 nla_nest_end(msg, attr); 4521 4522 return true; 4523 } 4524 4525 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid, 4526 u32 seq, int flags, 4527 struct cfg80211_registered_device *rdev, 4528 struct net_device *dev, 4529 const u8 *mac_addr, struct station_info *sinfo) 4530 { 4531 void *hdr; 4532 struct nlattr *sinfoattr, *bss_param; 4533 4534 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 4535 if (!hdr) 4536 return -1; 4537 4538 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 4539 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 4540 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation)) 4541 goto nla_put_failure; 4542 4543 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 4544 if (!sinfoattr) 4545 goto nla_put_failure; 4546 4547 #define PUT_SINFO(attr, memb, type) do { \ 4548 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \ 4549 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \ 4550 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \ 4551 sinfo->memb)) \ 4552 goto nla_put_failure; \ 4553 } while (0) 4554 #define PUT_SINFO_U64(attr, memb) do { \ 4555 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \ 4556 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \ 4557 sinfo->memb, NL80211_STA_INFO_PAD)) \ 4558 goto nla_put_failure; \ 4559 } while (0) 4560 4561 PUT_SINFO(CONNECTED_TIME, connected_time, u32); 4562 PUT_SINFO(INACTIVE_TIME, inactive_time, u32); 4563 4564 if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) | 4565 BIT(NL80211_STA_INFO_RX_BYTES64)) && 4566 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES, 4567 (u32)sinfo->rx_bytes)) 4568 goto nla_put_failure; 4569 4570 if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) | 4571 BIT(NL80211_STA_INFO_TX_BYTES64)) && 4572 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 4573 (u32)sinfo->tx_bytes)) 4574 goto nla_put_failure; 4575 4576 PUT_SINFO_U64(RX_BYTES64, rx_bytes); 4577 PUT_SINFO_U64(TX_BYTES64, tx_bytes); 4578 PUT_SINFO(LLID, llid, u16); 4579 PUT_SINFO(PLID, plid, u16); 4580 PUT_SINFO(PLINK_STATE, plink_state, u8); 4581 PUT_SINFO_U64(RX_DURATION, rx_duration); 4582 4583 switch (rdev->wiphy.signal_type) { 4584 case CFG80211_SIGNAL_TYPE_MBM: 4585 PUT_SINFO(SIGNAL, signal, u8); 4586 PUT_SINFO(SIGNAL_AVG, signal_avg, u8); 4587 break; 4588 default: 4589 break; 4590 } 4591 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) { 4592 if (!nl80211_put_signal(msg, sinfo->chains, 4593 sinfo->chain_signal, 4594 NL80211_STA_INFO_CHAIN_SIGNAL)) 4595 goto nla_put_failure; 4596 } 4597 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) { 4598 if (!nl80211_put_signal(msg, sinfo->chains, 4599 sinfo->chain_signal_avg, 4600 NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) 4601 goto nla_put_failure; 4602 } 4603 if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) { 4604 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 4605 NL80211_STA_INFO_TX_BITRATE)) 4606 goto nla_put_failure; 4607 } 4608 if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) { 4609 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 4610 NL80211_STA_INFO_RX_BITRATE)) 4611 goto nla_put_failure; 4612 } 4613 4614 PUT_SINFO(RX_PACKETS, rx_packets, u32); 4615 PUT_SINFO(TX_PACKETS, tx_packets, u32); 4616 PUT_SINFO(TX_RETRIES, tx_retries, u32); 4617 PUT_SINFO(TX_FAILED, tx_failed, u32); 4618 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32); 4619 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32); 4620 PUT_SINFO(LOCAL_PM, local_pm, u32); 4621 PUT_SINFO(PEER_PM, peer_pm, u32); 4622 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32); 4623 4624 if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) { 4625 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM); 4626 if (!bss_param) 4627 goto nla_put_failure; 4628 4629 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) && 4630 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) || 4631 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) && 4632 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) || 4633 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) && 4634 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) || 4635 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 4636 sinfo->bss_param.dtim_period) || 4637 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 4638 sinfo->bss_param.beacon_interval)) 4639 goto nla_put_failure; 4640 4641 nla_nest_end(msg, bss_param); 4642 } 4643 if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) && 4644 nla_put(msg, NL80211_STA_INFO_STA_FLAGS, 4645 sizeof(struct nl80211_sta_flag_update), 4646 &sinfo->sta_flags)) 4647 goto nla_put_failure; 4648 4649 PUT_SINFO_U64(T_OFFSET, t_offset); 4650 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc); 4651 PUT_SINFO_U64(BEACON_RX, rx_beacon); 4652 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8); 4653 PUT_SINFO(ACK_SIGNAL, ack_signal, u8); 4654 if (wiphy_ext_feature_isset(&rdev->wiphy, 4655 NL80211_EXT_FEATURE_DATA_ACK_SIGNAL_SUPPORT)) 4656 PUT_SINFO(DATA_ACK_SIGNAL_AVG, avg_ack_signal, s8); 4657 4658 #undef PUT_SINFO 4659 #undef PUT_SINFO_U64 4660 4661 if (sinfo->pertid) { 4662 struct nlattr *tidsattr; 4663 int tid; 4664 4665 tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS); 4666 if (!tidsattr) 4667 goto nla_put_failure; 4668 4669 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) { 4670 struct cfg80211_tid_stats *tidstats; 4671 struct nlattr *tidattr; 4672 4673 tidstats = &sinfo->pertid[tid]; 4674 4675 if (!tidstats->filled) 4676 continue; 4677 4678 tidattr = nla_nest_start(msg, tid + 1); 4679 if (!tidattr) 4680 goto nla_put_failure; 4681 4682 #define PUT_TIDVAL_U64(attr, memb) do { \ 4683 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \ 4684 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \ 4685 tidstats->memb, NL80211_TID_STATS_PAD)) \ 4686 goto nla_put_failure; \ 4687 } while (0) 4688 4689 PUT_TIDVAL_U64(RX_MSDU, rx_msdu); 4690 PUT_TIDVAL_U64(TX_MSDU, tx_msdu); 4691 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries); 4692 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed); 4693 4694 #undef PUT_TIDVAL_U64 4695 if ((tidstats->filled & 4696 BIT(NL80211_TID_STATS_TXQ_STATS)) && 4697 !nl80211_put_txq_stats(msg, &tidstats->txq_stats, 4698 NL80211_TID_STATS_TXQ_STATS)) 4699 goto nla_put_failure; 4700 4701 nla_nest_end(msg, tidattr); 4702 } 4703 4704 nla_nest_end(msg, tidsattr); 4705 } 4706 4707 nla_nest_end(msg, sinfoattr); 4708 4709 if (sinfo->assoc_req_ies_len && 4710 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 4711 sinfo->assoc_req_ies)) 4712 goto nla_put_failure; 4713 4714 cfg80211_sinfo_release_content(sinfo); 4715 genlmsg_end(msg, hdr); 4716 return 0; 4717 4718 nla_put_failure: 4719 cfg80211_sinfo_release_content(sinfo); 4720 genlmsg_cancel(msg, hdr); 4721 return -EMSGSIZE; 4722 } 4723 4724 static int nl80211_dump_station(struct sk_buff *skb, 4725 struct netlink_callback *cb) 4726 { 4727 struct station_info sinfo; 4728 struct cfg80211_registered_device *rdev; 4729 struct wireless_dev *wdev; 4730 u8 mac_addr[ETH_ALEN]; 4731 int sta_idx = cb->args[2]; 4732 int err; 4733 4734 rtnl_lock(); 4735 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev); 4736 if (err) 4737 goto out_err; 4738 4739 if (!wdev->netdev) { 4740 err = -EINVAL; 4741 goto out_err; 4742 } 4743 4744 if (!rdev->ops->dump_station) { 4745 err = -EOPNOTSUPP; 4746 goto out_err; 4747 } 4748 4749 while (1) { 4750 memset(&sinfo, 0, sizeof(sinfo)); 4751 err = rdev_dump_station(rdev, wdev->netdev, sta_idx, 4752 mac_addr, &sinfo); 4753 if (err == -ENOENT) 4754 break; 4755 if (err) 4756 goto out_err; 4757 4758 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION, 4759 NETLINK_CB(cb->skb).portid, 4760 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4761 rdev, wdev->netdev, mac_addr, 4762 &sinfo) < 0) 4763 goto out; 4764 4765 sta_idx++; 4766 } 4767 4768 out: 4769 cb->args[2] = sta_idx; 4770 err = skb->len; 4771 out_err: 4772 rtnl_unlock(); 4773 4774 return err; 4775 } 4776 4777 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 4778 { 4779 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4780 struct net_device *dev = info->user_ptr[1]; 4781 struct station_info sinfo; 4782 struct sk_buff *msg; 4783 u8 *mac_addr = NULL; 4784 int err; 4785 4786 memset(&sinfo, 0, sizeof(sinfo)); 4787 4788 if (!info->attrs[NL80211_ATTR_MAC]) 4789 return -EINVAL; 4790 4791 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4792 4793 if (!rdev->ops->get_station) 4794 return -EOPNOTSUPP; 4795 4796 err = rdev_get_station(rdev, dev, mac_addr, &sinfo); 4797 if (err) 4798 return err; 4799 4800 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4801 if (!msg) { 4802 cfg80211_sinfo_release_content(&sinfo); 4803 return -ENOMEM; 4804 } 4805 4806 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 4807 info->snd_portid, info->snd_seq, 0, 4808 rdev, dev, mac_addr, &sinfo) < 0) { 4809 nlmsg_free(msg); 4810 return -ENOBUFS; 4811 } 4812 4813 return genlmsg_reply(msg, info); 4814 } 4815 4816 int cfg80211_check_station_change(struct wiphy *wiphy, 4817 struct station_parameters *params, 4818 enum cfg80211_station_type statype) 4819 { 4820 if (params->listen_interval != -1 && 4821 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 4822 return -EINVAL; 4823 4824 if (params->support_p2p_ps != -1 && 4825 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 4826 return -EINVAL; 4827 4828 if (params->aid && 4829 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) && 4830 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 4831 return -EINVAL; 4832 4833 /* When you run into this, adjust the code below for the new flag */ 4834 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7); 4835 4836 switch (statype) { 4837 case CFG80211_STA_MESH_PEER_KERNEL: 4838 case CFG80211_STA_MESH_PEER_USER: 4839 /* 4840 * No ignoring the TDLS flag here -- the userspace mesh 4841 * code doesn't have the bug of including TDLS in the 4842 * mask everywhere. 4843 */ 4844 if (params->sta_flags_mask & 4845 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 4846 BIT(NL80211_STA_FLAG_MFP) | 4847 BIT(NL80211_STA_FLAG_AUTHORIZED))) 4848 return -EINVAL; 4849 break; 4850 case CFG80211_STA_TDLS_PEER_SETUP: 4851 case CFG80211_STA_TDLS_PEER_ACTIVE: 4852 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 4853 return -EINVAL; 4854 /* ignore since it can't change */ 4855 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 4856 break; 4857 default: 4858 /* disallow mesh-specific things */ 4859 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION) 4860 return -EINVAL; 4861 if (params->local_pm) 4862 return -EINVAL; 4863 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) 4864 return -EINVAL; 4865 } 4866 4867 if (statype != CFG80211_STA_TDLS_PEER_SETUP && 4868 statype != CFG80211_STA_TDLS_PEER_ACTIVE) { 4869 /* TDLS can't be set, ... */ 4870 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 4871 return -EINVAL; 4872 /* 4873 * ... but don't bother the driver with it. This works around 4874 * a hostapd/wpa_supplicant issue -- it always includes the 4875 * TLDS_PEER flag in the mask even for AP mode. 4876 */ 4877 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 4878 } 4879 4880 if (statype != CFG80211_STA_TDLS_PEER_SETUP && 4881 statype != CFG80211_STA_AP_CLIENT_UNASSOC) { 4882 /* reject other things that can't change */ 4883 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD) 4884 return -EINVAL; 4885 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY) 4886 return -EINVAL; 4887 if (params->supported_rates) 4888 return -EINVAL; 4889 if (params->ext_capab || params->ht_capa || params->vht_capa) 4890 return -EINVAL; 4891 } 4892 4893 if (statype != CFG80211_STA_AP_CLIENT && 4894 statype != CFG80211_STA_AP_CLIENT_UNASSOC) { 4895 if (params->vlan) 4896 return -EINVAL; 4897 } 4898 4899 switch (statype) { 4900 case CFG80211_STA_AP_MLME_CLIENT: 4901 /* Use this only for authorizing/unauthorizing a station */ 4902 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED))) 4903 return -EOPNOTSUPP; 4904 break; 4905 case CFG80211_STA_AP_CLIENT: 4906 case CFG80211_STA_AP_CLIENT_UNASSOC: 4907 /* accept only the listed bits */ 4908 if (params->sta_flags_mask & 4909 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 4910 BIT(NL80211_STA_FLAG_AUTHENTICATED) | 4911 BIT(NL80211_STA_FLAG_ASSOCIATED) | 4912 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 4913 BIT(NL80211_STA_FLAG_WME) | 4914 BIT(NL80211_STA_FLAG_MFP))) 4915 return -EINVAL; 4916 4917 /* but authenticated/associated only if driver handles it */ 4918 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 4919 params->sta_flags_mask & 4920 (BIT(NL80211_STA_FLAG_AUTHENTICATED) | 4921 BIT(NL80211_STA_FLAG_ASSOCIATED))) 4922 return -EINVAL; 4923 break; 4924 case CFG80211_STA_IBSS: 4925 case CFG80211_STA_AP_STA: 4926 /* reject any changes other than AUTHORIZED */ 4927 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 4928 return -EINVAL; 4929 break; 4930 case CFG80211_STA_TDLS_PEER_SETUP: 4931 /* reject any changes other than AUTHORIZED or WME */ 4932 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 4933 BIT(NL80211_STA_FLAG_WME))) 4934 return -EINVAL; 4935 /* force (at least) rates when authorizing */ 4936 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) && 4937 !params->supported_rates) 4938 return -EINVAL; 4939 break; 4940 case CFG80211_STA_TDLS_PEER_ACTIVE: 4941 /* reject any changes */ 4942 return -EINVAL; 4943 case CFG80211_STA_MESH_PEER_KERNEL: 4944 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) 4945 return -EINVAL; 4946 break; 4947 case CFG80211_STA_MESH_PEER_USER: 4948 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION && 4949 params->plink_action != NL80211_PLINK_ACTION_BLOCK) 4950 return -EINVAL; 4951 break; 4952 } 4953 4954 /* 4955 * Older kernel versions ignored this attribute entirely, so don't 4956 * reject attempts to update it but mark it as unused instead so the 4957 * driver won't look at the data. 4958 */ 4959 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC && 4960 statype != CFG80211_STA_TDLS_PEER_SETUP) 4961 params->opmode_notif_used = false; 4962 4963 return 0; 4964 } 4965 EXPORT_SYMBOL(cfg80211_check_station_change); 4966 4967 /* 4968 * Get vlan interface making sure it is running and on the right wiphy. 4969 */ 4970 static struct net_device *get_vlan(struct genl_info *info, 4971 struct cfg80211_registered_device *rdev) 4972 { 4973 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 4974 struct net_device *v; 4975 int ret; 4976 4977 if (!vlanattr) 4978 return NULL; 4979 4980 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 4981 if (!v) 4982 return ERR_PTR(-ENODEV); 4983 4984 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 4985 ret = -EINVAL; 4986 goto error; 4987 } 4988 4989 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 4990 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 4991 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 4992 ret = -EINVAL; 4993 goto error; 4994 } 4995 4996 if (!netif_running(v)) { 4997 ret = -ENETDOWN; 4998 goto error; 4999 } 5000 5001 return v; 5002 error: 5003 dev_put(v); 5004 return ERR_PTR(ret); 5005 } 5006 5007 static const struct nla_policy 5008 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = { 5009 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 5010 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 5011 }; 5012 5013 static int nl80211_parse_sta_wme(struct genl_info *info, 5014 struct station_parameters *params) 5015 { 5016 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 5017 struct nlattr *nla; 5018 int err; 5019 5020 /* parse WME attributes if present */ 5021 if (!info->attrs[NL80211_ATTR_STA_WME]) 5022 return 0; 5023 5024 nla = info->attrs[NL80211_ATTR_STA_WME]; 5025 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 5026 nl80211_sta_wme_policy, info->extack); 5027 if (err) 5028 return err; 5029 5030 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 5031 params->uapsd_queues = nla_get_u8( 5032 tb[NL80211_STA_WME_UAPSD_QUEUES]); 5033 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 5034 return -EINVAL; 5035 5036 if (tb[NL80211_STA_WME_MAX_SP]) 5037 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 5038 5039 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 5040 return -EINVAL; 5041 5042 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 5043 5044 return 0; 5045 } 5046 5047 static int nl80211_parse_sta_channel_info(struct genl_info *info, 5048 struct station_parameters *params) 5049 { 5050 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) { 5051 params->supported_channels = 5052 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]); 5053 params->supported_channels_len = 5054 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]); 5055 /* 5056 * Need to include at least one (first channel, number of 5057 * channels) tuple for each subband, and must have proper 5058 * tuples for the rest of the data as well. 5059 */ 5060 if (params->supported_channels_len < 2) 5061 return -EINVAL; 5062 if (params->supported_channels_len % 2) 5063 return -EINVAL; 5064 } 5065 5066 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) { 5067 params->supported_oper_classes = 5068 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]); 5069 params->supported_oper_classes_len = 5070 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]); 5071 /* 5072 * The value of the Length field of the Supported Operating 5073 * Classes element is between 2 and 253. 5074 */ 5075 if (params->supported_oper_classes_len < 2 || 5076 params->supported_oper_classes_len > 253) 5077 return -EINVAL; 5078 } 5079 return 0; 5080 } 5081 5082 static int nl80211_set_station_tdls(struct genl_info *info, 5083 struct station_parameters *params) 5084 { 5085 int err; 5086 /* Dummy STA entry gets updated once the peer capabilities are known */ 5087 if (info->attrs[NL80211_ATTR_PEER_AID]) 5088 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]); 5089 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 5090 params->ht_capa = 5091 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 5092 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 5093 params->vht_capa = 5094 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 5095 5096 err = nl80211_parse_sta_channel_info(info, params); 5097 if (err) 5098 return err; 5099 5100 return nl80211_parse_sta_wme(info, params); 5101 } 5102 5103 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 5104 { 5105 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5106 struct net_device *dev = info->user_ptr[1]; 5107 struct station_parameters params; 5108 u8 *mac_addr; 5109 int err; 5110 5111 memset(¶ms, 0, sizeof(params)); 5112 5113 if (!rdev->ops->change_station) 5114 return -EOPNOTSUPP; 5115 5116 /* 5117 * AID and listen_interval properties can be set only for unassociated 5118 * station. Include these parameters here and will check them in 5119 * cfg80211_check_station_change(). 5120 */ 5121 if (info->attrs[NL80211_ATTR_STA_AID]) 5122 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 5123 5124 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 5125 params.listen_interval = 5126 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 5127 else 5128 params.listen_interval = -1; 5129 5130 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) { 5131 u8 tmp; 5132 5133 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]); 5134 if (tmp >= NUM_NL80211_P2P_PS_STATUS) 5135 return -EINVAL; 5136 5137 params.support_p2p_ps = tmp; 5138 } else { 5139 params.support_p2p_ps = -1; 5140 } 5141 5142 if (!info->attrs[NL80211_ATTR_MAC]) 5143 return -EINVAL; 5144 5145 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 5146 5147 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 5148 params.supported_rates = 5149 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 5150 params.supported_rates_len = 5151 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 5152 } 5153 5154 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 5155 params.capability = 5156 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 5157 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 5158 } 5159 5160 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 5161 params.ext_capab = 5162 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 5163 params.ext_capab_len = 5164 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 5165 } 5166 5167 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 5168 return -EINVAL; 5169 5170 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) { 5171 params.plink_action = 5172 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 5173 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS) 5174 return -EINVAL; 5175 } 5176 5177 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) { 5178 params.plink_state = 5179 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 5180 if (params.plink_state >= NUM_NL80211_PLINK_STATES) 5181 return -EINVAL; 5182 if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) { 5183 params.peer_aid = nla_get_u16( 5184 info->attrs[NL80211_ATTR_MESH_PEER_AID]); 5185 if (params.peer_aid > IEEE80211_MAX_AID) 5186 return -EINVAL; 5187 } 5188 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE; 5189 } 5190 5191 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) { 5192 enum nl80211_mesh_power_mode pm = nla_get_u32( 5193 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]); 5194 5195 if (pm <= NL80211_MESH_POWER_UNKNOWN || 5196 pm > NL80211_MESH_POWER_MAX) 5197 return -EINVAL; 5198 5199 params.local_pm = pm; 5200 } 5201 5202 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) { 5203 params.opmode_notif_used = true; 5204 params.opmode_notif = 5205 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]); 5206 } 5207 5208 /* Include parameters for TDLS peer (will check later) */ 5209 err = nl80211_set_station_tdls(info, ¶ms); 5210 if (err) 5211 return err; 5212 5213 params.vlan = get_vlan(info, rdev); 5214 if (IS_ERR(params.vlan)) 5215 return PTR_ERR(params.vlan); 5216 5217 switch (dev->ieee80211_ptr->iftype) { 5218 case NL80211_IFTYPE_AP: 5219 case NL80211_IFTYPE_AP_VLAN: 5220 case NL80211_IFTYPE_P2P_GO: 5221 case NL80211_IFTYPE_P2P_CLIENT: 5222 case NL80211_IFTYPE_STATION: 5223 case NL80211_IFTYPE_ADHOC: 5224 case NL80211_IFTYPE_MESH_POINT: 5225 break; 5226 default: 5227 err = -EOPNOTSUPP; 5228 goto out_put_vlan; 5229 } 5230 5231 /* driver will call cfg80211_check_station_change() */ 5232 err = rdev_change_station(rdev, dev, mac_addr, ¶ms); 5233 5234 out_put_vlan: 5235 if (params.vlan) 5236 dev_put(params.vlan); 5237 5238 return err; 5239 } 5240 5241 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 5242 { 5243 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5244 int err; 5245 struct net_device *dev = info->user_ptr[1]; 5246 struct station_parameters params; 5247 u8 *mac_addr = NULL; 5248 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 5249 BIT(NL80211_STA_FLAG_ASSOCIATED); 5250 5251 memset(¶ms, 0, sizeof(params)); 5252 5253 if (!rdev->ops->add_station) 5254 return -EOPNOTSUPP; 5255 5256 if (!info->attrs[NL80211_ATTR_MAC]) 5257 return -EINVAL; 5258 5259 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 5260 return -EINVAL; 5261 5262 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 5263 return -EINVAL; 5264 5265 if (!info->attrs[NL80211_ATTR_STA_AID] && 5266 !info->attrs[NL80211_ATTR_PEER_AID]) 5267 return -EINVAL; 5268 5269 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 5270 params.supported_rates = 5271 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 5272 params.supported_rates_len = 5273 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 5274 params.listen_interval = 5275 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 5276 5277 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) { 5278 u8 tmp; 5279 5280 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]); 5281 if (tmp >= NUM_NL80211_P2P_PS_STATUS) 5282 return -EINVAL; 5283 5284 params.support_p2p_ps = tmp; 5285 } else { 5286 /* 5287 * if not specified, assume it's supported for P2P GO interface, 5288 * and is NOT supported for AP interface 5289 */ 5290 params.support_p2p_ps = 5291 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO; 5292 } 5293 5294 if (info->attrs[NL80211_ATTR_PEER_AID]) 5295 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]); 5296 else 5297 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 5298 if (!params.aid || params.aid > IEEE80211_MAX_AID) 5299 return -EINVAL; 5300 5301 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 5302 params.capability = 5303 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 5304 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 5305 } 5306 5307 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 5308 params.ext_capab = 5309 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 5310 params.ext_capab_len = 5311 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 5312 } 5313 5314 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 5315 params.ht_capa = 5316 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 5317 5318 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 5319 params.vht_capa = 5320 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 5321 5322 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) { 5323 params.opmode_notif_used = true; 5324 params.opmode_notif = 5325 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]); 5326 } 5327 5328 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) { 5329 params.plink_action = 5330 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 5331 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS) 5332 return -EINVAL; 5333 } 5334 5335 err = nl80211_parse_sta_channel_info(info, ¶ms); 5336 if (err) 5337 return err; 5338 5339 err = nl80211_parse_sta_wme(info, ¶ms); 5340 if (err) 5341 return err; 5342 5343 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 5344 return -EINVAL; 5345 5346 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT 5347 * as userspace might just pass through the capabilities from the IEs 5348 * directly, rather than enforcing this restriction and returning an 5349 * error in this case. 5350 */ 5351 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) { 5352 params.ht_capa = NULL; 5353 params.vht_capa = NULL; 5354 } 5355 5356 /* When you run into this, adjust the code below for the new flag */ 5357 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7); 5358 5359 switch (dev->ieee80211_ptr->iftype) { 5360 case NL80211_IFTYPE_AP: 5361 case NL80211_IFTYPE_AP_VLAN: 5362 case NL80211_IFTYPE_P2P_GO: 5363 /* ignore WME attributes if iface/sta is not capable */ 5364 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) || 5365 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) 5366 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 5367 5368 /* TDLS peers cannot be added */ 5369 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) || 5370 info->attrs[NL80211_ATTR_PEER_AID]) 5371 return -EINVAL; 5372 /* but don't bother the driver with it */ 5373 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 5374 5375 /* allow authenticated/associated only if driver handles it */ 5376 if (!(rdev->wiphy.features & 5377 NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 5378 params.sta_flags_mask & auth_assoc) 5379 return -EINVAL; 5380 5381 /* Older userspace, or userspace wanting to be compatible with 5382 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth 5383 * and assoc flags in the mask, but assumes the station will be 5384 * added as associated anyway since this was the required driver 5385 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was 5386 * introduced. 5387 * In order to not bother drivers with this quirk in the API 5388 * set the flags in both the mask and set for new stations in 5389 * this case. 5390 */ 5391 if (!(params.sta_flags_mask & auth_assoc)) { 5392 params.sta_flags_mask |= auth_assoc; 5393 params.sta_flags_set |= auth_assoc; 5394 } 5395 5396 /* must be last in here for error handling */ 5397 params.vlan = get_vlan(info, rdev); 5398 if (IS_ERR(params.vlan)) 5399 return PTR_ERR(params.vlan); 5400 break; 5401 case NL80211_IFTYPE_MESH_POINT: 5402 /* ignore uAPSD data */ 5403 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 5404 5405 /* associated is disallowed */ 5406 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED)) 5407 return -EINVAL; 5408 /* TDLS peers cannot be added */ 5409 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) || 5410 info->attrs[NL80211_ATTR_PEER_AID]) 5411 return -EINVAL; 5412 break; 5413 case NL80211_IFTYPE_STATION: 5414 case NL80211_IFTYPE_P2P_CLIENT: 5415 /* ignore uAPSD data */ 5416 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 5417 5418 /* these are disallowed */ 5419 if (params.sta_flags_mask & 5420 (BIT(NL80211_STA_FLAG_ASSOCIATED) | 5421 BIT(NL80211_STA_FLAG_AUTHENTICATED))) 5422 return -EINVAL; 5423 /* Only TDLS peers can be added */ 5424 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 5425 return -EINVAL; 5426 /* Can only add if TDLS ... */ 5427 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 5428 return -EOPNOTSUPP; 5429 /* ... with external setup is supported */ 5430 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 5431 return -EOPNOTSUPP; 5432 /* 5433 * Older wpa_supplicant versions always mark the TDLS peer 5434 * as authorized, but it shouldn't yet be. 5435 */ 5436 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED); 5437 break; 5438 default: 5439 return -EOPNOTSUPP; 5440 } 5441 5442 /* be aware of params.vlan when changing code here */ 5443 5444 err = rdev_add_station(rdev, dev, mac_addr, ¶ms); 5445 5446 if (params.vlan) 5447 dev_put(params.vlan); 5448 return err; 5449 } 5450 5451 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 5452 { 5453 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5454 struct net_device *dev = info->user_ptr[1]; 5455 struct station_del_parameters params; 5456 5457 memset(¶ms, 0, sizeof(params)); 5458 5459 if (info->attrs[NL80211_ATTR_MAC]) 5460 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]); 5461 5462 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5463 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5464 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 5465 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5466 return -EINVAL; 5467 5468 if (!rdev->ops->del_station) 5469 return -EOPNOTSUPP; 5470 5471 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) { 5472 params.subtype = 5473 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]); 5474 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 && 5475 params.subtype != IEEE80211_STYPE_DEAUTH >> 4) 5476 return -EINVAL; 5477 } else { 5478 /* Default to Deauthentication frame */ 5479 params.subtype = IEEE80211_STYPE_DEAUTH >> 4; 5480 } 5481 5482 if (info->attrs[NL80211_ATTR_REASON_CODE]) { 5483 params.reason_code = 5484 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5485 if (params.reason_code == 0) 5486 return -EINVAL; /* 0 is reserved */ 5487 } else { 5488 /* Default to reason code 2 */ 5489 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID; 5490 } 5491 5492 return rdev_del_station(rdev, dev, ¶ms); 5493 } 5494 5495 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq, 5496 int flags, struct net_device *dev, 5497 u8 *dst, u8 *next_hop, 5498 struct mpath_info *pinfo) 5499 { 5500 void *hdr; 5501 struct nlattr *pinfoattr; 5502 5503 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH); 5504 if (!hdr) 5505 return -1; 5506 5507 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 5508 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || 5509 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) || 5510 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation)) 5511 goto nla_put_failure; 5512 5513 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 5514 if (!pinfoattr) 5515 goto nla_put_failure; 5516 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) && 5517 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 5518 pinfo->frame_qlen)) 5519 goto nla_put_failure; 5520 if (((pinfo->filled & MPATH_INFO_SN) && 5521 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) || 5522 ((pinfo->filled & MPATH_INFO_METRIC) && 5523 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC, 5524 pinfo->metric)) || 5525 ((pinfo->filled & MPATH_INFO_EXPTIME) && 5526 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME, 5527 pinfo->exptime)) || 5528 ((pinfo->filled & MPATH_INFO_FLAGS) && 5529 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS, 5530 pinfo->flags)) || 5531 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) && 5532 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 5533 pinfo->discovery_timeout)) || 5534 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) && 5535 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 5536 pinfo->discovery_retries))) 5537 goto nla_put_failure; 5538 5539 nla_nest_end(msg, pinfoattr); 5540 5541 genlmsg_end(msg, hdr); 5542 return 0; 5543 5544 nla_put_failure: 5545 genlmsg_cancel(msg, hdr); 5546 return -EMSGSIZE; 5547 } 5548 5549 static int nl80211_dump_mpath(struct sk_buff *skb, 5550 struct netlink_callback *cb) 5551 { 5552 struct mpath_info pinfo; 5553 struct cfg80211_registered_device *rdev; 5554 struct wireless_dev *wdev; 5555 u8 dst[ETH_ALEN]; 5556 u8 next_hop[ETH_ALEN]; 5557 int path_idx = cb->args[2]; 5558 int err; 5559 5560 rtnl_lock(); 5561 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev); 5562 if (err) 5563 goto out_err; 5564 5565 if (!rdev->ops->dump_mpath) { 5566 err = -EOPNOTSUPP; 5567 goto out_err; 5568 } 5569 5570 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) { 5571 err = -EOPNOTSUPP; 5572 goto out_err; 5573 } 5574 5575 while (1) { 5576 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst, 5577 next_hop, &pinfo); 5578 if (err == -ENOENT) 5579 break; 5580 if (err) 5581 goto out_err; 5582 5583 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 5584 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5585 wdev->netdev, dst, next_hop, 5586 &pinfo) < 0) 5587 goto out; 5588 5589 path_idx++; 5590 } 5591 5592 out: 5593 cb->args[2] = path_idx; 5594 err = skb->len; 5595 out_err: 5596 rtnl_unlock(); 5597 return err; 5598 } 5599 5600 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 5601 { 5602 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5603 int err; 5604 struct net_device *dev = info->user_ptr[1]; 5605 struct mpath_info pinfo; 5606 struct sk_buff *msg; 5607 u8 *dst = NULL; 5608 u8 next_hop[ETH_ALEN]; 5609 5610 memset(&pinfo, 0, sizeof(pinfo)); 5611 5612 if (!info->attrs[NL80211_ATTR_MAC]) 5613 return -EINVAL; 5614 5615 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 5616 5617 if (!rdev->ops->get_mpath) 5618 return -EOPNOTSUPP; 5619 5620 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 5621 return -EOPNOTSUPP; 5622 5623 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo); 5624 if (err) 5625 return err; 5626 5627 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5628 if (!msg) 5629 return -ENOMEM; 5630 5631 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 5632 dev, dst, next_hop, &pinfo) < 0) { 5633 nlmsg_free(msg); 5634 return -ENOBUFS; 5635 } 5636 5637 return genlmsg_reply(msg, info); 5638 } 5639 5640 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 5641 { 5642 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5643 struct net_device *dev = info->user_ptr[1]; 5644 u8 *dst = NULL; 5645 u8 *next_hop = NULL; 5646 5647 if (!info->attrs[NL80211_ATTR_MAC]) 5648 return -EINVAL; 5649 5650 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 5651 return -EINVAL; 5652 5653 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 5654 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 5655 5656 if (!rdev->ops->change_mpath) 5657 return -EOPNOTSUPP; 5658 5659 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 5660 return -EOPNOTSUPP; 5661 5662 return rdev_change_mpath(rdev, dev, dst, next_hop); 5663 } 5664 5665 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 5666 { 5667 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5668 struct net_device *dev = info->user_ptr[1]; 5669 u8 *dst = NULL; 5670 u8 *next_hop = NULL; 5671 5672 if (!info->attrs[NL80211_ATTR_MAC]) 5673 return -EINVAL; 5674 5675 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 5676 return -EINVAL; 5677 5678 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 5679 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 5680 5681 if (!rdev->ops->add_mpath) 5682 return -EOPNOTSUPP; 5683 5684 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 5685 return -EOPNOTSUPP; 5686 5687 return rdev_add_mpath(rdev, dev, dst, next_hop); 5688 } 5689 5690 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 5691 { 5692 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5693 struct net_device *dev = info->user_ptr[1]; 5694 u8 *dst = NULL; 5695 5696 if (info->attrs[NL80211_ATTR_MAC]) 5697 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 5698 5699 if (!rdev->ops->del_mpath) 5700 return -EOPNOTSUPP; 5701 5702 return rdev_del_mpath(rdev, dev, dst); 5703 } 5704 5705 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info) 5706 { 5707 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5708 int err; 5709 struct net_device *dev = info->user_ptr[1]; 5710 struct mpath_info pinfo; 5711 struct sk_buff *msg; 5712 u8 *dst = NULL; 5713 u8 mpp[ETH_ALEN]; 5714 5715 memset(&pinfo, 0, sizeof(pinfo)); 5716 5717 if (!info->attrs[NL80211_ATTR_MAC]) 5718 return -EINVAL; 5719 5720 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 5721 5722 if (!rdev->ops->get_mpp) 5723 return -EOPNOTSUPP; 5724 5725 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 5726 return -EOPNOTSUPP; 5727 5728 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo); 5729 if (err) 5730 return err; 5731 5732 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5733 if (!msg) 5734 return -ENOMEM; 5735 5736 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 5737 dev, dst, mpp, &pinfo) < 0) { 5738 nlmsg_free(msg); 5739 return -ENOBUFS; 5740 } 5741 5742 return genlmsg_reply(msg, info); 5743 } 5744 5745 static int nl80211_dump_mpp(struct sk_buff *skb, 5746 struct netlink_callback *cb) 5747 { 5748 struct mpath_info pinfo; 5749 struct cfg80211_registered_device *rdev; 5750 struct wireless_dev *wdev; 5751 u8 dst[ETH_ALEN]; 5752 u8 mpp[ETH_ALEN]; 5753 int path_idx = cb->args[2]; 5754 int err; 5755 5756 rtnl_lock(); 5757 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev); 5758 if (err) 5759 goto out_err; 5760 5761 if (!rdev->ops->dump_mpp) { 5762 err = -EOPNOTSUPP; 5763 goto out_err; 5764 } 5765 5766 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) { 5767 err = -EOPNOTSUPP; 5768 goto out_err; 5769 } 5770 5771 while (1) { 5772 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst, 5773 mpp, &pinfo); 5774 if (err == -ENOENT) 5775 break; 5776 if (err) 5777 goto out_err; 5778 5779 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 5780 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5781 wdev->netdev, dst, mpp, 5782 &pinfo) < 0) 5783 goto out; 5784 5785 path_idx++; 5786 } 5787 5788 out: 5789 cb->args[2] = path_idx; 5790 err = skb->len; 5791 out_err: 5792 rtnl_unlock(); 5793 return err; 5794 } 5795 5796 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 5797 { 5798 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5799 struct net_device *dev = info->user_ptr[1]; 5800 struct wireless_dev *wdev = dev->ieee80211_ptr; 5801 struct bss_parameters params; 5802 int err; 5803 5804 memset(¶ms, 0, sizeof(params)); 5805 /* default to not changing parameters */ 5806 params.use_cts_prot = -1; 5807 params.use_short_preamble = -1; 5808 params.use_short_slot_time = -1; 5809 params.ap_isolate = -1; 5810 params.ht_opmode = -1; 5811 params.p2p_ctwindow = -1; 5812 params.p2p_opp_ps = -1; 5813 5814 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 5815 params.use_cts_prot = 5816 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 5817 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 5818 params.use_short_preamble = 5819 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 5820 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 5821 params.use_short_slot_time = 5822 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 5823 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 5824 params.basic_rates = 5825 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5826 params.basic_rates_len = 5827 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5828 } 5829 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 5830 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 5831 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 5832 params.ht_opmode = 5833 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 5834 5835 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 5836 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5837 return -EINVAL; 5838 params.p2p_ctwindow = 5839 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 5840 if (params.p2p_ctwindow < 0) 5841 return -EINVAL; 5842 if (params.p2p_ctwindow != 0 && 5843 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 5844 return -EINVAL; 5845 } 5846 5847 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 5848 u8 tmp; 5849 5850 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5851 return -EINVAL; 5852 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 5853 if (tmp > 1) 5854 return -EINVAL; 5855 params.p2p_opp_ps = tmp; 5856 if (params.p2p_opp_ps && 5857 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 5858 return -EINVAL; 5859 } 5860 5861 if (!rdev->ops->change_bss) 5862 return -EOPNOTSUPP; 5863 5864 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5865 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5866 return -EOPNOTSUPP; 5867 5868 wdev_lock(wdev); 5869 err = rdev_change_bss(rdev, dev, ¶ms); 5870 wdev_unlock(wdev); 5871 5872 return err; 5873 } 5874 5875 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 5876 { 5877 char *data = NULL; 5878 bool is_indoor; 5879 enum nl80211_user_reg_hint_type user_reg_hint_type; 5880 u32 owner_nlportid; 5881 5882 /* 5883 * You should only get this when cfg80211 hasn't yet initialized 5884 * completely when built-in to the kernel right between the time 5885 * window between nl80211_init() and regulatory_init(), if that is 5886 * even possible. 5887 */ 5888 if (unlikely(!rcu_access_pointer(cfg80211_regdomain))) 5889 return -EINPROGRESS; 5890 5891 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]) 5892 user_reg_hint_type = 5893 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]); 5894 else 5895 user_reg_hint_type = NL80211_USER_REG_HINT_USER; 5896 5897 switch (user_reg_hint_type) { 5898 case NL80211_USER_REG_HINT_USER: 5899 case NL80211_USER_REG_HINT_CELL_BASE: 5900 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 5901 return -EINVAL; 5902 5903 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 5904 return regulatory_hint_user(data, user_reg_hint_type); 5905 case NL80211_USER_REG_HINT_INDOOR: 5906 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 5907 owner_nlportid = info->snd_portid; 5908 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR]; 5909 } else { 5910 owner_nlportid = 0; 5911 is_indoor = true; 5912 } 5913 5914 return regulatory_hint_indoor(is_indoor, owner_nlportid); 5915 default: 5916 return -EINVAL; 5917 } 5918 } 5919 5920 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info) 5921 { 5922 return reg_reload_regdb(); 5923 } 5924 5925 static int nl80211_get_mesh_config(struct sk_buff *skb, 5926 struct genl_info *info) 5927 { 5928 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5929 struct net_device *dev = info->user_ptr[1]; 5930 struct wireless_dev *wdev = dev->ieee80211_ptr; 5931 struct mesh_config cur_params; 5932 int err = 0; 5933 void *hdr; 5934 struct nlattr *pinfoattr; 5935 struct sk_buff *msg; 5936 5937 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 5938 return -EOPNOTSUPP; 5939 5940 if (!rdev->ops->get_mesh_config) 5941 return -EOPNOTSUPP; 5942 5943 wdev_lock(wdev); 5944 /* If not connected, get default parameters */ 5945 if (!wdev->mesh_id_len) 5946 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 5947 else 5948 err = rdev_get_mesh_config(rdev, dev, &cur_params); 5949 wdev_unlock(wdev); 5950 5951 if (err) 5952 return err; 5953 5954 /* Draw up a netlink message to send back */ 5955 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5956 if (!msg) 5957 return -ENOMEM; 5958 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 5959 NL80211_CMD_GET_MESH_CONFIG); 5960 if (!hdr) 5961 goto out; 5962 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); 5963 if (!pinfoattr) 5964 goto nla_put_failure; 5965 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 5966 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 5967 cur_params.dot11MeshRetryTimeout) || 5968 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 5969 cur_params.dot11MeshConfirmTimeout) || 5970 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 5971 cur_params.dot11MeshHoldingTimeout) || 5972 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 5973 cur_params.dot11MeshMaxPeerLinks) || 5974 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES, 5975 cur_params.dot11MeshMaxRetries) || 5976 nla_put_u8(msg, NL80211_MESHCONF_TTL, 5977 cur_params.dot11MeshTTL) || 5978 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL, 5979 cur_params.element_ttl) || 5980 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 5981 cur_params.auto_open_plinks) || 5982 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 5983 cur_params.dot11MeshNbrOffsetMaxNeighbor) || 5984 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 5985 cur_params.dot11MeshHWMPmaxPREQretries) || 5986 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 5987 cur_params.path_refresh_time) || 5988 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 5989 cur_params.min_discovery_timeout) || 5990 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 5991 cur_params.dot11MeshHWMPactivePathTimeout) || 5992 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 5993 cur_params.dot11MeshHWMPpreqMinInterval) || 5994 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 5995 cur_params.dot11MeshHWMPperrMinInterval) || 5996 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 5997 cur_params.dot11MeshHWMPnetDiameterTraversalTime) || 5998 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 5999 cur_params.dot11MeshHWMPRootMode) || 6000 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 6001 cur_params.dot11MeshHWMPRannInterval) || 6002 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 6003 cur_params.dot11MeshGateAnnouncementProtocol) || 6004 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING, 6005 cur_params.dot11MeshForwarding) || 6006 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 6007 cur_params.rssi_threshold) || 6008 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE, 6009 cur_params.ht_opmode) || 6010 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 6011 cur_params.dot11MeshHWMPactivePathToRootTimeout) || 6012 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 6013 cur_params.dot11MeshHWMProotInterval) || 6014 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 6015 cur_params.dot11MeshHWMPconfirmationInterval) || 6016 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE, 6017 cur_params.power_mode) || 6018 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW, 6019 cur_params.dot11MeshAwakeWindowDuration) || 6020 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT, 6021 cur_params.plink_timeout)) 6022 goto nla_put_failure; 6023 nla_nest_end(msg, pinfoattr); 6024 genlmsg_end(msg, hdr); 6025 return genlmsg_reply(msg, info); 6026 6027 nla_put_failure: 6028 out: 6029 nlmsg_free(msg); 6030 return -ENOBUFS; 6031 } 6032 6033 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 6034 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 6035 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 6036 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 6037 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 6038 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 6039 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 6040 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 }, 6041 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 6042 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 }, 6043 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 6044 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 6045 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 6046 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 6047 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 6048 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 }, 6049 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 6050 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 }, 6051 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 }, 6052 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 }, 6053 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 }, 6054 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 }, 6055 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 }, 6056 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 }, 6057 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 }, 6058 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 }, 6059 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 }, 6060 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 }, 6061 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 }, 6062 }; 6063 6064 static const struct nla_policy 6065 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 6066 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 }, 6067 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 6068 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 6069 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 6070 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 }, 6071 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG }, 6072 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY, 6073 .len = IEEE80211_MAX_DATA_LEN }, 6074 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 6075 }; 6076 6077 static int nl80211_check_bool(const struct nlattr *nla, u8 min, u8 max, bool *out) 6078 { 6079 u8 val = nla_get_u8(nla); 6080 if (val < min || val > max) 6081 return -EINVAL; 6082 *out = val; 6083 return 0; 6084 } 6085 6086 static int nl80211_check_u8(const struct nlattr *nla, u8 min, u8 max, u8 *out) 6087 { 6088 u8 val = nla_get_u8(nla); 6089 if (val < min || val > max) 6090 return -EINVAL; 6091 *out = val; 6092 return 0; 6093 } 6094 6095 static int nl80211_check_u16(const struct nlattr *nla, u16 min, u16 max, u16 *out) 6096 { 6097 u16 val = nla_get_u16(nla); 6098 if (val < min || val > max) 6099 return -EINVAL; 6100 *out = val; 6101 return 0; 6102 } 6103 6104 static int nl80211_check_u32(const struct nlattr *nla, u32 min, u32 max, u32 *out) 6105 { 6106 u32 val = nla_get_u32(nla); 6107 if (val < min || val > max) 6108 return -EINVAL; 6109 *out = val; 6110 return 0; 6111 } 6112 6113 static int nl80211_check_s32(const struct nlattr *nla, s32 min, s32 max, s32 *out) 6114 { 6115 s32 val = nla_get_s32(nla); 6116 if (val < min || val > max) 6117 return -EINVAL; 6118 *out = val; 6119 return 0; 6120 } 6121 6122 static int nl80211_check_power_mode(const struct nlattr *nla, 6123 enum nl80211_mesh_power_mode min, 6124 enum nl80211_mesh_power_mode max, 6125 enum nl80211_mesh_power_mode *out) 6126 { 6127 u32 val = nla_get_u32(nla); 6128 if (val < min || val > max) 6129 return -EINVAL; 6130 *out = val; 6131 return 0; 6132 } 6133 6134 static int nl80211_parse_mesh_config(struct genl_info *info, 6135 struct mesh_config *cfg, 6136 u32 *mask_out) 6137 { 6138 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 6139 u32 mask = 0; 6140 u16 ht_opmode; 6141 6142 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \ 6143 do { \ 6144 if (tb[attr]) { \ 6145 if (fn(tb[attr], min, max, &cfg->param)) \ 6146 return -EINVAL; \ 6147 mask |= (1 << (attr - 1)); \ 6148 } \ 6149 } while (0) 6150 6151 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 6152 return -EINVAL; 6153 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 6154 info->attrs[NL80211_ATTR_MESH_CONFIG], 6155 nl80211_meshconf_params_policy, info->extack)) 6156 return -EINVAL; 6157 6158 /* This makes sure that there aren't more than 32 mesh config 6159 * parameters (otherwise our bitfield scheme would not work.) */ 6160 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 6161 6162 /* Fill in the params struct */ 6163 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255, 6164 mask, NL80211_MESHCONF_RETRY_TIMEOUT, 6165 nl80211_check_u16); 6166 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255, 6167 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, 6168 nl80211_check_u16); 6169 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255, 6170 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, 6171 nl80211_check_u16); 6172 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255, 6173 mask, NL80211_MESHCONF_MAX_PEER_LINKS, 6174 nl80211_check_u16); 6175 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16, 6176 mask, NL80211_MESHCONF_MAX_RETRIES, 6177 nl80211_check_u8); 6178 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255, 6179 mask, NL80211_MESHCONF_TTL, nl80211_check_u8); 6180 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255, 6181 mask, NL80211_MESHCONF_ELEMENT_TTL, 6182 nl80211_check_u8); 6183 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1, 6184 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 6185 nl80211_check_bool); 6186 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, 6187 1, 255, mask, 6188 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 6189 nl80211_check_u32); 6190 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255, 6191 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 6192 nl80211_check_u8); 6193 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535, 6194 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, 6195 nl80211_check_u32); 6196 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535, 6197 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 6198 nl80211_check_u16); 6199 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 6200 1, 65535, mask, 6201 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 6202 nl80211_check_u32); 6203 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 6204 1, 65535, mask, 6205 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 6206 nl80211_check_u16); 6207 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, 6208 1, 65535, mask, 6209 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 6210 nl80211_check_u16); 6211 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 6212 dot11MeshHWMPnetDiameterTraversalTime, 6213 1, 65535, mask, 6214 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 6215 nl80211_check_u16); 6216 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4, 6217 mask, NL80211_MESHCONF_HWMP_ROOTMODE, 6218 nl80211_check_u8); 6219 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535, 6220 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 6221 nl80211_check_u16); 6222 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 6223 dot11MeshGateAnnouncementProtocol, 0, 1, 6224 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 6225 nl80211_check_bool); 6226 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1, 6227 mask, NL80211_MESHCONF_FORWARDING, 6228 nl80211_check_bool); 6229 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0, 6230 mask, NL80211_MESHCONF_RSSI_THRESHOLD, 6231 nl80211_check_s32); 6232 /* 6233 * Check HT operation mode based on 6234 * IEEE 802.11-2016 9.4.2.57 HT Operation element. 6235 */ 6236 if (tb[NL80211_MESHCONF_HT_OPMODE]) { 6237 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]); 6238 6239 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION | 6240 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT | 6241 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT)) 6242 return -EINVAL; 6243 6244 /* NON_HT_STA bit is reserved, but some programs set it */ 6245 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT; 6246 6247 cfg->ht_opmode = ht_opmode; 6248 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1)); 6249 } 6250 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout, 6251 1, 65535, mask, 6252 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 6253 nl80211_check_u32); 6254 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535, 6255 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 6256 nl80211_check_u16); 6257 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 6258 dot11MeshHWMPconfirmationInterval, 6259 1, 65535, mask, 6260 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 6261 nl80211_check_u16); 6262 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, 6263 NL80211_MESH_POWER_ACTIVE, 6264 NL80211_MESH_POWER_MAX, 6265 mask, NL80211_MESHCONF_POWER_MODE, 6266 nl80211_check_power_mode); 6267 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, 6268 0, 65535, mask, 6269 NL80211_MESHCONF_AWAKE_WINDOW, nl80211_check_u16); 6270 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff, 6271 mask, NL80211_MESHCONF_PLINK_TIMEOUT, 6272 nl80211_check_u32); 6273 if (mask_out) 6274 *mask_out = mask; 6275 6276 return 0; 6277 6278 #undef FILL_IN_MESH_PARAM_IF_SET 6279 } 6280 6281 static int nl80211_parse_mesh_setup(struct genl_info *info, 6282 struct mesh_setup *setup) 6283 { 6284 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6285 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 6286 6287 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 6288 return -EINVAL; 6289 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX, 6290 info->attrs[NL80211_ATTR_MESH_SETUP], 6291 nl80211_mesh_setup_params_policy, info->extack)) 6292 return -EINVAL; 6293 6294 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC]) 6295 setup->sync_method = 6296 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ? 6297 IEEE80211_SYNC_METHOD_VENDOR : 6298 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET; 6299 6300 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 6301 setup->path_sel_proto = 6302 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 6303 IEEE80211_PATH_PROTOCOL_VENDOR : 6304 IEEE80211_PATH_PROTOCOL_HWMP; 6305 6306 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 6307 setup->path_metric = 6308 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 6309 IEEE80211_PATH_METRIC_VENDOR : 6310 IEEE80211_PATH_METRIC_AIRTIME; 6311 6312 if (tb[NL80211_MESH_SETUP_IE]) { 6313 struct nlattr *ieattr = 6314 tb[NL80211_MESH_SETUP_IE]; 6315 if (!is_valid_ie_attr(ieattr)) 6316 return -EINVAL; 6317 setup->ie = nla_data(ieattr); 6318 setup->ie_len = nla_len(ieattr); 6319 } 6320 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] && 6321 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM)) 6322 return -EINVAL; 6323 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]); 6324 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 6325 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 6326 if (setup->is_secure) 6327 setup->user_mpm = true; 6328 6329 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) { 6330 if (!setup->user_mpm) 6331 return -EINVAL; 6332 setup->auth_id = 6333 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]); 6334 } 6335 6336 return 0; 6337 } 6338 6339 static int nl80211_update_mesh_config(struct sk_buff *skb, 6340 struct genl_info *info) 6341 { 6342 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6343 struct net_device *dev = info->user_ptr[1]; 6344 struct wireless_dev *wdev = dev->ieee80211_ptr; 6345 struct mesh_config cfg; 6346 u32 mask; 6347 int err; 6348 6349 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 6350 return -EOPNOTSUPP; 6351 6352 if (!rdev->ops->update_mesh_config) 6353 return -EOPNOTSUPP; 6354 6355 err = nl80211_parse_mesh_config(info, &cfg, &mask); 6356 if (err) 6357 return err; 6358 6359 wdev_lock(wdev); 6360 if (!wdev->mesh_id_len) 6361 err = -ENOLINK; 6362 6363 if (!err) 6364 err = rdev_update_mesh_config(rdev, dev, mask, &cfg); 6365 6366 wdev_unlock(wdev); 6367 6368 return err; 6369 } 6370 6371 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom, 6372 struct sk_buff *msg) 6373 { 6374 struct nlattr *nl_reg_rules; 6375 unsigned int i; 6376 6377 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) || 6378 (regdom->dfs_region && 6379 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region))) 6380 goto nla_put_failure; 6381 6382 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 6383 if (!nl_reg_rules) 6384 goto nla_put_failure; 6385 6386 for (i = 0; i < regdom->n_reg_rules; i++) { 6387 struct nlattr *nl_reg_rule; 6388 const struct ieee80211_reg_rule *reg_rule; 6389 const struct ieee80211_freq_range *freq_range; 6390 const struct ieee80211_power_rule *power_rule; 6391 unsigned int max_bandwidth_khz; 6392 6393 reg_rule = ®dom->reg_rules[i]; 6394 freq_range = ®_rule->freq_range; 6395 power_rule = ®_rule->power_rule; 6396 6397 nl_reg_rule = nla_nest_start(msg, i); 6398 if (!nl_reg_rule) 6399 goto nla_put_failure; 6400 6401 max_bandwidth_khz = freq_range->max_bandwidth_khz; 6402 if (!max_bandwidth_khz) 6403 max_bandwidth_khz = reg_get_max_bandwidth(regdom, 6404 reg_rule); 6405 6406 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS, 6407 reg_rule->flags) || 6408 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START, 6409 freq_range->start_freq_khz) || 6410 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END, 6411 freq_range->end_freq_khz) || 6412 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 6413 max_bandwidth_khz) || 6414 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 6415 power_rule->max_antenna_gain) || 6416 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 6417 power_rule->max_eirp) || 6418 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME, 6419 reg_rule->dfs_cac_ms)) 6420 goto nla_put_failure; 6421 6422 nla_nest_end(msg, nl_reg_rule); 6423 } 6424 6425 nla_nest_end(msg, nl_reg_rules); 6426 return 0; 6427 6428 nla_put_failure: 6429 return -EMSGSIZE; 6430 } 6431 6432 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info) 6433 { 6434 const struct ieee80211_regdomain *regdom = NULL; 6435 struct cfg80211_registered_device *rdev; 6436 struct wiphy *wiphy = NULL; 6437 struct sk_buff *msg; 6438 void *hdr; 6439 6440 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6441 if (!msg) 6442 return -ENOBUFS; 6443 6444 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6445 NL80211_CMD_GET_REG); 6446 if (!hdr) 6447 goto put_failure; 6448 6449 if (info->attrs[NL80211_ATTR_WIPHY]) { 6450 bool self_managed; 6451 6452 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 6453 if (IS_ERR(rdev)) { 6454 nlmsg_free(msg); 6455 return PTR_ERR(rdev); 6456 } 6457 6458 wiphy = &rdev->wiphy; 6459 self_managed = wiphy->regulatory_flags & 6460 REGULATORY_WIPHY_SELF_MANAGED; 6461 regdom = get_wiphy_regdom(wiphy); 6462 6463 /* a self-managed-reg device must have a private regdom */ 6464 if (WARN_ON(!regdom && self_managed)) { 6465 nlmsg_free(msg); 6466 return -EINVAL; 6467 } 6468 6469 if (regdom && 6470 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 6471 goto nla_put_failure; 6472 } 6473 6474 if (!wiphy && reg_last_request_cell_base() && 6475 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 6476 NL80211_USER_REG_HINT_CELL_BASE)) 6477 goto nla_put_failure; 6478 6479 rcu_read_lock(); 6480 6481 if (!regdom) 6482 regdom = rcu_dereference(cfg80211_regdomain); 6483 6484 if (nl80211_put_regdom(regdom, msg)) 6485 goto nla_put_failure_rcu; 6486 6487 rcu_read_unlock(); 6488 6489 genlmsg_end(msg, hdr); 6490 return genlmsg_reply(msg, info); 6491 6492 nla_put_failure_rcu: 6493 rcu_read_unlock(); 6494 nla_put_failure: 6495 put_failure: 6496 nlmsg_free(msg); 6497 return -EMSGSIZE; 6498 } 6499 6500 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb, 6501 u32 seq, int flags, struct wiphy *wiphy, 6502 const struct ieee80211_regdomain *regdom) 6503 { 6504 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 6505 NL80211_CMD_GET_REG); 6506 6507 if (!hdr) 6508 return -1; 6509 6510 genl_dump_check_consistent(cb, hdr); 6511 6512 if (nl80211_put_regdom(regdom, msg)) 6513 goto nla_put_failure; 6514 6515 if (!wiphy && reg_last_request_cell_base() && 6516 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 6517 NL80211_USER_REG_HINT_CELL_BASE)) 6518 goto nla_put_failure; 6519 6520 if (wiphy && 6521 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 6522 goto nla_put_failure; 6523 6524 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 6525 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 6526 goto nla_put_failure; 6527 6528 genlmsg_end(msg, hdr); 6529 return 0; 6530 6531 nla_put_failure: 6532 genlmsg_cancel(msg, hdr); 6533 return -EMSGSIZE; 6534 } 6535 6536 static int nl80211_get_reg_dump(struct sk_buff *skb, 6537 struct netlink_callback *cb) 6538 { 6539 const struct ieee80211_regdomain *regdom = NULL; 6540 struct cfg80211_registered_device *rdev; 6541 int err, reg_idx, start = cb->args[2]; 6542 6543 rtnl_lock(); 6544 6545 if (cfg80211_regdomain && start == 0) { 6546 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq, 6547 NLM_F_MULTI, NULL, 6548 rtnl_dereference(cfg80211_regdomain)); 6549 if (err < 0) 6550 goto out_err; 6551 } 6552 6553 /* the global regdom is idx 0 */ 6554 reg_idx = 1; 6555 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 6556 regdom = get_wiphy_regdom(&rdev->wiphy); 6557 if (!regdom) 6558 continue; 6559 6560 if (++reg_idx <= start) 6561 continue; 6562 6563 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq, 6564 NLM_F_MULTI, &rdev->wiphy, regdom); 6565 if (err < 0) { 6566 reg_idx--; 6567 break; 6568 } 6569 } 6570 6571 cb->args[2] = reg_idx; 6572 err = skb->len; 6573 out_err: 6574 rtnl_unlock(); 6575 return err; 6576 } 6577 6578 #ifdef CONFIG_CFG80211_CRDA_SUPPORT 6579 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 6580 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 6581 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 6582 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 6583 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 6584 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 6585 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 6586 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 }, 6587 }; 6588 6589 static int parse_reg_rule(struct nlattr *tb[], 6590 struct ieee80211_reg_rule *reg_rule) 6591 { 6592 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 6593 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 6594 6595 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 6596 return -EINVAL; 6597 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 6598 return -EINVAL; 6599 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 6600 return -EINVAL; 6601 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 6602 return -EINVAL; 6603 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6604 return -EINVAL; 6605 6606 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 6607 6608 freq_range->start_freq_khz = 6609 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 6610 freq_range->end_freq_khz = 6611 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 6612 freq_range->max_bandwidth_khz = 6613 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 6614 6615 power_rule->max_eirp = 6616 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 6617 6618 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 6619 power_rule->max_antenna_gain = 6620 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 6621 6622 if (tb[NL80211_ATTR_DFS_CAC_TIME]) 6623 reg_rule->dfs_cac_ms = 6624 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]); 6625 6626 return 0; 6627 } 6628 6629 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 6630 { 6631 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 6632 struct nlattr *nl_reg_rule; 6633 char *alpha2; 6634 int rem_reg_rules, r; 6635 u32 num_rules = 0, rule_idx = 0, size_of_regd; 6636 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET; 6637 struct ieee80211_regdomain *rd; 6638 6639 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 6640 return -EINVAL; 6641 6642 if (!info->attrs[NL80211_ATTR_REG_RULES]) 6643 return -EINVAL; 6644 6645 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 6646 6647 if (info->attrs[NL80211_ATTR_DFS_REGION]) 6648 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 6649 6650 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 6651 rem_reg_rules) { 6652 num_rules++; 6653 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 6654 return -EINVAL; 6655 } 6656 6657 if (!reg_is_valid_request(alpha2)) 6658 return -EINVAL; 6659 6660 size_of_regd = sizeof(struct ieee80211_regdomain) + 6661 num_rules * sizeof(struct ieee80211_reg_rule); 6662 6663 rd = kzalloc(size_of_regd, GFP_KERNEL); 6664 if (!rd) 6665 return -ENOMEM; 6666 6667 rd->n_reg_rules = num_rules; 6668 rd->alpha2[0] = alpha2[0]; 6669 rd->alpha2[1] = alpha2[1]; 6670 6671 /* 6672 * Disable DFS master mode if the DFS region was 6673 * not supported or known on this kernel. 6674 */ 6675 if (reg_supported_dfs_region(dfs_region)) 6676 rd->dfs_region = dfs_region; 6677 6678 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 6679 rem_reg_rules) { 6680 r = nla_parse_nested(tb, NL80211_REG_RULE_ATTR_MAX, 6681 nl_reg_rule, reg_rule_policy, 6682 info->extack); 6683 if (r) 6684 goto bad_reg; 6685 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 6686 if (r) 6687 goto bad_reg; 6688 6689 rule_idx++; 6690 6691 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 6692 r = -EINVAL; 6693 goto bad_reg; 6694 } 6695 } 6696 6697 /* set_regdom takes ownership of rd */ 6698 return set_regdom(rd, REGD_SOURCE_CRDA); 6699 bad_reg: 6700 kfree(rd); 6701 return r; 6702 } 6703 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */ 6704 6705 static int validate_scan_freqs(struct nlattr *freqs) 6706 { 6707 struct nlattr *attr1, *attr2; 6708 int n_channels = 0, tmp1, tmp2; 6709 6710 nla_for_each_nested(attr1, freqs, tmp1) 6711 if (nla_len(attr1) != sizeof(u32)) 6712 return 0; 6713 6714 nla_for_each_nested(attr1, freqs, tmp1) { 6715 n_channels++; 6716 /* 6717 * Some hardware has a limited channel list for 6718 * scanning, and it is pretty much nonsensical 6719 * to scan for a channel twice, so disallow that 6720 * and don't require drivers to check that the 6721 * channel list they get isn't longer than what 6722 * they can scan, as long as they can scan all 6723 * the channels they registered at once. 6724 */ 6725 nla_for_each_nested(attr2, freqs, tmp2) 6726 if (attr1 != attr2 && 6727 nla_get_u32(attr1) == nla_get_u32(attr2)) 6728 return 0; 6729 } 6730 6731 return n_channels; 6732 } 6733 6734 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b) 6735 { 6736 return b < NUM_NL80211_BANDS && wiphy->bands[b]; 6737 } 6738 6739 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy, 6740 struct cfg80211_bss_selection *bss_select) 6741 { 6742 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1]; 6743 struct nlattr *nest; 6744 int err; 6745 bool found = false; 6746 int i; 6747 6748 /* only process one nested attribute */ 6749 nest = nla_data(nla); 6750 if (!nla_ok(nest, nla_len(nest))) 6751 return -EINVAL; 6752 6753 err = nla_parse_nested(attr, NL80211_BSS_SELECT_ATTR_MAX, nest, 6754 nl80211_bss_select_policy, NULL); 6755 if (err) 6756 return err; 6757 6758 /* only one attribute may be given */ 6759 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) { 6760 if (attr[i]) { 6761 if (found) 6762 return -EINVAL; 6763 found = true; 6764 } 6765 } 6766 6767 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID; 6768 6769 if (attr[NL80211_BSS_SELECT_ATTR_RSSI]) 6770 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI; 6771 6772 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) { 6773 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF; 6774 bss_select->param.band_pref = 6775 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]); 6776 if (!is_band_valid(wiphy, bss_select->param.band_pref)) 6777 return -EINVAL; 6778 } 6779 6780 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) { 6781 struct nl80211_bss_select_rssi_adjust *adj_param; 6782 6783 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]); 6784 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST; 6785 bss_select->param.adjust.band = adj_param->band; 6786 bss_select->param.adjust.delta = adj_param->delta; 6787 if (!is_band_valid(wiphy, bss_select->param.adjust.band)) 6788 return -EINVAL; 6789 } 6790 6791 /* user-space did not provide behaviour attribute */ 6792 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID) 6793 return -EINVAL; 6794 6795 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour))) 6796 return -EINVAL; 6797 6798 return 0; 6799 } 6800 6801 static int nl80211_parse_random_mac(struct nlattr **attrs, 6802 u8 *mac_addr, u8 *mac_addr_mask) 6803 { 6804 int i; 6805 6806 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) { 6807 eth_zero_addr(mac_addr); 6808 eth_zero_addr(mac_addr_mask); 6809 mac_addr[0] = 0x2; 6810 mac_addr_mask[0] = 0x3; 6811 6812 return 0; 6813 } 6814 6815 /* need both or none */ 6816 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK]) 6817 return -EINVAL; 6818 6819 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN); 6820 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN); 6821 6822 /* don't allow or configure an mcast address */ 6823 if (!is_multicast_ether_addr(mac_addr_mask) || 6824 is_multicast_ether_addr(mac_addr)) 6825 return -EINVAL; 6826 6827 /* 6828 * allow users to pass a MAC address that has bits set outside 6829 * of the mask, but don't bother drivers with having to deal 6830 * with such bits 6831 */ 6832 for (i = 0; i < ETH_ALEN; i++) 6833 mac_addr[i] &= mac_addr_mask[i]; 6834 6835 return 0; 6836 } 6837 6838 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev) 6839 { 6840 ASSERT_WDEV_LOCK(wdev); 6841 6842 if (!cfg80211_beaconing_iface_active(wdev)) 6843 return true; 6844 6845 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR)) 6846 return true; 6847 6848 return regulatory_pre_cac_allowed(wdev->wiphy); 6849 } 6850 6851 static int 6852 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev, 6853 void *request, struct nlattr **attrs, 6854 bool is_sched_scan) 6855 { 6856 u8 *mac_addr, *mac_addr_mask; 6857 u32 *flags; 6858 enum nl80211_feature_flags randomness_flag; 6859 6860 if (!attrs[NL80211_ATTR_SCAN_FLAGS]) 6861 return 0; 6862 6863 if (is_sched_scan) { 6864 struct cfg80211_sched_scan_request *req = request; 6865 6866 randomness_flag = wdev ? 6867 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR : 6868 NL80211_FEATURE_ND_RANDOM_MAC_ADDR; 6869 flags = &req->flags; 6870 mac_addr = req->mac_addr; 6871 mac_addr_mask = req->mac_addr_mask; 6872 } else { 6873 struct cfg80211_scan_request *req = request; 6874 6875 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR; 6876 flags = &req->flags; 6877 mac_addr = req->mac_addr; 6878 mac_addr_mask = req->mac_addr_mask; 6879 } 6880 6881 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]); 6882 6883 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 6884 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) || 6885 ((*flags & NL80211_SCAN_FLAG_LOW_SPAN) && 6886 !wiphy_ext_feature_isset(wiphy, 6887 NL80211_EXT_FEATURE_LOW_SPAN_SCAN)) || 6888 ((*flags & NL80211_SCAN_FLAG_LOW_POWER) && 6889 !wiphy_ext_feature_isset(wiphy, 6890 NL80211_EXT_FEATURE_LOW_POWER_SCAN)) || 6891 ((*flags & NL80211_SCAN_FLAG_HIGH_ACCURACY) && 6892 !wiphy_ext_feature_isset(wiphy, 6893 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN))) 6894 return -EOPNOTSUPP; 6895 6896 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) { 6897 int err; 6898 6899 if (!(wiphy->features & randomness_flag) || 6900 (wdev && wdev->current_bss)) 6901 return -EOPNOTSUPP; 6902 6903 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask); 6904 if (err) 6905 return err; 6906 } 6907 6908 if ((*flags & NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME) && 6909 !wiphy_ext_feature_isset(wiphy, 6910 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME)) 6911 return -EOPNOTSUPP; 6912 6913 if ((*flags & NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP) && 6914 !wiphy_ext_feature_isset(wiphy, 6915 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP)) 6916 return -EOPNOTSUPP; 6917 6918 if ((*flags & NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) && 6919 !wiphy_ext_feature_isset(wiphy, 6920 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION)) 6921 return -EOPNOTSUPP; 6922 6923 if ((*flags & NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE) && 6924 !wiphy_ext_feature_isset(wiphy, 6925 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE)) 6926 return -EOPNOTSUPP; 6927 6928 return 0; 6929 } 6930 6931 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 6932 { 6933 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6934 struct wireless_dev *wdev = info->user_ptr[1]; 6935 struct cfg80211_scan_request *request; 6936 struct nlattr *attr; 6937 struct wiphy *wiphy; 6938 int err, tmp, n_ssids = 0, n_channels, i; 6939 size_t ie_len; 6940 6941 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 6942 return -EINVAL; 6943 6944 wiphy = &rdev->wiphy; 6945 6946 if (wdev->iftype == NL80211_IFTYPE_NAN) 6947 return -EOPNOTSUPP; 6948 6949 if (!rdev->ops->scan) 6950 return -EOPNOTSUPP; 6951 6952 if (rdev->scan_req || rdev->scan_msg) { 6953 err = -EBUSY; 6954 goto unlock; 6955 } 6956 6957 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 6958 n_channels = validate_scan_freqs( 6959 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 6960 if (!n_channels) { 6961 err = -EINVAL; 6962 goto unlock; 6963 } 6964 } else { 6965 n_channels = ieee80211_get_num_supported_channels(wiphy); 6966 } 6967 6968 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 6969 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 6970 n_ssids++; 6971 6972 if (n_ssids > wiphy->max_scan_ssids) { 6973 err = -EINVAL; 6974 goto unlock; 6975 } 6976 6977 if (info->attrs[NL80211_ATTR_IE]) 6978 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 6979 else 6980 ie_len = 0; 6981 6982 if (ie_len > wiphy->max_scan_ie_len) { 6983 err = -EINVAL; 6984 goto unlock; 6985 } 6986 6987 request = kzalloc(sizeof(*request) 6988 + sizeof(*request->ssids) * n_ssids 6989 + sizeof(*request->channels) * n_channels 6990 + ie_len, GFP_KERNEL); 6991 if (!request) { 6992 err = -ENOMEM; 6993 goto unlock; 6994 } 6995 6996 if (n_ssids) 6997 request->ssids = (void *)&request->channels[n_channels]; 6998 request->n_ssids = n_ssids; 6999 if (ie_len) { 7000 if (n_ssids) 7001 request->ie = (void *)(request->ssids + n_ssids); 7002 else 7003 request->ie = (void *)(request->channels + n_channels); 7004 } 7005 7006 i = 0; 7007 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 7008 /* user specified, bail out if channel not found */ 7009 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 7010 struct ieee80211_channel *chan; 7011 7012 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 7013 7014 if (!chan) { 7015 err = -EINVAL; 7016 goto out_free; 7017 } 7018 7019 /* ignore disabled channels */ 7020 if (chan->flags & IEEE80211_CHAN_DISABLED) 7021 continue; 7022 7023 request->channels[i] = chan; 7024 i++; 7025 } 7026 } else { 7027 enum nl80211_band band; 7028 7029 /* all channels */ 7030 for (band = 0; band < NUM_NL80211_BANDS; band++) { 7031 int j; 7032 7033 if (!wiphy->bands[band]) 7034 continue; 7035 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 7036 struct ieee80211_channel *chan; 7037 7038 chan = &wiphy->bands[band]->channels[j]; 7039 7040 if (chan->flags & IEEE80211_CHAN_DISABLED) 7041 continue; 7042 7043 request->channels[i] = chan; 7044 i++; 7045 } 7046 } 7047 } 7048 7049 if (!i) { 7050 err = -EINVAL; 7051 goto out_free; 7052 } 7053 7054 request->n_channels = i; 7055 7056 wdev_lock(wdev); 7057 if (!cfg80211_off_channel_oper_allowed(wdev)) { 7058 struct ieee80211_channel *chan; 7059 7060 if (request->n_channels != 1) { 7061 wdev_unlock(wdev); 7062 err = -EBUSY; 7063 goto out_free; 7064 } 7065 7066 chan = request->channels[0]; 7067 if (chan->center_freq != wdev->chandef.chan->center_freq) { 7068 wdev_unlock(wdev); 7069 err = -EBUSY; 7070 goto out_free; 7071 } 7072 } 7073 wdev_unlock(wdev); 7074 7075 i = 0; 7076 if (n_ssids) { 7077 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 7078 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 7079 err = -EINVAL; 7080 goto out_free; 7081 } 7082 request->ssids[i].ssid_len = nla_len(attr); 7083 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 7084 i++; 7085 } 7086 } 7087 7088 if (info->attrs[NL80211_ATTR_IE]) { 7089 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 7090 memcpy((void *)request->ie, 7091 nla_data(info->attrs[NL80211_ATTR_IE]), 7092 request->ie_len); 7093 } 7094 7095 for (i = 0; i < NUM_NL80211_BANDS; i++) 7096 if (wiphy->bands[i]) 7097 request->rates[i] = 7098 (1 << wiphy->bands[i]->n_bitrates) - 1; 7099 7100 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 7101 nla_for_each_nested(attr, 7102 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 7103 tmp) { 7104 enum nl80211_band band = nla_type(attr); 7105 7106 if (band < 0 || band >= NUM_NL80211_BANDS) { 7107 err = -EINVAL; 7108 goto out_free; 7109 } 7110 7111 if (!wiphy->bands[band]) 7112 continue; 7113 7114 err = ieee80211_get_ratemask(wiphy->bands[band], 7115 nla_data(attr), 7116 nla_len(attr), 7117 &request->rates[band]); 7118 if (err) 7119 goto out_free; 7120 } 7121 } 7122 7123 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) { 7124 if (!wiphy_ext_feature_isset(wiphy, 7125 NL80211_EXT_FEATURE_SET_SCAN_DWELL)) { 7126 err = -EOPNOTSUPP; 7127 goto out_free; 7128 } 7129 7130 request->duration = 7131 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]); 7132 request->duration_mandatory = 7133 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]); 7134 } 7135 7136 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs, 7137 false); 7138 if (err) 7139 goto out_free; 7140 7141 request->no_cck = 7142 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 7143 7144 /* Initial implementation used NL80211_ATTR_MAC to set the specific 7145 * BSSID to scan for. This was problematic because that same attribute 7146 * was already used for another purpose (local random MAC address). The 7147 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards 7148 * compatibility with older userspace components, also use the 7149 * NL80211_ATTR_MAC value here if it can be determined to be used for 7150 * the specific BSSID use case instead of the random MAC address 7151 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use). 7152 */ 7153 if (info->attrs[NL80211_ATTR_BSSID]) 7154 memcpy(request->bssid, 7155 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN); 7156 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) && 7157 info->attrs[NL80211_ATTR_MAC]) 7158 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]), 7159 ETH_ALEN); 7160 else 7161 eth_broadcast_addr(request->bssid); 7162 7163 request->wdev = wdev; 7164 request->wiphy = &rdev->wiphy; 7165 request->scan_start = jiffies; 7166 7167 rdev->scan_req = request; 7168 err = rdev_scan(rdev, request); 7169 7170 if (!err) { 7171 nl80211_send_scan_start(rdev, wdev); 7172 if (wdev->netdev) 7173 dev_hold(wdev->netdev); 7174 } else { 7175 out_free: 7176 rdev->scan_req = NULL; 7177 kfree(request); 7178 } 7179 7180 unlock: 7181 return err; 7182 } 7183 7184 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info) 7185 { 7186 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7187 struct wireless_dev *wdev = info->user_ptr[1]; 7188 7189 if (!rdev->ops->abort_scan) 7190 return -EOPNOTSUPP; 7191 7192 if (rdev->scan_msg) 7193 return 0; 7194 7195 if (!rdev->scan_req) 7196 return -ENOENT; 7197 7198 rdev_abort_scan(rdev, wdev); 7199 return 0; 7200 } 7201 7202 static int 7203 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans, 7204 struct cfg80211_sched_scan_request *request, 7205 struct nlattr **attrs) 7206 { 7207 int tmp, err, i = 0; 7208 struct nlattr *attr; 7209 7210 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) { 7211 u32 interval; 7212 7213 /* 7214 * If scan plans are not specified, 7215 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this 7216 * case one scan plan will be set with the specified scan 7217 * interval and infinite number of iterations. 7218 */ 7219 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 7220 if (!interval) 7221 return -EINVAL; 7222 7223 request->scan_plans[0].interval = 7224 DIV_ROUND_UP(interval, MSEC_PER_SEC); 7225 if (!request->scan_plans[0].interval) 7226 return -EINVAL; 7227 7228 if (request->scan_plans[0].interval > 7229 wiphy->max_sched_scan_plan_interval) 7230 request->scan_plans[0].interval = 7231 wiphy->max_sched_scan_plan_interval; 7232 7233 return 0; 7234 } 7235 7236 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) { 7237 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1]; 7238 7239 if (WARN_ON(i >= n_plans)) 7240 return -EINVAL; 7241 7242 err = nla_parse_nested(plan, NL80211_SCHED_SCAN_PLAN_MAX, 7243 attr, nl80211_plan_policy, NULL); 7244 if (err) 7245 return err; 7246 7247 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]) 7248 return -EINVAL; 7249 7250 request->scan_plans[i].interval = 7251 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]); 7252 if (!request->scan_plans[i].interval || 7253 request->scan_plans[i].interval > 7254 wiphy->max_sched_scan_plan_interval) 7255 return -EINVAL; 7256 7257 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) { 7258 request->scan_plans[i].iterations = 7259 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]); 7260 if (!request->scan_plans[i].iterations || 7261 (request->scan_plans[i].iterations > 7262 wiphy->max_sched_scan_plan_iterations)) 7263 return -EINVAL; 7264 } else if (i < n_plans - 1) { 7265 /* 7266 * All scan plans but the last one must specify 7267 * a finite number of iterations 7268 */ 7269 return -EINVAL; 7270 } 7271 7272 i++; 7273 } 7274 7275 /* 7276 * The last scan plan must not specify the number of 7277 * iterations, it is supposed to run infinitely 7278 */ 7279 if (request->scan_plans[n_plans - 1].iterations) 7280 return -EINVAL; 7281 7282 return 0; 7283 } 7284 7285 static struct cfg80211_sched_scan_request * 7286 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev, 7287 struct nlattr **attrs, int max_match_sets) 7288 { 7289 struct cfg80211_sched_scan_request *request; 7290 struct nlattr *attr; 7291 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0; 7292 enum nl80211_band band; 7293 size_t ie_len; 7294 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 7295 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF; 7296 7297 if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE])) 7298 return ERR_PTR(-EINVAL); 7299 7300 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 7301 n_channels = validate_scan_freqs( 7302 attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 7303 if (!n_channels) 7304 return ERR_PTR(-EINVAL); 7305 } else { 7306 n_channels = ieee80211_get_num_supported_channels(wiphy); 7307 } 7308 7309 if (attrs[NL80211_ATTR_SCAN_SSIDS]) 7310 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS], 7311 tmp) 7312 n_ssids++; 7313 7314 if (n_ssids > wiphy->max_sched_scan_ssids) 7315 return ERR_PTR(-EINVAL); 7316 7317 /* 7318 * First, count the number of 'real' matchsets. Due to an issue with 7319 * the old implementation, matchsets containing only the RSSI attribute 7320 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default' 7321 * RSSI for all matchsets, rather than their own matchset for reporting 7322 * all APs with a strong RSSI. This is needed to be compatible with 7323 * older userspace that treated a matchset with only the RSSI as the 7324 * global RSSI for all other matchsets - if there are other matchsets. 7325 */ 7326 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 7327 nla_for_each_nested(attr, 7328 attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 7329 tmp) { 7330 struct nlattr *rssi; 7331 7332 err = nla_parse_nested(tb, 7333 NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 7334 attr, nl80211_match_policy, 7335 NULL); 7336 if (err) 7337 return ERR_PTR(err); 7338 7339 /* SSID and BSSID are mutually exclusive */ 7340 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] && 7341 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) 7342 return ERR_PTR(-EINVAL); 7343 7344 /* add other standalone attributes here */ 7345 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] || 7346 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) { 7347 n_match_sets++; 7348 continue; 7349 } 7350 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 7351 if (rssi) 7352 default_match_rssi = nla_get_s32(rssi); 7353 } 7354 } 7355 7356 /* However, if there's no other matchset, add the RSSI one */ 7357 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF) 7358 n_match_sets = 1; 7359 7360 if (n_match_sets > max_match_sets) 7361 return ERR_PTR(-EINVAL); 7362 7363 if (attrs[NL80211_ATTR_IE]) 7364 ie_len = nla_len(attrs[NL80211_ATTR_IE]); 7365 else 7366 ie_len = 0; 7367 7368 if (ie_len > wiphy->max_sched_scan_ie_len) 7369 return ERR_PTR(-EINVAL); 7370 7371 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) { 7372 /* 7373 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since 7374 * each scan plan already specifies its own interval 7375 */ 7376 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 7377 return ERR_PTR(-EINVAL); 7378 7379 nla_for_each_nested(attr, 7380 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) 7381 n_plans++; 7382 } else { 7383 /* 7384 * The scan interval attribute is kept for backward 7385 * compatibility. If no scan plans are specified and sched scan 7386 * interval is specified, one scan plan will be set with this 7387 * scan interval and infinite number of iterations. 7388 */ 7389 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 7390 return ERR_PTR(-EINVAL); 7391 7392 n_plans = 1; 7393 } 7394 7395 if (!n_plans || n_plans > wiphy->max_sched_scan_plans) 7396 return ERR_PTR(-EINVAL); 7397 7398 if (!wiphy_ext_feature_isset( 7399 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) && 7400 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] || 7401 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST])) 7402 return ERR_PTR(-EINVAL); 7403 7404 request = kzalloc(sizeof(*request) 7405 + sizeof(*request->ssids) * n_ssids 7406 + sizeof(*request->match_sets) * n_match_sets 7407 + sizeof(*request->scan_plans) * n_plans 7408 + sizeof(*request->channels) * n_channels 7409 + ie_len, GFP_KERNEL); 7410 if (!request) 7411 return ERR_PTR(-ENOMEM); 7412 7413 if (n_ssids) 7414 request->ssids = (void *)&request->channels[n_channels]; 7415 request->n_ssids = n_ssids; 7416 if (ie_len) { 7417 if (n_ssids) 7418 request->ie = (void *)(request->ssids + n_ssids); 7419 else 7420 request->ie = (void *)(request->channels + n_channels); 7421 } 7422 7423 if (n_match_sets) { 7424 if (request->ie) 7425 request->match_sets = (void *)(request->ie + ie_len); 7426 else if (n_ssids) 7427 request->match_sets = 7428 (void *)(request->ssids + n_ssids); 7429 else 7430 request->match_sets = 7431 (void *)(request->channels + n_channels); 7432 } 7433 request->n_match_sets = n_match_sets; 7434 7435 if (n_match_sets) 7436 request->scan_plans = (void *)(request->match_sets + 7437 n_match_sets); 7438 else if (request->ie) 7439 request->scan_plans = (void *)(request->ie + ie_len); 7440 else if (n_ssids) 7441 request->scan_plans = (void *)(request->ssids + n_ssids); 7442 else 7443 request->scan_plans = (void *)(request->channels + n_channels); 7444 7445 request->n_scan_plans = n_plans; 7446 7447 i = 0; 7448 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 7449 /* user specified, bail out if channel not found */ 7450 nla_for_each_nested(attr, 7451 attrs[NL80211_ATTR_SCAN_FREQUENCIES], 7452 tmp) { 7453 struct ieee80211_channel *chan; 7454 7455 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 7456 7457 if (!chan) { 7458 err = -EINVAL; 7459 goto out_free; 7460 } 7461 7462 /* ignore disabled channels */ 7463 if (chan->flags & IEEE80211_CHAN_DISABLED) 7464 continue; 7465 7466 request->channels[i] = chan; 7467 i++; 7468 } 7469 } else { 7470 /* all channels */ 7471 for (band = 0; band < NUM_NL80211_BANDS; band++) { 7472 int j; 7473 7474 if (!wiphy->bands[band]) 7475 continue; 7476 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 7477 struct ieee80211_channel *chan; 7478 7479 chan = &wiphy->bands[band]->channels[j]; 7480 7481 if (chan->flags & IEEE80211_CHAN_DISABLED) 7482 continue; 7483 7484 request->channels[i] = chan; 7485 i++; 7486 } 7487 } 7488 } 7489 7490 if (!i) { 7491 err = -EINVAL; 7492 goto out_free; 7493 } 7494 7495 request->n_channels = i; 7496 7497 i = 0; 7498 if (n_ssids) { 7499 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS], 7500 tmp) { 7501 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 7502 err = -EINVAL; 7503 goto out_free; 7504 } 7505 request->ssids[i].ssid_len = nla_len(attr); 7506 memcpy(request->ssids[i].ssid, nla_data(attr), 7507 nla_len(attr)); 7508 i++; 7509 } 7510 } 7511 7512 i = 0; 7513 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 7514 nla_for_each_nested(attr, 7515 attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 7516 tmp) { 7517 struct nlattr *ssid, *bssid, *rssi; 7518 7519 err = nla_parse_nested(tb, 7520 NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 7521 attr, nl80211_match_policy, 7522 NULL); 7523 if (err) 7524 goto out_free; 7525 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]; 7526 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]; 7527 if (ssid || bssid) { 7528 if (WARN_ON(i >= n_match_sets)) { 7529 /* this indicates a programming error, 7530 * the loop above should have verified 7531 * things properly 7532 */ 7533 err = -EINVAL; 7534 goto out_free; 7535 } 7536 7537 if (ssid) { 7538 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { 7539 err = -EINVAL; 7540 goto out_free; 7541 } 7542 memcpy(request->match_sets[i].ssid.ssid, 7543 nla_data(ssid), nla_len(ssid)); 7544 request->match_sets[i].ssid.ssid_len = 7545 nla_len(ssid); 7546 } 7547 if (bssid) { 7548 if (nla_len(bssid) != ETH_ALEN) { 7549 err = -EINVAL; 7550 goto out_free; 7551 } 7552 memcpy(request->match_sets[i].bssid, 7553 nla_data(bssid), ETH_ALEN); 7554 } 7555 7556 /* special attribute - old implementation w/a */ 7557 request->match_sets[i].rssi_thold = 7558 default_match_rssi; 7559 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 7560 if (rssi) 7561 request->match_sets[i].rssi_thold = 7562 nla_get_s32(rssi); 7563 } 7564 i++; 7565 } 7566 7567 /* there was no other matchset, so the RSSI one is alone */ 7568 if (i == 0 && n_match_sets) 7569 request->match_sets[0].rssi_thold = default_match_rssi; 7570 7571 request->min_rssi_thold = INT_MAX; 7572 for (i = 0; i < n_match_sets; i++) 7573 request->min_rssi_thold = 7574 min(request->match_sets[i].rssi_thold, 7575 request->min_rssi_thold); 7576 } else { 7577 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF; 7578 } 7579 7580 if (ie_len) { 7581 request->ie_len = ie_len; 7582 memcpy((void *)request->ie, 7583 nla_data(attrs[NL80211_ATTR_IE]), 7584 request->ie_len); 7585 } 7586 7587 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true); 7588 if (err) 7589 goto out_free; 7590 7591 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY]) 7592 request->delay = 7593 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]); 7594 7595 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) { 7596 request->relative_rssi = nla_get_s8( 7597 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]); 7598 request->relative_rssi_set = true; 7599 } 7600 7601 if (request->relative_rssi_set && 7602 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) { 7603 struct nl80211_bss_select_rssi_adjust *rssi_adjust; 7604 7605 rssi_adjust = nla_data( 7606 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]); 7607 request->rssi_adjust.band = rssi_adjust->band; 7608 request->rssi_adjust.delta = rssi_adjust->delta; 7609 if (!is_band_valid(wiphy, request->rssi_adjust.band)) { 7610 err = -EINVAL; 7611 goto out_free; 7612 } 7613 } 7614 7615 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs); 7616 if (err) 7617 goto out_free; 7618 7619 request->scan_start = jiffies; 7620 7621 return request; 7622 7623 out_free: 7624 kfree(request); 7625 return ERR_PTR(err); 7626 } 7627 7628 static int nl80211_start_sched_scan(struct sk_buff *skb, 7629 struct genl_info *info) 7630 { 7631 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7632 struct net_device *dev = info->user_ptr[1]; 7633 struct wireless_dev *wdev = dev->ieee80211_ptr; 7634 struct cfg80211_sched_scan_request *sched_scan_req; 7635 bool want_multi; 7636 int err; 7637 7638 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start) 7639 return -EOPNOTSUPP; 7640 7641 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI]; 7642 err = cfg80211_sched_scan_req_possible(rdev, want_multi); 7643 if (err) 7644 return err; 7645 7646 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev, 7647 info->attrs, 7648 rdev->wiphy.max_match_sets); 7649 7650 err = PTR_ERR_OR_ZERO(sched_scan_req); 7651 if (err) 7652 goto out_err; 7653 7654 /* leave request id zero for legacy request 7655 * or if driver does not support multi-scheduled scan 7656 */ 7657 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) { 7658 while (!sched_scan_req->reqid) 7659 sched_scan_req->reqid = rdev->wiphy.cookie_counter++; 7660 } 7661 7662 err = rdev_sched_scan_start(rdev, dev, sched_scan_req); 7663 if (err) 7664 goto out_free; 7665 7666 sched_scan_req->dev = dev; 7667 sched_scan_req->wiphy = &rdev->wiphy; 7668 7669 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 7670 sched_scan_req->owner_nlportid = info->snd_portid; 7671 7672 cfg80211_add_sched_scan_req(rdev, sched_scan_req); 7673 7674 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN); 7675 return 0; 7676 7677 out_free: 7678 kfree(sched_scan_req); 7679 out_err: 7680 return err; 7681 } 7682 7683 static int nl80211_stop_sched_scan(struct sk_buff *skb, 7684 struct genl_info *info) 7685 { 7686 struct cfg80211_sched_scan_request *req; 7687 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7688 u64 cookie; 7689 7690 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop) 7691 return -EOPNOTSUPP; 7692 7693 if (info->attrs[NL80211_ATTR_COOKIE]) { 7694 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 7695 return __cfg80211_stop_sched_scan(rdev, cookie, false); 7696 } 7697 7698 req = list_first_or_null_rcu(&rdev->sched_scan_req_list, 7699 struct cfg80211_sched_scan_request, 7700 list); 7701 if (!req || req->reqid || 7702 (req->owner_nlportid && 7703 req->owner_nlportid != info->snd_portid)) 7704 return -ENOENT; 7705 7706 return cfg80211_stop_sched_scan_req(rdev, req, false); 7707 } 7708 7709 static int nl80211_start_radar_detection(struct sk_buff *skb, 7710 struct genl_info *info) 7711 { 7712 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7713 struct net_device *dev = info->user_ptr[1]; 7714 struct wireless_dev *wdev = dev->ieee80211_ptr; 7715 struct wiphy *wiphy = wdev->wiphy; 7716 struct cfg80211_chan_def chandef; 7717 enum nl80211_dfs_regions dfs_region; 7718 unsigned int cac_time_ms; 7719 int err; 7720 7721 dfs_region = reg_get_dfs_region(wiphy); 7722 if (dfs_region == NL80211_DFS_UNSET) 7723 return -EINVAL; 7724 7725 err = nl80211_parse_chandef(rdev, info, &chandef); 7726 if (err) 7727 return err; 7728 7729 if (netif_carrier_ok(dev)) 7730 return -EBUSY; 7731 7732 if (wdev->cac_started) 7733 return -EBUSY; 7734 7735 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype); 7736 if (err < 0) 7737 return err; 7738 7739 if (err == 0) 7740 return -EINVAL; 7741 7742 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef)) 7743 return -EINVAL; 7744 7745 /* CAC start is offloaded to HW and can't be started manually */ 7746 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD)) 7747 return -EOPNOTSUPP; 7748 7749 if (!rdev->ops->start_radar_detection) 7750 return -EOPNOTSUPP; 7751 7752 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef); 7753 if (WARN_ON(!cac_time_ms)) 7754 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS; 7755 7756 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms); 7757 if (!err) { 7758 wdev->chandef = chandef; 7759 wdev->cac_started = true; 7760 wdev->cac_start_time = jiffies; 7761 wdev->cac_time_ms = cac_time_ms; 7762 } 7763 return err; 7764 } 7765 7766 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info) 7767 { 7768 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7769 struct net_device *dev = info->user_ptr[1]; 7770 struct wireless_dev *wdev = dev->ieee80211_ptr; 7771 struct cfg80211_csa_settings params; 7772 /* csa_attrs is defined static to avoid waste of stack size - this 7773 * function is called under RTNL lock, so this should not be a problem. 7774 */ 7775 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1]; 7776 int err; 7777 bool need_new_beacon = false; 7778 bool need_handle_dfs_flag = true; 7779 int len, i; 7780 u32 cs_count; 7781 7782 if (!rdev->ops->channel_switch || 7783 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)) 7784 return -EOPNOTSUPP; 7785 7786 switch (dev->ieee80211_ptr->iftype) { 7787 case NL80211_IFTYPE_AP: 7788 case NL80211_IFTYPE_P2P_GO: 7789 need_new_beacon = true; 7790 /* For all modes except AP the handle_dfs flag needs to be 7791 * supplied to tell the kernel that userspace will handle radar 7792 * events when they happen. Otherwise a switch to a channel 7793 * requiring DFS will be rejected. 7794 */ 7795 need_handle_dfs_flag = false; 7796 7797 /* useless if AP is not running */ 7798 if (!wdev->beacon_interval) 7799 return -ENOTCONN; 7800 break; 7801 case NL80211_IFTYPE_ADHOC: 7802 if (!wdev->ssid_len) 7803 return -ENOTCONN; 7804 break; 7805 case NL80211_IFTYPE_MESH_POINT: 7806 if (!wdev->mesh_id_len) 7807 return -ENOTCONN; 7808 break; 7809 default: 7810 return -EOPNOTSUPP; 7811 } 7812 7813 memset(¶ms, 0, sizeof(params)); 7814 7815 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 7816 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]) 7817 return -EINVAL; 7818 7819 /* only important for AP, IBSS and mesh create IEs internally */ 7820 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES]) 7821 return -EINVAL; 7822 7823 /* Even though the attribute is u32, the specification says 7824 * u8, so let's make sure we don't overflow. 7825 */ 7826 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]); 7827 if (cs_count > 255) 7828 return -EINVAL; 7829 7830 params.count = cs_count; 7831 7832 if (!need_new_beacon) 7833 goto skip_beacons; 7834 7835 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon_after); 7836 if (err) 7837 return err; 7838 7839 err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX, 7840 info->attrs[NL80211_ATTR_CSA_IES], 7841 nl80211_policy, info->extack); 7842 if (err) 7843 return err; 7844 7845 err = nl80211_parse_beacon(csa_attrs, ¶ms.beacon_csa); 7846 if (err) 7847 return err; 7848 7849 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]) 7850 return -EINVAL; 7851 7852 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]); 7853 if (!len || (len % sizeof(u16))) 7854 return -EINVAL; 7855 7856 params.n_counter_offsets_beacon = len / sizeof(u16); 7857 if (rdev->wiphy.max_num_csa_counters && 7858 (params.n_counter_offsets_beacon > 7859 rdev->wiphy.max_num_csa_counters)) 7860 return -EINVAL; 7861 7862 params.counter_offsets_beacon = 7863 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]); 7864 7865 /* sanity checks - counters should fit and be the same */ 7866 for (i = 0; i < params.n_counter_offsets_beacon; i++) { 7867 u16 offset = params.counter_offsets_beacon[i]; 7868 7869 if (offset >= params.beacon_csa.tail_len) 7870 return -EINVAL; 7871 7872 if (params.beacon_csa.tail[offset] != params.count) 7873 return -EINVAL; 7874 } 7875 7876 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) { 7877 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]); 7878 if (!len || (len % sizeof(u16))) 7879 return -EINVAL; 7880 7881 params.n_counter_offsets_presp = len / sizeof(u16); 7882 if (rdev->wiphy.max_num_csa_counters && 7883 (params.n_counter_offsets_presp > 7884 rdev->wiphy.max_num_csa_counters)) 7885 return -EINVAL; 7886 7887 params.counter_offsets_presp = 7888 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]); 7889 7890 /* sanity checks - counters should fit and be the same */ 7891 for (i = 0; i < params.n_counter_offsets_presp; i++) { 7892 u16 offset = params.counter_offsets_presp[i]; 7893 7894 if (offset >= params.beacon_csa.probe_resp_len) 7895 return -EINVAL; 7896 7897 if (params.beacon_csa.probe_resp[offset] != 7898 params.count) 7899 return -EINVAL; 7900 } 7901 } 7902 7903 skip_beacons: 7904 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef); 7905 if (err) 7906 return err; 7907 7908 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef, 7909 wdev->iftype)) 7910 return -EINVAL; 7911 7912 err = cfg80211_chandef_dfs_required(wdev->wiphy, 7913 ¶ms.chandef, 7914 wdev->iftype); 7915 if (err < 0) 7916 return err; 7917 7918 if (err > 0) { 7919 params.radar_required = true; 7920 if (need_handle_dfs_flag && 7921 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) { 7922 return -EINVAL; 7923 } 7924 } 7925 7926 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX]) 7927 params.block_tx = true; 7928 7929 wdev_lock(wdev); 7930 err = rdev_channel_switch(rdev, dev, ¶ms); 7931 wdev_unlock(wdev); 7932 7933 return err; 7934 } 7935 7936 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 7937 u32 seq, int flags, 7938 struct cfg80211_registered_device *rdev, 7939 struct wireless_dev *wdev, 7940 struct cfg80211_internal_bss *intbss) 7941 { 7942 struct cfg80211_bss *res = &intbss->pub; 7943 const struct cfg80211_bss_ies *ies; 7944 void *hdr; 7945 struct nlattr *bss; 7946 7947 ASSERT_WDEV_LOCK(wdev); 7948 7949 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 7950 NL80211_CMD_NEW_SCAN_RESULTS); 7951 if (!hdr) 7952 return -1; 7953 7954 genl_dump_check_consistent(cb, hdr); 7955 7956 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation)) 7957 goto nla_put_failure; 7958 if (wdev->netdev && 7959 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 7960 goto nla_put_failure; 7961 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 7962 NL80211_ATTR_PAD)) 7963 goto nla_put_failure; 7964 7965 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 7966 if (!bss) 7967 goto nla_put_failure; 7968 if ((!is_zero_ether_addr(res->bssid) && 7969 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid))) 7970 goto nla_put_failure; 7971 7972 rcu_read_lock(); 7973 /* indicate whether we have probe response data or not */ 7974 if (rcu_access_pointer(res->proberesp_ies) && 7975 nla_put_flag(msg, NL80211_BSS_PRESP_DATA)) 7976 goto fail_unlock_rcu; 7977 7978 /* this pointer prefers to be pointed to probe response data 7979 * but is always valid 7980 */ 7981 ies = rcu_dereference(res->ies); 7982 if (ies) { 7983 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf, 7984 NL80211_BSS_PAD)) 7985 goto fail_unlock_rcu; 7986 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS, 7987 ies->len, ies->data)) 7988 goto fail_unlock_rcu; 7989 } 7990 7991 /* and this pointer is always (unless driver didn't know) beacon data */ 7992 ies = rcu_dereference(res->beacon_ies); 7993 if (ies && ies->from_beacon) { 7994 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf, 7995 NL80211_BSS_PAD)) 7996 goto fail_unlock_rcu; 7997 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES, 7998 ies->len, ies->data)) 7999 goto fail_unlock_rcu; 8000 } 8001 rcu_read_unlock(); 8002 8003 if (res->beacon_interval && 8004 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval)) 8005 goto nla_put_failure; 8006 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) || 8007 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) || 8008 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) || 8009 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO, 8010 jiffies_to_msecs(jiffies - intbss->ts))) 8011 goto nla_put_failure; 8012 8013 if (intbss->parent_tsf && 8014 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF, 8015 intbss->parent_tsf, NL80211_BSS_PAD) || 8016 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN, 8017 intbss->parent_bssid))) 8018 goto nla_put_failure; 8019 8020 if (intbss->ts_boottime && 8021 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME, 8022 intbss->ts_boottime, NL80211_BSS_PAD)) 8023 goto nla_put_failure; 8024 8025 if (!nl80211_put_signal(msg, intbss->pub.chains, 8026 intbss->pub.chain_signal, 8027 NL80211_BSS_CHAIN_SIGNAL)) 8028 goto nla_put_failure; 8029 8030 switch (rdev->wiphy.signal_type) { 8031 case CFG80211_SIGNAL_TYPE_MBM: 8032 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal)) 8033 goto nla_put_failure; 8034 break; 8035 case CFG80211_SIGNAL_TYPE_UNSPEC: 8036 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal)) 8037 goto nla_put_failure; 8038 break; 8039 default: 8040 break; 8041 } 8042 8043 switch (wdev->iftype) { 8044 case NL80211_IFTYPE_P2P_CLIENT: 8045 case NL80211_IFTYPE_STATION: 8046 if (intbss == wdev->current_bss && 8047 nla_put_u32(msg, NL80211_BSS_STATUS, 8048 NL80211_BSS_STATUS_ASSOCIATED)) 8049 goto nla_put_failure; 8050 break; 8051 case NL80211_IFTYPE_ADHOC: 8052 if (intbss == wdev->current_bss && 8053 nla_put_u32(msg, NL80211_BSS_STATUS, 8054 NL80211_BSS_STATUS_IBSS_JOINED)) 8055 goto nla_put_failure; 8056 break; 8057 default: 8058 break; 8059 } 8060 8061 nla_nest_end(msg, bss); 8062 8063 genlmsg_end(msg, hdr); 8064 return 0; 8065 8066 fail_unlock_rcu: 8067 rcu_read_unlock(); 8068 nla_put_failure: 8069 genlmsg_cancel(msg, hdr); 8070 return -EMSGSIZE; 8071 } 8072 8073 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb) 8074 { 8075 struct cfg80211_registered_device *rdev; 8076 struct cfg80211_internal_bss *scan; 8077 struct wireless_dev *wdev; 8078 int start = cb->args[2], idx = 0; 8079 int err; 8080 8081 rtnl_lock(); 8082 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev); 8083 if (err) { 8084 rtnl_unlock(); 8085 return err; 8086 } 8087 8088 wdev_lock(wdev); 8089 spin_lock_bh(&rdev->bss_lock); 8090 8091 /* 8092 * dump_scan will be called multiple times to break up the scan results 8093 * into multiple messages. It is unlikely that any more bss-es will be 8094 * expired after the first call, so only call only call this on the 8095 * first dump_scan invocation. 8096 */ 8097 if (start == 0) 8098 cfg80211_bss_expire(rdev); 8099 8100 cb->seq = rdev->bss_generation; 8101 8102 list_for_each_entry(scan, &rdev->bss_list, list) { 8103 if (++idx <= start) 8104 continue; 8105 if (nl80211_send_bss(skb, cb, 8106 cb->nlh->nlmsg_seq, NLM_F_MULTI, 8107 rdev, wdev, scan) < 0) { 8108 idx--; 8109 break; 8110 } 8111 } 8112 8113 spin_unlock_bh(&rdev->bss_lock); 8114 wdev_unlock(wdev); 8115 8116 cb->args[2] = idx; 8117 rtnl_unlock(); 8118 8119 return skb->len; 8120 } 8121 8122 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq, 8123 int flags, struct net_device *dev, 8124 bool allow_radio_stats, 8125 struct survey_info *survey) 8126 { 8127 void *hdr; 8128 struct nlattr *infoattr; 8129 8130 /* skip radio stats if userspace didn't request them */ 8131 if (!survey->channel && !allow_radio_stats) 8132 return 0; 8133 8134 hdr = nl80211hdr_put(msg, portid, seq, flags, 8135 NL80211_CMD_NEW_SURVEY_RESULTS); 8136 if (!hdr) 8137 return -ENOMEM; 8138 8139 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 8140 goto nla_put_failure; 8141 8142 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 8143 if (!infoattr) 8144 goto nla_put_failure; 8145 8146 if (survey->channel && 8147 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY, 8148 survey->channel->center_freq)) 8149 goto nla_put_failure; 8150 8151 if ((survey->filled & SURVEY_INFO_NOISE_DBM) && 8152 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise)) 8153 goto nla_put_failure; 8154 if ((survey->filled & SURVEY_INFO_IN_USE) && 8155 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE)) 8156 goto nla_put_failure; 8157 if ((survey->filled & SURVEY_INFO_TIME) && 8158 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME, 8159 survey->time, NL80211_SURVEY_INFO_PAD)) 8160 goto nla_put_failure; 8161 if ((survey->filled & SURVEY_INFO_TIME_BUSY) && 8162 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY, 8163 survey->time_busy, NL80211_SURVEY_INFO_PAD)) 8164 goto nla_put_failure; 8165 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) && 8166 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY, 8167 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD)) 8168 goto nla_put_failure; 8169 if ((survey->filled & SURVEY_INFO_TIME_RX) && 8170 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX, 8171 survey->time_rx, NL80211_SURVEY_INFO_PAD)) 8172 goto nla_put_failure; 8173 if ((survey->filled & SURVEY_INFO_TIME_TX) && 8174 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX, 8175 survey->time_tx, NL80211_SURVEY_INFO_PAD)) 8176 goto nla_put_failure; 8177 if ((survey->filled & SURVEY_INFO_TIME_SCAN) && 8178 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN, 8179 survey->time_scan, NL80211_SURVEY_INFO_PAD)) 8180 goto nla_put_failure; 8181 8182 nla_nest_end(msg, infoattr); 8183 8184 genlmsg_end(msg, hdr); 8185 return 0; 8186 8187 nla_put_failure: 8188 genlmsg_cancel(msg, hdr); 8189 return -EMSGSIZE; 8190 } 8191 8192 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb) 8193 { 8194 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam); 8195 struct survey_info survey; 8196 struct cfg80211_registered_device *rdev; 8197 struct wireless_dev *wdev; 8198 int survey_idx = cb->args[2]; 8199 int res; 8200 bool radio_stats; 8201 8202 rtnl_lock(); 8203 res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev); 8204 if (res) 8205 goto out_err; 8206 8207 /* prepare_wdev_dump parsed the attributes */ 8208 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS]; 8209 8210 if (!wdev->netdev) { 8211 res = -EINVAL; 8212 goto out_err; 8213 } 8214 8215 if (!rdev->ops->dump_survey) { 8216 res = -EOPNOTSUPP; 8217 goto out_err; 8218 } 8219 8220 while (1) { 8221 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey); 8222 if (res == -ENOENT) 8223 break; 8224 if (res) 8225 goto out_err; 8226 8227 /* don't send disabled channels, but do send non-channel data */ 8228 if (survey.channel && 8229 survey.channel->flags & IEEE80211_CHAN_DISABLED) { 8230 survey_idx++; 8231 continue; 8232 } 8233 8234 if (nl80211_send_survey(skb, 8235 NETLINK_CB(cb->skb).portid, 8236 cb->nlh->nlmsg_seq, NLM_F_MULTI, 8237 wdev->netdev, radio_stats, &survey) < 0) 8238 goto out; 8239 survey_idx++; 8240 } 8241 8242 out: 8243 cb->args[2] = survey_idx; 8244 res = skb->len; 8245 out_err: 8246 rtnl_unlock(); 8247 return res; 8248 } 8249 8250 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 8251 { 8252 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 8253 NL80211_WPA_VERSION_2)); 8254 } 8255 8256 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 8257 { 8258 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8259 struct net_device *dev = info->user_ptr[1]; 8260 struct ieee80211_channel *chan; 8261 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL; 8262 int err, ssid_len, ie_len = 0, auth_data_len = 0; 8263 enum nl80211_auth_type auth_type; 8264 struct key_parse key; 8265 bool local_state_change; 8266 8267 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 8268 return -EINVAL; 8269 8270 if (!info->attrs[NL80211_ATTR_MAC]) 8271 return -EINVAL; 8272 8273 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 8274 return -EINVAL; 8275 8276 if (!info->attrs[NL80211_ATTR_SSID]) 8277 return -EINVAL; 8278 8279 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 8280 return -EINVAL; 8281 8282 err = nl80211_parse_key(info, &key); 8283 if (err) 8284 return err; 8285 8286 if (key.idx >= 0) { 8287 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 8288 return -EINVAL; 8289 if (!key.p.key || !key.p.key_len) 8290 return -EINVAL; 8291 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 8292 key.p.key_len != WLAN_KEY_LEN_WEP40) && 8293 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 8294 key.p.key_len != WLAN_KEY_LEN_WEP104)) 8295 return -EINVAL; 8296 if (key.idx > 3) 8297 return -EINVAL; 8298 } else { 8299 key.p.key_len = 0; 8300 key.p.key = NULL; 8301 } 8302 8303 if (key.idx >= 0) { 8304 int i; 8305 bool ok = false; 8306 8307 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 8308 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 8309 ok = true; 8310 break; 8311 } 8312 } 8313 if (!ok) 8314 return -EINVAL; 8315 } 8316 8317 if (!rdev->ops->auth) 8318 return -EOPNOTSUPP; 8319 8320 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 8321 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 8322 return -EOPNOTSUPP; 8323 8324 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 8325 chan = nl80211_get_valid_chan(&rdev->wiphy, 8326 info->attrs[NL80211_ATTR_WIPHY_FREQ]); 8327 if (!chan) 8328 return -EINVAL; 8329 8330 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 8331 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 8332 8333 if (info->attrs[NL80211_ATTR_IE]) { 8334 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 8335 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 8336 } 8337 8338 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 8339 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE)) 8340 return -EINVAL; 8341 8342 if ((auth_type == NL80211_AUTHTYPE_SAE || 8343 auth_type == NL80211_AUTHTYPE_FILS_SK || 8344 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 8345 auth_type == NL80211_AUTHTYPE_FILS_PK) && 8346 !info->attrs[NL80211_ATTR_AUTH_DATA]) 8347 return -EINVAL; 8348 8349 if (info->attrs[NL80211_ATTR_AUTH_DATA]) { 8350 if (auth_type != NL80211_AUTHTYPE_SAE && 8351 auth_type != NL80211_AUTHTYPE_FILS_SK && 8352 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS && 8353 auth_type != NL80211_AUTHTYPE_FILS_PK) 8354 return -EINVAL; 8355 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]); 8356 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]); 8357 /* need to include at least Auth Transaction and Status Code */ 8358 if (auth_data_len < 4) 8359 return -EINVAL; 8360 } 8361 8362 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 8363 8364 /* 8365 * Since we no longer track auth state, ignore 8366 * requests to only change local state. 8367 */ 8368 if (local_state_change) 8369 return 0; 8370 8371 wdev_lock(dev->ieee80211_ptr); 8372 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 8373 ssid, ssid_len, ie, ie_len, 8374 key.p.key, key.p.key_len, key.idx, 8375 auth_data, auth_data_len); 8376 wdev_unlock(dev->ieee80211_ptr); 8377 return err; 8378 } 8379 8380 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev, 8381 struct genl_info *info) 8382 { 8383 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 8384 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set"); 8385 return -EINVAL; 8386 } 8387 8388 if (!rdev->ops->tx_control_port || 8389 !wiphy_ext_feature_isset(&rdev->wiphy, 8390 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) 8391 return -EOPNOTSUPP; 8392 8393 return 0; 8394 } 8395 8396 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 8397 struct genl_info *info, 8398 struct cfg80211_crypto_settings *settings, 8399 int cipher_limit) 8400 { 8401 memset(settings, 0, sizeof(*settings)); 8402 8403 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 8404 8405 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 8406 u16 proto; 8407 8408 proto = nla_get_u16( 8409 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 8410 settings->control_port_ethertype = cpu_to_be16(proto); 8411 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 8412 proto != ETH_P_PAE) 8413 return -EINVAL; 8414 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 8415 settings->control_port_no_encrypt = true; 8416 } else 8417 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 8418 8419 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { 8420 int r = validate_pae_over_nl80211(rdev, info); 8421 8422 if (r < 0) 8423 return r; 8424 8425 settings->control_port_over_nl80211 = true; 8426 } 8427 8428 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 8429 void *data; 8430 int len, i; 8431 8432 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 8433 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 8434 settings->n_ciphers_pairwise = len / sizeof(u32); 8435 8436 if (len % sizeof(u32)) 8437 return -EINVAL; 8438 8439 if (settings->n_ciphers_pairwise > cipher_limit) 8440 return -EINVAL; 8441 8442 memcpy(settings->ciphers_pairwise, data, len); 8443 8444 for (i = 0; i < settings->n_ciphers_pairwise; i++) 8445 if (!cfg80211_supported_cipher_suite( 8446 &rdev->wiphy, 8447 settings->ciphers_pairwise[i])) 8448 return -EINVAL; 8449 } 8450 8451 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 8452 settings->cipher_group = 8453 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 8454 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 8455 settings->cipher_group)) 8456 return -EINVAL; 8457 } 8458 8459 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 8460 settings->wpa_versions = 8461 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 8462 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 8463 return -EINVAL; 8464 } 8465 8466 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 8467 void *data; 8468 int len; 8469 8470 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 8471 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 8472 settings->n_akm_suites = len / sizeof(u32); 8473 8474 if (len % sizeof(u32)) 8475 return -EINVAL; 8476 8477 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) 8478 return -EINVAL; 8479 8480 memcpy(settings->akm_suites, data, len); 8481 } 8482 8483 if (info->attrs[NL80211_ATTR_PMK]) { 8484 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN) 8485 return -EINVAL; 8486 if (!wiphy_ext_feature_isset(&rdev->wiphy, 8487 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK)) 8488 return -EINVAL; 8489 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]); 8490 } 8491 8492 return 0; 8493 } 8494 8495 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 8496 { 8497 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8498 struct net_device *dev = info->user_ptr[1]; 8499 struct ieee80211_channel *chan; 8500 struct cfg80211_assoc_request req = {}; 8501 const u8 *bssid, *ssid; 8502 int err, ssid_len = 0; 8503 8504 if (dev->ieee80211_ptr->conn_owner_nlportid && 8505 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 8506 return -EPERM; 8507 8508 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 8509 return -EINVAL; 8510 8511 if (!info->attrs[NL80211_ATTR_MAC] || 8512 !info->attrs[NL80211_ATTR_SSID] || 8513 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 8514 return -EINVAL; 8515 8516 if (!rdev->ops->assoc) 8517 return -EOPNOTSUPP; 8518 8519 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 8520 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 8521 return -EOPNOTSUPP; 8522 8523 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 8524 8525 chan = nl80211_get_valid_chan(&rdev->wiphy, 8526 info->attrs[NL80211_ATTR_WIPHY_FREQ]); 8527 if (!chan) 8528 return -EINVAL; 8529 8530 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 8531 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 8532 8533 if (info->attrs[NL80211_ATTR_IE]) { 8534 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 8535 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 8536 } 8537 8538 if (info->attrs[NL80211_ATTR_USE_MFP]) { 8539 enum nl80211_mfp mfp = 8540 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 8541 if (mfp == NL80211_MFP_REQUIRED) 8542 req.use_mfp = true; 8543 else if (mfp != NL80211_MFP_NO) 8544 return -EINVAL; 8545 } 8546 8547 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 8548 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 8549 8550 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 8551 req.flags |= ASSOC_REQ_DISABLE_HT; 8552 8553 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 8554 memcpy(&req.ht_capa_mask, 8555 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 8556 sizeof(req.ht_capa_mask)); 8557 8558 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 8559 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 8560 return -EINVAL; 8561 memcpy(&req.ht_capa, 8562 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 8563 sizeof(req.ht_capa)); 8564 } 8565 8566 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT])) 8567 req.flags |= ASSOC_REQ_DISABLE_VHT; 8568 8569 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 8570 memcpy(&req.vht_capa_mask, 8571 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]), 8572 sizeof(req.vht_capa_mask)); 8573 8574 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) { 8575 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 8576 return -EINVAL; 8577 memcpy(&req.vht_capa, 8578 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]), 8579 sizeof(req.vht_capa)); 8580 } 8581 8582 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) { 8583 if (!((rdev->wiphy.features & 8584 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) && 8585 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) && 8586 !wiphy_ext_feature_isset(&rdev->wiphy, 8587 NL80211_EXT_FEATURE_RRM)) 8588 return -EINVAL; 8589 req.flags |= ASSOC_REQ_USE_RRM; 8590 } 8591 8592 if (info->attrs[NL80211_ATTR_FILS_KEK]) { 8593 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]); 8594 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]); 8595 if (!info->attrs[NL80211_ATTR_FILS_NONCES]) 8596 return -EINVAL; 8597 req.fils_nonces = 8598 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]); 8599 } 8600 8601 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1); 8602 if (!err) { 8603 wdev_lock(dev->ieee80211_ptr); 8604 8605 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, 8606 ssid, ssid_len, &req); 8607 8608 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 8609 dev->ieee80211_ptr->conn_owner_nlportid = 8610 info->snd_portid; 8611 memcpy(dev->ieee80211_ptr->disconnect_bssid, 8612 bssid, ETH_ALEN); 8613 } 8614 8615 wdev_unlock(dev->ieee80211_ptr); 8616 } 8617 8618 return err; 8619 } 8620 8621 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 8622 { 8623 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8624 struct net_device *dev = info->user_ptr[1]; 8625 const u8 *ie = NULL, *bssid; 8626 int ie_len = 0, err; 8627 u16 reason_code; 8628 bool local_state_change; 8629 8630 if (dev->ieee80211_ptr->conn_owner_nlportid && 8631 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 8632 return -EPERM; 8633 8634 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 8635 return -EINVAL; 8636 8637 if (!info->attrs[NL80211_ATTR_MAC]) 8638 return -EINVAL; 8639 8640 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 8641 return -EINVAL; 8642 8643 if (!rdev->ops->deauth) 8644 return -EOPNOTSUPP; 8645 8646 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 8647 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 8648 return -EOPNOTSUPP; 8649 8650 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 8651 8652 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 8653 if (reason_code == 0) { 8654 /* Reason Code 0 is reserved */ 8655 return -EINVAL; 8656 } 8657 8658 if (info->attrs[NL80211_ATTR_IE]) { 8659 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 8660 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 8661 } 8662 8663 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 8664 8665 wdev_lock(dev->ieee80211_ptr); 8666 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 8667 local_state_change); 8668 wdev_unlock(dev->ieee80211_ptr); 8669 return err; 8670 } 8671 8672 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 8673 { 8674 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8675 struct net_device *dev = info->user_ptr[1]; 8676 const u8 *ie = NULL, *bssid; 8677 int ie_len = 0, err; 8678 u16 reason_code; 8679 bool local_state_change; 8680 8681 if (dev->ieee80211_ptr->conn_owner_nlportid && 8682 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 8683 return -EPERM; 8684 8685 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 8686 return -EINVAL; 8687 8688 if (!info->attrs[NL80211_ATTR_MAC]) 8689 return -EINVAL; 8690 8691 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 8692 return -EINVAL; 8693 8694 if (!rdev->ops->disassoc) 8695 return -EOPNOTSUPP; 8696 8697 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 8698 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 8699 return -EOPNOTSUPP; 8700 8701 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 8702 8703 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 8704 if (reason_code == 0) { 8705 /* Reason Code 0 is reserved */ 8706 return -EINVAL; 8707 } 8708 8709 if (info->attrs[NL80211_ATTR_IE]) { 8710 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 8711 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 8712 } 8713 8714 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 8715 8716 wdev_lock(dev->ieee80211_ptr); 8717 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 8718 local_state_change); 8719 wdev_unlock(dev->ieee80211_ptr); 8720 return err; 8721 } 8722 8723 static bool 8724 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 8725 int mcast_rate[NUM_NL80211_BANDS], 8726 int rateval) 8727 { 8728 struct wiphy *wiphy = &rdev->wiphy; 8729 bool found = false; 8730 int band, i; 8731 8732 for (band = 0; band < NUM_NL80211_BANDS; band++) { 8733 struct ieee80211_supported_band *sband; 8734 8735 sband = wiphy->bands[band]; 8736 if (!sband) 8737 continue; 8738 8739 for (i = 0; i < sband->n_bitrates; i++) { 8740 if (sband->bitrates[i].bitrate == rateval) { 8741 mcast_rate[band] = i + 1; 8742 found = true; 8743 break; 8744 } 8745 } 8746 } 8747 8748 return found; 8749 } 8750 8751 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 8752 { 8753 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8754 struct net_device *dev = info->user_ptr[1]; 8755 struct cfg80211_ibss_params ibss; 8756 struct wiphy *wiphy; 8757 struct cfg80211_cached_keys *connkeys = NULL; 8758 int err; 8759 8760 memset(&ibss, 0, sizeof(ibss)); 8761 8762 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 8763 return -EINVAL; 8764 8765 if (!info->attrs[NL80211_ATTR_SSID] || 8766 !nla_len(info->attrs[NL80211_ATTR_SSID])) 8767 return -EINVAL; 8768 8769 ibss.beacon_interval = 100; 8770 8771 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) 8772 ibss.beacon_interval = 8773 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 8774 8775 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC, 8776 ibss.beacon_interval); 8777 if (err) 8778 return err; 8779 8780 if (!rdev->ops->join_ibss) 8781 return -EOPNOTSUPP; 8782 8783 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 8784 return -EOPNOTSUPP; 8785 8786 wiphy = &rdev->wiphy; 8787 8788 if (info->attrs[NL80211_ATTR_MAC]) { 8789 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 8790 8791 if (!is_valid_ether_addr(ibss.bssid)) 8792 return -EINVAL; 8793 } 8794 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 8795 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 8796 8797 if (info->attrs[NL80211_ATTR_IE]) { 8798 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 8799 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 8800 } 8801 8802 err = nl80211_parse_chandef(rdev, info, &ibss.chandef); 8803 if (err) 8804 return err; 8805 8806 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef, 8807 NL80211_IFTYPE_ADHOC)) 8808 return -EINVAL; 8809 8810 switch (ibss.chandef.width) { 8811 case NL80211_CHAN_WIDTH_5: 8812 case NL80211_CHAN_WIDTH_10: 8813 case NL80211_CHAN_WIDTH_20_NOHT: 8814 break; 8815 case NL80211_CHAN_WIDTH_20: 8816 case NL80211_CHAN_WIDTH_40: 8817 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)) 8818 return -EINVAL; 8819 break; 8820 case NL80211_CHAN_WIDTH_80: 8821 case NL80211_CHAN_WIDTH_80P80: 8822 case NL80211_CHAN_WIDTH_160: 8823 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)) 8824 return -EINVAL; 8825 if (!wiphy_ext_feature_isset(&rdev->wiphy, 8826 NL80211_EXT_FEATURE_VHT_IBSS)) 8827 return -EINVAL; 8828 break; 8829 default: 8830 return -EINVAL; 8831 } 8832 8833 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 8834 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 8835 8836 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 8837 u8 *rates = 8838 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 8839 int n_rates = 8840 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 8841 struct ieee80211_supported_band *sband = 8842 wiphy->bands[ibss.chandef.chan->band]; 8843 8844 err = ieee80211_get_ratemask(sband, rates, n_rates, 8845 &ibss.basic_rates); 8846 if (err) 8847 return err; 8848 } 8849 8850 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 8851 memcpy(&ibss.ht_capa_mask, 8852 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 8853 sizeof(ibss.ht_capa_mask)); 8854 8855 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 8856 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 8857 return -EINVAL; 8858 memcpy(&ibss.ht_capa, 8859 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 8860 sizeof(ibss.ht_capa)); 8861 } 8862 8863 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 8864 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 8865 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 8866 return -EINVAL; 8867 8868 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 8869 bool no_ht = false; 8870 8871 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht); 8872 if (IS_ERR(connkeys)) 8873 return PTR_ERR(connkeys); 8874 8875 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) && 8876 no_ht) { 8877 kzfree(connkeys); 8878 return -EINVAL; 8879 } 8880 } 8881 8882 ibss.control_port = 8883 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 8884 8885 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { 8886 int r = validate_pae_over_nl80211(rdev, info); 8887 8888 if (r < 0) 8889 return r; 8890 8891 ibss.control_port_over_nl80211 = true; 8892 } 8893 8894 ibss.userspace_handles_dfs = 8895 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); 8896 8897 wdev_lock(dev->ieee80211_ptr); 8898 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 8899 if (err) 8900 kzfree(connkeys); 8901 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 8902 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; 8903 wdev_unlock(dev->ieee80211_ptr); 8904 8905 return err; 8906 } 8907 8908 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 8909 { 8910 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8911 struct net_device *dev = info->user_ptr[1]; 8912 8913 if (!rdev->ops->leave_ibss) 8914 return -EOPNOTSUPP; 8915 8916 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 8917 return -EOPNOTSUPP; 8918 8919 return cfg80211_leave_ibss(rdev, dev, false); 8920 } 8921 8922 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info) 8923 { 8924 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8925 struct net_device *dev = info->user_ptr[1]; 8926 int mcast_rate[NUM_NL80211_BANDS]; 8927 u32 nla_rate; 8928 int err; 8929 8930 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 8931 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 8932 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB) 8933 return -EOPNOTSUPP; 8934 8935 if (!rdev->ops->set_mcast_rate) 8936 return -EOPNOTSUPP; 8937 8938 memset(mcast_rate, 0, sizeof(mcast_rate)); 8939 8940 if (!info->attrs[NL80211_ATTR_MCAST_RATE]) 8941 return -EINVAL; 8942 8943 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]); 8944 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate)) 8945 return -EINVAL; 8946 8947 err = rdev_set_mcast_rate(rdev, dev, mcast_rate); 8948 8949 return err; 8950 } 8951 8952 static struct sk_buff * 8953 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev, 8954 struct wireless_dev *wdev, int approxlen, 8955 u32 portid, u32 seq, enum nl80211_commands cmd, 8956 enum nl80211_attrs attr, 8957 const struct nl80211_vendor_cmd_info *info, 8958 gfp_t gfp) 8959 { 8960 struct sk_buff *skb; 8961 void *hdr; 8962 struct nlattr *data; 8963 8964 skb = nlmsg_new(approxlen + 100, gfp); 8965 if (!skb) 8966 return NULL; 8967 8968 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd); 8969 if (!hdr) { 8970 kfree_skb(skb); 8971 return NULL; 8972 } 8973 8974 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 8975 goto nla_put_failure; 8976 8977 if (info) { 8978 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID, 8979 info->vendor_id)) 8980 goto nla_put_failure; 8981 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD, 8982 info->subcmd)) 8983 goto nla_put_failure; 8984 } 8985 8986 if (wdev) { 8987 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV, 8988 wdev_id(wdev), NL80211_ATTR_PAD)) 8989 goto nla_put_failure; 8990 if (wdev->netdev && 8991 nla_put_u32(skb, NL80211_ATTR_IFINDEX, 8992 wdev->netdev->ifindex)) 8993 goto nla_put_failure; 8994 } 8995 8996 data = nla_nest_start(skb, attr); 8997 if (!data) 8998 goto nla_put_failure; 8999 9000 ((void **)skb->cb)[0] = rdev; 9001 ((void **)skb->cb)[1] = hdr; 9002 ((void **)skb->cb)[2] = data; 9003 9004 return skb; 9005 9006 nla_put_failure: 9007 kfree_skb(skb); 9008 return NULL; 9009 } 9010 9011 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy, 9012 struct wireless_dev *wdev, 9013 enum nl80211_commands cmd, 9014 enum nl80211_attrs attr, 9015 int vendor_event_idx, 9016 int approxlen, gfp_t gfp) 9017 { 9018 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 9019 const struct nl80211_vendor_cmd_info *info; 9020 9021 switch (cmd) { 9022 case NL80211_CMD_TESTMODE: 9023 if (WARN_ON(vendor_event_idx != -1)) 9024 return NULL; 9025 info = NULL; 9026 break; 9027 case NL80211_CMD_VENDOR: 9028 if (WARN_ON(vendor_event_idx < 0 || 9029 vendor_event_idx >= wiphy->n_vendor_events)) 9030 return NULL; 9031 info = &wiphy->vendor_events[vendor_event_idx]; 9032 break; 9033 default: 9034 WARN_ON(1); 9035 return NULL; 9036 } 9037 9038 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0, 9039 cmd, attr, info, gfp); 9040 } 9041 EXPORT_SYMBOL(__cfg80211_alloc_event_skb); 9042 9043 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp) 9044 { 9045 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 9046 void *hdr = ((void **)skb->cb)[1]; 9047 struct nlattr *data = ((void **)skb->cb)[2]; 9048 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE; 9049 9050 /* clear CB data for netlink core to own from now on */ 9051 memset(skb->cb, 0, sizeof(skb->cb)); 9052 9053 nla_nest_end(skb, data); 9054 genlmsg_end(skb, hdr); 9055 9056 if (data->nla_type == NL80211_ATTR_VENDOR_DATA) 9057 mcgrp = NL80211_MCGRP_VENDOR; 9058 9059 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0, 9060 mcgrp, gfp); 9061 } 9062 EXPORT_SYMBOL(__cfg80211_send_event_skb); 9063 9064 #ifdef CONFIG_NL80211_TESTMODE 9065 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 9066 { 9067 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9068 struct wireless_dev *wdev = 9069 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs); 9070 int err; 9071 9072 if (!rdev->ops->testmode_cmd) 9073 return -EOPNOTSUPP; 9074 9075 if (IS_ERR(wdev)) { 9076 err = PTR_ERR(wdev); 9077 if (err != -EINVAL) 9078 return err; 9079 wdev = NULL; 9080 } else if (wdev->wiphy != &rdev->wiphy) { 9081 return -EINVAL; 9082 } 9083 9084 if (!info->attrs[NL80211_ATTR_TESTDATA]) 9085 return -EINVAL; 9086 9087 rdev->cur_cmd_info = info; 9088 err = rdev_testmode_cmd(rdev, wdev, 9089 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 9090 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 9091 rdev->cur_cmd_info = NULL; 9092 9093 return err; 9094 } 9095 9096 static int nl80211_testmode_dump(struct sk_buff *skb, 9097 struct netlink_callback *cb) 9098 { 9099 struct cfg80211_registered_device *rdev; 9100 int err; 9101 long phy_idx; 9102 void *data = NULL; 9103 int data_len = 0; 9104 9105 rtnl_lock(); 9106 9107 if (cb->args[0]) { 9108 /* 9109 * 0 is a valid index, but not valid for args[0], 9110 * so we need to offset by 1. 9111 */ 9112 phy_idx = cb->args[0] - 1; 9113 9114 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 9115 if (!rdev) { 9116 err = -ENOENT; 9117 goto out_err; 9118 } 9119 } else { 9120 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam); 9121 9122 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 9123 attrbuf, nl80211_fam.maxattr, 9124 nl80211_policy, NULL); 9125 if (err) 9126 goto out_err; 9127 9128 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf); 9129 if (IS_ERR(rdev)) { 9130 err = PTR_ERR(rdev); 9131 goto out_err; 9132 } 9133 phy_idx = rdev->wiphy_idx; 9134 9135 if (attrbuf[NL80211_ATTR_TESTDATA]) 9136 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA]; 9137 } 9138 9139 if (cb->args[1]) { 9140 data = nla_data((void *)cb->args[1]); 9141 data_len = nla_len((void *)cb->args[1]); 9142 } 9143 9144 if (!rdev->ops->testmode_dump) { 9145 err = -EOPNOTSUPP; 9146 goto out_err; 9147 } 9148 9149 while (1) { 9150 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 9151 cb->nlh->nlmsg_seq, NLM_F_MULTI, 9152 NL80211_CMD_TESTMODE); 9153 struct nlattr *tmdata; 9154 9155 if (!hdr) 9156 break; 9157 9158 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 9159 genlmsg_cancel(skb, hdr); 9160 break; 9161 } 9162 9163 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 9164 if (!tmdata) { 9165 genlmsg_cancel(skb, hdr); 9166 break; 9167 } 9168 err = rdev_testmode_dump(rdev, skb, cb, data, data_len); 9169 nla_nest_end(skb, tmdata); 9170 9171 if (err == -ENOBUFS || err == -ENOENT) { 9172 genlmsg_cancel(skb, hdr); 9173 break; 9174 } else if (err) { 9175 genlmsg_cancel(skb, hdr); 9176 goto out_err; 9177 } 9178 9179 genlmsg_end(skb, hdr); 9180 } 9181 9182 err = skb->len; 9183 /* see above */ 9184 cb->args[0] = phy_idx + 1; 9185 out_err: 9186 rtnl_unlock(); 9187 return err; 9188 } 9189 #endif 9190 9191 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 9192 { 9193 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9194 struct net_device *dev = info->user_ptr[1]; 9195 struct cfg80211_connect_params connect; 9196 struct wiphy *wiphy; 9197 struct cfg80211_cached_keys *connkeys = NULL; 9198 int err; 9199 9200 memset(&connect, 0, sizeof(connect)); 9201 9202 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 9203 return -EINVAL; 9204 9205 if (!info->attrs[NL80211_ATTR_SSID] || 9206 !nla_len(info->attrs[NL80211_ATTR_SSID])) 9207 return -EINVAL; 9208 9209 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 9210 connect.auth_type = 9211 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 9212 if (!nl80211_valid_auth_type(rdev, connect.auth_type, 9213 NL80211_CMD_CONNECT)) 9214 return -EINVAL; 9215 } else 9216 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 9217 9218 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 9219 9220 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] && 9221 !wiphy_ext_feature_isset(&rdev->wiphy, 9222 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) 9223 return -EINVAL; 9224 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS]; 9225 9226 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 9227 NL80211_MAX_NR_CIPHER_SUITES); 9228 if (err) 9229 return err; 9230 9231 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 9232 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 9233 return -EOPNOTSUPP; 9234 9235 wiphy = &rdev->wiphy; 9236 9237 connect.bg_scan_period = -1; 9238 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 9239 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 9240 connect.bg_scan_period = 9241 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 9242 } 9243 9244 if (info->attrs[NL80211_ATTR_MAC]) 9245 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 9246 else if (info->attrs[NL80211_ATTR_MAC_HINT]) 9247 connect.bssid_hint = 9248 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]); 9249 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 9250 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 9251 9252 if (info->attrs[NL80211_ATTR_IE]) { 9253 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 9254 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 9255 } 9256 9257 if (info->attrs[NL80211_ATTR_USE_MFP]) { 9258 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 9259 if (connect.mfp == NL80211_MFP_OPTIONAL && 9260 !wiphy_ext_feature_isset(&rdev->wiphy, 9261 NL80211_EXT_FEATURE_MFP_OPTIONAL)) 9262 return -EOPNOTSUPP; 9263 9264 if (connect.mfp != NL80211_MFP_REQUIRED && 9265 connect.mfp != NL80211_MFP_NO && 9266 connect.mfp != NL80211_MFP_OPTIONAL) 9267 return -EINVAL; 9268 } else { 9269 connect.mfp = NL80211_MFP_NO; 9270 } 9271 9272 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 9273 connect.prev_bssid = 9274 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 9275 9276 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 9277 connect.channel = nl80211_get_valid_chan( 9278 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]); 9279 if (!connect.channel) 9280 return -EINVAL; 9281 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) { 9282 connect.channel_hint = nl80211_get_valid_chan( 9283 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]); 9284 if (!connect.channel_hint) 9285 return -EINVAL; 9286 } 9287 9288 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 9289 connkeys = nl80211_parse_connkeys(rdev, info, NULL); 9290 if (IS_ERR(connkeys)) 9291 return PTR_ERR(connkeys); 9292 } 9293 9294 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 9295 connect.flags |= ASSOC_REQ_DISABLE_HT; 9296 9297 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 9298 memcpy(&connect.ht_capa_mask, 9299 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 9300 sizeof(connect.ht_capa_mask)); 9301 9302 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 9303 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) { 9304 kzfree(connkeys); 9305 return -EINVAL; 9306 } 9307 memcpy(&connect.ht_capa, 9308 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 9309 sizeof(connect.ht_capa)); 9310 } 9311 9312 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT])) 9313 connect.flags |= ASSOC_REQ_DISABLE_VHT; 9314 9315 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 9316 memcpy(&connect.vht_capa_mask, 9317 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]), 9318 sizeof(connect.vht_capa_mask)); 9319 9320 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) { 9321 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) { 9322 kzfree(connkeys); 9323 return -EINVAL; 9324 } 9325 memcpy(&connect.vht_capa, 9326 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]), 9327 sizeof(connect.vht_capa)); 9328 } 9329 9330 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) { 9331 if (!((rdev->wiphy.features & 9332 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) && 9333 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) && 9334 !wiphy_ext_feature_isset(&rdev->wiphy, 9335 NL80211_EXT_FEATURE_RRM)) { 9336 kzfree(connkeys); 9337 return -EINVAL; 9338 } 9339 connect.flags |= ASSOC_REQ_USE_RRM; 9340 } 9341 9342 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]); 9343 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) { 9344 kzfree(connkeys); 9345 return -EOPNOTSUPP; 9346 } 9347 9348 if (info->attrs[NL80211_ATTR_BSS_SELECT]) { 9349 /* bss selection makes no sense if bssid is set */ 9350 if (connect.bssid) { 9351 kzfree(connkeys); 9352 return -EINVAL; 9353 } 9354 9355 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT], 9356 wiphy, &connect.bss_select); 9357 if (err) { 9358 kzfree(connkeys); 9359 return err; 9360 } 9361 } 9362 9363 if (wiphy_ext_feature_isset(&rdev->wiphy, 9364 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) && 9365 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] && 9366 info->attrs[NL80211_ATTR_FILS_ERP_REALM] && 9367 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] && 9368 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 9369 connect.fils_erp_username = 9370 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 9371 connect.fils_erp_username_len = 9372 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 9373 connect.fils_erp_realm = 9374 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 9375 connect.fils_erp_realm_len = 9376 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 9377 connect.fils_erp_next_seq_num = 9378 nla_get_u16( 9379 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]); 9380 connect.fils_erp_rrk = 9381 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 9382 connect.fils_erp_rrk_len = 9383 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 9384 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] || 9385 info->attrs[NL80211_ATTR_FILS_ERP_REALM] || 9386 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] || 9387 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 9388 kzfree(connkeys); 9389 return -EINVAL; 9390 } 9391 9392 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) { 9393 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 9394 kzfree(connkeys); 9395 GENL_SET_ERR_MSG(info, 9396 "external auth requires connection ownership"); 9397 return -EINVAL; 9398 } 9399 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT; 9400 } 9401 9402 wdev_lock(dev->ieee80211_ptr); 9403 9404 err = cfg80211_connect(rdev, dev, &connect, connkeys, 9405 connect.prev_bssid); 9406 if (err) 9407 kzfree(connkeys); 9408 9409 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 9410 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; 9411 if (connect.bssid) 9412 memcpy(dev->ieee80211_ptr->disconnect_bssid, 9413 connect.bssid, ETH_ALEN); 9414 else 9415 memset(dev->ieee80211_ptr->disconnect_bssid, 9416 0, ETH_ALEN); 9417 } 9418 9419 wdev_unlock(dev->ieee80211_ptr); 9420 9421 return err; 9422 } 9423 9424 static int nl80211_update_connect_params(struct sk_buff *skb, 9425 struct genl_info *info) 9426 { 9427 struct cfg80211_connect_params connect = {}; 9428 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9429 struct net_device *dev = info->user_ptr[1]; 9430 struct wireless_dev *wdev = dev->ieee80211_ptr; 9431 bool fils_sk_offload; 9432 u32 auth_type; 9433 u32 changed = 0; 9434 int ret; 9435 9436 if (!rdev->ops->update_connect_params) 9437 return -EOPNOTSUPP; 9438 9439 if (info->attrs[NL80211_ATTR_IE]) { 9440 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 9441 return -EINVAL; 9442 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 9443 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 9444 changed |= UPDATE_ASSOC_IES; 9445 } 9446 9447 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy, 9448 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD); 9449 9450 /* 9451 * when driver supports fils-sk offload all attributes must be 9452 * provided. So the else covers "fils-sk-not-all" and 9453 * "no-fils-sk-any". 9454 */ 9455 if (fils_sk_offload && 9456 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] && 9457 info->attrs[NL80211_ATTR_FILS_ERP_REALM] && 9458 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] && 9459 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 9460 connect.fils_erp_username = 9461 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 9462 connect.fils_erp_username_len = 9463 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 9464 connect.fils_erp_realm = 9465 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 9466 connect.fils_erp_realm_len = 9467 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 9468 connect.fils_erp_next_seq_num = 9469 nla_get_u16( 9470 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]); 9471 connect.fils_erp_rrk = 9472 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 9473 connect.fils_erp_rrk_len = 9474 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 9475 changed |= UPDATE_FILS_ERP_INFO; 9476 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] || 9477 info->attrs[NL80211_ATTR_FILS_ERP_REALM] || 9478 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] || 9479 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 9480 return -EINVAL; 9481 } 9482 9483 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 9484 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 9485 if (!nl80211_valid_auth_type(rdev, auth_type, 9486 NL80211_CMD_CONNECT)) 9487 return -EINVAL; 9488 9489 if (auth_type == NL80211_AUTHTYPE_FILS_SK && 9490 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO)) 9491 return -EINVAL; 9492 9493 connect.auth_type = auth_type; 9494 changed |= UPDATE_AUTH_TYPE; 9495 } 9496 9497 wdev_lock(dev->ieee80211_ptr); 9498 if (!wdev->current_bss) 9499 ret = -ENOLINK; 9500 else 9501 ret = rdev_update_connect_params(rdev, dev, &connect, changed); 9502 wdev_unlock(dev->ieee80211_ptr); 9503 9504 return ret; 9505 } 9506 9507 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 9508 { 9509 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9510 struct net_device *dev = info->user_ptr[1]; 9511 u16 reason; 9512 int ret; 9513 9514 if (dev->ieee80211_ptr->conn_owner_nlportid && 9515 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 9516 return -EPERM; 9517 9518 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 9519 reason = WLAN_REASON_DEAUTH_LEAVING; 9520 else 9521 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 9522 9523 if (reason == 0) 9524 return -EINVAL; 9525 9526 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 9527 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 9528 return -EOPNOTSUPP; 9529 9530 wdev_lock(dev->ieee80211_ptr); 9531 ret = cfg80211_disconnect(rdev, dev, reason, true); 9532 wdev_unlock(dev->ieee80211_ptr); 9533 return ret; 9534 } 9535 9536 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 9537 { 9538 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9539 struct net *net; 9540 int err; 9541 9542 if (info->attrs[NL80211_ATTR_PID]) { 9543 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 9544 9545 net = get_net_ns_by_pid(pid); 9546 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) { 9547 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]); 9548 9549 net = get_net_ns_by_fd(fd); 9550 } else { 9551 return -EINVAL; 9552 } 9553 9554 if (IS_ERR(net)) 9555 return PTR_ERR(net); 9556 9557 err = 0; 9558 9559 /* check if anything to do */ 9560 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 9561 err = cfg80211_switch_netns(rdev, net); 9562 9563 put_net(net); 9564 return err; 9565 } 9566 9567 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 9568 { 9569 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9570 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 9571 struct cfg80211_pmksa *pmksa) = NULL; 9572 struct net_device *dev = info->user_ptr[1]; 9573 struct cfg80211_pmksa pmksa; 9574 9575 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 9576 9577 if (!info->attrs[NL80211_ATTR_PMKID]) 9578 return -EINVAL; 9579 9580 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 9581 9582 if (info->attrs[NL80211_ATTR_MAC]) { 9583 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 9584 } else if (info->attrs[NL80211_ATTR_SSID] && 9585 info->attrs[NL80211_ATTR_FILS_CACHE_ID] && 9586 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA || 9587 info->attrs[NL80211_ATTR_PMK])) { 9588 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 9589 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 9590 pmksa.cache_id = 9591 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]); 9592 } else { 9593 return -EINVAL; 9594 } 9595 if (info->attrs[NL80211_ATTR_PMK]) { 9596 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]); 9597 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]); 9598 } 9599 9600 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 9601 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 9602 return -EOPNOTSUPP; 9603 9604 switch (info->genlhdr->cmd) { 9605 case NL80211_CMD_SET_PMKSA: 9606 rdev_ops = rdev->ops->set_pmksa; 9607 break; 9608 case NL80211_CMD_DEL_PMKSA: 9609 rdev_ops = rdev->ops->del_pmksa; 9610 break; 9611 default: 9612 WARN_ON(1); 9613 break; 9614 } 9615 9616 if (!rdev_ops) 9617 return -EOPNOTSUPP; 9618 9619 return rdev_ops(&rdev->wiphy, dev, &pmksa); 9620 } 9621 9622 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 9623 { 9624 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9625 struct net_device *dev = info->user_ptr[1]; 9626 9627 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 9628 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 9629 return -EOPNOTSUPP; 9630 9631 if (!rdev->ops->flush_pmksa) 9632 return -EOPNOTSUPP; 9633 9634 return rdev_flush_pmksa(rdev, dev); 9635 } 9636 9637 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 9638 { 9639 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9640 struct net_device *dev = info->user_ptr[1]; 9641 u8 action_code, dialog_token; 9642 u32 peer_capability = 0; 9643 u16 status_code; 9644 u8 *peer; 9645 bool initiator; 9646 9647 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 9648 !rdev->ops->tdls_mgmt) 9649 return -EOPNOTSUPP; 9650 9651 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 9652 !info->attrs[NL80211_ATTR_STATUS_CODE] || 9653 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 9654 !info->attrs[NL80211_ATTR_IE] || 9655 !info->attrs[NL80211_ATTR_MAC]) 9656 return -EINVAL; 9657 9658 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 9659 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 9660 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 9661 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 9662 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]); 9663 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]) 9664 peer_capability = 9665 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]); 9666 9667 return rdev_tdls_mgmt(rdev, dev, peer, action_code, 9668 dialog_token, status_code, peer_capability, 9669 initiator, 9670 nla_data(info->attrs[NL80211_ATTR_IE]), 9671 nla_len(info->attrs[NL80211_ATTR_IE])); 9672 } 9673 9674 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 9675 { 9676 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9677 struct net_device *dev = info->user_ptr[1]; 9678 enum nl80211_tdls_operation operation; 9679 u8 *peer; 9680 9681 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 9682 !rdev->ops->tdls_oper) 9683 return -EOPNOTSUPP; 9684 9685 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 9686 !info->attrs[NL80211_ATTR_MAC]) 9687 return -EINVAL; 9688 9689 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 9690 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 9691 9692 return rdev_tdls_oper(rdev, dev, peer, operation); 9693 } 9694 9695 static int nl80211_remain_on_channel(struct sk_buff *skb, 9696 struct genl_info *info) 9697 { 9698 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9699 struct wireless_dev *wdev = info->user_ptr[1]; 9700 struct cfg80211_chan_def chandef; 9701 const struct cfg80211_chan_def *compat_chandef; 9702 struct sk_buff *msg; 9703 void *hdr; 9704 u64 cookie; 9705 u32 duration; 9706 int err; 9707 9708 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 9709 !info->attrs[NL80211_ATTR_DURATION]) 9710 return -EINVAL; 9711 9712 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 9713 9714 if (!rdev->ops->remain_on_channel || 9715 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 9716 return -EOPNOTSUPP; 9717 9718 /* 9719 * We should be on that channel for at least a minimum amount of 9720 * time (10ms) but no longer than the driver supports. 9721 */ 9722 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 9723 duration > rdev->wiphy.max_remain_on_channel_duration) 9724 return -EINVAL; 9725 9726 err = nl80211_parse_chandef(rdev, info, &chandef); 9727 if (err) 9728 return err; 9729 9730 wdev_lock(wdev); 9731 if (!cfg80211_off_channel_oper_allowed(wdev) && 9732 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) { 9733 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef, 9734 &chandef); 9735 if (compat_chandef != &chandef) { 9736 wdev_unlock(wdev); 9737 return -EBUSY; 9738 } 9739 } 9740 wdev_unlock(wdev); 9741 9742 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 9743 if (!msg) 9744 return -ENOMEM; 9745 9746 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 9747 NL80211_CMD_REMAIN_ON_CHANNEL); 9748 if (!hdr) { 9749 err = -ENOBUFS; 9750 goto free_msg; 9751 } 9752 9753 err = rdev_remain_on_channel(rdev, wdev, chandef.chan, 9754 duration, &cookie); 9755 9756 if (err) 9757 goto free_msg; 9758 9759 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 9760 NL80211_ATTR_PAD)) 9761 goto nla_put_failure; 9762 9763 genlmsg_end(msg, hdr); 9764 9765 return genlmsg_reply(msg, info); 9766 9767 nla_put_failure: 9768 err = -ENOBUFS; 9769 free_msg: 9770 nlmsg_free(msg); 9771 return err; 9772 } 9773 9774 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 9775 struct genl_info *info) 9776 { 9777 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9778 struct wireless_dev *wdev = info->user_ptr[1]; 9779 u64 cookie; 9780 9781 if (!info->attrs[NL80211_ATTR_COOKIE]) 9782 return -EINVAL; 9783 9784 if (!rdev->ops->cancel_remain_on_channel) 9785 return -EOPNOTSUPP; 9786 9787 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 9788 9789 return rdev_cancel_remain_on_channel(rdev, wdev, cookie); 9790 } 9791 9792 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 9793 struct genl_info *info) 9794 { 9795 struct cfg80211_bitrate_mask mask; 9796 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9797 struct net_device *dev = info->user_ptr[1]; 9798 int err; 9799 9800 if (!rdev->ops->set_bitrate_mask) 9801 return -EOPNOTSUPP; 9802 9803 err = nl80211_parse_tx_bitrate_mask(info, &mask); 9804 if (err) 9805 return err; 9806 9807 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask); 9808 } 9809 9810 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 9811 { 9812 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9813 struct wireless_dev *wdev = info->user_ptr[1]; 9814 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 9815 9816 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 9817 return -EINVAL; 9818 9819 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 9820 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 9821 9822 switch (wdev->iftype) { 9823 case NL80211_IFTYPE_STATION: 9824 case NL80211_IFTYPE_ADHOC: 9825 case NL80211_IFTYPE_P2P_CLIENT: 9826 case NL80211_IFTYPE_AP: 9827 case NL80211_IFTYPE_AP_VLAN: 9828 case NL80211_IFTYPE_MESH_POINT: 9829 case NL80211_IFTYPE_P2P_GO: 9830 case NL80211_IFTYPE_P2P_DEVICE: 9831 break; 9832 case NL80211_IFTYPE_NAN: 9833 default: 9834 return -EOPNOTSUPP; 9835 } 9836 9837 /* not much point in registering if we can't reply */ 9838 if (!rdev->ops->mgmt_tx) 9839 return -EOPNOTSUPP; 9840 9841 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type, 9842 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 9843 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 9844 } 9845 9846 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 9847 { 9848 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9849 struct wireless_dev *wdev = info->user_ptr[1]; 9850 struct cfg80211_chan_def chandef; 9851 int err; 9852 void *hdr = NULL; 9853 u64 cookie; 9854 struct sk_buff *msg = NULL; 9855 struct cfg80211_mgmt_tx_params params = { 9856 .dont_wait_for_ack = 9857 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK], 9858 }; 9859 9860 if (!info->attrs[NL80211_ATTR_FRAME]) 9861 return -EINVAL; 9862 9863 if (!rdev->ops->mgmt_tx) 9864 return -EOPNOTSUPP; 9865 9866 switch (wdev->iftype) { 9867 case NL80211_IFTYPE_P2P_DEVICE: 9868 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 9869 return -EINVAL; 9870 case NL80211_IFTYPE_STATION: 9871 case NL80211_IFTYPE_ADHOC: 9872 case NL80211_IFTYPE_P2P_CLIENT: 9873 case NL80211_IFTYPE_AP: 9874 case NL80211_IFTYPE_AP_VLAN: 9875 case NL80211_IFTYPE_MESH_POINT: 9876 case NL80211_IFTYPE_P2P_GO: 9877 break; 9878 case NL80211_IFTYPE_NAN: 9879 default: 9880 return -EOPNOTSUPP; 9881 } 9882 9883 if (info->attrs[NL80211_ATTR_DURATION]) { 9884 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 9885 return -EINVAL; 9886 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 9887 9888 /* 9889 * We should wait on the channel for at least a minimum amount 9890 * of time (10ms) but no longer than the driver supports. 9891 */ 9892 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 9893 params.wait > rdev->wiphy.max_remain_on_channel_duration) 9894 return -EINVAL; 9895 } 9896 9897 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 9898 9899 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 9900 return -EINVAL; 9901 9902 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 9903 9904 /* get the channel if any has been specified, otherwise pass NULL to 9905 * the driver. The latter will use the current one 9906 */ 9907 chandef.chan = NULL; 9908 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 9909 err = nl80211_parse_chandef(rdev, info, &chandef); 9910 if (err) 9911 return err; 9912 } 9913 9914 if (!chandef.chan && params.offchan) 9915 return -EINVAL; 9916 9917 wdev_lock(wdev); 9918 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) { 9919 wdev_unlock(wdev); 9920 return -EBUSY; 9921 } 9922 wdev_unlock(wdev); 9923 9924 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); 9925 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]); 9926 9927 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) { 9928 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]); 9929 int i; 9930 9931 if (len % sizeof(u16)) 9932 return -EINVAL; 9933 9934 params.n_csa_offsets = len / sizeof(u16); 9935 params.csa_offsets = 9936 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]); 9937 9938 /* check that all the offsets fit the frame */ 9939 for (i = 0; i < params.n_csa_offsets; i++) { 9940 if (params.csa_offsets[i] >= params.len) 9941 return -EINVAL; 9942 } 9943 } 9944 9945 if (!params.dont_wait_for_ack) { 9946 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 9947 if (!msg) 9948 return -ENOMEM; 9949 9950 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 9951 NL80211_CMD_FRAME); 9952 if (!hdr) { 9953 err = -ENOBUFS; 9954 goto free_msg; 9955 } 9956 } 9957 9958 params.chan = chandef.chan; 9959 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie); 9960 if (err) 9961 goto free_msg; 9962 9963 if (msg) { 9964 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 9965 NL80211_ATTR_PAD)) 9966 goto nla_put_failure; 9967 9968 genlmsg_end(msg, hdr); 9969 return genlmsg_reply(msg, info); 9970 } 9971 9972 return 0; 9973 9974 nla_put_failure: 9975 err = -ENOBUFS; 9976 free_msg: 9977 nlmsg_free(msg); 9978 return err; 9979 } 9980 9981 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 9982 { 9983 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9984 struct wireless_dev *wdev = info->user_ptr[1]; 9985 u64 cookie; 9986 9987 if (!info->attrs[NL80211_ATTR_COOKIE]) 9988 return -EINVAL; 9989 9990 if (!rdev->ops->mgmt_tx_cancel_wait) 9991 return -EOPNOTSUPP; 9992 9993 switch (wdev->iftype) { 9994 case NL80211_IFTYPE_STATION: 9995 case NL80211_IFTYPE_ADHOC: 9996 case NL80211_IFTYPE_P2P_CLIENT: 9997 case NL80211_IFTYPE_AP: 9998 case NL80211_IFTYPE_AP_VLAN: 9999 case NL80211_IFTYPE_P2P_GO: 10000 case NL80211_IFTYPE_P2P_DEVICE: 10001 break; 10002 case NL80211_IFTYPE_NAN: 10003 default: 10004 return -EOPNOTSUPP; 10005 } 10006 10007 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 10008 10009 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie); 10010 } 10011 10012 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 10013 { 10014 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10015 struct wireless_dev *wdev; 10016 struct net_device *dev = info->user_ptr[1]; 10017 u8 ps_state; 10018 bool state; 10019 int err; 10020 10021 if (!info->attrs[NL80211_ATTR_PS_STATE]) 10022 return -EINVAL; 10023 10024 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 10025 10026 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) 10027 return -EINVAL; 10028 10029 wdev = dev->ieee80211_ptr; 10030 10031 if (!rdev->ops->set_power_mgmt) 10032 return -EOPNOTSUPP; 10033 10034 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 10035 10036 if (state == wdev->ps) 10037 return 0; 10038 10039 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout); 10040 if (!err) 10041 wdev->ps = state; 10042 return err; 10043 } 10044 10045 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 10046 { 10047 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10048 enum nl80211_ps_state ps_state; 10049 struct wireless_dev *wdev; 10050 struct net_device *dev = info->user_ptr[1]; 10051 struct sk_buff *msg; 10052 void *hdr; 10053 int err; 10054 10055 wdev = dev->ieee80211_ptr; 10056 10057 if (!rdev->ops->set_power_mgmt) 10058 return -EOPNOTSUPP; 10059 10060 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 10061 if (!msg) 10062 return -ENOMEM; 10063 10064 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 10065 NL80211_CMD_GET_POWER_SAVE); 10066 if (!hdr) { 10067 err = -ENOBUFS; 10068 goto free_msg; 10069 } 10070 10071 if (wdev->ps) 10072 ps_state = NL80211_PS_ENABLED; 10073 else 10074 ps_state = NL80211_PS_DISABLED; 10075 10076 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state)) 10077 goto nla_put_failure; 10078 10079 genlmsg_end(msg, hdr); 10080 return genlmsg_reply(msg, info); 10081 10082 nla_put_failure: 10083 err = -ENOBUFS; 10084 free_msg: 10085 nlmsg_free(msg); 10086 return err; 10087 } 10088 10089 static const struct nla_policy 10090 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 10091 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY }, 10092 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 10093 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 10094 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 }, 10095 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 }, 10096 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 }, 10097 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 }, 10098 }; 10099 10100 static int nl80211_set_cqm_txe(struct genl_info *info, 10101 u32 rate, u32 pkts, u32 intvl) 10102 { 10103 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10104 struct net_device *dev = info->user_ptr[1]; 10105 struct wireless_dev *wdev = dev->ieee80211_ptr; 10106 10107 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL) 10108 return -EINVAL; 10109 10110 if (!rdev->ops->set_cqm_txe_config) 10111 return -EOPNOTSUPP; 10112 10113 if (wdev->iftype != NL80211_IFTYPE_STATION && 10114 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 10115 return -EOPNOTSUPP; 10116 10117 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl); 10118 } 10119 10120 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev, 10121 struct net_device *dev) 10122 { 10123 struct wireless_dev *wdev = dev->ieee80211_ptr; 10124 s32 last, low, high; 10125 u32 hyst; 10126 int i, n; 10127 int err; 10128 10129 /* RSSI reporting disabled? */ 10130 if (!wdev->cqm_config) 10131 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0); 10132 10133 /* 10134 * Obtain current RSSI value if possible, if not and no RSSI threshold 10135 * event has been received yet, we should receive an event after a 10136 * connection is established and enough beacons received to calculate 10137 * the average. 10138 */ 10139 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss && 10140 rdev->ops->get_station) { 10141 struct station_info sinfo = {}; 10142 u8 *mac_addr; 10143 10144 mac_addr = wdev->current_bss->pub.bssid; 10145 10146 err = rdev_get_station(rdev, dev, mac_addr, &sinfo); 10147 if (err) 10148 return err; 10149 10150 if (sinfo.filled & BIT(NL80211_STA_INFO_BEACON_SIGNAL_AVG)) 10151 wdev->cqm_config->last_rssi_event_value = 10152 (s8) sinfo.rx_beacon_signal_avg; 10153 } 10154 10155 last = wdev->cqm_config->last_rssi_event_value; 10156 hyst = wdev->cqm_config->rssi_hyst; 10157 n = wdev->cqm_config->n_rssi_thresholds; 10158 10159 for (i = 0; i < n; i++) 10160 if (last < wdev->cqm_config->rssi_thresholds[i]) 10161 break; 10162 10163 low = i > 0 ? 10164 (wdev->cqm_config->rssi_thresholds[i - 1] - hyst) : S32_MIN; 10165 high = i < n ? 10166 (wdev->cqm_config->rssi_thresholds[i] + hyst - 1) : S32_MAX; 10167 10168 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high); 10169 } 10170 10171 static int nl80211_set_cqm_rssi(struct genl_info *info, 10172 const s32 *thresholds, int n_thresholds, 10173 u32 hysteresis) 10174 { 10175 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10176 struct net_device *dev = info->user_ptr[1]; 10177 struct wireless_dev *wdev = dev->ieee80211_ptr; 10178 int i, err; 10179 s32 prev = S32_MIN; 10180 10181 /* Check all values negative and sorted */ 10182 for (i = 0; i < n_thresholds; i++) { 10183 if (thresholds[i] > 0 || thresholds[i] <= prev) 10184 return -EINVAL; 10185 10186 prev = thresholds[i]; 10187 } 10188 10189 if (wdev->iftype != NL80211_IFTYPE_STATION && 10190 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 10191 return -EOPNOTSUPP; 10192 10193 wdev_lock(wdev); 10194 cfg80211_cqm_config_free(wdev); 10195 wdev_unlock(wdev); 10196 10197 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) { 10198 if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */ 10199 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0); 10200 10201 return rdev_set_cqm_rssi_config(rdev, dev, 10202 thresholds[0], hysteresis); 10203 } 10204 10205 if (!wiphy_ext_feature_isset(&rdev->wiphy, 10206 NL80211_EXT_FEATURE_CQM_RSSI_LIST)) 10207 return -EOPNOTSUPP; 10208 10209 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */ 10210 n_thresholds = 0; 10211 10212 wdev_lock(wdev); 10213 if (n_thresholds) { 10214 struct cfg80211_cqm_config *cqm_config; 10215 10216 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) + 10217 n_thresholds * sizeof(s32), GFP_KERNEL); 10218 if (!cqm_config) { 10219 err = -ENOMEM; 10220 goto unlock; 10221 } 10222 10223 cqm_config->rssi_hyst = hysteresis; 10224 cqm_config->n_rssi_thresholds = n_thresholds; 10225 memcpy(cqm_config->rssi_thresholds, thresholds, 10226 n_thresholds * sizeof(s32)); 10227 10228 wdev->cqm_config = cqm_config; 10229 } 10230 10231 err = cfg80211_cqm_rssi_update(rdev, dev); 10232 10233 unlock: 10234 wdev_unlock(wdev); 10235 10236 return err; 10237 } 10238 10239 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 10240 { 10241 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 10242 struct nlattr *cqm; 10243 int err; 10244 10245 cqm = info->attrs[NL80211_ATTR_CQM]; 10246 if (!cqm) 10247 return -EINVAL; 10248 10249 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 10250 nl80211_attr_cqm_policy, info->extack); 10251 if (err) 10252 return err; 10253 10254 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 10255 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 10256 const s32 *thresholds = 10257 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 10258 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 10259 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 10260 10261 if (len % 4) 10262 return -EINVAL; 10263 10264 return nl80211_set_cqm_rssi(info, thresholds, len / 4, 10265 hysteresis); 10266 } 10267 10268 if (attrs[NL80211_ATTR_CQM_TXE_RATE] && 10269 attrs[NL80211_ATTR_CQM_TXE_PKTS] && 10270 attrs[NL80211_ATTR_CQM_TXE_INTVL]) { 10271 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]); 10272 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]); 10273 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]); 10274 10275 return nl80211_set_cqm_txe(info, rate, pkts, intvl); 10276 } 10277 10278 return -EINVAL; 10279 } 10280 10281 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info) 10282 { 10283 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10284 struct net_device *dev = info->user_ptr[1]; 10285 struct ocb_setup setup = {}; 10286 int err; 10287 10288 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 10289 if (err) 10290 return err; 10291 10292 return cfg80211_join_ocb(rdev, dev, &setup); 10293 } 10294 10295 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info) 10296 { 10297 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10298 struct net_device *dev = info->user_ptr[1]; 10299 10300 return cfg80211_leave_ocb(rdev, dev); 10301 } 10302 10303 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 10304 { 10305 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10306 struct net_device *dev = info->user_ptr[1]; 10307 struct mesh_config cfg; 10308 struct mesh_setup setup; 10309 int err; 10310 10311 /* start with default */ 10312 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 10313 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 10314 10315 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 10316 /* and parse parameters if given */ 10317 err = nl80211_parse_mesh_config(info, &cfg, NULL); 10318 if (err) 10319 return err; 10320 } 10321 10322 if (!info->attrs[NL80211_ATTR_MESH_ID] || 10323 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 10324 return -EINVAL; 10325 10326 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 10327 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 10328 10329 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 10330 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 10331 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 10332 return -EINVAL; 10333 10334 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 10335 setup.beacon_interval = 10336 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 10337 10338 err = cfg80211_validate_beacon_int(rdev, 10339 NL80211_IFTYPE_MESH_POINT, 10340 setup.beacon_interval); 10341 if (err) 10342 return err; 10343 } 10344 10345 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) { 10346 setup.dtim_period = 10347 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 10348 if (setup.dtim_period < 1 || setup.dtim_period > 100) 10349 return -EINVAL; 10350 } 10351 10352 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 10353 /* parse additional setup parameters if given */ 10354 err = nl80211_parse_mesh_setup(info, &setup); 10355 if (err) 10356 return err; 10357 } 10358 10359 if (setup.user_mpm) 10360 cfg.auto_open_plinks = false; 10361 10362 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 10363 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 10364 if (err) 10365 return err; 10366 } else { 10367 /* __cfg80211_join_mesh() will sort it out */ 10368 setup.chandef.chan = NULL; 10369 } 10370 10371 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 10372 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 10373 int n_rates = 10374 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 10375 struct ieee80211_supported_band *sband; 10376 10377 if (!setup.chandef.chan) 10378 return -EINVAL; 10379 10380 sband = rdev->wiphy.bands[setup.chandef.chan->band]; 10381 10382 err = ieee80211_get_ratemask(sband, rates, n_rates, 10383 &setup.basic_rates); 10384 if (err) 10385 return err; 10386 } 10387 10388 if (info->attrs[NL80211_ATTR_TX_RATES]) { 10389 err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate); 10390 if (err) 10391 return err; 10392 10393 if (!setup.chandef.chan) 10394 return -EINVAL; 10395 10396 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band, 10397 &setup.beacon_rate); 10398 if (err) 10399 return err; 10400 } 10401 10402 setup.userspace_handles_dfs = 10403 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); 10404 10405 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { 10406 int r = validate_pae_over_nl80211(rdev, info); 10407 10408 if (r < 0) 10409 return r; 10410 10411 setup.control_port_over_nl80211 = true; 10412 } 10413 10414 wdev_lock(dev->ieee80211_ptr); 10415 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg); 10416 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) 10417 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; 10418 wdev_unlock(dev->ieee80211_ptr); 10419 10420 return err; 10421 } 10422 10423 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 10424 { 10425 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10426 struct net_device *dev = info->user_ptr[1]; 10427 10428 return cfg80211_leave_mesh(rdev, dev); 10429 } 10430 10431 #ifdef CONFIG_PM 10432 static int nl80211_send_wowlan_patterns(struct sk_buff *msg, 10433 struct cfg80211_registered_device *rdev) 10434 { 10435 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config; 10436 struct nlattr *nl_pats, *nl_pat; 10437 int i, pat_len; 10438 10439 if (!wowlan->n_patterns) 10440 return 0; 10441 10442 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN); 10443 if (!nl_pats) 10444 return -ENOBUFS; 10445 10446 for (i = 0; i < wowlan->n_patterns; i++) { 10447 nl_pat = nla_nest_start(msg, i + 1); 10448 if (!nl_pat) 10449 return -ENOBUFS; 10450 pat_len = wowlan->patterns[i].pattern_len; 10451 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8), 10452 wowlan->patterns[i].mask) || 10453 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len, 10454 wowlan->patterns[i].pattern) || 10455 nla_put_u32(msg, NL80211_PKTPAT_OFFSET, 10456 wowlan->patterns[i].pkt_offset)) 10457 return -ENOBUFS; 10458 nla_nest_end(msg, nl_pat); 10459 } 10460 nla_nest_end(msg, nl_pats); 10461 10462 return 0; 10463 } 10464 10465 static int nl80211_send_wowlan_tcp(struct sk_buff *msg, 10466 struct cfg80211_wowlan_tcp *tcp) 10467 { 10468 struct nlattr *nl_tcp; 10469 10470 if (!tcp) 10471 return 0; 10472 10473 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION); 10474 if (!nl_tcp) 10475 return -ENOBUFS; 10476 10477 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) || 10478 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) || 10479 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) || 10480 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) || 10481 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) || 10482 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 10483 tcp->payload_len, tcp->payload) || 10484 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 10485 tcp->data_interval) || 10486 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 10487 tcp->wake_len, tcp->wake_data) || 10488 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK, 10489 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask)) 10490 return -ENOBUFS; 10491 10492 if (tcp->payload_seq.len && 10493 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ, 10494 sizeof(tcp->payload_seq), &tcp->payload_seq)) 10495 return -ENOBUFS; 10496 10497 if (tcp->payload_tok.len && 10498 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 10499 sizeof(tcp->payload_tok) + tcp->tokens_size, 10500 &tcp->payload_tok)) 10501 return -ENOBUFS; 10502 10503 nla_nest_end(msg, nl_tcp); 10504 10505 return 0; 10506 } 10507 10508 static int nl80211_send_wowlan_nd(struct sk_buff *msg, 10509 struct cfg80211_sched_scan_request *req) 10510 { 10511 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan; 10512 int i; 10513 10514 if (!req) 10515 return 0; 10516 10517 nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT); 10518 if (!nd) 10519 return -ENOBUFS; 10520 10521 if (req->n_scan_plans == 1 && 10522 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, 10523 req->scan_plans[0].interval * 1000)) 10524 return -ENOBUFS; 10525 10526 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay)) 10527 return -ENOBUFS; 10528 10529 if (req->relative_rssi_set) { 10530 struct nl80211_bss_select_rssi_adjust rssi_adjust; 10531 10532 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI, 10533 req->relative_rssi)) 10534 return -ENOBUFS; 10535 10536 rssi_adjust.band = req->rssi_adjust.band; 10537 rssi_adjust.delta = req->rssi_adjust.delta; 10538 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST, 10539 sizeof(rssi_adjust), &rssi_adjust)) 10540 return -ENOBUFS; 10541 } 10542 10543 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 10544 if (!freqs) 10545 return -ENOBUFS; 10546 10547 for (i = 0; i < req->n_channels; i++) { 10548 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 10549 return -ENOBUFS; 10550 } 10551 10552 nla_nest_end(msg, freqs); 10553 10554 if (req->n_match_sets) { 10555 matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH); 10556 if (!matches) 10557 return -ENOBUFS; 10558 10559 for (i = 0; i < req->n_match_sets; i++) { 10560 match = nla_nest_start(msg, i); 10561 if (!match) 10562 return -ENOBUFS; 10563 10564 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID, 10565 req->match_sets[i].ssid.ssid_len, 10566 req->match_sets[i].ssid.ssid)) 10567 return -ENOBUFS; 10568 nla_nest_end(msg, match); 10569 } 10570 nla_nest_end(msg, matches); 10571 } 10572 10573 scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS); 10574 if (!scan_plans) 10575 return -ENOBUFS; 10576 10577 for (i = 0; i < req->n_scan_plans; i++) { 10578 scan_plan = nla_nest_start(msg, i + 1); 10579 if (!scan_plan) 10580 return -ENOBUFS; 10581 10582 if (!scan_plan || 10583 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL, 10584 req->scan_plans[i].interval) || 10585 (req->scan_plans[i].iterations && 10586 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS, 10587 req->scan_plans[i].iterations))) 10588 return -ENOBUFS; 10589 nla_nest_end(msg, scan_plan); 10590 } 10591 nla_nest_end(msg, scan_plans); 10592 10593 nla_nest_end(msg, nd); 10594 10595 return 0; 10596 } 10597 10598 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 10599 { 10600 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10601 struct sk_buff *msg; 10602 void *hdr; 10603 u32 size = NLMSG_DEFAULT_SIZE; 10604 10605 if (!rdev->wiphy.wowlan) 10606 return -EOPNOTSUPP; 10607 10608 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) { 10609 /* adjust size to have room for all the data */ 10610 size += rdev->wiphy.wowlan_config->tcp->tokens_size + 10611 rdev->wiphy.wowlan_config->tcp->payload_len + 10612 rdev->wiphy.wowlan_config->tcp->wake_len + 10613 rdev->wiphy.wowlan_config->tcp->wake_len / 8; 10614 } 10615 10616 msg = nlmsg_new(size, GFP_KERNEL); 10617 if (!msg) 10618 return -ENOMEM; 10619 10620 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 10621 NL80211_CMD_GET_WOWLAN); 10622 if (!hdr) 10623 goto nla_put_failure; 10624 10625 if (rdev->wiphy.wowlan_config) { 10626 struct nlattr *nl_wowlan; 10627 10628 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 10629 if (!nl_wowlan) 10630 goto nla_put_failure; 10631 10632 if ((rdev->wiphy.wowlan_config->any && 10633 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 10634 (rdev->wiphy.wowlan_config->disconnect && 10635 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 10636 (rdev->wiphy.wowlan_config->magic_pkt && 10637 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 10638 (rdev->wiphy.wowlan_config->gtk_rekey_failure && 10639 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 10640 (rdev->wiphy.wowlan_config->eap_identity_req && 10641 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 10642 (rdev->wiphy.wowlan_config->four_way_handshake && 10643 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 10644 (rdev->wiphy.wowlan_config->rfkill_release && 10645 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 10646 goto nla_put_failure; 10647 10648 if (nl80211_send_wowlan_patterns(msg, rdev)) 10649 goto nla_put_failure; 10650 10651 if (nl80211_send_wowlan_tcp(msg, 10652 rdev->wiphy.wowlan_config->tcp)) 10653 goto nla_put_failure; 10654 10655 if (nl80211_send_wowlan_nd( 10656 msg, 10657 rdev->wiphy.wowlan_config->nd_config)) 10658 goto nla_put_failure; 10659 10660 nla_nest_end(msg, nl_wowlan); 10661 } 10662 10663 genlmsg_end(msg, hdr); 10664 return genlmsg_reply(msg, info); 10665 10666 nla_put_failure: 10667 nlmsg_free(msg); 10668 return -ENOBUFS; 10669 } 10670 10671 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev, 10672 struct nlattr *attr, 10673 struct cfg80211_wowlan *trig) 10674 { 10675 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP]; 10676 struct cfg80211_wowlan_tcp *cfg; 10677 struct nl80211_wowlan_tcp_data_token *tok = NULL; 10678 struct nl80211_wowlan_tcp_data_seq *seq = NULL; 10679 u32 size; 10680 u32 data_size, wake_size, tokens_size = 0, wake_mask_size; 10681 int err, port; 10682 10683 if (!rdev->wiphy.wowlan->tcp) 10684 return -EINVAL; 10685 10686 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TCP, attr, 10687 nl80211_wowlan_tcp_policy, NULL); 10688 if (err) 10689 return err; 10690 10691 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] || 10692 !tb[NL80211_WOWLAN_TCP_DST_IPV4] || 10693 !tb[NL80211_WOWLAN_TCP_DST_MAC] || 10694 !tb[NL80211_WOWLAN_TCP_DST_PORT] || 10695 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] || 10696 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] || 10697 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] || 10698 !tb[NL80211_WOWLAN_TCP_WAKE_MASK]) 10699 return -EINVAL; 10700 10701 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]); 10702 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max) 10703 return -EINVAL; 10704 10705 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) > 10706 rdev->wiphy.wowlan->tcp->data_interval_max || 10707 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0) 10708 return -EINVAL; 10709 10710 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]); 10711 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max) 10712 return -EINVAL; 10713 10714 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]); 10715 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8)) 10716 return -EINVAL; 10717 10718 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) { 10719 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 10720 10721 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 10722 tokens_size = tokln - sizeof(*tok); 10723 10724 if (!tok->len || tokens_size % tok->len) 10725 return -EINVAL; 10726 if (!rdev->wiphy.wowlan->tcp->tok) 10727 return -EINVAL; 10728 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len) 10729 return -EINVAL; 10730 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len) 10731 return -EINVAL; 10732 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize) 10733 return -EINVAL; 10734 if (tok->offset + tok->len > data_size) 10735 return -EINVAL; 10736 } 10737 10738 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) { 10739 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]); 10740 if (!rdev->wiphy.wowlan->tcp->seq) 10741 return -EINVAL; 10742 if (seq->len == 0 || seq->len > 4) 10743 return -EINVAL; 10744 if (seq->len + seq->offset > data_size) 10745 return -EINVAL; 10746 } 10747 10748 size = sizeof(*cfg); 10749 size += data_size; 10750 size += wake_size + wake_mask_size; 10751 size += tokens_size; 10752 10753 cfg = kzalloc(size, GFP_KERNEL); 10754 if (!cfg) 10755 return -ENOMEM; 10756 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]); 10757 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]); 10758 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]), 10759 ETH_ALEN); 10760 if (tb[NL80211_WOWLAN_TCP_SRC_PORT]) 10761 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]); 10762 else 10763 port = 0; 10764 #ifdef CONFIG_INET 10765 /* allocate a socket and port for it and use it */ 10766 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM, 10767 IPPROTO_TCP, &cfg->sock, 1); 10768 if (err) { 10769 kfree(cfg); 10770 return err; 10771 } 10772 if (inet_csk_get_port(cfg->sock->sk, port)) { 10773 sock_release(cfg->sock); 10774 kfree(cfg); 10775 return -EADDRINUSE; 10776 } 10777 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num; 10778 #else 10779 if (!port) { 10780 kfree(cfg); 10781 return -EINVAL; 10782 } 10783 cfg->src_port = port; 10784 #endif 10785 10786 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]); 10787 cfg->payload_len = data_size; 10788 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size; 10789 memcpy((void *)cfg->payload, 10790 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]), 10791 data_size); 10792 if (seq) 10793 cfg->payload_seq = *seq; 10794 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]); 10795 cfg->wake_len = wake_size; 10796 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size; 10797 memcpy((void *)cfg->wake_data, 10798 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]), 10799 wake_size); 10800 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size + 10801 data_size + wake_size; 10802 memcpy((void *)cfg->wake_mask, 10803 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]), 10804 wake_mask_size); 10805 if (tok) { 10806 cfg->tokens_size = tokens_size; 10807 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size); 10808 } 10809 10810 trig->tcp = cfg; 10811 10812 return 0; 10813 } 10814 10815 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev, 10816 const struct wiphy_wowlan_support *wowlan, 10817 struct nlattr *attr, 10818 struct cfg80211_wowlan *trig) 10819 { 10820 struct nlattr **tb; 10821 int err; 10822 10823 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL); 10824 if (!tb) 10825 return -ENOMEM; 10826 10827 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) { 10828 err = -EOPNOTSUPP; 10829 goto out; 10830 } 10831 10832 err = nla_parse_nested(tb, NL80211_ATTR_MAX, attr, nl80211_policy, 10833 NULL); 10834 if (err) 10835 goto out; 10836 10837 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb, 10838 wowlan->max_nd_match_sets); 10839 err = PTR_ERR_OR_ZERO(trig->nd_config); 10840 if (err) 10841 trig->nd_config = NULL; 10842 10843 out: 10844 kfree(tb); 10845 return err; 10846 } 10847 10848 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 10849 { 10850 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10851 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 10852 struct cfg80211_wowlan new_triggers = {}; 10853 struct cfg80211_wowlan *ntrig; 10854 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan; 10855 int err, i; 10856 bool prev_enabled = rdev->wiphy.wowlan_config; 10857 bool regular = false; 10858 10859 if (!wowlan) 10860 return -EOPNOTSUPP; 10861 10862 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) { 10863 cfg80211_rdev_free_wowlan(rdev); 10864 rdev->wiphy.wowlan_config = NULL; 10865 goto set_wakeup; 10866 } 10867 10868 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TRIG, 10869 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS], 10870 nl80211_wowlan_policy, info->extack); 10871 if (err) 10872 return err; 10873 10874 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 10875 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 10876 return -EINVAL; 10877 new_triggers.any = true; 10878 } 10879 10880 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 10881 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 10882 return -EINVAL; 10883 new_triggers.disconnect = true; 10884 regular = true; 10885 } 10886 10887 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 10888 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 10889 return -EINVAL; 10890 new_triggers.magic_pkt = true; 10891 regular = true; 10892 } 10893 10894 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 10895 return -EINVAL; 10896 10897 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 10898 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 10899 return -EINVAL; 10900 new_triggers.gtk_rekey_failure = true; 10901 regular = true; 10902 } 10903 10904 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 10905 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 10906 return -EINVAL; 10907 new_triggers.eap_identity_req = true; 10908 regular = true; 10909 } 10910 10911 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 10912 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 10913 return -EINVAL; 10914 new_triggers.four_way_handshake = true; 10915 regular = true; 10916 } 10917 10918 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 10919 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 10920 return -EINVAL; 10921 new_triggers.rfkill_release = true; 10922 regular = true; 10923 } 10924 10925 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 10926 struct nlattr *pat; 10927 int n_patterns = 0; 10928 int rem, pat_len, mask_len, pkt_offset; 10929 struct nlattr *pat_tb[NUM_NL80211_PKTPAT]; 10930 10931 regular = true; 10932 10933 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 10934 rem) 10935 n_patterns++; 10936 if (n_patterns > wowlan->n_patterns) 10937 return -EINVAL; 10938 10939 new_triggers.patterns = kcalloc(n_patterns, 10940 sizeof(new_triggers.patterns[0]), 10941 GFP_KERNEL); 10942 if (!new_triggers.patterns) 10943 return -ENOMEM; 10944 10945 new_triggers.n_patterns = n_patterns; 10946 i = 0; 10947 10948 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 10949 rem) { 10950 u8 *mask_pat; 10951 10952 err = nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat, 10953 nl80211_packet_pattern_policy, 10954 info->extack); 10955 if (err) 10956 goto error; 10957 10958 err = -EINVAL; 10959 if (!pat_tb[NL80211_PKTPAT_MASK] || 10960 !pat_tb[NL80211_PKTPAT_PATTERN]) 10961 goto error; 10962 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]); 10963 mask_len = DIV_ROUND_UP(pat_len, 8); 10964 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len) 10965 goto error; 10966 if (pat_len > wowlan->pattern_max_len || 10967 pat_len < wowlan->pattern_min_len) 10968 goto error; 10969 10970 if (!pat_tb[NL80211_PKTPAT_OFFSET]) 10971 pkt_offset = 0; 10972 else 10973 pkt_offset = nla_get_u32( 10974 pat_tb[NL80211_PKTPAT_OFFSET]); 10975 if (pkt_offset > wowlan->max_pkt_offset) 10976 goto error; 10977 new_triggers.patterns[i].pkt_offset = pkt_offset; 10978 10979 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL); 10980 if (!mask_pat) { 10981 err = -ENOMEM; 10982 goto error; 10983 } 10984 new_triggers.patterns[i].mask = mask_pat; 10985 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]), 10986 mask_len); 10987 mask_pat += mask_len; 10988 new_triggers.patterns[i].pattern = mask_pat; 10989 new_triggers.patterns[i].pattern_len = pat_len; 10990 memcpy(mask_pat, 10991 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), 10992 pat_len); 10993 i++; 10994 } 10995 } 10996 10997 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) { 10998 regular = true; 10999 err = nl80211_parse_wowlan_tcp( 11000 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION], 11001 &new_triggers); 11002 if (err) 11003 goto error; 11004 } 11005 11006 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) { 11007 regular = true; 11008 err = nl80211_parse_wowlan_nd( 11009 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT], 11010 &new_triggers); 11011 if (err) 11012 goto error; 11013 } 11014 11015 /* The 'any' trigger means the device continues operating more or less 11016 * as in its normal operation mode and wakes up the host on most of the 11017 * normal interrupts (like packet RX, ...) 11018 * It therefore makes little sense to combine with the more constrained 11019 * wakeup trigger modes. 11020 */ 11021 if (new_triggers.any && regular) { 11022 err = -EINVAL; 11023 goto error; 11024 } 11025 11026 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL); 11027 if (!ntrig) { 11028 err = -ENOMEM; 11029 goto error; 11030 } 11031 cfg80211_rdev_free_wowlan(rdev); 11032 rdev->wiphy.wowlan_config = ntrig; 11033 11034 set_wakeup: 11035 if (rdev->ops->set_wakeup && 11036 prev_enabled != !!rdev->wiphy.wowlan_config) 11037 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config); 11038 11039 return 0; 11040 error: 11041 for (i = 0; i < new_triggers.n_patterns; i++) 11042 kfree(new_triggers.patterns[i].mask); 11043 kfree(new_triggers.patterns); 11044 if (new_triggers.tcp && new_triggers.tcp->sock) 11045 sock_release(new_triggers.tcp->sock); 11046 kfree(new_triggers.tcp); 11047 kfree(new_triggers.nd_config); 11048 return err; 11049 } 11050 #endif 11051 11052 static int nl80211_send_coalesce_rules(struct sk_buff *msg, 11053 struct cfg80211_registered_device *rdev) 11054 { 11055 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules; 11056 int i, j, pat_len; 11057 struct cfg80211_coalesce_rules *rule; 11058 11059 if (!rdev->coalesce->n_rules) 11060 return 0; 11061 11062 nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE); 11063 if (!nl_rules) 11064 return -ENOBUFS; 11065 11066 for (i = 0; i < rdev->coalesce->n_rules; i++) { 11067 nl_rule = nla_nest_start(msg, i + 1); 11068 if (!nl_rule) 11069 return -ENOBUFS; 11070 11071 rule = &rdev->coalesce->rules[i]; 11072 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY, 11073 rule->delay)) 11074 return -ENOBUFS; 11075 11076 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION, 11077 rule->condition)) 11078 return -ENOBUFS; 11079 11080 nl_pats = nla_nest_start(msg, 11081 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN); 11082 if (!nl_pats) 11083 return -ENOBUFS; 11084 11085 for (j = 0; j < rule->n_patterns; j++) { 11086 nl_pat = nla_nest_start(msg, j + 1); 11087 if (!nl_pat) 11088 return -ENOBUFS; 11089 pat_len = rule->patterns[j].pattern_len; 11090 if (nla_put(msg, NL80211_PKTPAT_MASK, 11091 DIV_ROUND_UP(pat_len, 8), 11092 rule->patterns[j].mask) || 11093 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len, 11094 rule->patterns[j].pattern) || 11095 nla_put_u32(msg, NL80211_PKTPAT_OFFSET, 11096 rule->patterns[j].pkt_offset)) 11097 return -ENOBUFS; 11098 nla_nest_end(msg, nl_pat); 11099 } 11100 nla_nest_end(msg, nl_pats); 11101 nla_nest_end(msg, nl_rule); 11102 } 11103 nla_nest_end(msg, nl_rules); 11104 11105 return 0; 11106 } 11107 11108 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info) 11109 { 11110 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11111 struct sk_buff *msg; 11112 void *hdr; 11113 11114 if (!rdev->wiphy.coalesce) 11115 return -EOPNOTSUPP; 11116 11117 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 11118 if (!msg) 11119 return -ENOMEM; 11120 11121 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 11122 NL80211_CMD_GET_COALESCE); 11123 if (!hdr) 11124 goto nla_put_failure; 11125 11126 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev)) 11127 goto nla_put_failure; 11128 11129 genlmsg_end(msg, hdr); 11130 return genlmsg_reply(msg, info); 11131 11132 nla_put_failure: 11133 nlmsg_free(msg); 11134 return -ENOBUFS; 11135 } 11136 11137 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev) 11138 { 11139 struct cfg80211_coalesce *coalesce = rdev->coalesce; 11140 int i, j; 11141 struct cfg80211_coalesce_rules *rule; 11142 11143 if (!coalesce) 11144 return; 11145 11146 for (i = 0; i < coalesce->n_rules; i++) { 11147 rule = &coalesce->rules[i]; 11148 for (j = 0; j < rule->n_patterns; j++) 11149 kfree(rule->patterns[j].mask); 11150 kfree(rule->patterns); 11151 } 11152 kfree(coalesce->rules); 11153 kfree(coalesce); 11154 rdev->coalesce = NULL; 11155 } 11156 11157 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev, 11158 struct nlattr *rule, 11159 struct cfg80211_coalesce_rules *new_rule) 11160 { 11161 int err, i; 11162 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce; 11163 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat; 11164 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0; 11165 struct nlattr *pat_tb[NUM_NL80211_PKTPAT]; 11166 11167 err = nla_parse_nested(tb, NL80211_ATTR_COALESCE_RULE_MAX, rule, 11168 nl80211_coalesce_policy, NULL); 11169 if (err) 11170 return err; 11171 11172 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY]) 11173 new_rule->delay = 11174 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]); 11175 if (new_rule->delay > coalesce->max_delay) 11176 return -EINVAL; 11177 11178 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION]) 11179 new_rule->condition = 11180 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]); 11181 if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH && 11182 new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH) 11183 return -EINVAL; 11184 11185 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN]) 11186 return -EINVAL; 11187 11188 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN], 11189 rem) 11190 n_patterns++; 11191 if (n_patterns > coalesce->n_patterns) 11192 return -EINVAL; 11193 11194 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]), 11195 GFP_KERNEL); 11196 if (!new_rule->patterns) 11197 return -ENOMEM; 11198 11199 new_rule->n_patterns = n_patterns; 11200 i = 0; 11201 11202 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN], 11203 rem) { 11204 u8 *mask_pat; 11205 11206 err = nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat, 11207 nl80211_packet_pattern_policy, NULL); 11208 if (err) 11209 return err; 11210 11211 if (!pat_tb[NL80211_PKTPAT_MASK] || 11212 !pat_tb[NL80211_PKTPAT_PATTERN]) 11213 return -EINVAL; 11214 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]); 11215 mask_len = DIV_ROUND_UP(pat_len, 8); 11216 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len) 11217 return -EINVAL; 11218 if (pat_len > coalesce->pattern_max_len || 11219 pat_len < coalesce->pattern_min_len) 11220 return -EINVAL; 11221 11222 if (!pat_tb[NL80211_PKTPAT_OFFSET]) 11223 pkt_offset = 0; 11224 else 11225 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]); 11226 if (pkt_offset > coalesce->max_pkt_offset) 11227 return -EINVAL; 11228 new_rule->patterns[i].pkt_offset = pkt_offset; 11229 11230 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL); 11231 if (!mask_pat) 11232 return -ENOMEM; 11233 11234 new_rule->patterns[i].mask = mask_pat; 11235 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]), 11236 mask_len); 11237 11238 mask_pat += mask_len; 11239 new_rule->patterns[i].pattern = mask_pat; 11240 new_rule->patterns[i].pattern_len = pat_len; 11241 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), 11242 pat_len); 11243 i++; 11244 } 11245 11246 return 0; 11247 } 11248 11249 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info) 11250 { 11251 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11252 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce; 11253 struct cfg80211_coalesce new_coalesce = {}; 11254 struct cfg80211_coalesce *n_coalesce; 11255 int err, rem_rule, n_rules = 0, i, j; 11256 struct nlattr *rule; 11257 struct cfg80211_coalesce_rules *tmp_rule; 11258 11259 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce) 11260 return -EOPNOTSUPP; 11261 11262 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) { 11263 cfg80211_rdev_free_coalesce(rdev); 11264 rdev_set_coalesce(rdev, NULL); 11265 return 0; 11266 } 11267 11268 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE], 11269 rem_rule) 11270 n_rules++; 11271 if (n_rules > coalesce->n_rules) 11272 return -EINVAL; 11273 11274 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]), 11275 GFP_KERNEL); 11276 if (!new_coalesce.rules) 11277 return -ENOMEM; 11278 11279 new_coalesce.n_rules = n_rules; 11280 i = 0; 11281 11282 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE], 11283 rem_rule) { 11284 err = nl80211_parse_coalesce_rule(rdev, rule, 11285 &new_coalesce.rules[i]); 11286 if (err) 11287 goto error; 11288 11289 i++; 11290 } 11291 11292 err = rdev_set_coalesce(rdev, &new_coalesce); 11293 if (err) 11294 goto error; 11295 11296 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL); 11297 if (!n_coalesce) { 11298 err = -ENOMEM; 11299 goto error; 11300 } 11301 cfg80211_rdev_free_coalesce(rdev); 11302 rdev->coalesce = n_coalesce; 11303 11304 return 0; 11305 error: 11306 for (i = 0; i < new_coalesce.n_rules; i++) { 11307 tmp_rule = &new_coalesce.rules[i]; 11308 for (j = 0; j < tmp_rule->n_patterns; j++) 11309 kfree(tmp_rule->patterns[j].mask); 11310 kfree(tmp_rule->patterns); 11311 } 11312 kfree(new_coalesce.rules); 11313 11314 return err; 11315 } 11316 11317 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 11318 { 11319 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11320 struct net_device *dev = info->user_ptr[1]; 11321 struct wireless_dev *wdev = dev->ieee80211_ptr; 11322 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 11323 struct cfg80211_gtk_rekey_data rekey_data; 11324 int err; 11325 11326 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 11327 return -EINVAL; 11328 11329 err = nla_parse_nested(tb, MAX_NL80211_REKEY_DATA, 11330 info->attrs[NL80211_ATTR_REKEY_DATA], 11331 nl80211_rekey_policy, info->extack); 11332 if (err) 11333 return err; 11334 11335 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] || 11336 !tb[NL80211_REKEY_DATA_KCK]) 11337 return -EINVAL; 11338 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) 11339 return -ERANGE; 11340 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) 11341 return -ERANGE; 11342 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN) 11343 return -ERANGE; 11344 11345 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]); 11346 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]); 11347 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]); 11348 11349 wdev_lock(wdev); 11350 if (!wdev->current_bss) { 11351 err = -ENOTCONN; 11352 goto out; 11353 } 11354 11355 if (!rdev->ops->set_rekey_data) { 11356 err = -EOPNOTSUPP; 11357 goto out; 11358 } 11359 11360 err = rdev_set_rekey_data(rdev, dev, &rekey_data); 11361 out: 11362 wdev_unlock(wdev); 11363 return err; 11364 } 11365 11366 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 11367 struct genl_info *info) 11368 { 11369 struct net_device *dev = info->user_ptr[1]; 11370 struct wireless_dev *wdev = dev->ieee80211_ptr; 11371 11372 if (wdev->iftype != NL80211_IFTYPE_AP && 11373 wdev->iftype != NL80211_IFTYPE_P2P_GO) 11374 return -EINVAL; 11375 11376 if (wdev->ap_unexpected_nlportid) 11377 return -EBUSY; 11378 11379 wdev->ap_unexpected_nlportid = info->snd_portid; 11380 return 0; 11381 } 11382 11383 static int nl80211_probe_client(struct sk_buff *skb, 11384 struct genl_info *info) 11385 { 11386 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11387 struct net_device *dev = info->user_ptr[1]; 11388 struct wireless_dev *wdev = dev->ieee80211_ptr; 11389 struct sk_buff *msg; 11390 void *hdr; 11391 const u8 *addr; 11392 u64 cookie; 11393 int err; 11394 11395 if (wdev->iftype != NL80211_IFTYPE_AP && 11396 wdev->iftype != NL80211_IFTYPE_P2P_GO) 11397 return -EOPNOTSUPP; 11398 11399 if (!info->attrs[NL80211_ATTR_MAC]) 11400 return -EINVAL; 11401 11402 if (!rdev->ops->probe_client) 11403 return -EOPNOTSUPP; 11404 11405 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 11406 if (!msg) 11407 return -ENOMEM; 11408 11409 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 11410 NL80211_CMD_PROBE_CLIENT); 11411 if (!hdr) { 11412 err = -ENOBUFS; 11413 goto free_msg; 11414 } 11415 11416 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 11417 11418 err = rdev_probe_client(rdev, dev, addr, &cookie); 11419 if (err) 11420 goto free_msg; 11421 11422 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 11423 NL80211_ATTR_PAD)) 11424 goto nla_put_failure; 11425 11426 genlmsg_end(msg, hdr); 11427 11428 return genlmsg_reply(msg, info); 11429 11430 nla_put_failure: 11431 err = -ENOBUFS; 11432 free_msg: 11433 nlmsg_free(msg); 11434 return err; 11435 } 11436 11437 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 11438 { 11439 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11440 struct cfg80211_beacon_registration *reg, *nreg; 11441 int rv; 11442 11443 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 11444 return -EOPNOTSUPP; 11445 11446 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL); 11447 if (!nreg) 11448 return -ENOMEM; 11449 11450 /* First, check if already registered. */ 11451 spin_lock_bh(&rdev->beacon_registrations_lock); 11452 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 11453 if (reg->nlportid == info->snd_portid) { 11454 rv = -EALREADY; 11455 goto out_err; 11456 } 11457 } 11458 /* Add it to the list */ 11459 nreg->nlportid = info->snd_portid; 11460 list_add(&nreg->list, &rdev->beacon_registrations); 11461 11462 spin_unlock_bh(&rdev->beacon_registrations_lock); 11463 11464 return 0; 11465 out_err: 11466 spin_unlock_bh(&rdev->beacon_registrations_lock); 11467 kfree(nreg); 11468 return rv; 11469 } 11470 11471 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info) 11472 { 11473 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11474 struct wireless_dev *wdev = info->user_ptr[1]; 11475 int err; 11476 11477 if (!rdev->ops->start_p2p_device) 11478 return -EOPNOTSUPP; 11479 11480 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 11481 return -EOPNOTSUPP; 11482 11483 if (wdev_running(wdev)) 11484 return 0; 11485 11486 if (rfkill_blocked(rdev->rfkill)) 11487 return -ERFKILL; 11488 11489 err = rdev_start_p2p_device(rdev, wdev); 11490 if (err) 11491 return err; 11492 11493 wdev->is_running = true; 11494 rdev->opencount++; 11495 11496 return 0; 11497 } 11498 11499 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info) 11500 { 11501 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11502 struct wireless_dev *wdev = info->user_ptr[1]; 11503 11504 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 11505 return -EOPNOTSUPP; 11506 11507 if (!rdev->ops->stop_p2p_device) 11508 return -EOPNOTSUPP; 11509 11510 cfg80211_stop_p2p_device(rdev, wdev); 11511 11512 return 0; 11513 } 11514 11515 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info) 11516 { 11517 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11518 struct wireless_dev *wdev = info->user_ptr[1]; 11519 struct cfg80211_nan_conf conf = {}; 11520 int err; 11521 11522 if (wdev->iftype != NL80211_IFTYPE_NAN) 11523 return -EOPNOTSUPP; 11524 11525 if (wdev_running(wdev)) 11526 return -EEXIST; 11527 11528 if (rfkill_blocked(rdev->rfkill)) 11529 return -ERFKILL; 11530 11531 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) 11532 return -EINVAL; 11533 11534 conf.master_pref = 11535 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]); 11536 if (!conf.master_pref) 11537 return -EINVAL; 11538 11539 if (info->attrs[NL80211_ATTR_BANDS]) { 11540 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]); 11541 11542 if (bands & ~(u32)wdev->wiphy->nan_supported_bands) 11543 return -EOPNOTSUPP; 11544 11545 if (bands && !(bands & BIT(NL80211_BAND_2GHZ))) 11546 return -EINVAL; 11547 11548 conf.bands = bands; 11549 } 11550 11551 err = rdev_start_nan(rdev, wdev, &conf); 11552 if (err) 11553 return err; 11554 11555 wdev->is_running = true; 11556 rdev->opencount++; 11557 11558 return 0; 11559 } 11560 11561 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info) 11562 { 11563 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11564 struct wireless_dev *wdev = info->user_ptr[1]; 11565 11566 if (wdev->iftype != NL80211_IFTYPE_NAN) 11567 return -EOPNOTSUPP; 11568 11569 cfg80211_stop_nan(rdev, wdev); 11570 11571 return 0; 11572 } 11573 11574 static int validate_nan_filter(struct nlattr *filter_attr) 11575 { 11576 struct nlattr *attr; 11577 int len = 0, n_entries = 0, rem; 11578 11579 nla_for_each_nested(attr, filter_attr, rem) { 11580 len += nla_len(attr); 11581 n_entries++; 11582 } 11583 11584 if (len >= U8_MAX) 11585 return -EINVAL; 11586 11587 return n_entries; 11588 } 11589 11590 static int handle_nan_filter(struct nlattr *attr_filter, 11591 struct cfg80211_nan_func *func, 11592 bool tx) 11593 { 11594 struct nlattr *attr; 11595 int n_entries, rem, i; 11596 struct cfg80211_nan_func_filter *filter; 11597 11598 n_entries = validate_nan_filter(attr_filter); 11599 if (n_entries < 0) 11600 return n_entries; 11601 11602 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters)); 11603 11604 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL); 11605 if (!filter) 11606 return -ENOMEM; 11607 11608 i = 0; 11609 nla_for_each_nested(attr, attr_filter, rem) { 11610 filter[i].filter = nla_memdup(attr, GFP_KERNEL); 11611 filter[i].len = nla_len(attr); 11612 i++; 11613 } 11614 if (tx) { 11615 func->num_tx_filters = n_entries; 11616 func->tx_filters = filter; 11617 } else { 11618 func->num_rx_filters = n_entries; 11619 func->rx_filters = filter; 11620 } 11621 11622 return 0; 11623 } 11624 11625 static int nl80211_nan_add_func(struct sk_buff *skb, 11626 struct genl_info *info) 11627 { 11628 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11629 struct wireless_dev *wdev = info->user_ptr[1]; 11630 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr; 11631 struct cfg80211_nan_func *func; 11632 struct sk_buff *msg = NULL; 11633 void *hdr = NULL; 11634 int err = 0; 11635 11636 if (wdev->iftype != NL80211_IFTYPE_NAN) 11637 return -EOPNOTSUPP; 11638 11639 if (!wdev_running(wdev)) 11640 return -ENOTCONN; 11641 11642 if (!info->attrs[NL80211_ATTR_NAN_FUNC]) 11643 return -EINVAL; 11644 11645 err = nla_parse_nested(tb, NL80211_NAN_FUNC_ATTR_MAX, 11646 info->attrs[NL80211_ATTR_NAN_FUNC], 11647 nl80211_nan_func_policy, info->extack); 11648 if (err) 11649 return err; 11650 11651 func = kzalloc(sizeof(*func), GFP_KERNEL); 11652 if (!func) 11653 return -ENOMEM; 11654 11655 func->cookie = wdev->wiphy->cookie_counter++; 11656 11657 if (!tb[NL80211_NAN_FUNC_TYPE] || 11658 nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) { 11659 err = -EINVAL; 11660 goto out; 11661 } 11662 11663 11664 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]); 11665 11666 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) { 11667 err = -EINVAL; 11668 goto out; 11669 } 11670 11671 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]), 11672 sizeof(func->service_id)); 11673 11674 func->close_range = 11675 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]); 11676 11677 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) { 11678 func->serv_spec_info_len = 11679 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]); 11680 func->serv_spec_info = 11681 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]), 11682 func->serv_spec_info_len, 11683 GFP_KERNEL); 11684 if (!func->serv_spec_info) { 11685 err = -ENOMEM; 11686 goto out; 11687 } 11688 } 11689 11690 if (tb[NL80211_NAN_FUNC_TTL]) 11691 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]); 11692 11693 switch (func->type) { 11694 case NL80211_NAN_FUNC_PUBLISH: 11695 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) { 11696 err = -EINVAL; 11697 goto out; 11698 } 11699 11700 func->publish_type = 11701 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]); 11702 func->publish_bcast = 11703 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]); 11704 11705 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) && 11706 func->publish_bcast) { 11707 err = -EINVAL; 11708 goto out; 11709 } 11710 break; 11711 case NL80211_NAN_FUNC_SUBSCRIBE: 11712 func->subscribe_active = 11713 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]); 11714 break; 11715 case NL80211_NAN_FUNC_FOLLOW_UP: 11716 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] || 11717 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] || 11718 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) { 11719 err = -EINVAL; 11720 goto out; 11721 } 11722 11723 func->followup_id = 11724 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]); 11725 func->followup_reqid = 11726 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]); 11727 memcpy(func->followup_dest.addr, 11728 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]), 11729 sizeof(func->followup_dest.addr)); 11730 if (func->ttl) { 11731 err = -EINVAL; 11732 goto out; 11733 } 11734 break; 11735 default: 11736 err = -EINVAL; 11737 goto out; 11738 } 11739 11740 if (tb[NL80211_NAN_FUNC_SRF]) { 11741 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR]; 11742 11743 err = nla_parse_nested(srf_tb, NL80211_NAN_SRF_ATTR_MAX, 11744 tb[NL80211_NAN_FUNC_SRF], 11745 nl80211_nan_srf_policy, info->extack); 11746 if (err) 11747 goto out; 11748 11749 func->srf_include = 11750 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]); 11751 11752 if (srf_tb[NL80211_NAN_SRF_BF]) { 11753 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] || 11754 !srf_tb[NL80211_NAN_SRF_BF_IDX]) { 11755 err = -EINVAL; 11756 goto out; 11757 } 11758 11759 func->srf_bf_len = 11760 nla_len(srf_tb[NL80211_NAN_SRF_BF]); 11761 func->srf_bf = 11762 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]), 11763 func->srf_bf_len, GFP_KERNEL); 11764 if (!func->srf_bf) { 11765 err = -ENOMEM; 11766 goto out; 11767 } 11768 11769 func->srf_bf_idx = 11770 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]); 11771 } else { 11772 struct nlattr *attr, *mac_attr = 11773 srf_tb[NL80211_NAN_SRF_MAC_ADDRS]; 11774 int n_entries, rem, i = 0; 11775 11776 if (!mac_attr) { 11777 err = -EINVAL; 11778 goto out; 11779 } 11780 11781 n_entries = validate_acl_mac_addrs(mac_attr); 11782 if (n_entries <= 0) { 11783 err = -EINVAL; 11784 goto out; 11785 } 11786 11787 func->srf_num_macs = n_entries; 11788 func->srf_macs = 11789 kcalloc(n_entries, sizeof(*func->srf_macs), 11790 GFP_KERNEL); 11791 if (!func->srf_macs) { 11792 err = -ENOMEM; 11793 goto out; 11794 } 11795 11796 nla_for_each_nested(attr, mac_attr, rem) 11797 memcpy(func->srf_macs[i++].addr, nla_data(attr), 11798 sizeof(*func->srf_macs)); 11799 } 11800 } 11801 11802 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) { 11803 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER], 11804 func, true); 11805 if (err) 11806 goto out; 11807 } 11808 11809 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) { 11810 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER], 11811 func, false); 11812 if (err) 11813 goto out; 11814 } 11815 11816 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 11817 if (!msg) { 11818 err = -ENOMEM; 11819 goto out; 11820 } 11821 11822 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 11823 NL80211_CMD_ADD_NAN_FUNCTION); 11824 /* This can't really happen - we just allocated 4KB */ 11825 if (WARN_ON(!hdr)) { 11826 err = -ENOMEM; 11827 goto out; 11828 } 11829 11830 err = rdev_add_nan_func(rdev, wdev, func); 11831 out: 11832 if (err < 0) { 11833 cfg80211_free_nan_func(func); 11834 nlmsg_free(msg); 11835 return err; 11836 } 11837 11838 /* propagate the instance id and cookie to userspace */ 11839 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie, 11840 NL80211_ATTR_PAD)) 11841 goto nla_put_failure; 11842 11843 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC); 11844 if (!func_attr) 11845 goto nla_put_failure; 11846 11847 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, 11848 func->instance_id)) 11849 goto nla_put_failure; 11850 11851 nla_nest_end(msg, func_attr); 11852 11853 genlmsg_end(msg, hdr); 11854 return genlmsg_reply(msg, info); 11855 11856 nla_put_failure: 11857 nlmsg_free(msg); 11858 return -ENOBUFS; 11859 } 11860 11861 static int nl80211_nan_del_func(struct sk_buff *skb, 11862 struct genl_info *info) 11863 { 11864 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11865 struct wireless_dev *wdev = info->user_ptr[1]; 11866 u64 cookie; 11867 11868 if (wdev->iftype != NL80211_IFTYPE_NAN) 11869 return -EOPNOTSUPP; 11870 11871 if (!wdev_running(wdev)) 11872 return -ENOTCONN; 11873 11874 if (!info->attrs[NL80211_ATTR_COOKIE]) 11875 return -EINVAL; 11876 11877 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 11878 11879 rdev_del_nan_func(rdev, wdev, cookie); 11880 11881 return 0; 11882 } 11883 11884 static int nl80211_nan_change_config(struct sk_buff *skb, 11885 struct genl_info *info) 11886 { 11887 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11888 struct wireless_dev *wdev = info->user_ptr[1]; 11889 struct cfg80211_nan_conf conf = {}; 11890 u32 changed = 0; 11891 11892 if (wdev->iftype != NL80211_IFTYPE_NAN) 11893 return -EOPNOTSUPP; 11894 11895 if (!wdev_running(wdev)) 11896 return -ENOTCONN; 11897 11898 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) { 11899 conf.master_pref = 11900 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]); 11901 if (conf.master_pref <= 1 || conf.master_pref == 255) 11902 return -EINVAL; 11903 11904 changed |= CFG80211_NAN_CONF_CHANGED_PREF; 11905 } 11906 11907 if (info->attrs[NL80211_ATTR_BANDS]) { 11908 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]); 11909 11910 if (bands & ~(u32)wdev->wiphy->nan_supported_bands) 11911 return -EOPNOTSUPP; 11912 11913 if (bands && !(bands & BIT(NL80211_BAND_2GHZ))) 11914 return -EINVAL; 11915 11916 conf.bands = bands; 11917 changed |= CFG80211_NAN_CONF_CHANGED_BANDS; 11918 } 11919 11920 if (!changed) 11921 return -EINVAL; 11922 11923 return rdev_nan_change_conf(rdev, wdev, &conf, changed); 11924 } 11925 11926 void cfg80211_nan_match(struct wireless_dev *wdev, 11927 struct cfg80211_nan_match_params *match, gfp_t gfp) 11928 { 11929 struct wiphy *wiphy = wdev->wiphy; 11930 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 11931 struct nlattr *match_attr, *local_func_attr, *peer_func_attr; 11932 struct sk_buff *msg; 11933 void *hdr; 11934 11935 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr)) 11936 return; 11937 11938 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 11939 if (!msg) 11940 return; 11941 11942 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH); 11943 if (!hdr) { 11944 nlmsg_free(msg); 11945 return; 11946 } 11947 11948 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 11949 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 11950 wdev->netdev->ifindex)) || 11951 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 11952 NL80211_ATTR_PAD)) 11953 goto nla_put_failure; 11954 11955 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie, 11956 NL80211_ATTR_PAD) || 11957 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr)) 11958 goto nla_put_failure; 11959 11960 match_attr = nla_nest_start(msg, NL80211_ATTR_NAN_MATCH); 11961 if (!match_attr) 11962 goto nla_put_failure; 11963 11964 local_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_LOCAL); 11965 if (!local_func_attr) 11966 goto nla_put_failure; 11967 11968 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id)) 11969 goto nla_put_failure; 11970 11971 nla_nest_end(msg, local_func_attr); 11972 11973 peer_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_PEER); 11974 if (!peer_func_attr) 11975 goto nla_put_failure; 11976 11977 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) || 11978 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id)) 11979 goto nla_put_failure; 11980 11981 if (match->info && match->info_len && 11982 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len, 11983 match->info)) 11984 goto nla_put_failure; 11985 11986 nla_nest_end(msg, peer_func_attr); 11987 nla_nest_end(msg, match_attr); 11988 genlmsg_end(msg, hdr); 11989 11990 if (!wdev->owner_nlportid) 11991 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 11992 msg, 0, NL80211_MCGRP_NAN, gfp); 11993 else 11994 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 11995 wdev->owner_nlportid); 11996 11997 return; 11998 11999 nla_put_failure: 12000 nlmsg_free(msg); 12001 } 12002 EXPORT_SYMBOL(cfg80211_nan_match); 12003 12004 void cfg80211_nan_func_terminated(struct wireless_dev *wdev, 12005 u8 inst_id, 12006 enum nl80211_nan_func_term_reason reason, 12007 u64 cookie, gfp_t gfp) 12008 { 12009 struct wiphy *wiphy = wdev->wiphy; 12010 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 12011 struct sk_buff *msg; 12012 struct nlattr *func_attr; 12013 void *hdr; 12014 12015 if (WARN_ON(!inst_id)) 12016 return; 12017 12018 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 12019 if (!msg) 12020 return; 12021 12022 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION); 12023 if (!hdr) { 12024 nlmsg_free(msg); 12025 return; 12026 } 12027 12028 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 12029 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 12030 wdev->netdev->ifindex)) || 12031 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 12032 NL80211_ATTR_PAD)) 12033 goto nla_put_failure; 12034 12035 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 12036 NL80211_ATTR_PAD)) 12037 goto nla_put_failure; 12038 12039 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC); 12040 if (!func_attr) 12041 goto nla_put_failure; 12042 12043 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) || 12044 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason)) 12045 goto nla_put_failure; 12046 12047 nla_nest_end(msg, func_attr); 12048 genlmsg_end(msg, hdr); 12049 12050 if (!wdev->owner_nlportid) 12051 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 12052 msg, 0, NL80211_MCGRP_NAN, gfp); 12053 else 12054 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 12055 wdev->owner_nlportid); 12056 12057 return; 12058 12059 nla_put_failure: 12060 nlmsg_free(msg); 12061 } 12062 EXPORT_SYMBOL(cfg80211_nan_func_terminated); 12063 12064 static int nl80211_get_protocol_features(struct sk_buff *skb, 12065 struct genl_info *info) 12066 { 12067 void *hdr; 12068 struct sk_buff *msg; 12069 12070 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12071 if (!msg) 12072 return -ENOMEM; 12073 12074 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 12075 NL80211_CMD_GET_PROTOCOL_FEATURES); 12076 if (!hdr) 12077 goto nla_put_failure; 12078 12079 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES, 12080 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP)) 12081 goto nla_put_failure; 12082 12083 genlmsg_end(msg, hdr); 12084 return genlmsg_reply(msg, info); 12085 12086 nla_put_failure: 12087 kfree_skb(msg); 12088 return -ENOBUFS; 12089 } 12090 12091 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info) 12092 { 12093 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12094 struct cfg80211_update_ft_ies_params ft_params; 12095 struct net_device *dev = info->user_ptr[1]; 12096 12097 if (!rdev->ops->update_ft_ies) 12098 return -EOPNOTSUPP; 12099 12100 if (!info->attrs[NL80211_ATTR_MDID] || 12101 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 12102 return -EINVAL; 12103 12104 memset(&ft_params, 0, sizeof(ft_params)); 12105 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]); 12106 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 12107 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 12108 12109 return rdev_update_ft_ies(rdev, dev, &ft_params); 12110 } 12111 12112 static int nl80211_crit_protocol_start(struct sk_buff *skb, 12113 struct genl_info *info) 12114 { 12115 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12116 struct wireless_dev *wdev = info->user_ptr[1]; 12117 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC; 12118 u16 duration; 12119 int ret; 12120 12121 if (!rdev->ops->crit_proto_start) 12122 return -EOPNOTSUPP; 12123 12124 if (WARN_ON(!rdev->ops->crit_proto_stop)) 12125 return -EINVAL; 12126 12127 if (rdev->crit_proto_nlportid) 12128 return -EBUSY; 12129 12130 /* determine protocol if provided */ 12131 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID]) 12132 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]); 12133 12134 if (proto >= NUM_NL80211_CRIT_PROTO) 12135 return -EINVAL; 12136 12137 /* timeout must be provided */ 12138 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]) 12139 return -EINVAL; 12140 12141 duration = 12142 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]); 12143 12144 if (duration > NL80211_CRIT_PROTO_MAX_DURATION) 12145 return -ERANGE; 12146 12147 ret = rdev_crit_proto_start(rdev, wdev, proto, duration); 12148 if (!ret) 12149 rdev->crit_proto_nlportid = info->snd_portid; 12150 12151 return ret; 12152 } 12153 12154 static int nl80211_crit_protocol_stop(struct sk_buff *skb, 12155 struct genl_info *info) 12156 { 12157 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12158 struct wireless_dev *wdev = info->user_ptr[1]; 12159 12160 if (!rdev->ops->crit_proto_stop) 12161 return -EOPNOTSUPP; 12162 12163 if (rdev->crit_proto_nlportid) { 12164 rdev->crit_proto_nlportid = 0; 12165 rdev_crit_proto_stop(rdev, wdev); 12166 } 12167 return 0; 12168 } 12169 12170 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info) 12171 { 12172 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12173 struct wireless_dev *wdev = 12174 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs); 12175 int i, err; 12176 u32 vid, subcmd; 12177 12178 if (!rdev->wiphy.vendor_commands) 12179 return -EOPNOTSUPP; 12180 12181 if (IS_ERR(wdev)) { 12182 err = PTR_ERR(wdev); 12183 if (err != -EINVAL) 12184 return err; 12185 wdev = NULL; 12186 } else if (wdev->wiphy != &rdev->wiphy) { 12187 return -EINVAL; 12188 } 12189 12190 if (!info->attrs[NL80211_ATTR_VENDOR_ID] || 12191 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD]) 12192 return -EINVAL; 12193 12194 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]); 12195 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]); 12196 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) { 12197 const struct wiphy_vendor_command *vcmd; 12198 void *data = NULL; 12199 int len = 0; 12200 12201 vcmd = &rdev->wiphy.vendor_commands[i]; 12202 12203 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd) 12204 continue; 12205 12206 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV | 12207 WIPHY_VENDOR_CMD_NEED_NETDEV)) { 12208 if (!wdev) 12209 return -EINVAL; 12210 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV && 12211 !wdev->netdev) 12212 return -EINVAL; 12213 12214 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) { 12215 if (!wdev_running(wdev)) 12216 return -ENETDOWN; 12217 } 12218 12219 if (!vcmd->doit) 12220 return -EOPNOTSUPP; 12221 } else { 12222 wdev = NULL; 12223 } 12224 12225 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) { 12226 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]); 12227 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]); 12228 } 12229 12230 rdev->cur_cmd_info = info; 12231 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev, 12232 data, len); 12233 rdev->cur_cmd_info = NULL; 12234 return err; 12235 } 12236 12237 return -EOPNOTSUPP; 12238 } 12239 12240 static int nl80211_prepare_vendor_dump(struct sk_buff *skb, 12241 struct netlink_callback *cb, 12242 struct cfg80211_registered_device **rdev, 12243 struct wireless_dev **wdev) 12244 { 12245 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam); 12246 u32 vid, subcmd; 12247 unsigned int i; 12248 int vcmd_idx = -1; 12249 int err; 12250 void *data = NULL; 12251 unsigned int data_len = 0; 12252 12253 if (cb->args[0]) { 12254 /* subtract the 1 again here */ 12255 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1); 12256 struct wireless_dev *tmp; 12257 12258 if (!wiphy) 12259 return -ENODEV; 12260 *rdev = wiphy_to_rdev(wiphy); 12261 *wdev = NULL; 12262 12263 if (cb->args[1]) { 12264 list_for_each_entry(tmp, &wiphy->wdev_list, list) { 12265 if (tmp->identifier == cb->args[1] - 1) { 12266 *wdev = tmp; 12267 break; 12268 } 12269 } 12270 } 12271 12272 /* keep rtnl locked in successful case */ 12273 return 0; 12274 } 12275 12276 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, attrbuf, 12277 nl80211_fam.maxattr, nl80211_policy, NULL); 12278 if (err) 12279 return err; 12280 12281 if (!attrbuf[NL80211_ATTR_VENDOR_ID] || 12282 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) 12283 return -EINVAL; 12284 12285 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf); 12286 if (IS_ERR(*wdev)) 12287 *wdev = NULL; 12288 12289 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf); 12290 if (IS_ERR(*rdev)) 12291 return PTR_ERR(*rdev); 12292 12293 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]); 12294 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]); 12295 12296 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) { 12297 const struct wiphy_vendor_command *vcmd; 12298 12299 vcmd = &(*rdev)->wiphy.vendor_commands[i]; 12300 12301 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd) 12302 continue; 12303 12304 if (!vcmd->dumpit) 12305 return -EOPNOTSUPP; 12306 12307 vcmd_idx = i; 12308 break; 12309 } 12310 12311 if (vcmd_idx < 0) 12312 return -EOPNOTSUPP; 12313 12314 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) { 12315 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]); 12316 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]); 12317 } 12318 12319 /* 0 is the first index - add 1 to parse only once */ 12320 cb->args[0] = (*rdev)->wiphy_idx + 1; 12321 /* add 1 to know if it was NULL */ 12322 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0; 12323 cb->args[2] = vcmd_idx; 12324 cb->args[3] = (unsigned long)data; 12325 cb->args[4] = data_len; 12326 12327 /* keep rtnl locked in successful case */ 12328 return 0; 12329 } 12330 12331 static int nl80211_vendor_cmd_dump(struct sk_buff *skb, 12332 struct netlink_callback *cb) 12333 { 12334 struct cfg80211_registered_device *rdev; 12335 struct wireless_dev *wdev; 12336 unsigned int vcmd_idx; 12337 const struct wiphy_vendor_command *vcmd; 12338 void *data; 12339 int data_len; 12340 int err; 12341 struct nlattr *vendor_data; 12342 12343 rtnl_lock(); 12344 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev); 12345 if (err) 12346 goto out; 12347 12348 vcmd_idx = cb->args[2]; 12349 data = (void *)cb->args[3]; 12350 data_len = cb->args[4]; 12351 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx]; 12352 12353 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV | 12354 WIPHY_VENDOR_CMD_NEED_NETDEV)) { 12355 if (!wdev) { 12356 err = -EINVAL; 12357 goto out; 12358 } 12359 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV && 12360 !wdev->netdev) { 12361 err = -EINVAL; 12362 goto out; 12363 } 12364 12365 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) { 12366 if (!wdev_running(wdev)) { 12367 err = -ENETDOWN; 12368 goto out; 12369 } 12370 } 12371 } 12372 12373 while (1) { 12374 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 12375 cb->nlh->nlmsg_seq, NLM_F_MULTI, 12376 NL80211_CMD_VENDOR); 12377 if (!hdr) 12378 break; 12379 12380 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 12381 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV, 12382 wdev_id(wdev), 12383 NL80211_ATTR_PAD))) { 12384 genlmsg_cancel(skb, hdr); 12385 break; 12386 } 12387 12388 vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA); 12389 if (!vendor_data) { 12390 genlmsg_cancel(skb, hdr); 12391 break; 12392 } 12393 12394 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len, 12395 (unsigned long *)&cb->args[5]); 12396 nla_nest_end(skb, vendor_data); 12397 12398 if (err == -ENOBUFS || err == -ENOENT) { 12399 genlmsg_cancel(skb, hdr); 12400 break; 12401 } else if (err) { 12402 genlmsg_cancel(skb, hdr); 12403 goto out; 12404 } 12405 12406 genlmsg_end(skb, hdr); 12407 } 12408 12409 err = skb->len; 12410 out: 12411 rtnl_unlock(); 12412 return err; 12413 } 12414 12415 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy, 12416 enum nl80211_commands cmd, 12417 enum nl80211_attrs attr, 12418 int approxlen) 12419 { 12420 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 12421 12422 if (WARN_ON(!rdev->cur_cmd_info)) 12423 return NULL; 12424 12425 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen, 12426 rdev->cur_cmd_info->snd_portid, 12427 rdev->cur_cmd_info->snd_seq, 12428 cmd, attr, NULL, GFP_KERNEL); 12429 } 12430 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb); 12431 12432 int cfg80211_vendor_cmd_reply(struct sk_buff *skb) 12433 { 12434 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 12435 void *hdr = ((void **)skb->cb)[1]; 12436 struct nlattr *data = ((void **)skb->cb)[2]; 12437 12438 /* clear CB data for netlink core to own from now on */ 12439 memset(skb->cb, 0, sizeof(skb->cb)); 12440 12441 if (WARN_ON(!rdev->cur_cmd_info)) { 12442 kfree_skb(skb); 12443 return -EINVAL; 12444 } 12445 12446 nla_nest_end(skb, data); 12447 genlmsg_end(skb, hdr); 12448 return genlmsg_reply(skb, rdev->cur_cmd_info); 12449 } 12450 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply); 12451 12452 static int nl80211_set_qos_map(struct sk_buff *skb, 12453 struct genl_info *info) 12454 { 12455 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12456 struct cfg80211_qos_map *qos_map = NULL; 12457 struct net_device *dev = info->user_ptr[1]; 12458 u8 *pos, len, num_des, des_len, des; 12459 int ret; 12460 12461 if (!rdev->ops->set_qos_map) 12462 return -EOPNOTSUPP; 12463 12464 if (info->attrs[NL80211_ATTR_QOS_MAP]) { 12465 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]); 12466 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]); 12467 12468 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN || 12469 len > IEEE80211_QOS_MAP_LEN_MAX) 12470 return -EINVAL; 12471 12472 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL); 12473 if (!qos_map) 12474 return -ENOMEM; 12475 12476 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1; 12477 if (num_des) { 12478 des_len = num_des * 12479 sizeof(struct cfg80211_dscp_exception); 12480 memcpy(qos_map->dscp_exception, pos, des_len); 12481 qos_map->num_des = num_des; 12482 for (des = 0; des < num_des; des++) { 12483 if (qos_map->dscp_exception[des].up > 7) { 12484 kfree(qos_map); 12485 return -EINVAL; 12486 } 12487 } 12488 pos += des_len; 12489 } 12490 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN); 12491 } 12492 12493 wdev_lock(dev->ieee80211_ptr); 12494 ret = nl80211_key_allowed(dev->ieee80211_ptr); 12495 if (!ret) 12496 ret = rdev_set_qos_map(rdev, dev, qos_map); 12497 wdev_unlock(dev->ieee80211_ptr); 12498 12499 kfree(qos_map); 12500 return ret; 12501 } 12502 12503 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info) 12504 { 12505 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12506 struct net_device *dev = info->user_ptr[1]; 12507 struct wireless_dev *wdev = dev->ieee80211_ptr; 12508 const u8 *peer; 12509 u8 tsid, up; 12510 u16 admitted_time = 0; 12511 int err; 12512 12513 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)) 12514 return -EOPNOTSUPP; 12515 12516 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] || 12517 !info->attrs[NL80211_ATTR_USER_PRIO]) 12518 return -EINVAL; 12519 12520 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]); 12521 if (tsid >= IEEE80211_NUM_TIDS) 12522 return -EINVAL; 12523 12524 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]); 12525 if (up >= IEEE80211_NUM_UPS) 12526 return -EINVAL; 12527 12528 /* WMM uses TIDs 0-7 even for TSPEC */ 12529 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) { 12530 /* TODO: handle 802.11 TSPEC/admission control 12531 * need more attributes for that (e.g. BA session requirement); 12532 * change the WMM adminssion test above to allow both then 12533 */ 12534 return -EINVAL; 12535 } 12536 12537 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 12538 12539 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) { 12540 admitted_time = 12541 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]); 12542 if (!admitted_time) 12543 return -EINVAL; 12544 } 12545 12546 wdev_lock(wdev); 12547 switch (wdev->iftype) { 12548 case NL80211_IFTYPE_STATION: 12549 case NL80211_IFTYPE_P2P_CLIENT: 12550 if (wdev->current_bss) 12551 break; 12552 err = -ENOTCONN; 12553 goto out; 12554 default: 12555 err = -EOPNOTSUPP; 12556 goto out; 12557 } 12558 12559 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time); 12560 12561 out: 12562 wdev_unlock(wdev); 12563 return err; 12564 } 12565 12566 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info) 12567 { 12568 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12569 struct net_device *dev = info->user_ptr[1]; 12570 struct wireless_dev *wdev = dev->ieee80211_ptr; 12571 const u8 *peer; 12572 u8 tsid; 12573 int err; 12574 12575 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC]) 12576 return -EINVAL; 12577 12578 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]); 12579 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 12580 12581 wdev_lock(wdev); 12582 err = rdev_del_tx_ts(rdev, dev, tsid, peer); 12583 wdev_unlock(wdev); 12584 12585 return err; 12586 } 12587 12588 static int nl80211_tdls_channel_switch(struct sk_buff *skb, 12589 struct genl_info *info) 12590 { 12591 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12592 struct net_device *dev = info->user_ptr[1]; 12593 struct wireless_dev *wdev = dev->ieee80211_ptr; 12594 struct cfg80211_chan_def chandef = {}; 12595 const u8 *addr; 12596 u8 oper_class; 12597 int err; 12598 12599 if (!rdev->ops->tdls_channel_switch || 12600 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 12601 return -EOPNOTSUPP; 12602 12603 switch (dev->ieee80211_ptr->iftype) { 12604 case NL80211_IFTYPE_STATION: 12605 case NL80211_IFTYPE_P2P_CLIENT: 12606 break; 12607 default: 12608 return -EOPNOTSUPP; 12609 } 12610 12611 if (!info->attrs[NL80211_ATTR_MAC] || 12612 !info->attrs[NL80211_ATTR_OPER_CLASS]) 12613 return -EINVAL; 12614 12615 err = nl80211_parse_chandef(rdev, info, &chandef); 12616 if (err) 12617 return err; 12618 12619 /* 12620 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012 12621 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the 12622 * specification is not defined for them. 12623 */ 12624 if (chandef.chan->band == NL80211_BAND_2GHZ && 12625 chandef.width != NL80211_CHAN_WIDTH_20_NOHT && 12626 chandef.width != NL80211_CHAN_WIDTH_20) 12627 return -EINVAL; 12628 12629 /* we will be active on the TDLS link */ 12630 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef, 12631 wdev->iftype)) 12632 return -EINVAL; 12633 12634 /* don't allow switching to DFS channels */ 12635 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype)) 12636 return -EINVAL; 12637 12638 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 12639 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]); 12640 12641 wdev_lock(wdev); 12642 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef); 12643 wdev_unlock(wdev); 12644 12645 return err; 12646 } 12647 12648 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb, 12649 struct genl_info *info) 12650 { 12651 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12652 struct net_device *dev = info->user_ptr[1]; 12653 struct wireless_dev *wdev = dev->ieee80211_ptr; 12654 const u8 *addr; 12655 12656 if (!rdev->ops->tdls_channel_switch || 12657 !rdev->ops->tdls_cancel_channel_switch || 12658 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 12659 return -EOPNOTSUPP; 12660 12661 switch (dev->ieee80211_ptr->iftype) { 12662 case NL80211_IFTYPE_STATION: 12663 case NL80211_IFTYPE_P2P_CLIENT: 12664 break; 12665 default: 12666 return -EOPNOTSUPP; 12667 } 12668 12669 if (!info->attrs[NL80211_ATTR_MAC]) 12670 return -EINVAL; 12671 12672 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 12673 12674 wdev_lock(wdev); 12675 rdev_tdls_cancel_channel_switch(rdev, dev, addr); 12676 wdev_unlock(wdev); 12677 12678 return 0; 12679 } 12680 12681 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb, 12682 struct genl_info *info) 12683 { 12684 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12685 struct net_device *dev = info->user_ptr[1]; 12686 struct wireless_dev *wdev = dev->ieee80211_ptr; 12687 const struct nlattr *nla; 12688 bool enabled; 12689 12690 if (!rdev->ops->set_multicast_to_unicast) 12691 return -EOPNOTSUPP; 12692 12693 if (wdev->iftype != NL80211_IFTYPE_AP && 12694 wdev->iftype != NL80211_IFTYPE_P2P_GO) 12695 return -EOPNOTSUPP; 12696 12697 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED]; 12698 enabled = nla_get_flag(nla); 12699 12700 return rdev_set_multicast_to_unicast(rdev, dev, enabled); 12701 } 12702 12703 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info) 12704 { 12705 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12706 struct net_device *dev = info->user_ptr[1]; 12707 struct wireless_dev *wdev = dev->ieee80211_ptr; 12708 struct cfg80211_pmk_conf pmk_conf = {}; 12709 int ret; 12710 12711 if (wdev->iftype != NL80211_IFTYPE_STATION && 12712 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 12713 return -EOPNOTSUPP; 12714 12715 if (!wiphy_ext_feature_isset(&rdev->wiphy, 12716 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) 12717 return -EOPNOTSUPP; 12718 12719 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK]) 12720 return -EINVAL; 12721 12722 wdev_lock(wdev); 12723 if (!wdev->current_bss) { 12724 ret = -ENOTCONN; 12725 goto out; 12726 } 12727 12728 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]); 12729 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) { 12730 ret = -EINVAL; 12731 goto out; 12732 } 12733 12734 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]); 12735 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]); 12736 if (pmk_conf.pmk_len != WLAN_PMK_LEN && 12737 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) { 12738 ret = -EINVAL; 12739 goto out; 12740 } 12741 12742 if (info->attrs[NL80211_ATTR_PMKR0_NAME]) { 12743 int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]); 12744 12745 if (r0_name_len != WLAN_PMK_NAME_LEN) { 12746 ret = -EINVAL; 12747 goto out; 12748 } 12749 12750 pmk_conf.pmk_r0_name = 12751 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]); 12752 } 12753 12754 ret = rdev_set_pmk(rdev, dev, &pmk_conf); 12755 out: 12756 wdev_unlock(wdev); 12757 return ret; 12758 } 12759 12760 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info) 12761 { 12762 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12763 struct net_device *dev = info->user_ptr[1]; 12764 struct wireless_dev *wdev = dev->ieee80211_ptr; 12765 const u8 *aa; 12766 int ret; 12767 12768 if (wdev->iftype != NL80211_IFTYPE_STATION && 12769 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 12770 return -EOPNOTSUPP; 12771 12772 if (!wiphy_ext_feature_isset(&rdev->wiphy, 12773 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) 12774 return -EOPNOTSUPP; 12775 12776 if (!info->attrs[NL80211_ATTR_MAC]) 12777 return -EINVAL; 12778 12779 wdev_lock(wdev); 12780 aa = nla_data(info->attrs[NL80211_ATTR_MAC]); 12781 ret = rdev_del_pmk(rdev, dev, aa); 12782 wdev_unlock(wdev); 12783 12784 return ret; 12785 } 12786 12787 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info) 12788 { 12789 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12790 struct net_device *dev = info->user_ptr[1]; 12791 struct cfg80211_external_auth_params params; 12792 12793 if (!rdev->ops->external_auth) 12794 return -EOPNOTSUPP; 12795 12796 if (!info->attrs[NL80211_ATTR_SSID]) 12797 return -EINVAL; 12798 12799 if (!info->attrs[NL80211_ATTR_BSSID]) 12800 return -EINVAL; 12801 12802 if (!info->attrs[NL80211_ATTR_STATUS_CODE]) 12803 return -EINVAL; 12804 12805 memset(¶ms, 0, sizeof(params)); 12806 12807 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 12808 if (params.ssid.ssid_len == 0 || 12809 params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN) 12810 return -EINVAL; 12811 memcpy(params.ssid.ssid, nla_data(info->attrs[NL80211_ATTR_SSID]), 12812 params.ssid.ssid_len); 12813 12814 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]), 12815 ETH_ALEN); 12816 12817 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 12818 12819 return rdev_external_auth(rdev, dev, ¶ms); 12820 } 12821 12822 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info) 12823 { 12824 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12825 struct net_device *dev = info->user_ptr[1]; 12826 struct wireless_dev *wdev = dev->ieee80211_ptr; 12827 const u8 *buf; 12828 size_t len; 12829 u8 *dest; 12830 u16 proto; 12831 bool noencrypt; 12832 int err; 12833 12834 if (!wiphy_ext_feature_isset(&rdev->wiphy, 12835 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) 12836 return -EOPNOTSUPP; 12837 12838 if (!rdev->ops->tx_control_port) 12839 return -EOPNOTSUPP; 12840 12841 if (!info->attrs[NL80211_ATTR_FRAME] || 12842 !info->attrs[NL80211_ATTR_MAC] || 12843 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 12844 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing"); 12845 return -EINVAL; 12846 } 12847 12848 wdev_lock(wdev); 12849 12850 switch (wdev->iftype) { 12851 case NL80211_IFTYPE_AP: 12852 case NL80211_IFTYPE_P2P_GO: 12853 case NL80211_IFTYPE_MESH_POINT: 12854 break; 12855 case NL80211_IFTYPE_ADHOC: 12856 case NL80211_IFTYPE_STATION: 12857 case NL80211_IFTYPE_P2P_CLIENT: 12858 if (wdev->current_bss) 12859 break; 12860 err = -ENOTCONN; 12861 goto out; 12862 default: 12863 err = -EOPNOTSUPP; 12864 goto out; 12865 } 12866 12867 wdev_unlock(wdev); 12868 12869 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); 12870 len = nla_len(info->attrs[NL80211_ATTR_FRAME]); 12871 dest = nla_data(info->attrs[NL80211_ATTR_MAC]); 12872 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 12873 noencrypt = 12874 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]); 12875 12876 return rdev_tx_control_port(rdev, dev, buf, len, 12877 dest, cpu_to_be16(proto), noencrypt); 12878 12879 out: 12880 wdev_unlock(wdev); 12881 return err; 12882 } 12883 12884 #define NL80211_FLAG_NEED_WIPHY 0x01 12885 #define NL80211_FLAG_NEED_NETDEV 0x02 12886 #define NL80211_FLAG_NEED_RTNL 0x04 12887 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 12888 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 12889 NL80211_FLAG_CHECK_NETDEV_UP) 12890 #define NL80211_FLAG_NEED_WDEV 0x10 12891 /* If a netdev is associated, it must be UP, P2P must be started */ 12892 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ 12893 NL80211_FLAG_CHECK_NETDEV_UP) 12894 #define NL80211_FLAG_CLEAR_SKB 0x20 12895 12896 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb, 12897 struct genl_info *info) 12898 { 12899 struct cfg80211_registered_device *rdev; 12900 struct wireless_dev *wdev; 12901 struct net_device *dev; 12902 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL; 12903 12904 if (rtnl) 12905 rtnl_lock(); 12906 12907 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) { 12908 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 12909 if (IS_ERR(rdev)) { 12910 if (rtnl) 12911 rtnl_unlock(); 12912 return PTR_ERR(rdev); 12913 } 12914 info->user_ptr[0] = rdev; 12915 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV || 12916 ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 12917 ASSERT_RTNL(); 12918 12919 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info), 12920 info->attrs); 12921 if (IS_ERR(wdev)) { 12922 if (rtnl) 12923 rtnl_unlock(); 12924 return PTR_ERR(wdev); 12925 } 12926 12927 dev = wdev->netdev; 12928 rdev = wiphy_to_rdev(wdev->wiphy); 12929 12930 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) { 12931 if (!dev) { 12932 if (rtnl) 12933 rtnl_unlock(); 12934 return -EINVAL; 12935 } 12936 12937 info->user_ptr[1] = dev; 12938 } else { 12939 info->user_ptr[1] = wdev; 12940 } 12941 12942 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 12943 !wdev_running(wdev)) { 12944 if (rtnl) 12945 rtnl_unlock(); 12946 return -ENETDOWN; 12947 } 12948 12949 if (dev) 12950 dev_hold(dev); 12951 12952 info->user_ptr[0] = rdev; 12953 } 12954 12955 return 0; 12956 } 12957 12958 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb, 12959 struct genl_info *info) 12960 { 12961 if (info->user_ptr[1]) { 12962 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 12963 struct wireless_dev *wdev = info->user_ptr[1]; 12964 12965 if (wdev->netdev) 12966 dev_put(wdev->netdev); 12967 } else { 12968 dev_put(info->user_ptr[1]); 12969 } 12970 } 12971 12972 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) 12973 rtnl_unlock(); 12974 12975 /* If needed, clear the netlink message payload from the SKB 12976 * as it might contain key data that shouldn't stick around on 12977 * the heap after the SKB is freed. The netlink message header 12978 * is still needed for further processing, so leave it intact. 12979 */ 12980 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) { 12981 struct nlmsghdr *nlh = nlmsg_hdr(skb); 12982 12983 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh)); 12984 } 12985 } 12986 12987 static const struct genl_ops nl80211_ops[] = { 12988 { 12989 .cmd = NL80211_CMD_GET_WIPHY, 12990 .doit = nl80211_get_wiphy, 12991 .dumpit = nl80211_dump_wiphy, 12992 .done = nl80211_dump_wiphy_done, 12993 .policy = nl80211_policy, 12994 /* can be retrieved by unprivileged users */ 12995 .internal_flags = NL80211_FLAG_NEED_WIPHY | 12996 NL80211_FLAG_NEED_RTNL, 12997 }, 12998 { 12999 .cmd = NL80211_CMD_SET_WIPHY, 13000 .doit = nl80211_set_wiphy, 13001 .policy = nl80211_policy, 13002 .flags = GENL_UNS_ADMIN_PERM, 13003 .internal_flags = NL80211_FLAG_NEED_RTNL, 13004 }, 13005 { 13006 .cmd = NL80211_CMD_GET_INTERFACE, 13007 .doit = nl80211_get_interface, 13008 .dumpit = nl80211_dump_interface, 13009 .policy = nl80211_policy, 13010 /* can be retrieved by unprivileged users */ 13011 .internal_flags = NL80211_FLAG_NEED_WDEV | 13012 NL80211_FLAG_NEED_RTNL, 13013 }, 13014 { 13015 .cmd = NL80211_CMD_SET_INTERFACE, 13016 .doit = nl80211_set_interface, 13017 .policy = nl80211_policy, 13018 .flags = GENL_UNS_ADMIN_PERM, 13019 .internal_flags = NL80211_FLAG_NEED_NETDEV | 13020 NL80211_FLAG_NEED_RTNL, 13021 }, 13022 { 13023 .cmd = NL80211_CMD_NEW_INTERFACE, 13024 .doit = nl80211_new_interface, 13025 .policy = nl80211_policy, 13026 .flags = GENL_UNS_ADMIN_PERM, 13027 .internal_flags = NL80211_FLAG_NEED_WIPHY | 13028 NL80211_FLAG_NEED_RTNL, 13029 }, 13030 { 13031 .cmd = NL80211_CMD_DEL_INTERFACE, 13032 .doit = nl80211_del_interface, 13033 .policy = nl80211_policy, 13034 .flags = GENL_UNS_ADMIN_PERM, 13035 .internal_flags = NL80211_FLAG_NEED_WDEV | 13036 NL80211_FLAG_NEED_RTNL, 13037 }, 13038 { 13039 .cmd = NL80211_CMD_GET_KEY, 13040 .doit = nl80211_get_key, 13041 .policy = nl80211_policy, 13042 .flags = GENL_UNS_ADMIN_PERM, 13043 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13044 NL80211_FLAG_NEED_RTNL, 13045 }, 13046 { 13047 .cmd = NL80211_CMD_SET_KEY, 13048 .doit = nl80211_set_key, 13049 .policy = nl80211_policy, 13050 .flags = GENL_UNS_ADMIN_PERM, 13051 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13052 NL80211_FLAG_NEED_RTNL | 13053 NL80211_FLAG_CLEAR_SKB, 13054 }, 13055 { 13056 .cmd = NL80211_CMD_NEW_KEY, 13057 .doit = nl80211_new_key, 13058 .policy = nl80211_policy, 13059 .flags = GENL_UNS_ADMIN_PERM, 13060 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13061 NL80211_FLAG_NEED_RTNL | 13062 NL80211_FLAG_CLEAR_SKB, 13063 }, 13064 { 13065 .cmd = NL80211_CMD_DEL_KEY, 13066 .doit = nl80211_del_key, 13067 .policy = nl80211_policy, 13068 .flags = GENL_UNS_ADMIN_PERM, 13069 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13070 NL80211_FLAG_NEED_RTNL, 13071 }, 13072 { 13073 .cmd = NL80211_CMD_SET_BEACON, 13074 .policy = nl80211_policy, 13075 .flags = GENL_UNS_ADMIN_PERM, 13076 .doit = nl80211_set_beacon, 13077 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13078 NL80211_FLAG_NEED_RTNL, 13079 }, 13080 { 13081 .cmd = NL80211_CMD_START_AP, 13082 .policy = nl80211_policy, 13083 .flags = GENL_UNS_ADMIN_PERM, 13084 .doit = nl80211_start_ap, 13085 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13086 NL80211_FLAG_NEED_RTNL, 13087 }, 13088 { 13089 .cmd = NL80211_CMD_STOP_AP, 13090 .policy = nl80211_policy, 13091 .flags = GENL_UNS_ADMIN_PERM, 13092 .doit = nl80211_stop_ap, 13093 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13094 NL80211_FLAG_NEED_RTNL, 13095 }, 13096 { 13097 .cmd = NL80211_CMD_GET_STATION, 13098 .doit = nl80211_get_station, 13099 .dumpit = nl80211_dump_station, 13100 .policy = nl80211_policy, 13101 .internal_flags = NL80211_FLAG_NEED_NETDEV | 13102 NL80211_FLAG_NEED_RTNL, 13103 }, 13104 { 13105 .cmd = NL80211_CMD_SET_STATION, 13106 .doit = nl80211_set_station, 13107 .policy = nl80211_policy, 13108 .flags = GENL_UNS_ADMIN_PERM, 13109 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13110 NL80211_FLAG_NEED_RTNL, 13111 }, 13112 { 13113 .cmd = NL80211_CMD_NEW_STATION, 13114 .doit = nl80211_new_station, 13115 .policy = nl80211_policy, 13116 .flags = GENL_UNS_ADMIN_PERM, 13117 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13118 NL80211_FLAG_NEED_RTNL, 13119 }, 13120 { 13121 .cmd = NL80211_CMD_DEL_STATION, 13122 .doit = nl80211_del_station, 13123 .policy = nl80211_policy, 13124 .flags = GENL_UNS_ADMIN_PERM, 13125 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13126 NL80211_FLAG_NEED_RTNL, 13127 }, 13128 { 13129 .cmd = NL80211_CMD_GET_MPATH, 13130 .doit = nl80211_get_mpath, 13131 .dumpit = nl80211_dump_mpath, 13132 .policy = nl80211_policy, 13133 .flags = GENL_UNS_ADMIN_PERM, 13134 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13135 NL80211_FLAG_NEED_RTNL, 13136 }, 13137 { 13138 .cmd = NL80211_CMD_GET_MPP, 13139 .doit = nl80211_get_mpp, 13140 .dumpit = nl80211_dump_mpp, 13141 .policy = nl80211_policy, 13142 .flags = GENL_UNS_ADMIN_PERM, 13143 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13144 NL80211_FLAG_NEED_RTNL, 13145 }, 13146 { 13147 .cmd = NL80211_CMD_SET_MPATH, 13148 .doit = nl80211_set_mpath, 13149 .policy = nl80211_policy, 13150 .flags = GENL_UNS_ADMIN_PERM, 13151 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13152 NL80211_FLAG_NEED_RTNL, 13153 }, 13154 { 13155 .cmd = NL80211_CMD_NEW_MPATH, 13156 .doit = nl80211_new_mpath, 13157 .policy = nl80211_policy, 13158 .flags = GENL_UNS_ADMIN_PERM, 13159 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13160 NL80211_FLAG_NEED_RTNL, 13161 }, 13162 { 13163 .cmd = NL80211_CMD_DEL_MPATH, 13164 .doit = nl80211_del_mpath, 13165 .policy = nl80211_policy, 13166 .flags = GENL_UNS_ADMIN_PERM, 13167 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13168 NL80211_FLAG_NEED_RTNL, 13169 }, 13170 { 13171 .cmd = NL80211_CMD_SET_BSS, 13172 .doit = nl80211_set_bss, 13173 .policy = nl80211_policy, 13174 .flags = GENL_UNS_ADMIN_PERM, 13175 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13176 NL80211_FLAG_NEED_RTNL, 13177 }, 13178 { 13179 .cmd = NL80211_CMD_GET_REG, 13180 .doit = nl80211_get_reg_do, 13181 .dumpit = nl80211_get_reg_dump, 13182 .policy = nl80211_policy, 13183 .internal_flags = NL80211_FLAG_NEED_RTNL, 13184 /* can be retrieved by unprivileged users */ 13185 }, 13186 #ifdef CONFIG_CFG80211_CRDA_SUPPORT 13187 { 13188 .cmd = NL80211_CMD_SET_REG, 13189 .doit = nl80211_set_reg, 13190 .policy = nl80211_policy, 13191 .flags = GENL_ADMIN_PERM, 13192 .internal_flags = NL80211_FLAG_NEED_RTNL, 13193 }, 13194 #endif 13195 { 13196 .cmd = NL80211_CMD_REQ_SET_REG, 13197 .doit = nl80211_req_set_reg, 13198 .policy = nl80211_policy, 13199 .flags = GENL_ADMIN_PERM, 13200 }, 13201 { 13202 .cmd = NL80211_CMD_RELOAD_REGDB, 13203 .doit = nl80211_reload_regdb, 13204 .policy = nl80211_policy, 13205 .flags = GENL_ADMIN_PERM, 13206 }, 13207 { 13208 .cmd = NL80211_CMD_GET_MESH_CONFIG, 13209 .doit = nl80211_get_mesh_config, 13210 .policy = nl80211_policy, 13211 /* can be retrieved by unprivileged users */ 13212 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13213 NL80211_FLAG_NEED_RTNL, 13214 }, 13215 { 13216 .cmd = NL80211_CMD_SET_MESH_CONFIG, 13217 .doit = nl80211_update_mesh_config, 13218 .policy = nl80211_policy, 13219 .flags = GENL_UNS_ADMIN_PERM, 13220 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13221 NL80211_FLAG_NEED_RTNL, 13222 }, 13223 { 13224 .cmd = NL80211_CMD_TRIGGER_SCAN, 13225 .doit = nl80211_trigger_scan, 13226 .policy = nl80211_policy, 13227 .flags = GENL_UNS_ADMIN_PERM, 13228 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 13229 NL80211_FLAG_NEED_RTNL, 13230 }, 13231 { 13232 .cmd = NL80211_CMD_ABORT_SCAN, 13233 .doit = nl80211_abort_scan, 13234 .policy = nl80211_policy, 13235 .flags = GENL_UNS_ADMIN_PERM, 13236 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 13237 NL80211_FLAG_NEED_RTNL, 13238 }, 13239 { 13240 .cmd = NL80211_CMD_GET_SCAN, 13241 .policy = nl80211_policy, 13242 .dumpit = nl80211_dump_scan, 13243 }, 13244 { 13245 .cmd = NL80211_CMD_START_SCHED_SCAN, 13246 .doit = nl80211_start_sched_scan, 13247 .policy = nl80211_policy, 13248 .flags = GENL_UNS_ADMIN_PERM, 13249 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13250 NL80211_FLAG_NEED_RTNL, 13251 }, 13252 { 13253 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 13254 .doit = nl80211_stop_sched_scan, 13255 .policy = nl80211_policy, 13256 .flags = GENL_UNS_ADMIN_PERM, 13257 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13258 NL80211_FLAG_NEED_RTNL, 13259 }, 13260 { 13261 .cmd = NL80211_CMD_AUTHENTICATE, 13262 .doit = nl80211_authenticate, 13263 .policy = nl80211_policy, 13264 .flags = GENL_UNS_ADMIN_PERM, 13265 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13266 NL80211_FLAG_NEED_RTNL | 13267 NL80211_FLAG_CLEAR_SKB, 13268 }, 13269 { 13270 .cmd = NL80211_CMD_ASSOCIATE, 13271 .doit = nl80211_associate, 13272 .policy = nl80211_policy, 13273 .flags = GENL_UNS_ADMIN_PERM, 13274 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13275 NL80211_FLAG_NEED_RTNL, 13276 }, 13277 { 13278 .cmd = NL80211_CMD_DEAUTHENTICATE, 13279 .doit = nl80211_deauthenticate, 13280 .policy = nl80211_policy, 13281 .flags = GENL_UNS_ADMIN_PERM, 13282 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13283 NL80211_FLAG_NEED_RTNL, 13284 }, 13285 { 13286 .cmd = NL80211_CMD_DISASSOCIATE, 13287 .doit = nl80211_disassociate, 13288 .policy = nl80211_policy, 13289 .flags = GENL_UNS_ADMIN_PERM, 13290 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13291 NL80211_FLAG_NEED_RTNL, 13292 }, 13293 { 13294 .cmd = NL80211_CMD_JOIN_IBSS, 13295 .doit = nl80211_join_ibss, 13296 .policy = nl80211_policy, 13297 .flags = GENL_UNS_ADMIN_PERM, 13298 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13299 NL80211_FLAG_NEED_RTNL, 13300 }, 13301 { 13302 .cmd = NL80211_CMD_LEAVE_IBSS, 13303 .doit = nl80211_leave_ibss, 13304 .policy = nl80211_policy, 13305 .flags = GENL_UNS_ADMIN_PERM, 13306 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13307 NL80211_FLAG_NEED_RTNL, 13308 }, 13309 #ifdef CONFIG_NL80211_TESTMODE 13310 { 13311 .cmd = NL80211_CMD_TESTMODE, 13312 .doit = nl80211_testmode_do, 13313 .dumpit = nl80211_testmode_dump, 13314 .policy = nl80211_policy, 13315 .flags = GENL_UNS_ADMIN_PERM, 13316 .internal_flags = NL80211_FLAG_NEED_WIPHY | 13317 NL80211_FLAG_NEED_RTNL, 13318 }, 13319 #endif 13320 { 13321 .cmd = NL80211_CMD_CONNECT, 13322 .doit = nl80211_connect, 13323 .policy = nl80211_policy, 13324 .flags = GENL_UNS_ADMIN_PERM, 13325 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13326 NL80211_FLAG_NEED_RTNL, 13327 }, 13328 { 13329 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS, 13330 .doit = nl80211_update_connect_params, 13331 .policy = nl80211_policy, 13332 .flags = GENL_ADMIN_PERM, 13333 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13334 NL80211_FLAG_NEED_RTNL, 13335 }, 13336 { 13337 .cmd = NL80211_CMD_DISCONNECT, 13338 .doit = nl80211_disconnect, 13339 .policy = nl80211_policy, 13340 .flags = GENL_UNS_ADMIN_PERM, 13341 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13342 NL80211_FLAG_NEED_RTNL, 13343 }, 13344 { 13345 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 13346 .doit = nl80211_wiphy_netns, 13347 .policy = nl80211_policy, 13348 .flags = GENL_UNS_ADMIN_PERM, 13349 .internal_flags = NL80211_FLAG_NEED_WIPHY | 13350 NL80211_FLAG_NEED_RTNL, 13351 }, 13352 { 13353 .cmd = NL80211_CMD_GET_SURVEY, 13354 .policy = nl80211_policy, 13355 .dumpit = nl80211_dump_survey, 13356 }, 13357 { 13358 .cmd = NL80211_CMD_SET_PMKSA, 13359 .doit = nl80211_setdel_pmksa, 13360 .policy = nl80211_policy, 13361 .flags = GENL_UNS_ADMIN_PERM, 13362 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13363 NL80211_FLAG_NEED_RTNL, 13364 }, 13365 { 13366 .cmd = NL80211_CMD_DEL_PMKSA, 13367 .doit = nl80211_setdel_pmksa, 13368 .policy = nl80211_policy, 13369 .flags = GENL_UNS_ADMIN_PERM, 13370 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13371 NL80211_FLAG_NEED_RTNL, 13372 }, 13373 { 13374 .cmd = NL80211_CMD_FLUSH_PMKSA, 13375 .doit = nl80211_flush_pmksa, 13376 .policy = nl80211_policy, 13377 .flags = GENL_UNS_ADMIN_PERM, 13378 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13379 NL80211_FLAG_NEED_RTNL, 13380 }, 13381 { 13382 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 13383 .doit = nl80211_remain_on_channel, 13384 .policy = nl80211_policy, 13385 .flags = GENL_UNS_ADMIN_PERM, 13386 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 13387 NL80211_FLAG_NEED_RTNL, 13388 }, 13389 { 13390 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 13391 .doit = nl80211_cancel_remain_on_channel, 13392 .policy = nl80211_policy, 13393 .flags = GENL_UNS_ADMIN_PERM, 13394 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 13395 NL80211_FLAG_NEED_RTNL, 13396 }, 13397 { 13398 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 13399 .doit = nl80211_set_tx_bitrate_mask, 13400 .policy = nl80211_policy, 13401 .flags = GENL_UNS_ADMIN_PERM, 13402 .internal_flags = NL80211_FLAG_NEED_NETDEV | 13403 NL80211_FLAG_NEED_RTNL, 13404 }, 13405 { 13406 .cmd = NL80211_CMD_REGISTER_FRAME, 13407 .doit = nl80211_register_mgmt, 13408 .policy = nl80211_policy, 13409 .flags = GENL_UNS_ADMIN_PERM, 13410 .internal_flags = NL80211_FLAG_NEED_WDEV | 13411 NL80211_FLAG_NEED_RTNL, 13412 }, 13413 { 13414 .cmd = NL80211_CMD_FRAME, 13415 .doit = nl80211_tx_mgmt, 13416 .policy = nl80211_policy, 13417 .flags = GENL_UNS_ADMIN_PERM, 13418 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 13419 NL80211_FLAG_NEED_RTNL, 13420 }, 13421 { 13422 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 13423 .doit = nl80211_tx_mgmt_cancel_wait, 13424 .policy = nl80211_policy, 13425 .flags = GENL_UNS_ADMIN_PERM, 13426 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 13427 NL80211_FLAG_NEED_RTNL, 13428 }, 13429 { 13430 .cmd = NL80211_CMD_SET_POWER_SAVE, 13431 .doit = nl80211_set_power_save, 13432 .policy = nl80211_policy, 13433 .flags = GENL_UNS_ADMIN_PERM, 13434 .internal_flags = NL80211_FLAG_NEED_NETDEV | 13435 NL80211_FLAG_NEED_RTNL, 13436 }, 13437 { 13438 .cmd = NL80211_CMD_GET_POWER_SAVE, 13439 .doit = nl80211_get_power_save, 13440 .policy = nl80211_policy, 13441 /* can be retrieved by unprivileged users */ 13442 .internal_flags = NL80211_FLAG_NEED_NETDEV | 13443 NL80211_FLAG_NEED_RTNL, 13444 }, 13445 { 13446 .cmd = NL80211_CMD_SET_CQM, 13447 .doit = nl80211_set_cqm, 13448 .policy = nl80211_policy, 13449 .flags = GENL_UNS_ADMIN_PERM, 13450 .internal_flags = NL80211_FLAG_NEED_NETDEV | 13451 NL80211_FLAG_NEED_RTNL, 13452 }, 13453 { 13454 .cmd = NL80211_CMD_SET_CHANNEL, 13455 .doit = nl80211_set_channel, 13456 .policy = nl80211_policy, 13457 .flags = GENL_UNS_ADMIN_PERM, 13458 .internal_flags = NL80211_FLAG_NEED_NETDEV | 13459 NL80211_FLAG_NEED_RTNL, 13460 }, 13461 { 13462 .cmd = NL80211_CMD_SET_WDS_PEER, 13463 .doit = nl80211_set_wds_peer, 13464 .policy = nl80211_policy, 13465 .flags = GENL_UNS_ADMIN_PERM, 13466 .internal_flags = NL80211_FLAG_NEED_NETDEV | 13467 NL80211_FLAG_NEED_RTNL, 13468 }, 13469 { 13470 .cmd = NL80211_CMD_JOIN_MESH, 13471 .doit = nl80211_join_mesh, 13472 .policy = nl80211_policy, 13473 .flags = GENL_UNS_ADMIN_PERM, 13474 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13475 NL80211_FLAG_NEED_RTNL, 13476 }, 13477 { 13478 .cmd = NL80211_CMD_LEAVE_MESH, 13479 .doit = nl80211_leave_mesh, 13480 .policy = nl80211_policy, 13481 .flags = GENL_UNS_ADMIN_PERM, 13482 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13483 NL80211_FLAG_NEED_RTNL, 13484 }, 13485 { 13486 .cmd = NL80211_CMD_JOIN_OCB, 13487 .doit = nl80211_join_ocb, 13488 .policy = nl80211_policy, 13489 .flags = GENL_UNS_ADMIN_PERM, 13490 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13491 NL80211_FLAG_NEED_RTNL, 13492 }, 13493 { 13494 .cmd = NL80211_CMD_LEAVE_OCB, 13495 .doit = nl80211_leave_ocb, 13496 .policy = nl80211_policy, 13497 .flags = GENL_UNS_ADMIN_PERM, 13498 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13499 NL80211_FLAG_NEED_RTNL, 13500 }, 13501 #ifdef CONFIG_PM 13502 { 13503 .cmd = NL80211_CMD_GET_WOWLAN, 13504 .doit = nl80211_get_wowlan, 13505 .policy = nl80211_policy, 13506 /* can be retrieved by unprivileged users */ 13507 .internal_flags = NL80211_FLAG_NEED_WIPHY | 13508 NL80211_FLAG_NEED_RTNL, 13509 }, 13510 { 13511 .cmd = NL80211_CMD_SET_WOWLAN, 13512 .doit = nl80211_set_wowlan, 13513 .policy = nl80211_policy, 13514 .flags = GENL_UNS_ADMIN_PERM, 13515 .internal_flags = NL80211_FLAG_NEED_WIPHY | 13516 NL80211_FLAG_NEED_RTNL, 13517 }, 13518 #endif 13519 { 13520 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 13521 .doit = nl80211_set_rekey_data, 13522 .policy = nl80211_policy, 13523 .flags = GENL_UNS_ADMIN_PERM, 13524 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13525 NL80211_FLAG_NEED_RTNL | 13526 NL80211_FLAG_CLEAR_SKB, 13527 }, 13528 { 13529 .cmd = NL80211_CMD_TDLS_MGMT, 13530 .doit = nl80211_tdls_mgmt, 13531 .policy = nl80211_policy, 13532 .flags = GENL_UNS_ADMIN_PERM, 13533 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13534 NL80211_FLAG_NEED_RTNL, 13535 }, 13536 { 13537 .cmd = NL80211_CMD_TDLS_OPER, 13538 .doit = nl80211_tdls_oper, 13539 .policy = nl80211_policy, 13540 .flags = GENL_UNS_ADMIN_PERM, 13541 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13542 NL80211_FLAG_NEED_RTNL, 13543 }, 13544 { 13545 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 13546 .doit = nl80211_register_unexpected_frame, 13547 .policy = nl80211_policy, 13548 .flags = GENL_UNS_ADMIN_PERM, 13549 .internal_flags = NL80211_FLAG_NEED_NETDEV | 13550 NL80211_FLAG_NEED_RTNL, 13551 }, 13552 { 13553 .cmd = NL80211_CMD_PROBE_CLIENT, 13554 .doit = nl80211_probe_client, 13555 .policy = nl80211_policy, 13556 .flags = GENL_UNS_ADMIN_PERM, 13557 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13558 NL80211_FLAG_NEED_RTNL, 13559 }, 13560 { 13561 .cmd = NL80211_CMD_REGISTER_BEACONS, 13562 .doit = nl80211_register_beacons, 13563 .policy = nl80211_policy, 13564 .flags = GENL_UNS_ADMIN_PERM, 13565 .internal_flags = NL80211_FLAG_NEED_WIPHY | 13566 NL80211_FLAG_NEED_RTNL, 13567 }, 13568 { 13569 .cmd = NL80211_CMD_SET_NOACK_MAP, 13570 .doit = nl80211_set_noack_map, 13571 .policy = nl80211_policy, 13572 .flags = GENL_UNS_ADMIN_PERM, 13573 .internal_flags = NL80211_FLAG_NEED_NETDEV | 13574 NL80211_FLAG_NEED_RTNL, 13575 }, 13576 { 13577 .cmd = NL80211_CMD_START_P2P_DEVICE, 13578 .doit = nl80211_start_p2p_device, 13579 .policy = nl80211_policy, 13580 .flags = GENL_UNS_ADMIN_PERM, 13581 .internal_flags = NL80211_FLAG_NEED_WDEV | 13582 NL80211_FLAG_NEED_RTNL, 13583 }, 13584 { 13585 .cmd = NL80211_CMD_STOP_P2P_DEVICE, 13586 .doit = nl80211_stop_p2p_device, 13587 .policy = nl80211_policy, 13588 .flags = GENL_UNS_ADMIN_PERM, 13589 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 13590 NL80211_FLAG_NEED_RTNL, 13591 }, 13592 { 13593 .cmd = NL80211_CMD_START_NAN, 13594 .doit = nl80211_start_nan, 13595 .policy = nl80211_policy, 13596 .flags = GENL_ADMIN_PERM, 13597 .internal_flags = NL80211_FLAG_NEED_WDEV | 13598 NL80211_FLAG_NEED_RTNL, 13599 }, 13600 { 13601 .cmd = NL80211_CMD_STOP_NAN, 13602 .doit = nl80211_stop_nan, 13603 .policy = nl80211_policy, 13604 .flags = GENL_ADMIN_PERM, 13605 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 13606 NL80211_FLAG_NEED_RTNL, 13607 }, 13608 { 13609 .cmd = NL80211_CMD_ADD_NAN_FUNCTION, 13610 .doit = nl80211_nan_add_func, 13611 .policy = nl80211_policy, 13612 .flags = GENL_ADMIN_PERM, 13613 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 13614 NL80211_FLAG_NEED_RTNL, 13615 }, 13616 { 13617 .cmd = NL80211_CMD_DEL_NAN_FUNCTION, 13618 .doit = nl80211_nan_del_func, 13619 .policy = nl80211_policy, 13620 .flags = GENL_ADMIN_PERM, 13621 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 13622 NL80211_FLAG_NEED_RTNL, 13623 }, 13624 { 13625 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG, 13626 .doit = nl80211_nan_change_config, 13627 .policy = nl80211_policy, 13628 .flags = GENL_ADMIN_PERM, 13629 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 13630 NL80211_FLAG_NEED_RTNL, 13631 }, 13632 { 13633 .cmd = NL80211_CMD_SET_MCAST_RATE, 13634 .doit = nl80211_set_mcast_rate, 13635 .policy = nl80211_policy, 13636 .flags = GENL_UNS_ADMIN_PERM, 13637 .internal_flags = NL80211_FLAG_NEED_NETDEV | 13638 NL80211_FLAG_NEED_RTNL, 13639 }, 13640 { 13641 .cmd = NL80211_CMD_SET_MAC_ACL, 13642 .doit = nl80211_set_mac_acl, 13643 .policy = nl80211_policy, 13644 .flags = GENL_UNS_ADMIN_PERM, 13645 .internal_flags = NL80211_FLAG_NEED_NETDEV | 13646 NL80211_FLAG_NEED_RTNL, 13647 }, 13648 { 13649 .cmd = NL80211_CMD_RADAR_DETECT, 13650 .doit = nl80211_start_radar_detection, 13651 .policy = nl80211_policy, 13652 .flags = GENL_UNS_ADMIN_PERM, 13653 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13654 NL80211_FLAG_NEED_RTNL, 13655 }, 13656 { 13657 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES, 13658 .doit = nl80211_get_protocol_features, 13659 .policy = nl80211_policy, 13660 }, 13661 { 13662 .cmd = NL80211_CMD_UPDATE_FT_IES, 13663 .doit = nl80211_update_ft_ies, 13664 .policy = nl80211_policy, 13665 .flags = GENL_UNS_ADMIN_PERM, 13666 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13667 NL80211_FLAG_NEED_RTNL, 13668 }, 13669 { 13670 .cmd = NL80211_CMD_CRIT_PROTOCOL_START, 13671 .doit = nl80211_crit_protocol_start, 13672 .policy = nl80211_policy, 13673 .flags = GENL_UNS_ADMIN_PERM, 13674 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 13675 NL80211_FLAG_NEED_RTNL, 13676 }, 13677 { 13678 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP, 13679 .doit = nl80211_crit_protocol_stop, 13680 .policy = nl80211_policy, 13681 .flags = GENL_UNS_ADMIN_PERM, 13682 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 13683 NL80211_FLAG_NEED_RTNL, 13684 }, 13685 { 13686 .cmd = NL80211_CMD_GET_COALESCE, 13687 .doit = nl80211_get_coalesce, 13688 .policy = nl80211_policy, 13689 .internal_flags = NL80211_FLAG_NEED_WIPHY | 13690 NL80211_FLAG_NEED_RTNL, 13691 }, 13692 { 13693 .cmd = NL80211_CMD_SET_COALESCE, 13694 .doit = nl80211_set_coalesce, 13695 .policy = nl80211_policy, 13696 .flags = GENL_UNS_ADMIN_PERM, 13697 .internal_flags = NL80211_FLAG_NEED_WIPHY | 13698 NL80211_FLAG_NEED_RTNL, 13699 }, 13700 { 13701 .cmd = NL80211_CMD_CHANNEL_SWITCH, 13702 .doit = nl80211_channel_switch, 13703 .policy = nl80211_policy, 13704 .flags = GENL_UNS_ADMIN_PERM, 13705 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13706 NL80211_FLAG_NEED_RTNL, 13707 }, 13708 { 13709 .cmd = NL80211_CMD_VENDOR, 13710 .doit = nl80211_vendor_cmd, 13711 .dumpit = nl80211_vendor_cmd_dump, 13712 .policy = nl80211_policy, 13713 .flags = GENL_UNS_ADMIN_PERM, 13714 .internal_flags = NL80211_FLAG_NEED_WIPHY | 13715 NL80211_FLAG_NEED_RTNL, 13716 }, 13717 { 13718 .cmd = NL80211_CMD_SET_QOS_MAP, 13719 .doit = nl80211_set_qos_map, 13720 .policy = nl80211_policy, 13721 .flags = GENL_UNS_ADMIN_PERM, 13722 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13723 NL80211_FLAG_NEED_RTNL, 13724 }, 13725 { 13726 .cmd = NL80211_CMD_ADD_TX_TS, 13727 .doit = nl80211_add_tx_ts, 13728 .policy = nl80211_policy, 13729 .flags = GENL_UNS_ADMIN_PERM, 13730 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13731 NL80211_FLAG_NEED_RTNL, 13732 }, 13733 { 13734 .cmd = NL80211_CMD_DEL_TX_TS, 13735 .doit = nl80211_del_tx_ts, 13736 .policy = nl80211_policy, 13737 .flags = GENL_UNS_ADMIN_PERM, 13738 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13739 NL80211_FLAG_NEED_RTNL, 13740 }, 13741 { 13742 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH, 13743 .doit = nl80211_tdls_channel_switch, 13744 .policy = nl80211_policy, 13745 .flags = GENL_UNS_ADMIN_PERM, 13746 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13747 NL80211_FLAG_NEED_RTNL, 13748 }, 13749 { 13750 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH, 13751 .doit = nl80211_tdls_cancel_channel_switch, 13752 .policy = nl80211_policy, 13753 .flags = GENL_UNS_ADMIN_PERM, 13754 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13755 NL80211_FLAG_NEED_RTNL, 13756 }, 13757 { 13758 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST, 13759 .doit = nl80211_set_multicast_to_unicast, 13760 .policy = nl80211_policy, 13761 .flags = GENL_UNS_ADMIN_PERM, 13762 .internal_flags = NL80211_FLAG_NEED_NETDEV | 13763 NL80211_FLAG_NEED_RTNL, 13764 }, 13765 { 13766 .cmd = NL80211_CMD_SET_PMK, 13767 .doit = nl80211_set_pmk, 13768 .policy = nl80211_policy, 13769 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13770 NL80211_FLAG_NEED_RTNL, 13771 }, 13772 { 13773 .cmd = NL80211_CMD_DEL_PMK, 13774 .doit = nl80211_del_pmk, 13775 .policy = nl80211_policy, 13776 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13777 NL80211_FLAG_NEED_RTNL, 13778 }, 13779 { 13780 .cmd = NL80211_CMD_EXTERNAL_AUTH, 13781 .doit = nl80211_external_auth, 13782 .policy = nl80211_policy, 13783 .flags = GENL_ADMIN_PERM, 13784 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13785 NL80211_FLAG_NEED_RTNL, 13786 }, 13787 { 13788 .cmd = NL80211_CMD_CONTROL_PORT_FRAME, 13789 .doit = nl80211_tx_control_port, 13790 .policy = nl80211_policy, 13791 .flags = GENL_UNS_ADMIN_PERM, 13792 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 13793 NL80211_FLAG_NEED_RTNL, 13794 }, 13795 }; 13796 13797 static struct genl_family nl80211_fam __ro_after_init = { 13798 .name = NL80211_GENL_NAME, /* have users key off the name instead */ 13799 .hdrsize = 0, /* no private header */ 13800 .version = 1, /* no particular meaning now */ 13801 .maxattr = NL80211_ATTR_MAX, 13802 .netnsok = true, 13803 .pre_doit = nl80211_pre_doit, 13804 .post_doit = nl80211_post_doit, 13805 .module = THIS_MODULE, 13806 .ops = nl80211_ops, 13807 .n_ops = ARRAY_SIZE(nl80211_ops), 13808 .mcgrps = nl80211_mcgrps, 13809 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps), 13810 }; 13811 13812 /* notification functions */ 13813 13814 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev, 13815 enum nl80211_commands cmd) 13816 { 13817 struct sk_buff *msg; 13818 struct nl80211_dump_wiphy_state state = {}; 13819 13820 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY && 13821 cmd != NL80211_CMD_DEL_WIPHY); 13822 13823 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 13824 if (!msg) 13825 return; 13826 13827 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) { 13828 nlmsg_free(msg); 13829 return; 13830 } 13831 13832 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13833 NL80211_MCGRP_CONFIG, GFP_KERNEL); 13834 } 13835 13836 void nl80211_notify_iface(struct cfg80211_registered_device *rdev, 13837 struct wireless_dev *wdev, 13838 enum nl80211_commands cmd) 13839 { 13840 struct sk_buff *msg; 13841 13842 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE && 13843 cmd != NL80211_CMD_DEL_INTERFACE); 13844 13845 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 13846 if (!msg) 13847 return; 13848 13849 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, 13850 cmd == NL80211_CMD_DEL_INTERFACE) < 0) { 13851 nlmsg_free(msg); 13852 return; 13853 } 13854 13855 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13856 NL80211_MCGRP_CONFIG, GFP_KERNEL); 13857 } 13858 13859 static int nl80211_add_scan_req(struct sk_buff *msg, 13860 struct cfg80211_registered_device *rdev) 13861 { 13862 struct cfg80211_scan_request *req = rdev->scan_req; 13863 struct nlattr *nest; 13864 int i; 13865 13866 if (WARN_ON(!req)) 13867 return 0; 13868 13869 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 13870 if (!nest) 13871 goto nla_put_failure; 13872 for (i = 0; i < req->n_ssids; i++) { 13873 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid)) 13874 goto nla_put_failure; 13875 } 13876 nla_nest_end(msg, nest); 13877 13878 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 13879 if (!nest) 13880 goto nla_put_failure; 13881 for (i = 0; i < req->n_channels; i++) { 13882 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 13883 goto nla_put_failure; 13884 } 13885 nla_nest_end(msg, nest); 13886 13887 if (req->ie && 13888 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie)) 13889 goto nla_put_failure; 13890 13891 if (req->flags && 13892 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags)) 13893 goto nla_put_failure; 13894 13895 if (req->info.scan_start_tsf && 13896 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF, 13897 req->info.scan_start_tsf, NL80211_BSS_PAD) || 13898 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN, 13899 req->info.tsf_bssid))) 13900 goto nla_put_failure; 13901 13902 return 0; 13903 nla_put_failure: 13904 return -ENOBUFS; 13905 } 13906 13907 static int nl80211_prep_scan_msg(struct sk_buff *msg, 13908 struct cfg80211_registered_device *rdev, 13909 struct wireless_dev *wdev, 13910 u32 portid, u32 seq, int flags, 13911 u32 cmd) 13912 { 13913 void *hdr; 13914 13915 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 13916 if (!hdr) 13917 return -1; 13918 13919 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13920 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 13921 wdev->netdev->ifindex)) || 13922 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 13923 NL80211_ATTR_PAD)) 13924 goto nla_put_failure; 13925 13926 /* ignore errors and send incomplete event anyway */ 13927 nl80211_add_scan_req(msg, rdev); 13928 13929 genlmsg_end(msg, hdr); 13930 return 0; 13931 13932 nla_put_failure: 13933 genlmsg_cancel(msg, hdr); 13934 return -EMSGSIZE; 13935 } 13936 13937 static int 13938 nl80211_prep_sched_scan_msg(struct sk_buff *msg, 13939 struct cfg80211_sched_scan_request *req, u32 cmd) 13940 { 13941 void *hdr; 13942 13943 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 13944 if (!hdr) 13945 return -1; 13946 13947 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, 13948 wiphy_to_rdev(req->wiphy)->wiphy_idx) || 13949 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) || 13950 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid, 13951 NL80211_ATTR_PAD)) 13952 goto nla_put_failure; 13953 13954 genlmsg_end(msg, hdr); 13955 return 0; 13956 13957 nla_put_failure: 13958 genlmsg_cancel(msg, hdr); 13959 return -EMSGSIZE; 13960 } 13961 13962 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 13963 struct wireless_dev *wdev) 13964 { 13965 struct sk_buff *msg; 13966 13967 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 13968 if (!msg) 13969 return; 13970 13971 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0, 13972 NL80211_CMD_TRIGGER_SCAN) < 0) { 13973 nlmsg_free(msg); 13974 return; 13975 } 13976 13977 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13978 NL80211_MCGRP_SCAN, GFP_KERNEL); 13979 } 13980 13981 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev, 13982 struct wireless_dev *wdev, bool aborted) 13983 { 13984 struct sk_buff *msg; 13985 13986 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 13987 if (!msg) 13988 return NULL; 13989 13990 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0, 13991 aborted ? NL80211_CMD_SCAN_ABORTED : 13992 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 13993 nlmsg_free(msg); 13994 return NULL; 13995 } 13996 13997 return msg; 13998 } 13999 14000 /* send message created by nl80211_build_scan_msg() */ 14001 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev, 14002 struct sk_buff *msg) 14003 { 14004 if (!msg) 14005 return; 14006 14007 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14008 NL80211_MCGRP_SCAN, GFP_KERNEL); 14009 } 14010 14011 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd) 14012 { 14013 struct sk_buff *msg; 14014 14015 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14016 if (!msg) 14017 return; 14018 14019 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) { 14020 nlmsg_free(msg); 14021 return; 14022 } 14023 14024 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0, 14025 NL80211_MCGRP_SCAN, GFP_KERNEL); 14026 } 14027 14028 static bool nl80211_reg_change_event_fill(struct sk_buff *msg, 14029 struct regulatory_request *request) 14030 { 14031 /* Userspace can always count this one always being set */ 14032 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator)) 14033 goto nla_put_failure; 14034 14035 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') { 14036 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 14037 NL80211_REGDOM_TYPE_WORLD)) 14038 goto nla_put_failure; 14039 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') { 14040 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 14041 NL80211_REGDOM_TYPE_CUSTOM_WORLD)) 14042 goto nla_put_failure; 14043 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 14044 request->intersect) { 14045 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 14046 NL80211_REGDOM_TYPE_INTERSECTION)) 14047 goto nla_put_failure; 14048 } else { 14049 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 14050 NL80211_REGDOM_TYPE_COUNTRY) || 14051 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 14052 request->alpha2)) 14053 goto nla_put_failure; 14054 } 14055 14056 if (request->wiphy_idx != WIPHY_IDX_INVALID) { 14057 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx); 14058 14059 if (wiphy && 14060 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx)) 14061 goto nla_put_failure; 14062 14063 if (wiphy && 14064 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 14065 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 14066 goto nla_put_failure; 14067 } 14068 14069 return true; 14070 14071 nla_put_failure: 14072 return false; 14073 } 14074 14075 /* 14076 * This can happen on global regulatory changes or device specific settings 14077 * based on custom regulatory domains. 14078 */ 14079 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id, 14080 struct regulatory_request *request) 14081 { 14082 struct sk_buff *msg; 14083 void *hdr; 14084 14085 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14086 if (!msg) 14087 return; 14088 14089 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id); 14090 if (!hdr) { 14091 nlmsg_free(msg); 14092 return; 14093 } 14094 14095 if (nl80211_reg_change_event_fill(msg, request) == false) 14096 goto nla_put_failure; 14097 14098 genlmsg_end(msg, hdr); 14099 14100 rcu_read_lock(); 14101 genlmsg_multicast_allns(&nl80211_fam, msg, 0, 14102 NL80211_MCGRP_REGULATORY, GFP_ATOMIC); 14103 rcu_read_unlock(); 14104 14105 return; 14106 14107 nla_put_failure: 14108 nlmsg_free(msg); 14109 } 14110 14111 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 14112 struct net_device *netdev, 14113 const u8 *buf, size_t len, 14114 enum nl80211_commands cmd, gfp_t gfp, 14115 int uapsd_queues) 14116 { 14117 struct sk_buff *msg; 14118 void *hdr; 14119 14120 msg = nlmsg_new(100 + len, gfp); 14121 if (!msg) 14122 return; 14123 14124 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 14125 if (!hdr) { 14126 nlmsg_free(msg); 14127 return; 14128 } 14129 14130 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14131 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 14132 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 14133 goto nla_put_failure; 14134 14135 if (uapsd_queues >= 0) { 14136 struct nlattr *nla_wmm = 14137 nla_nest_start(msg, NL80211_ATTR_STA_WME); 14138 if (!nla_wmm) 14139 goto nla_put_failure; 14140 14141 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES, 14142 uapsd_queues)) 14143 goto nla_put_failure; 14144 14145 nla_nest_end(msg, nla_wmm); 14146 } 14147 14148 genlmsg_end(msg, hdr); 14149 14150 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14151 NL80211_MCGRP_MLME, gfp); 14152 return; 14153 14154 nla_put_failure: 14155 nlmsg_free(msg); 14156 } 14157 14158 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 14159 struct net_device *netdev, const u8 *buf, 14160 size_t len, gfp_t gfp) 14161 { 14162 nl80211_send_mlme_event(rdev, netdev, buf, len, 14163 NL80211_CMD_AUTHENTICATE, gfp, -1); 14164 } 14165 14166 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 14167 struct net_device *netdev, const u8 *buf, 14168 size_t len, gfp_t gfp, int uapsd_queues) 14169 { 14170 nl80211_send_mlme_event(rdev, netdev, buf, len, 14171 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues); 14172 } 14173 14174 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 14175 struct net_device *netdev, const u8 *buf, 14176 size_t len, gfp_t gfp) 14177 { 14178 nl80211_send_mlme_event(rdev, netdev, buf, len, 14179 NL80211_CMD_DEAUTHENTICATE, gfp, -1); 14180 } 14181 14182 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 14183 struct net_device *netdev, const u8 *buf, 14184 size_t len, gfp_t gfp) 14185 { 14186 nl80211_send_mlme_event(rdev, netdev, buf, len, 14187 NL80211_CMD_DISASSOCIATE, gfp, -1); 14188 } 14189 14190 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf, 14191 size_t len) 14192 { 14193 struct wireless_dev *wdev = dev->ieee80211_ptr; 14194 struct wiphy *wiphy = wdev->wiphy; 14195 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14196 const struct ieee80211_mgmt *mgmt = (void *)buf; 14197 u32 cmd; 14198 14199 if (WARN_ON(len < 2)) 14200 return; 14201 14202 if (ieee80211_is_deauth(mgmt->frame_control)) 14203 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE; 14204 else 14205 cmd = NL80211_CMD_UNPROT_DISASSOCIATE; 14206 14207 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len); 14208 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1); 14209 } 14210 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt); 14211 14212 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 14213 struct net_device *netdev, int cmd, 14214 const u8 *addr, gfp_t gfp) 14215 { 14216 struct sk_buff *msg; 14217 void *hdr; 14218 14219 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14220 if (!msg) 14221 return; 14222 14223 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 14224 if (!hdr) { 14225 nlmsg_free(msg); 14226 return; 14227 } 14228 14229 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14230 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 14231 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 14232 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 14233 goto nla_put_failure; 14234 14235 genlmsg_end(msg, hdr); 14236 14237 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14238 NL80211_MCGRP_MLME, gfp); 14239 return; 14240 14241 nla_put_failure: 14242 nlmsg_free(msg); 14243 } 14244 14245 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 14246 struct net_device *netdev, const u8 *addr, 14247 gfp_t gfp) 14248 { 14249 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 14250 addr, gfp); 14251 } 14252 14253 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 14254 struct net_device *netdev, const u8 *addr, 14255 gfp_t gfp) 14256 { 14257 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 14258 addr, gfp); 14259 } 14260 14261 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 14262 struct net_device *netdev, 14263 struct cfg80211_connect_resp_params *cr, 14264 gfp_t gfp) 14265 { 14266 struct sk_buff *msg; 14267 void *hdr; 14268 14269 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len + 14270 cr->fils.kek_len + cr->fils.pmk_len + 14271 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp); 14272 if (!msg) 14273 return; 14274 14275 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 14276 if (!hdr) { 14277 nlmsg_free(msg); 14278 return; 14279 } 14280 14281 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14282 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 14283 (cr->bssid && 14284 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) || 14285 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, 14286 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE : 14287 cr->status) || 14288 (cr->status < 0 && 14289 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 14290 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON, 14291 cr->timeout_reason))) || 14292 (cr->req_ie && 14293 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) || 14294 (cr->resp_ie && 14295 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len, 14296 cr->resp_ie)) || 14297 (cr->fils.update_erp_next_seq_num && 14298 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM, 14299 cr->fils.erp_next_seq_num)) || 14300 (cr->status == WLAN_STATUS_SUCCESS && 14301 ((cr->fils.kek && 14302 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len, 14303 cr->fils.kek)) || 14304 (cr->fils.pmk && 14305 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) || 14306 (cr->fils.pmkid && 14307 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid))))) 14308 goto nla_put_failure; 14309 14310 genlmsg_end(msg, hdr); 14311 14312 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14313 NL80211_MCGRP_MLME, gfp); 14314 return; 14315 14316 nla_put_failure: 14317 nlmsg_free(msg); 14318 } 14319 14320 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 14321 struct net_device *netdev, 14322 struct cfg80211_roam_info *info, gfp_t gfp) 14323 { 14324 struct sk_buff *msg; 14325 void *hdr; 14326 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid; 14327 14328 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len + 14329 info->fils.kek_len + info->fils.pmk_len + 14330 (info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp); 14331 if (!msg) 14332 return; 14333 14334 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 14335 if (!hdr) { 14336 nlmsg_free(msg); 14337 return; 14338 } 14339 14340 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14341 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 14342 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) || 14343 (info->req_ie && 14344 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len, 14345 info->req_ie)) || 14346 (info->resp_ie && 14347 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len, 14348 info->resp_ie)) || 14349 (info->fils.update_erp_next_seq_num && 14350 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM, 14351 info->fils.erp_next_seq_num)) || 14352 (info->fils.kek && 14353 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len, 14354 info->fils.kek)) || 14355 (info->fils.pmk && 14356 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) || 14357 (info->fils.pmkid && 14358 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid))) 14359 goto nla_put_failure; 14360 14361 genlmsg_end(msg, hdr); 14362 14363 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14364 NL80211_MCGRP_MLME, gfp); 14365 return; 14366 14367 nla_put_failure: 14368 nlmsg_free(msg); 14369 } 14370 14371 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev, 14372 struct net_device *netdev, const u8 *bssid) 14373 { 14374 struct sk_buff *msg; 14375 void *hdr; 14376 14377 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14378 if (!msg) 14379 return; 14380 14381 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED); 14382 if (!hdr) { 14383 nlmsg_free(msg); 14384 return; 14385 } 14386 14387 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 14388 goto nla_put_failure; 14389 14390 genlmsg_end(msg, hdr); 14391 14392 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14393 NL80211_MCGRP_MLME, GFP_KERNEL); 14394 return; 14395 14396 nla_put_failure: 14397 nlmsg_free(msg); 14398 } 14399 14400 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 14401 struct net_device *netdev, u16 reason, 14402 const u8 *ie, size_t ie_len, bool from_ap) 14403 { 14404 struct sk_buff *msg; 14405 void *hdr; 14406 14407 msg = nlmsg_new(100 + ie_len, GFP_KERNEL); 14408 if (!msg) 14409 return; 14410 14411 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 14412 if (!hdr) { 14413 nlmsg_free(msg); 14414 return; 14415 } 14416 14417 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14418 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 14419 (reason && 14420 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) || 14421 (from_ap && 14422 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) || 14423 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) 14424 goto nla_put_failure; 14425 14426 genlmsg_end(msg, hdr); 14427 14428 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14429 NL80211_MCGRP_MLME, GFP_KERNEL); 14430 return; 14431 14432 nla_put_failure: 14433 nlmsg_free(msg); 14434 } 14435 14436 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 14437 struct net_device *netdev, const u8 *bssid, 14438 gfp_t gfp) 14439 { 14440 struct sk_buff *msg; 14441 void *hdr; 14442 14443 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14444 if (!msg) 14445 return; 14446 14447 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 14448 if (!hdr) { 14449 nlmsg_free(msg); 14450 return; 14451 } 14452 14453 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14454 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 14455 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 14456 goto nla_put_failure; 14457 14458 genlmsg_end(msg, hdr); 14459 14460 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14461 NL80211_MCGRP_MLME, gfp); 14462 return; 14463 14464 nla_put_failure: 14465 nlmsg_free(msg); 14466 } 14467 14468 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr, 14469 const u8* ie, u8 ie_len, gfp_t gfp) 14470 { 14471 struct wireless_dev *wdev = dev->ieee80211_ptr; 14472 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 14473 struct sk_buff *msg; 14474 void *hdr; 14475 14476 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT)) 14477 return; 14478 14479 trace_cfg80211_notify_new_peer_candidate(dev, addr); 14480 14481 msg = nlmsg_new(100 + ie_len, gfp); 14482 if (!msg) 14483 return; 14484 14485 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 14486 if (!hdr) { 14487 nlmsg_free(msg); 14488 return; 14489 } 14490 14491 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14492 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 14493 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 14494 (ie_len && ie && 14495 nla_put(msg, NL80211_ATTR_IE, ie_len , ie))) 14496 goto nla_put_failure; 14497 14498 genlmsg_end(msg, hdr); 14499 14500 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14501 NL80211_MCGRP_MLME, gfp); 14502 return; 14503 14504 nla_put_failure: 14505 nlmsg_free(msg); 14506 } 14507 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate); 14508 14509 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 14510 struct net_device *netdev, const u8 *addr, 14511 enum nl80211_key_type key_type, int key_id, 14512 const u8 *tsc, gfp_t gfp) 14513 { 14514 struct sk_buff *msg; 14515 void *hdr; 14516 14517 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14518 if (!msg) 14519 return; 14520 14521 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 14522 if (!hdr) { 14523 nlmsg_free(msg); 14524 return; 14525 } 14526 14527 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14528 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 14529 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) || 14530 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) || 14531 (key_id != -1 && 14532 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) || 14533 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc))) 14534 goto nla_put_failure; 14535 14536 genlmsg_end(msg, hdr); 14537 14538 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14539 NL80211_MCGRP_MLME, gfp); 14540 return; 14541 14542 nla_put_failure: 14543 nlmsg_free(msg); 14544 } 14545 14546 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 14547 struct ieee80211_channel *channel_before, 14548 struct ieee80211_channel *channel_after) 14549 { 14550 struct sk_buff *msg; 14551 void *hdr; 14552 struct nlattr *nl_freq; 14553 14554 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 14555 if (!msg) 14556 return; 14557 14558 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 14559 if (!hdr) { 14560 nlmsg_free(msg); 14561 return; 14562 } 14563 14564 /* 14565 * Since we are applying the beacon hint to a wiphy we know its 14566 * wiphy_idx is valid 14567 */ 14568 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 14569 goto nla_put_failure; 14570 14571 /* Before */ 14572 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 14573 if (!nl_freq) 14574 goto nla_put_failure; 14575 14576 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false)) 14577 goto nla_put_failure; 14578 nla_nest_end(msg, nl_freq); 14579 14580 /* After */ 14581 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 14582 if (!nl_freq) 14583 goto nla_put_failure; 14584 14585 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false)) 14586 goto nla_put_failure; 14587 nla_nest_end(msg, nl_freq); 14588 14589 genlmsg_end(msg, hdr); 14590 14591 rcu_read_lock(); 14592 genlmsg_multicast_allns(&nl80211_fam, msg, 0, 14593 NL80211_MCGRP_REGULATORY, GFP_ATOMIC); 14594 rcu_read_unlock(); 14595 14596 return; 14597 14598 nla_put_failure: 14599 nlmsg_free(msg); 14600 } 14601 14602 static void nl80211_send_remain_on_chan_event( 14603 int cmd, struct cfg80211_registered_device *rdev, 14604 struct wireless_dev *wdev, u64 cookie, 14605 struct ieee80211_channel *chan, 14606 unsigned int duration, gfp_t gfp) 14607 { 14608 struct sk_buff *msg; 14609 void *hdr; 14610 14611 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14612 if (!msg) 14613 return; 14614 14615 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 14616 if (!hdr) { 14617 nlmsg_free(msg); 14618 return; 14619 } 14620 14621 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14622 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 14623 wdev->netdev->ifindex)) || 14624 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 14625 NL80211_ATTR_PAD) || 14626 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 14627 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 14628 NL80211_CHAN_NO_HT) || 14629 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 14630 NL80211_ATTR_PAD)) 14631 goto nla_put_failure; 14632 14633 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL && 14634 nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) 14635 goto nla_put_failure; 14636 14637 genlmsg_end(msg, hdr); 14638 14639 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14640 NL80211_MCGRP_MLME, gfp); 14641 return; 14642 14643 nla_put_failure: 14644 nlmsg_free(msg); 14645 } 14646 14647 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie, 14648 struct ieee80211_channel *chan, 14649 unsigned int duration, gfp_t gfp) 14650 { 14651 struct wiphy *wiphy = wdev->wiphy; 14652 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14653 14654 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration); 14655 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 14656 rdev, wdev, cookie, chan, 14657 duration, gfp); 14658 } 14659 EXPORT_SYMBOL(cfg80211_ready_on_channel); 14660 14661 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie, 14662 struct ieee80211_channel *chan, 14663 gfp_t gfp) 14664 { 14665 struct wiphy *wiphy = wdev->wiphy; 14666 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14667 14668 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan); 14669 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 14670 rdev, wdev, cookie, chan, 0, gfp); 14671 } 14672 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired); 14673 14674 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr, 14675 struct station_info *sinfo, gfp_t gfp) 14676 { 14677 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 14678 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14679 struct sk_buff *msg; 14680 14681 trace_cfg80211_new_sta(dev, mac_addr, sinfo); 14682 14683 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14684 if (!msg) 14685 return; 14686 14687 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0, 14688 rdev, dev, mac_addr, sinfo) < 0) { 14689 nlmsg_free(msg); 14690 return; 14691 } 14692 14693 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14694 NL80211_MCGRP_MLME, gfp); 14695 } 14696 EXPORT_SYMBOL(cfg80211_new_sta); 14697 14698 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr, 14699 struct station_info *sinfo, gfp_t gfp) 14700 { 14701 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 14702 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14703 struct sk_buff *msg; 14704 struct station_info empty_sinfo = {}; 14705 14706 if (!sinfo) 14707 sinfo = &empty_sinfo; 14708 14709 trace_cfg80211_del_sta(dev, mac_addr); 14710 14711 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14712 if (!msg) { 14713 cfg80211_sinfo_release_content(sinfo); 14714 return; 14715 } 14716 14717 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0, 14718 rdev, dev, mac_addr, sinfo) < 0) { 14719 nlmsg_free(msg); 14720 return; 14721 } 14722 14723 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14724 NL80211_MCGRP_MLME, gfp); 14725 } 14726 EXPORT_SYMBOL(cfg80211_del_sta_sinfo); 14727 14728 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr, 14729 enum nl80211_connect_failed_reason reason, 14730 gfp_t gfp) 14731 { 14732 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 14733 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14734 struct sk_buff *msg; 14735 void *hdr; 14736 14737 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 14738 if (!msg) 14739 return; 14740 14741 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED); 14742 if (!hdr) { 14743 nlmsg_free(msg); 14744 return; 14745 } 14746 14747 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 14748 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 14749 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason)) 14750 goto nla_put_failure; 14751 14752 genlmsg_end(msg, hdr); 14753 14754 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14755 NL80211_MCGRP_MLME, gfp); 14756 return; 14757 14758 nla_put_failure: 14759 nlmsg_free(msg); 14760 } 14761 EXPORT_SYMBOL(cfg80211_conn_failed); 14762 14763 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 14764 const u8 *addr, gfp_t gfp) 14765 { 14766 struct wireless_dev *wdev = dev->ieee80211_ptr; 14767 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 14768 struct sk_buff *msg; 14769 void *hdr; 14770 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid); 14771 14772 if (!nlportid) 14773 return false; 14774 14775 msg = nlmsg_new(100, gfp); 14776 if (!msg) 14777 return true; 14778 14779 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 14780 if (!hdr) { 14781 nlmsg_free(msg); 14782 return true; 14783 } 14784 14785 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14786 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 14787 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 14788 goto nla_put_failure; 14789 14790 genlmsg_end(msg, hdr); 14791 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 14792 return true; 14793 14794 nla_put_failure: 14795 nlmsg_free(msg); 14796 return true; 14797 } 14798 14799 bool cfg80211_rx_spurious_frame(struct net_device *dev, 14800 const u8 *addr, gfp_t gfp) 14801 { 14802 struct wireless_dev *wdev = dev->ieee80211_ptr; 14803 bool ret; 14804 14805 trace_cfg80211_rx_spurious_frame(dev, addr); 14806 14807 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 14808 wdev->iftype != NL80211_IFTYPE_P2P_GO)) { 14809 trace_cfg80211_return_bool(false); 14810 return false; 14811 } 14812 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 14813 addr, gfp); 14814 trace_cfg80211_return_bool(ret); 14815 return ret; 14816 } 14817 EXPORT_SYMBOL(cfg80211_rx_spurious_frame); 14818 14819 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev, 14820 const u8 *addr, gfp_t gfp) 14821 { 14822 struct wireless_dev *wdev = dev->ieee80211_ptr; 14823 bool ret; 14824 14825 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr); 14826 14827 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 14828 wdev->iftype != NL80211_IFTYPE_P2P_GO && 14829 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) { 14830 trace_cfg80211_return_bool(false); 14831 return false; 14832 } 14833 ret = __nl80211_unexpected_frame(dev, 14834 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 14835 addr, gfp); 14836 trace_cfg80211_return_bool(ret); 14837 return ret; 14838 } 14839 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame); 14840 14841 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 14842 struct wireless_dev *wdev, u32 nlportid, 14843 int freq, int sig_dbm, 14844 const u8 *buf, size_t len, u32 flags, gfp_t gfp) 14845 { 14846 struct net_device *netdev = wdev->netdev; 14847 struct sk_buff *msg; 14848 void *hdr; 14849 14850 msg = nlmsg_new(100 + len, gfp); 14851 if (!msg) 14852 return -ENOMEM; 14853 14854 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 14855 if (!hdr) { 14856 nlmsg_free(msg); 14857 return -ENOMEM; 14858 } 14859 14860 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14861 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 14862 netdev->ifindex)) || 14863 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 14864 NL80211_ATTR_PAD) || 14865 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 14866 (sig_dbm && 14867 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 14868 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 14869 (flags && 14870 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags))) 14871 goto nla_put_failure; 14872 14873 genlmsg_end(msg, hdr); 14874 14875 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 14876 14877 nla_put_failure: 14878 nlmsg_free(msg); 14879 return -ENOBUFS; 14880 } 14881 14882 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie, 14883 const u8 *buf, size_t len, bool ack, gfp_t gfp) 14884 { 14885 struct wiphy *wiphy = wdev->wiphy; 14886 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14887 struct net_device *netdev = wdev->netdev; 14888 struct sk_buff *msg; 14889 void *hdr; 14890 14891 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack); 14892 14893 msg = nlmsg_new(100 + len, gfp); 14894 if (!msg) 14895 return; 14896 14897 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS); 14898 if (!hdr) { 14899 nlmsg_free(msg); 14900 return; 14901 } 14902 14903 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14904 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 14905 netdev->ifindex)) || 14906 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 14907 NL80211_ATTR_PAD) || 14908 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 14909 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 14910 NL80211_ATTR_PAD) || 14911 (ack && nla_put_flag(msg, NL80211_ATTR_ACK))) 14912 goto nla_put_failure; 14913 14914 genlmsg_end(msg, hdr); 14915 14916 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14917 NL80211_MCGRP_MLME, gfp); 14918 return; 14919 14920 nla_put_failure: 14921 nlmsg_free(msg); 14922 } 14923 EXPORT_SYMBOL(cfg80211_mgmt_tx_status); 14924 14925 static int __nl80211_rx_control_port(struct net_device *dev, 14926 const u8 *buf, size_t len, 14927 const u8 *addr, u16 proto, 14928 bool unencrypted, gfp_t gfp) 14929 { 14930 struct wireless_dev *wdev = dev->ieee80211_ptr; 14931 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 14932 struct sk_buff *msg; 14933 void *hdr; 14934 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid); 14935 14936 if (!nlportid) 14937 return -ENOENT; 14938 14939 msg = nlmsg_new(100 + len, gfp); 14940 if (!msg) 14941 return -ENOMEM; 14942 14943 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME); 14944 if (!hdr) { 14945 nlmsg_free(msg); 14946 return -ENOBUFS; 14947 } 14948 14949 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14950 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 14951 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 14952 NL80211_ATTR_PAD) || 14953 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 14954 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 14955 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) || 14956 (unencrypted && nla_put_flag(msg, 14957 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))) 14958 goto nla_put_failure; 14959 14960 genlmsg_end(msg, hdr); 14961 14962 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 14963 14964 nla_put_failure: 14965 nlmsg_free(msg); 14966 return -ENOBUFS; 14967 } 14968 14969 bool cfg80211_rx_control_port(struct net_device *dev, 14970 const u8 *buf, size_t len, 14971 const u8 *addr, u16 proto, bool unencrypted) 14972 { 14973 int ret; 14974 14975 trace_cfg80211_rx_control_port(dev, buf, len, addr, proto, unencrypted); 14976 ret = __nl80211_rx_control_port(dev, buf, len, addr, proto, 14977 unencrypted, GFP_ATOMIC); 14978 trace_cfg80211_return_bool(ret == 0); 14979 return ret == 0; 14980 } 14981 EXPORT_SYMBOL(cfg80211_rx_control_port); 14982 14983 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev, 14984 const char *mac, gfp_t gfp) 14985 { 14986 struct wireless_dev *wdev = dev->ieee80211_ptr; 14987 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 14988 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14989 void **cb; 14990 14991 if (!msg) 14992 return NULL; 14993 14994 cb = (void **)msg->cb; 14995 14996 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 14997 if (!cb[0]) { 14998 nlmsg_free(msg); 14999 return NULL; 15000 } 15001 15002 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 15003 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 15004 goto nla_put_failure; 15005 15006 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac)) 15007 goto nla_put_failure; 15008 15009 cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM); 15010 if (!cb[1]) 15011 goto nla_put_failure; 15012 15013 cb[2] = rdev; 15014 15015 return msg; 15016 nla_put_failure: 15017 nlmsg_free(msg); 15018 return NULL; 15019 } 15020 15021 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp) 15022 { 15023 void **cb = (void **)msg->cb; 15024 struct cfg80211_registered_device *rdev = cb[2]; 15025 15026 nla_nest_end(msg, cb[1]); 15027 genlmsg_end(msg, cb[0]); 15028 15029 memset(msg->cb, 0, sizeof(msg->cb)); 15030 15031 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 15032 NL80211_MCGRP_MLME, gfp); 15033 } 15034 15035 void cfg80211_cqm_rssi_notify(struct net_device *dev, 15036 enum nl80211_cqm_rssi_threshold_event rssi_event, 15037 s32 rssi_level, gfp_t gfp) 15038 { 15039 struct sk_buff *msg; 15040 struct wireless_dev *wdev = dev->ieee80211_ptr; 15041 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 15042 15043 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level); 15044 15045 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW && 15046 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH)) 15047 return; 15048 15049 if (wdev->cqm_config) { 15050 wdev->cqm_config->last_rssi_event_value = rssi_level; 15051 15052 cfg80211_cqm_rssi_update(rdev, dev); 15053 15054 if (rssi_level == 0) 15055 rssi_level = wdev->cqm_config->last_rssi_event_value; 15056 } 15057 15058 msg = cfg80211_prepare_cqm(dev, NULL, gfp); 15059 if (!msg) 15060 return; 15061 15062 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 15063 rssi_event)) 15064 goto nla_put_failure; 15065 15066 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL, 15067 rssi_level)) 15068 goto nla_put_failure; 15069 15070 cfg80211_send_cqm(msg, gfp); 15071 15072 return; 15073 15074 nla_put_failure: 15075 nlmsg_free(msg); 15076 } 15077 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify); 15078 15079 void cfg80211_cqm_txe_notify(struct net_device *dev, 15080 const u8 *peer, u32 num_packets, 15081 u32 rate, u32 intvl, gfp_t gfp) 15082 { 15083 struct sk_buff *msg; 15084 15085 msg = cfg80211_prepare_cqm(dev, peer, gfp); 15086 if (!msg) 15087 return; 15088 15089 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets)) 15090 goto nla_put_failure; 15091 15092 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate)) 15093 goto nla_put_failure; 15094 15095 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl)) 15096 goto nla_put_failure; 15097 15098 cfg80211_send_cqm(msg, gfp); 15099 return; 15100 15101 nla_put_failure: 15102 nlmsg_free(msg); 15103 } 15104 EXPORT_SYMBOL(cfg80211_cqm_txe_notify); 15105 15106 void cfg80211_cqm_pktloss_notify(struct net_device *dev, 15107 const u8 *peer, u32 num_packets, gfp_t gfp) 15108 { 15109 struct sk_buff *msg; 15110 15111 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets); 15112 15113 msg = cfg80211_prepare_cqm(dev, peer, gfp); 15114 if (!msg) 15115 return; 15116 15117 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets)) 15118 goto nla_put_failure; 15119 15120 cfg80211_send_cqm(msg, gfp); 15121 return; 15122 15123 nla_put_failure: 15124 nlmsg_free(msg); 15125 } 15126 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify); 15127 15128 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp) 15129 { 15130 struct sk_buff *msg; 15131 15132 msg = cfg80211_prepare_cqm(dev, NULL, gfp); 15133 if (!msg) 15134 return; 15135 15136 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT)) 15137 goto nla_put_failure; 15138 15139 cfg80211_send_cqm(msg, gfp); 15140 return; 15141 15142 nla_put_failure: 15143 nlmsg_free(msg); 15144 } 15145 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify); 15146 15147 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 15148 struct net_device *netdev, const u8 *bssid, 15149 const u8 *replay_ctr, gfp_t gfp) 15150 { 15151 struct sk_buff *msg; 15152 struct nlattr *rekey_attr; 15153 void *hdr; 15154 15155 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 15156 if (!msg) 15157 return; 15158 15159 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 15160 if (!hdr) { 15161 nlmsg_free(msg); 15162 return; 15163 } 15164 15165 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 15166 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 15167 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 15168 goto nla_put_failure; 15169 15170 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 15171 if (!rekey_attr) 15172 goto nla_put_failure; 15173 15174 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, 15175 NL80211_REPLAY_CTR_LEN, replay_ctr)) 15176 goto nla_put_failure; 15177 15178 nla_nest_end(msg, rekey_attr); 15179 15180 genlmsg_end(msg, hdr); 15181 15182 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 15183 NL80211_MCGRP_MLME, gfp); 15184 return; 15185 15186 nla_put_failure: 15187 nlmsg_free(msg); 15188 } 15189 15190 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid, 15191 const u8 *replay_ctr, gfp_t gfp) 15192 { 15193 struct wireless_dev *wdev = dev->ieee80211_ptr; 15194 struct wiphy *wiphy = wdev->wiphy; 15195 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 15196 15197 trace_cfg80211_gtk_rekey_notify(dev, bssid); 15198 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp); 15199 } 15200 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify); 15201 15202 static void 15203 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 15204 struct net_device *netdev, int index, 15205 const u8 *bssid, bool preauth, gfp_t gfp) 15206 { 15207 struct sk_buff *msg; 15208 struct nlattr *attr; 15209 void *hdr; 15210 15211 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 15212 if (!msg) 15213 return; 15214 15215 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 15216 if (!hdr) { 15217 nlmsg_free(msg); 15218 return; 15219 } 15220 15221 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 15222 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 15223 goto nla_put_failure; 15224 15225 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE); 15226 if (!attr) 15227 goto nla_put_failure; 15228 15229 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) || 15230 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) || 15231 (preauth && 15232 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH))) 15233 goto nla_put_failure; 15234 15235 nla_nest_end(msg, attr); 15236 15237 genlmsg_end(msg, hdr); 15238 15239 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 15240 NL80211_MCGRP_MLME, gfp); 15241 return; 15242 15243 nla_put_failure: 15244 nlmsg_free(msg); 15245 } 15246 15247 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index, 15248 const u8 *bssid, bool preauth, gfp_t gfp) 15249 { 15250 struct wireless_dev *wdev = dev->ieee80211_ptr; 15251 struct wiphy *wiphy = wdev->wiphy; 15252 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 15253 15254 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth); 15255 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp); 15256 } 15257 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify); 15258 15259 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev, 15260 struct net_device *netdev, 15261 struct cfg80211_chan_def *chandef, 15262 gfp_t gfp, 15263 enum nl80211_commands notif, 15264 u8 count) 15265 { 15266 struct sk_buff *msg; 15267 void *hdr; 15268 15269 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 15270 if (!msg) 15271 return; 15272 15273 hdr = nl80211hdr_put(msg, 0, 0, 0, notif); 15274 if (!hdr) { 15275 nlmsg_free(msg); 15276 return; 15277 } 15278 15279 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 15280 goto nla_put_failure; 15281 15282 if (nl80211_send_chandef(msg, chandef)) 15283 goto nla_put_failure; 15284 15285 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) && 15286 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))) 15287 goto nla_put_failure; 15288 15289 genlmsg_end(msg, hdr); 15290 15291 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 15292 NL80211_MCGRP_MLME, gfp); 15293 return; 15294 15295 nla_put_failure: 15296 nlmsg_free(msg); 15297 } 15298 15299 void cfg80211_ch_switch_notify(struct net_device *dev, 15300 struct cfg80211_chan_def *chandef) 15301 { 15302 struct wireless_dev *wdev = dev->ieee80211_ptr; 15303 struct wiphy *wiphy = wdev->wiphy; 15304 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 15305 15306 ASSERT_WDEV_LOCK(wdev); 15307 15308 trace_cfg80211_ch_switch_notify(dev, chandef); 15309 15310 wdev->chandef = *chandef; 15311 wdev->preset_chandef = *chandef; 15312 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL, 15313 NL80211_CMD_CH_SWITCH_NOTIFY, 0); 15314 } 15315 EXPORT_SYMBOL(cfg80211_ch_switch_notify); 15316 15317 void cfg80211_ch_switch_started_notify(struct net_device *dev, 15318 struct cfg80211_chan_def *chandef, 15319 u8 count) 15320 { 15321 struct wireless_dev *wdev = dev->ieee80211_ptr; 15322 struct wiphy *wiphy = wdev->wiphy; 15323 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 15324 15325 trace_cfg80211_ch_switch_started_notify(dev, chandef); 15326 15327 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL, 15328 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count); 15329 } 15330 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify); 15331 15332 void 15333 nl80211_radar_notify(struct cfg80211_registered_device *rdev, 15334 const struct cfg80211_chan_def *chandef, 15335 enum nl80211_radar_event event, 15336 struct net_device *netdev, gfp_t gfp) 15337 { 15338 struct sk_buff *msg; 15339 void *hdr; 15340 15341 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 15342 if (!msg) 15343 return; 15344 15345 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT); 15346 if (!hdr) { 15347 nlmsg_free(msg); 15348 return; 15349 } 15350 15351 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 15352 goto nla_put_failure; 15353 15354 /* NOP and radar events don't need a netdev parameter */ 15355 if (netdev) { 15356 struct wireless_dev *wdev = netdev->ieee80211_ptr; 15357 15358 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 15359 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 15360 NL80211_ATTR_PAD)) 15361 goto nla_put_failure; 15362 } 15363 15364 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event)) 15365 goto nla_put_failure; 15366 15367 if (nl80211_send_chandef(msg, chandef)) 15368 goto nla_put_failure; 15369 15370 genlmsg_end(msg, hdr); 15371 15372 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 15373 NL80211_MCGRP_MLME, gfp); 15374 return; 15375 15376 nla_put_failure: 15377 nlmsg_free(msg); 15378 } 15379 15380 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac, 15381 struct sta_opmode_info *sta_opmode, 15382 gfp_t gfp) 15383 { 15384 struct sk_buff *msg; 15385 struct wireless_dev *wdev = dev->ieee80211_ptr; 15386 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 15387 void *hdr; 15388 15389 if (WARN_ON(!mac)) 15390 return; 15391 15392 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 15393 if (!msg) 15394 return; 15395 15396 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED); 15397 if (!hdr) { 15398 nlmsg_free(msg); 15399 return; 15400 } 15401 15402 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 15403 goto nla_put_failure; 15404 15405 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 15406 goto nla_put_failure; 15407 15408 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac)) 15409 goto nla_put_failure; 15410 15411 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) && 15412 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode)) 15413 goto nla_put_failure; 15414 15415 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) && 15416 nla_put_u8(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw)) 15417 goto nla_put_failure; 15418 15419 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) && 15420 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss)) 15421 goto nla_put_failure; 15422 15423 genlmsg_end(msg, hdr); 15424 15425 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 15426 NL80211_MCGRP_MLME, gfp); 15427 15428 return; 15429 15430 nla_put_failure: 15431 nlmsg_free(msg); 15432 } 15433 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify); 15434 15435 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 15436 u64 cookie, bool acked, s32 ack_signal, 15437 bool is_valid_ack_signal, gfp_t gfp) 15438 { 15439 struct wireless_dev *wdev = dev->ieee80211_ptr; 15440 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 15441 struct sk_buff *msg; 15442 void *hdr; 15443 15444 trace_cfg80211_probe_status(dev, addr, cookie, acked); 15445 15446 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 15447 15448 if (!msg) 15449 return; 15450 15451 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 15452 if (!hdr) { 15453 nlmsg_free(msg); 15454 return; 15455 } 15456 15457 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 15458 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 15459 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 15460 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 15461 NL80211_ATTR_PAD) || 15462 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) || 15463 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL, 15464 ack_signal))) 15465 goto nla_put_failure; 15466 15467 genlmsg_end(msg, hdr); 15468 15469 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 15470 NL80211_MCGRP_MLME, gfp); 15471 return; 15472 15473 nla_put_failure: 15474 nlmsg_free(msg); 15475 } 15476 EXPORT_SYMBOL(cfg80211_probe_status); 15477 15478 void cfg80211_report_obss_beacon(struct wiphy *wiphy, 15479 const u8 *frame, size_t len, 15480 int freq, int sig_dbm) 15481 { 15482 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 15483 struct sk_buff *msg; 15484 void *hdr; 15485 struct cfg80211_beacon_registration *reg; 15486 15487 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm); 15488 15489 spin_lock_bh(&rdev->beacon_registrations_lock); 15490 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 15491 msg = nlmsg_new(len + 100, GFP_ATOMIC); 15492 if (!msg) { 15493 spin_unlock_bh(&rdev->beacon_registrations_lock); 15494 return; 15495 } 15496 15497 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 15498 if (!hdr) 15499 goto nla_put_failure; 15500 15501 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 15502 (freq && 15503 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) || 15504 (sig_dbm && 15505 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 15506 nla_put(msg, NL80211_ATTR_FRAME, len, frame)) 15507 goto nla_put_failure; 15508 15509 genlmsg_end(msg, hdr); 15510 15511 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid); 15512 } 15513 spin_unlock_bh(&rdev->beacon_registrations_lock); 15514 return; 15515 15516 nla_put_failure: 15517 spin_unlock_bh(&rdev->beacon_registrations_lock); 15518 nlmsg_free(msg); 15519 } 15520 EXPORT_SYMBOL(cfg80211_report_obss_beacon); 15521 15522 #ifdef CONFIG_PM 15523 static int cfg80211_net_detect_results(struct sk_buff *msg, 15524 struct cfg80211_wowlan_wakeup *wakeup) 15525 { 15526 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect; 15527 struct nlattr *nl_results, *nl_match, *nl_freqs; 15528 int i, j; 15529 15530 nl_results = nla_nest_start( 15531 msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS); 15532 if (!nl_results) 15533 return -EMSGSIZE; 15534 15535 for (i = 0; i < nd->n_matches; i++) { 15536 struct cfg80211_wowlan_nd_match *match = nd->matches[i]; 15537 15538 nl_match = nla_nest_start(msg, i); 15539 if (!nl_match) 15540 break; 15541 15542 /* The SSID attribute is optional in nl80211, but for 15543 * simplicity reasons it's always present in the 15544 * cfg80211 structure. If a driver can't pass the 15545 * SSID, that needs to be changed. A zero length SSID 15546 * is still a valid SSID (wildcard), so it cannot be 15547 * used for this purpose. 15548 */ 15549 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len, 15550 match->ssid.ssid)) { 15551 nla_nest_cancel(msg, nl_match); 15552 goto out; 15553 } 15554 15555 if (match->n_channels) { 15556 nl_freqs = nla_nest_start( 15557 msg, NL80211_ATTR_SCAN_FREQUENCIES); 15558 if (!nl_freqs) { 15559 nla_nest_cancel(msg, nl_match); 15560 goto out; 15561 } 15562 15563 for (j = 0; j < match->n_channels; j++) { 15564 if (nla_put_u32(msg, j, match->channels[j])) { 15565 nla_nest_cancel(msg, nl_freqs); 15566 nla_nest_cancel(msg, nl_match); 15567 goto out; 15568 } 15569 } 15570 15571 nla_nest_end(msg, nl_freqs); 15572 } 15573 15574 nla_nest_end(msg, nl_match); 15575 } 15576 15577 out: 15578 nla_nest_end(msg, nl_results); 15579 return 0; 15580 } 15581 15582 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev, 15583 struct cfg80211_wowlan_wakeup *wakeup, 15584 gfp_t gfp) 15585 { 15586 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 15587 struct sk_buff *msg; 15588 void *hdr; 15589 int size = 200; 15590 15591 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup); 15592 15593 if (wakeup) 15594 size += wakeup->packet_present_len; 15595 15596 msg = nlmsg_new(size, gfp); 15597 if (!msg) 15598 return; 15599 15600 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN); 15601 if (!hdr) 15602 goto free_msg; 15603 15604 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 15605 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 15606 NL80211_ATTR_PAD)) 15607 goto free_msg; 15608 15609 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 15610 wdev->netdev->ifindex)) 15611 goto free_msg; 15612 15613 if (wakeup) { 15614 struct nlattr *reasons; 15615 15616 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 15617 if (!reasons) 15618 goto free_msg; 15619 15620 if (wakeup->disconnect && 15621 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) 15622 goto free_msg; 15623 if (wakeup->magic_pkt && 15624 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) 15625 goto free_msg; 15626 if (wakeup->gtk_rekey_failure && 15627 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) 15628 goto free_msg; 15629 if (wakeup->eap_identity_req && 15630 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) 15631 goto free_msg; 15632 if (wakeup->four_way_handshake && 15633 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) 15634 goto free_msg; 15635 if (wakeup->rfkill_release && 15636 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)) 15637 goto free_msg; 15638 15639 if (wakeup->pattern_idx >= 0 && 15640 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 15641 wakeup->pattern_idx)) 15642 goto free_msg; 15643 15644 if (wakeup->tcp_match && 15645 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH)) 15646 goto free_msg; 15647 15648 if (wakeup->tcp_connlost && 15649 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST)) 15650 goto free_msg; 15651 15652 if (wakeup->tcp_nomoretokens && 15653 nla_put_flag(msg, 15654 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS)) 15655 goto free_msg; 15656 15657 if (wakeup->packet) { 15658 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211; 15659 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN; 15660 15661 if (!wakeup->packet_80211) { 15662 pkt_attr = 15663 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023; 15664 len_attr = 15665 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN; 15666 } 15667 15668 if (wakeup->packet_len && 15669 nla_put_u32(msg, len_attr, wakeup->packet_len)) 15670 goto free_msg; 15671 15672 if (nla_put(msg, pkt_attr, wakeup->packet_present_len, 15673 wakeup->packet)) 15674 goto free_msg; 15675 } 15676 15677 if (wakeup->net_detect && 15678 cfg80211_net_detect_results(msg, wakeup)) 15679 goto free_msg; 15680 15681 nla_nest_end(msg, reasons); 15682 } 15683 15684 genlmsg_end(msg, hdr); 15685 15686 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 15687 NL80211_MCGRP_MLME, gfp); 15688 return; 15689 15690 free_msg: 15691 nlmsg_free(msg); 15692 } 15693 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup); 15694 #endif 15695 15696 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer, 15697 enum nl80211_tdls_operation oper, 15698 u16 reason_code, gfp_t gfp) 15699 { 15700 struct wireless_dev *wdev = dev->ieee80211_ptr; 15701 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 15702 struct sk_buff *msg; 15703 void *hdr; 15704 15705 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper, 15706 reason_code); 15707 15708 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 15709 if (!msg) 15710 return; 15711 15712 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER); 15713 if (!hdr) { 15714 nlmsg_free(msg); 15715 return; 15716 } 15717 15718 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 15719 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 15720 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) || 15721 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) || 15722 (reason_code > 0 && 15723 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code))) 15724 goto nla_put_failure; 15725 15726 genlmsg_end(msg, hdr); 15727 15728 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 15729 NL80211_MCGRP_MLME, gfp); 15730 return; 15731 15732 nla_put_failure: 15733 nlmsg_free(msg); 15734 } 15735 EXPORT_SYMBOL(cfg80211_tdls_oper_request); 15736 15737 static int nl80211_netlink_notify(struct notifier_block * nb, 15738 unsigned long state, 15739 void *_notify) 15740 { 15741 struct netlink_notify *notify = _notify; 15742 struct cfg80211_registered_device *rdev; 15743 struct wireless_dev *wdev; 15744 struct cfg80211_beacon_registration *reg, *tmp; 15745 15746 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC) 15747 return NOTIFY_DONE; 15748 15749 rcu_read_lock(); 15750 15751 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 15752 struct cfg80211_sched_scan_request *sched_scan_req; 15753 15754 list_for_each_entry_rcu(sched_scan_req, 15755 &rdev->sched_scan_req_list, 15756 list) { 15757 if (sched_scan_req->owner_nlportid == notify->portid) { 15758 sched_scan_req->nl_owner_dead = true; 15759 schedule_work(&rdev->sched_scan_stop_wk); 15760 } 15761 } 15762 15763 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) { 15764 cfg80211_mlme_unregister_socket(wdev, notify->portid); 15765 15766 if (wdev->owner_nlportid == notify->portid) { 15767 wdev->nl_owner_dead = true; 15768 schedule_work(&rdev->destroy_work); 15769 } else if (wdev->conn_owner_nlportid == notify->portid) { 15770 schedule_work(&wdev->disconnect_wk); 15771 } 15772 } 15773 15774 spin_lock_bh(&rdev->beacon_registrations_lock); 15775 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations, 15776 list) { 15777 if (reg->nlportid == notify->portid) { 15778 list_del(®->list); 15779 kfree(reg); 15780 break; 15781 } 15782 } 15783 spin_unlock_bh(&rdev->beacon_registrations_lock); 15784 } 15785 15786 rcu_read_unlock(); 15787 15788 /* 15789 * It is possible that the user space process that is controlling the 15790 * indoor setting disappeared, so notify the regulatory core. 15791 */ 15792 regulatory_netlink_notify(notify->portid); 15793 return NOTIFY_OK; 15794 } 15795 15796 static struct notifier_block nl80211_netlink_notifier = { 15797 .notifier_call = nl80211_netlink_notify, 15798 }; 15799 15800 void cfg80211_ft_event(struct net_device *netdev, 15801 struct cfg80211_ft_event_params *ft_event) 15802 { 15803 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy; 15804 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 15805 struct sk_buff *msg; 15806 void *hdr; 15807 15808 trace_cfg80211_ft_event(wiphy, netdev, ft_event); 15809 15810 if (!ft_event->target_ap) 15811 return; 15812 15813 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len, 15814 GFP_KERNEL); 15815 if (!msg) 15816 return; 15817 15818 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT); 15819 if (!hdr) 15820 goto out; 15821 15822 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 15823 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 15824 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap)) 15825 goto out; 15826 15827 if (ft_event->ies && 15828 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies)) 15829 goto out; 15830 if (ft_event->ric_ies && 15831 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len, 15832 ft_event->ric_ies)) 15833 goto out; 15834 15835 genlmsg_end(msg, hdr); 15836 15837 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 15838 NL80211_MCGRP_MLME, GFP_KERNEL); 15839 return; 15840 out: 15841 nlmsg_free(msg); 15842 } 15843 EXPORT_SYMBOL(cfg80211_ft_event); 15844 15845 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp) 15846 { 15847 struct cfg80211_registered_device *rdev; 15848 struct sk_buff *msg; 15849 void *hdr; 15850 u32 nlportid; 15851 15852 rdev = wiphy_to_rdev(wdev->wiphy); 15853 if (!rdev->crit_proto_nlportid) 15854 return; 15855 15856 nlportid = rdev->crit_proto_nlportid; 15857 rdev->crit_proto_nlportid = 0; 15858 15859 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 15860 if (!msg) 15861 return; 15862 15863 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP); 15864 if (!hdr) 15865 goto nla_put_failure; 15866 15867 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 15868 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 15869 NL80211_ATTR_PAD)) 15870 goto nla_put_failure; 15871 15872 genlmsg_end(msg, hdr); 15873 15874 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 15875 return; 15876 15877 nla_put_failure: 15878 nlmsg_free(msg); 15879 } 15880 EXPORT_SYMBOL(cfg80211_crit_proto_stopped); 15881 15882 void nl80211_send_ap_stopped(struct wireless_dev *wdev) 15883 { 15884 struct wiphy *wiphy = wdev->wiphy; 15885 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 15886 struct sk_buff *msg; 15887 void *hdr; 15888 15889 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 15890 if (!msg) 15891 return; 15892 15893 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP); 15894 if (!hdr) 15895 goto out; 15896 15897 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 15898 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) || 15899 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 15900 NL80211_ATTR_PAD)) 15901 goto out; 15902 15903 genlmsg_end(msg, hdr); 15904 15905 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0, 15906 NL80211_MCGRP_MLME, GFP_KERNEL); 15907 return; 15908 out: 15909 nlmsg_free(msg); 15910 } 15911 15912 int cfg80211_external_auth_request(struct net_device *dev, 15913 struct cfg80211_external_auth_params *params, 15914 gfp_t gfp) 15915 { 15916 struct wireless_dev *wdev = dev->ieee80211_ptr; 15917 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 15918 struct sk_buff *msg; 15919 void *hdr; 15920 15921 if (!wdev->conn_owner_nlportid) 15922 return -EINVAL; 15923 15924 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 15925 if (!msg) 15926 return -ENOMEM; 15927 15928 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH); 15929 if (!hdr) 15930 goto nla_put_failure; 15931 15932 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 15933 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 15934 nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) || 15935 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION, 15936 params->action) || 15937 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) || 15938 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len, 15939 params->ssid.ssid)) 15940 goto nla_put_failure; 15941 15942 genlmsg_end(msg, hdr); 15943 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 15944 wdev->conn_owner_nlportid); 15945 return 0; 15946 15947 nla_put_failure: 15948 nlmsg_free(msg); 15949 return -ENOBUFS; 15950 } 15951 EXPORT_SYMBOL(cfg80211_external_auth_request); 15952 15953 /* initialisation/exit functions */ 15954 15955 int __init nl80211_init(void) 15956 { 15957 int err; 15958 15959 err = genl_register_family(&nl80211_fam); 15960 if (err) 15961 return err; 15962 15963 err = netlink_register_notifier(&nl80211_netlink_notifier); 15964 if (err) 15965 goto err_out; 15966 15967 return 0; 15968 err_out: 15969 genl_unregister_family(&nl80211_fam); 15970 return err; 15971 } 15972 15973 void nl80211_exit(void) 15974 { 15975 netlink_unregister_notifier(&nl80211_netlink_notifier); 15976 genl_unregister_family(&nl80211_fam); 15977 } 15978