1 /*
2 * This is the new netlink-based wireless configuration interface.
3 *
4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 */
6
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include <net/inet_connection_sock.h>
23 #include "core.h"
24 #include "nl80211.h"
25 #include "reg.h"
26 #include "rdev-ops.h"
27
28 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
29 struct genl_info *info,
30 struct cfg80211_crypto_settings *settings,
31 int cipher_limit);
32
33 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
34 struct genl_info *info);
35 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
36 struct genl_info *info);
37
38 /* the netlink family */
39 static struct genl_family nl80211_fam = {
40 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
41 .name = "nl80211", /* have users key off the name instead */
42 .hdrsize = 0, /* no private header */
43 .version = 1, /* no particular meaning now */
44 .maxattr = NL80211_ATTR_MAX,
45 .netnsok = true,
46 .pre_doit = nl80211_pre_doit,
47 .post_doit = nl80211_post_doit,
48 };
49
50 /* returns ERR_PTR values */
51 static struct wireless_dev *
__cfg80211_wdev_from_attrs(struct net * netns,struct nlattr ** attrs)52 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
53 {
54 struct cfg80211_registered_device *rdev;
55 struct wireless_dev *result = NULL;
56 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
57 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
58 u64 wdev_id;
59 int wiphy_idx = -1;
60 int ifidx = -1;
61
62 assert_cfg80211_lock();
63
64 if (!have_ifidx && !have_wdev_id)
65 return ERR_PTR(-EINVAL);
66
67 if (have_ifidx)
68 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
69 if (have_wdev_id) {
70 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
71 wiphy_idx = wdev_id >> 32;
72 }
73
74 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
75 struct wireless_dev *wdev;
76
77 if (wiphy_net(&rdev->wiphy) != netns)
78 continue;
79
80 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
81 continue;
82
83 mutex_lock(&rdev->devlist_mtx);
84 list_for_each_entry(wdev, &rdev->wdev_list, list) {
85 if (have_ifidx && wdev->netdev &&
86 wdev->netdev->ifindex == ifidx) {
87 result = wdev;
88 break;
89 }
90 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
91 result = wdev;
92 break;
93 }
94 }
95 mutex_unlock(&rdev->devlist_mtx);
96
97 if (result)
98 break;
99 }
100
101 if (result)
102 return result;
103 return ERR_PTR(-ENODEV);
104 }
105
106 static struct cfg80211_registered_device *
__cfg80211_rdev_from_attrs(struct net * netns,struct nlattr ** attrs)107 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
108 {
109 struct cfg80211_registered_device *rdev = NULL, *tmp;
110 struct net_device *netdev;
111
112 assert_cfg80211_lock();
113
114 if (!attrs[NL80211_ATTR_WIPHY] &&
115 !attrs[NL80211_ATTR_IFINDEX] &&
116 !attrs[NL80211_ATTR_WDEV])
117 return ERR_PTR(-EINVAL);
118
119 if (attrs[NL80211_ATTR_WIPHY])
120 rdev = cfg80211_rdev_by_wiphy_idx(
121 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
122
123 if (attrs[NL80211_ATTR_WDEV]) {
124 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
125 struct wireless_dev *wdev;
126 bool found = false;
127
128 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
129 if (tmp) {
130 /* make sure wdev exists */
131 mutex_lock(&tmp->devlist_mtx);
132 list_for_each_entry(wdev, &tmp->wdev_list, list) {
133 if (wdev->identifier != (u32)wdev_id)
134 continue;
135 found = true;
136 break;
137 }
138 mutex_unlock(&tmp->devlist_mtx);
139
140 if (!found)
141 tmp = NULL;
142
143 if (rdev && tmp != rdev)
144 return ERR_PTR(-EINVAL);
145 rdev = tmp;
146 }
147 }
148
149 if (attrs[NL80211_ATTR_IFINDEX]) {
150 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
151 netdev = dev_get_by_index(netns, ifindex);
152 if (netdev) {
153 if (netdev->ieee80211_ptr)
154 tmp = wiphy_to_dev(
155 netdev->ieee80211_ptr->wiphy);
156 else
157 tmp = NULL;
158
159 dev_put(netdev);
160
161 /* not wireless device -- return error */
162 if (!tmp)
163 return ERR_PTR(-EINVAL);
164
165 /* mismatch -- return error */
166 if (rdev && tmp != rdev)
167 return ERR_PTR(-EINVAL);
168
169 rdev = tmp;
170 }
171 }
172
173 if (!rdev)
174 return ERR_PTR(-ENODEV);
175
176 if (netns != wiphy_net(&rdev->wiphy))
177 return ERR_PTR(-ENODEV);
178
179 return rdev;
180 }
181
182 /*
183 * This function returns a pointer to the driver
184 * that the genl_info item that is passed refers to.
185 * If successful, it returns non-NULL and also locks
186 * the driver's mutex!
187 *
188 * This means that you need to call cfg80211_unlock_rdev()
189 * before being allowed to acquire &cfg80211_mutex!
190 *
191 * This is necessary because we need to lock the global
192 * mutex to get an item off the list safely, and then
193 * we lock the rdev mutex so it doesn't go away under us.
194 *
195 * We don't want to keep cfg80211_mutex locked
196 * for all the time in order to allow requests on
197 * other interfaces to go through at the same time.
198 *
199 * The result of this can be a PTR_ERR and hence must
200 * be checked with IS_ERR() for errors.
201 */
202 static struct cfg80211_registered_device *
cfg80211_get_dev_from_info(struct net * netns,struct genl_info * info)203 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
204 {
205 struct cfg80211_registered_device *rdev;
206
207 mutex_lock(&cfg80211_mutex);
208 rdev = __cfg80211_rdev_from_attrs(netns, info->attrs);
209
210 /* if it is not an error we grab the lock on
211 * it to assure it won't be going away while
212 * we operate on it */
213 if (!IS_ERR(rdev))
214 mutex_lock(&rdev->mtx);
215
216 mutex_unlock(&cfg80211_mutex);
217
218 return rdev;
219 }
220
221 /* policy for the attributes */
222 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
223 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
224 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
225 .len = 20-1 },
226 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
227
228 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
229 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
230 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
231 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
232 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
233
234 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
235 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
236 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
237 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
238 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
239
240 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
241 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
242 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
243
244 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
245 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
246
247 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
248 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
249 .len = WLAN_MAX_KEY_LEN },
250 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
251 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
252 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
253 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
254 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
255
256 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
257 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
258 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
259 .len = IEEE80211_MAX_DATA_LEN },
260 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
261 .len = IEEE80211_MAX_DATA_LEN },
262 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
263 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
264 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
265 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
266 .len = NL80211_MAX_SUPP_RATES },
267 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
268 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
269 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
270 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
271 .len = IEEE80211_MAX_MESH_ID_LEN },
272 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
273
274 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
275 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
276
277 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
278 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
279 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
280 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
281 .len = NL80211_MAX_SUPP_RATES },
282 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
283
284 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
285 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
286
287 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
288
289 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
290 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
291 .len = IEEE80211_MAX_DATA_LEN },
292 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
293 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
294
295 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
296 .len = IEEE80211_MAX_SSID_LEN },
297 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
298 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
299 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
300 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
301 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
302 [NL80211_ATTR_STA_FLAGS2] = {
303 .len = sizeof(struct nl80211_sta_flag_update),
304 },
305 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
306 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
307 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
308 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
309 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
310 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
311 [NL80211_ATTR_PID] = { .type = NLA_U32 },
312 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
313 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
314 .len = WLAN_PMKID_LEN },
315 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
316 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
317 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
318 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
319 .len = IEEE80211_MAX_DATA_LEN },
320 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
321 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
322 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
323 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
324 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
325 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
326 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
327 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
328 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
329 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
330 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
331 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
332 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
333 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
334 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
335 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
336 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
337 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
338 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
339 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
340 .len = IEEE80211_MAX_DATA_LEN },
341 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
342 .len = IEEE80211_MAX_DATA_LEN },
343 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
344 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
345 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
346 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
347 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
348 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
349 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
350 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
351 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
352 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
353 .len = IEEE80211_MAX_DATA_LEN },
354 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
355 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
356 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
357 .len = NL80211_HT_CAPABILITY_LEN
358 },
359 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
360 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
361 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
362 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
363 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
364 [NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
365 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
366 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
367 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
368 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
369 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
370 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
371 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
372 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
373 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
374 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
375 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
376 .len = NL80211_VHT_CAPABILITY_LEN,
377 },
378 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
379 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
380 .len = IEEE80211_MAX_DATA_LEN },
381 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
382 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
383 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
384 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
385 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
386 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
387 [NL80211_ATTR_IFACE_SOCKET_OWNER] = { .type = NLA_FLAG },
388 };
389
390 /* policy for the key attributes */
391 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
392 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
393 [NL80211_KEY_IDX] = { .type = NLA_U8 },
394 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
395 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
396 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
397 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
398 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
399 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
400 };
401
402 /* policy for the key default flags */
403 static const struct nla_policy
404 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
405 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
406 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
407 };
408
409 /* policy for WoWLAN attributes */
410 static const struct nla_policy
411 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
412 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
413 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
414 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
415 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
416 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
417 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
418 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
419 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
420 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
421 };
422
423 static const struct nla_policy
424 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
425 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
426 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
427 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
428 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
429 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
430 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
431 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
432 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
433 },
434 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
435 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
436 },
437 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
438 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
439 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
440 };
441
442 /* policy for GTK rekey offload attributes */
443 static const struct nla_policy
444 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
445 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
446 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
447 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
448 };
449
450 static const struct nla_policy
451 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
452 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
453 .len = IEEE80211_MAX_SSID_LEN },
454 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
455 };
456
nl80211_prepare_wdev_dump(struct sk_buff * skb,struct netlink_callback * cb,struct cfg80211_registered_device ** rdev,struct wireless_dev ** wdev)457 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
458 struct netlink_callback *cb,
459 struct cfg80211_registered_device **rdev,
460 struct wireless_dev **wdev)
461 {
462 int err;
463
464 rtnl_lock();
465 mutex_lock(&cfg80211_mutex);
466
467 if (!cb->args[0]) {
468 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
469 nl80211_fam.attrbuf, nl80211_fam.maxattr,
470 nl80211_policy);
471 if (err)
472 goto out_unlock;
473
474 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
475 nl80211_fam.attrbuf);
476 if (IS_ERR(*wdev)) {
477 err = PTR_ERR(*wdev);
478 goto out_unlock;
479 }
480 *rdev = wiphy_to_dev((*wdev)->wiphy);
481 /* 0 is the first index - add 1 to parse only once */
482 cb->args[0] = (*rdev)->wiphy_idx + 1;
483 cb->args[1] = (*wdev)->identifier;
484 } else {
485 /* subtract the 1 again here */
486 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
487 struct wireless_dev *tmp;
488
489 if (!wiphy) {
490 err = -ENODEV;
491 goto out_unlock;
492 }
493 *rdev = wiphy_to_dev(wiphy);
494 *wdev = NULL;
495
496 mutex_lock(&(*rdev)->devlist_mtx);
497 list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
498 if (tmp->identifier == cb->args[1]) {
499 *wdev = tmp;
500 break;
501 }
502 }
503 mutex_unlock(&(*rdev)->devlist_mtx);
504
505 if (!*wdev) {
506 err = -ENODEV;
507 goto out_unlock;
508 }
509 }
510
511 cfg80211_lock_rdev(*rdev);
512
513 mutex_unlock(&cfg80211_mutex);
514 return 0;
515 out_unlock:
516 mutex_unlock(&cfg80211_mutex);
517 rtnl_unlock();
518 return err;
519 }
520
nl80211_finish_wdev_dump(struct cfg80211_registered_device * rdev)521 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
522 {
523 cfg80211_unlock_rdev(rdev);
524 rtnl_unlock();
525 }
526
527 /* IE validation */
is_valid_ie_attr(const struct nlattr * attr)528 static bool is_valid_ie_attr(const struct nlattr *attr)
529 {
530 const u8 *pos;
531 int len;
532
533 if (!attr)
534 return true;
535
536 pos = nla_data(attr);
537 len = nla_len(attr);
538
539 while (len) {
540 u8 elemlen;
541
542 if (len < 2)
543 return false;
544 len -= 2;
545
546 elemlen = pos[1];
547 if (elemlen > len)
548 return false;
549
550 len -= elemlen;
551 pos += 2 + elemlen;
552 }
553
554 return true;
555 }
556
557 /* message building helper */
nl80211hdr_put(struct sk_buff * skb,u32 portid,u32 seq,int flags,u8 cmd)558 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
559 int flags, u8 cmd)
560 {
561 /* since there is no private header just add the generic one */
562 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
563 }
564
nl80211_msg_put_channel(struct sk_buff * msg,struct ieee80211_channel * chan,bool large)565 static int nl80211_msg_put_channel(struct sk_buff *msg,
566 struct ieee80211_channel *chan,
567 bool large)
568 {
569 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
570 chan->center_freq))
571 goto nla_put_failure;
572
573 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
574 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
575 goto nla_put_failure;
576 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
577 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN))
578 goto nla_put_failure;
579 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) &&
580 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS))
581 goto nla_put_failure;
582 if (chan->flags & IEEE80211_CHAN_RADAR) {
583 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
584 goto nla_put_failure;
585 if (large) {
586 u32 time;
587
588 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
589
590 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
591 chan->dfs_state))
592 goto nla_put_failure;
593 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
594 time))
595 goto nla_put_failure;
596 }
597 }
598
599 if (large) {
600 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
601 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
602 goto nla_put_failure;
603 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
604 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
605 goto nla_put_failure;
606 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
607 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
608 goto nla_put_failure;
609 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
610 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
611 goto nla_put_failure;
612 }
613
614 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
615 DBM_TO_MBM(chan->max_power)))
616 goto nla_put_failure;
617
618 return 0;
619
620 nla_put_failure:
621 return -ENOBUFS;
622 }
623
624 /* netlink command implementations */
625
626 struct key_parse {
627 struct key_params p;
628 int idx;
629 int type;
630 bool def, defmgmt;
631 bool def_uni, def_multi;
632 };
633
nl80211_parse_key_new(struct nlattr * key,struct key_parse * k)634 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
635 {
636 struct nlattr *tb[NL80211_KEY_MAX + 1];
637 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
638 nl80211_key_policy);
639 if (err)
640 return err;
641
642 k->def = !!tb[NL80211_KEY_DEFAULT];
643 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
644
645 if (k->def) {
646 k->def_uni = true;
647 k->def_multi = true;
648 }
649 if (k->defmgmt)
650 k->def_multi = true;
651
652 if (tb[NL80211_KEY_IDX])
653 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
654
655 if (tb[NL80211_KEY_DATA]) {
656 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
657 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
658 }
659
660 if (tb[NL80211_KEY_SEQ]) {
661 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
662 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
663 }
664
665 if (tb[NL80211_KEY_CIPHER])
666 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
667
668 if (tb[NL80211_KEY_TYPE]) {
669 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
670 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
671 return -EINVAL;
672 }
673
674 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
675 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
676 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
677 tb[NL80211_KEY_DEFAULT_TYPES],
678 nl80211_key_default_policy);
679 if (err)
680 return err;
681
682 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
683 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
684 }
685
686 return 0;
687 }
688
nl80211_parse_key_old(struct genl_info * info,struct key_parse * k)689 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
690 {
691 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
692 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
693 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
694 }
695
696 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
697 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
698 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
699 }
700
701 if (info->attrs[NL80211_ATTR_KEY_IDX])
702 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
703
704 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
705 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
706
707 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
708 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
709
710 if (k->def) {
711 k->def_uni = true;
712 k->def_multi = true;
713 }
714 if (k->defmgmt)
715 k->def_multi = true;
716
717 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
718 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
719 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
720 return -EINVAL;
721 }
722
723 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
724 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
725 int err = nla_parse_nested(
726 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
727 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
728 nl80211_key_default_policy);
729 if (err)
730 return err;
731
732 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
733 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
734 }
735
736 return 0;
737 }
738
nl80211_parse_key(struct genl_info * info,struct key_parse * k)739 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
740 {
741 int err;
742
743 memset(k, 0, sizeof(*k));
744 k->idx = -1;
745 k->type = -1;
746
747 if (info->attrs[NL80211_ATTR_KEY])
748 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
749 else
750 err = nl80211_parse_key_old(info, k);
751
752 if (err)
753 return err;
754
755 if (k->def && k->defmgmt)
756 return -EINVAL;
757
758 if (k->defmgmt) {
759 if (k->def_uni || !k->def_multi)
760 return -EINVAL;
761 }
762
763 if (k->idx != -1) {
764 if (k->defmgmt) {
765 if (k->idx < 4 || k->idx > 5)
766 return -EINVAL;
767 } else if (k->def) {
768 if (k->idx < 0 || k->idx > 3)
769 return -EINVAL;
770 } else {
771 if (k->idx < 0 || k->idx > 5)
772 return -EINVAL;
773 }
774 }
775
776 return 0;
777 }
778
779 static struct cfg80211_cached_keys *
nl80211_parse_connkeys(struct cfg80211_registered_device * rdev,struct nlattr * keys,bool * no_ht)780 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
781 struct nlattr *keys, bool *no_ht)
782 {
783 struct key_parse parse;
784 struct nlattr *key;
785 struct cfg80211_cached_keys *result;
786 int rem, err, def = 0;
787
788 result = kzalloc(sizeof(*result), GFP_KERNEL);
789 if (!result)
790 return ERR_PTR(-ENOMEM);
791
792 result->def = -1;
793 result->defmgmt = -1;
794
795 nla_for_each_nested(key, keys, rem) {
796 memset(&parse, 0, sizeof(parse));
797 parse.idx = -1;
798
799 err = nl80211_parse_key_new(key, &parse);
800 if (err)
801 goto error;
802 err = -EINVAL;
803 if (!parse.p.key)
804 goto error;
805 if (parse.idx < 0 || parse.idx > 4)
806 goto error;
807 if (parse.def) {
808 if (def)
809 goto error;
810 def = 1;
811 result->def = parse.idx;
812 if (!parse.def_uni || !parse.def_multi)
813 goto error;
814 } else if (parse.defmgmt)
815 goto error;
816 err = cfg80211_validate_key_settings(rdev, &parse.p,
817 parse.idx, false, NULL);
818 if (err)
819 goto error;
820 result->params[parse.idx].cipher = parse.p.cipher;
821 result->params[parse.idx].key_len = parse.p.key_len;
822 result->params[parse.idx].key = result->data[parse.idx];
823 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
824
825 if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
826 parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
827 if (no_ht)
828 *no_ht = true;
829 }
830 }
831
832 return result;
833 error:
834 kfree(result);
835 return ERR_PTR(err);
836 }
837
nl80211_key_allowed(struct wireless_dev * wdev)838 static int nl80211_key_allowed(struct wireless_dev *wdev)
839 {
840 ASSERT_WDEV_LOCK(wdev);
841
842 switch (wdev->iftype) {
843 case NL80211_IFTYPE_AP:
844 case NL80211_IFTYPE_AP_VLAN:
845 case NL80211_IFTYPE_P2P_GO:
846 case NL80211_IFTYPE_MESH_POINT:
847 break;
848 case NL80211_IFTYPE_ADHOC:
849 if (!wdev->current_bss)
850 return -ENOLINK;
851 break;
852 case NL80211_IFTYPE_STATION:
853 case NL80211_IFTYPE_P2P_CLIENT:
854 if (wdev->sme_state != CFG80211_SME_CONNECTED)
855 return -ENOLINK;
856 break;
857 default:
858 return -EINVAL;
859 }
860
861 return 0;
862 }
863
nl80211_put_iftypes(struct sk_buff * msg,u32 attr,u16 ifmodes)864 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
865 {
866 struct nlattr *nl_modes = nla_nest_start(msg, attr);
867 int i;
868
869 if (!nl_modes)
870 goto nla_put_failure;
871
872 i = 0;
873 while (ifmodes) {
874 if ((ifmodes & 1) && nla_put_flag(msg, i))
875 goto nla_put_failure;
876 ifmodes >>= 1;
877 i++;
878 }
879
880 nla_nest_end(msg, nl_modes);
881 return 0;
882
883 nla_put_failure:
884 return -ENOBUFS;
885 }
886
nl80211_put_iface_combinations(struct wiphy * wiphy,struct sk_buff * msg,bool large)887 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
888 struct sk_buff *msg,
889 bool large)
890 {
891 struct nlattr *nl_combis;
892 int i, j;
893
894 nl_combis = nla_nest_start(msg,
895 NL80211_ATTR_INTERFACE_COMBINATIONS);
896 if (!nl_combis)
897 goto nla_put_failure;
898
899 for (i = 0; i < wiphy->n_iface_combinations; i++) {
900 const struct ieee80211_iface_combination *c;
901 struct nlattr *nl_combi, *nl_limits;
902
903 c = &wiphy->iface_combinations[i];
904
905 nl_combi = nla_nest_start(msg, i + 1);
906 if (!nl_combi)
907 goto nla_put_failure;
908
909 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
910 if (!nl_limits)
911 goto nla_put_failure;
912
913 for (j = 0; j < c->n_limits; j++) {
914 struct nlattr *nl_limit;
915
916 nl_limit = nla_nest_start(msg, j + 1);
917 if (!nl_limit)
918 goto nla_put_failure;
919 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
920 c->limits[j].max))
921 goto nla_put_failure;
922 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
923 c->limits[j].types))
924 goto nla_put_failure;
925 nla_nest_end(msg, nl_limit);
926 }
927
928 nla_nest_end(msg, nl_limits);
929
930 if (c->beacon_int_infra_match &&
931 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
932 goto nla_put_failure;
933 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
934 c->num_different_channels) ||
935 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
936 c->max_interfaces))
937 goto nla_put_failure;
938 if (large &&
939 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
940 c->radar_detect_widths))
941 goto nla_put_failure;
942
943 nla_nest_end(msg, nl_combi);
944 }
945
946 nla_nest_end(msg, nl_combis);
947
948 return 0;
949 nla_put_failure:
950 return -ENOBUFS;
951 }
952
953 #ifdef CONFIG_PM
nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device * rdev,struct sk_buff * msg)954 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
955 struct sk_buff *msg)
956 {
957 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan.tcp;
958 struct nlattr *nl_tcp;
959
960 if (!tcp)
961 return 0;
962
963 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
964 if (!nl_tcp)
965 return -ENOBUFS;
966
967 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
968 tcp->data_payload_max))
969 return -ENOBUFS;
970
971 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
972 tcp->data_payload_max))
973 return -ENOBUFS;
974
975 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
976 return -ENOBUFS;
977
978 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
979 sizeof(*tcp->tok), tcp->tok))
980 return -ENOBUFS;
981
982 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
983 tcp->data_interval_max))
984 return -ENOBUFS;
985
986 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
987 tcp->wake_payload_max))
988 return -ENOBUFS;
989
990 nla_nest_end(msg, nl_tcp);
991 return 0;
992 }
993
nl80211_send_wowlan(struct sk_buff * msg,struct cfg80211_registered_device * dev,bool large)994 static int nl80211_send_wowlan(struct sk_buff *msg,
995 struct cfg80211_registered_device *dev,
996 bool large)
997 {
998 struct nlattr *nl_wowlan;
999
1000 if (!dev->wiphy.wowlan.flags && !dev->wiphy.wowlan.n_patterns)
1001 return 0;
1002
1003 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1004 if (!nl_wowlan)
1005 return -ENOBUFS;
1006
1007 if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) &&
1008 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1009 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) &&
1010 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1011 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1012 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1013 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1014 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1015 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1016 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1017 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1018 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1019 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1020 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1021 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1022 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1023 return -ENOBUFS;
1024
1025 if (dev->wiphy.wowlan.n_patterns) {
1026 struct nl80211_wowlan_pattern_support pat = {
1027 .max_patterns = dev->wiphy.wowlan.n_patterns,
1028 .min_pattern_len = dev->wiphy.wowlan.pattern_min_len,
1029 .max_pattern_len = dev->wiphy.wowlan.pattern_max_len,
1030 .max_pkt_offset = dev->wiphy.wowlan.max_pkt_offset,
1031 };
1032
1033 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1034 sizeof(pat), &pat))
1035 return -ENOBUFS;
1036 }
1037
1038 if (large && nl80211_send_wowlan_tcp_caps(dev, msg))
1039 return -ENOBUFS;
1040
1041 nla_nest_end(msg, nl_wowlan);
1042
1043 return 0;
1044 }
1045 #endif
1046
nl80211_send_band_rateinfo(struct sk_buff * msg,struct ieee80211_supported_band * sband)1047 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1048 struct ieee80211_supported_band *sband)
1049 {
1050 struct nlattr *nl_rates, *nl_rate;
1051 struct ieee80211_rate *rate;
1052 int i;
1053
1054 /* add HT info */
1055 if (sband->ht_cap.ht_supported &&
1056 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1057 sizeof(sband->ht_cap.mcs),
1058 &sband->ht_cap.mcs) ||
1059 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1060 sband->ht_cap.cap) ||
1061 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1062 sband->ht_cap.ampdu_factor) ||
1063 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1064 sband->ht_cap.ampdu_density)))
1065 return -ENOBUFS;
1066
1067 /* add VHT info */
1068 if (sband->vht_cap.vht_supported &&
1069 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1070 sizeof(sband->vht_cap.vht_mcs),
1071 &sband->vht_cap.vht_mcs) ||
1072 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1073 sband->vht_cap.cap)))
1074 return -ENOBUFS;
1075
1076 /* add bitrates */
1077 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1078 if (!nl_rates)
1079 return -ENOBUFS;
1080
1081 for (i = 0; i < sband->n_bitrates; i++) {
1082 nl_rate = nla_nest_start(msg, i);
1083 if (!nl_rate)
1084 return -ENOBUFS;
1085
1086 rate = &sband->bitrates[i];
1087 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1088 rate->bitrate))
1089 return -ENOBUFS;
1090 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1091 nla_put_flag(msg,
1092 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1093 return -ENOBUFS;
1094
1095 nla_nest_end(msg, nl_rate);
1096 }
1097
1098 nla_nest_end(msg, nl_rates);
1099
1100 return 0;
1101 }
1102
1103 static int
nl80211_send_mgmt_stypes(struct sk_buff * msg,const struct ieee80211_txrx_stypes * mgmt_stypes)1104 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1105 const struct ieee80211_txrx_stypes *mgmt_stypes)
1106 {
1107 u16 stypes;
1108 struct nlattr *nl_ftypes, *nl_ifs;
1109 enum nl80211_iftype ift;
1110 int i;
1111
1112 if (!mgmt_stypes)
1113 return 0;
1114
1115 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1116 if (!nl_ifs)
1117 return -ENOBUFS;
1118
1119 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1120 nl_ftypes = nla_nest_start(msg, ift);
1121 if (!nl_ftypes)
1122 return -ENOBUFS;
1123 i = 0;
1124 stypes = mgmt_stypes[ift].tx;
1125 while (stypes) {
1126 if ((stypes & 1) &&
1127 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1128 (i << 4) | IEEE80211_FTYPE_MGMT))
1129 return -ENOBUFS;
1130 stypes >>= 1;
1131 i++;
1132 }
1133 nla_nest_end(msg, nl_ftypes);
1134 }
1135
1136 nla_nest_end(msg, nl_ifs);
1137
1138 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1139 if (!nl_ifs)
1140 return -ENOBUFS;
1141
1142 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1143 nl_ftypes = nla_nest_start(msg, ift);
1144 if (!nl_ftypes)
1145 return -ENOBUFS;
1146 i = 0;
1147 stypes = mgmt_stypes[ift].rx;
1148 while (stypes) {
1149 if ((stypes & 1) &&
1150 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1151 (i << 4) | IEEE80211_FTYPE_MGMT))
1152 return -ENOBUFS;
1153 stypes >>= 1;
1154 i++;
1155 }
1156 nla_nest_end(msg, nl_ftypes);
1157 }
1158 nla_nest_end(msg, nl_ifs);
1159
1160 return 0;
1161 }
1162
nl80211_send_wiphy(struct cfg80211_registered_device * dev,struct sk_buff * msg,u32 portid,u32 seq,int flags,bool split,long * split_start,long * band_start,long * chan_start)1163 static int nl80211_send_wiphy(struct cfg80211_registered_device *dev,
1164 struct sk_buff *msg, u32 portid, u32 seq,
1165 int flags, bool split, long *split_start,
1166 long *band_start, long *chan_start)
1167 {
1168 void *hdr;
1169 struct nlattr *nl_bands, *nl_band;
1170 struct nlattr *nl_freqs, *nl_freq;
1171 struct nlattr *nl_cmds;
1172 enum ieee80211_band band;
1173 struct ieee80211_channel *chan;
1174 int i;
1175 const struct ieee80211_txrx_stypes *mgmt_stypes =
1176 dev->wiphy.mgmt_stypes;
1177 long start = 0, start_chan = 0, start_band = 0;
1178 u32 features;
1179
1180 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY);
1181 if (!hdr)
1182 return -ENOBUFS;
1183
1184 /* allow always using the variables */
1185 if (!split) {
1186 split_start = &start;
1187 band_start = &start_band;
1188 chan_start = &start_chan;
1189 }
1190
1191 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
1192 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1193 wiphy_name(&dev->wiphy)) ||
1194 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1195 cfg80211_rdev_list_generation))
1196 goto nla_put_failure;
1197
1198 switch (*split_start) {
1199 case 0:
1200 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1201 dev->wiphy.retry_short) ||
1202 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1203 dev->wiphy.retry_long) ||
1204 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1205 dev->wiphy.frag_threshold) ||
1206 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1207 dev->wiphy.rts_threshold) ||
1208 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1209 dev->wiphy.coverage_class) ||
1210 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1211 dev->wiphy.max_scan_ssids) ||
1212 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1213 dev->wiphy.max_sched_scan_ssids) ||
1214 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1215 dev->wiphy.max_scan_ie_len) ||
1216 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1217 dev->wiphy.max_sched_scan_ie_len) ||
1218 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1219 dev->wiphy.max_match_sets))
1220 goto nla_put_failure;
1221
1222 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1223 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1224 goto nla_put_failure;
1225 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1226 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1227 goto nla_put_failure;
1228 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1229 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1230 goto nla_put_failure;
1231 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1232 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1233 goto nla_put_failure;
1234 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1235 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1236 goto nla_put_failure;
1237 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1238 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1239 goto nla_put_failure;
1240
1241 (*split_start)++;
1242 if (split)
1243 break;
1244 case 1:
1245 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1246 sizeof(u32) * dev->wiphy.n_cipher_suites,
1247 dev->wiphy.cipher_suites))
1248 goto nla_put_failure;
1249
1250 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1251 dev->wiphy.max_num_pmkids))
1252 goto nla_put_failure;
1253
1254 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1255 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1256 goto nla_put_failure;
1257
1258 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1259 dev->wiphy.available_antennas_tx) ||
1260 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1261 dev->wiphy.available_antennas_rx))
1262 goto nla_put_failure;
1263
1264 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1265 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1266 dev->wiphy.probe_resp_offload))
1267 goto nla_put_failure;
1268
1269 if ((dev->wiphy.available_antennas_tx ||
1270 dev->wiphy.available_antennas_rx) &&
1271 dev->ops->get_antenna) {
1272 u32 tx_ant = 0, rx_ant = 0;
1273 int res;
1274 res = rdev_get_antenna(dev, &tx_ant, &rx_ant);
1275 if (!res) {
1276 if (nla_put_u32(msg,
1277 NL80211_ATTR_WIPHY_ANTENNA_TX,
1278 tx_ant) ||
1279 nla_put_u32(msg,
1280 NL80211_ATTR_WIPHY_ANTENNA_RX,
1281 rx_ant))
1282 goto nla_put_failure;
1283 }
1284 }
1285
1286 (*split_start)++;
1287 if (split)
1288 break;
1289 case 2:
1290 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1291 dev->wiphy.interface_modes))
1292 goto nla_put_failure;
1293 (*split_start)++;
1294 if (split)
1295 break;
1296 case 3:
1297 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1298 if (!nl_bands)
1299 goto nla_put_failure;
1300
1301 for (band = *band_start; band < IEEE80211_NUM_BANDS; band++) {
1302 struct ieee80211_supported_band *sband;
1303
1304 sband = dev->wiphy.bands[band];
1305
1306 if (!sband)
1307 continue;
1308
1309 nl_band = nla_nest_start(msg, band);
1310 if (!nl_band)
1311 goto nla_put_failure;
1312
1313 switch (*chan_start) {
1314 case 0:
1315 if (nl80211_send_band_rateinfo(msg, sband))
1316 goto nla_put_failure;
1317 (*chan_start)++;
1318 if (split)
1319 break;
1320 default:
1321 /* add frequencies */
1322 nl_freqs = nla_nest_start(
1323 msg, NL80211_BAND_ATTR_FREQS);
1324 if (!nl_freqs)
1325 goto nla_put_failure;
1326
1327 for (i = *chan_start - 1;
1328 i < sband->n_channels;
1329 i++) {
1330 nl_freq = nla_nest_start(msg, i);
1331 if (!nl_freq)
1332 goto nla_put_failure;
1333
1334 chan = &sband->channels[i];
1335
1336 if (nl80211_msg_put_channel(msg, chan,
1337 split))
1338 goto nla_put_failure;
1339
1340 nla_nest_end(msg, nl_freq);
1341 if (split)
1342 break;
1343 }
1344 if (i < sband->n_channels)
1345 *chan_start = i + 2;
1346 else
1347 *chan_start = 0;
1348 nla_nest_end(msg, nl_freqs);
1349 }
1350
1351 nla_nest_end(msg, nl_band);
1352
1353 if (split) {
1354 /* start again here */
1355 if (*chan_start)
1356 band--;
1357 break;
1358 }
1359 }
1360 nla_nest_end(msg, nl_bands);
1361
1362 if (band < IEEE80211_NUM_BANDS)
1363 *band_start = band + 1;
1364 else
1365 *band_start = 0;
1366
1367 /* if bands & channels are done, continue outside */
1368 if (*band_start == 0 && *chan_start == 0)
1369 (*split_start)++;
1370 if (split)
1371 break;
1372 case 4:
1373 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1374 if (!nl_cmds)
1375 goto nla_put_failure;
1376
1377 i = 0;
1378 #define CMD(op, n) \
1379 do { \
1380 if (dev->ops->op) { \
1381 i++; \
1382 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1383 goto nla_put_failure; \
1384 } \
1385 } while (0)
1386
1387 CMD(add_virtual_intf, NEW_INTERFACE);
1388 CMD(change_virtual_intf, SET_INTERFACE);
1389 CMD(add_key, NEW_KEY);
1390 CMD(start_ap, START_AP);
1391 CMD(add_station, NEW_STATION);
1392 CMD(add_mpath, NEW_MPATH);
1393 CMD(update_mesh_config, SET_MESH_CONFIG);
1394 CMD(change_bss, SET_BSS);
1395 CMD(auth, AUTHENTICATE);
1396 CMD(assoc, ASSOCIATE);
1397 CMD(deauth, DEAUTHENTICATE);
1398 CMD(disassoc, DISASSOCIATE);
1399 CMD(join_ibss, JOIN_IBSS);
1400 CMD(join_mesh, JOIN_MESH);
1401 CMD(set_pmksa, SET_PMKSA);
1402 CMD(del_pmksa, DEL_PMKSA);
1403 CMD(flush_pmksa, FLUSH_PMKSA);
1404 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1405 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1406 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1407 CMD(mgmt_tx, FRAME);
1408 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1409 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1410 i++;
1411 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1412 goto nla_put_failure;
1413 }
1414 if (dev->ops->set_monitor_channel || dev->ops->start_ap ||
1415 dev->ops->join_mesh) {
1416 i++;
1417 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1418 goto nla_put_failure;
1419 }
1420 CMD(set_wds_peer, SET_WDS_PEER);
1421 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1422 CMD(tdls_mgmt, TDLS_MGMT);
1423 CMD(tdls_oper, TDLS_OPER);
1424 }
1425 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1426 CMD(sched_scan_start, START_SCHED_SCAN);
1427 CMD(probe_client, PROBE_CLIENT);
1428 CMD(set_noack_map, SET_NOACK_MAP);
1429 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1430 i++;
1431 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1432 goto nla_put_failure;
1433 }
1434 CMD(start_p2p_device, START_P2P_DEVICE);
1435 CMD(set_mcast_rate, SET_MCAST_RATE);
1436 if (split) {
1437 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1438 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1439 }
1440
1441 #ifdef CONFIG_NL80211_TESTMODE
1442 CMD(testmode_cmd, TESTMODE);
1443 #endif
1444
1445 #undef CMD
1446
1447 if (dev->ops->connect || dev->ops->auth) {
1448 i++;
1449 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1450 goto nla_put_failure;
1451 }
1452
1453 if (dev->ops->disconnect || dev->ops->deauth) {
1454 i++;
1455 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1456 goto nla_put_failure;
1457 }
1458
1459 nla_nest_end(msg, nl_cmds);
1460 (*split_start)++;
1461 if (split)
1462 break;
1463 case 5:
1464 if (dev->ops->remain_on_channel &&
1465 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1466 nla_put_u32(msg,
1467 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1468 dev->wiphy.max_remain_on_channel_duration))
1469 goto nla_put_failure;
1470
1471 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1472 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1473 goto nla_put_failure;
1474
1475 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1476 goto nla_put_failure;
1477 (*split_start)++;
1478 if (split)
1479 break;
1480 case 6:
1481 #ifdef CONFIG_PM
1482 if (nl80211_send_wowlan(msg, dev, split))
1483 goto nla_put_failure;
1484 (*split_start)++;
1485 if (split)
1486 break;
1487 #else
1488 (*split_start)++;
1489 #endif
1490 case 7:
1491 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1492 dev->wiphy.software_iftypes))
1493 goto nla_put_failure;
1494
1495 if (nl80211_put_iface_combinations(&dev->wiphy, msg, split))
1496 goto nla_put_failure;
1497
1498 (*split_start)++;
1499 if (split)
1500 break;
1501 case 8:
1502 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1503 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1504 dev->wiphy.ap_sme_capa))
1505 goto nla_put_failure;
1506
1507 features = dev->wiphy.features;
1508 /*
1509 * We can only add the per-channel limit information if the
1510 * dump is split, otherwise it makes it too big. Therefore
1511 * only advertise it in that case.
1512 */
1513 if (split)
1514 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1515 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1516 goto nla_put_failure;
1517
1518 if (dev->wiphy.ht_capa_mod_mask &&
1519 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1520 sizeof(*dev->wiphy.ht_capa_mod_mask),
1521 dev->wiphy.ht_capa_mod_mask))
1522 goto nla_put_failure;
1523
1524 if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1525 dev->wiphy.max_acl_mac_addrs &&
1526 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1527 dev->wiphy.max_acl_mac_addrs))
1528 goto nla_put_failure;
1529
1530 if (dev->wiphy.n_vendor_commands) {
1531 const struct nl80211_vendor_cmd_info *info;
1532 struct nlattr *nested;
1533
1534 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1535 if (!nested)
1536 goto nla_put_failure;
1537
1538 for (i = 0; i < dev->wiphy.n_vendor_commands; i++) {
1539 info = &dev->wiphy.vendor_commands[i].info;
1540 if (nla_put(msg, i + 1, sizeof(*info), info))
1541 goto nla_put_failure;
1542 }
1543 nla_nest_end(msg, nested);
1544 }
1545
1546 if (dev->wiphy.n_vendor_events) {
1547 const struct nl80211_vendor_cmd_info *info;
1548 struct nlattr *nested;
1549
1550 nested = nla_nest_start(msg,
1551 NL80211_ATTR_VENDOR_EVENTS);
1552 if (!nested)
1553 goto nla_put_failure;
1554
1555 for (i = 0; i < dev->wiphy.n_vendor_events; i++) {
1556 info = &dev->wiphy.vendor_events[i];
1557 if (nla_put(msg, i + 1, sizeof(*info), info))
1558 goto nla_put_failure;
1559 }
1560 nla_nest_end(msg, nested);
1561 }
1562
1563 /*
1564 * Any information below this point is only available to
1565 * applications that can deal with it being split. This
1566 * helps ensure that newly added capabilities don't break
1567 * older tools by overrunning their buffers.
1568 *
1569 * We still increment split_start so that in the split
1570 * case we'll continue with more data in the next round,
1571 * but break unconditionally so unsplit data stops here.
1572 */
1573 (*split_start)++;
1574 break;
1575 case 9:
1576 if (dev->wiphy.extended_capabilities &&
1577 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1578 dev->wiphy.extended_capabilities_len,
1579 dev->wiphy.extended_capabilities) ||
1580 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1581 dev->wiphy.extended_capabilities_len,
1582 dev->wiphy.extended_capabilities_mask)))
1583 goto nla_put_failure;
1584
1585 if (dev->wiphy.vht_capa_mod_mask &&
1586 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1587 sizeof(*dev->wiphy.vht_capa_mod_mask),
1588 dev->wiphy.vht_capa_mod_mask))
1589 goto nla_put_failure;
1590
1591 /* done */
1592 *split_start = 0;
1593 break;
1594 }
1595 return genlmsg_end(msg, hdr);
1596
1597 nla_put_failure:
1598 genlmsg_cancel(msg, hdr);
1599 return -EMSGSIZE;
1600 }
1601
nl80211_dump_wiphy(struct sk_buff * skb,struct netlink_callback * cb)1602 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1603 {
1604 int idx = 0, ret;
1605 int start = cb->args[0];
1606 struct cfg80211_registered_device *dev;
1607 s64 filter_wiphy = -1;
1608 bool split = false;
1609 struct nlattr **tb;
1610 int res;
1611
1612 /* will be zeroed in nlmsg_parse() */
1613 tb = kmalloc(sizeof(*tb) * (NL80211_ATTR_MAX + 1), GFP_KERNEL);
1614 if (!tb)
1615 return -ENOMEM;
1616
1617 mutex_lock(&cfg80211_mutex);
1618 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1619 tb, NL80211_ATTR_MAX, nl80211_policy);
1620 if (res == 0) {
1621 split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1622 if (tb[NL80211_ATTR_WIPHY])
1623 filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1624 if (tb[NL80211_ATTR_WDEV])
1625 filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1626 if (tb[NL80211_ATTR_IFINDEX]) {
1627 struct net_device *netdev;
1628 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1629
1630 netdev = dev_get_by_index(sock_net(skb->sk), ifidx);
1631 if (!netdev) {
1632 mutex_unlock(&cfg80211_mutex);
1633 kfree(tb);
1634 return -ENODEV;
1635 }
1636 if (netdev->ieee80211_ptr) {
1637 dev = wiphy_to_dev(
1638 netdev->ieee80211_ptr->wiphy);
1639 filter_wiphy = dev->wiphy_idx;
1640 }
1641 dev_put(netdev);
1642 }
1643 }
1644 kfree(tb);
1645
1646 list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1647 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1648 continue;
1649 if (++idx <= start)
1650 continue;
1651 if (filter_wiphy != -1 && dev->wiphy_idx != filter_wiphy)
1652 continue;
1653 /* attempt to fit multiple wiphy data chunks into the skb */
1654 do {
1655 ret = nl80211_send_wiphy(dev, skb,
1656 NETLINK_CB(cb->skb).portid,
1657 cb->nlh->nlmsg_seq,
1658 NLM_F_MULTI,
1659 split, &cb->args[1],
1660 &cb->args[2],
1661 &cb->args[3]);
1662 if (ret < 0) {
1663 /*
1664 * If sending the wiphy data didn't fit (ENOBUFS
1665 * or EMSGSIZE returned), this SKB is still
1666 * empty (so it's not too big because another
1667 * wiphy dataset is already in the skb) and
1668 * we've not tried to adjust the dump allocation
1669 * yet ... then adjust the alloc size to be
1670 * bigger, and return 1 but with the empty skb.
1671 * This results in an empty message being RX'ed
1672 * in userspace, but that is ignored.
1673 *
1674 * We can then retry with the larger buffer.
1675 */
1676 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1677 !skb->len &&
1678 cb->min_dump_alloc < 4096) {
1679 cb->min_dump_alloc = 4096;
1680 mutex_unlock(&cfg80211_mutex);
1681 return 1;
1682 }
1683 idx--;
1684 break;
1685 }
1686 } while (cb->args[1] > 0);
1687 break;
1688 }
1689 mutex_unlock(&cfg80211_mutex);
1690
1691 cb->args[0] = idx;
1692
1693 return skb->len;
1694 }
1695
nl80211_get_wiphy(struct sk_buff * skb,struct genl_info * info)1696 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1697 {
1698 struct sk_buff *msg;
1699 struct cfg80211_registered_device *dev = info->user_ptr[0];
1700
1701 msg = nlmsg_new(4096, GFP_KERNEL);
1702 if (!msg)
1703 return -ENOMEM;
1704
1705 if (nl80211_send_wiphy(dev, msg, info->snd_portid, info->snd_seq, 0,
1706 false, NULL, NULL, NULL) < 0) {
1707 nlmsg_free(msg);
1708 return -ENOBUFS;
1709 }
1710
1711 return genlmsg_reply(msg, info);
1712 }
1713
1714 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1715 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
1716 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
1717 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
1718 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
1719 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
1720 };
1721
parse_txq_params(struct nlattr * tb[],struct ieee80211_txq_params * txq_params)1722 static int parse_txq_params(struct nlattr *tb[],
1723 struct ieee80211_txq_params *txq_params)
1724 {
1725 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1726 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1727 !tb[NL80211_TXQ_ATTR_AIFS])
1728 return -EINVAL;
1729
1730 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1731 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1732 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1733 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1734 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1735
1736 if (txq_params->ac >= NL80211_NUM_ACS)
1737 return -EINVAL;
1738
1739 return 0;
1740 }
1741
nl80211_can_set_dev_channel(struct wireless_dev * wdev)1742 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1743 {
1744 /*
1745 * You can only set the channel explicitly for WDS interfaces,
1746 * all others have their channel managed via their respective
1747 * "establish a connection" command (connect, join, ...)
1748 *
1749 * For AP/GO and mesh mode, the channel can be set with the
1750 * channel userspace API, but is only stored and passed to the
1751 * low-level driver when the AP starts or the mesh is joined.
1752 * This is for backward compatibility, userspace can also give
1753 * the channel in the start-ap or join-mesh commands instead.
1754 *
1755 * Monitors are special as they are normally slaved to
1756 * whatever else is going on, so they have their own special
1757 * operation to set the monitor channel if possible.
1758 */
1759 return !wdev ||
1760 wdev->iftype == NL80211_IFTYPE_AP ||
1761 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1762 wdev->iftype == NL80211_IFTYPE_MONITOR ||
1763 wdev->iftype == NL80211_IFTYPE_P2P_GO;
1764 }
1765
nl80211_parse_chandef(struct cfg80211_registered_device * rdev,struct genl_info * info,struct cfg80211_chan_def * chandef)1766 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1767 struct genl_info *info,
1768 struct cfg80211_chan_def *chandef)
1769 {
1770 u32 control_freq;
1771
1772 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1773 return -EINVAL;
1774
1775 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1776
1777 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1778 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1779 chandef->center_freq1 = control_freq;
1780 chandef->center_freq2 = 0;
1781
1782 /* Primary channel not allowed */
1783 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1784 return -EINVAL;
1785
1786 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1787 enum nl80211_channel_type chantype;
1788
1789 chantype = nla_get_u32(
1790 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1791
1792 switch (chantype) {
1793 case NL80211_CHAN_NO_HT:
1794 case NL80211_CHAN_HT20:
1795 case NL80211_CHAN_HT40PLUS:
1796 case NL80211_CHAN_HT40MINUS:
1797 cfg80211_chandef_create(chandef, chandef->chan,
1798 chantype);
1799 break;
1800 default:
1801 return -EINVAL;
1802 }
1803 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1804 chandef->width =
1805 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1806 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1807 chandef->center_freq1 =
1808 nla_get_u32(
1809 info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1810 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1811 chandef->center_freq2 =
1812 nla_get_u32(
1813 info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1814 }
1815
1816 if (!cfg80211_chandef_valid(chandef))
1817 return -EINVAL;
1818
1819 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1820 IEEE80211_CHAN_DISABLED))
1821 return -EINVAL;
1822
1823 return 0;
1824 }
1825
__nl80211_set_channel(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,struct genl_info * info)1826 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1827 struct wireless_dev *wdev,
1828 struct genl_info *info)
1829 {
1830 struct cfg80211_chan_def chandef;
1831 int result;
1832 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1833
1834 if (wdev)
1835 iftype = wdev->iftype;
1836
1837 if (!nl80211_can_set_dev_channel(wdev))
1838 return -EOPNOTSUPP;
1839
1840 result = nl80211_parse_chandef(rdev, info, &chandef);
1841 if (result)
1842 return result;
1843
1844 mutex_lock(&rdev->devlist_mtx);
1845 switch (iftype) {
1846 case NL80211_IFTYPE_AP:
1847 case NL80211_IFTYPE_P2P_GO:
1848 if (wdev->beacon_interval) {
1849 result = -EBUSY;
1850 break;
1851 }
1852 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef)) {
1853 result = -EINVAL;
1854 break;
1855 }
1856 wdev->preset_chandef = chandef;
1857 result = 0;
1858 break;
1859 case NL80211_IFTYPE_MESH_POINT:
1860 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
1861 break;
1862 case NL80211_IFTYPE_MONITOR:
1863 result = cfg80211_set_monitor_channel(rdev, &chandef);
1864 break;
1865 default:
1866 result = -EINVAL;
1867 }
1868 mutex_unlock(&rdev->devlist_mtx);
1869
1870 return result;
1871 }
1872
nl80211_set_channel(struct sk_buff * skb,struct genl_info * info)1873 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1874 {
1875 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1876 struct net_device *netdev = info->user_ptr[1];
1877
1878 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1879 }
1880
nl80211_set_wds_peer(struct sk_buff * skb,struct genl_info * info)1881 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1882 {
1883 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1884 struct net_device *dev = info->user_ptr[1];
1885 struct wireless_dev *wdev = dev->ieee80211_ptr;
1886 const u8 *bssid;
1887
1888 if (!info->attrs[NL80211_ATTR_MAC])
1889 return -EINVAL;
1890
1891 if (netif_running(dev))
1892 return -EBUSY;
1893
1894 if (!rdev->ops->set_wds_peer)
1895 return -EOPNOTSUPP;
1896
1897 if (wdev->iftype != NL80211_IFTYPE_WDS)
1898 return -EOPNOTSUPP;
1899
1900 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1901 return rdev_set_wds_peer(rdev, dev, bssid);
1902 }
1903
1904
nl80211_set_wiphy(struct sk_buff * skb,struct genl_info * info)1905 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1906 {
1907 struct cfg80211_registered_device *rdev;
1908 struct net_device *netdev = NULL;
1909 struct wireless_dev *wdev;
1910 int result = 0, rem_txq_params = 0;
1911 struct nlattr *nl_txq_params;
1912 u32 changed;
1913 u8 retry_short = 0, retry_long = 0;
1914 u32 frag_threshold = 0, rts_threshold = 0;
1915 u8 coverage_class = 0;
1916
1917 /*
1918 * Try to find the wiphy and netdev. Normally this
1919 * function shouldn't need the netdev, but this is
1920 * done for backward compatibility -- previously
1921 * setting the channel was done per wiphy, but now
1922 * it is per netdev. Previous userland like hostapd
1923 * also passed a netdev to set_wiphy, so that it is
1924 * possible to let that go to the right netdev!
1925 */
1926 mutex_lock(&cfg80211_mutex);
1927
1928 if (info->attrs[NL80211_ATTR_IFINDEX]) {
1929 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1930
1931 netdev = dev_get_by_index(genl_info_net(info), ifindex);
1932 if (netdev && netdev->ieee80211_ptr) {
1933 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1934 mutex_lock(&rdev->mtx);
1935 } else
1936 netdev = NULL;
1937 }
1938
1939 if (!netdev) {
1940 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
1941 info->attrs);
1942 if (IS_ERR(rdev)) {
1943 mutex_unlock(&cfg80211_mutex);
1944 return PTR_ERR(rdev);
1945 }
1946 wdev = NULL;
1947 netdev = NULL;
1948 result = 0;
1949
1950 mutex_lock(&rdev->mtx);
1951 } else
1952 wdev = netdev->ieee80211_ptr;
1953
1954 /*
1955 * end workaround code, by now the rdev is available
1956 * and locked, and wdev may or may not be NULL.
1957 */
1958
1959 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1960 result = cfg80211_dev_rename(
1961 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1962
1963 mutex_unlock(&cfg80211_mutex);
1964
1965 if (result)
1966 goto bad_res;
1967
1968 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1969 struct ieee80211_txq_params txq_params;
1970 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1971
1972 if (!rdev->ops->set_txq_params) {
1973 result = -EOPNOTSUPP;
1974 goto bad_res;
1975 }
1976
1977 if (!netdev) {
1978 result = -EINVAL;
1979 goto bad_res;
1980 }
1981
1982 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1983 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1984 result = -EINVAL;
1985 goto bad_res;
1986 }
1987
1988 if (!netif_running(netdev)) {
1989 result = -ENETDOWN;
1990 goto bad_res;
1991 }
1992
1993 nla_for_each_nested(nl_txq_params,
1994 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1995 rem_txq_params) {
1996 nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1997 nla_data(nl_txq_params),
1998 nla_len(nl_txq_params),
1999 txq_params_policy);
2000 result = parse_txq_params(tb, &txq_params);
2001 if (result)
2002 goto bad_res;
2003
2004 result = rdev_set_txq_params(rdev, netdev,
2005 &txq_params);
2006 if (result)
2007 goto bad_res;
2008 }
2009 }
2010
2011 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2012 result = __nl80211_set_channel(rdev,
2013 nl80211_can_set_dev_channel(wdev) ? wdev : NULL,
2014 info);
2015 if (result)
2016 goto bad_res;
2017 }
2018
2019 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2020 struct wireless_dev *txp_wdev = wdev;
2021 enum nl80211_tx_power_setting type;
2022 int idx, mbm = 0;
2023
2024 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2025 txp_wdev = NULL;
2026
2027 if (!rdev->ops->set_tx_power) {
2028 result = -EOPNOTSUPP;
2029 goto bad_res;
2030 }
2031
2032 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2033 type = nla_get_u32(info->attrs[idx]);
2034
2035 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2036 (type != NL80211_TX_POWER_AUTOMATIC)) {
2037 result = -EINVAL;
2038 goto bad_res;
2039 }
2040
2041 if (type != NL80211_TX_POWER_AUTOMATIC) {
2042 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2043 mbm = nla_get_u32(info->attrs[idx]);
2044 }
2045
2046 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2047 if (result)
2048 goto bad_res;
2049 }
2050
2051 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2052 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2053 u32 tx_ant, rx_ant;
2054 if ((!rdev->wiphy.available_antennas_tx &&
2055 !rdev->wiphy.available_antennas_rx) ||
2056 !rdev->ops->set_antenna) {
2057 result = -EOPNOTSUPP;
2058 goto bad_res;
2059 }
2060
2061 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2062 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2063
2064 /* reject antenna configurations which don't match the
2065 * available antenna masks, except for the "all" mask */
2066 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2067 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
2068 result = -EINVAL;
2069 goto bad_res;
2070 }
2071
2072 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2073 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2074
2075 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2076 if (result)
2077 goto bad_res;
2078 }
2079
2080 changed = 0;
2081
2082 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2083 retry_short = nla_get_u8(
2084 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2085 if (retry_short == 0) {
2086 result = -EINVAL;
2087 goto bad_res;
2088 }
2089 changed |= WIPHY_PARAM_RETRY_SHORT;
2090 }
2091
2092 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2093 retry_long = nla_get_u8(
2094 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2095 if (retry_long == 0) {
2096 result = -EINVAL;
2097 goto bad_res;
2098 }
2099 changed |= WIPHY_PARAM_RETRY_LONG;
2100 }
2101
2102 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2103 frag_threshold = nla_get_u32(
2104 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2105 if (frag_threshold < 256) {
2106 result = -EINVAL;
2107 goto bad_res;
2108 }
2109 if (frag_threshold != (u32) -1) {
2110 /*
2111 * Fragments (apart from the last one) are required to
2112 * have even length. Make the fragmentation code
2113 * simpler by stripping LSB should someone try to use
2114 * odd threshold value.
2115 */
2116 frag_threshold &= ~0x1;
2117 }
2118 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2119 }
2120
2121 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2122 rts_threshold = nla_get_u32(
2123 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2124 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2125 }
2126
2127 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2128 coverage_class = nla_get_u8(
2129 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2130 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2131 }
2132
2133 if (changed) {
2134 u8 old_retry_short, old_retry_long;
2135 u32 old_frag_threshold, old_rts_threshold;
2136 u8 old_coverage_class;
2137
2138 if (!rdev->ops->set_wiphy_params) {
2139 result = -EOPNOTSUPP;
2140 goto bad_res;
2141 }
2142
2143 old_retry_short = rdev->wiphy.retry_short;
2144 old_retry_long = rdev->wiphy.retry_long;
2145 old_frag_threshold = rdev->wiphy.frag_threshold;
2146 old_rts_threshold = rdev->wiphy.rts_threshold;
2147 old_coverage_class = rdev->wiphy.coverage_class;
2148
2149 if (changed & WIPHY_PARAM_RETRY_SHORT)
2150 rdev->wiphy.retry_short = retry_short;
2151 if (changed & WIPHY_PARAM_RETRY_LONG)
2152 rdev->wiphy.retry_long = retry_long;
2153 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2154 rdev->wiphy.frag_threshold = frag_threshold;
2155 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2156 rdev->wiphy.rts_threshold = rts_threshold;
2157 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2158 rdev->wiphy.coverage_class = coverage_class;
2159
2160 result = rdev_set_wiphy_params(rdev, changed);
2161 if (result) {
2162 rdev->wiphy.retry_short = old_retry_short;
2163 rdev->wiphy.retry_long = old_retry_long;
2164 rdev->wiphy.frag_threshold = old_frag_threshold;
2165 rdev->wiphy.rts_threshold = old_rts_threshold;
2166 rdev->wiphy.coverage_class = old_coverage_class;
2167 }
2168 }
2169
2170 bad_res:
2171 mutex_unlock(&rdev->mtx);
2172 if (netdev)
2173 dev_put(netdev);
2174 return result;
2175 }
2176
wdev_id(struct wireless_dev * wdev)2177 static inline u64 wdev_id(struct wireless_dev *wdev)
2178 {
2179 return (u64)wdev->identifier |
2180 ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32);
2181 }
2182
nl80211_send_chandef(struct sk_buff * msg,struct cfg80211_chan_def * chandef)2183 static int nl80211_send_chandef(struct sk_buff *msg,
2184 struct cfg80211_chan_def *chandef)
2185 {
2186 WARN_ON(!cfg80211_chandef_valid(chandef));
2187
2188 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2189 chandef->chan->center_freq))
2190 return -ENOBUFS;
2191 switch (chandef->width) {
2192 case NL80211_CHAN_WIDTH_20_NOHT:
2193 case NL80211_CHAN_WIDTH_20:
2194 case NL80211_CHAN_WIDTH_40:
2195 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2196 cfg80211_get_chandef_type(chandef)))
2197 return -ENOBUFS;
2198 break;
2199 default:
2200 break;
2201 }
2202 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2203 return -ENOBUFS;
2204 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2205 return -ENOBUFS;
2206 if (chandef->center_freq2 &&
2207 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2208 return -ENOBUFS;
2209 return 0;
2210 }
2211
nl80211_send_iface(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev)2212 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2213 struct cfg80211_registered_device *rdev,
2214 struct wireless_dev *wdev)
2215 {
2216 struct net_device *dev = wdev->netdev;
2217 void *hdr;
2218
2219 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
2220 if (!hdr)
2221 return -1;
2222
2223 if (dev &&
2224 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2225 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2226 goto nla_put_failure;
2227
2228 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2229 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2230 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2231 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2232 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2233 rdev->devlist_generation ^
2234 (cfg80211_rdev_list_generation << 2)))
2235 goto nla_put_failure;
2236
2237 if (rdev->ops->get_channel) {
2238 int ret;
2239 struct cfg80211_chan_def chandef;
2240
2241 ret = rdev_get_channel(rdev, wdev, &chandef);
2242 if (ret == 0) {
2243 if (nl80211_send_chandef(msg, &chandef))
2244 goto nla_put_failure;
2245 }
2246 }
2247
2248 if (wdev->ssid_len) {
2249 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2250 goto nla_put_failure;
2251 }
2252
2253 return genlmsg_end(msg, hdr);
2254
2255 nla_put_failure:
2256 genlmsg_cancel(msg, hdr);
2257 return -EMSGSIZE;
2258 }
2259
nl80211_dump_interface(struct sk_buff * skb,struct netlink_callback * cb)2260 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2261 {
2262 int wp_idx = 0;
2263 int if_idx = 0;
2264 int wp_start = cb->args[0];
2265 int if_start = cb->args[1];
2266 struct cfg80211_registered_device *rdev;
2267 struct wireless_dev *wdev;
2268
2269 mutex_lock(&cfg80211_mutex);
2270 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2271 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2272 continue;
2273 if (wp_idx < wp_start) {
2274 wp_idx++;
2275 continue;
2276 }
2277 if_idx = 0;
2278
2279 mutex_lock(&rdev->devlist_mtx);
2280 list_for_each_entry(wdev, &rdev->wdev_list, list) {
2281 if (if_idx < if_start) {
2282 if_idx++;
2283 continue;
2284 }
2285 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2286 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2287 rdev, wdev) < 0) {
2288 mutex_unlock(&rdev->devlist_mtx);
2289 goto out;
2290 }
2291 if_idx++;
2292 }
2293 mutex_unlock(&rdev->devlist_mtx);
2294
2295 wp_idx++;
2296 }
2297 out:
2298 mutex_unlock(&cfg80211_mutex);
2299
2300 cb->args[0] = wp_idx;
2301 cb->args[1] = if_idx;
2302
2303 return skb->len;
2304 }
2305
nl80211_get_interface(struct sk_buff * skb,struct genl_info * info)2306 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2307 {
2308 struct sk_buff *msg;
2309 struct cfg80211_registered_device *dev = info->user_ptr[0];
2310 struct wireless_dev *wdev = info->user_ptr[1];
2311
2312 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2313 if (!msg)
2314 return -ENOMEM;
2315
2316 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2317 dev, wdev) < 0) {
2318 nlmsg_free(msg);
2319 return -ENOBUFS;
2320 }
2321
2322 return genlmsg_reply(msg, info);
2323 }
2324
2325 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2326 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2327 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2328 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2329 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2330 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2331 };
2332
parse_monitor_flags(struct nlattr * nla,u32 * mntrflags)2333 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2334 {
2335 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2336 int flag;
2337
2338 *mntrflags = 0;
2339
2340 if (!nla)
2341 return -EINVAL;
2342
2343 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2344 nla, mntr_flags_policy))
2345 return -EINVAL;
2346
2347 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2348 if (flags[flag])
2349 *mntrflags |= (1<<flag);
2350
2351 return 0;
2352 }
2353
nl80211_valid_4addr(struct cfg80211_registered_device * rdev,struct net_device * netdev,u8 use_4addr,enum nl80211_iftype iftype)2354 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2355 struct net_device *netdev, u8 use_4addr,
2356 enum nl80211_iftype iftype)
2357 {
2358 if (!use_4addr) {
2359 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2360 return -EBUSY;
2361 return 0;
2362 }
2363
2364 switch (iftype) {
2365 case NL80211_IFTYPE_AP_VLAN:
2366 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2367 return 0;
2368 break;
2369 case NL80211_IFTYPE_STATION:
2370 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2371 return 0;
2372 break;
2373 default:
2374 break;
2375 }
2376
2377 return -EOPNOTSUPP;
2378 }
2379
nl80211_set_interface(struct sk_buff * skb,struct genl_info * info)2380 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2381 {
2382 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2383 struct vif_params params;
2384 int err;
2385 enum nl80211_iftype otype, ntype;
2386 struct net_device *dev = info->user_ptr[1];
2387 u32 _flags, *flags = NULL;
2388 bool change = false;
2389
2390 memset(¶ms, 0, sizeof(params));
2391
2392 otype = ntype = dev->ieee80211_ptr->iftype;
2393
2394 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2395 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2396 if (otype != ntype)
2397 change = true;
2398 if (ntype > NL80211_IFTYPE_MAX)
2399 return -EINVAL;
2400 }
2401
2402 if (info->attrs[NL80211_ATTR_MESH_ID]) {
2403 struct wireless_dev *wdev = dev->ieee80211_ptr;
2404
2405 if (ntype != NL80211_IFTYPE_MESH_POINT)
2406 return -EINVAL;
2407 if (netif_running(dev))
2408 return -EBUSY;
2409
2410 wdev_lock(wdev);
2411 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2412 IEEE80211_MAX_MESH_ID_LEN);
2413 wdev->mesh_id_up_len =
2414 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2415 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2416 wdev->mesh_id_up_len);
2417 wdev_unlock(wdev);
2418 }
2419
2420 if (info->attrs[NL80211_ATTR_4ADDR]) {
2421 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2422 change = true;
2423 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2424 if (err)
2425 return err;
2426 } else {
2427 params.use_4addr = -1;
2428 }
2429
2430 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2431 if (ntype != NL80211_IFTYPE_MONITOR)
2432 return -EINVAL;
2433 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2434 &_flags);
2435 if (err)
2436 return err;
2437
2438 flags = &_flags;
2439 change = true;
2440 }
2441
2442 if (change)
2443 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms);
2444 else
2445 err = 0;
2446
2447 if (!err && params.use_4addr != -1)
2448 dev->ieee80211_ptr->use_4addr = params.use_4addr;
2449
2450 return err;
2451 }
2452
nl80211_new_interface(struct sk_buff * skb,struct genl_info * info)2453 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2454 {
2455 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2456 struct vif_params params;
2457 struct wireless_dev *wdev;
2458 struct sk_buff *msg;
2459 int err;
2460 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2461 u32 flags;
2462
2463 /* to avoid failing a new interface creation due to pending removal */
2464 cfg80211_destroy_ifaces(rdev);
2465
2466 memset(¶ms, 0, sizeof(params));
2467
2468 if (!info->attrs[NL80211_ATTR_IFNAME])
2469 return -EINVAL;
2470
2471 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2472 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2473 if (type > NL80211_IFTYPE_MAX)
2474 return -EINVAL;
2475 }
2476
2477 if (!rdev->ops->add_virtual_intf ||
2478 !(rdev->wiphy.interface_modes & (1 << type)))
2479 return -EOPNOTSUPP;
2480
2481 if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) {
2482 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2483 ETH_ALEN);
2484 if (!is_valid_ether_addr(params.macaddr))
2485 return -EADDRNOTAVAIL;
2486 }
2487
2488 if (info->attrs[NL80211_ATTR_4ADDR]) {
2489 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2490 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2491 if (err)
2492 return err;
2493 }
2494
2495 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2496 if (!msg)
2497 return -ENOMEM;
2498
2499 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2500 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2501 &flags);
2502 wdev = rdev_add_virtual_intf(rdev,
2503 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2504 type, err ? NULL : &flags, ¶ms);
2505 if (IS_ERR(wdev)) {
2506 nlmsg_free(msg);
2507 return PTR_ERR(wdev);
2508 }
2509
2510 if (info->attrs[NL80211_ATTR_IFACE_SOCKET_OWNER])
2511 wdev->owner_nlportid = info->snd_portid;
2512
2513 switch (type) {
2514 case NL80211_IFTYPE_MESH_POINT:
2515 if (!info->attrs[NL80211_ATTR_MESH_ID])
2516 break;
2517 wdev_lock(wdev);
2518 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2519 IEEE80211_MAX_MESH_ID_LEN);
2520 wdev->mesh_id_up_len =
2521 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2522 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2523 wdev->mesh_id_up_len);
2524 wdev_unlock(wdev);
2525 break;
2526 case NL80211_IFTYPE_P2P_DEVICE:
2527 /*
2528 * P2P Device doesn't have a netdev, so doesn't go
2529 * through the netdev notifier and must be added here
2530 */
2531 mutex_init(&wdev->mtx);
2532 INIT_LIST_HEAD(&wdev->event_list);
2533 spin_lock_init(&wdev->event_lock);
2534 INIT_LIST_HEAD(&wdev->mgmt_registrations);
2535 spin_lock_init(&wdev->mgmt_registrations_lock);
2536
2537 mutex_lock(&rdev->devlist_mtx);
2538 wdev->identifier = ++rdev->wdev_id;
2539 list_add_rcu(&wdev->list, &rdev->wdev_list);
2540 rdev->devlist_generation++;
2541 mutex_unlock(&rdev->devlist_mtx);
2542 break;
2543 default:
2544 break;
2545 }
2546
2547 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2548 rdev, wdev) < 0) {
2549 nlmsg_free(msg);
2550 return -ENOBUFS;
2551 }
2552
2553 return genlmsg_reply(msg, info);
2554 }
2555
nl80211_del_interface(struct sk_buff * skb,struct genl_info * info)2556 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2557 {
2558 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2559 struct wireless_dev *wdev = info->user_ptr[1];
2560
2561 if (!rdev->ops->del_virtual_intf)
2562 return -EOPNOTSUPP;
2563
2564 /*
2565 * If we remove a wireless device without a netdev then clear
2566 * user_ptr[1] so that nl80211_post_doit won't dereference it
2567 * to check if it needs to do dev_put(). Otherwise it crashes
2568 * since the wdev has been freed, unlike with a netdev where
2569 * we need the dev_put() for the netdev to really be freed.
2570 */
2571 if (!wdev->netdev)
2572 info->user_ptr[1] = NULL;
2573
2574 return rdev_del_virtual_intf(rdev, wdev);
2575 }
2576
nl80211_set_noack_map(struct sk_buff * skb,struct genl_info * info)2577 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2578 {
2579 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2580 struct net_device *dev = info->user_ptr[1];
2581 u16 noack_map;
2582
2583 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2584 return -EINVAL;
2585
2586 if (!rdev->ops->set_noack_map)
2587 return -EOPNOTSUPP;
2588
2589 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2590
2591 return rdev_set_noack_map(rdev, dev, noack_map);
2592 }
2593
2594 struct get_key_cookie {
2595 struct sk_buff *msg;
2596 int error;
2597 int idx;
2598 };
2599
get_key_callback(void * c,struct key_params * params)2600 static void get_key_callback(void *c, struct key_params *params)
2601 {
2602 struct nlattr *key;
2603 struct get_key_cookie *cookie = c;
2604
2605 if ((params->key &&
2606 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2607 params->key_len, params->key)) ||
2608 (params->seq &&
2609 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2610 params->seq_len, params->seq)) ||
2611 (params->cipher &&
2612 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2613 params->cipher)))
2614 goto nla_put_failure;
2615
2616 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2617 if (!key)
2618 goto nla_put_failure;
2619
2620 if ((params->key &&
2621 nla_put(cookie->msg, NL80211_KEY_DATA,
2622 params->key_len, params->key)) ||
2623 (params->seq &&
2624 nla_put(cookie->msg, NL80211_KEY_SEQ,
2625 params->seq_len, params->seq)) ||
2626 (params->cipher &&
2627 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2628 params->cipher)))
2629 goto nla_put_failure;
2630
2631 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2632 goto nla_put_failure;
2633
2634 nla_nest_end(cookie->msg, key);
2635
2636 return;
2637 nla_put_failure:
2638 cookie->error = 1;
2639 }
2640
nl80211_get_key(struct sk_buff * skb,struct genl_info * info)2641 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2642 {
2643 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2644 int err;
2645 struct net_device *dev = info->user_ptr[1];
2646 u8 key_idx = 0;
2647 const u8 *mac_addr = NULL;
2648 bool pairwise;
2649 struct get_key_cookie cookie = {
2650 .error = 0,
2651 };
2652 void *hdr;
2653 struct sk_buff *msg;
2654
2655 if (info->attrs[NL80211_ATTR_KEY_IDX])
2656 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2657
2658 if (key_idx > 5)
2659 return -EINVAL;
2660
2661 if (info->attrs[NL80211_ATTR_MAC])
2662 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2663
2664 pairwise = !!mac_addr;
2665 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2666 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2667 if (kt >= NUM_NL80211_KEYTYPES)
2668 return -EINVAL;
2669 if (kt != NL80211_KEYTYPE_GROUP &&
2670 kt != NL80211_KEYTYPE_PAIRWISE)
2671 return -EINVAL;
2672 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2673 }
2674
2675 if (!rdev->ops->get_key)
2676 return -EOPNOTSUPP;
2677
2678 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2679 if (!msg)
2680 return -ENOMEM;
2681
2682 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2683 NL80211_CMD_NEW_KEY);
2684 if (!hdr)
2685 goto nla_put_failure;
2686
2687 cookie.msg = msg;
2688 cookie.idx = key_idx;
2689
2690 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2691 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2692 goto nla_put_failure;
2693 if (mac_addr &&
2694 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2695 goto nla_put_failure;
2696
2697 if (pairwise && mac_addr &&
2698 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2699 return -ENOENT;
2700
2701 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2702 get_key_callback);
2703
2704 if (err)
2705 goto free_msg;
2706
2707 if (cookie.error)
2708 goto nla_put_failure;
2709
2710 genlmsg_end(msg, hdr);
2711 return genlmsg_reply(msg, info);
2712
2713 nla_put_failure:
2714 err = -ENOBUFS;
2715 free_msg:
2716 nlmsg_free(msg);
2717 return err;
2718 }
2719
nl80211_set_key(struct sk_buff * skb,struct genl_info * info)2720 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2721 {
2722 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2723 struct key_parse key;
2724 int err;
2725 struct net_device *dev = info->user_ptr[1];
2726
2727 err = nl80211_parse_key(info, &key);
2728 if (err)
2729 return err;
2730
2731 if (key.idx < 0)
2732 return -EINVAL;
2733
2734 /* only support setting default key */
2735 if (!key.def && !key.defmgmt)
2736 return -EINVAL;
2737
2738 wdev_lock(dev->ieee80211_ptr);
2739
2740 if (key.def) {
2741 if (!rdev->ops->set_default_key) {
2742 err = -EOPNOTSUPP;
2743 goto out;
2744 }
2745
2746 err = nl80211_key_allowed(dev->ieee80211_ptr);
2747 if (err)
2748 goto out;
2749
2750 err = rdev_set_default_key(rdev, dev, key.idx,
2751 key.def_uni, key.def_multi);
2752
2753 if (err)
2754 goto out;
2755
2756 #ifdef CONFIG_CFG80211_WEXT
2757 dev->ieee80211_ptr->wext.default_key = key.idx;
2758 #endif
2759 } else {
2760 if (key.def_uni || !key.def_multi) {
2761 err = -EINVAL;
2762 goto out;
2763 }
2764
2765 if (!rdev->ops->set_default_mgmt_key) {
2766 err = -EOPNOTSUPP;
2767 goto out;
2768 }
2769
2770 err = nl80211_key_allowed(dev->ieee80211_ptr);
2771 if (err)
2772 goto out;
2773
2774 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2775 if (err)
2776 goto out;
2777
2778 #ifdef CONFIG_CFG80211_WEXT
2779 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2780 #endif
2781 }
2782
2783 out:
2784 wdev_unlock(dev->ieee80211_ptr);
2785
2786 return err;
2787 }
2788
nl80211_new_key(struct sk_buff * skb,struct genl_info * info)2789 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2790 {
2791 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2792 int err;
2793 struct net_device *dev = info->user_ptr[1];
2794 struct key_parse key;
2795 const u8 *mac_addr = NULL;
2796
2797 err = nl80211_parse_key(info, &key);
2798 if (err)
2799 return err;
2800
2801 if (!key.p.key)
2802 return -EINVAL;
2803
2804 if (info->attrs[NL80211_ATTR_MAC])
2805 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2806
2807 if (key.type == -1) {
2808 if (mac_addr)
2809 key.type = NL80211_KEYTYPE_PAIRWISE;
2810 else
2811 key.type = NL80211_KEYTYPE_GROUP;
2812 }
2813
2814 /* for now */
2815 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2816 key.type != NL80211_KEYTYPE_GROUP)
2817 return -EINVAL;
2818
2819 if (!rdev->ops->add_key)
2820 return -EOPNOTSUPP;
2821
2822 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2823 key.type == NL80211_KEYTYPE_PAIRWISE,
2824 mac_addr))
2825 return -EINVAL;
2826
2827 wdev_lock(dev->ieee80211_ptr);
2828 err = nl80211_key_allowed(dev->ieee80211_ptr);
2829 if (!err)
2830 err = rdev_add_key(rdev, dev, key.idx,
2831 key.type == NL80211_KEYTYPE_PAIRWISE,
2832 mac_addr, &key.p);
2833 wdev_unlock(dev->ieee80211_ptr);
2834
2835 return err;
2836 }
2837
nl80211_del_key(struct sk_buff * skb,struct genl_info * info)2838 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2839 {
2840 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2841 int err;
2842 struct net_device *dev = info->user_ptr[1];
2843 u8 *mac_addr = NULL;
2844 struct key_parse key;
2845
2846 err = nl80211_parse_key(info, &key);
2847 if (err)
2848 return err;
2849
2850 if (info->attrs[NL80211_ATTR_MAC])
2851 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2852
2853 if (key.type == -1) {
2854 if (mac_addr)
2855 key.type = NL80211_KEYTYPE_PAIRWISE;
2856 else
2857 key.type = NL80211_KEYTYPE_GROUP;
2858 }
2859
2860 /* for now */
2861 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2862 key.type != NL80211_KEYTYPE_GROUP)
2863 return -EINVAL;
2864
2865 if (!rdev->ops->del_key)
2866 return -EOPNOTSUPP;
2867
2868 wdev_lock(dev->ieee80211_ptr);
2869 err = nl80211_key_allowed(dev->ieee80211_ptr);
2870
2871 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2872 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2873 err = -ENOENT;
2874
2875 if (!err)
2876 err = rdev_del_key(rdev, dev, key.idx,
2877 key.type == NL80211_KEYTYPE_PAIRWISE,
2878 mac_addr);
2879
2880 #ifdef CONFIG_CFG80211_WEXT
2881 if (!err) {
2882 if (key.idx == dev->ieee80211_ptr->wext.default_key)
2883 dev->ieee80211_ptr->wext.default_key = -1;
2884 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2885 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2886 }
2887 #endif
2888 wdev_unlock(dev->ieee80211_ptr);
2889
2890 return err;
2891 }
2892
2893 /* This function returns an error or the number of nested attributes */
validate_acl_mac_addrs(struct nlattr * nl_attr)2894 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
2895 {
2896 struct nlattr *attr;
2897 int n_entries = 0, tmp;
2898
2899 nla_for_each_nested(attr, nl_attr, tmp) {
2900 if (nla_len(attr) != ETH_ALEN)
2901 return -EINVAL;
2902
2903 n_entries++;
2904 }
2905
2906 return n_entries;
2907 }
2908
2909 /*
2910 * This function parses ACL information and allocates memory for ACL data.
2911 * On successful return, the calling function is responsible to free the
2912 * ACL buffer returned by this function.
2913 */
parse_acl_data(struct wiphy * wiphy,struct genl_info * info)2914 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
2915 struct genl_info *info)
2916 {
2917 enum nl80211_acl_policy acl_policy;
2918 struct nlattr *attr;
2919 struct cfg80211_acl_data *acl;
2920 int i = 0, n_entries, tmp;
2921
2922 if (!wiphy->max_acl_mac_addrs)
2923 return ERR_PTR(-EOPNOTSUPP);
2924
2925 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
2926 return ERR_PTR(-EINVAL);
2927
2928 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
2929 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
2930 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
2931 return ERR_PTR(-EINVAL);
2932
2933 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
2934 return ERR_PTR(-EINVAL);
2935
2936 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
2937 if (n_entries < 0)
2938 return ERR_PTR(n_entries);
2939
2940 if (n_entries > wiphy->max_acl_mac_addrs)
2941 return ERR_PTR(-ENOTSUPP);
2942
2943 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
2944 GFP_KERNEL);
2945 if (!acl)
2946 return ERR_PTR(-ENOMEM);
2947
2948 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
2949 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
2950 i++;
2951 }
2952
2953 acl->n_acl_entries = n_entries;
2954 acl->acl_policy = acl_policy;
2955
2956 return acl;
2957 }
2958
nl80211_set_mac_acl(struct sk_buff * skb,struct genl_info * info)2959 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
2960 {
2961 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2962 struct net_device *dev = info->user_ptr[1];
2963 struct cfg80211_acl_data *acl;
2964 int err;
2965
2966 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2967 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2968 return -EOPNOTSUPP;
2969
2970 if (!dev->ieee80211_ptr->beacon_interval)
2971 return -EINVAL;
2972
2973 acl = parse_acl_data(&rdev->wiphy, info);
2974 if (IS_ERR(acl))
2975 return PTR_ERR(acl);
2976
2977 err = rdev_set_mac_acl(rdev, dev, acl);
2978
2979 kfree(acl);
2980
2981 return err;
2982 }
2983
nl80211_parse_beacon(struct genl_info * info,struct cfg80211_beacon_data * bcn)2984 static int nl80211_parse_beacon(struct genl_info *info,
2985 struct cfg80211_beacon_data *bcn)
2986 {
2987 bool haveinfo = false;
2988
2989 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) ||
2990 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) ||
2991 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
2992 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]))
2993 return -EINVAL;
2994
2995 memset(bcn, 0, sizeof(*bcn));
2996
2997 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
2998 bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2999 bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
3000 if (!bcn->head_len)
3001 return -EINVAL;
3002 haveinfo = true;
3003 }
3004
3005 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
3006 bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
3007 bcn->tail_len =
3008 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
3009 haveinfo = true;
3010 }
3011
3012 if (!haveinfo)
3013 return -EINVAL;
3014
3015 if (info->attrs[NL80211_ATTR_IE]) {
3016 bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]);
3017 bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3018 }
3019
3020 if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3021 bcn->proberesp_ies =
3022 nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
3023 bcn->proberesp_ies_len =
3024 nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
3025 }
3026
3027 if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3028 bcn->assocresp_ies =
3029 nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3030 bcn->assocresp_ies_len =
3031 nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3032 }
3033
3034 if (info->attrs[NL80211_ATTR_PROBE_RESP]) {
3035 bcn->probe_resp =
3036 nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]);
3037 bcn->probe_resp_len =
3038 nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]);
3039 }
3040
3041 return 0;
3042 }
3043
nl80211_get_ap_channel(struct cfg80211_registered_device * rdev,struct cfg80211_ap_settings * params)3044 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3045 struct cfg80211_ap_settings *params)
3046 {
3047 struct wireless_dev *wdev;
3048 bool ret = false;
3049
3050 mutex_lock(&rdev->devlist_mtx);
3051
3052 list_for_each_entry(wdev, &rdev->wdev_list, list) {
3053 if (wdev->iftype != NL80211_IFTYPE_AP &&
3054 wdev->iftype != NL80211_IFTYPE_P2P_GO)
3055 continue;
3056
3057 if (!wdev->preset_chandef.chan)
3058 continue;
3059
3060 params->chandef = wdev->preset_chandef;
3061 ret = true;
3062 break;
3063 }
3064
3065 mutex_unlock(&rdev->devlist_mtx);
3066
3067 return ret;
3068 }
3069
nl80211_valid_auth_type(struct cfg80211_registered_device * rdev,enum nl80211_auth_type auth_type,enum nl80211_commands cmd)3070 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3071 enum nl80211_auth_type auth_type,
3072 enum nl80211_commands cmd)
3073 {
3074 if (auth_type > NL80211_AUTHTYPE_MAX)
3075 return false;
3076
3077 switch (cmd) {
3078 case NL80211_CMD_AUTHENTICATE:
3079 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3080 auth_type == NL80211_AUTHTYPE_SAE)
3081 return false;
3082 return true;
3083 case NL80211_CMD_CONNECT:
3084 case NL80211_CMD_START_AP:
3085 /* SAE not supported yet */
3086 if (auth_type == NL80211_AUTHTYPE_SAE)
3087 return false;
3088 return true;
3089 default:
3090 return false;
3091 }
3092 }
3093
nl80211_start_ap(struct sk_buff * skb,struct genl_info * info)3094 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3095 {
3096 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3097 struct net_device *dev = info->user_ptr[1];
3098 struct wireless_dev *wdev = dev->ieee80211_ptr;
3099 struct cfg80211_ap_settings params;
3100 int err;
3101 u8 radar_detect_width = 0;
3102
3103 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3104 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3105 return -EOPNOTSUPP;
3106
3107 if (!rdev->ops->start_ap)
3108 return -EOPNOTSUPP;
3109
3110 if (wdev->beacon_interval)
3111 return -EALREADY;
3112
3113 memset(¶ms, 0, sizeof(params));
3114
3115 /* these are required for START_AP */
3116 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3117 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3118 !info->attrs[NL80211_ATTR_BEACON_HEAD])
3119 return -EINVAL;
3120
3121 err = nl80211_parse_beacon(info, ¶ms.beacon);
3122 if (err)
3123 return err;
3124
3125 params.beacon_interval =
3126 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3127 params.dtim_period =
3128 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3129
3130 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3131 if (err)
3132 return err;
3133
3134 /*
3135 * In theory, some of these attributes should be required here
3136 * but since they were not used when the command was originally
3137 * added, keep them optional for old user space programs to let
3138 * them continue to work with drivers that do not need the
3139 * additional information -- drivers must check!
3140 */
3141 if (info->attrs[NL80211_ATTR_SSID]) {
3142 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3143 params.ssid_len =
3144 nla_len(info->attrs[NL80211_ATTR_SSID]);
3145 if (params.ssid_len == 0 ||
3146 params.ssid_len > IEEE80211_MAX_SSID_LEN)
3147 return -EINVAL;
3148 }
3149
3150 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3151 params.hidden_ssid = nla_get_u32(
3152 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3153 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3154 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3155 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3156 return -EINVAL;
3157 }
3158
3159 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3160
3161 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3162 params.auth_type = nla_get_u32(
3163 info->attrs[NL80211_ATTR_AUTH_TYPE]);
3164 if (!nl80211_valid_auth_type(rdev, params.auth_type,
3165 NL80211_CMD_START_AP))
3166 return -EINVAL;
3167 } else
3168 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3169
3170 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto,
3171 NL80211_MAX_NR_CIPHER_SUITES);
3172 if (err)
3173 return err;
3174
3175 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3176 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3177 return -EOPNOTSUPP;
3178 params.inactivity_timeout = nla_get_u16(
3179 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3180 }
3181
3182 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3183 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3184 return -EINVAL;
3185 params.p2p_ctwindow =
3186 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3187 if (params.p2p_ctwindow > 127)
3188 return -EINVAL;
3189 if (params.p2p_ctwindow != 0 &&
3190 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3191 return -EINVAL;
3192 }
3193
3194 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3195 u8 tmp;
3196
3197 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3198 return -EINVAL;
3199 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3200 if (tmp > 1)
3201 return -EINVAL;
3202 params.p2p_opp_ps = tmp;
3203 if (params.p2p_opp_ps != 0 &&
3204 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3205 return -EINVAL;
3206 }
3207
3208 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3209 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
3210 if (err)
3211 return err;
3212 } else if (wdev->preset_chandef.chan) {
3213 params.chandef = wdev->preset_chandef;
3214 } else if (!nl80211_get_ap_channel(rdev, ¶ms))
3215 return -EINVAL;
3216
3217 if (!cfg80211_reg_can_beacon(&rdev->wiphy, ¶ms.chandef))
3218 return -EINVAL;
3219
3220 err = cfg80211_chandef_dfs_required(wdev->wiphy, ¶ms.chandef);
3221 if (err < 0)
3222 return err;
3223 if (err) {
3224 radar_detect_width = BIT(params.chandef.width);
3225 params.radar_required = true;
3226 }
3227
3228 mutex_lock(&rdev->devlist_mtx);
3229 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
3230 params.chandef.chan,
3231 CHAN_MODE_SHARED,
3232 radar_detect_width);
3233 mutex_unlock(&rdev->devlist_mtx);
3234
3235 if (err)
3236 return err;
3237
3238 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3239 params.acl = parse_acl_data(&rdev->wiphy, info);
3240 if (IS_ERR(params.acl))
3241 return PTR_ERR(params.acl);
3242 }
3243
3244 err = rdev_start_ap(rdev, dev, ¶ms);
3245 if (!err) {
3246 wdev->preset_chandef = params.chandef;
3247 wdev->beacon_interval = params.beacon_interval;
3248 wdev->channel = params.chandef.chan;
3249 wdev->ssid_len = params.ssid_len;
3250 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3251 }
3252
3253 kfree(params.acl);
3254
3255 return err;
3256 }
3257
nl80211_set_beacon(struct sk_buff * skb,struct genl_info * info)3258 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3259 {
3260 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3261 struct net_device *dev = info->user_ptr[1];
3262 struct wireless_dev *wdev = dev->ieee80211_ptr;
3263 struct cfg80211_beacon_data params;
3264 int err;
3265
3266 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3267 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3268 return -EOPNOTSUPP;
3269
3270 if (!rdev->ops->change_beacon)
3271 return -EOPNOTSUPP;
3272
3273 if (!wdev->beacon_interval)
3274 return -EINVAL;
3275
3276 err = nl80211_parse_beacon(info, ¶ms);
3277 if (err)
3278 return err;
3279
3280 return rdev_change_beacon(rdev, dev, ¶ms);
3281 }
3282
nl80211_stop_ap(struct sk_buff * skb,struct genl_info * info)3283 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3284 {
3285 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3286 struct net_device *dev = info->user_ptr[1];
3287
3288 return cfg80211_stop_ap(rdev, dev);
3289 }
3290
3291 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3292 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3293 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3294 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3295 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3296 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3297 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3298 };
3299
parse_station_flags(struct genl_info * info,enum nl80211_iftype iftype,struct station_parameters * params)3300 static int parse_station_flags(struct genl_info *info,
3301 enum nl80211_iftype iftype,
3302 struct station_parameters *params)
3303 {
3304 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3305 struct nlattr *nla;
3306 int flag;
3307
3308 /*
3309 * Try parsing the new attribute first so userspace
3310 * can specify both for older kernels.
3311 */
3312 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3313 if (nla) {
3314 struct nl80211_sta_flag_update *sta_flags;
3315
3316 sta_flags = nla_data(nla);
3317 params->sta_flags_mask = sta_flags->mask;
3318 params->sta_flags_set = sta_flags->set;
3319 params->sta_flags_set &= params->sta_flags_mask;
3320 if ((params->sta_flags_mask |
3321 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3322 return -EINVAL;
3323 return 0;
3324 }
3325
3326 /* if present, parse the old attribute */
3327
3328 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3329 if (!nla)
3330 return 0;
3331
3332 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3333 nla, sta_flags_policy))
3334 return -EINVAL;
3335
3336 /*
3337 * Only allow certain flags for interface types so that
3338 * other attributes are silently ignored. Remember that
3339 * this is backward compatibility code with old userspace
3340 * and shouldn't be hit in other cases anyway.
3341 */
3342 switch (iftype) {
3343 case NL80211_IFTYPE_AP:
3344 case NL80211_IFTYPE_AP_VLAN:
3345 case NL80211_IFTYPE_P2P_GO:
3346 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3347 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3348 BIT(NL80211_STA_FLAG_WME) |
3349 BIT(NL80211_STA_FLAG_MFP);
3350 break;
3351 case NL80211_IFTYPE_P2P_CLIENT:
3352 case NL80211_IFTYPE_STATION:
3353 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3354 BIT(NL80211_STA_FLAG_TDLS_PEER);
3355 break;
3356 case NL80211_IFTYPE_MESH_POINT:
3357 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3358 BIT(NL80211_STA_FLAG_MFP) |
3359 BIT(NL80211_STA_FLAG_AUTHORIZED);
3360 default:
3361 return -EINVAL;
3362 }
3363
3364 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3365 if (flags[flag]) {
3366 params->sta_flags_set |= (1<<flag);
3367
3368 /* no longer support new API additions in old API */
3369 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3370 return -EINVAL;
3371 }
3372 }
3373
3374 return 0;
3375 }
3376
nl80211_put_sta_rate(struct sk_buff * msg,struct rate_info * info,int attr)3377 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3378 int attr)
3379 {
3380 struct nlattr *rate;
3381 u32 bitrate;
3382 u16 bitrate_compat;
3383
3384 rate = nla_nest_start(msg, attr);
3385 if (!rate)
3386 return false;
3387
3388 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3389 bitrate = cfg80211_calculate_bitrate(info);
3390 /* report 16-bit bitrate only if we can */
3391 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3392 if (bitrate > 0 &&
3393 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3394 return false;
3395 if (bitrate_compat > 0 &&
3396 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3397 return false;
3398
3399 if (info->flags & RATE_INFO_FLAGS_MCS) {
3400 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3401 return false;
3402 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3403 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3404 return false;
3405 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3406 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3407 return false;
3408 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3409 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3410 return false;
3411 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3412 return false;
3413 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3414 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3415 return false;
3416 if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH &&
3417 nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH))
3418 return false;
3419 if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH &&
3420 nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH))
3421 return false;
3422 if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH &&
3423 nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH))
3424 return false;
3425 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3426 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3427 return false;
3428 }
3429
3430 nla_nest_end(msg, rate);
3431 return true;
3432 }
3433
nl80211_send_station(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo)3434 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
3435 int flags,
3436 struct cfg80211_registered_device *rdev,
3437 struct net_device *dev,
3438 const u8 *mac_addr, struct station_info *sinfo)
3439 {
3440 void *hdr;
3441 struct nlattr *sinfoattr, *bss_param;
3442
3443 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3444 if (!hdr)
3445 return -1;
3446
3447 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3448 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3449 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3450 goto nla_put_failure;
3451
3452 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3453 if (!sinfoattr)
3454 goto nla_put_failure;
3455 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
3456 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
3457 sinfo->connected_time))
3458 goto nla_put_failure;
3459 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
3460 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
3461 sinfo->inactive_time))
3462 goto nla_put_failure;
3463 if ((sinfo->filled & (STATION_INFO_RX_BYTES |
3464 STATION_INFO_RX_BYTES64)) &&
3465 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3466 (u32)sinfo->rx_bytes))
3467 goto nla_put_failure;
3468 if ((sinfo->filled & (STATION_INFO_TX_BYTES |
3469 STATION_INFO_TX_BYTES64)) &&
3470 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3471 (u32)sinfo->tx_bytes))
3472 goto nla_put_failure;
3473 if ((sinfo->filled & STATION_INFO_RX_BYTES64) &&
3474 nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64,
3475 sinfo->rx_bytes))
3476 goto nla_put_failure;
3477 if ((sinfo->filled & STATION_INFO_TX_BYTES64) &&
3478 nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64,
3479 sinfo->tx_bytes))
3480 goto nla_put_failure;
3481 if ((sinfo->filled & STATION_INFO_LLID) &&
3482 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
3483 goto nla_put_failure;
3484 if ((sinfo->filled & STATION_INFO_PLID) &&
3485 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
3486 goto nla_put_failure;
3487 if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
3488 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
3489 sinfo->plink_state))
3490 goto nla_put_failure;
3491 switch (rdev->wiphy.signal_type) {
3492 case CFG80211_SIGNAL_TYPE_MBM:
3493 if ((sinfo->filled & STATION_INFO_SIGNAL) &&
3494 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
3495 sinfo->signal))
3496 goto nla_put_failure;
3497 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
3498 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
3499 sinfo->signal_avg))
3500 goto nla_put_failure;
3501 break;
3502 default:
3503 break;
3504 }
3505 if (sinfo->filled & STATION_INFO_TX_BITRATE) {
3506 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3507 NL80211_STA_INFO_TX_BITRATE))
3508 goto nla_put_failure;
3509 }
3510 if (sinfo->filled & STATION_INFO_RX_BITRATE) {
3511 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3512 NL80211_STA_INFO_RX_BITRATE))
3513 goto nla_put_failure;
3514 }
3515 if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
3516 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
3517 sinfo->rx_packets))
3518 goto nla_put_failure;
3519 if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
3520 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
3521 sinfo->tx_packets))
3522 goto nla_put_failure;
3523 if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
3524 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
3525 sinfo->tx_retries))
3526 goto nla_put_failure;
3527 if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
3528 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
3529 sinfo->tx_failed))
3530 goto nla_put_failure;
3531 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
3532 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
3533 sinfo->beacon_loss_count))
3534 goto nla_put_failure;
3535 if ((sinfo->filled & STATION_INFO_LOCAL_PM) &&
3536 nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM,
3537 sinfo->local_pm))
3538 goto nla_put_failure;
3539 if ((sinfo->filled & STATION_INFO_PEER_PM) &&
3540 nla_put_u32(msg, NL80211_STA_INFO_PEER_PM,
3541 sinfo->peer_pm))
3542 goto nla_put_failure;
3543 if ((sinfo->filled & STATION_INFO_NONPEER_PM) &&
3544 nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM,
3545 sinfo->nonpeer_pm))
3546 goto nla_put_failure;
3547 if (sinfo->filled & STATION_INFO_BSS_PARAM) {
3548 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3549 if (!bss_param)
3550 goto nla_put_failure;
3551
3552 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3553 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3554 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3555 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3556 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3557 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3558 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3559 sinfo->bss_param.dtim_period) ||
3560 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3561 sinfo->bss_param.beacon_interval))
3562 goto nla_put_failure;
3563
3564 nla_nest_end(msg, bss_param);
3565 }
3566 if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
3567 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3568 sizeof(struct nl80211_sta_flag_update),
3569 &sinfo->sta_flags))
3570 goto nla_put_failure;
3571 if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
3572 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
3573 sinfo->t_offset))
3574 goto nla_put_failure;
3575 nla_nest_end(msg, sinfoattr);
3576
3577 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
3578 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3579 sinfo->assoc_req_ies))
3580 goto nla_put_failure;
3581
3582 return genlmsg_end(msg, hdr);
3583
3584 nla_put_failure:
3585 genlmsg_cancel(msg, hdr);
3586 return -EMSGSIZE;
3587 }
3588
nl80211_dump_station(struct sk_buff * skb,struct netlink_callback * cb)3589 static int nl80211_dump_station(struct sk_buff *skb,
3590 struct netlink_callback *cb)
3591 {
3592 struct station_info sinfo;
3593 struct cfg80211_registered_device *dev;
3594 struct wireless_dev *wdev;
3595 u8 mac_addr[ETH_ALEN];
3596 int sta_idx = cb->args[2];
3597 int err;
3598
3599 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
3600 if (err)
3601 return err;
3602
3603 if (!wdev->netdev) {
3604 err = -EINVAL;
3605 goto out_err;
3606 }
3607
3608 if (!dev->ops->dump_station) {
3609 err = -EOPNOTSUPP;
3610 goto out_err;
3611 }
3612
3613 while (1) {
3614 memset(&sinfo, 0, sizeof(sinfo));
3615 err = rdev_dump_station(dev, wdev->netdev, sta_idx,
3616 mac_addr, &sinfo);
3617 if (err == -ENOENT)
3618 break;
3619 if (err)
3620 goto out_err;
3621
3622 if (nl80211_send_station(skb,
3623 NETLINK_CB(cb->skb).portid,
3624 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3625 dev, wdev->netdev, mac_addr,
3626 &sinfo) < 0)
3627 goto out;
3628
3629 sta_idx++;
3630 }
3631
3632
3633 out:
3634 cb->args[2] = sta_idx;
3635 err = skb->len;
3636 out_err:
3637 nl80211_finish_wdev_dump(dev);
3638
3639 return err;
3640 }
3641
nl80211_get_station(struct sk_buff * skb,struct genl_info * info)3642 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3643 {
3644 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3645 struct net_device *dev = info->user_ptr[1];
3646 struct station_info sinfo;
3647 struct sk_buff *msg;
3648 u8 *mac_addr = NULL;
3649 int err;
3650
3651 memset(&sinfo, 0, sizeof(sinfo));
3652
3653 if (!info->attrs[NL80211_ATTR_MAC])
3654 return -EINVAL;
3655
3656 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3657
3658 if (!rdev->ops->get_station)
3659 return -EOPNOTSUPP;
3660
3661 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3662 if (err)
3663 return err;
3664
3665 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3666 if (!msg)
3667 return -ENOMEM;
3668
3669 if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
3670 rdev, dev, mac_addr, &sinfo) < 0) {
3671 nlmsg_free(msg);
3672 return -ENOBUFS;
3673 }
3674
3675 return genlmsg_reply(msg, info);
3676 }
3677
cfg80211_check_station_change(struct wiphy * wiphy,struct station_parameters * params,enum cfg80211_station_type statype)3678 int cfg80211_check_station_change(struct wiphy *wiphy,
3679 struct station_parameters *params,
3680 enum cfg80211_station_type statype)
3681 {
3682 if (params->listen_interval != -1)
3683 return -EINVAL;
3684 if (params->aid)
3685 return -EINVAL;
3686
3687 /* When you run into this, adjust the code below for the new flag */
3688 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3689
3690 switch (statype) {
3691 case CFG80211_STA_MESH_PEER_KERNEL:
3692 case CFG80211_STA_MESH_PEER_USER:
3693 /*
3694 * No ignoring the TDLS flag here -- the userspace mesh
3695 * code doesn't have the bug of including TDLS in the
3696 * mask everywhere.
3697 */
3698 if (params->sta_flags_mask &
3699 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3700 BIT(NL80211_STA_FLAG_MFP) |
3701 BIT(NL80211_STA_FLAG_AUTHORIZED)))
3702 return -EINVAL;
3703 break;
3704 case CFG80211_STA_TDLS_PEER_SETUP:
3705 case CFG80211_STA_TDLS_PEER_ACTIVE:
3706 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3707 return -EINVAL;
3708 /* ignore since it can't change */
3709 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3710 break;
3711 default:
3712 /* disallow mesh-specific things */
3713 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3714 return -EINVAL;
3715 if (params->local_pm)
3716 return -EINVAL;
3717 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3718 return -EINVAL;
3719 }
3720
3721 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
3722 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
3723 /* TDLS can't be set, ... */
3724 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3725 return -EINVAL;
3726 /*
3727 * ... but don't bother the driver with it. This works around
3728 * a hostapd/wpa_supplicant issue -- it always includes the
3729 * TLDS_PEER flag in the mask even for AP mode.
3730 */
3731 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3732 }
3733
3734 if (statype != CFG80211_STA_TDLS_PEER_SETUP) {
3735 /* reject other things that can't change */
3736 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
3737 return -EINVAL;
3738 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
3739 return -EINVAL;
3740 if (params->supported_rates)
3741 return -EINVAL;
3742 if (params->ext_capab || params->ht_capa || params->vht_capa)
3743 return -EINVAL;
3744 }
3745
3746 if (statype != CFG80211_STA_AP_CLIENT) {
3747 if (params->vlan)
3748 return -EINVAL;
3749 }
3750
3751 switch (statype) {
3752 case CFG80211_STA_AP_MLME_CLIENT:
3753 /* Use this only for authorizing/unauthorizing a station */
3754 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
3755 return -EOPNOTSUPP;
3756 break;
3757 case CFG80211_STA_AP_CLIENT:
3758 /* accept only the listed bits */
3759 if (params->sta_flags_mask &
3760 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3761 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3762 BIT(NL80211_STA_FLAG_ASSOCIATED) |
3763 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3764 BIT(NL80211_STA_FLAG_WME) |
3765 BIT(NL80211_STA_FLAG_MFP)))
3766 return -EINVAL;
3767
3768 /* but authenticated/associated only if driver handles it */
3769 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
3770 params->sta_flags_mask &
3771 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3772 BIT(NL80211_STA_FLAG_ASSOCIATED)))
3773 return -EINVAL;
3774 break;
3775 case CFG80211_STA_IBSS:
3776 case CFG80211_STA_AP_STA:
3777 /* reject any changes other than AUTHORIZED */
3778 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3779 return -EINVAL;
3780 break;
3781 case CFG80211_STA_TDLS_PEER_SETUP:
3782 /* reject any changes other than AUTHORIZED or WME */
3783 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3784 BIT(NL80211_STA_FLAG_WME)))
3785 return -EINVAL;
3786 /* force (at least) rates when authorizing */
3787 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
3788 !params->supported_rates)
3789 return -EINVAL;
3790 break;
3791 case CFG80211_STA_TDLS_PEER_ACTIVE:
3792 /* reject any changes */
3793 return -EINVAL;
3794 case CFG80211_STA_MESH_PEER_KERNEL:
3795 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3796 return -EINVAL;
3797 break;
3798 case CFG80211_STA_MESH_PEER_USER:
3799 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3800 return -EINVAL;
3801 break;
3802 }
3803
3804 return 0;
3805 }
3806 EXPORT_SYMBOL(cfg80211_check_station_change);
3807
3808 /*
3809 * Get vlan interface making sure it is running and on the right wiphy.
3810 */
get_vlan(struct genl_info * info,struct cfg80211_registered_device * rdev)3811 static struct net_device *get_vlan(struct genl_info *info,
3812 struct cfg80211_registered_device *rdev)
3813 {
3814 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
3815 struct net_device *v;
3816 int ret;
3817
3818 if (!vlanattr)
3819 return NULL;
3820
3821 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
3822 if (!v)
3823 return ERR_PTR(-ENODEV);
3824
3825 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
3826 ret = -EINVAL;
3827 goto error;
3828 }
3829
3830 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3831 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3832 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3833 ret = -EINVAL;
3834 goto error;
3835 }
3836
3837 if (!netif_running(v)) {
3838 ret = -ENETDOWN;
3839 goto error;
3840 }
3841
3842 return v;
3843 error:
3844 dev_put(v);
3845 return ERR_PTR(ret);
3846 }
3847
3848 static struct nla_policy
3849 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
3850 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
3851 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
3852 };
3853
nl80211_parse_sta_wme(struct genl_info * info,struct station_parameters * params)3854 static int nl80211_parse_sta_wme(struct genl_info *info,
3855 struct station_parameters *params)
3856 {
3857 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3858 struct nlattr *nla;
3859 int err;
3860
3861 /* parse WME attributes if present */
3862 if (!info->attrs[NL80211_ATTR_STA_WME])
3863 return 0;
3864
3865 nla = info->attrs[NL80211_ATTR_STA_WME];
3866 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
3867 nl80211_sta_wme_policy);
3868 if (err)
3869 return err;
3870
3871 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
3872 params->uapsd_queues = nla_get_u8(
3873 tb[NL80211_STA_WME_UAPSD_QUEUES]);
3874 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
3875 return -EINVAL;
3876
3877 if (tb[NL80211_STA_WME_MAX_SP])
3878 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
3879
3880 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
3881 return -EINVAL;
3882
3883 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
3884
3885 return 0;
3886 }
3887
nl80211_set_station_tdls(struct genl_info * info,struct station_parameters * params)3888 static int nl80211_set_station_tdls(struct genl_info *info,
3889 struct station_parameters *params)
3890 {
3891 /* Dummy STA entry gets updated once the peer capabilities are known */
3892 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
3893 params->ht_capa =
3894 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
3895 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
3896 params->vht_capa =
3897 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
3898
3899 return nl80211_parse_sta_wme(info, params);
3900 }
3901
nl80211_set_station(struct sk_buff * skb,struct genl_info * info)3902 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
3903 {
3904 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3905 struct net_device *dev = info->user_ptr[1];
3906 struct station_parameters params;
3907 u8 *mac_addr;
3908 int err;
3909
3910 memset(¶ms, 0, sizeof(params));
3911
3912 params.listen_interval = -1;
3913
3914 if (!rdev->ops->change_station)
3915 return -EOPNOTSUPP;
3916
3917 if (info->attrs[NL80211_ATTR_STA_AID])
3918 return -EINVAL;
3919
3920 if (!info->attrs[NL80211_ATTR_MAC])
3921 return -EINVAL;
3922
3923 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3924
3925 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
3926 params.supported_rates =
3927 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3928 params.supported_rates_len =
3929 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3930 }
3931
3932 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
3933 params.capability =
3934 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
3935 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
3936 }
3937
3938 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
3939 params.ext_capab =
3940 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
3941 params.ext_capab_len =
3942 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
3943 }
3944
3945 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
3946 return -EINVAL;
3947
3948 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
3949 return -EINVAL;
3950
3951 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
3952 params.plink_action =
3953 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
3954 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
3955 return -EINVAL;
3956 }
3957
3958 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
3959 params.plink_state =
3960 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
3961 if (params.plink_state >= NUM_NL80211_PLINK_STATES)
3962 return -EINVAL;
3963 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
3964 }
3965
3966 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
3967 enum nl80211_mesh_power_mode pm = nla_get_u32(
3968 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
3969
3970 if (pm <= NL80211_MESH_POWER_UNKNOWN ||
3971 pm > NL80211_MESH_POWER_MAX)
3972 return -EINVAL;
3973
3974 params.local_pm = pm;
3975 }
3976
3977 /* Include parameters for TDLS peer (will check later) */
3978 err = nl80211_set_station_tdls(info, ¶ms);
3979 if (err)
3980 return err;
3981
3982 params.vlan = get_vlan(info, rdev);
3983 if (IS_ERR(params.vlan))
3984 return PTR_ERR(params.vlan);
3985
3986 switch (dev->ieee80211_ptr->iftype) {
3987 case NL80211_IFTYPE_AP:
3988 case NL80211_IFTYPE_AP_VLAN:
3989 case NL80211_IFTYPE_P2P_GO:
3990 case NL80211_IFTYPE_P2P_CLIENT:
3991 case NL80211_IFTYPE_STATION:
3992 case NL80211_IFTYPE_ADHOC:
3993 case NL80211_IFTYPE_MESH_POINT:
3994 break;
3995 default:
3996 err = -EOPNOTSUPP;
3997 goto out_put_vlan;
3998 }
3999
4000 /* driver will call cfg80211_check_station_change() */
4001 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
4002
4003 out_put_vlan:
4004 if (params.vlan)
4005 dev_put(params.vlan);
4006
4007 return err;
4008 }
4009
nl80211_new_station(struct sk_buff * skb,struct genl_info * info)4010 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4011 {
4012 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4013 int err;
4014 struct net_device *dev = info->user_ptr[1];
4015 struct station_parameters params;
4016 u8 *mac_addr = NULL;
4017
4018 memset(¶ms, 0, sizeof(params));
4019
4020 if (!rdev->ops->add_station)
4021 return -EOPNOTSUPP;
4022
4023 if (!info->attrs[NL80211_ATTR_MAC])
4024 return -EINVAL;
4025
4026 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4027 return -EINVAL;
4028
4029 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4030 return -EINVAL;
4031
4032 if (!info->attrs[NL80211_ATTR_STA_AID])
4033 return -EINVAL;
4034
4035 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4036 params.supported_rates =
4037 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4038 params.supported_rates_len =
4039 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4040 params.listen_interval =
4041 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4042
4043 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4044 if (!params.aid || params.aid > IEEE80211_MAX_AID)
4045 return -EINVAL;
4046
4047 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4048 params.capability =
4049 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4050 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4051 }
4052
4053 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4054 params.ext_capab =
4055 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4056 params.ext_capab_len =
4057 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4058 }
4059
4060 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4061 params.ht_capa =
4062 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4063
4064 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4065 params.vht_capa =
4066 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4067
4068 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4069 params.plink_action =
4070 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4071 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4072 return -EINVAL;
4073 }
4074
4075 err = nl80211_parse_sta_wme(info, ¶ms);
4076 if (err)
4077 return err;
4078
4079 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
4080 return -EINVAL;
4081
4082 /* When you run into this, adjust the code below for the new flag */
4083 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4084
4085 switch (dev->ieee80211_ptr->iftype) {
4086 case NL80211_IFTYPE_AP:
4087 case NL80211_IFTYPE_AP_VLAN:
4088 case NL80211_IFTYPE_P2P_GO:
4089 /* ignore WME attributes if iface/sta is not capable */
4090 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4091 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4092 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4093
4094 /* TDLS peers cannot be added */
4095 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
4096 return -EINVAL;
4097 /* but don't bother the driver with it */
4098 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4099
4100 /* allow authenticated/associated only if driver handles it */
4101 if (!(rdev->wiphy.features &
4102 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4103 params.sta_flags_mask &
4104 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4105 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4106 return -EINVAL;
4107
4108 /* must be last in here for error handling */
4109 params.vlan = get_vlan(info, rdev);
4110 if (IS_ERR(params.vlan))
4111 return PTR_ERR(params.vlan);
4112 break;
4113 case NL80211_IFTYPE_MESH_POINT:
4114 /* ignore uAPSD data */
4115 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4116
4117 /* associated is disallowed */
4118 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4119 return -EINVAL;
4120 /* TDLS peers cannot be added */
4121 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
4122 return -EINVAL;
4123 break;
4124 case NL80211_IFTYPE_STATION:
4125 case NL80211_IFTYPE_P2P_CLIENT:
4126 /* ignore uAPSD data */
4127 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4128
4129 /* these are disallowed */
4130 if (params.sta_flags_mask &
4131 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
4132 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4133 return -EINVAL;
4134 /* Only TDLS peers can be added */
4135 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4136 return -EINVAL;
4137 /* Can only add if TDLS ... */
4138 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4139 return -EOPNOTSUPP;
4140 /* ... with external setup is supported */
4141 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4142 return -EOPNOTSUPP;
4143 /*
4144 * Older wpa_supplicant versions always mark the TDLS peer
4145 * as authorized, but it shouldn't yet be.
4146 */
4147 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4148 break;
4149 default:
4150 return -EOPNOTSUPP;
4151 }
4152
4153 /* be aware of params.vlan when changing code here */
4154
4155 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
4156
4157 if (params.vlan)
4158 dev_put(params.vlan);
4159 return err;
4160 }
4161
nl80211_del_station(struct sk_buff * skb,struct genl_info * info)4162 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4163 {
4164 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4165 struct net_device *dev = info->user_ptr[1];
4166 u8 *mac_addr = NULL;
4167
4168 if (info->attrs[NL80211_ATTR_MAC])
4169 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4170
4171 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4172 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4173 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4174 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4175 return -EINVAL;
4176
4177 if (!rdev->ops->del_station)
4178 return -EOPNOTSUPP;
4179
4180 return rdev_del_station(rdev, dev, mac_addr);
4181 }
4182
nl80211_send_mpath(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,u8 * dst,u8 * next_hop,struct mpath_info * pinfo)4183 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4184 int flags, struct net_device *dev,
4185 u8 *dst, u8 *next_hop,
4186 struct mpath_info *pinfo)
4187 {
4188 void *hdr;
4189 struct nlattr *pinfoattr;
4190
4191 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
4192 if (!hdr)
4193 return -1;
4194
4195 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4196 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4197 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4198 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4199 goto nla_put_failure;
4200
4201 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4202 if (!pinfoattr)
4203 goto nla_put_failure;
4204 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4205 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4206 pinfo->frame_qlen))
4207 goto nla_put_failure;
4208 if (((pinfo->filled & MPATH_INFO_SN) &&
4209 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4210 ((pinfo->filled & MPATH_INFO_METRIC) &&
4211 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4212 pinfo->metric)) ||
4213 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4214 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4215 pinfo->exptime)) ||
4216 ((pinfo->filled & MPATH_INFO_FLAGS) &&
4217 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4218 pinfo->flags)) ||
4219 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4220 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4221 pinfo->discovery_timeout)) ||
4222 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4223 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4224 pinfo->discovery_retries)))
4225 goto nla_put_failure;
4226
4227 nla_nest_end(msg, pinfoattr);
4228
4229 return genlmsg_end(msg, hdr);
4230
4231 nla_put_failure:
4232 genlmsg_cancel(msg, hdr);
4233 return -EMSGSIZE;
4234 }
4235
nl80211_dump_mpath(struct sk_buff * skb,struct netlink_callback * cb)4236 static int nl80211_dump_mpath(struct sk_buff *skb,
4237 struct netlink_callback *cb)
4238 {
4239 struct mpath_info pinfo;
4240 struct cfg80211_registered_device *dev;
4241 struct wireless_dev *wdev;
4242 u8 dst[ETH_ALEN];
4243 u8 next_hop[ETH_ALEN];
4244 int path_idx = cb->args[2];
4245 int err;
4246
4247 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
4248 if (err)
4249 return err;
4250
4251 if (!dev->ops->dump_mpath) {
4252 err = -EOPNOTSUPP;
4253 goto out_err;
4254 }
4255
4256 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4257 err = -EOPNOTSUPP;
4258 goto out_err;
4259 }
4260
4261 while (1) {
4262 err = rdev_dump_mpath(dev, wdev->netdev, path_idx, dst,
4263 next_hop, &pinfo);
4264 if (err == -ENOENT)
4265 break;
4266 if (err)
4267 goto out_err;
4268
4269 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4270 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4271 wdev->netdev, dst, next_hop,
4272 &pinfo) < 0)
4273 goto out;
4274
4275 path_idx++;
4276 }
4277
4278
4279 out:
4280 cb->args[2] = path_idx;
4281 err = skb->len;
4282 out_err:
4283 nl80211_finish_wdev_dump(dev);
4284 return err;
4285 }
4286
nl80211_get_mpath(struct sk_buff * skb,struct genl_info * info)4287 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4288 {
4289 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4290 int err;
4291 struct net_device *dev = info->user_ptr[1];
4292 struct mpath_info pinfo;
4293 struct sk_buff *msg;
4294 u8 *dst = NULL;
4295 u8 next_hop[ETH_ALEN];
4296
4297 memset(&pinfo, 0, sizeof(pinfo));
4298
4299 if (!info->attrs[NL80211_ATTR_MAC])
4300 return -EINVAL;
4301
4302 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4303
4304 if (!rdev->ops->get_mpath)
4305 return -EOPNOTSUPP;
4306
4307 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4308 return -EOPNOTSUPP;
4309
4310 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4311 if (err)
4312 return err;
4313
4314 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4315 if (!msg)
4316 return -ENOMEM;
4317
4318 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4319 dev, dst, next_hop, &pinfo) < 0) {
4320 nlmsg_free(msg);
4321 return -ENOBUFS;
4322 }
4323
4324 return genlmsg_reply(msg, info);
4325 }
4326
nl80211_set_mpath(struct sk_buff * skb,struct genl_info * info)4327 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4328 {
4329 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4330 struct net_device *dev = info->user_ptr[1];
4331 u8 *dst = NULL;
4332 u8 *next_hop = NULL;
4333
4334 if (!info->attrs[NL80211_ATTR_MAC])
4335 return -EINVAL;
4336
4337 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4338 return -EINVAL;
4339
4340 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4341 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4342
4343 if (!rdev->ops->change_mpath)
4344 return -EOPNOTSUPP;
4345
4346 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4347 return -EOPNOTSUPP;
4348
4349 return rdev_change_mpath(rdev, dev, dst, next_hop);
4350 }
4351
nl80211_new_mpath(struct sk_buff * skb,struct genl_info * info)4352 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4353 {
4354 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4355 struct net_device *dev = info->user_ptr[1];
4356 u8 *dst = NULL;
4357 u8 *next_hop = NULL;
4358
4359 if (!info->attrs[NL80211_ATTR_MAC])
4360 return -EINVAL;
4361
4362 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4363 return -EINVAL;
4364
4365 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4366 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4367
4368 if (!rdev->ops->add_mpath)
4369 return -EOPNOTSUPP;
4370
4371 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4372 return -EOPNOTSUPP;
4373
4374 return rdev_add_mpath(rdev, dev, dst, next_hop);
4375 }
4376
nl80211_del_mpath(struct sk_buff * skb,struct genl_info * info)4377 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4378 {
4379 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4380 struct net_device *dev = info->user_ptr[1];
4381 u8 *dst = NULL;
4382
4383 if (info->attrs[NL80211_ATTR_MAC])
4384 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4385
4386 if (!rdev->ops->del_mpath)
4387 return -EOPNOTSUPP;
4388
4389 return rdev_del_mpath(rdev, dev, dst);
4390 }
4391
nl80211_set_bss(struct sk_buff * skb,struct genl_info * info)4392 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4393 {
4394 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4395 struct net_device *dev = info->user_ptr[1];
4396 struct bss_parameters params;
4397
4398 memset(¶ms, 0, sizeof(params));
4399 /* default to not changing parameters */
4400 params.use_cts_prot = -1;
4401 params.use_short_preamble = -1;
4402 params.use_short_slot_time = -1;
4403 params.ap_isolate = -1;
4404 params.ht_opmode = -1;
4405 params.p2p_ctwindow = -1;
4406 params.p2p_opp_ps = -1;
4407
4408 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4409 params.use_cts_prot =
4410 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4411 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4412 params.use_short_preamble =
4413 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4414 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4415 params.use_short_slot_time =
4416 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4417 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4418 params.basic_rates =
4419 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4420 params.basic_rates_len =
4421 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4422 }
4423 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4424 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4425 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4426 params.ht_opmode =
4427 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4428
4429 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4430 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4431 return -EINVAL;
4432 params.p2p_ctwindow =
4433 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4434 if (params.p2p_ctwindow < 0)
4435 return -EINVAL;
4436 if (params.p2p_ctwindow != 0 &&
4437 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4438 return -EINVAL;
4439 }
4440
4441 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4442 u8 tmp;
4443
4444 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4445 return -EINVAL;
4446 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4447 if (tmp > 1)
4448 return -EINVAL;
4449 params.p2p_opp_ps = tmp;
4450 if (params.p2p_opp_ps &&
4451 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4452 return -EINVAL;
4453 }
4454
4455 if (!rdev->ops->change_bss)
4456 return -EOPNOTSUPP;
4457
4458 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4459 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4460 return -EOPNOTSUPP;
4461
4462 return rdev_change_bss(rdev, dev, ¶ms);
4463 }
4464
4465 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
4466 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
4467 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
4468 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
4469 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
4470 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
4471 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
4472 };
4473
parse_reg_rule(struct nlattr * tb[],struct ieee80211_reg_rule * reg_rule)4474 static int parse_reg_rule(struct nlattr *tb[],
4475 struct ieee80211_reg_rule *reg_rule)
4476 {
4477 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
4478 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
4479
4480 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
4481 return -EINVAL;
4482 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
4483 return -EINVAL;
4484 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
4485 return -EINVAL;
4486 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
4487 return -EINVAL;
4488 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
4489 return -EINVAL;
4490
4491 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
4492
4493 freq_range->start_freq_khz =
4494 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
4495 freq_range->end_freq_khz =
4496 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
4497 freq_range->max_bandwidth_khz =
4498 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
4499
4500 power_rule->max_eirp =
4501 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
4502
4503 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
4504 power_rule->max_antenna_gain =
4505 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
4506
4507 return 0;
4508 }
4509
nl80211_req_set_reg(struct sk_buff * skb,struct genl_info * info)4510 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4511 {
4512 int r;
4513 char *data = NULL;
4514 enum nl80211_user_reg_hint_type user_reg_hint_type;
4515
4516 /*
4517 * You should only get this when cfg80211 hasn't yet initialized
4518 * completely when built-in to the kernel right between the time
4519 * window between nl80211_init() and regulatory_init(), if that is
4520 * even possible.
4521 */
4522 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4523 return -EINPROGRESS;
4524
4525 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4526 return -EINVAL;
4527
4528 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4529
4530 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4531 user_reg_hint_type =
4532 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4533 else
4534 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4535
4536 switch (user_reg_hint_type) {
4537 case NL80211_USER_REG_HINT_USER:
4538 case NL80211_USER_REG_HINT_CELL_BASE:
4539 break;
4540 default:
4541 return -EINVAL;
4542 }
4543
4544 r = regulatory_hint_user(data, user_reg_hint_type);
4545
4546 return r;
4547 }
4548
nl80211_get_mesh_config(struct sk_buff * skb,struct genl_info * info)4549 static int nl80211_get_mesh_config(struct sk_buff *skb,
4550 struct genl_info *info)
4551 {
4552 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4553 struct net_device *dev = info->user_ptr[1];
4554 struct wireless_dev *wdev = dev->ieee80211_ptr;
4555 struct mesh_config cur_params;
4556 int err = 0;
4557 void *hdr;
4558 struct nlattr *pinfoattr;
4559 struct sk_buff *msg;
4560
4561 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4562 return -EOPNOTSUPP;
4563
4564 if (!rdev->ops->get_mesh_config)
4565 return -EOPNOTSUPP;
4566
4567 wdev_lock(wdev);
4568 /* If not connected, get default parameters */
4569 if (!wdev->mesh_id_len)
4570 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
4571 else
4572 err = rdev_get_mesh_config(rdev, dev, &cur_params);
4573 wdev_unlock(wdev);
4574
4575 if (err)
4576 return err;
4577
4578 /* Draw up a netlink message to send back */
4579 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4580 if (!msg)
4581 return -ENOMEM;
4582 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4583 NL80211_CMD_GET_MESH_CONFIG);
4584 if (!hdr)
4585 goto out;
4586 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
4587 if (!pinfoattr)
4588 goto nla_put_failure;
4589 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4590 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
4591 cur_params.dot11MeshRetryTimeout) ||
4592 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4593 cur_params.dot11MeshConfirmTimeout) ||
4594 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
4595 cur_params.dot11MeshHoldingTimeout) ||
4596 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
4597 cur_params.dot11MeshMaxPeerLinks) ||
4598 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
4599 cur_params.dot11MeshMaxRetries) ||
4600 nla_put_u8(msg, NL80211_MESHCONF_TTL,
4601 cur_params.dot11MeshTTL) ||
4602 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
4603 cur_params.element_ttl) ||
4604 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4605 cur_params.auto_open_plinks) ||
4606 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4607 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
4608 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4609 cur_params.dot11MeshHWMPmaxPREQretries) ||
4610 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
4611 cur_params.path_refresh_time) ||
4612 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4613 cur_params.min_discovery_timeout) ||
4614 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4615 cur_params.dot11MeshHWMPactivePathTimeout) ||
4616 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4617 cur_params.dot11MeshHWMPpreqMinInterval) ||
4618 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4619 cur_params.dot11MeshHWMPperrMinInterval) ||
4620 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4621 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
4622 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
4623 cur_params.dot11MeshHWMPRootMode) ||
4624 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4625 cur_params.dot11MeshHWMPRannInterval) ||
4626 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4627 cur_params.dot11MeshGateAnnouncementProtocol) ||
4628 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
4629 cur_params.dot11MeshForwarding) ||
4630 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
4631 cur_params.rssi_threshold) ||
4632 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
4633 cur_params.ht_opmode) ||
4634 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4635 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
4636 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4637 cur_params.dot11MeshHWMProotInterval) ||
4638 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4639 cur_params.dot11MeshHWMPconfirmationInterval) ||
4640 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
4641 cur_params.power_mode) ||
4642 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
4643 cur_params.dot11MeshAwakeWindowDuration))
4644 goto nla_put_failure;
4645 nla_nest_end(msg, pinfoattr);
4646 genlmsg_end(msg, hdr);
4647 return genlmsg_reply(msg, info);
4648
4649 nla_put_failure:
4650 genlmsg_cancel(msg, hdr);
4651 out:
4652 nlmsg_free(msg);
4653 return -ENOBUFS;
4654 }
4655
4656 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
4657 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
4658 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
4659 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
4660 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
4661 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
4662 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
4663 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
4664 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
4665 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
4666 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
4667 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
4668 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
4669 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
4670 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
4671 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
4672 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
4673 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
4674 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
4675 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
4676 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
4677 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
4678 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
4679 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
4680 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
4681 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
4682 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
4683 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
4684 };
4685
4686 static const struct nla_policy
4687 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
4688 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
4689 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
4690 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
4691 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
4692 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
4693 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
4694 .len = IEEE80211_MAX_DATA_LEN },
4695 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
4696 };
4697
nl80211_parse_mesh_config(struct genl_info * info,struct mesh_config * cfg,u32 * mask_out)4698 static int nl80211_parse_mesh_config(struct genl_info *info,
4699 struct mesh_config *cfg,
4700 u32 *mask_out)
4701 {
4702 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
4703 u32 mask = 0;
4704
4705 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
4706 do { \
4707 if (tb[attr]) { \
4708 if (fn(tb[attr]) < min || fn(tb[attr]) > max) \
4709 return -EINVAL; \
4710 cfg->param = fn(tb[attr]); \
4711 mask |= (1 << (attr - 1)); \
4712 } \
4713 } while (0)
4714
4715
4716 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
4717 return -EINVAL;
4718 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
4719 info->attrs[NL80211_ATTR_MESH_CONFIG],
4720 nl80211_meshconf_params_policy))
4721 return -EINVAL;
4722
4723 /* This makes sure that there aren't more than 32 mesh config
4724 * parameters (otherwise our bitfield scheme would not work.) */
4725 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
4726
4727 /* Fill in the params struct */
4728 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
4729 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
4730 nla_get_u16);
4731 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
4732 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4733 nla_get_u16);
4734 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
4735 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
4736 nla_get_u16);
4737 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
4738 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
4739 nla_get_u16);
4740 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
4741 mask, NL80211_MESHCONF_MAX_RETRIES,
4742 nla_get_u8);
4743 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
4744 mask, NL80211_MESHCONF_TTL, nla_get_u8);
4745 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
4746 mask, NL80211_MESHCONF_ELEMENT_TTL,
4747 nla_get_u8);
4748 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
4749 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4750 nla_get_u8);
4751 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
4752 1, 255, mask,
4753 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4754 nla_get_u32);
4755 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
4756 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4757 nla_get_u8);
4758 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
4759 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
4760 nla_get_u32);
4761 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
4762 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4763 nla_get_u16);
4764 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
4765 1, 65535, mask,
4766 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4767 nla_get_u32);
4768 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
4769 1, 65535, mask,
4770 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4771 nla_get_u16);
4772 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
4773 1, 65535, mask,
4774 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4775 nla_get_u16);
4776 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4777 dot11MeshHWMPnetDiameterTraversalTime,
4778 1, 65535, mask,
4779 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4780 nla_get_u16);
4781 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
4782 mask, NL80211_MESHCONF_HWMP_ROOTMODE,
4783 nla_get_u8);
4784 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
4785 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4786 nla_get_u16);
4787 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4788 dot11MeshGateAnnouncementProtocol, 0, 1,
4789 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4790 nla_get_u8);
4791 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
4792 mask, NL80211_MESHCONF_FORWARDING,
4793 nla_get_u8);
4794 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 1, 255,
4795 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
4796 nla_get_u32);
4797 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
4798 mask, NL80211_MESHCONF_HT_OPMODE,
4799 nla_get_u16);
4800 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
4801 1, 65535, mask,
4802 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4803 nla_get_u32);
4804 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
4805 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4806 nla_get_u16);
4807 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4808 dot11MeshHWMPconfirmationInterval,
4809 1, 65535, mask,
4810 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4811 nla_get_u16);
4812 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
4813 NL80211_MESH_POWER_ACTIVE,
4814 NL80211_MESH_POWER_MAX,
4815 mask, NL80211_MESHCONF_POWER_MODE,
4816 nla_get_u32);
4817 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
4818 0, 65535, mask,
4819 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
4820 if (mask_out)
4821 *mask_out = mask;
4822
4823 return 0;
4824
4825 #undef FILL_IN_MESH_PARAM_IF_SET
4826 }
4827
nl80211_parse_mesh_setup(struct genl_info * info,struct mesh_setup * setup)4828 static int nl80211_parse_mesh_setup(struct genl_info *info,
4829 struct mesh_setup *setup)
4830 {
4831 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4832 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
4833
4834 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
4835 return -EINVAL;
4836 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
4837 info->attrs[NL80211_ATTR_MESH_SETUP],
4838 nl80211_mesh_setup_params_policy))
4839 return -EINVAL;
4840
4841 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
4842 setup->sync_method =
4843 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
4844 IEEE80211_SYNC_METHOD_VENDOR :
4845 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
4846
4847 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
4848 setup->path_sel_proto =
4849 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
4850 IEEE80211_PATH_PROTOCOL_VENDOR :
4851 IEEE80211_PATH_PROTOCOL_HWMP;
4852
4853 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
4854 setup->path_metric =
4855 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
4856 IEEE80211_PATH_METRIC_VENDOR :
4857 IEEE80211_PATH_METRIC_AIRTIME;
4858
4859
4860 if (tb[NL80211_MESH_SETUP_IE]) {
4861 struct nlattr *ieattr =
4862 tb[NL80211_MESH_SETUP_IE];
4863 if (!is_valid_ie_attr(ieattr))
4864 return -EINVAL;
4865 setup->ie = nla_data(ieattr);
4866 setup->ie_len = nla_len(ieattr);
4867 }
4868 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
4869 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
4870 return -EINVAL;
4871 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
4872 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
4873 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
4874 if (setup->is_secure)
4875 setup->user_mpm = true;
4876
4877 return 0;
4878 }
4879
nl80211_update_mesh_config(struct sk_buff * skb,struct genl_info * info)4880 static int nl80211_update_mesh_config(struct sk_buff *skb,
4881 struct genl_info *info)
4882 {
4883 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4884 struct net_device *dev = info->user_ptr[1];
4885 struct wireless_dev *wdev = dev->ieee80211_ptr;
4886 struct mesh_config cfg;
4887 u32 mask;
4888 int err;
4889
4890 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4891 return -EOPNOTSUPP;
4892
4893 if (!rdev->ops->update_mesh_config)
4894 return -EOPNOTSUPP;
4895
4896 err = nl80211_parse_mesh_config(info, &cfg, &mask);
4897 if (err)
4898 return err;
4899
4900 wdev_lock(wdev);
4901 if (!wdev->mesh_id_len)
4902 err = -ENOLINK;
4903
4904 if (!err)
4905 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
4906
4907 wdev_unlock(wdev);
4908
4909 return err;
4910 }
4911
nl80211_get_reg(struct sk_buff * skb,struct genl_info * info)4912 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
4913 {
4914 const struct ieee80211_regdomain *regdom;
4915 struct sk_buff *msg;
4916 void *hdr = NULL;
4917 struct nlattr *nl_reg_rules;
4918 unsigned int i;
4919 int err = -EINVAL;
4920
4921 mutex_lock(&cfg80211_mutex);
4922
4923 if (!cfg80211_regdomain)
4924 goto out;
4925
4926 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4927 if (!msg) {
4928 err = -ENOBUFS;
4929 goto out;
4930 }
4931
4932 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4933 NL80211_CMD_GET_REG);
4934 if (!hdr)
4935 goto put_failure;
4936
4937 if (reg_last_request_cell_base() &&
4938 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
4939 NL80211_USER_REG_HINT_CELL_BASE))
4940 goto nla_put_failure;
4941
4942 rcu_read_lock();
4943 regdom = rcu_dereference(cfg80211_regdomain);
4944
4945 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
4946 (regdom->dfs_region &&
4947 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
4948 goto nla_put_failure_rcu;
4949
4950 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
4951 if (!nl_reg_rules)
4952 goto nla_put_failure_rcu;
4953
4954 for (i = 0; i < regdom->n_reg_rules; i++) {
4955 struct nlattr *nl_reg_rule;
4956 const struct ieee80211_reg_rule *reg_rule;
4957 const struct ieee80211_freq_range *freq_range;
4958 const struct ieee80211_power_rule *power_rule;
4959
4960 reg_rule = ®dom->reg_rules[i];
4961 freq_range = ®_rule->freq_range;
4962 power_rule = ®_rule->power_rule;
4963
4964 nl_reg_rule = nla_nest_start(msg, i);
4965 if (!nl_reg_rule)
4966 goto nla_put_failure_rcu;
4967
4968 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
4969 reg_rule->flags) ||
4970 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
4971 freq_range->start_freq_khz) ||
4972 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
4973 freq_range->end_freq_khz) ||
4974 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
4975 freq_range->max_bandwidth_khz) ||
4976 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
4977 power_rule->max_antenna_gain) ||
4978 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
4979 power_rule->max_eirp))
4980 goto nla_put_failure_rcu;
4981
4982 nla_nest_end(msg, nl_reg_rule);
4983 }
4984 rcu_read_unlock();
4985
4986 nla_nest_end(msg, nl_reg_rules);
4987
4988 genlmsg_end(msg, hdr);
4989 err = genlmsg_reply(msg, info);
4990 goto out;
4991
4992 nla_put_failure_rcu:
4993 rcu_read_unlock();
4994 nla_put_failure:
4995 genlmsg_cancel(msg, hdr);
4996 put_failure:
4997 nlmsg_free(msg);
4998 err = -EMSGSIZE;
4999 out:
5000 mutex_unlock(&cfg80211_mutex);
5001 return err;
5002 }
5003
nl80211_set_reg(struct sk_buff * skb,struct genl_info * info)5004 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5005 {
5006 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5007 struct nlattr *nl_reg_rule;
5008 char *alpha2 = NULL;
5009 int rem_reg_rules = 0, r = 0;
5010 u32 num_rules = 0, rule_idx = 0, size_of_regd;
5011 u8 dfs_region = 0;
5012 struct ieee80211_regdomain *rd = NULL;
5013
5014 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5015 return -EINVAL;
5016
5017 if (!info->attrs[NL80211_ATTR_REG_RULES])
5018 return -EINVAL;
5019
5020 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5021
5022 if (info->attrs[NL80211_ATTR_DFS_REGION])
5023 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5024
5025 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5026 rem_reg_rules) {
5027 num_rules++;
5028 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5029 return -EINVAL;
5030 }
5031
5032 size_of_regd = sizeof(struct ieee80211_regdomain) +
5033 num_rules * sizeof(struct ieee80211_reg_rule);
5034
5035 rd = kzalloc(size_of_regd, GFP_KERNEL);
5036 if (!rd)
5037 return -ENOMEM;
5038
5039 rd->n_reg_rules = num_rules;
5040 rd->alpha2[0] = alpha2[0];
5041 rd->alpha2[1] = alpha2[1];
5042
5043 /*
5044 * Disable DFS master mode if the DFS region was
5045 * not supported or known on this kernel.
5046 */
5047 if (reg_supported_dfs_region(dfs_region))
5048 rd->dfs_region = dfs_region;
5049
5050 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5051 rem_reg_rules) {
5052 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5053 nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5054 reg_rule_policy);
5055 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5056 if (r)
5057 goto bad_reg;
5058
5059 rule_idx++;
5060
5061 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5062 r = -EINVAL;
5063 goto bad_reg;
5064 }
5065 }
5066
5067 mutex_lock(&cfg80211_mutex);
5068
5069 r = set_regdom(rd);
5070 /* set_regdom took ownership */
5071 rd = NULL;
5072 mutex_unlock(&cfg80211_mutex);
5073
5074 bad_reg:
5075 kfree(rd);
5076 return r;
5077 }
5078
validate_scan_freqs(struct nlattr * freqs)5079 static int validate_scan_freqs(struct nlattr *freqs)
5080 {
5081 struct nlattr *attr1, *attr2;
5082 int n_channels = 0, tmp1, tmp2;
5083
5084 nla_for_each_nested(attr1, freqs, tmp1) {
5085 n_channels++;
5086 /*
5087 * Some hardware has a limited channel list for
5088 * scanning, and it is pretty much nonsensical
5089 * to scan for a channel twice, so disallow that
5090 * and don't require drivers to check that the
5091 * channel list they get isn't longer than what
5092 * they can scan, as long as they can scan all
5093 * the channels they registered at once.
5094 */
5095 nla_for_each_nested(attr2, freqs, tmp2)
5096 if (attr1 != attr2 &&
5097 nla_get_u32(attr1) == nla_get_u32(attr2))
5098 return 0;
5099 }
5100
5101 return n_channels;
5102 }
5103
nl80211_trigger_scan(struct sk_buff * skb,struct genl_info * info)5104 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5105 {
5106 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5107 struct wireless_dev *wdev = info->user_ptr[1];
5108 struct cfg80211_scan_request *request;
5109 struct nlattr *attr;
5110 struct wiphy *wiphy;
5111 int err, tmp, n_ssids = 0, n_channels, i;
5112 size_t ie_len;
5113
5114 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5115 return -EINVAL;
5116
5117 wiphy = &rdev->wiphy;
5118
5119 if (!rdev->ops->scan)
5120 return -EOPNOTSUPP;
5121
5122 mutex_lock(&rdev->sched_scan_mtx);
5123 if (rdev->scan_req) {
5124 err = -EBUSY;
5125 goto unlock;
5126 }
5127
5128 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5129 n_channels = validate_scan_freqs(
5130 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5131 if (!n_channels) {
5132 err = -EINVAL;
5133 goto unlock;
5134 }
5135 } else {
5136 enum ieee80211_band band;
5137 n_channels = 0;
5138
5139 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
5140 if (wiphy->bands[band])
5141 n_channels += wiphy->bands[band]->n_channels;
5142 }
5143
5144 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5145 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5146 n_ssids++;
5147
5148 if (n_ssids > wiphy->max_scan_ssids) {
5149 err = -EINVAL;
5150 goto unlock;
5151 }
5152
5153 if (info->attrs[NL80211_ATTR_IE])
5154 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5155 else
5156 ie_len = 0;
5157
5158 if (ie_len > wiphy->max_scan_ie_len) {
5159 err = -EINVAL;
5160 goto unlock;
5161 }
5162
5163 request = kzalloc(sizeof(*request)
5164 + sizeof(*request->ssids) * n_ssids
5165 + sizeof(*request->channels) * n_channels
5166 + ie_len, GFP_KERNEL);
5167 if (!request) {
5168 err = -ENOMEM;
5169 goto unlock;
5170 }
5171
5172 if (n_ssids)
5173 request->ssids = (void *)&request->channels[n_channels];
5174 request->n_ssids = n_ssids;
5175 if (ie_len) {
5176 if (request->ssids)
5177 request->ie = (void *)(request->ssids + n_ssids);
5178 else
5179 request->ie = (void *)(request->channels + n_channels);
5180 }
5181
5182 i = 0;
5183 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5184 /* user specified, bail out if channel not found */
5185 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5186 struct ieee80211_channel *chan;
5187
5188 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5189
5190 if (!chan) {
5191 err = -EINVAL;
5192 goto out_free;
5193 }
5194
5195 /* ignore disabled channels */
5196 if (chan->flags & IEEE80211_CHAN_DISABLED)
5197 continue;
5198
5199 request->channels[i] = chan;
5200 i++;
5201 }
5202 } else {
5203 enum ieee80211_band band;
5204
5205 /* all channels */
5206 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5207 int j;
5208 if (!wiphy->bands[band])
5209 continue;
5210 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5211 struct ieee80211_channel *chan;
5212
5213 chan = &wiphy->bands[band]->channels[j];
5214
5215 if (chan->flags & IEEE80211_CHAN_DISABLED)
5216 continue;
5217
5218 request->channels[i] = chan;
5219 i++;
5220 }
5221 }
5222 }
5223
5224 if (!i) {
5225 err = -EINVAL;
5226 goto out_free;
5227 }
5228
5229 request->n_channels = i;
5230
5231 i = 0;
5232 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5233 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5234 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5235 err = -EINVAL;
5236 goto out_free;
5237 }
5238 request->ssids[i].ssid_len = nla_len(attr);
5239 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5240 i++;
5241 }
5242 }
5243
5244 if (info->attrs[NL80211_ATTR_IE]) {
5245 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5246 memcpy((void *)request->ie,
5247 nla_data(info->attrs[NL80211_ATTR_IE]),
5248 request->ie_len);
5249 }
5250
5251 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5252 if (wiphy->bands[i])
5253 request->rates[i] =
5254 (1 << wiphy->bands[i]->n_bitrates) - 1;
5255
5256 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5257 nla_for_each_nested(attr,
5258 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5259 tmp) {
5260 enum ieee80211_band band = nla_type(attr);
5261
5262 if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5263 err = -EINVAL;
5264 goto out_free;
5265 }
5266 err = ieee80211_get_ratemask(wiphy->bands[band],
5267 nla_data(attr),
5268 nla_len(attr),
5269 &request->rates[band]);
5270 if (err)
5271 goto out_free;
5272 }
5273 }
5274
5275 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5276 request->flags = nla_get_u32(
5277 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5278 if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5279 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
5280 ((request->flags & NL80211_SCAN_FLAG_FLUSH) &&
5281 !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) {
5282 err = -EOPNOTSUPP;
5283 goto out_free;
5284 }
5285 }
5286
5287 request->no_cck =
5288 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5289
5290 request->wdev = wdev;
5291 request->wiphy = &rdev->wiphy;
5292 request->scan_start = jiffies;
5293
5294 rdev->scan_req = request;
5295 err = rdev_scan(rdev, request);
5296
5297 if (!err) {
5298 nl80211_send_scan_start(rdev, wdev);
5299 if (wdev->netdev)
5300 dev_hold(wdev->netdev);
5301 } else {
5302 out_free:
5303 rdev->scan_req = NULL;
5304 kfree(request);
5305 }
5306
5307 unlock:
5308 mutex_unlock(&rdev->sched_scan_mtx);
5309 return err;
5310 }
5311
nl80211_start_sched_scan(struct sk_buff * skb,struct genl_info * info)5312 static int nl80211_start_sched_scan(struct sk_buff *skb,
5313 struct genl_info *info)
5314 {
5315 struct cfg80211_sched_scan_request *request;
5316 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5317 struct net_device *dev = info->user_ptr[1];
5318 struct nlattr *attr;
5319 struct wiphy *wiphy;
5320 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
5321 u32 interval;
5322 enum ieee80211_band band;
5323 size_t ie_len;
5324 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
5325 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
5326
5327 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5328 !rdev->ops->sched_scan_start)
5329 return -EOPNOTSUPP;
5330
5331 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5332 return -EINVAL;
5333
5334 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
5335 return -EINVAL;
5336
5337 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
5338 if (interval == 0)
5339 return -EINVAL;
5340
5341 wiphy = &rdev->wiphy;
5342
5343 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5344 n_channels = validate_scan_freqs(
5345 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5346 if (!n_channels)
5347 return -EINVAL;
5348 } else {
5349 n_channels = 0;
5350
5351 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
5352 if (wiphy->bands[band])
5353 n_channels += wiphy->bands[band]->n_channels;
5354 }
5355
5356 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5357 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5358 tmp)
5359 n_ssids++;
5360
5361 if (n_ssids > wiphy->max_sched_scan_ssids)
5362 return -EINVAL;
5363
5364 /*
5365 * First, count the number of 'real' matchsets. Due to an issue with
5366 * the old implementation, matchsets containing only the RSSI attribute
5367 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
5368 * RSSI for all matchsets, rather than their own matchset for reporting
5369 * all APs with a strong RSSI. This is needed to be compatible with
5370 * older userspace that treated a matchset with only the RSSI as the
5371 * global RSSI for all other matchsets - if there are other matchsets.
5372 */
5373 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5374 nla_for_each_nested(attr,
5375 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5376 tmp) {
5377 struct nlattr *rssi;
5378
5379 err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5380 nla_data(attr), nla_len(attr),
5381 nl80211_match_policy);
5382 if (err)
5383 return err;
5384 /* add other standalone attributes here */
5385 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
5386 n_match_sets++;
5387 continue;
5388 }
5389 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5390 if (rssi)
5391 default_match_rssi = nla_get_s32(rssi);
5392 }
5393 }
5394
5395 /* However, if there's no other matchset, add the RSSI one */
5396 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
5397 n_match_sets = 1;
5398
5399 if (n_match_sets > wiphy->max_match_sets)
5400 return -EINVAL;
5401
5402 if (info->attrs[NL80211_ATTR_IE])
5403 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5404 else
5405 ie_len = 0;
5406
5407 if (ie_len > wiphy->max_sched_scan_ie_len)
5408 return -EINVAL;
5409
5410 mutex_lock(&rdev->sched_scan_mtx);
5411
5412 if (rdev->sched_scan_req) {
5413 err = -EINPROGRESS;
5414 goto out;
5415 }
5416
5417 request = kzalloc(sizeof(*request)
5418 + sizeof(*request->ssids) * n_ssids
5419 + sizeof(*request->match_sets) * n_match_sets
5420 + sizeof(*request->channels) * n_channels
5421 + ie_len, GFP_KERNEL);
5422 if (!request) {
5423 err = -ENOMEM;
5424 goto out;
5425 }
5426
5427 if (n_ssids)
5428 request->ssids = (void *)&request->channels[n_channels];
5429 request->n_ssids = n_ssids;
5430 if (ie_len) {
5431 if (request->ssids)
5432 request->ie = (void *)(request->ssids + n_ssids);
5433 else
5434 request->ie = (void *)(request->channels + n_channels);
5435 }
5436
5437 if (n_match_sets) {
5438 if (request->ie)
5439 request->match_sets = (void *)(request->ie + ie_len);
5440 else if (request->ssids)
5441 request->match_sets =
5442 (void *)(request->ssids + n_ssids);
5443 else
5444 request->match_sets =
5445 (void *)(request->channels + n_channels);
5446 }
5447 request->n_match_sets = n_match_sets;
5448
5449 i = 0;
5450 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5451 /* user specified, bail out if channel not found */
5452 nla_for_each_nested(attr,
5453 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
5454 tmp) {
5455 struct ieee80211_channel *chan;
5456
5457 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5458
5459 if (!chan) {
5460 err = -EINVAL;
5461 goto out_free;
5462 }
5463
5464 /* ignore disabled channels */
5465 if (chan->flags & IEEE80211_CHAN_DISABLED)
5466 continue;
5467
5468 request->channels[i] = chan;
5469 i++;
5470 }
5471 } else {
5472 /* all channels */
5473 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5474 int j;
5475 if (!wiphy->bands[band])
5476 continue;
5477 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5478 struct ieee80211_channel *chan;
5479
5480 chan = &wiphy->bands[band]->channels[j];
5481
5482 if (chan->flags & IEEE80211_CHAN_DISABLED)
5483 continue;
5484
5485 request->channels[i] = chan;
5486 i++;
5487 }
5488 }
5489 }
5490
5491 if (!i) {
5492 err = -EINVAL;
5493 goto out_free;
5494 }
5495
5496 request->n_channels = i;
5497
5498 i = 0;
5499 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5500 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5501 tmp) {
5502 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5503 err = -EINVAL;
5504 goto out_free;
5505 }
5506 request->ssids[i].ssid_len = nla_len(attr);
5507 memcpy(request->ssids[i].ssid, nla_data(attr),
5508 nla_len(attr));
5509 i++;
5510 }
5511 }
5512
5513 i = 0;
5514 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5515 nla_for_each_nested(attr,
5516 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5517 tmp) {
5518 struct nlattr *ssid, *rssi;
5519
5520 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5521 nla_data(attr), nla_len(attr),
5522 nl80211_match_policy);
5523 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
5524 if (ssid) {
5525 if (WARN_ON(i >= n_match_sets)) {
5526 /* this indicates a programming error,
5527 * the loop above should have verified
5528 * things properly
5529 */
5530 err = -EINVAL;
5531 goto out_free;
5532 }
5533
5534 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
5535 err = -EINVAL;
5536 goto out_free;
5537 }
5538 memcpy(request->match_sets[i].ssid.ssid,
5539 nla_data(ssid), nla_len(ssid));
5540 request->match_sets[i].ssid.ssid_len =
5541 nla_len(ssid);
5542 /* special attribute - old implemenation w/a */
5543 request->match_sets[i].rssi_thold =
5544 default_match_rssi;
5545 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5546 if (rssi)
5547 request->match_sets[i].rssi_thold =
5548 nla_get_s32(rssi);
5549 }
5550 i++;
5551 }
5552
5553 /* there was no other matchset, so the RSSI one is alone */
5554 if (i == 0)
5555 request->match_sets[0].rssi_thold = default_match_rssi;
5556
5557 request->min_rssi_thold = INT_MAX;
5558 for (i = 0; i < n_match_sets; i++)
5559 request->min_rssi_thold =
5560 min(request->match_sets[i].rssi_thold,
5561 request->min_rssi_thold);
5562 } else {
5563 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
5564 }
5565
5566 request->rssi_thold = request->min_rssi_thold;
5567
5568 if (info->attrs[NL80211_ATTR_IE]) {
5569 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5570 memcpy((void *)request->ie,
5571 nla_data(info->attrs[NL80211_ATTR_IE]),
5572 request->ie_len);
5573 }
5574
5575 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5576 request->flags = nla_get_u32(
5577 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5578 if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5579 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
5580 ((request->flags & NL80211_SCAN_FLAG_FLUSH) &&
5581 !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) {
5582 err = -EOPNOTSUPP;
5583 goto out_free;
5584 }
5585 }
5586
5587 request->dev = dev;
5588 request->wiphy = &rdev->wiphy;
5589 request->interval = interval;
5590 request->scan_start = jiffies;
5591
5592 err = rdev_sched_scan_start(rdev, dev, request);
5593 if (!err) {
5594 if (info->attrs[NL80211_ATTR_IFACE_SOCKET_OWNER])
5595 request->owner_nlportid = info->snd_portid;
5596
5597 rdev->sched_scan_req = request;
5598 nl80211_send_sched_scan(rdev, dev,
5599 NL80211_CMD_START_SCHED_SCAN);
5600 goto out;
5601 }
5602
5603 out_free:
5604 kfree(request);
5605 out:
5606 mutex_unlock(&rdev->sched_scan_mtx);
5607 return err;
5608 }
5609
nl80211_stop_sched_scan(struct sk_buff * skb,struct genl_info * info)5610 static int nl80211_stop_sched_scan(struct sk_buff *skb,
5611 struct genl_info *info)
5612 {
5613 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5614 int err;
5615
5616 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5617 !rdev->ops->sched_scan_stop)
5618 return -EOPNOTSUPP;
5619
5620 mutex_lock(&rdev->sched_scan_mtx);
5621 err = __cfg80211_stop_sched_scan(rdev, false);
5622 mutex_unlock(&rdev->sched_scan_mtx);
5623
5624 return err;
5625 }
5626
nl80211_start_radar_detection(struct sk_buff * skb,struct genl_info * info)5627 static int nl80211_start_radar_detection(struct sk_buff *skb,
5628 struct genl_info *info)
5629 {
5630 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5631 struct net_device *dev = info->user_ptr[1];
5632 struct wireless_dev *wdev = dev->ieee80211_ptr;
5633 struct cfg80211_chan_def chandef;
5634 int err;
5635
5636 err = nl80211_parse_chandef(rdev, info, &chandef);
5637 if (err)
5638 return err;
5639
5640 if (wdev->cac_started)
5641 return -EBUSY;
5642
5643 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef);
5644 if (err < 0)
5645 return err;
5646
5647 if (err == 0)
5648 return -EINVAL;
5649
5650 if (chandef.chan->dfs_state != NL80211_DFS_USABLE)
5651 return -EINVAL;
5652
5653 if (!rdev->ops->start_radar_detection)
5654 return -EOPNOTSUPP;
5655
5656 mutex_lock(&rdev->devlist_mtx);
5657 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
5658 chandef.chan, CHAN_MODE_SHARED,
5659 BIT(chandef.width));
5660 if (err)
5661 goto err_locked;
5662
5663 err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef);
5664 if (!err) {
5665 wdev->channel = chandef.chan;
5666 wdev->cac_started = true;
5667 wdev->cac_start_time = jiffies;
5668 }
5669 err_locked:
5670 mutex_unlock(&rdev->devlist_mtx);
5671
5672 return err;
5673 }
5674
nl80211_send_bss(struct sk_buff * msg,struct netlink_callback * cb,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,struct cfg80211_internal_bss * intbss)5675 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
5676 u32 seq, int flags,
5677 struct cfg80211_registered_device *rdev,
5678 struct wireless_dev *wdev,
5679 struct cfg80211_internal_bss *intbss)
5680 {
5681 struct cfg80211_bss *res = &intbss->pub;
5682 const struct cfg80211_bss_ies *ies;
5683 void *hdr;
5684 struct nlattr *bss;
5685
5686 ASSERT_WDEV_LOCK(wdev);
5687
5688 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5689 NL80211_CMD_NEW_SCAN_RESULTS);
5690 if (!hdr)
5691 return -1;
5692
5693 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5694
5695 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
5696 goto nla_put_failure;
5697 if (wdev->netdev &&
5698 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
5699 goto nla_put_failure;
5700 if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
5701 goto nla_put_failure;
5702
5703 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
5704 if (!bss)
5705 goto nla_put_failure;
5706 if ((!is_zero_ether_addr(res->bssid) &&
5707 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
5708 goto nla_put_failure;
5709
5710 rcu_read_lock();
5711 /* indicate whether we have probe response data or not */
5712 if (rcu_access_pointer(res->proberesp_ies) &&
5713 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
5714 goto fail_unlock_rcu;
5715
5716 /* this pointer prefers to be pointed to probe response data
5717 * but is always valid
5718 */
5719 ies = rcu_dereference(res->ies);
5720 if (ies) {
5721 if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
5722 goto fail_unlock_rcu;
5723 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
5724 ies->len, ies->data))
5725 goto fail_unlock_rcu;
5726 }
5727
5728 /* and this pointer is always (unless driver didn't know) beacon data */
5729 ies = rcu_dereference(res->beacon_ies);
5730 if (ies && ies->from_beacon) {
5731 if (nla_put_u64(msg, NL80211_BSS_BEACON_TSF, ies->tsf))
5732 goto fail_unlock_rcu;
5733 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
5734 ies->len, ies->data))
5735 goto fail_unlock_rcu;
5736 }
5737 rcu_read_unlock();
5738
5739 if (res->beacon_interval &&
5740 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
5741 goto nla_put_failure;
5742 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
5743 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
5744 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
5745 jiffies_to_msecs(jiffies - intbss->ts)))
5746 goto nla_put_failure;
5747
5748 switch (rdev->wiphy.signal_type) {
5749 case CFG80211_SIGNAL_TYPE_MBM:
5750 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
5751 goto nla_put_failure;
5752 break;
5753 case CFG80211_SIGNAL_TYPE_UNSPEC:
5754 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
5755 goto nla_put_failure;
5756 break;
5757 default:
5758 break;
5759 }
5760
5761 switch (wdev->iftype) {
5762 case NL80211_IFTYPE_P2P_CLIENT:
5763 case NL80211_IFTYPE_STATION:
5764 if (intbss == wdev->current_bss &&
5765 nla_put_u32(msg, NL80211_BSS_STATUS,
5766 NL80211_BSS_STATUS_ASSOCIATED))
5767 goto nla_put_failure;
5768 break;
5769 case NL80211_IFTYPE_ADHOC:
5770 if (intbss == wdev->current_bss &&
5771 nla_put_u32(msg, NL80211_BSS_STATUS,
5772 NL80211_BSS_STATUS_IBSS_JOINED))
5773 goto nla_put_failure;
5774 break;
5775 default:
5776 break;
5777 }
5778
5779 nla_nest_end(msg, bss);
5780
5781 return genlmsg_end(msg, hdr);
5782
5783 fail_unlock_rcu:
5784 rcu_read_unlock();
5785 nla_put_failure:
5786 genlmsg_cancel(msg, hdr);
5787 return -EMSGSIZE;
5788 }
5789
nl80211_dump_scan(struct sk_buff * skb,struct netlink_callback * cb)5790 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
5791 {
5792 struct cfg80211_registered_device *rdev;
5793 struct cfg80211_internal_bss *scan;
5794 struct wireless_dev *wdev;
5795 int start = cb->args[2], idx = 0;
5796 int err;
5797
5798 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5799 if (err)
5800 return err;
5801
5802 wdev_lock(wdev);
5803 spin_lock_bh(&rdev->bss_lock);
5804 cfg80211_bss_expire(rdev);
5805
5806 cb->seq = rdev->bss_generation;
5807
5808 list_for_each_entry(scan, &rdev->bss_list, list) {
5809 if (++idx <= start)
5810 continue;
5811 if (nl80211_send_bss(skb, cb,
5812 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5813 rdev, wdev, scan) < 0) {
5814 idx--;
5815 break;
5816 }
5817 }
5818
5819 spin_unlock_bh(&rdev->bss_lock);
5820 wdev_unlock(wdev);
5821
5822 cb->args[2] = idx;
5823 nl80211_finish_wdev_dump(rdev);
5824
5825 return skb->len;
5826 }
5827
nl80211_send_survey(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,struct survey_info * survey)5828 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
5829 int flags, struct net_device *dev,
5830 struct survey_info *survey)
5831 {
5832 void *hdr;
5833 struct nlattr *infoattr;
5834
5835 hdr = nl80211hdr_put(msg, portid, seq, flags,
5836 NL80211_CMD_NEW_SURVEY_RESULTS);
5837 if (!hdr)
5838 return -ENOMEM;
5839
5840 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
5841 goto nla_put_failure;
5842
5843 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
5844 if (!infoattr)
5845 goto nla_put_failure;
5846
5847 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
5848 survey->channel->center_freq))
5849 goto nla_put_failure;
5850
5851 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
5852 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
5853 goto nla_put_failure;
5854 if ((survey->filled & SURVEY_INFO_IN_USE) &&
5855 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
5856 goto nla_put_failure;
5857 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
5858 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
5859 survey->channel_time))
5860 goto nla_put_failure;
5861 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
5862 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
5863 survey->channel_time_busy))
5864 goto nla_put_failure;
5865 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
5866 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
5867 survey->channel_time_ext_busy))
5868 goto nla_put_failure;
5869 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
5870 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
5871 survey->channel_time_rx))
5872 goto nla_put_failure;
5873 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
5874 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
5875 survey->channel_time_tx))
5876 goto nla_put_failure;
5877
5878 nla_nest_end(msg, infoattr);
5879
5880 return genlmsg_end(msg, hdr);
5881
5882 nla_put_failure:
5883 genlmsg_cancel(msg, hdr);
5884 return -EMSGSIZE;
5885 }
5886
nl80211_dump_survey(struct sk_buff * skb,struct netlink_callback * cb)5887 static int nl80211_dump_survey(struct sk_buff *skb,
5888 struct netlink_callback *cb)
5889 {
5890 struct survey_info survey;
5891 struct cfg80211_registered_device *dev;
5892 struct wireless_dev *wdev;
5893 int survey_idx = cb->args[2];
5894 int res;
5895
5896 res = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
5897 if (res)
5898 return res;
5899
5900 if (!wdev->netdev) {
5901 res = -EINVAL;
5902 goto out_err;
5903 }
5904
5905 if (!dev->ops->dump_survey) {
5906 res = -EOPNOTSUPP;
5907 goto out_err;
5908 }
5909
5910 while (1) {
5911 struct ieee80211_channel *chan;
5912
5913 res = rdev_dump_survey(dev, wdev->netdev, survey_idx, &survey);
5914 if (res == -ENOENT)
5915 break;
5916 if (res)
5917 goto out_err;
5918
5919 /* Survey without a channel doesn't make sense */
5920 if (!survey.channel) {
5921 res = -EINVAL;
5922 goto out;
5923 }
5924
5925 chan = ieee80211_get_channel(&dev->wiphy,
5926 survey.channel->center_freq);
5927 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
5928 survey_idx++;
5929 continue;
5930 }
5931
5932 if (nl80211_send_survey(skb,
5933 NETLINK_CB(cb->skb).portid,
5934 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5935 wdev->netdev, &survey) < 0)
5936 goto out;
5937 survey_idx++;
5938 }
5939
5940 out:
5941 cb->args[2] = survey_idx;
5942 res = skb->len;
5943 out_err:
5944 nl80211_finish_wdev_dump(dev);
5945 return res;
5946 }
5947
nl80211_valid_wpa_versions(u32 wpa_versions)5948 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
5949 {
5950 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
5951 NL80211_WPA_VERSION_2));
5952 }
5953
nl80211_authenticate(struct sk_buff * skb,struct genl_info * info)5954 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
5955 {
5956 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5957 struct net_device *dev = info->user_ptr[1];
5958 struct ieee80211_channel *chan;
5959 const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
5960 int err, ssid_len, ie_len = 0, sae_data_len = 0;
5961 enum nl80211_auth_type auth_type;
5962 struct key_parse key;
5963 bool local_state_change;
5964
5965 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5966 return -EINVAL;
5967
5968 if (!info->attrs[NL80211_ATTR_MAC])
5969 return -EINVAL;
5970
5971 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
5972 return -EINVAL;
5973
5974 if (!info->attrs[NL80211_ATTR_SSID])
5975 return -EINVAL;
5976
5977 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
5978 return -EINVAL;
5979
5980 err = nl80211_parse_key(info, &key);
5981 if (err)
5982 return err;
5983
5984 if (key.idx >= 0) {
5985 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
5986 return -EINVAL;
5987 if (!key.p.key || !key.p.key_len)
5988 return -EINVAL;
5989 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
5990 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
5991 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
5992 key.p.key_len != WLAN_KEY_LEN_WEP104))
5993 return -EINVAL;
5994 if (key.idx > 4)
5995 return -EINVAL;
5996 } else {
5997 key.p.key_len = 0;
5998 key.p.key = NULL;
5999 }
6000
6001 if (key.idx >= 0) {
6002 int i;
6003 bool ok = false;
6004 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
6005 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
6006 ok = true;
6007 break;
6008 }
6009 }
6010 if (!ok)
6011 return -EINVAL;
6012 }
6013
6014 if (!rdev->ops->auth)
6015 return -EOPNOTSUPP;
6016
6017 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6018 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6019 return -EOPNOTSUPP;
6020
6021 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6022 chan = ieee80211_get_channel(&rdev->wiphy,
6023 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
6024 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
6025 return -EINVAL;
6026
6027 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6028 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6029
6030 if (info->attrs[NL80211_ATTR_IE]) {
6031 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6032 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6033 }
6034
6035 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6036 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
6037 return -EINVAL;
6038
6039 if (auth_type == NL80211_AUTHTYPE_SAE &&
6040 !info->attrs[NL80211_ATTR_SAE_DATA])
6041 return -EINVAL;
6042
6043 if (info->attrs[NL80211_ATTR_SAE_DATA]) {
6044 if (auth_type != NL80211_AUTHTYPE_SAE)
6045 return -EINVAL;
6046 sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
6047 sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
6048 /* need to include at least Auth Transaction and Status Code */
6049 if (sae_data_len < 4)
6050 return -EINVAL;
6051 }
6052
6053 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6054
6055 /*
6056 * Since we no longer track auth state, ignore
6057 * requests to only change local state.
6058 */
6059 if (local_state_change)
6060 return 0;
6061
6062 return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
6063 ssid, ssid_len, ie, ie_len,
6064 key.p.key, key.p.key_len, key.idx,
6065 sae_data, sae_data_len);
6066 }
6067
nl80211_crypto_settings(struct cfg80211_registered_device * rdev,struct genl_info * info,struct cfg80211_crypto_settings * settings,int cipher_limit)6068 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
6069 struct genl_info *info,
6070 struct cfg80211_crypto_settings *settings,
6071 int cipher_limit)
6072 {
6073 memset(settings, 0, sizeof(*settings));
6074
6075 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
6076
6077 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
6078 u16 proto;
6079 proto = nla_get_u16(
6080 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
6081 settings->control_port_ethertype = cpu_to_be16(proto);
6082 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
6083 proto != ETH_P_PAE)
6084 return -EINVAL;
6085 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
6086 settings->control_port_no_encrypt = true;
6087 } else
6088 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
6089
6090 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
6091 void *data;
6092 int len, i;
6093
6094 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6095 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6096 settings->n_ciphers_pairwise = len / sizeof(u32);
6097
6098 if (len % sizeof(u32))
6099 return -EINVAL;
6100
6101 if (settings->n_ciphers_pairwise > cipher_limit)
6102 return -EINVAL;
6103
6104 memcpy(settings->ciphers_pairwise, data, len);
6105
6106 for (i = 0; i < settings->n_ciphers_pairwise; i++)
6107 if (!cfg80211_supported_cipher_suite(
6108 &rdev->wiphy,
6109 settings->ciphers_pairwise[i]))
6110 return -EINVAL;
6111 }
6112
6113 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
6114 settings->cipher_group =
6115 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
6116 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
6117 settings->cipher_group))
6118 return -EINVAL;
6119 }
6120
6121 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
6122 settings->wpa_versions =
6123 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
6124 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
6125 return -EINVAL;
6126 }
6127
6128 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
6129 void *data;
6130 int len;
6131
6132 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
6133 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
6134 settings->n_akm_suites = len / sizeof(u32);
6135
6136 if (len % sizeof(u32))
6137 return -EINVAL;
6138
6139 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
6140 return -EINVAL;
6141
6142 memcpy(settings->akm_suites, data, len);
6143 }
6144
6145 return 0;
6146 }
6147
nl80211_associate(struct sk_buff * skb,struct genl_info * info)6148 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
6149 {
6150 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6151 struct net_device *dev = info->user_ptr[1];
6152 struct ieee80211_channel *chan;
6153 struct cfg80211_assoc_request req = {};
6154 const u8 *bssid, *ssid;
6155 int err, ssid_len = 0;
6156
6157 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6158 return -EINVAL;
6159
6160 if (!info->attrs[NL80211_ATTR_MAC] ||
6161 !info->attrs[NL80211_ATTR_SSID] ||
6162 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
6163 return -EINVAL;
6164
6165 if (!rdev->ops->assoc)
6166 return -EOPNOTSUPP;
6167
6168 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6169 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6170 return -EOPNOTSUPP;
6171
6172 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6173
6174 chan = ieee80211_get_channel(&rdev->wiphy,
6175 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
6176 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
6177 return -EINVAL;
6178
6179 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6180 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6181
6182 if (info->attrs[NL80211_ATTR_IE]) {
6183 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6184 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6185 }
6186
6187 if (info->attrs[NL80211_ATTR_USE_MFP]) {
6188 enum nl80211_mfp mfp =
6189 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6190 if (mfp == NL80211_MFP_REQUIRED)
6191 req.use_mfp = true;
6192 else if (mfp != NL80211_MFP_NO)
6193 return -EINVAL;
6194 }
6195
6196 if (info->attrs[NL80211_ATTR_PREV_BSSID])
6197 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
6198
6199 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6200 req.flags |= ASSOC_REQ_DISABLE_HT;
6201
6202 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6203 memcpy(&req.ht_capa_mask,
6204 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6205 sizeof(req.ht_capa_mask));
6206
6207 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6208 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6209 return -EINVAL;
6210 memcpy(&req.ht_capa,
6211 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6212 sizeof(req.ht_capa));
6213 }
6214
6215 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
6216 req.flags |= ASSOC_REQ_DISABLE_VHT;
6217
6218 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6219 memcpy(&req.vht_capa_mask,
6220 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
6221 sizeof(req.vht_capa_mask));
6222
6223 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
6224 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6225 return -EINVAL;
6226 memcpy(&req.vht_capa,
6227 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
6228 sizeof(req.vht_capa));
6229 }
6230
6231 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
6232 if (!err)
6233 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
6234 ssid, ssid_len, &req);
6235
6236 return err;
6237 }
6238
nl80211_deauthenticate(struct sk_buff * skb,struct genl_info * info)6239 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
6240 {
6241 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6242 struct net_device *dev = info->user_ptr[1];
6243 const u8 *ie = NULL, *bssid;
6244 int ie_len = 0;
6245 u16 reason_code;
6246 bool local_state_change;
6247
6248 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6249 return -EINVAL;
6250
6251 if (!info->attrs[NL80211_ATTR_MAC])
6252 return -EINVAL;
6253
6254 if (!info->attrs[NL80211_ATTR_REASON_CODE])
6255 return -EINVAL;
6256
6257 if (!rdev->ops->deauth)
6258 return -EOPNOTSUPP;
6259
6260 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6261 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6262 return -EOPNOTSUPP;
6263
6264 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6265
6266 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6267 if (reason_code == 0) {
6268 /* Reason Code 0 is reserved */
6269 return -EINVAL;
6270 }
6271
6272 if (info->attrs[NL80211_ATTR_IE]) {
6273 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6274 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6275 }
6276
6277 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6278
6279 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
6280 local_state_change);
6281 }
6282
nl80211_disassociate(struct sk_buff * skb,struct genl_info * info)6283 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
6284 {
6285 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6286 struct net_device *dev = info->user_ptr[1];
6287 const u8 *ie = NULL, *bssid;
6288 int ie_len = 0;
6289 u16 reason_code;
6290 bool local_state_change;
6291
6292 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6293 return -EINVAL;
6294
6295 if (!info->attrs[NL80211_ATTR_MAC])
6296 return -EINVAL;
6297
6298 if (!info->attrs[NL80211_ATTR_REASON_CODE])
6299 return -EINVAL;
6300
6301 if (!rdev->ops->disassoc)
6302 return -EOPNOTSUPP;
6303
6304 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6305 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6306 return -EOPNOTSUPP;
6307
6308 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6309
6310 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6311 if (reason_code == 0) {
6312 /* Reason Code 0 is reserved */
6313 return -EINVAL;
6314 }
6315
6316 if (info->attrs[NL80211_ATTR_IE]) {
6317 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6318 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6319 }
6320
6321 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6322
6323 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
6324 local_state_change);
6325 }
6326
6327 static bool
nl80211_parse_mcast_rate(struct cfg80211_registered_device * rdev,int mcast_rate[IEEE80211_NUM_BANDS],int rateval)6328 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
6329 int mcast_rate[IEEE80211_NUM_BANDS],
6330 int rateval)
6331 {
6332 struct wiphy *wiphy = &rdev->wiphy;
6333 bool found = false;
6334 int band, i;
6335
6336 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6337 struct ieee80211_supported_band *sband;
6338
6339 sband = wiphy->bands[band];
6340 if (!sband)
6341 continue;
6342
6343 for (i = 0; i < sband->n_bitrates; i++) {
6344 if (sband->bitrates[i].bitrate == rateval) {
6345 mcast_rate[band] = i + 1;
6346 found = true;
6347 break;
6348 }
6349 }
6350 }
6351
6352 return found;
6353 }
6354
nl80211_join_ibss(struct sk_buff * skb,struct genl_info * info)6355 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
6356 {
6357 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6358 struct net_device *dev = info->user_ptr[1];
6359 struct cfg80211_ibss_params ibss;
6360 struct wiphy *wiphy;
6361 struct cfg80211_cached_keys *connkeys = NULL;
6362 int err;
6363
6364 memset(&ibss, 0, sizeof(ibss));
6365
6366 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6367 return -EINVAL;
6368
6369 if (!info->attrs[NL80211_ATTR_SSID] ||
6370 !nla_len(info->attrs[NL80211_ATTR_SSID]))
6371 return -EINVAL;
6372
6373 ibss.beacon_interval = 100;
6374
6375 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
6376 ibss.beacon_interval =
6377 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6378 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
6379 return -EINVAL;
6380 }
6381
6382 if (!rdev->ops->join_ibss)
6383 return -EOPNOTSUPP;
6384
6385 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6386 return -EOPNOTSUPP;
6387
6388 wiphy = &rdev->wiphy;
6389
6390 if (info->attrs[NL80211_ATTR_MAC]) {
6391 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6392
6393 if (!is_valid_ether_addr(ibss.bssid))
6394 return -EINVAL;
6395 }
6396 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6397 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6398
6399 if (info->attrs[NL80211_ATTR_IE]) {
6400 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6401 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6402 }
6403
6404 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
6405 if (err)
6406 return err;
6407
6408 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef))
6409 return -EINVAL;
6410
6411 if (ibss.chandef.width > NL80211_CHAN_WIDTH_40)
6412 return -EINVAL;
6413 if (ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
6414 !(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
6415 return -EINVAL;
6416
6417 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
6418 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6419
6420 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6421 u8 *rates =
6422 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6423 int n_rates =
6424 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6425 struct ieee80211_supported_band *sband =
6426 wiphy->bands[ibss.chandef.chan->band];
6427
6428 err = ieee80211_get_ratemask(sband, rates, n_rates,
6429 &ibss.basic_rates);
6430 if (err)
6431 return err;
6432 }
6433
6434 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
6435 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
6436 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
6437 return -EINVAL;
6438
6439 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
6440 bool no_ht = false;
6441
6442 connkeys = nl80211_parse_connkeys(rdev,
6443 info->attrs[NL80211_ATTR_KEYS],
6444 &no_ht);
6445 if (IS_ERR(connkeys))
6446 return PTR_ERR(connkeys);
6447
6448 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
6449 no_ht) {
6450 kfree(connkeys);
6451 return -EINVAL;
6452 }
6453 }
6454
6455 ibss.control_port =
6456 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
6457
6458 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
6459 if (err)
6460 kfree(connkeys);
6461 return err;
6462 }
6463
nl80211_leave_ibss(struct sk_buff * skb,struct genl_info * info)6464 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
6465 {
6466 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6467 struct net_device *dev = info->user_ptr[1];
6468
6469 if (!rdev->ops->leave_ibss)
6470 return -EOPNOTSUPP;
6471
6472 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6473 return -EOPNOTSUPP;
6474
6475 return cfg80211_leave_ibss(rdev, dev, false);
6476 }
6477
nl80211_set_mcast_rate(struct sk_buff * skb,struct genl_info * info)6478 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
6479 {
6480 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6481 struct net_device *dev = info->user_ptr[1];
6482 int mcast_rate[IEEE80211_NUM_BANDS];
6483 u32 nla_rate;
6484 int err;
6485
6486 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
6487 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6488 return -EOPNOTSUPP;
6489
6490 if (!rdev->ops->set_mcast_rate)
6491 return -EOPNOTSUPP;
6492
6493 memset(mcast_rate, 0, sizeof(mcast_rate));
6494
6495 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
6496 return -EINVAL;
6497
6498 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
6499 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
6500 return -EINVAL;
6501
6502 err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
6503
6504 return err;
6505 }
6506
6507 static struct sk_buff *
__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device * rdev,int approxlen,u32 portid,u32 seq,enum nl80211_commands cmd,enum nl80211_attrs attr,const struct nl80211_vendor_cmd_info * info,gfp_t gfp)6508 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
6509 int approxlen, u32 portid, u32 seq,
6510 enum nl80211_commands cmd,
6511 enum nl80211_attrs attr,
6512 const struct nl80211_vendor_cmd_info *info,
6513 gfp_t gfp)
6514 {
6515 struct sk_buff *skb;
6516 void *hdr;
6517 struct nlattr *data;
6518
6519 skb = nlmsg_new(approxlen + 100, gfp);
6520 if (!skb)
6521 return NULL;
6522
6523 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
6524 if (!hdr) {
6525 kfree_skb(skb);
6526 return NULL;
6527 }
6528
6529 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
6530 goto nla_put_failure;
6531
6532 if (info) {
6533 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
6534 info->vendor_id))
6535 goto nla_put_failure;
6536 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
6537 info->subcmd))
6538 goto nla_put_failure;
6539 }
6540
6541 data = nla_nest_start(skb, attr);
6542
6543 ((void **)skb->cb)[0] = rdev;
6544 ((void **)skb->cb)[1] = hdr;
6545 ((void **)skb->cb)[2] = data;
6546
6547 return skb;
6548
6549 nla_put_failure:
6550 kfree_skb(skb);
6551 return NULL;
6552 }
6553
6554 #ifdef CONFIG_NL80211_TESTMODE
6555 static struct genl_multicast_group nl80211_testmode_mcgrp = {
6556 .name = "testmode",
6557 };
6558
6559 static struct genl_multicast_group nl80211_vendor_mcgrp = {
6560 .name = "vendor",
6561 };
6562
nl80211_testmode_do(struct sk_buff * skb,struct genl_info * info)6563 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
6564 {
6565 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6566 int err;
6567
6568 if (!info->attrs[NL80211_ATTR_TESTDATA])
6569 return -EINVAL;
6570
6571 err = -EOPNOTSUPP;
6572 if (rdev->ops->testmode_cmd) {
6573 rdev->cur_cmd_info = info;
6574 err = rdev_testmode_cmd(rdev,
6575 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
6576 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
6577 rdev->cur_cmd_info = NULL;
6578 }
6579
6580 return err;
6581 }
6582
nl80211_testmode_dump(struct sk_buff * skb,struct netlink_callback * cb)6583 static int nl80211_testmode_dump(struct sk_buff *skb,
6584 struct netlink_callback *cb)
6585 {
6586 struct cfg80211_registered_device *rdev;
6587 int err;
6588 long phy_idx;
6589 void *data = NULL;
6590 int data_len = 0;
6591
6592 if (cb->args[0]) {
6593 /*
6594 * 0 is a valid index, but not valid for args[0],
6595 * so we need to offset by 1.
6596 */
6597 phy_idx = cb->args[0] - 1;
6598 } else {
6599 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
6600 nl80211_fam.attrbuf, nl80211_fam.maxattr,
6601 nl80211_policy);
6602 if (err)
6603 return err;
6604
6605 mutex_lock(&cfg80211_mutex);
6606 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
6607 nl80211_fam.attrbuf);
6608 if (IS_ERR(rdev)) {
6609 mutex_unlock(&cfg80211_mutex);
6610 return PTR_ERR(rdev);
6611 }
6612 phy_idx = rdev->wiphy_idx;
6613 rdev = NULL;
6614 mutex_unlock(&cfg80211_mutex);
6615
6616 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
6617 cb->args[1] =
6618 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
6619 }
6620
6621 if (cb->args[1]) {
6622 data = nla_data((void *)cb->args[1]);
6623 data_len = nla_len((void *)cb->args[1]);
6624 }
6625
6626 mutex_lock(&cfg80211_mutex);
6627 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
6628 if (!rdev) {
6629 mutex_unlock(&cfg80211_mutex);
6630 return -ENOENT;
6631 }
6632 cfg80211_lock_rdev(rdev);
6633 mutex_unlock(&cfg80211_mutex);
6634
6635 if (!rdev->ops->testmode_dump) {
6636 err = -EOPNOTSUPP;
6637 goto out_err;
6638 }
6639
6640 while (1) {
6641 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
6642 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6643 NL80211_CMD_TESTMODE);
6644 struct nlattr *tmdata;
6645
6646 if (!hdr)
6647 break;
6648
6649 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
6650 genlmsg_cancel(skb, hdr);
6651 break;
6652 }
6653
6654 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
6655 if (!tmdata) {
6656 genlmsg_cancel(skb, hdr);
6657 break;
6658 }
6659 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
6660 nla_nest_end(skb, tmdata);
6661
6662 if (err == -ENOBUFS || err == -ENOENT) {
6663 genlmsg_cancel(skb, hdr);
6664 break;
6665 } else if (err) {
6666 genlmsg_cancel(skb, hdr);
6667 goto out_err;
6668 }
6669
6670 genlmsg_end(skb, hdr);
6671 }
6672
6673 err = skb->len;
6674 /* see above */
6675 cb->args[0] = phy_idx + 1;
6676 out_err:
6677 cfg80211_unlock_rdev(rdev);
6678 return err;
6679 }
6680
__cfg80211_alloc_event_skb(struct wiphy * wiphy,enum nl80211_commands cmd,enum nl80211_attrs attr,int vendor_event_idx,int approxlen,gfp_t gfp)6681 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
6682 enum nl80211_commands cmd,
6683 enum nl80211_attrs attr,
6684 int vendor_event_idx,
6685 int approxlen, gfp_t gfp)
6686 {
6687 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
6688 const struct nl80211_vendor_cmd_info *info;
6689
6690 switch (cmd) {
6691 case NL80211_CMD_TESTMODE:
6692 if (WARN_ON(vendor_event_idx != -1))
6693 return NULL;
6694 info = NULL;
6695 break;
6696 case NL80211_CMD_VENDOR:
6697 if (WARN_ON(vendor_event_idx < 0 ||
6698 vendor_event_idx >= wiphy->n_vendor_events))
6699 return NULL;
6700 info = &wiphy->vendor_events[vendor_event_idx];
6701 break;
6702 default:
6703 WARN_ON(1);
6704 return NULL;
6705 }
6706 return __cfg80211_alloc_vendor_skb(rdev, approxlen, 0, 0,
6707 cmd, attr, info, gfp);
6708 }
6709 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
6710
__cfg80211_send_event_skb(struct sk_buff * skb,gfp_t gfp)6711 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
6712 {
6713 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
6714 void *hdr = ((void **)skb->cb)[1];
6715 struct nlattr *data = ((void **)skb->cb)[2];
6716
6717 nla_nest_end(skb, data);
6718 genlmsg_end(skb, hdr);
6719
6720 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
6721 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), skb, 0,
6722 nl80211_vendor_mcgrp.id, gfp);
6723 else
6724 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), skb, 0,
6725 nl80211_testmode_mcgrp.id, gfp);
6726 }
6727 EXPORT_SYMBOL(__cfg80211_send_event_skb);
6728 #endif
6729
nl80211_connect(struct sk_buff * skb,struct genl_info * info)6730 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
6731 {
6732 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6733 struct net_device *dev = info->user_ptr[1];
6734 struct cfg80211_connect_params connect;
6735 struct wiphy *wiphy;
6736 struct cfg80211_cached_keys *connkeys = NULL;
6737 int err;
6738
6739 memset(&connect, 0, sizeof(connect));
6740
6741 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6742 return -EINVAL;
6743
6744 if (!info->attrs[NL80211_ATTR_SSID] ||
6745 !nla_len(info->attrs[NL80211_ATTR_SSID]))
6746 return -EINVAL;
6747
6748 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
6749 connect.auth_type =
6750 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6751 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
6752 NL80211_CMD_CONNECT))
6753 return -EINVAL;
6754 } else
6755 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
6756
6757 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
6758
6759 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
6760 NL80211_MAX_NR_CIPHER_SUITES);
6761 if (err)
6762 return err;
6763
6764 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6765 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6766 return -EOPNOTSUPP;
6767
6768 wiphy = &rdev->wiphy;
6769
6770 connect.bg_scan_period = -1;
6771 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
6772 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
6773 connect.bg_scan_period =
6774 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
6775 }
6776
6777 if (info->attrs[NL80211_ATTR_MAC])
6778 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6779 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6780 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6781
6782 if (info->attrs[NL80211_ATTR_IE]) {
6783 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6784 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6785 }
6786
6787 if (info->attrs[NL80211_ATTR_USE_MFP]) {
6788 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6789 if (connect.mfp != NL80211_MFP_REQUIRED &&
6790 connect.mfp != NL80211_MFP_NO)
6791 return -EINVAL;
6792 } else {
6793 connect.mfp = NL80211_MFP_NO;
6794 }
6795
6796 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
6797 connect.channel =
6798 ieee80211_get_channel(wiphy,
6799 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
6800 if (!connect.channel ||
6801 connect.channel->flags & IEEE80211_CHAN_DISABLED)
6802 return -EINVAL;
6803 }
6804
6805 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
6806 connkeys = nl80211_parse_connkeys(rdev,
6807 info->attrs[NL80211_ATTR_KEYS], NULL);
6808 if (IS_ERR(connkeys))
6809 return PTR_ERR(connkeys);
6810 }
6811
6812 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6813 connect.flags |= ASSOC_REQ_DISABLE_HT;
6814
6815 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6816 memcpy(&connect.ht_capa_mask,
6817 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6818 sizeof(connect.ht_capa_mask));
6819
6820 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6821 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
6822 kfree(connkeys);
6823 return -EINVAL;
6824 }
6825 memcpy(&connect.ht_capa,
6826 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6827 sizeof(connect.ht_capa));
6828 }
6829
6830 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
6831 connect.flags |= ASSOC_REQ_DISABLE_VHT;
6832
6833 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6834 memcpy(&connect.vht_capa_mask,
6835 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
6836 sizeof(connect.vht_capa_mask));
6837
6838 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
6839 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
6840 kfree(connkeys);
6841 return -EINVAL;
6842 }
6843 memcpy(&connect.vht_capa,
6844 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
6845 sizeof(connect.vht_capa));
6846 }
6847
6848 err = cfg80211_connect(rdev, dev, &connect, connkeys);
6849 if (err)
6850 kfree(connkeys);
6851 return err;
6852 }
6853
nl80211_disconnect(struct sk_buff * skb,struct genl_info * info)6854 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
6855 {
6856 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6857 struct net_device *dev = info->user_ptr[1];
6858 u16 reason;
6859
6860 if (!info->attrs[NL80211_ATTR_REASON_CODE])
6861 reason = WLAN_REASON_DEAUTH_LEAVING;
6862 else
6863 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6864
6865 if (reason == 0)
6866 return -EINVAL;
6867
6868 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6869 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6870 return -EOPNOTSUPP;
6871
6872 return cfg80211_disconnect(rdev, dev, reason, true);
6873 }
6874
nl80211_wiphy_netns(struct sk_buff * skb,struct genl_info * info)6875 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
6876 {
6877 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6878 struct net *net;
6879 int err;
6880 u32 pid;
6881
6882 if (!info->attrs[NL80211_ATTR_PID])
6883 return -EINVAL;
6884
6885 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
6886
6887 net = get_net_ns_by_pid(pid);
6888 if (IS_ERR(net))
6889 return PTR_ERR(net);
6890
6891 err = 0;
6892
6893 /* check if anything to do */
6894 if (!net_eq(wiphy_net(&rdev->wiphy), net))
6895 err = cfg80211_switch_netns(rdev, net);
6896
6897 put_net(net);
6898 return err;
6899 }
6900
nl80211_setdel_pmksa(struct sk_buff * skb,struct genl_info * info)6901 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
6902 {
6903 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6904 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
6905 struct cfg80211_pmksa *pmksa) = NULL;
6906 struct net_device *dev = info->user_ptr[1];
6907 struct cfg80211_pmksa pmksa;
6908
6909 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
6910
6911 if (!info->attrs[NL80211_ATTR_MAC])
6912 return -EINVAL;
6913
6914 if (!info->attrs[NL80211_ATTR_PMKID])
6915 return -EINVAL;
6916
6917 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
6918 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6919
6920 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6921 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6922 return -EOPNOTSUPP;
6923
6924 switch (info->genlhdr->cmd) {
6925 case NL80211_CMD_SET_PMKSA:
6926 rdev_ops = rdev->ops->set_pmksa;
6927 break;
6928 case NL80211_CMD_DEL_PMKSA:
6929 rdev_ops = rdev->ops->del_pmksa;
6930 break;
6931 default:
6932 WARN_ON(1);
6933 break;
6934 }
6935
6936 if (!rdev_ops)
6937 return -EOPNOTSUPP;
6938
6939 return rdev_ops(&rdev->wiphy, dev, &pmksa);
6940 }
6941
nl80211_flush_pmksa(struct sk_buff * skb,struct genl_info * info)6942 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
6943 {
6944 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6945 struct net_device *dev = info->user_ptr[1];
6946
6947 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6948 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6949 return -EOPNOTSUPP;
6950
6951 if (!rdev->ops->flush_pmksa)
6952 return -EOPNOTSUPP;
6953
6954 return rdev_flush_pmksa(rdev, dev);
6955 }
6956
nl80211_tdls_mgmt(struct sk_buff * skb,struct genl_info * info)6957 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
6958 {
6959 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6960 struct net_device *dev = info->user_ptr[1];
6961 u8 action_code, dialog_token;
6962 u16 status_code;
6963 u8 *peer;
6964
6965 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
6966 !rdev->ops->tdls_mgmt)
6967 return -EOPNOTSUPP;
6968
6969 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
6970 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
6971 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
6972 !info->attrs[NL80211_ATTR_IE] ||
6973 !info->attrs[NL80211_ATTR_MAC])
6974 return -EINVAL;
6975
6976 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
6977 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
6978 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
6979 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
6980
6981 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
6982 dialog_token, status_code,
6983 nla_data(info->attrs[NL80211_ATTR_IE]),
6984 nla_len(info->attrs[NL80211_ATTR_IE]));
6985 }
6986
nl80211_tdls_oper(struct sk_buff * skb,struct genl_info * info)6987 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
6988 {
6989 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6990 struct net_device *dev = info->user_ptr[1];
6991 enum nl80211_tdls_operation operation;
6992 u8 *peer;
6993
6994 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
6995 !rdev->ops->tdls_oper)
6996 return -EOPNOTSUPP;
6997
6998 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
6999 !info->attrs[NL80211_ATTR_MAC])
7000 return -EINVAL;
7001
7002 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
7003 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7004
7005 return rdev_tdls_oper(rdev, dev, peer, operation);
7006 }
7007
nl80211_remain_on_channel(struct sk_buff * skb,struct genl_info * info)7008 static int nl80211_remain_on_channel(struct sk_buff *skb,
7009 struct genl_info *info)
7010 {
7011 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7012 struct wireless_dev *wdev = info->user_ptr[1];
7013 struct cfg80211_chan_def chandef;
7014 struct sk_buff *msg;
7015 void *hdr;
7016 u64 cookie;
7017 u32 duration;
7018 int err;
7019
7020 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7021 !info->attrs[NL80211_ATTR_DURATION])
7022 return -EINVAL;
7023
7024 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7025
7026 if (!rdev->ops->remain_on_channel ||
7027 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
7028 return -EOPNOTSUPP;
7029
7030 /*
7031 * We should be on that channel for at least a minimum amount of
7032 * time (10ms) but no longer than the driver supports.
7033 */
7034 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7035 duration > rdev->wiphy.max_remain_on_channel_duration)
7036 return -EINVAL;
7037
7038 err = nl80211_parse_chandef(rdev, info, &chandef);
7039 if (err)
7040 return err;
7041
7042 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7043 if (!msg)
7044 return -ENOMEM;
7045
7046 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7047 NL80211_CMD_REMAIN_ON_CHANNEL);
7048 if (!hdr) {
7049 err = -ENOBUFS;
7050 goto free_msg;
7051 }
7052
7053 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
7054 duration, &cookie);
7055
7056 if (err)
7057 goto free_msg;
7058
7059 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7060 goto nla_put_failure;
7061
7062 genlmsg_end(msg, hdr);
7063
7064 return genlmsg_reply(msg, info);
7065
7066 nla_put_failure:
7067 err = -ENOBUFS;
7068 free_msg:
7069 nlmsg_free(msg);
7070 return err;
7071 }
7072
nl80211_cancel_remain_on_channel(struct sk_buff * skb,struct genl_info * info)7073 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
7074 struct genl_info *info)
7075 {
7076 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7077 struct wireless_dev *wdev = info->user_ptr[1];
7078 u64 cookie;
7079
7080 if (!info->attrs[NL80211_ATTR_COOKIE])
7081 return -EINVAL;
7082
7083 if (!rdev->ops->cancel_remain_on_channel)
7084 return -EOPNOTSUPP;
7085
7086 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7087
7088 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
7089 }
7090
rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len)7091 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
7092 u8 *rates, u8 rates_len)
7093 {
7094 u8 i;
7095 u32 mask = 0;
7096
7097 for (i = 0; i < rates_len; i++) {
7098 int rate = (rates[i] & 0x7f) * 5;
7099 int ridx;
7100 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
7101 struct ieee80211_rate *srate =
7102 &sband->bitrates[ridx];
7103 if (rate == srate->bitrate) {
7104 mask |= 1 << ridx;
7105 break;
7106 }
7107 }
7108 if (ridx == sband->n_bitrates)
7109 return 0; /* rate not found */
7110 }
7111
7112 return mask;
7113 }
7114
ht_rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len,u8 mcs[IEEE80211_HT_MCS_MASK_LEN])7115 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
7116 u8 *rates, u8 rates_len,
7117 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
7118 {
7119 u8 i;
7120
7121 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
7122
7123 for (i = 0; i < rates_len; i++) {
7124 int ridx, rbit;
7125
7126 ridx = rates[i] / 8;
7127 rbit = BIT(rates[i] % 8);
7128
7129 /* check validity */
7130 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
7131 return false;
7132
7133 /* check availability */
7134 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
7135 mcs[ridx] |= rbit;
7136 else
7137 return false;
7138 }
7139
7140 return true;
7141 }
7142
7143 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
7144 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
7145 .len = NL80211_MAX_SUPP_RATES },
7146 [NL80211_TXRATE_MCS] = { .type = NLA_BINARY,
7147 .len = NL80211_MAX_SUPP_HT_RATES },
7148 };
7149
nl80211_set_tx_bitrate_mask(struct sk_buff * skb,struct genl_info * info)7150 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
7151 struct genl_info *info)
7152 {
7153 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
7154 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7155 struct cfg80211_bitrate_mask mask;
7156 int rem, i;
7157 struct net_device *dev = info->user_ptr[1];
7158 struct nlattr *tx_rates;
7159 struct ieee80211_supported_band *sband;
7160
7161 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
7162 return -EINVAL;
7163
7164 if (!rdev->ops->set_bitrate_mask)
7165 return -EOPNOTSUPP;
7166
7167 memset(&mask, 0, sizeof(mask));
7168 /* Default to all rates enabled */
7169 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
7170 sband = rdev->wiphy.bands[i];
7171 mask.control[i].legacy =
7172 sband ? (1 << sband->n_bitrates) - 1 : 0;
7173 if (sband)
7174 memcpy(mask.control[i].mcs,
7175 sband->ht_cap.mcs.rx_mask,
7176 sizeof(mask.control[i].mcs));
7177 else
7178 memset(mask.control[i].mcs, 0,
7179 sizeof(mask.control[i].mcs));
7180 }
7181
7182 /*
7183 * The nested attribute uses enum nl80211_band as the index. This maps
7184 * directly to the enum ieee80211_band values used in cfg80211.
7185 */
7186 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
7187 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
7188 {
7189 enum ieee80211_band band = nla_type(tx_rates);
7190 if (band < 0 || band >= IEEE80211_NUM_BANDS)
7191 return -EINVAL;
7192 sband = rdev->wiphy.bands[band];
7193 if (sband == NULL)
7194 return -EINVAL;
7195 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
7196 nla_len(tx_rates), nl80211_txattr_policy);
7197 if (tb[NL80211_TXRATE_LEGACY]) {
7198 mask.control[band].legacy = rateset_to_mask(
7199 sband,
7200 nla_data(tb[NL80211_TXRATE_LEGACY]),
7201 nla_len(tb[NL80211_TXRATE_LEGACY]));
7202 if ((mask.control[band].legacy == 0) &&
7203 nla_len(tb[NL80211_TXRATE_LEGACY]))
7204 return -EINVAL;
7205 }
7206 if (tb[NL80211_TXRATE_MCS]) {
7207 if (!ht_rateset_to_mask(
7208 sband,
7209 nla_data(tb[NL80211_TXRATE_MCS]),
7210 nla_len(tb[NL80211_TXRATE_MCS]),
7211 mask.control[band].mcs))
7212 return -EINVAL;
7213 }
7214
7215 if (mask.control[band].legacy == 0) {
7216 /* don't allow empty legacy rates if HT
7217 * is not even supported. */
7218 if (!rdev->wiphy.bands[band]->ht_cap.ht_supported)
7219 return -EINVAL;
7220
7221 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
7222 if (mask.control[band].mcs[i])
7223 break;
7224
7225 /* legacy and mcs rates may not be both empty */
7226 if (i == IEEE80211_HT_MCS_MASK_LEN)
7227 return -EINVAL;
7228 }
7229 }
7230
7231 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
7232 }
7233
nl80211_register_mgmt(struct sk_buff * skb,struct genl_info * info)7234 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
7235 {
7236 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7237 struct wireless_dev *wdev = info->user_ptr[1];
7238 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
7239
7240 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
7241 return -EINVAL;
7242
7243 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
7244 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
7245
7246 switch (wdev->iftype) {
7247 case NL80211_IFTYPE_STATION:
7248 case NL80211_IFTYPE_ADHOC:
7249 case NL80211_IFTYPE_P2P_CLIENT:
7250 case NL80211_IFTYPE_AP:
7251 case NL80211_IFTYPE_AP_VLAN:
7252 case NL80211_IFTYPE_MESH_POINT:
7253 case NL80211_IFTYPE_P2P_GO:
7254 case NL80211_IFTYPE_P2P_DEVICE:
7255 break;
7256 default:
7257 return -EOPNOTSUPP;
7258 }
7259
7260 /* not much point in registering if we can't reply */
7261 if (!rdev->ops->mgmt_tx)
7262 return -EOPNOTSUPP;
7263
7264 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
7265 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
7266 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
7267 }
7268
nl80211_tx_mgmt(struct sk_buff * skb,struct genl_info * info)7269 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
7270 {
7271 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7272 struct wireless_dev *wdev = info->user_ptr[1];
7273 struct cfg80211_chan_def chandef;
7274 int err;
7275 void *hdr = NULL;
7276 u64 cookie;
7277 struct sk_buff *msg = NULL;
7278 unsigned int wait = 0;
7279 bool offchan, no_cck, dont_wait_for_ack;
7280
7281 dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
7282
7283 if (!info->attrs[NL80211_ATTR_FRAME])
7284 return -EINVAL;
7285
7286 if (!rdev->ops->mgmt_tx)
7287 return -EOPNOTSUPP;
7288
7289 switch (wdev->iftype) {
7290 case NL80211_IFTYPE_STATION:
7291 case NL80211_IFTYPE_ADHOC:
7292 case NL80211_IFTYPE_P2P_CLIENT:
7293 case NL80211_IFTYPE_AP:
7294 case NL80211_IFTYPE_AP_VLAN:
7295 case NL80211_IFTYPE_MESH_POINT:
7296 case NL80211_IFTYPE_P2P_GO:
7297 case NL80211_IFTYPE_P2P_DEVICE:
7298 break;
7299 default:
7300 return -EOPNOTSUPP;
7301 }
7302
7303 if (info->attrs[NL80211_ATTR_DURATION]) {
7304 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7305 return -EINVAL;
7306 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7307
7308 /*
7309 * We should wait on the channel for at least a minimum amount
7310 * of time (10ms) but no longer than the driver supports.
7311 */
7312 if (wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7313 wait > rdev->wiphy.max_remain_on_channel_duration)
7314 return -EINVAL;
7315
7316 }
7317
7318 offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
7319
7320 if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7321 return -EINVAL;
7322
7323 no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7324
7325 err = nl80211_parse_chandef(rdev, info, &chandef);
7326 if (err)
7327 return err;
7328
7329 if (!dont_wait_for_ack) {
7330 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7331 if (!msg)
7332 return -ENOMEM;
7333
7334 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7335 NL80211_CMD_FRAME);
7336 if (!hdr) {
7337 err = -ENOBUFS;
7338 goto free_msg;
7339 }
7340 }
7341
7342 err = cfg80211_mlme_mgmt_tx(rdev, wdev, chandef.chan, offchan, wait,
7343 nla_data(info->attrs[NL80211_ATTR_FRAME]),
7344 nla_len(info->attrs[NL80211_ATTR_FRAME]),
7345 no_cck, dont_wait_for_ack, &cookie);
7346 if (err)
7347 goto free_msg;
7348
7349 if (msg) {
7350 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7351 goto nla_put_failure;
7352
7353 genlmsg_end(msg, hdr);
7354 return genlmsg_reply(msg, info);
7355 }
7356
7357 return 0;
7358
7359 nla_put_failure:
7360 err = -ENOBUFS;
7361 free_msg:
7362 nlmsg_free(msg);
7363 return err;
7364 }
7365
nl80211_tx_mgmt_cancel_wait(struct sk_buff * skb,struct genl_info * info)7366 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
7367 {
7368 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7369 struct wireless_dev *wdev = info->user_ptr[1];
7370 u64 cookie;
7371
7372 if (!info->attrs[NL80211_ATTR_COOKIE])
7373 return -EINVAL;
7374
7375 if (!rdev->ops->mgmt_tx_cancel_wait)
7376 return -EOPNOTSUPP;
7377
7378 switch (wdev->iftype) {
7379 case NL80211_IFTYPE_STATION:
7380 case NL80211_IFTYPE_ADHOC:
7381 case NL80211_IFTYPE_P2P_CLIENT:
7382 case NL80211_IFTYPE_AP:
7383 case NL80211_IFTYPE_AP_VLAN:
7384 case NL80211_IFTYPE_P2P_GO:
7385 case NL80211_IFTYPE_P2P_DEVICE:
7386 break;
7387 default:
7388 return -EOPNOTSUPP;
7389 }
7390
7391 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7392
7393 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
7394 }
7395
nl80211_set_power_save(struct sk_buff * skb,struct genl_info * info)7396 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
7397 {
7398 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7399 struct wireless_dev *wdev;
7400 struct net_device *dev = info->user_ptr[1];
7401 u8 ps_state;
7402 bool state;
7403 int err;
7404
7405 if (!info->attrs[NL80211_ATTR_PS_STATE])
7406 return -EINVAL;
7407
7408 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
7409
7410 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
7411 return -EINVAL;
7412
7413 wdev = dev->ieee80211_ptr;
7414
7415 if (!rdev->ops->set_power_mgmt)
7416 return -EOPNOTSUPP;
7417
7418 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
7419
7420 if (state == wdev->ps)
7421 return 0;
7422
7423 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
7424 if (!err)
7425 wdev->ps = state;
7426 return err;
7427 }
7428
nl80211_get_power_save(struct sk_buff * skb,struct genl_info * info)7429 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
7430 {
7431 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7432 enum nl80211_ps_state ps_state;
7433 struct wireless_dev *wdev;
7434 struct net_device *dev = info->user_ptr[1];
7435 struct sk_buff *msg;
7436 void *hdr;
7437 int err;
7438
7439 wdev = dev->ieee80211_ptr;
7440
7441 if (!rdev->ops->set_power_mgmt)
7442 return -EOPNOTSUPP;
7443
7444 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7445 if (!msg)
7446 return -ENOMEM;
7447
7448 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7449 NL80211_CMD_GET_POWER_SAVE);
7450 if (!hdr) {
7451 err = -ENOBUFS;
7452 goto free_msg;
7453 }
7454
7455 if (wdev->ps)
7456 ps_state = NL80211_PS_ENABLED;
7457 else
7458 ps_state = NL80211_PS_DISABLED;
7459
7460 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
7461 goto nla_put_failure;
7462
7463 genlmsg_end(msg, hdr);
7464 return genlmsg_reply(msg, info);
7465
7466 nla_put_failure:
7467 err = -ENOBUFS;
7468 free_msg:
7469 nlmsg_free(msg);
7470 return err;
7471 }
7472
7473 static struct nla_policy
7474 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
7475 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
7476 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
7477 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
7478 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
7479 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
7480 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
7481 };
7482
nl80211_set_cqm_txe(struct genl_info * info,u32 rate,u32 pkts,u32 intvl)7483 static int nl80211_set_cqm_txe(struct genl_info *info,
7484 u32 rate, u32 pkts, u32 intvl)
7485 {
7486 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7487 struct wireless_dev *wdev;
7488 struct net_device *dev = info->user_ptr[1];
7489
7490 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
7491 return -EINVAL;
7492
7493 wdev = dev->ieee80211_ptr;
7494
7495 if (!rdev->ops->set_cqm_txe_config)
7496 return -EOPNOTSUPP;
7497
7498 if (wdev->iftype != NL80211_IFTYPE_STATION &&
7499 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
7500 return -EOPNOTSUPP;
7501
7502 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
7503 }
7504
nl80211_set_cqm_rssi(struct genl_info * info,s32 threshold,u32 hysteresis)7505 static int nl80211_set_cqm_rssi(struct genl_info *info,
7506 s32 threshold, u32 hysteresis)
7507 {
7508 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7509 struct wireless_dev *wdev;
7510 struct net_device *dev = info->user_ptr[1];
7511
7512 if (threshold > 0)
7513 return -EINVAL;
7514
7515 wdev = dev->ieee80211_ptr;
7516
7517 if (!rdev->ops->set_cqm_rssi_config)
7518 return -EOPNOTSUPP;
7519
7520 if (wdev->iftype != NL80211_IFTYPE_STATION &&
7521 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
7522 return -EOPNOTSUPP;
7523
7524 return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
7525 }
7526
nl80211_set_cqm(struct sk_buff * skb,struct genl_info * info)7527 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
7528 {
7529 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
7530 struct nlattr *cqm;
7531 int err;
7532
7533 cqm = info->attrs[NL80211_ATTR_CQM];
7534 if (!cqm) {
7535 err = -EINVAL;
7536 goto out;
7537 }
7538
7539 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
7540 nl80211_attr_cqm_policy);
7541 if (err)
7542 goto out;
7543
7544 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
7545 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
7546 s32 threshold;
7547 u32 hysteresis;
7548 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
7549 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
7550 err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
7551 } else if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
7552 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
7553 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
7554 u32 rate, pkts, intvl;
7555 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
7556 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
7557 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
7558 err = nl80211_set_cqm_txe(info, rate, pkts, intvl);
7559 } else
7560 err = -EINVAL;
7561
7562 out:
7563 return err;
7564 }
7565
nl80211_join_mesh(struct sk_buff * skb,struct genl_info * info)7566 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
7567 {
7568 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7569 struct net_device *dev = info->user_ptr[1];
7570 struct mesh_config cfg;
7571 struct mesh_setup setup;
7572 int err;
7573
7574 /* start with default */
7575 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
7576 memcpy(&setup, &default_mesh_setup, sizeof(setup));
7577
7578 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
7579 /* and parse parameters if given */
7580 err = nl80211_parse_mesh_config(info, &cfg, NULL);
7581 if (err)
7582 return err;
7583 }
7584
7585 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
7586 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
7587 return -EINVAL;
7588
7589 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
7590 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
7591
7592 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
7593 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
7594 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
7595 return -EINVAL;
7596
7597 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
7598 setup.beacon_interval =
7599 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
7600 if (setup.beacon_interval < 10 ||
7601 setup.beacon_interval > 10000)
7602 return -EINVAL;
7603 }
7604
7605 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
7606 setup.dtim_period =
7607 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
7608 if (setup.dtim_period < 1 || setup.dtim_period > 100)
7609 return -EINVAL;
7610 }
7611
7612 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
7613 /* parse additional setup parameters if given */
7614 err = nl80211_parse_mesh_setup(info, &setup);
7615 if (err)
7616 return err;
7617 }
7618
7619 if (setup.user_mpm)
7620 cfg.auto_open_plinks = false;
7621
7622 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7623 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
7624 if (err)
7625 return err;
7626 } else {
7627 /* cfg80211_join_mesh() will sort it out */
7628 setup.chandef.chan = NULL;
7629 }
7630
7631 return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
7632 }
7633
nl80211_leave_mesh(struct sk_buff * skb,struct genl_info * info)7634 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
7635 {
7636 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7637 struct net_device *dev = info->user_ptr[1];
7638
7639 return cfg80211_leave_mesh(rdev, dev);
7640 }
7641
7642 #ifdef CONFIG_PM
nl80211_send_wowlan_patterns(struct sk_buff * msg,struct cfg80211_registered_device * rdev)7643 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
7644 struct cfg80211_registered_device *rdev)
7645 {
7646 struct nlattr *nl_pats, *nl_pat;
7647 int i, pat_len;
7648
7649 if (!rdev->wowlan->n_patterns)
7650 return 0;
7651
7652 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
7653 if (!nl_pats)
7654 return -ENOBUFS;
7655
7656 for (i = 0; i < rdev->wowlan->n_patterns; i++) {
7657 nl_pat = nla_nest_start(msg, i + 1);
7658 if (!nl_pat)
7659 return -ENOBUFS;
7660 pat_len = rdev->wowlan->patterns[i].pattern_len;
7661 if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK,
7662 DIV_ROUND_UP(pat_len, 8),
7663 rdev->wowlan->patterns[i].mask) ||
7664 nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
7665 pat_len, rdev->wowlan->patterns[i].pattern) ||
7666 nla_put_u32(msg, NL80211_WOWLAN_PKTPAT_OFFSET,
7667 rdev->wowlan->patterns[i].pkt_offset))
7668 return -ENOBUFS;
7669 nla_nest_end(msg, nl_pat);
7670 }
7671 nla_nest_end(msg, nl_pats);
7672
7673 return 0;
7674 }
7675
nl80211_send_wowlan_tcp(struct sk_buff * msg,struct cfg80211_wowlan_tcp * tcp)7676 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
7677 struct cfg80211_wowlan_tcp *tcp)
7678 {
7679 struct nlattr *nl_tcp;
7680
7681 if (!tcp)
7682 return 0;
7683
7684 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
7685 if (!nl_tcp)
7686 return -ENOBUFS;
7687
7688 if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
7689 nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
7690 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
7691 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
7692 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
7693 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
7694 tcp->payload_len, tcp->payload) ||
7695 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
7696 tcp->data_interval) ||
7697 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
7698 tcp->wake_len, tcp->wake_data) ||
7699 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
7700 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
7701 return -ENOBUFS;
7702
7703 if (tcp->payload_seq.len &&
7704 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
7705 sizeof(tcp->payload_seq), &tcp->payload_seq))
7706 return -ENOBUFS;
7707
7708 if (tcp->payload_tok.len &&
7709 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
7710 sizeof(tcp->payload_tok) + tcp->tokens_size,
7711 &tcp->payload_tok))
7712 return -ENOBUFS;
7713
7714 nla_nest_end(msg, nl_tcp);
7715
7716 return 0;
7717 }
7718
nl80211_get_wowlan(struct sk_buff * skb,struct genl_info * info)7719 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
7720 {
7721 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7722 struct sk_buff *msg;
7723 void *hdr;
7724 u32 size = NLMSG_DEFAULT_SIZE;
7725
7726 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns &&
7727 !rdev->wiphy.wowlan.tcp)
7728 return -EOPNOTSUPP;
7729
7730 if (rdev->wowlan && rdev->wowlan->tcp) {
7731 /* adjust size to have room for all the data */
7732 size += rdev->wowlan->tcp->tokens_size +
7733 rdev->wowlan->tcp->payload_len +
7734 rdev->wowlan->tcp->wake_len +
7735 rdev->wowlan->tcp->wake_len / 8;
7736 }
7737
7738 msg = nlmsg_new(size, GFP_KERNEL);
7739 if (!msg)
7740 return -ENOMEM;
7741
7742 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7743 NL80211_CMD_GET_WOWLAN);
7744 if (!hdr)
7745 goto nla_put_failure;
7746
7747 if (rdev->wowlan) {
7748 struct nlattr *nl_wowlan;
7749
7750 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
7751 if (!nl_wowlan)
7752 goto nla_put_failure;
7753
7754 if ((rdev->wowlan->any &&
7755 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
7756 (rdev->wowlan->disconnect &&
7757 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
7758 (rdev->wowlan->magic_pkt &&
7759 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
7760 (rdev->wowlan->gtk_rekey_failure &&
7761 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
7762 (rdev->wowlan->eap_identity_req &&
7763 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
7764 (rdev->wowlan->four_way_handshake &&
7765 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
7766 (rdev->wowlan->rfkill_release &&
7767 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
7768 goto nla_put_failure;
7769
7770 if (nl80211_send_wowlan_patterns(msg, rdev))
7771 goto nla_put_failure;
7772
7773 if (nl80211_send_wowlan_tcp(msg, rdev->wowlan->tcp))
7774 goto nla_put_failure;
7775
7776 nla_nest_end(msg, nl_wowlan);
7777 }
7778
7779 genlmsg_end(msg, hdr);
7780 return genlmsg_reply(msg, info);
7781
7782 nla_put_failure:
7783 nlmsg_free(msg);
7784 return -ENOBUFS;
7785 }
7786
nl80211_parse_wowlan_tcp(struct cfg80211_registered_device * rdev,struct nlattr * attr,struct cfg80211_wowlan * trig)7787 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
7788 struct nlattr *attr,
7789 struct cfg80211_wowlan *trig)
7790 {
7791 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
7792 struct cfg80211_wowlan_tcp *cfg;
7793 struct nl80211_wowlan_tcp_data_token *tok = NULL;
7794 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
7795 u32 size;
7796 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
7797 int err, port;
7798
7799 if (!rdev->wiphy.wowlan.tcp)
7800 return -EINVAL;
7801
7802 err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
7803 nla_data(attr), nla_len(attr),
7804 nl80211_wowlan_tcp_policy);
7805 if (err)
7806 return err;
7807
7808 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
7809 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
7810 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
7811 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
7812 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
7813 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
7814 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
7815 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
7816 return -EINVAL;
7817
7818 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
7819 if (data_size > rdev->wiphy.wowlan.tcp->data_payload_max)
7820 return -EINVAL;
7821
7822 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
7823 rdev->wiphy.wowlan.tcp->data_interval_max ||
7824 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
7825 return -EINVAL;
7826
7827 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
7828 if (wake_size > rdev->wiphy.wowlan.tcp->wake_payload_max)
7829 return -EINVAL;
7830
7831 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
7832 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
7833 return -EINVAL;
7834
7835 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
7836 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
7837
7838 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
7839 tokens_size = tokln - sizeof(*tok);
7840
7841 if (!tok->len || tokens_size % tok->len)
7842 return -EINVAL;
7843 if (!rdev->wiphy.wowlan.tcp->tok)
7844 return -EINVAL;
7845 if (tok->len > rdev->wiphy.wowlan.tcp->tok->max_len)
7846 return -EINVAL;
7847 if (tok->len < rdev->wiphy.wowlan.tcp->tok->min_len)
7848 return -EINVAL;
7849 if (tokens_size > rdev->wiphy.wowlan.tcp->tok->bufsize)
7850 return -EINVAL;
7851 if (tok->offset + tok->len > data_size)
7852 return -EINVAL;
7853 }
7854
7855 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
7856 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
7857 if (!rdev->wiphy.wowlan.tcp->seq)
7858 return -EINVAL;
7859 if (seq->len == 0 || seq->len > 4)
7860 return -EINVAL;
7861 if (seq->len + seq->offset > data_size)
7862 return -EINVAL;
7863 }
7864
7865 size = sizeof(*cfg);
7866 size += data_size;
7867 size += wake_size + wake_mask_size;
7868 size += tokens_size;
7869
7870 cfg = kzalloc(size, GFP_KERNEL);
7871 if (!cfg)
7872 return -ENOMEM;
7873 cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
7874 cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
7875 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
7876 ETH_ALEN);
7877 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
7878 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
7879 else
7880 port = 0;
7881 #ifdef CONFIG_INET
7882 /* allocate a socket and port for it and use it */
7883 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
7884 IPPROTO_TCP, &cfg->sock, 1);
7885 if (err) {
7886 kfree(cfg);
7887 return err;
7888 }
7889 if (inet_csk_get_port(cfg->sock->sk, port)) {
7890 sock_release(cfg->sock);
7891 kfree(cfg);
7892 return -EADDRINUSE;
7893 }
7894 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
7895 #else
7896 if (!port) {
7897 kfree(cfg);
7898 return -EINVAL;
7899 }
7900 cfg->src_port = port;
7901 #endif
7902
7903 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
7904 cfg->payload_len = data_size;
7905 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
7906 memcpy((void *)cfg->payload,
7907 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
7908 data_size);
7909 if (seq)
7910 cfg->payload_seq = *seq;
7911 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
7912 cfg->wake_len = wake_size;
7913 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
7914 memcpy((void *)cfg->wake_data,
7915 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
7916 wake_size);
7917 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
7918 data_size + wake_size;
7919 memcpy((void *)cfg->wake_mask,
7920 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
7921 wake_mask_size);
7922 if (tok) {
7923 cfg->tokens_size = tokens_size;
7924 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
7925 }
7926
7927 trig->tcp = cfg;
7928
7929 return 0;
7930 }
7931
nl80211_set_wowlan(struct sk_buff * skb,struct genl_info * info)7932 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
7933 {
7934 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7935 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
7936 struct cfg80211_wowlan new_triggers = {};
7937 struct cfg80211_wowlan *ntrig;
7938 struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan;
7939 int err, i;
7940 bool prev_enabled = rdev->wowlan;
7941
7942 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns &&
7943 !rdev->wiphy.wowlan.tcp)
7944 return -EOPNOTSUPP;
7945
7946 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
7947 cfg80211_rdev_free_wowlan(rdev);
7948 rdev->wowlan = NULL;
7949 goto set_wakeup;
7950 }
7951
7952 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
7953 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
7954 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
7955 nl80211_wowlan_policy);
7956 if (err)
7957 return err;
7958
7959 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
7960 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
7961 return -EINVAL;
7962 new_triggers.any = true;
7963 }
7964
7965 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
7966 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
7967 return -EINVAL;
7968 new_triggers.disconnect = true;
7969 }
7970
7971 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
7972 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
7973 return -EINVAL;
7974 new_triggers.magic_pkt = true;
7975 }
7976
7977 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
7978 return -EINVAL;
7979
7980 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
7981 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
7982 return -EINVAL;
7983 new_triggers.gtk_rekey_failure = true;
7984 }
7985
7986 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
7987 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
7988 return -EINVAL;
7989 new_triggers.eap_identity_req = true;
7990 }
7991
7992 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
7993 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
7994 return -EINVAL;
7995 new_triggers.four_way_handshake = true;
7996 }
7997
7998 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
7999 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
8000 return -EINVAL;
8001 new_triggers.rfkill_release = true;
8002 }
8003
8004 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
8005 struct nlattr *pat;
8006 int n_patterns = 0;
8007 int rem, pat_len, mask_len, pkt_offset;
8008 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
8009
8010 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8011 rem)
8012 n_patterns++;
8013 if (n_patterns > wowlan->n_patterns)
8014 return -EINVAL;
8015
8016 new_triggers.patterns = kcalloc(n_patterns,
8017 sizeof(new_triggers.patterns[0]),
8018 GFP_KERNEL);
8019 if (!new_triggers.patterns)
8020 return -ENOMEM;
8021
8022 new_triggers.n_patterns = n_patterns;
8023 i = 0;
8024
8025 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8026 rem) {
8027 nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
8028 nla_data(pat), nla_len(pat), NULL);
8029 err = -EINVAL;
8030 if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
8031 !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
8032 goto error;
8033 pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
8034 mask_len = DIV_ROUND_UP(pat_len, 8);
8035 if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
8036 mask_len)
8037 goto error;
8038 if (pat_len > wowlan->pattern_max_len ||
8039 pat_len < wowlan->pattern_min_len)
8040 goto error;
8041
8042 if (!pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET])
8043 pkt_offset = 0;
8044 else
8045 pkt_offset = nla_get_u32(
8046 pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]);
8047 if (pkt_offset > wowlan->max_pkt_offset)
8048 goto error;
8049 new_triggers.patterns[i].pkt_offset = pkt_offset;
8050
8051 new_triggers.patterns[i].mask =
8052 kmalloc(mask_len + pat_len, GFP_KERNEL);
8053 if (!new_triggers.patterns[i].mask) {
8054 err = -ENOMEM;
8055 goto error;
8056 }
8057 new_triggers.patterns[i].pattern =
8058 new_triggers.patterns[i].mask + mask_len;
8059 memcpy(new_triggers.patterns[i].mask,
8060 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
8061 mask_len);
8062 new_triggers.patterns[i].pattern_len = pat_len;
8063 memcpy(new_triggers.patterns[i].pattern,
8064 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
8065 pat_len);
8066 i++;
8067 }
8068 }
8069
8070 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
8071 err = nl80211_parse_wowlan_tcp(
8072 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
8073 &new_triggers);
8074 if (err)
8075 goto error;
8076 }
8077
8078 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
8079 if (!ntrig) {
8080 err = -ENOMEM;
8081 goto error;
8082 }
8083 cfg80211_rdev_free_wowlan(rdev);
8084 rdev->wowlan = ntrig;
8085
8086 set_wakeup:
8087 if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan)
8088 rdev_set_wakeup(rdev, rdev->wowlan);
8089
8090 return 0;
8091 error:
8092 for (i = 0; i < new_triggers.n_patterns; i++)
8093 kfree(new_triggers.patterns[i].mask);
8094 kfree(new_triggers.patterns);
8095 if (new_triggers.tcp && new_triggers.tcp->sock)
8096 sock_release(new_triggers.tcp->sock);
8097 kfree(new_triggers.tcp);
8098 return err;
8099 }
8100 #endif
8101
nl80211_set_rekey_data(struct sk_buff * skb,struct genl_info * info)8102 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
8103 {
8104 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8105 struct net_device *dev = info->user_ptr[1];
8106 struct wireless_dev *wdev = dev->ieee80211_ptr;
8107 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
8108 struct cfg80211_gtk_rekey_data rekey_data;
8109 int err;
8110
8111 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
8112 return -EINVAL;
8113
8114 err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
8115 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
8116 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
8117 nl80211_rekey_policy);
8118 if (err)
8119 return err;
8120
8121 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
8122 return -ERANGE;
8123 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
8124 return -ERANGE;
8125 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
8126 return -ERANGE;
8127
8128 memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
8129 NL80211_KEK_LEN);
8130 memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
8131 NL80211_KCK_LEN);
8132 memcpy(rekey_data.replay_ctr,
8133 nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
8134 NL80211_REPLAY_CTR_LEN);
8135
8136 wdev_lock(wdev);
8137 if (!wdev->current_bss) {
8138 err = -ENOTCONN;
8139 goto out;
8140 }
8141
8142 if (!rdev->ops->set_rekey_data) {
8143 err = -EOPNOTSUPP;
8144 goto out;
8145 }
8146
8147 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
8148 out:
8149 wdev_unlock(wdev);
8150 return err;
8151 }
8152
nl80211_register_unexpected_frame(struct sk_buff * skb,struct genl_info * info)8153 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
8154 struct genl_info *info)
8155 {
8156 struct net_device *dev = info->user_ptr[1];
8157 struct wireless_dev *wdev = dev->ieee80211_ptr;
8158
8159 if (wdev->iftype != NL80211_IFTYPE_AP &&
8160 wdev->iftype != NL80211_IFTYPE_P2P_GO)
8161 return -EINVAL;
8162
8163 if (wdev->ap_unexpected_nlportid)
8164 return -EBUSY;
8165
8166 wdev->ap_unexpected_nlportid = info->snd_portid;
8167 return 0;
8168 }
8169
nl80211_probe_client(struct sk_buff * skb,struct genl_info * info)8170 static int nl80211_probe_client(struct sk_buff *skb,
8171 struct genl_info *info)
8172 {
8173 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8174 struct net_device *dev = info->user_ptr[1];
8175 struct wireless_dev *wdev = dev->ieee80211_ptr;
8176 struct sk_buff *msg;
8177 void *hdr;
8178 const u8 *addr;
8179 u64 cookie;
8180 int err;
8181
8182 if (wdev->iftype != NL80211_IFTYPE_AP &&
8183 wdev->iftype != NL80211_IFTYPE_P2P_GO)
8184 return -EOPNOTSUPP;
8185
8186 if (!info->attrs[NL80211_ATTR_MAC])
8187 return -EINVAL;
8188
8189 if (!rdev->ops->probe_client)
8190 return -EOPNOTSUPP;
8191
8192 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8193 if (!msg)
8194 return -ENOMEM;
8195
8196 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8197 NL80211_CMD_PROBE_CLIENT);
8198 if (!hdr) {
8199 err = -ENOBUFS;
8200 goto free_msg;
8201 }
8202
8203 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8204
8205 err = rdev_probe_client(rdev, dev, addr, &cookie);
8206 if (err)
8207 goto free_msg;
8208
8209 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8210 goto nla_put_failure;
8211
8212 genlmsg_end(msg, hdr);
8213
8214 return genlmsg_reply(msg, info);
8215
8216 nla_put_failure:
8217 err = -ENOBUFS;
8218 free_msg:
8219 nlmsg_free(msg);
8220 return err;
8221 }
8222
nl80211_register_beacons(struct sk_buff * skb,struct genl_info * info)8223 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
8224 {
8225 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8226 struct cfg80211_beacon_registration *reg, *nreg;
8227 int rv;
8228
8229 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
8230 return -EOPNOTSUPP;
8231
8232 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
8233 if (!nreg)
8234 return -ENOMEM;
8235
8236 /* First, check if already registered. */
8237 spin_lock_bh(&rdev->beacon_registrations_lock);
8238 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
8239 if (reg->nlportid == info->snd_portid) {
8240 rv = -EALREADY;
8241 goto out_err;
8242 }
8243 }
8244 /* Add it to the list */
8245 nreg->nlportid = info->snd_portid;
8246 list_add(&nreg->list, &rdev->beacon_registrations);
8247
8248 spin_unlock_bh(&rdev->beacon_registrations_lock);
8249
8250 return 0;
8251 out_err:
8252 spin_unlock_bh(&rdev->beacon_registrations_lock);
8253 kfree(nreg);
8254 return rv;
8255 }
8256
nl80211_start_p2p_device(struct sk_buff * skb,struct genl_info * info)8257 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
8258 {
8259 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8260 struct wireless_dev *wdev = info->user_ptr[1];
8261 int err;
8262
8263 if (!rdev->ops->start_p2p_device)
8264 return -EOPNOTSUPP;
8265
8266 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
8267 return -EOPNOTSUPP;
8268
8269 if (wdev->p2p_started)
8270 return 0;
8271
8272 mutex_lock(&rdev->devlist_mtx);
8273 err = cfg80211_can_add_interface(rdev, wdev->iftype);
8274 mutex_unlock(&rdev->devlist_mtx);
8275 if (err)
8276 return err;
8277
8278 err = rdev_start_p2p_device(rdev, wdev);
8279 if (err)
8280 return err;
8281
8282 wdev->p2p_started = true;
8283 mutex_lock(&rdev->devlist_mtx);
8284 rdev->opencount++;
8285 mutex_unlock(&rdev->devlist_mtx);
8286
8287 return 0;
8288 }
8289
nl80211_stop_p2p_device(struct sk_buff * skb,struct genl_info * info)8290 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
8291 {
8292 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8293 struct wireless_dev *wdev = info->user_ptr[1];
8294
8295 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
8296 return -EOPNOTSUPP;
8297
8298 if (!rdev->ops->stop_p2p_device)
8299 return -EOPNOTSUPP;
8300
8301 mutex_lock(&rdev->devlist_mtx);
8302 mutex_lock(&rdev->sched_scan_mtx);
8303 cfg80211_stop_p2p_device(rdev, wdev);
8304 mutex_unlock(&rdev->sched_scan_mtx);
8305 mutex_unlock(&rdev->devlist_mtx);
8306
8307 return 0;
8308 }
8309
nl80211_get_protocol_features(struct sk_buff * skb,struct genl_info * info)8310 static int nl80211_get_protocol_features(struct sk_buff *skb,
8311 struct genl_info *info)
8312 {
8313 void *hdr;
8314 struct sk_buff *msg;
8315
8316 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8317 if (!msg)
8318 return -ENOMEM;
8319
8320 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8321 NL80211_CMD_GET_PROTOCOL_FEATURES);
8322 if (!hdr)
8323 goto nla_put_failure;
8324
8325 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
8326 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
8327 goto nla_put_failure;
8328
8329 genlmsg_end(msg, hdr);
8330 return genlmsg_reply(msg, info);
8331
8332 nla_put_failure:
8333 kfree_skb(msg);
8334 return -ENOBUFS;
8335 }
8336
nl80211_update_ft_ies(struct sk_buff * skb,struct genl_info * info)8337 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
8338 {
8339 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8340 struct cfg80211_update_ft_ies_params ft_params;
8341 struct net_device *dev = info->user_ptr[1];
8342
8343 if (!rdev->ops->update_ft_ies)
8344 return -EOPNOTSUPP;
8345
8346 if (!info->attrs[NL80211_ATTR_MDID] ||
8347 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8348 return -EINVAL;
8349
8350 memset(&ft_params, 0, sizeof(ft_params));
8351 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
8352 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8353 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8354
8355 return rdev_update_ft_ies(rdev, dev, &ft_params);
8356 }
8357
nl80211_crit_protocol_start(struct sk_buff * skb,struct genl_info * info)8358 static int nl80211_crit_protocol_start(struct sk_buff *skb,
8359 struct genl_info *info)
8360 {
8361 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8362 struct wireless_dev *wdev = info->user_ptr[1];
8363 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
8364 u16 duration;
8365 int ret;
8366
8367 if (!rdev->ops->crit_proto_start)
8368 return -EOPNOTSUPP;
8369
8370 if (WARN_ON(!rdev->ops->crit_proto_stop))
8371 return -EINVAL;
8372
8373 if (rdev->crit_proto_nlportid)
8374 return -EBUSY;
8375
8376 /* determine protocol if provided */
8377 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
8378 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
8379
8380 if (proto >= NUM_NL80211_CRIT_PROTO)
8381 return -EINVAL;
8382
8383 /* timeout must be provided */
8384 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
8385 return -EINVAL;
8386
8387 duration =
8388 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
8389
8390 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
8391 return -ERANGE;
8392
8393 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
8394 if (!ret)
8395 rdev->crit_proto_nlportid = info->snd_portid;
8396
8397 return ret;
8398 }
8399
nl80211_crit_protocol_stop(struct sk_buff * skb,struct genl_info * info)8400 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
8401 struct genl_info *info)
8402 {
8403 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8404 struct wireless_dev *wdev = info->user_ptr[1];
8405
8406 if (!rdev->ops->crit_proto_stop)
8407 return -EOPNOTSUPP;
8408
8409 if (rdev->crit_proto_nlportid) {
8410 rdev->crit_proto_nlportid = 0;
8411 rdev_crit_proto_stop(rdev, wdev);
8412 }
8413 return 0;
8414 }
8415
nl80211_vendor_cmd(struct sk_buff * skb,struct genl_info * info)8416 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
8417 {
8418 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8419 struct wireless_dev *wdev =
8420 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
8421 int i, err;
8422 u32 vid, subcmd;
8423
8424 if (!rdev || !rdev->wiphy.vendor_commands)
8425 return -EOPNOTSUPP;
8426
8427 if (IS_ERR(wdev)) {
8428 err = PTR_ERR(wdev);
8429 if (err != -EINVAL)
8430 return err;
8431 wdev = NULL;
8432 } else if (wdev->wiphy != &rdev->wiphy) {
8433 return -EINVAL;
8434 }
8435
8436 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
8437 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
8438 return -EINVAL;
8439
8440 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
8441 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
8442 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
8443 const struct wiphy_vendor_command *vcmd;
8444 void *data = NULL;
8445 int len = 0;
8446
8447 vcmd = &rdev->wiphy.vendor_commands[i];
8448
8449 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
8450 continue;
8451
8452 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
8453 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
8454 if (!wdev)
8455 return -EINVAL;
8456 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
8457 !wdev->netdev)
8458 return -EINVAL;
8459
8460 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
8461 if (!wdev->netdev ||
8462 !netif_running(wdev->netdev))
8463 return -ENETDOWN;
8464 }
8465 } else {
8466 wdev = NULL;
8467 }
8468
8469 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
8470 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
8471 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
8472 }
8473
8474 rdev->cur_cmd_info = info;
8475 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
8476 data, len);
8477 rdev->cur_cmd_info = NULL;
8478 return err;
8479 }
8480
8481 return -EOPNOTSUPP;
8482 }
8483
__cfg80211_alloc_reply_skb(struct wiphy * wiphy,enum nl80211_commands cmd,enum nl80211_attrs attr,int approxlen)8484 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
8485 enum nl80211_commands cmd,
8486 enum nl80211_attrs attr,
8487 int approxlen)
8488 {
8489 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
8490
8491 if (WARN_ON(!rdev->cur_cmd_info))
8492 return NULL;
8493
8494 return __cfg80211_alloc_vendor_skb(rdev, approxlen,
8495 0,
8496 0,
8497 cmd, attr, NULL, GFP_KERNEL);
8498 }
8499 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
8500
cfg80211_vendor_cmd_reply(struct sk_buff * skb)8501 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
8502 {
8503 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
8504 void *hdr = ((void **)skb->cb)[1];
8505 struct nlattr *data = ((void **)skb->cb)[2];
8506
8507 if (WARN_ON(!rdev->cur_cmd_info)) {
8508 kfree_skb(skb);
8509 return -EINVAL;
8510 }
8511
8512 nla_nest_end(skb, data);
8513 genlmsg_end(skb, hdr);
8514 return genlmsg_reply(skb, rdev->cur_cmd_info);
8515 }
8516 EXPORT_SYMBOL(cfg80211_vendor_cmd_reply);
8517
8518 #define NL80211_FLAG_NEED_WIPHY 0x01
8519 #define NL80211_FLAG_NEED_NETDEV 0x02
8520 #define NL80211_FLAG_NEED_RTNL 0x04
8521 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
8522 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
8523 NL80211_FLAG_CHECK_NETDEV_UP)
8524 #define NL80211_FLAG_NEED_WDEV 0x10
8525 /* If a netdev is associated, it must be UP, P2P must be started */
8526 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
8527 NL80211_FLAG_CHECK_NETDEV_UP)
8528
nl80211_pre_doit(struct genl_ops * ops,struct sk_buff * skb,struct genl_info * info)8529 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
8530 struct genl_info *info)
8531 {
8532 struct cfg80211_registered_device *rdev;
8533 struct wireless_dev *wdev;
8534 struct net_device *dev;
8535 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
8536
8537 if (rtnl)
8538 rtnl_lock();
8539
8540 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
8541 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
8542 if (IS_ERR(rdev)) {
8543 if (rtnl)
8544 rtnl_unlock();
8545 return PTR_ERR(rdev);
8546 }
8547 info->user_ptr[0] = rdev;
8548 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
8549 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
8550 mutex_lock(&cfg80211_mutex);
8551 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
8552 info->attrs);
8553 if (IS_ERR(wdev)) {
8554 mutex_unlock(&cfg80211_mutex);
8555 if (rtnl)
8556 rtnl_unlock();
8557 return PTR_ERR(wdev);
8558 }
8559
8560 dev = wdev->netdev;
8561 rdev = wiphy_to_dev(wdev->wiphy);
8562
8563 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
8564 if (!dev) {
8565 mutex_unlock(&cfg80211_mutex);
8566 if (rtnl)
8567 rtnl_unlock();
8568 return -EINVAL;
8569 }
8570
8571 info->user_ptr[1] = dev;
8572 } else {
8573 info->user_ptr[1] = wdev;
8574 }
8575
8576 if (dev) {
8577 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
8578 !netif_running(dev)) {
8579 mutex_unlock(&cfg80211_mutex);
8580 if (rtnl)
8581 rtnl_unlock();
8582 return -ENETDOWN;
8583 }
8584
8585 dev_hold(dev);
8586 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
8587 if (!wdev->p2p_started) {
8588 mutex_unlock(&cfg80211_mutex);
8589 if (rtnl)
8590 rtnl_unlock();
8591 return -ENETDOWN;
8592 }
8593 }
8594
8595 cfg80211_lock_rdev(rdev);
8596
8597 mutex_unlock(&cfg80211_mutex);
8598
8599 info->user_ptr[0] = rdev;
8600 }
8601
8602 return 0;
8603 }
8604
nl80211_post_doit(struct genl_ops * ops,struct sk_buff * skb,struct genl_info * info)8605 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
8606 struct genl_info *info)
8607 {
8608 if (info->user_ptr[0])
8609 cfg80211_unlock_rdev(info->user_ptr[0]);
8610 if (info->user_ptr[1]) {
8611 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
8612 struct wireless_dev *wdev = info->user_ptr[1];
8613
8614 if (wdev->netdev)
8615 dev_put(wdev->netdev);
8616 } else {
8617 dev_put(info->user_ptr[1]);
8618 }
8619 }
8620 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
8621 rtnl_unlock();
8622 }
8623
8624 static struct genl_ops nl80211_ops[] = {
8625 {
8626 .cmd = NL80211_CMD_GET_WIPHY,
8627 .doit = nl80211_get_wiphy,
8628 .dumpit = nl80211_dump_wiphy,
8629 .policy = nl80211_policy,
8630 /* can be retrieved by unprivileged users */
8631 .internal_flags = NL80211_FLAG_NEED_WIPHY,
8632 },
8633 {
8634 .cmd = NL80211_CMD_SET_WIPHY,
8635 .doit = nl80211_set_wiphy,
8636 .policy = nl80211_policy,
8637 .flags = GENL_ADMIN_PERM,
8638 .internal_flags = NL80211_FLAG_NEED_RTNL,
8639 },
8640 {
8641 .cmd = NL80211_CMD_GET_INTERFACE,
8642 .doit = nl80211_get_interface,
8643 .dumpit = nl80211_dump_interface,
8644 .policy = nl80211_policy,
8645 /* can be retrieved by unprivileged users */
8646 .internal_flags = NL80211_FLAG_NEED_WDEV,
8647 },
8648 {
8649 .cmd = NL80211_CMD_SET_INTERFACE,
8650 .doit = nl80211_set_interface,
8651 .policy = nl80211_policy,
8652 .flags = GENL_ADMIN_PERM,
8653 .internal_flags = NL80211_FLAG_NEED_NETDEV |
8654 NL80211_FLAG_NEED_RTNL,
8655 },
8656 {
8657 .cmd = NL80211_CMD_NEW_INTERFACE,
8658 .doit = nl80211_new_interface,
8659 .policy = nl80211_policy,
8660 .flags = GENL_ADMIN_PERM,
8661 .internal_flags = NL80211_FLAG_NEED_WIPHY |
8662 NL80211_FLAG_NEED_RTNL,
8663 },
8664 {
8665 .cmd = NL80211_CMD_DEL_INTERFACE,
8666 .doit = nl80211_del_interface,
8667 .policy = nl80211_policy,
8668 .flags = GENL_ADMIN_PERM,
8669 .internal_flags = NL80211_FLAG_NEED_WDEV |
8670 NL80211_FLAG_NEED_RTNL,
8671 },
8672 {
8673 .cmd = NL80211_CMD_GET_KEY,
8674 .doit = nl80211_get_key,
8675 .policy = nl80211_policy,
8676 .flags = GENL_ADMIN_PERM,
8677 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8678 NL80211_FLAG_NEED_RTNL,
8679 },
8680 {
8681 .cmd = NL80211_CMD_SET_KEY,
8682 .doit = nl80211_set_key,
8683 .policy = nl80211_policy,
8684 .flags = GENL_ADMIN_PERM,
8685 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8686 NL80211_FLAG_NEED_RTNL,
8687 },
8688 {
8689 .cmd = NL80211_CMD_NEW_KEY,
8690 .doit = nl80211_new_key,
8691 .policy = nl80211_policy,
8692 .flags = GENL_ADMIN_PERM,
8693 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8694 NL80211_FLAG_NEED_RTNL,
8695 },
8696 {
8697 .cmd = NL80211_CMD_DEL_KEY,
8698 .doit = nl80211_del_key,
8699 .policy = nl80211_policy,
8700 .flags = GENL_ADMIN_PERM,
8701 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8702 NL80211_FLAG_NEED_RTNL,
8703 },
8704 {
8705 .cmd = NL80211_CMD_SET_BEACON,
8706 .policy = nl80211_policy,
8707 .flags = GENL_ADMIN_PERM,
8708 .doit = nl80211_set_beacon,
8709 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8710 NL80211_FLAG_NEED_RTNL,
8711 },
8712 {
8713 .cmd = NL80211_CMD_START_AP,
8714 .policy = nl80211_policy,
8715 .flags = GENL_ADMIN_PERM,
8716 .doit = nl80211_start_ap,
8717 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8718 NL80211_FLAG_NEED_RTNL,
8719 },
8720 {
8721 .cmd = NL80211_CMD_STOP_AP,
8722 .policy = nl80211_policy,
8723 .flags = GENL_ADMIN_PERM,
8724 .doit = nl80211_stop_ap,
8725 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8726 NL80211_FLAG_NEED_RTNL,
8727 },
8728 {
8729 .cmd = NL80211_CMD_GET_STATION,
8730 .doit = nl80211_get_station,
8731 .dumpit = nl80211_dump_station,
8732 .policy = nl80211_policy,
8733 .internal_flags = NL80211_FLAG_NEED_NETDEV |
8734 NL80211_FLAG_NEED_RTNL,
8735 },
8736 {
8737 .cmd = NL80211_CMD_SET_STATION,
8738 .doit = nl80211_set_station,
8739 .policy = nl80211_policy,
8740 .flags = GENL_ADMIN_PERM,
8741 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8742 NL80211_FLAG_NEED_RTNL,
8743 },
8744 {
8745 .cmd = NL80211_CMD_NEW_STATION,
8746 .doit = nl80211_new_station,
8747 .policy = nl80211_policy,
8748 .flags = GENL_ADMIN_PERM,
8749 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8750 NL80211_FLAG_NEED_RTNL,
8751 },
8752 {
8753 .cmd = NL80211_CMD_DEL_STATION,
8754 .doit = nl80211_del_station,
8755 .policy = nl80211_policy,
8756 .flags = GENL_ADMIN_PERM,
8757 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8758 NL80211_FLAG_NEED_RTNL,
8759 },
8760 {
8761 .cmd = NL80211_CMD_GET_MPATH,
8762 .doit = nl80211_get_mpath,
8763 .dumpit = nl80211_dump_mpath,
8764 .policy = nl80211_policy,
8765 .flags = GENL_ADMIN_PERM,
8766 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8767 NL80211_FLAG_NEED_RTNL,
8768 },
8769 {
8770 .cmd = NL80211_CMD_SET_MPATH,
8771 .doit = nl80211_set_mpath,
8772 .policy = nl80211_policy,
8773 .flags = GENL_ADMIN_PERM,
8774 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8775 NL80211_FLAG_NEED_RTNL,
8776 },
8777 {
8778 .cmd = NL80211_CMD_NEW_MPATH,
8779 .doit = nl80211_new_mpath,
8780 .policy = nl80211_policy,
8781 .flags = GENL_ADMIN_PERM,
8782 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8783 NL80211_FLAG_NEED_RTNL,
8784 },
8785 {
8786 .cmd = NL80211_CMD_DEL_MPATH,
8787 .doit = nl80211_del_mpath,
8788 .policy = nl80211_policy,
8789 .flags = GENL_ADMIN_PERM,
8790 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8791 NL80211_FLAG_NEED_RTNL,
8792 },
8793 {
8794 .cmd = NL80211_CMD_SET_BSS,
8795 .doit = nl80211_set_bss,
8796 .policy = nl80211_policy,
8797 .flags = GENL_ADMIN_PERM,
8798 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8799 NL80211_FLAG_NEED_RTNL,
8800 },
8801 {
8802 .cmd = NL80211_CMD_GET_REG,
8803 .doit = nl80211_get_reg,
8804 .policy = nl80211_policy,
8805 /* can be retrieved by unprivileged users */
8806 },
8807 {
8808 .cmd = NL80211_CMD_SET_REG,
8809 .doit = nl80211_set_reg,
8810 .policy = nl80211_policy,
8811 .flags = GENL_ADMIN_PERM,
8812 },
8813 {
8814 .cmd = NL80211_CMD_REQ_SET_REG,
8815 .doit = nl80211_req_set_reg,
8816 .policy = nl80211_policy,
8817 .flags = GENL_ADMIN_PERM,
8818 },
8819 {
8820 .cmd = NL80211_CMD_GET_MESH_CONFIG,
8821 .doit = nl80211_get_mesh_config,
8822 .policy = nl80211_policy,
8823 /* can be retrieved by unprivileged users */
8824 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8825 NL80211_FLAG_NEED_RTNL,
8826 },
8827 {
8828 .cmd = NL80211_CMD_SET_MESH_CONFIG,
8829 .doit = nl80211_update_mesh_config,
8830 .policy = nl80211_policy,
8831 .flags = GENL_ADMIN_PERM,
8832 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8833 NL80211_FLAG_NEED_RTNL,
8834 },
8835 {
8836 .cmd = NL80211_CMD_TRIGGER_SCAN,
8837 .doit = nl80211_trigger_scan,
8838 .policy = nl80211_policy,
8839 .flags = GENL_ADMIN_PERM,
8840 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8841 NL80211_FLAG_NEED_RTNL,
8842 },
8843 {
8844 .cmd = NL80211_CMD_GET_SCAN,
8845 .policy = nl80211_policy,
8846 .dumpit = nl80211_dump_scan,
8847 },
8848 {
8849 .cmd = NL80211_CMD_START_SCHED_SCAN,
8850 .doit = nl80211_start_sched_scan,
8851 .policy = nl80211_policy,
8852 .flags = GENL_ADMIN_PERM,
8853 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8854 NL80211_FLAG_NEED_RTNL,
8855 },
8856 {
8857 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
8858 .doit = nl80211_stop_sched_scan,
8859 .policy = nl80211_policy,
8860 .flags = GENL_ADMIN_PERM,
8861 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8862 NL80211_FLAG_NEED_RTNL,
8863 },
8864 {
8865 .cmd = NL80211_CMD_AUTHENTICATE,
8866 .doit = nl80211_authenticate,
8867 .policy = nl80211_policy,
8868 .flags = GENL_ADMIN_PERM,
8869 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8870 NL80211_FLAG_NEED_RTNL,
8871 },
8872 {
8873 .cmd = NL80211_CMD_ASSOCIATE,
8874 .doit = nl80211_associate,
8875 .policy = nl80211_policy,
8876 .flags = GENL_ADMIN_PERM,
8877 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8878 NL80211_FLAG_NEED_RTNL,
8879 },
8880 {
8881 .cmd = NL80211_CMD_DEAUTHENTICATE,
8882 .doit = nl80211_deauthenticate,
8883 .policy = nl80211_policy,
8884 .flags = GENL_ADMIN_PERM,
8885 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8886 NL80211_FLAG_NEED_RTNL,
8887 },
8888 {
8889 .cmd = NL80211_CMD_DISASSOCIATE,
8890 .doit = nl80211_disassociate,
8891 .policy = nl80211_policy,
8892 .flags = GENL_ADMIN_PERM,
8893 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8894 NL80211_FLAG_NEED_RTNL,
8895 },
8896 {
8897 .cmd = NL80211_CMD_JOIN_IBSS,
8898 .doit = nl80211_join_ibss,
8899 .policy = nl80211_policy,
8900 .flags = GENL_ADMIN_PERM,
8901 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8902 NL80211_FLAG_NEED_RTNL,
8903 },
8904 {
8905 .cmd = NL80211_CMD_LEAVE_IBSS,
8906 .doit = nl80211_leave_ibss,
8907 .policy = nl80211_policy,
8908 .flags = GENL_ADMIN_PERM,
8909 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8910 NL80211_FLAG_NEED_RTNL,
8911 },
8912 #ifdef CONFIG_NL80211_TESTMODE
8913 {
8914 .cmd = NL80211_CMD_TESTMODE,
8915 .doit = nl80211_testmode_do,
8916 .dumpit = nl80211_testmode_dump,
8917 .policy = nl80211_policy,
8918 .flags = GENL_ADMIN_PERM,
8919 .internal_flags = NL80211_FLAG_NEED_WIPHY |
8920 NL80211_FLAG_NEED_RTNL,
8921 },
8922 #endif
8923 {
8924 .cmd = NL80211_CMD_CONNECT,
8925 .doit = nl80211_connect,
8926 .policy = nl80211_policy,
8927 .flags = GENL_ADMIN_PERM,
8928 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8929 NL80211_FLAG_NEED_RTNL,
8930 },
8931 {
8932 .cmd = NL80211_CMD_DISCONNECT,
8933 .doit = nl80211_disconnect,
8934 .policy = nl80211_policy,
8935 .flags = GENL_ADMIN_PERM,
8936 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8937 NL80211_FLAG_NEED_RTNL,
8938 },
8939 {
8940 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
8941 .doit = nl80211_wiphy_netns,
8942 .policy = nl80211_policy,
8943 .flags = GENL_ADMIN_PERM,
8944 .internal_flags = NL80211_FLAG_NEED_WIPHY |
8945 NL80211_FLAG_NEED_RTNL,
8946 },
8947 {
8948 .cmd = NL80211_CMD_GET_SURVEY,
8949 .policy = nl80211_policy,
8950 .dumpit = nl80211_dump_survey,
8951 },
8952 {
8953 .cmd = NL80211_CMD_SET_PMKSA,
8954 .doit = nl80211_setdel_pmksa,
8955 .policy = nl80211_policy,
8956 .flags = GENL_ADMIN_PERM,
8957 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8958 NL80211_FLAG_NEED_RTNL,
8959 },
8960 {
8961 .cmd = NL80211_CMD_DEL_PMKSA,
8962 .doit = nl80211_setdel_pmksa,
8963 .policy = nl80211_policy,
8964 .flags = GENL_ADMIN_PERM,
8965 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8966 NL80211_FLAG_NEED_RTNL,
8967 },
8968 {
8969 .cmd = NL80211_CMD_FLUSH_PMKSA,
8970 .doit = nl80211_flush_pmksa,
8971 .policy = nl80211_policy,
8972 .flags = GENL_ADMIN_PERM,
8973 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8974 NL80211_FLAG_NEED_RTNL,
8975 },
8976 {
8977 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
8978 .doit = nl80211_remain_on_channel,
8979 .policy = nl80211_policy,
8980 .flags = GENL_ADMIN_PERM,
8981 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8982 NL80211_FLAG_NEED_RTNL,
8983 },
8984 {
8985 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
8986 .doit = nl80211_cancel_remain_on_channel,
8987 .policy = nl80211_policy,
8988 .flags = GENL_ADMIN_PERM,
8989 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8990 NL80211_FLAG_NEED_RTNL,
8991 },
8992 {
8993 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
8994 .doit = nl80211_set_tx_bitrate_mask,
8995 .policy = nl80211_policy,
8996 .flags = GENL_ADMIN_PERM,
8997 .internal_flags = NL80211_FLAG_NEED_NETDEV |
8998 NL80211_FLAG_NEED_RTNL,
8999 },
9000 {
9001 .cmd = NL80211_CMD_REGISTER_FRAME,
9002 .doit = nl80211_register_mgmt,
9003 .policy = nl80211_policy,
9004 .flags = GENL_ADMIN_PERM,
9005 .internal_flags = NL80211_FLAG_NEED_WDEV |
9006 NL80211_FLAG_NEED_RTNL,
9007 },
9008 {
9009 .cmd = NL80211_CMD_FRAME,
9010 .doit = nl80211_tx_mgmt,
9011 .policy = nl80211_policy,
9012 .flags = GENL_ADMIN_PERM,
9013 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9014 NL80211_FLAG_NEED_RTNL,
9015 },
9016 {
9017 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
9018 .doit = nl80211_tx_mgmt_cancel_wait,
9019 .policy = nl80211_policy,
9020 .flags = GENL_ADMIN_PERM,
9021 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9022 NL80211_FLAG_NEED_RTNL,
9023 },
9024 {
9025 .cmd = NL80211_CMD_SET_POWER_SAVE,
9026 .doit = nl80211_set_power_save,
9027 .policy = nl80211_policy,
9028 .flags = GENL_ADMIN_PERM,
9029 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9030 NL80211_FLAG_NEED_RTNL,
9031 },
9032 {
9033 .cmd = NL80211_CMD_GET_POWER_SAVE,
9034 .doit = nl80211_get_power_save,
9035 .policy = nl80211_policy,
9036 /* can be retrieved by unprivileged users */
9037 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9038 NL80211_FLAG_NEED_RTNL,
9039 },
9040 {
9041 .cmd = NL80211_CMD_SET_CQM,
9042 .doit = nl80211_set_cqm,
9043 .policy = nl80211_policy,
9044 .flags = GENL_ADMIN_PERM,
9045 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9046 NL80211_FLAG_NEED_RTNL,
9047 },
9048 {
9049 .cmd = NL80211_CMD_SET_CHANNEL,
9050 .doit = nl80211_set_channel,
9051 .policy = nl80211_policy,
9052 .flags = GENL_ADMIN_PERM,
9053 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9054 NL80211_FLAG_NEED_RTNL,
9055 },
9056 {
9057 .cmd = NL80211_CMD_SET_WDS_PEER,
9058 .doit = nl80211_set_wds_peer,
9059 .policy = nl80211_policy,
9060 .flags = GENL_ADMIN_PERM,
9061 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9062 NL80211_FLAG_NEED_RTNL,
9063 },
9064 {
9065 .cmd = NL80211_CMD_JOIN_MESH,
9066 .doit = nl80211_join_mesh,
9067 .policy = nl80211_policy,
9068 .flags = GENL_ADMIN_PERM,
9069 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9070 NL80211_FLAG_NEED_RTNL,
9071 },
9072 {
9073 .cmd = NL80211_CMD_LEAVE_MESH,
9074 .doit = nl80211_leave_mesh,
9075 .policy = nl80211_policy,
9076 .flags = GENL_ADMIN_PERM,
9077 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9078 NL80211_FLAG_NEED_RTNL,
9079 },
9080 #ifdef CONFIG_PM
9081 {
9082 .cmd = NL80211_CMD_GET_WOWLAN,
9083 .doit = nl80211_get_wowlan,
9084 .policy = nl80211_policy,
9085 /* can be retrieved by unprivileged users */
9086 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9087 NL80211_FLAG_NEED_RTNL,
9088 },
9089 {
9090 .cmd = NL80211_CMD_SET_WOWLAN,
9091 .doit = nl80211_set_wowlan,
9092 .policy = nl80211_policy,
9093 .flags = GENL_ADMIN_PERM,
9094 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9095 NL80211_FLAG_NEED_RTNL,
9096 },
9097 #endif
9098 {
9099 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
9100 .doit = nl80211_set_rekey_data,
9101 .policy = nl80211_policy,
9102 .flags = GENL_ADMIN_PERM,
9103 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9104 NL80211_FLAG_NEED_RTNL,
9105 },
9106 {
9107 .cmd = NL80211_CMD_TDLS_MGMT,
9108 .doit = nl80211_tdls_mgmt,
9109 .policy = nl80211_policy,
9110 .flags = GENL_ADMIN_PERM,
9111 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9112 NL80211_FLAG_NEED_RTNL,
9113 },
9114 {
9115 .cmd = NL80211_CMD_TDLS_OPER,
9116 .doit = nl80211_tdls_oper,
9117 .policy = nl80211_policy,
9118 .flags = GENL_ADMIN_PERM,
9119 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9120 NL80211_FLAG_NEED_RTNL,
9121 },
9122 {
9123 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
9124 .doit = nl80211_register_unexpected_frame,
9125 .policy = nl80211_policy,
9126 .flags = GENL_ADMIN_PERM,
9127 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9128 NL80211_FLAG_NEED_RTNL,
9129 },
9130 {
9131 .cmd = NL80211_CMD_PROBE_CLIENT,
9132 .doit = nl80211_probe_client,
9133 .policy = nl80211_policy,
9134 .flags = GENL_ADMIN_PERM,
9135 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9136 NL80211_FLAG_NEED_RTNL,
9137 },
9138 {
9139 .cmd = NL80211_CMD_REGISTER_BEACONS,
9140 .doit = nl80211_register_beacons,
9141 .policy = nl80211_policy,
9142 .flags = GENL_ADMIN_PERM,
9143 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9144 NL80211_FLAG_NEED_RTNL,
9145 },
9146 {
9147 .cmd = NL80211_CMD_SET_NOACK_MAP,
9148 .doit = nl80211_set_noack_map,
9149 .policy = nl80211_policy,
9150 .flags = GENL_ADMIN_PERM,
9151 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9152 NL80211_FLAG_NEED_RTNL,
9153 },
9154 {
9155 .cmd = NL80211_CMD_START_P2P_DEVICE,
9156 .doit = nl80211_start_p2p_device,
9157 .policy = nl80211_policy,
9158 .flags = GENL_ADMIN_PERM,
9159 .internal_flags = NL80211_FLAG_NEED_WDEV |
9160 NL80211_FLAG_NEED_RTNL,
9161 },
9162 {
9163 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
9164 .doit = nl80211_stop_p2p_device,
9165 .policy = nl80211_policy,
9166 .flags = GENL_ADMIN_PERM,
9167 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9168 NL80211_FLAG_NEED_RTNL,
9169 },
9170 {
9171 .cmd = NL80211_CMD_SET_MCAST_RATE,
9172 .doit = nl80211_set_mcast_rate,
9173 .policy = nl80211_policy,
9174 .flags = GENL_ADMIN_PERM,
9175 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9176 NL80211_FLAG_NEED_RTNL,
9177 },
9178 {
9179 .cmd = NL80211_CMD_SET_MAC_ACL,
9180 .doit = nl80211_set_mac_acl,
9181 .policy = nl80211_policy,
9182 .flags = GENL_ADMIN_PERM,
9183 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9184 NL80211_FLAG_NEED_RTNL,
9185 },
9186 {
9187 .cmd = NL80211_CMD_RADAR_DETECT,
9188 .doit = nl80211_start_radar_detection,
9189 .policy = nl80211_policy,
9190 .flags = GENL_ADMIN_PERM,
9191 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9192 NL80211_FLAG_NEED_RTNL,
9193 },
9194 {
9195 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
9196 .doit = nl80211_get_protocol_features,
9197 .policy = nl80211_policy,
9198 },
9199 {
9200 .cmd = NL80211_CMD_UPDATE_FT_IES,
9201 .doit = nl80211_update_ft_ies,
9202 .policy = nl80211_policy,
9203 .flags = GENL_ADMIN_PERM,
9204 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9205 NL80211_FLAG_NEED_RTNL,
9206 },
9207 {
9208 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
9209 .doit = nl80211_crit_protocol_start,
9210 .policy = nl80211_policy,
9211 .flags = GENL_ADMIN_PERM,
9212 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9213 NL80211_FLAG_NEED_RTNL,
9214 },
9215 {
9216 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
9217 .doit = nl80211_crit_protocol_stop,
9218 .policy = nl80211_policy,
9219 .flags = GENL_ADMIN_PERM,
9220 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9221 NL80211_FLAG_NEED_RTNL,
9222 },
9223 {
9224 .cmd = NL80211_CMD_VENDOR,
9225 .doit = nl80211_vendor_cmd,
9226 .policy = nl80211_policy,
9227 .flags = GENL_ADMIN_PERM,
9228 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9229 NL80211_FLAG_NEED_RTNL,
9230 },
9231 };
9232
9233 static struct genl_multicast_group nl80211_mlme_mcgrp = {
9234 .name = "mlme",
9235 };
9236
9237 /* multicast groups */
9238 static struct genl_multicast_group nl80211_config_mcgrp = {
9239 .name = "config",
9240 };
9241 static struct genl_multicast_group nl80211_scan_mcgrp = {
9242 .name = "scan",
9243 };
9244 static struct genl_multicast_group nl80211_regulatory_mcgrp = {
9245 .name = "regulatory",
9246 };
9247
9248 /* notification functions */
9249
nl80211_notify_dev_rename(struct cfg80211_registered_device * rdev)9250 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
9251 {
9252 struct sk_buff *msg;
9253
9254 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9255 if (!msg)
9256 return;
9257
9258 if (nl80211_send_wiphy(rdev, msg, 0, 0, 0,
9259 false, NULL, NULL, NULL) < 0) {
9260 nlmsg_free(msg);
9261 return;
9262 }
9263
9264 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9265 nl80211_config_mcgrp.id, GFP_KERNEL);
9266 }
9267
nl80211_add_scan_req(struct sk_buff * msg,struct cfg80211_registered_device * rdev)9268 static int nl80211_add_scan_req(struct sk_buff *msg,
9269 struct cfg80211_registered_device *rdev)
9270 {
9271 struct cfg80211_scan_request *req = rdev->scan_req;
9272 struct nlattr *nest;
9273 int i;
9274
9275 lockdep_assert_held(&rdev->sched_scan_mtx);
9276
9277 if (WARN_ON(!req))
9278 return 0;
9279
9280 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
9281 if (!nest)
9282 goto nla_put_failure;
9283 for (i = 0; i < req->n_ssids; i++) {
9284 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
9285 goto nla_put_failure;
9286 }
9287 nla_nest_end(msg, nest);
9288
9289 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
9290 if (!nest)
9291 goto nla_put_failure;
9292 for (i = 0; i < req->n_channels; i++) {
9293 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
9294 goto nla_put_failure;
9295 }
9296 nla_nest_end(msg, nest);
9297
9298 if (req->ie &&
9299 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
9300 goto nla_put_failure;
9301
9302 if (req->flags)
9303 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags);
9304
9305 return 0;
9306 nla_put_failure:
9307 return -ENOBUFS;
9308 }
9309
nl80211_send_scan_msg(struct sk_buff * msg,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 portid,u32 seq,int flags,u32 cmd)9310 static int nl80211_send_scan_msg(struct sk_buff *msg,
9311 struct cfg80211_registered_device *rdev,
9312 struct wireless_dev *wdev,
9313 u32 portid, u32 seq, int flags,
9314 u32 cmd)
9315 {
9316 void *hdr;
9317
9318 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
9319 if (!hdr)
9320 return -1;
9321
9322 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9323 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
9324 wdev->netdev->ifindex)) ||
9325 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
9326 goto nla_put_failure;
9327
9328 /* ignore errors and send incomplete event anyway */
9329 nl80211_add_scan_req(msg, rdev);
9330
9331 return genlmsg_end(msg, hdr);
9332
9333 nla_put_failure:
9334 genlmsg_cancel(msg, hdr);
9335 return -EMSGSIZE;
9336 }
9337
9338 static int
nl80211_send_sched_scan_msg(struct sk_buff * msg,struct cfg80211_registered_device * rdev,struct net_device * netdev,u32 portid,u32 seq,int flags,u32 cmd)9339 nl80211_send_sched_scan_msg(struct sk_buff *msg,
9340 struct cfg80211_registered_device *rdev,
9341 struct net_device *netdev,
9342 u32 portid, u32 seq, int flags, u32 cmd)
9343 {
9344 void *hdr;
9345
9346 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
9347 if (!hdr)
9348 return -1;
9349
9350 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9351 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
9352 goto nla_put_failure;
9353
9354 return genlmsg_end(msg, hdr);
9355
9356 nla_put_failure:
9357 genlmsg_cancel(msg, hdr);
9358 return -EMSGSIZE;
9359 }
9360
nl80211_send_scan_start(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev)9361 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
9362 struct wireless_dev *wdev)
9363 {
9364 struct sk_buff *msg;
9365
9366 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9367 if (!msg)
9368 return;
9369
9370 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
9371 NL80211_CMD_TRIGGER_SCAN) < 0) {
9372 nlmsg_free(msg);
9373 return;
9374 }
9375
9376 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9377 nl80211_scan_mcgrp.id, GFP_KERNEL);
9378 }
9379
nl80211_send_scan_done(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev)9380 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
9381 struct wireless_dev *wdev)
9382 {
9383 struct sk_buff *msg;
9384
9385 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9386 if (!msg)
9387 return;
9388
9389 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
9390 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
9391 nlmsg_free(msg);
9392 return;
9393 }
9394
9395 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9396 nl80211_scan_mcgrp.id, GFP_KERNEL);
9397 }
9398
nl80211_send_scan_aborted(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev)9399 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
9400 struct wireless_dev *wdev)
9401 {
9402 struct sk_buff *msg;
9403
9404 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9405 if (!msg)
9406 return;
9407
9408 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
9409 NL80211_CMD_SCAN_ABORTED) < 0) {
9410 nlmsg_free(msg);
9411 return;
9412 }
9413
9414 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9415 nl80211_scan_mcgrp.id, GFP_KERNEL);
9416 }
9417
nl80211_send_sched_scan_results(struct cfg80211_registered_device * rdev,struct net_device * netdev)9418 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
9419 struct net_device *netdev)
9420 {
9421 struct sk_buff *msg;
9422
9423 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9424 if (!msg)
9425 return;
9426
9427 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
9428 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
9429 nlmsg_free(msg);
9430 return;
9431 }
9432
9433 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9434 nl80211_scan_mcgrp.id, GFP_KERNEL);
9435 }
9436
nl80211_send_sched_scan(struct cfg80211_registered_device * rdev,struct net_device * netdev,u32 cmd)9437 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
9438 struct net_device *netdev, u32 cmd)
9439 {
9440 struct sk_buff *msg;
9441
9442 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9443 if (!msg)
9444 return;
9445
9446 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
9447 nlmsg_free(msg);
9448 return;
9449 }
9450
9451 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9452 nl80211_scan_mcgrp.id, GFP_KERNEL);
9453 }
9454
9455 /*
9456 * This can happen on global regulatory changes or device specific settings
9457 * based on custom world regulatory domains.
9458 */
nl80211_send_reg_change_event(struct regulatory_request * request)9459 void nl80211_send_reg_change_event(struct regulatory_request *request)
9460 {
9461 struct sk_buff *msg;
9462 void *hdr;
9463
9464 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9465 if (!msg)
9466 return;
9467
9468 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
9469 if (!hdr) {
9470 nlmsg_free(msg);
9471 return;
9472 }
9473
9474 /* Userspace can always count this one always being set */
9475 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
9476 goto nla_put_failure;
9477
9478 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
9479 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
9480 NL80211_REGDOM_TYPE_WORLD))
9481 goto nla_put_failure;
9482 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
9483 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
9484 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
9485 goto nla_put_failure;
9486 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
9487 request->intersect) {
9488 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
9489 NL80211_REGDOM_TYPE_INTERSECTION))
9490 goto nla_put_failure;
9491 } else {
9492 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
9493 NL80211_REGDOM_TYPE_COUNTRY) ||
9494 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
9495 request->alpha2))
9496 goto nla_put_failure;
9497 }
9498
9499 if (request->wiphy_idx != WIPHY_IDX_INVALID &&
9500 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
9501 goto nla_put_failure;
9502
9503 genlmsg_end(msg, hdr);
9504
9505 rcu_read_lock();
9506 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
9507 GFP_ATOMIC);
9508 rcu_read_unlock();
9509
9510 return;
9511
9512 nla_put_failure:
9513 genlmsg_cancel(msg, hdr);
9514 nlmsg_free(msg);
9515 }
9516
nl80211_send_mlme_event(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,enum nl80211_commands cmd,gfp_t gfp)9517 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
9518 struct net_device *netdev,
9519 const u8 *buf, size_t len,
9520 enum nl80211_commands cmd, gfp_t gfp)
9521 {
9522 struct sk_buff *msg;
9523 void *hdr;
9524
9525 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9526 if (!msg)
9527 return;
9528
9529 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
9530 if (!hdr) {
9531 nlmsg_free(msg);
9532 return;
9533 }
9534
9535 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9536 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9537 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
9538 goto nla_put_failure;
9539
9540 genlmsg_end(msg, hdr);
9541
9542 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9543 nl80211_mlme_mcgrp.id, gfp);
9544 return;
9545
9546 nla_put_failure:
9547 genlmsg_cancel(msg, hdr);
9548 nlmsg_free(msg);
9549 }
9550
nl80211_send_rx_auth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,gfp_t gfp)9551 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
9552 struct net_device *netdev, const u8 *buf,
9553 size_t len, gfp_t gfp)
9554 {
9555 nl80211_send_mlme_event(rdev, netdev, buf, len,
9556 NL80211_CMD_AUTHENTICATE, gfp);
9557 }
9558
nl80211_send_rx_assoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,gfp_t gfp)9559 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
9560 struct net_device *netdev, const u8 *buf,
9561 size_t len, gfp_t gfp)
9562 {
9563 nl80211_send_mlme_event(rdev, netdev, buf, len,
9564 NL80211_CMD_ASSOCIATE, gfp);
9565 }
9566
nl80211_send_deauth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,gfp_t gfp)9567 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
9568 struct net_device *netdev, const u8 *buf,
9569 size_t len, gfp_t gfp)
9570 {
9571 nl80211_send_mlme_event(rdev, netdev, buf, len,
9572 NL80211_CMD_DEAUTHENTICATE, gfp);
9573 }
9574
nl80211_send_disassoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,gfp_t gfp)9575 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
9576 struct net_device *netdev, const u8 *buf,
9577 size_t len, gfp_t gfp)
9578 {
9579 nl80211_send_mlme_event(rdev, netdev, buf, len,
9580 NL80211_CMD_DISASSOCIATE, gfp);
9581 }
9582
cfg80211_send_unprot_deauth(struct net_device * dev,const u8 * buf,size_t len)9583 void cfg80211_send_unprot_deauth(struct net_device *dev, const u8 *buf,
9584 size_t len)
9585 {
9586 struct wireless_dev *wdev = dev->ieee80211_ptr;
9587 struct wiphy *wiphy = wdev->wiphy;
9588 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9589
9590 trace_cfg80211_send_unprot_deauth(dev);
9591 nl80211_send_mlme_event(rdev, dev, buf, len,
9592 NL80211_CMD_UNPROT_DEAUTHENTICATE, GFP_ATOMIC);
9593 }
9594 EXPORT_SYMBOL(cfg80211_send_unprot_deauth);
9595
cfg80211_send_unprot_disassoc(struct net_device * dev,const u8 * buf,size_t len)9596 void cfg80211_send_unprot_disassoc(struct net_device *dev, const u8 *buf,
9597 size_t len)
9598 {
9599 struct wireless_dev *wdev = dev->ieee80211_ptr;
9600 struct wiphy *wiphy = wdev->wiphy;
9601 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9602
9603 trace_cfg80211_send_unprot_disassoc(dev);
9604 nl80211_send_mlme_event(rdev, dev, buf, len,
9605 NL80211_CMD_UNPROT_DISASSOCIATE, GFP_ATOMIC);
9606 }
9607 EXPORT_SYMBOL(cfg80211_send_unprot_disassoc);
9608
nl80211_send_mlme_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,int cmd,const u8 * addr,gfp_t gfp)9609 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
9610 struct net_device *netdev, int cmd,
9611 const u8 *addr, gfp_t gfp)
9612 {
9613 struct sk_buff *msg;
9614 void *hdr;
9615
9616 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9617 if (!msg)
9618 return;
9619
9620 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
9621 if (!hdr) {
9622 nlmsg_free(msg);
9623 return;
9624 }
9625
9626 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9627 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9628 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
9629 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
9630 goto nla_put_failure;
9631
9632 genlmsg_end(msg, hdr);
9633
9634 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9635 nl80211_mlme_mcgrp.id, gfp);
9636 return;
9637
9638 nla_put_failure:
9639 genlmsg_cancel(msg, hdr);
9640 nlmsg_free(msg);
9641 }
9642
nl80211_send_auth_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)9643 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
9644 struct net_device *netdev, const u8 *addr,
9645 gfp_t gfp)
9646 {
9647 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
9648 addr, gfp);
9649 }
9650
nl80211_send_assoc_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)9651 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
9652 struct net_device *netdev, const u8 *addr,
9653 gfp_t gfp)
9654 {
9655 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
9656 addr, gfp);
9657 }
9658
nl80211_send_connect_result(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,const u8 * req_ie,size_t req_ie_len,const u8 * resp_ie,size_t resp_ie_len,u16 status,gfp_t gfp)9659 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
9660 struct net_device *netdev, const u8 *bssid,
9661 const u8 *req_ie, size_t req_ie_len,
9662 const u8 *resp_ie, size_t resp_ie_len,
9663 u16 status, gfp_t gfp)
9664 {
9665 struct sk_buff *msg;
9666 void *hdr;
9667
9668 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9669 if (!msg)
9670 return;
9671
9672 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
9673 if (!hdr) {
9674 nlmsg_free(msg);
9675 return;
9676 }
9677
9678 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9679 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9680 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
9681 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
9682 (req_ie &&
9683 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
9684 (resp_ie &&
9685 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
9686 goto nla_put_failure;
9687
9688 genlmsg_end(msg, hdr);
9689
9690 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9691 nl80211_mlme_mcgrp.id, gfp);
9692 return;
9693
9694 nla_put_failure:
9695 genlmsg_cancel(msg, hdr);
9696 nlmsg_free(msg);
9697
9698 }
9699
nl80211_send_roamed(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,const u8 * req_ie,size_t req_ie_len,const u8 * resp_ie,size_t resp_ie_len,gfp_t gfp)9700 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
9701 struct net_device *netdev, const u8 *bssid,
9702 const u8 *req_ie, size_t req_ie_len,
9703 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
9704 {
9705 struct sk_buff *msg;
9706 void *hdr;
9707
9708 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9709 if (!msg)
9710 return;
9711
9712 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
9713 if (!hdr) {
9714 nlmsg_free(msg);
9715 return;
9716 }
9717
9718 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9719 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9720 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
9721 (req_ie &&
9722 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
9723 (resp_ie &&
9724 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
9725 goto nla_put_failure;
9726
9727 genlmsg_end(msg, hdr);
9728
9729 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9730 nl80211_mlme_mcgrp.id, gfp);
9731 return;
9732
9733 nla_put_failure:
9734 genlmsg_cancel(msg, hdr);
9735 nlmsg_free(msg);
9736
9737 }
9738
nl80211_send_disconnected(struct cfg80211_registered_device * rdev,struct net_device * netdev,u16 reason,const u8 * ie,size_t ie_len,bool from_ap)9739 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
9740 struct net_device *netdev, u16 reason,
9741 const u8 *ie, size_t ie_len, bool from_ap)
9742 {
9743 struct sk_buff *msg;
9744 void *hdr;
9745
9746 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9747 if (!msg)
9748 return;
9749
9750 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
9751 if (!hdr) {
9752 nlmsg_free(msg);
9753 return;
9754 }
9755
9756 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9757 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9758 (from_ap && reason &&
9759 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
9760 (from_ap &&
9761 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
9762 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
9763 goto nla_put_failure;
9764
9765 genlmsg_end(msg, hdr);
9766
9767 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9768 nl80211_mlme_mcgrp.id, GFP_KERNEL);
9769 return;
9770
9771 nla_put_failure:
9772 genlmsg_cancel(msg, hdr);
9773 nlmsg_free(msg);
9774
9775 }
9776
nl80211_send_ibss_bssid(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,gfp_t gfp)9777 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
9778 struct net_device *netdev, const u8 *bssid,
9779 gfp_t gfp)
9780 {
9781 struct sk_buff *msg;
9782 void *hdr;
9783
9784 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9785 if (!msg)
9786 return;
9787
9788 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
9789 if (!hdr) {
9790 nlmsg_free(msg);
9791 return;
9792 }
9793
9794 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9795 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9796 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
9797 goto nla_put_failure;
9798
9799 genlmsg_end(msg, hdr);
9800
9801 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9802 nl80211_mlme_mcgrp.id, gfp);
9803 return;
9804
9805 nla_put_failure:
9806 genlmsg_cancel(msg, hdr);
9807 nlmsg_free(msg);
9808 }
9809
cfg80211_notify_new_peer_candidate(struct net_device * dev,const u8 * addr,const u8 * ie,u8 ie_len,gfp_t gfp)9810 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
9811 const u8* ie, u8 ie_len, gfp_t gfp)
9812 {
9813 struct wireless_dev *wdev = dev->ieee80211_ptr;
9814 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
9815 struct sk_buff *msg;
9816 void *hdr;
9817
9818 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
9819 return;
9820
9821 trace_cfg80211_notify_new_peer_candidate(dev, addr);
9822
9823 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9824 if (!msg)
9825 return;
9826
9827 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
9828 if (!hdr) {
9829 nlmsg_free(msg);
9830 return;
9831 }
9832
9833 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9834 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9835 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
9836 (ie_len && ie &&
9837 nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
9838 goto nla_put_failure;
9839
9840 genlmsg_end(msg, hdr);
9841
9842 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9843 nl80211_mlme_mcgrp.id, gfp);
9844 return;
9845
9846 nla_put_failure:
9847 genlmsg_cancel(msg, hdr);
9848 nlmsg_free(msg);
9849 }
9850 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
9851
nl80211_michael_mic_failure(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,enum nl80211_key_type key_type,int key_id,const u8 * tsc,gfp_t gfp)9852 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
9853 struct net_device *netdev, const u8 *addr,
9854 enum nl80211_key_type key_type, int key_id,
9855 const u8 *tsc, gfp_t gfp)
9856 {
9857 struct sk_buff *msg;
9858 void *hdr;
9859
9860 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9861 if (!msg)
9862 return;
9863
9864 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
9865 if (!hdr) {
9866 nlmsg_free(msg);
9867 return;
9868 }
9869
9870 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9871 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9872 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
9873 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
9874 (key_id != -1 &&
9875 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
9876 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
9877 goto nla_put_failure;
9878
9879 genlmsg_end(msg, hdr);
9880
9881 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9882 nl80211_mlme_mcgrp.id, gfp);
9883 return;
9884
9885 nla_put_failure:
9886 genlmsg_cancel(msg, hdr);
9887 nlmsg_free(msg);
9888 }
9889
nl80211_send_beacon_hint_event(struct wiphy * wiphy,struct ieee80211_channel * channel_before,struct ieee80211_channel * channel_after)9890 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
9891 struct ieee80211_channel *channel_before,
9892 struct ieee80211_channel *channel_after)
9893 {
9894 struct sk_buff *msg;
9895 void *hdr;
9896 struct nlattr *nl_freq;
9897
9898 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
9899 if (!msg)
9900 return;
9901
9902 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
9903 if (!hdr) {
9904 nlmsg_free(msg);
9905 return;
9906 }
9907
9908 /*
9909 * Since we are applying the beacon hint to a wiphy we know its
9910 * wiphy_idx is valid
9911 */
9912 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
9913 goto nla_put_failure;
9914
9915 /* Before */
9916 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
9917 if (!nl_freq)
9918 goto nla_put_failure;
9919 if (nl80211_msg_put_channel(msg, channel_before, false))
9920 goto nla_put_failure;
9921 nla_nest_end(msg, nl_freq);
9922
9923 /* After */
9924 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
9925 if (!nl_freq)
9926 goto nla_put_failure;
9927 if (nl80211_msg_put_channel(msg, channel_after, false))
9928 goto nla_put_failure;
9929 nla_nest_end(msg, nl_freq);
9930
9931 genlmsg_end(msg, hdr);
9932
9933 rcu_read_lock();
9934 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
9935 GFP_ATOMIC);
9936 rcu_read_unlock();
9937
9938 return;
9939
9940 nla_put_failure:
9941 genlmsg_cancel(msg, hdr);
9942 nlmsg_free(msg);
9943 }
9944
nl80211_send_remain_on_chan_event(int cmd,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)9945 static void nl80211_send_remain_on_chan_event(
9946 int cmd, struct cfg80211_registered_device *rdev,
9947 struct wireless_dev *wdev, u64 cookie,
9948 struct ieee80211_channel *chan,
9949 unsigned int duration, gfp_t gfp)
9950 {
9951 struct sk_buff *msg;
9952 void *hdr;
9953
9954 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9955 if (!msg)
9956 return;
9957
9958 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
9959 if (!hdr) {
9960 nlmsg_free(msg);
9961 return;
9962 }
9963
9964 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9965 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
9966 wdev->netdev->ifindex)) ||
9967 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
9968 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
9969 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
9970 NL80211_CHAN_NO_HT) ||
9971 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
9972 goto nla_put_failure;
9973
9974 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
9975 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
9976 goto nla_put_failure;
9977
9978 genlmsg_end(msg, hdr);
9979
9980 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9981 nl80211_mlme_mcgrp.id, gfp);
9982 return;
9983
9984 nla_put_failure:
9985 genlmsg_cancel(msg, hdr);
9986 nlmsg_free(msg);
9987 }
9988
cfg80211_ready_on_channel(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)9989 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
9990 struct ieee80211_channel *chan,
9991 unsigned int duration, gfp_t gfp)
9992 {
9993 struct wiphy *wiphy = wdev->wiphy;
9994 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9995
9996 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
9997 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
9998 rdev, wdev, cookie, chan,
9999 duration, gfp);
10000 }
10001 EXPORT_SYMBOL(cfg80211_ready_on_channel);
10002
cfg80211_remain_on_channel_expired(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,gfp_t gfp)10003 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
10004 struct ieee80211_channel *chan,
10005 gfp_t gfp)
10006 {
10007 struct wiphy *wiphy = wdev->wiphy;
10008 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10009
10010 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
10011 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
10012 rdev, wdev, cookie, chan, 0, gfp);
10013 }
10014 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
10015
cfg80211_new_sta(struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo,gfp_t gfp)10016 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
10017 struct station_info *sinfo, gfp_t gfp)
10018 {
10019 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10020 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10021 struct sk_buff *msg;
10022
10023 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
10024
10025 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10026 if (!msg)
10027 return;
10028
10029 if (nl80211_send_station(msg, 0, 0, 0,
10030 rdev, dev, mac_addr, sinfo) < 0) {
10031 nlmsg_free(msg);
10032 return;
10033 }
10034
10035 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10036 nl80211_mlme_mcgrp.id, gfp);
10037 }
10038 EXPORT_SYMBOL(cfg80211_new_sta);
10039
cfg80211_del_sta(struct net_device * dev,const u8 * mac_addr,gfp_t gfp)10040 void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp)
10041 {
10042 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10043 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10044 struct sk_buff *msg;
10045 void *hdr;
10046
10047 trace_cfg80211_del_sta(dev, mac_addr);
10048
10049 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10050 if (!msg)
10051 return;
10052
10053 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
10054 if (!hdr) {
10055 nlmsg_free(msg);
10056 return;
10057 }
10058
10059 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10060 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
10061 goto nla_put_failure;
10062
10063 genlmsg_end(msg, hdr);
10064
10065 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10066 nl80211_mlme_mcgrp.id, gfp);
10067 return;
10068
10069 nla_put_failure:
10070 genlmsg_cancel(msg, hdr);
10071 nlmsg_free(msg);
10072 }
10073 EXPORT_SYMBOL(cfg80211_del_sta);
10074
cfg80211_conn_failed(struct net_device * dev,const u8 * mac_addr,enum nl80211_connect_failed_reason reason,gfp_t gfp)10075 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
10076 enum nl80211_connect_failed_reason reason,
10077 gfp_t gfp)
10078 {
10079 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10080 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10081 struct sk_buff *msg;
10082 void *hdr;
10083
10084 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
10085 if (!msg)
10086 return;
10087
10088 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
10089 if (!hdr) {
10090 nlmsg_free(msg);
10091 return;
10092 }
10093
10094 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10095 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
10096 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
10097 goto nla_put_failure;
10098
10099 genlmsg_end(msg, hdr);
10100
10101 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10102 nl80211_mlme_mcgrp.id, gfp);
10103 return;
10104
10105 nla_put_failure:
10106 genlmsg_cancel(msg, hdr);
10107 nlmsg_free(msg);
10108 }
10109 EXPORT_SYMBOL(cfg80211_conn_failed);
10110
__nl80211_unexpected_frame(struct net_device * dev,u8 cmd,const u8 * addr,gfp_t gfp)10111 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
10112 const u8 *addr, gfp_t gfp)
10113 {
10114 struct wireless_dev *wdev = dev->ieee80211_ptr;
10115 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10116 struct sk_buff *msg;
10117 void *hdr;
10118 int err;
10119 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
10120
10121 if (!nlportid)
10122 return false;
10123
10124 msg = nlmsg_new(100, gfp);
10125 if (!msg)
10126 return true;
10127
10128 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10129 if (!hdr) {
10130 nlmsg_free(msg);
10131 return true;
10132 }
10133
10134 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10135 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10136 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
10137 goto nla_put_failure;
10138
10139 err = genlmsg_end(msg, hdr);
10140 if (err < 0) {
10141 nlmsg_free(msg);
10142 return true;
10143 }
10144
10145 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10146 return true;
10147
10148 nla_put_failure:
10149 genlmsg_cancel(msg, hdr);
10150 nlmsg_free(msg);
10151 return true;
10152 }
10153
cfg80211_rx_spurious_frame(struct net_device * dev,const u8 * addr,gfp_t gfp)10154 bool cfg80211_rx_spurious_frame(struct net_device *dev,
10155 const u8 *addr, gfp_t gfp)
10156 {
10157 struct wireless_dev *wdev = dev->ieee80211_ptr;
10158 bool ret;
10159
10160 trace_cfg80211_rx_spurious_frame(dev, addr);
10161
10162 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
10163 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
10164 trace_cfg80211_return_bool(false);
10165 return false;
10166 }
10167 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
10168 addr, gfp);
10169 trace_cfg80211_return_bool(ret);
10170 return ret;
10171 }
10172 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
10173
cfg80211_rx_unexpected_4addr_frame(struct net_device * dev,const u8 * addr,gfp_t gfp)10174 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
10175 const u8 *addr, gfp_t gfp)
10176 {
10177 struct wireless_dev *wdev = dev->ieee80211_ptr;
10178 bool ret;
10179
10180 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
10181
10182 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
10183 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
10184 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
10185 trace_cfg80211_return_bool(false);
10186 return false;
10187 }
10188 ret = __nl80211_unexpected_frame(dev,
10189 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
10190 addr, gfp);
10191 trace_cfg80211_return_bool(ret);
10192 return ret;
10193 }
10194 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
10195
nl80211_send_mgmt(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 nlportid,int freq,int sig_dbm,const u8 * buf,size_t len,gfp_t gfp)10196 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
10197 struct wireless_dev *wdev, u32 nlportid,
10198 int freq, int sig_dbm,
10199 const u8 *buf, size_t len, gfp_t gfp)
10200 {
10201 struct net_device *netdev = wdev->netdev;
10202 struct sk_buff *msg;
10203 void *hdr;
10204
10205 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10206 if (!msg)
10207 return -ENOMEM;
10208
10209 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
10210 if (!hdr) {
10211 nlmsg_free(msg);
10212 return -ENOMEM;
10213 }
10214
10215 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10216 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10217 netdev->ifindex)) ||
10218 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10219 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
10220 (sig_dbm &&
10221 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
10222 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
10223 goto nla_put_failure;
10224
10225 genlmsg_end(msg, hdr);
10226
10227 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10228
10229 nla_put_failure:
10230 genlmsg_cancel(msg, hdr);
10231 nlmsg_free(msg);
10232 return -ENOBUFS;
10233 }
10234
cfg80211_mgmt_tx_status(struct wireless_dev * wdev,u64 cookie,const u8 * buf,size_t len,bool ack,gfp_t gfp)10235 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
10236 const u8 *buf, size_t len, bool ack, gfp_t gfp)
10237 {
10238 struct wiphy *wiphy = wdev->wiphy;
10239 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10240 struct net_device *netdev = wdev->netdev;
10241 struct sk_buff *msg;
10242 void *hdr;
10243
10244 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
10245
10246 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10247 if (!msg)
10248 return;
10249
10250 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
10251 if (!hdr) {
10252 nlmsg_free(msg);
10253 return;
10254 }
10255
10256 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10257 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10258 netdev->ifindex)) ||
10259 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10260 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
10261 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
10262 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
10263 goto nla_put_failure;
10264
10265 genlmsg_end(msg, hdr);
10266
10267 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10268 nl80211_mlme_mcgrp.id, gfp);
10269 return;
10270
10271 nla_put_failure:
10272 genlmsg_cancel(msg, hdr);
10273 nlmsg_free(msg);
10274 }
10275 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
10276
cfg80211_cqm_rssi_notify(struct net_device * dev,enum nl80211_cqm_rssi_threshold_event rssi_event,gfp_t gfp)10277 void cfg80211_cqm_rssi_notify(struct net_device *dev,
10278 enum nl80211_cqm_rssi_threshold_event rssi_event,
10279 gfp_t gfp)
10280 {
10281 struct wireless_dev *wdev = dev->ieee80211_ptr;
10282 struct wiphy *wiphy = wdev->wiphy;
10283 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10284 struct sk_buff *msg;
10285 struct nlattr *pinfoattr;
10286 void *hdr;
10287
10288 trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
10289
10290 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10291 if (!msg)
10292 return;
10293
10294 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
10295 if (!hdr) {
10296 nlmsg_free(msg);
10297 return;
10298 }
10299
10300 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10301 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
10302 goto nla_put_failure;
10303
10304 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
10305 if (!pinfoattr)
10306 goto nla_put_failure;
10307
10308 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
10309 rssi_event))
10310 goto nla_put_failure;
10311
10312 nla_nest_end(msg, pinfoattr);
10313
10314 genlmsg_end(msg, hdr);
10315
10316 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10317 nl80211_mlme_mcgrp.id, gfp);
10318 return;
10319
10320 nla_put_failure:
10321 genlmsg_cancel(msg, hdr);
10322 nlmsg_free(msg);
10323 }
10324 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
10325
nl80211_gtk_rekey_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)10326 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
10327 struct net_device *netdev, const u8 *bssid,
10328 const u8 *replay_ctr, gfp_t gfp)
10329 {
10330 struct sk_buff *msg;
10331 struct nlattr *rekey_attr;
10332 void *hdr;
10333
10334 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10335 if (!msg)
10336 return;
10337
10338 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
10339 if (!hdr) {
10340 nlmsg_free(msg);
10341 return;
10342 }
10343
10344 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10345 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10346 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
10347 goto nla_put_failure;
10348
10349 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
10350 if (!rekey_attr)
10351 goto nla_put_failure;
10352
10353 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
10354 NL80211_REPLAY_CTR_LEN, replay_ctr))
10355 goto nla_put_failure;
10356
10357 nla_nest_end(msg, rekey_attr);
10358
10359 genlmsg_end(msg, hdr);
10360
10361 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10362 nl80211_mlme_mcgrp.id, gfp);
10363 return;
10364
10365 nla_put_failure:
10366 genlmsg_cancel(msg, hdr);
10367 nlmsg_free(msg);
10368 }
10369
cfg80211_gtk_rekey_notify(struct net_device * dev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)10370 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
10371 const u8 *replay_ctr, gfp_t gfp)
10372 {
10373 struct wireless_dev *wdev = dev->ieee80211_ptr;
10374 struct wiphy *wiphy = wdev->wiphy;
10375 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10376
10377 trace_cfg80211_gtk_rekey_notify(dev, bssid);
10378 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
10379 }
10380 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
10381
10382 static void
nl80211_pmksa_candidate_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,int index,const u8 * bssid,bool preauth,gfp_t gfp)10383 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
10384 struct net_device *netdev, int index,
10385 const u8 *bssid, bool preauth, gfp_t gfp)
10386 {
10387 struct sk_buff *msg;
10388 struct nlattr *attr;
10389 void *hdr;
10390
10391 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10392 if (!msg)
10393 return;
10394
10395 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
10396 if (!hdr) {
10397 nlmsg_free(msg);
10398 return;
10399 }
10400
10401 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10402 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
10403 goto nla_put_failure;
10404
10405 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
10406 if (!attr)
10407 goto nla_put_failure;
10408
10409 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
10410 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
10411 (preauth &&
10412 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
10413 goto nla_put_failure;
10414
10415 nla_nest_end(msg, attr);
10416
10417 genlmsg_end(msg, hdr);
10418
10419 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10420 nl80211_mlme_mcgrp.id, gfp);
10421 return;
10422
10423 nla_put_failure:
10424 genlmsg_cancel(msg, hdr);
10425 nlmsg_free(msg);
10426 }
10427
cfg80211_pmksa_candidate_notify(struct net_device * dev,int index,const u8 * bssid,bool preauth,gfp_t gfp)10428 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
10429 const u8 *bssid, bool preauth, gfp_t gfp)
10430 {
10431 struct wireless_dev *wdev = dev->ieee80211_ptr;
10432 struct wiphy *wiphy = wdev->wiphy;
10433 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10434
10435 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
10436 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
10437 }
10438 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
10439
nl80211_ch_switch_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_chan_def * chandef,gfp_t gfp)10440 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
10441 struct net_device *netdev,
10442 struct cfg80211_chan_def *chandef,
10443 gfp_t gfp)
10444 {
10445 struct sk_buff *msg;
10446 void *hdr;
10447
10448 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10449 if (!msg)
10450 return;
10451
10452 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY);
10453 if (!hdr) {
10454 nlmsg_free(msg);
10455 return;
10456 }
10457
10458 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
10459 goto nla_put_failure;
10460
10461 if (nl80211_send_chandef(msg, chandef))
10462 goto nla_put_failure;
10463
10464 genlmsg_end(msg, hdr);
10465
10466 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10467 nl80211_mlme_mcgrp.id, gfp);
10468 return;
10469
10470 nla_put_failure:
10471 genlmsg_cancel(msg, hdr);
10472 nlmsg_free(msg);
10473 }
10474
cfg80211_ch_switch_notify(struct net_device * dev,struct cfg80211_chan_def * chandef)10475 void cfg80211_ch_switch_notify(struct net_device *dev,
10476 struct cfg80211_chan_def *chandef)
10477 {
10478 struct wireless_dev *wdev = dev->ieee80211_ptr;
10479 struct wiphy *wiphy = wdev->wiphy;
10480 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10481
10482 trace_cfg80211_ch_switch_notify(dev, chandef);
10483
10484 wdev_lock(wdev);
10485
10486 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
10487 wdev->iftype != NL80211_IFTYPE_P2P_GO))
10488 goto out;
10489
10490 wdev->channel = chandef->chan;
10491 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
10492 out:
10493 wdev_unlock(wdev);
10494 return;
10495 }
10496 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
10497
cfg80211_cqm_txe_notify(struct net_device * dev,const u8 * peer,u32 num_packets,u32 rate,u32 intvl,gfp_t gfp)10498 void cfg80211_cqm_txe_notify(struct net_device *dev,
10499 const u8 *peer, u32 num_packets,
10500 u32 rate, u32 intvl, gfp_t gfp)
10501 {
10502 struct wireless_dev *wdev = dev->ieee80211_ptr;
10503 struct wiphy *wiphy = wdev->wiphy;
10504 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10505 struct sk_buff *msg;
10506 struct nlattr *pinfoattr;
10507 void *hdr;
10508
10509 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
10510 if (!msg)
10511 return;
10512
10513 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
10514 if (!hdr) {
10515 nlmsg_free(msg);
10516 return;
10517 }
10518
10519 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10520 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10521 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
10522 goto nla_put_failure;
10523
10524 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
10525 if (!pinfoattr)
10526 goto nla_put_failure;
10527
10528 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
10529 goto nla_put_failure;
10530
10531 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
10532 goto nla_put_failure;
10533
10534 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
10535 goto nla_put_failure;
10536
10537 nla_nest_end(msg, pinfoattr);
10538
10539 genlmsg_end(msg, hdr);
10540
10541 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10542 nl80211_mlme_mcgrp.id, gfp);
10543 return;
10544
10545 nla_put_failure:
10546 genlmsg_cancel(msg, hdr);
10547 nlmsg_free(msg);
10548 }
10549 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
10550
10551 void
nl80211_radar_notify(struct cfg80211_registered_device * rdev,struct cfg80211_chan_def * chandef,enum nl80211_radar_event event,struct net_device * netdev,gfp_t gfp)10552 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
10553 struct cfg80211_chan_def *chandef,
10554 enum nl80211_radar_event event,
10555 struct net_device *netdev, gfp_t gfp)
10556 {
10557 struct sk_buff *msg;
10558 void *hdr;
10559
10560 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10561 if (!msg)
10562 return;
10563
10564 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
10565 if (!hdr) {
10566 nlmsg_free(msg);
10567 return;
10568 }
10569
10570 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
10571 goto nla_put_failure;
10572
10573 /* NOP and radar events don't need a netdev parameter */
10574 if (netdev) {
10575 struct wireless_dev *wdev = netdev->ieee80211_ptr;
10576
10577 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10578 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10579 goto nla_put_failure;
10580 }
10581
10582 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
10583 goto nla_put_failure;
10584
10585 if (nl80211_send_chandef(msg, chandef))
10586 goto nla_put_failure;
10587
10588 if (genlmsg_end(msg, hdr) < 0) {
10589 nlmsg_free(msg);
10590 return;
10591 }
10592
10593 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10594 nl80211_mlme_mcgrp.id, gfp);
10595 return;
10596
10597 nla_put_failure:
10598 genlmsg_cancel(msg, hdr);
10599 nlmsg_free(msg);
10600 }
10601
cfg80211_cqm_pktloss_notify(struct net_device * dev,const u8 * peer,u32 num_packets,gfp_t gfp)10602 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
10603 const u8 *peer, u32 num_packets, gfp_t gfp)
10604 {
10605 struct wireless_dev *wdev = dev->ieee80211_ptr;
10606 struct wiphy *wiphy = wdev->wiphy;
10607 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10608 struct sk_buff *msg;
10609 struct nlattr *pinfoattr;
10610 void *hdr;
10611
10612 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
10613
10614 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10615 if (!msg)
10616 return;
10617
10618 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
10619 if (!hdr) {
10620 nlmsg_free(msg);
10621 return;
10622 }
10623
10624 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10625 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10626 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
10627 goto nla_put_failure;
10628
10629 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
10630 if (!pinfoattr)
10631 goto nla_put_failure;
10632
10633 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
10634 goto nla_put_failure;
10635
10636 nla_nest_end(msg, pinfoattr);
10637
10638 genlmsg_end(msg, hdr);
10639
10640 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10641 nl80211_mlme_mcgrp.id, gfp);
10642 return;
10643
10644 nla_put_failure:
10645 genlmsg_cancel(msg, hdr);
10646 nlmsg_free(msg);
10647 }
10648 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
10649
cfg80211_probe_status(struct net_device * dev,const u8 * addr,u64 cookie,bool acked,gfp_t gfp)10650 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
10651 u64 cookie, bool acked, gfp_t gfp)
10652 {
10653 struct wireless_dev *wdev = dev->ieee80211_ptr;
10654 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10655 struct sk_buff *msg;
10656 void *hdr;
10657 int err;
10658
10659 trace_cfg80211_probe_status(dev, addr, cookie, acked);
10660
10661 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10662
10663 if (!msg)
10664 return;
10665
10666 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
10667 if (!hdr) {
10668 nlmsg_free(msg);
10669 return;
10670 }
10671
10672 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10673 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10674 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
10675 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
10676 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
10677 goto nla_put_failure;
10678
10679 err = genlmsg_end(msg, hdr);
10680 if (err < 0) {
10681 nlmsg_free(msg);
10682 return;
10683 }
10684
10685 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10686 nl80211_mlme_mcgrp.id, gfp);
10687 return;
10688
10689 nla_put_failure:
10690 genlmsg_cancel(msg, hdr);
10691 nlmsg_free(msg);
10692 }
10693 EXPORT_SYMBOL(cfg80211_probe_status);
10694
cfg80211_report_obss_beacon(struct wiphy * wiphy,const u8 * frame,size_t len,int freq,int sig_dbm)10695 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
10696 const u8 *frame, size_t len,
10697 int freq, int sig_dbm)
10698 {
10699 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10700 struct sk_buff *msg;
10701 void *hdr;
10702 struct cfg80211_beacon_registration *reg;
10703
10704 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
10705
10706 spin_lock_bh(&rdev->beacon_registrations_lock);
10707 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
10708 msg = nlmsg_new(len + 100, GFP_ATOMIC);
10709 if (!msg) {
10710 spin_unlock_bh(&rdev->beacon_registrations_lock);
10711 return;
10712 }
10713
10714 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
10715 if (!hdr)
10716 goto nla_put_failure;
10717
10718 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10719 (freq &&
10720 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
10721 (sig_dbm &&
10722 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
10723 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
10724 goto nla_put_failure;
10725
10726 genlmsg_end(msg, hdr);
10727
10728 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
10729 }
10730 spin_unlock_bh(&rdev->beacon_registrations_lock);
10731 return;
10732
10733 nla_put_failure:
10734 spin_unlock_bh(&rdev->beacon_registrations_lock);
10735 if (hdr)
10736 genlmsg_cancel(msg, hdr);
10737 nlmsg_free(msg);
10738 }
10739 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
10740
10741 #ifdef CONFIG_PM
cfg80211_report_wowlan_wakeup(struct wireless_dev * wdev,struct cfg80211_wowlan_wakeup * wakeup,gfp_t gfp)10742 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
10743 struct cfg80211_wowlan_wakeup *wakeup,
10744 gfp_t gfp)
10745 {
10746 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10747 struct sk_buff *msg;
10748 void *hdr;
10749 int err, size = 200;
10750
10751 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
10752
10753 if (wakeup)
10754 size += wakeup->packet_present_len;
10755
10756 msg = nlmsg_new(size, gfp);
10757 if (!msg)
10758 return;
10759
10760 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
10761 if (!hdr)
10762 goto free_msg;
10763
10764 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10765 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10766 goto free_msg;
10767
10768 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10769 wdev->netdev->ifindex))
10770 goto free_msg;
10771
10772 if (wakeup) {
10773 struct nlattr *reasons;
10774
10775 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
10776
10777 if (wakeup->disconnect &&
10778 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
10779 goto free_msg;
10780 if (wakeup->magic_pkt &&
10781 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
10782 goto free_msg;
10783 if (wakeup->gtk_rekey_failure &&
10784 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
10785 goto free_msg;
10786 if (wakeup->eap_identity_req &&
10787 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
10788 goto free_msg;
10789 if (wakeup->four_way_handshake &&
10790 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
10791 goto free_msg;
10792 if (wakeup->rfkill_release &&
10793 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
10794 goto free_msg;
10795
10796 if (wakeup->pattern_idx >= 0 &&
10797 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
10798 wakeup->pattern_idx))
10799 goto free_msg;
10800
10801 if (wakeup->tcp_match)
10802 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH);
10803
10804 if (wakeup->tcp_connlost)
10805 nla_put_flag(msg,
10806 NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST);
10807
10808 if (wakeup->tcp_nomoretokens)
10809 nla_put_flag(msg,
10810 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS);
10811
10812 if (wakeup->packet) {
10813 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
10814 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
10815
10816 if (!wakeup->packet_80211) {
10817 pkt_attr =
10818 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
10819 len_attr =
10820 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
10821 }
10822
10823 if (wakeup->packet_len &&
10824 nla_put_u32(msg, len_attr, wakeup->packet_len))
10825 goto free_msg;
10826
10827 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
10828 wakeup->packet))
10829 goto free_msg;
10830 }
10831
10832 nla_nest_end(msg, reasons);
10833 }
10834
10835 err = genlmsg_end(msg, hdr);
10836 if (err < 0)
10837 goto free_msg;
10838
10839 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10840 nl80211_mlme_mcgrp.id, gfp);
10841 return;
10842
10843 free_msg:
10844 nlmsg_free(msg);
10845 }
10846 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
10847 #endif
10848
cfg80211_tdls_oper_request(struct net_device * dev,const u8 * peer,enum nl80211_tdls_operation oper,u16 reason_code,gfp_t gfp)10849 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
10850 enum nl80211_tdls_operation oper,
10851 u16 reason_code, gfp_t gfp)
10852 {
10853 struct wireless_dev *wdev = dev->ieee80211_ptr;
10854 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10855 struct sk_buff *msg;
10856 void *hdr;
10857 int err;
10858
10859 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
10860 reason_code);
10861
10862 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10863 if (!msg)
10864 return;
10865
10866 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
10867 if (!hdr) {
10868 nlmsg_free(msg);
10869 return;
10870 }
10871
10872 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10873 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10874 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
10875 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
10876 (reason_code > 0 &&
10877 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
10878 goto nla_put_failure;
10879
10880 err = genlmsg_end(msg, hdr);
10881 if (err < 0) {
10882 nlmsg_free(msg);
10883 return;
10884 }
10885
10886 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10887 nl80211_mlme_mcgrp.id, gfp);
10888 return;
10889
10890 nla_put_failure:
10891 genlmsg_cancel(msg, hdr);
10892 nlmsg_free(msg);
10893 }
10894 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
10895
nl80211_netlink_notify(struct notifier_block * nb,unsigned long state,void * _notify)10896 static int nl80211_netlink_notify(struct notifier_block * nb,
10897 unsigned long state,
10898 void *_notify)
10899 {
10900 struct netlink_notify *notify = _notify;
10901 struct cfg80211_registered_device *rdev;
10902 struct wireless_dev *wdev;
10903 struct cfg80211_beacon_registration *reg, *tmp;
10904
10905 if (state != NETLINK_URELEASE)
10906 return NOTIFY_DONE;
10907
10908 rcu_read_lock();
10909
10910 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
10911 bool schedule_destroy_work = false;
10912 bool schedule_scan_stop = false;
10913 struct cfg80211_sched_scan_request *sched_scan_req =
10914 rcu_dereference(rdev->sched_scan_req);
10915
10916 if (sched_scan_req && notify->portid &&
10917 sched_scan_req->owner_nlportid == notify->portid)
10918 schedule_scan_stop = true;
10919
10920 list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) {
10921 cfg80211_mlme_unregister_socket(wdev, notify->portid);
10922
10923 if (wdev->owner_nlportid == notify->portid)
10924 schedule_destroy_work = true;
10925 }
10926
10927 spin_lock_bh(&rdev->beacon_registrations_lock);
10928 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
10929 list) {
10930 if (reg->nlportid == notify->portid) {
10931 list_del(®->list);
10932 kfree(reg);
10933 break;
10934 }
10935 }
10936 spin_unlock_bh(&rdev->beacon_registrations_lock);
10937
10938 if (schedule_destroy_work) {
10939 struct cfg80211_iface_destroy *destroy;
10940
10941 destroy = kzalloc(sizeof(*destroy), GFP_ATOMIC);
10942 if (destroy) {
10943 destroy->nlportid = notify->portid;
10944 spin_lock(&rdev->destroy_list_lock);
10945 list_add(&destroy->list, &rdev->destroy_list);
10946 spin_unlock(&rdev->destroy_list_lock);
10947 schedule_work(&rdev->destroy_work);
10948 }
10949 } else if (schedule_scan_stop) {
10950 sched_scan_req->owner_nlportid = 0;
10951
10952 if (rdev->ops->sched_scan_stop &&
10953 rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
10954 schedule_work(&rdev->sched_scan_stop_wk);
10955 }
10956 }
10957
10958 rcu_read_unlock();
10959
10960 return NOTIFY_DONE;
10961 }
10962
10963 static struct notifier_block nl80211_netlink_notifier = {
10964 .notifier_call = nl80211_netlink_notify,
10965 };
10966
cfg80211_ft_event(struct net_device * netdev,struct cfg80211_ft_event_params * ft_event)10967 void cfg80211_ft_event(struct net_device *netdev,
10968 struct cfg80211_ft_event_params *ft_event)
10969 {
10970 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
10971 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10972 struct sk_buff *msg;
10973 void *hdr;
10974 int err;
10975
10976 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
10977
10978 if (!ft_event->target_ap)
10979 return;
10980
10981 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10982 if (!msg)
10983 return;
10984
10985 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
10986 if (!hdr) {
10987 nlmsg_free(msg);
10988 return;
10989 }
10990
10991 nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
10992 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
10993 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap);
10994 if (ft_event->ies)
10995 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies);
10996 if (ft_event->ric_ies)
10997 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
10998 ft_event->ric_ies);
10999
11000 err = genlmsg_end(msg, hdr);
11001 if (err < 0) {
11002 nlmsg_free(msg);
11003 return;
11004 }
11005
11006 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
11007 nl80211_mlme_mcgrp.id, GFP_KERNEL);
11008 }
11009 EXPORT_SYMBOL(cfg80211_ft_event);
11010
cfg80211_crit_proto_stopped(struct wireless_dev * wdev,gfp_t gfp)11011 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
11012 {
11013 struct cfg80211_registered_device *rdev;
11014 struct sk_buff *msg;
11015 void *hdr;
11016 u32 nlportid;
11017
11018 rdev = wiphy_to_dev(wdev->wiphy);
11019 if (!rdev->crit_proto_nlportid)
11020 return;
11021
11022 nlportid = rdev->crit_proto_nlportid;
11023 rdev->crit_proto_nlportid = 0;
11024
11025 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11026 if (!msg)
11027 return;
11028
11029 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
11030 if (!hdr)
11031 goto nla_put_failure;
11032
11033 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11034 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11035 goto nla_put_failure;
11036
11037 genlmsg_end(msg, hdr);
11038
11039 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11040 return;
11041
11042 nla_put_failure:
11043 if (hdr)
11044 genlmsg_cancel(msg, hdr);
11045 nlmsg_free(msg);
11046
11047 }
11048 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
11049
11050 /* initialisation/exit functions */
11051
nl80211_init(void)11052 int nl80211_init(void)
11053 {
11054 int err;
11055
11056 err = genl_register_family_with_ops(&nl80211_fam,
11057 nl80211_ops, ARRAY_SIZE(nl80211_ops));
11058 if (err)
11059 return err;
11060
11061 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
11062 if (err)
11063 goto err_out;
11064
11065 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp);
11066 if (err)
11067 goto err_out;
11068
11069 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp);
11070 if (err)
11071 goto err_out;
11072
11073 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp);
11074 if (err)
11075 goto err_out;
11076
11077 #ifdef CONFIG_NL80211_TESTMODE
11078 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp);
11079 if (err)
11080 goto err_out;
11081
11082 err = genl_register_mc_group(&nl80211_fam, &nl80211_vendor_mcgrp);
11083 if (err)
11084 goto err_out;
11085 #endif
11086
11087 err = netlink_register_notifier(&nl80211_netlink_notifier);
11088 if (err)
11089 goto err_out;
11090
11091 return 0;
11092 err_out:
11093 genl_unregister_family(&nl80211_fam);
11094 return err;
11095 }
11096
nl80211_exit(void)11097 void nl80211_exit(void)
11098 {
11099 netlink_unregister_notifier(&nl80211_netlink_notifier);
11100 genl_unregister_family(&nl80211_fam);
11101 }
11102