1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * This is the new netlink-based wireless configuration interface.
4 *
5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 * Copyright 2015-2017 Intel Deutschland GmbH
8 * Copyright (C) 2018-2019 Intel Corporation
9 */
10
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <net/net_namespace.h>
24 #include <net/genetlink.h>
25 #include <net/cfg80211.h>
26 #include <net/sock.h>
27 #include <net/inet_connection_sock.h>
28 #include "core.h"
29 #include "nl80211.h"
30 #include "reg.h"
31 #include "rdev-ops.h"
32
33 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
34 struct genl_info *info,
35 struct cfg80211_crypto_settings *settings,
36 int cipher_limit);
37
38 /* the netlink family */
39 static struct genl_family nl80211_fam;
40
41 /* multicast groups */
42 enum nl80211_multicast_groups {
43 NL80211_MCGRP_CONFIG,
44 NL80211_MCGRP_SCAN,
45 NL80211_MCGRP_REGULATORY,
46 NL80211_MCGRP_MLME,
47 NL80211_MCGRP_VENDOR,
48 NL80211_MCGRP_NAN,
49 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
50 };
51
52 static const struct genl_multicast_group nl80211_mcgrps[] = {
53 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
54 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
55 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
56 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
57 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
58 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
59 #ifdef CONFIG_NL80211_TESTMODE
60 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
61 #endif
62 };
63
64 /* returns ERR_PTR values */
65 static struct wireless_dev *
__cfg80211_wdev_from_attrs(struct net * netns,struct nlattr ** attrs)66 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
67 {
68 struct cfg80211_registered_device *rdev;
69 struct wireless_dev *result = NULL;
70 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
71 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
72 u64 wdev_id;
73 int wiphy_idx = -1;
74 int ifidx = -1;
75
76 ASSERT_RTNL();
77
78 if (!have_ifidx && !have_wdev_id)
79 return ERR_PTR(-EINVAL);
80
81 if (have_ifidx)
82 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
83 if (have_wdev_id) {
84 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
85 wiphy_idx = wdev_id >> 32;
86 }
87
88 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
89 struct wireless_dev *wdev;
90
91 if (wiphy_net(&rdev->wiphy) != netns)
92 continue;
93
94 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
95 continue;
96
97 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
98 if (have_ifidx && wdev->netdev &&
99 wdev->netdev->ifindex == ifidx) {
100 result = wdev;
101 break;
102 }
103 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
104 result = wdev;
105 break;
106 }
107 }
108
109 if (result)
110 break;
111 }
112
113 if (result)
114 return result;
115 return ERR_PTR(-ENODEV);
116 }
117
118 static struct cfg80211_registered_device *
__cfg80211_rdev_from_attrs(struct net * netns,struct nlattr ** attrs)119 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
120 {
121 struct cfg80211_registered_device *rdev = NULL, *tmp;
122 struct net_device *netdev;
123
124 ASSERT_RTNL();
125
126 if (!attrs[NL80211_ATTR_WIPHY] &&
127 !attrs[NL80211_ATTR_IFINDEX] &&
128 !attrs[NL80211_ATTR_WDEV])
129 return ERR_PTR(-EINVAL);
130
131 if (attrs[NL80211_ATTR_WIPHY])
132 rdev = cfg80211_rdev_by_wiphy_idx(
133 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
134
135 if (attrs[NL80211_ATTR_WDEV]) {
136 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
137 struct wireless_dev *wdev;
138 bool found = false;
139
140 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
141 if (tmp) {
142 /* make sure wdev exists */
143 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
144 if (wdev->identifier != (u32)wdev_id)
145 continue;
146 found = true;
147 break;
148 }
149
150 if (!found)
151 tmp = NULL;
152
153 if (rdev && tmp != rdev)
154 return ERR_PTR(-EINVAL);
155 rdev = tmp;
156 }
157 }
158
159 if (attrs[NL80211_ATTR_IFINDEX]) {
160 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
161
162 netdev = __dev_get_by_index(netns, ifindex);
163 if (netdev) {
164 if (netdev->ieee80211_ptr)
165 tmp = wiphy_to_rdev(
166 netdev->ieee80211_ptr->wiphy);
167 else
168 tmp = NULL;
169
170 /* not wireless device -- return error */
171 if (!tmp)
172 return ERR_PTR(-EINVAL);
173
174 /* mismatch -- return error */
175 if (rdev && tmp != rdev)
176 return ERR_PTR(-EINVAL);
177
178 rdev = tmp;
179 }
180 }
181
182 if (!rdev)
183 return ERR_PTR(-ENODEV);
184
185 if (netns != wiphy_net(&rdev->wiphy))
186 return ERR_PTR(-ENODEV);
187
188 return rdev;
189 }
190
191 /*
192 * This function returns a pointer to the driver
193 * that the genl_info item that is passed refers to.
194 *
195 * The result of this can be a PTR_ERR and hence must
196 * be checked with IS_ERR() for errors.
197 */
198 static struct cfg80211_registered_device *
cfg80211_get_dev_from_info(struct net * netns,struct genl_info * info)199 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
200 {
201 return __cfg80211_rdev_from_attrs(netns, info->attrs);
202 }
203
validate_beacon_head(const struct nlattr * attr,struct netlink_ext_ack * extack)204 static int validate_beacon_head(const struct nlattr *attr,
205 struct netlink_ext_ack *extack)
206 {
207 const u8 *data = nla_data(attr);
208 unsigned int len = nla_len(attr);
209 const struct element *elem;
210 const struct ieee80211_mgmt *mgmt = (void *)data;
211 unsigned int fixedlen = offsetof(struct ieee80211_mgmt,
212 u.beacon.variable);
213
214 if (len < fixedlen)
215 goto err;
216
217 if (ieee80211_hdrlen(mgmt->frame_control) !=
218 offsetof(struct ieee80211_mgmt, u.beacon))
219 goto err;
220
221 data += fixedlen;
222 len -= fixedlen;
223
224 for_each_element(elem, data, len) {
225 /* nothing */
226 }
227
228 if (for_each_element_completed(elem, data, len))
229 return 0;
230
231 err:
232 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
233 return -EINVAL;
234 }
235
validate_ie_attr(const struct nlattr * attr,struct netlink_ext_ack * extack)236 static int validate_ie_attr(const struct nlattr *attr,
237 struct netlink_ext_ack *extack)
238 {
239 const u8 *data = nla_data(attr);
240 unsigned int len = nla_len(attr);
241 const struct element *elem;
242
243 for_each_element(elem, data, len) {
244 /* nothing */
245 }
246
247 if (for_each_element_completed(elem, data, len))
248 return 0;
249
250 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
251 return -EINVAL;
252 }
253
254 /* policy for the attributes */
255 static const struct nla_policy
256 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
257 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
258 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
259 .len = U8_MAX },
260 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
261 .len = U8_MAX },
262 };
263
264 static const struct nla_policy
265 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
266 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
267 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
268 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
269 NLA_POLICY_MAX(NLA_U8, 15),
270 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
271 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
272 NLA_POLICY_MAX(NLA_U8, 15),
273 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
274 NLA_POLICY_MAX(NLA_U8, 31),
275 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
276 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
277 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
278 };
279
280 static const struct nla_policy
281 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
282 [NL80211_PMSR_TYPE_FTM] =
283 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
284 };
285
286 static const struct nla_policy
287 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
288 [NL80211_PMSR_REQ_ATTR_DATA] =
289 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
290 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
291 };
292
293 static const struct nla_policy
294 nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
295 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
296 /*
297 * we could specify this again to be the top-level policy,
298 * but that would open us up to recursion problems ...
299 */
300 [NL80211_PMSR_PEER_ATTR_CHAN] = { .type = NLA_NESTED },
301 [NL80211_PMSR_PEER_ATTR_REQ] =
302 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
303 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
304 };
305
306 static const struct nla_policy
307 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
308 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
309 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
310 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
311 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
312 [NL80211_PMSR_ATTR_PEERS] =
313 NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
314 };
315
316 static const struct nla_policy
317 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
318 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
319 NLA_POLICY_RANGE(NLA_U8, 1, 20),
320 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
321 NLA_POLICY_RANGE(NLA_U8, 1, 20),
322 };
323
324 static const struct nla_policy
325 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
326 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
327 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
328 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
329 };
330
331 static const struct nla_policy
332 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
333 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
334 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
335 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
336 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
337 [NL80211_TID_CONFIG_ATTR_NOACK] =
338 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
339 };
340
341 const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
342 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
343 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
344 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
345 .len = 20-1 },
346 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
347
348 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
349 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
350 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
351 NL80211_EDMG_CHANNELS_MIN,
352 NL80211_EDMG_CHANNELS_MAX),
353 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
354 NL80211_EDMG_BW_CONFIG_MIN,
355 NL80211_EDMG_BW_CONFIG_MAX),
356
357 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
358 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
359 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
360
361 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
362 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
363 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
364 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
365 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
366 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
367
368 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
369 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
370 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
371
372 [NL80211_ATTR_MAC] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
373 [NL80211_ATTR_PREV_BSSID] = {
374 .type = NLA_EXACT_LEN_WARN,
375 .len = ETH_ALEN
376 },
377
378 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
379 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
380 .len = WLAN_MAX_KEY_LEN },
381 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
382 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
383 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
384 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
385 [NL80211_ATTR_KEY_TYPE] =
386 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
387
388 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
389 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
390 [NL80211_ATTR_BEACON_HEAD] =
391 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
392 IEEE80211_MAX_DATA_LEN),
393 [NL80211_ATTR_BEACON_TAIL] =
394 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
395 IEEE80211_MAX_DATA_LEN),
396 [NL80211_ATTR_STA_AID] =
397 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
398 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
399 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
400 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
401 .len = NL80211_MAX_SUPP_RATES },
402 [NL80211_ATTR_STA_PLINK_ACTION] =
403 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
404 [NL80211_ATTR_STA_TX_POWER_SETTING] =
405 NLA_POLICY_RANGE(NLA_U8,
406 NL80211_TX_POWER_AUTOMATIC,
407 NL80211_TX_POWER_FIXED),
408 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
409 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
410 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
411 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
412 .len = IEEE80211_MAX_MESH_ID_LEN },
413 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
414
415 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
416 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
417
418 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
419 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
420 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
421 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
422 .len = NL80211_MAX_SUPP_RATES },
423 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
424
425 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
426 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
427
428 [NL80211_ATTR_HT_CAPABILITY] = {
429 .type = NLA_EXACT_LEN_WARN,
430 .len = NL80211_HT_CAPABILITY_LEN
431 },
432
433 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
434 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
435 validate_ie_attr,
436 IEEE80211_MAX_DATA_LEN),
437 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
438 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
439
440 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
441 .len = IEEE80211_MAX_SSID_LEN },
442 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
443 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
444 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
445 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
446 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
447 NL80211_MFP_NO,
448 NL80211_MFP_OPTIONAL),
449 [NL80211_ATTR_STA_FLAGS2] = {
450 .len = sizeof(struct nl80211_sta_flag_update),
451 },
452 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
453 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
454 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
455 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
456 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
457 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
458 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
459 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
460 [NL80211_ATTR_PID] = { .type = NLA_U32 },
461 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
462 [NL80211_ATTR_PMKID] = {
463 .type = NLA_EXACT_LEN_WARN,
464 .len = WLAN_PMKID_LEN
465 },
466 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
467 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
468 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
469 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
470 .len = IEEE80211_MAX_DATA_LEN },
471 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
472 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
473 NL80211_PS_DISABLED,
474 NL80211_PS_ENABLED),
475 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
476 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
477 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
478 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
479 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
480 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
481 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
482 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
483 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
484 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
485 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
486 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
487 [NL80211_ATTR_STA_PLINK_STATE] =
488 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
489 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
490 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
491 [NL80211_ATTR_MESH_PEER_AID] =
492 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
493 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
494 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
495 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
496 [NL80211_ATTR_HIDDEN_SSID] =
497 NLA_POLICY_RANGE(NLA_U32,
498 NL80211_HIDDEN_SSID_NOT_IN_USE,
499 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
500 [NL80211_ATTR_IE_PROBE_RESP] =
501 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
502 IEEE80211_MAX_DATA_LEN),
503 [NL80211_ATTR_IE_ASSOC_RESP] =
504 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
505 IEEE80211_MAX_DATA_LEN),
506 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
507 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
508 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
509 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
510 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
511 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
512 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
513 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
514 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
515 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
516 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
517 .len = IEEE80211_MAX_DATA_LEN },
518 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
519 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
520 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
521 .len = NL80211_HT_CAPABILITY_LEN
522 },
523 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
524 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
525 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
526 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
527 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
528 [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
529 [NL80211_ATTR_VHT_CAPABILITY] = {
530 .type = NLA_EXACT_LEN_WARN,
531 .len = NL80211_VHT_CAPABILITY_LEN
532 },
533 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
534 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
535 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
536 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
537 NLA_POLICY_RANGE(NLA_U32,
538 NL80211_MESH_POWER_UNKNOWN + 1,
539 NL80211_MESH_POWER_MAX),
540 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
541 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
542 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
543 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
544 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
545 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
546 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
547 .len = NL80211_VHT_CAPABILITY_LEN,
548 },
549 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
550 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
551 .len = IEEE80211_MAX_DATA_LEN },
552 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
553 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = { .type = NLA_U16 },
554 [NL80211_ATTR_PEER_AID] =
555 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
556 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
557 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
558 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
559 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
560 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
561 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
562 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
563 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
564 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
565 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
566 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
567 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
568 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
569 .len = IEEE80211_QOS_MAP_LEN_MAX },
570 [NL80211_ATTR_MAC_HINT] = {
571 .type = NLA_EXACT_LEN_WARN,
572 .len = ETH_ALEN
573 },
574 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
575 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
576 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
577 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
578 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
579 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
580 [NL80211_ATTR_USER_PRIO] =
581 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
582 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
583 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
584 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
585 [NL80211_ATTR_MAC_MASK] = {
586 .type = NLA_EXACT_LEN_WARN,
587 .len = ETH_ALEN
588 },
589 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
590 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
591 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
592 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
593 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
594 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
595 [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
596 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
597 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
598 .len = VHT_MUMIMO_GROUPS_DATA_LEN
599 },
600 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = {
601 .type = NLA_EXACT_LEN_WARN,
602 .len = ETH_ALEN
603 },
604 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
605 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
606 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
607 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
608 .len = FILS_MAX_KEK_LEN },
609 [NL80211_ATTR_FILS_NONCES] = {
610 .type = NLA_EXACT_LEN_WARN,
611 .len = 2 * FILS_NONCE_LEN
612 },
613 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
614 [NL80211_ATTR_BSSID] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
615 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
616 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
617 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
618 },
619 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
620 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
621 .len = FILS_ERP_MAX_USERNAME_LEN },
622 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
623 .len = FILS_ERP_MAX_REALM_LEN },
624 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
625 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
626 .len = FILS_ERP_MAX_RRK_LEN },
627 [NL80211_ATTR_FILS_CACHE_ID] = { .type = NLA_EXACT_LEN_WARN, .len = 2 },
628 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
629 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
630 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
631
632 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
633 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
634 [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
635 [NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
636 .len = NL80211_HE_MAX_CAPABILITY_LEN },
637
638 [NL80211_ATTR_FTM_RESPONDER] =
639 NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
640 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
641 [NL80211_ATTR_PEER_MEASUREMENTS] =
642 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
643 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
644 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
645 .len = SAE_PASSWORD_MAX_LEN },
646 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
647 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
648 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
649 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
650 [NL80211_ATTR_TID_CONFIG] =
651 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
652 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
653 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
654 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
655 [NL80211_ATTR_HE_6GHZ_CAPABILITY] = {
656 .type = NLA_EXACT_LEN,
657 .len = sizeof(struct ieee80211_he_6ghz_capa),
658 },
659 };
660
661 /* policy for the key attributes */
662 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
663 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
664 [NL80211_KEY_IDX] = { .type = NLA_U8 },
665 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
666 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
667 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
668 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
669 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
670 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
671 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
672 };
673
674 /* policy for the key default flags */
675 static const struct nla_policy
676 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
677 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
678 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
679 };
680
681 #ifdef CONFIG_PM
682 /* policy for WoWLAN attributes */
683 static const struct nla_policy
684 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
685 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
686 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
687 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
688 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
689 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
690 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
691 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
692 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
693 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
694 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
695 };
696
697 static const struct nla_policy
698 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
699 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
700 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
701 [NL80211_WOWLAN_TCP_DST_MAC] = {
702 .type = NLA_EXACT_LEN_WARN,
703 .len = ETH_ALEN
704 },
705 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
706 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
707 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
708 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
709 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
710 },
711 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
712 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
713 },
714 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
715 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
716 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .type = NLA_MIN_LEN, .len = 1 },
717 };
718 #endif /* CONFIG_PM */
719
720 /* policy for coalesce rule attributes */
721 static const struct nla_policy
722 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
723 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
724 [NL80211_ATTR_COALESCE_RULE_CONDITION] =
725 NLA_POLICY_RANGE(NLA_U32,
726 NL80211_COALESCE_CONDITION_MATCH,
727 NL80211_COALESCE_CONDITION_NO_MATCH),
728 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
729 };
730
731 /* policy for GTK rekey offload attributes */
732 static const struct nla_policy
733 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
734 [NL80211_REKEY_DATA_KEK] = {
735 .type = NLA_EXACT_LEN_WARN,
736 .len = NL80211_KEK_LEN,
737 },
738 [NL80211_REKEY_DATA_KCK] = {
739 .type = NLA_EXACT_LEN_WARN,
740 .len = NL80211_KCK_LEN,
741 },
742 [NL80211_REKEY_DATA_REPLAY_CTR] = {
743 .type = NLA_EXACT_LEN_WARN,
744 .len = NL80211_REPLAY_CTR_LEN
745 },
746 };
747
748 static const struct nla_policy
749 nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
750 [NL80211_BAND_2GHZ] = { .type = NLA_S32 },
751 [NL80211_BAND_5GHZ] = { .type = NLA_S32 },
752 [NL80211_BAND_6GHZ] = { .type = NLA_S32 },
753 [NL80211_BAND_60GHZ] = { .type = NLA_S32 },
754 };
755
756 static const struct nla_policy
757 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
758 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
759 .len = IEEE80211_MAX_SSID_LEN },
760 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = {
761 .type = NLA_EXACT_LEN_WARN,
762 .len = ETH_ALEN
763 },
764 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
765 [NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
766 NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
767 };
768
769 static const struct nla_policy
770 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
771 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
772 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
773 };
774
775 static const struct nla_policy
776 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
777 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
778 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
779 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
780 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
781 },
782 };
783
784 /* policy for NAN function attributes */
785 static const struct nla_policy
786 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
787 [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
788 [NL80211_NAN_FUNC_SERVICE_ID] = {
789 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
790 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
791 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
792 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
793 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
794 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
795 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = {
796 .type = NLA_EXACT_LEN_WARN,
797 .len = ETH_ALEN
798 },
799 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
800 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
801 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
802 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
803 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
804 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
805 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
806 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
807 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
808 };
809
810 /* policy for Service Response Filter attributes */
811 static const struct nla_policy
812 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
813 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
814 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
815 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
816 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
817 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
818 };
819
820 /* policy for packet pattern attributes */
821 static const struct nla_policy
822 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
823 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
824 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
825 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
826 };
827
nl80211_prepare_wdev_dump(struct netlink_callback * cb,struct cfg80211_registered_device ** rdev,struct wireless_dev ** wdev)828 int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
829 struct cfg80211_registered_device **rdev,
830 struct wireless_dev **wdev)
831 {
832 int err;
833
834 if (!cb->args[0]) {
835 struct nlattr **attrbuf;
836
837 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
838 GFP_KERNEL);
839 if (!attrbuf)
840 return -ENOMEM;
841
842 err = nlmsg_parse_deprecated(cb->nlh,
843 GENL_HDRLEN + nl80211_fam.hdrsize,
844 attrbuf, nl80211_fam.maxattr,
845 nl80211_policy, NULL);
846 if (err) {
847 kfree(attrbuf);
848 return err;
849 }
850
851 *wdev = __cfg80211_wdev_from_attrs(sock_net(cb->skb->sk),
852 attrbuf);
853 kfree(attrbuf);
854 if (IS_ERR(*wdev))
855 return PTR_ERR(*wdev);
856 *rdev = wiphy_to_rdev((*wdev)->wiphy);
857 /* 0 is the first index - add 1 to parse only once */
858 cb->args[0] = (*rdev)->wiphy_idx + 1;
859 cb->args[1] = (*wdev)->identifier;
860 } else {
861 /* subtract the 1 again here */
862 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
863 struct wireless_dev *tmp;
864
865 if (!wiphy)
866 return -ENODEV;
867 *rdev = wiphy_to_rdev(wiphy);
868 *wdev = NULL;
869
870 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
871 if (tmp->identifier == cb->args[1]) {
872 *wdev = tmp;
873 break;
874 }
875 }
876
877 if (!*wdev)
878 return -ENODEV;
879 }
880
881 return 0;
882 }
883
884 /* message building helper */
nl80211hdr_put(struct sk_buff * skb,u32 portid,u32 seq,int flags,u8 cmd)885 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
886 int flags, u8 cmd)
887 {
888 /* since there is no private header just add the generic one */
889 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
890 }
891
nl80211_msg_put_wmm_rules(struct sk_buff * msg,const struct ieee80211_reg_rule * rule)892 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
893 const struct ieee80211_reg_rule *rule)
894 {
895 int j;
896 struct nlattr *nl_wmm_rules =
897 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
898
899 if (!nl_wmm_rules)
900 goto nla_put_failure;
901
902 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
903 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
904
905 if (!nl_wmm_rule)
906 goto nla_put_failure;
907
908 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
909 rule->wmm_rule.client[j].cw_min) ||
910 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
911 rule->wmm_rule.client[j].cw_max) ||
912 nla_put_u8(msg, NL80211_WMMR_AIFSN,
913 rule->wmm_rule.client[j].aifsn) ||
914 nla_put_u16(msg, NL80211_WMMR_TXOP,
915 rule->wmm_rule.client[j].cot))
916 goto nla_put_failure;
917
918 nla_nest_end(msg, nl_wmm_rule);
919 }
920 nla_nest_end(msg, nl_wmm_rules);
921
922 return 0;
923
924 nla_put_failure:
925 return -ENOBUFS;
926 }
927
nl80211_msg_put_channel(struct sk_buff * msg,struct wiphy * wiphy,struct ieee80211_channel * chan,bool large)928 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
929 struct ieee80211_channel *chan,
930 bool large)
931 {
932 /* Some channels must be completely excluded from the
933 * list to protect old user-space tools from breaking
934 */
935 if (!large && chan->flags &
936 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
937 return 0;
938
939 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
940 chan->center_freq))
941 goto nla_put_failure;
942
943 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
944 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
945 goto nla_put_failure;
946 if (chan->flags & IEEE80211_CHAN_NO_IR) {
947 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
948 goto nla_put_failure;
949 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
950 goto nla_put_failure;
951 }
952 if (chan->flags & IEEE80211_CHAN_RADAR) {
953 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
954 goto nla_put_failure;
955 if (large) {
956 u32 time;
957
958 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
959
960 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
961 chan->dfs_state))
962 goto nla_put_failure;
963 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
964 time))
965 goto nla_put_failure;
966 if (nla_put_u32(msg,
967 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
968 chan->dfs_cac_ms))
969 goto nla_put_failure;
970 }
971 }
972
973 if (large) {
974 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
975 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
976 goto nla_put_failure;
977 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
978 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
979 goto nla_put_failure;
980 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
981 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
982 goto nla_put_failure;
983 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
984 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
985 goto nla_put_failure;
986 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
987 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
988 goto nla_put_failure;
989 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
990 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
991 goto nla_put_failure;
992 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
993 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
994 goto nla_put_failure;
995 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
996 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
997 goto nla_put_failure;
998 }
999
1000 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1001 DBM_TO_MBM(chan->max_power)))
1002 goto nla_put_failure;
1003
1004 if (large) {
1005 const struct ieee80211_reg_rule *rule =
1006 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1007
1008 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1009 if (nl80211_msg_put_wmm_rules(msg, rule))
1010 goto nla_put_failure;
1011 }
1012 }
1013
1014 return 0;
1015
1016 nla_put_failure:
1017 return -ENOBUFS;
1018 }
1019
nl80211_put_txq_stats(struct sk_buff * msg,struct cfg80211_txq_stats * txqstats,int attrtype)1020 static bool nl80211_put_txq_stats(struct sk_buff *msg,
1021 struct cfg80211_txq_stats *txqstats,
1022 int attrtype)
1023 {
1024 struct nlattr *txqattr;
1025
1026 #define PUT_TXQVAL_U32(attr, memb) do { \
1027 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
1028 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1029 return false; \
1030 } while (0)
1031
1032 txqattr = nla_nest_start_noflag(msg, attrtype);
1033 if (!txqattr)
1034 return false;
1035
1036 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1037 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1038 PUT_TXQVAL_U32(FLOWS, flows);
1039 PUT_TXQVAL_U32(DROPS, drops);
1040 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1041 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1042 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1043 PUT_TXQVAL_U32(COLLISIONS, collisions);
1044 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1045 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1046 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1047 nla_nest_end(msg, txqattr);
1048
1049 #undef PUT_TXQVAL_U32
1050 return true;
1051 }
1052
1053 /* netlink command implementations */
1054
1055 struct key_parse {
1056 struct key_params p;
1057 int idx;
1058 int type;
1059 bool def, defmgmt, defbeacon;
1060 bool def_uni, def_multi;
1061 };
1062
nl80211_parse_key_new(struct genl_info * info,struct nlattr * key,struct key_parse * k)1063 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1064 struct key_parse *k)
1065 {
1066 struct nlattr *tb[NL80211_KEY_MAX + 1];
1067 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1068 nl80211_key_policy,
1069 info->extack);
1070 if (err)
1071 return err;
1072
1073 k->def = !!tb[NL80211_KEY_DEFAULT];
1074 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1075 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1076
1077 if (k->def) {
1078 k->def_uni = true;
1079 k->def_multi = true;
1080 }
1081 if (k->defmgmt || k->defbeacon)
1082 k->def_multi = true;
1083
1084 if (tb[NL80211_KEY_IDX])
1085 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1086
1087 if (tb[NL80211_KEY_DATA]) {
1088 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1089 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1090 }
1091
1092 if (tb[NL80211_KEY_SEQ]) {
1093 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1094 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1095 }
1096
1097 if (tb[NL80211_KEY_CIPHER])
1098 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1099
1100 if (tb[NL80211_KEY_TYPE])
1101 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1102
1103 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1104 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1105
1106 err = nla_parse_nested_deprecated(kdt,
1107 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1108 tb[NL80211_KEY_DEFAULT_TYPES],
1109 nl80211_key_default_policy,
1110 info->extack);
1111 if (err)
1112 return err;
1113
1114 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1115 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1116 }
1117
1118 if (tb[NL80211_KEY_MODE])
1119 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1120
1121 return 0;
1122 }
1123
nl80211_parse_key_old(struct genl_info * info,struct key_parse * k)1124 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1125 {
1126 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1127 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1128 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1129 }
1130
1131 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1132 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1133 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1134 }
1135
1136 if (info->attrs[NL80211_ATTR_KEY_IDX])
1137 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1138
1139 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1140 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1141
1142 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1143 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1144
1145 if (k->def) {
1146 k->def_uni = true;
1147 k->def_multi = true;
1148 }
1149 if (k->defmgmt)
1150 k->def_multi = true;
1151
1152 if (info->attrs[NL80211_ATTR_KEY_TYPE])
1153 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1154
1155 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1156 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1157 int err = nla_parse_nested_deprecated(kdt,
1158 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1159 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1160 nl80211_key_default_policy,
1161 info->extack);
1162 if (err)
1163 return err;
1164
1165 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1166 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1167 }
1168
1169 return 0;
1170 }
1171
nl80211_parse_key(struct genl_info * info,struct key_parse * k)1172 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1173 {
1174 int err;
1175
1176 memset(k, 0, sizeof(*k));
1177 k->idx = -1;
1178 k->type = -1;
1179
1180 if (info->attrs[NL80211_ATTR_KEY])
1181 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1182 else
1183 err = nl80211_parse_key_old(info, k);
1184
1185 if (err)
1186 return err;
1187
1188 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1189 (k->defbeacon ? 1 : 0) > 1) {
1190 GENL_SET_ERR_MSG(info,
1191 "key with multiple default flags is invalid");
1192 return -EINVAL;
1193 }
1194
1195 if (k->defmgmt || k->defbeacon) {
1196 if (k->def_uni || !k->def_multi) {
1197 GENL_SET_ERR_MSG(info,
1198 "defmgmt/defbeacon key must be mcast");
1199 return -EINVAL;
1200 }
1201 }
1202
1203 if (k->idx != -1) {
1204 if (k->defmgmt) {
1205 if (k->idx < 4 || k->idx > 5) {
1206 GENL_SET_ERR_MSG(info,
1207 "defmgmt key idx not 4 or 5");
1208 return -EINVAL;
1209 }
1210 } else if (k->defbeacon) {
1211 if (k->idx < 6 || k->idx > 7) {
1212 GENL_SET_ERR_MSG(info,
1213 "defbeacon key idx not 6 or 7");
1214 return -EINVAL;
1215 }
1216 } else if (k->def) {
1217 if (k->idx < 0 || k->idx > 3) {
1218 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1219 return -EINVAL;
1220 }
1221 } else {
1222 if (k->idx < 0 || k->idx > 7) {
1223 GENL_SET_ERR_MSG(info, "key idx not 0-7");
1224 return -EINVAL;
1225 }
1226 }
1227 }
1228
1229 return 0;
1230 }
1231
1232 static struct cfg80211_cached_keys *
nl80211_parse_connkeys(struct cfg80211_registered_device * rdev,struct genl_info * info,bool * no_ht)1233 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1234 struct genl_info *info, bool *no_ht)
1235 {
1236 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1237 struct key_parse parse;
1238 struct nlattr *key;
1239 struct cfg80211_cached_keys *result;
1240 int rem, err, def = 0;
1241 bool have_key = false;
1242
1243 nla_for_each_nested(key, keys, rem) {
1244 have_key = true;
1245 break;
1246 }
1247
1248 if (!have_key)
1249 return NULL;
1250
1251 result = kzalloc(sizeof(*result), GFP_KERNEL);
1252 if (!result)
1253 return ERR_PTR(-ENOMEM);
1254
1255 result->def = -1;
1256
1257 nla_for_each_nested(key, keys, rem) {
1258 memset(&parse, 0, sizeof(parse));
1259 parse.idx = -1;
1260
1261 err = nl80211_parse_key_new(info, key, &parse);
1262 if (err)
1263 goto error;
1264 err = -EINVAL;
1265 if (!parse.p.key)
1266 goto error;
1267 if (parse.idx < 0 || parse.idx > 3) {
1268 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1269 goto error;
1270 }
1271 if (parse.def) {
1272 if (def) {
1273 GENL_SET_ERR_MSG(info,
1274 "only one key can be default");
1275 goto error;
1276 }
1277 def = 1;
1278 result->def = parse.idx;
1279 if (!parse.def_uni || !parse.def_multi)
1280 goto error;
1281 } else if (parse.defmgmt)
1282 goto error;
1283 err = cfg80211_validate_key_settings(rdev, &parse.p,
1284 parse.idx, false, NULL);
1285 if (err)
1286 goto error;
1287 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1288 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1289 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1290 err = -EINVAL;
1291 goto error;
1292 }
1293 result->params[parse.idx].cipher = parse.p.cipher;
1294 result->params[parse.idx].key_len = parse.p.key_len;
1295 result->params[parse.idx].key = result->data[parse.idx];
1296 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1297
1298 /* must be WEP key if we got here */
1299 if (no_ht)
1300 *no_ht = true;
1301 }
1302
1303 if (result->def < 0) {
1304 err = -EINVAL;
1305 GENL_SET_ERR_MSG(info, "need a default/TX key");
1306 goto error;
1307 }
1308
1309 return result;
1310 error:
1311 kfree(result);
1312 return ERR_PTR(err);
1313 }
1314
nl80211_key_allowed(struct wireless_dev * wdev)1315 static int nl80211_key_allowed(struct wireless_dev *wdev)
1316 {
1317 ASSERT_WDEV_LOCK(wdev);
1318
1319 switch (wdev->iftype) {
1320 case NL80211_IFTYPE_AP:
1321 case NL80211_IFTYPE_AP_VLAN:
1322 case NL80211_IFTYPE_P2P_GO:
1323 case NL80211_IFTYPE_MESH_POINT:
1324 break;
1325 case NL80211_IFTYPE_ADHOC:
1326 case NL80211_IFTYPE_STATION:
1327 case NL80211_IFTYPE_P2P_CLIENT:
1328 if (!wdev->current_bss)
1329 return -ENOLINK;
1330 break;
1331 case NL80211_IFTYPE_UNSPECIFIED:
1332 case NL80211_IFTYPE_OCB:
1333 case NL80211_IFTYPE_MONITOR:
1334 case NL80211_IFTYPE_NAN:
1335 case NL80211_IFTYPE_P2P_DEVICE:
1336 case NL80211_IFTYPE_WDS:
1337 case NUM_NL80211_IFTYPES:
1338 return -EINVAL;
1339 }
1340
1341 return 0;
1342 }
1343
nl80211_get_valid_chan(struct wiphy * wiphy,struct nlattr * tb)1344 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1345 struct nlattr *tb)
1346 {
1347 struct ieee80211_channel *chan;
1348
1349 if (tb == NULL)
1350 return NULL;
1351 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1352 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1353 return NULL;
1354 return chan;
1355 }
1356
nl80211_put_iftypes(struct sk_buff * msg,u32 attr,u16 ifmodes)1357 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1358 {
1359 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1360 int i;
1361
1362 if (!nl_modes)
1363 goto nla_put_failure;
1364
1365 i = 0;
1366 while (ifmodes) {
1367 if ((ifmodes & 1) && nla_put_flag(msg, i))
1368 goto nla_put_failure;
1369 ifmodes >>= 1;
1370 i++;
1371 }
1372
1373 nla_nest_end(msg, nl_modes);
1374 return 0;
1375
1376 nla_put_failure:
1377 return -ENOBUFS;
1378 }
1379
nl80211_put_iface_combinations(struct wiphy * wiphy,struct sk_buff * msg,bool large)1380 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1381 struct sk_buff *msg,
1382 bool large)
1383 {
1384 struct nlattr *nl_combis;
1385 int i, j;
1386
1387 nl_combis = nla_nest_start_noflag(msg,
1388 NL80211_ATTR_INTERFACE_COMBINATIONS);
1389 if (!nl_combis)
1390 goto nla_put_failure;
1391
1392 for (i = 0; i < wiphy->n_iface_combinations; i++) {
1393 const struct ieee80211_iface_combination *c;
1394 struct nlattr *nl_combi, *nl_limits;
1395
1396 c = &wiphy->iface_combinations[i];
1397
1398 nl_combi = nla_nest_start_noflag(msg, i + 1);
1399 if (!nl_combi)
1400 goto nla_put_failure;
1401
1402 nl_limits = nla_nest_start_noflag(msg,
1403 NL80211_IFACE_COMB_LIMITS);
1404 if (!nl_limits)
1405 goto nla_put_failure;
1406
1407 for (j = 0; j < c->n_limits; j++) {
1408 struct nlattr *nl_limit;
1409
1410 nl_limit = nla_nest_start_noflag(msg, j + 1);
1411 if (!nl_limit)
1412 goto nla_put_failure;
1413 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1414 c->limits[j].max))
1415 goto nla_put_failure;
1416 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1417 c->limits[j].types))
1418 goto nla_put_failure;
1419 nla_nest_end(msg, nl_limit);
1420 }
1421
1422 nla_nest_end(msg, nl_limits);
1423
1424 if (c->beacon_int_infra_match &&
1425 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1426 goto nla_put_failure;
1427 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1428 c->num_different_channels) ||
1429 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1430 c->max_interfaces))
1431 goto nla_put_failure;
1432 if (large &&
1433 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1434 c->radar_detect_widths) ||
1435 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1436 c->radar_detect_regions)))
1437 goto nla_put_failure;
1438 if (c->beacon_int_min_gcd &&
1439 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1440 c->beacon_int_min_gcd))
1441 goto nla_put_failure;
1442
1443 nla_nest_end(msg, nl_combi);
1444 }
1445
1446 nla_nest_end(msg, nl_combis);
1447
1448 return 0;
1449 nla_put_failure:
1450 return -ENOBUFS;
1451 }
1452
1453 #ifdef CONFIG_PM
nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device * rdev,struct sk_buff * msg)1454 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1455 struct sk_buff *msg)
1456 {
1457 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1458 struct nlattr *nl_tcp;
1459
1460 if (!tcp)
1461 return 0;
1462
1463 nl_tcp = nla_nest_start_noflag(msg,
1464 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1465 if (!nl_tcp)
1466 return -ENOBUFS;
1467
1468 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1469 tcp->data_payload_max))
1470 return -ENOBUFS;
1471
1472 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1473 tcp->data_payload_max))
1474 return -ENOBUFS;
1475
1476 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1477 return -ENOBUFS;
1478
1479 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1480 sizeof(*tcp->tok), tcp->tok))
1481 return -ENOBUFS;
1482
1483 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1484 tcp->data_interval_max))
1485 return -ENOBUFS;
1486
1487 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1488 tcp->wake_payload_max))
1489 return -ENOBUFS;
1490
1491 nla_nest_end(msg, nl_tcp);
1492 return 0;
1493 }
1494
nl80211_send_wowlan(struct sk_buff * msg,struct cfg80211_registered_device * rdev,bool large)1495 static int nl80211_send_wowlan(struct sk_buff *msg,
1496 struct cfg80211_registered_device *rdev,
1497 bool large)
1498 {
1499 struct nlattr *nl_wowlan;
1500
1501 if (!rdev->wiphy.wowlan)
1502 return 0;
1503
1504 nl_wowlan = nla_nest_start_noflag(msg,
1505 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1506 if (!nl_wowlan)
1507 return -ENOBUFS;
1508
1509 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1510 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1511 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1512 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1513 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1514 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1515 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1516 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1517 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1518 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1519 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1520 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1521 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1522 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1523 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1524 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1525 return -ENOBUFS;
1526
1527 if (rdev->wiphy.wowlan->n_patterns) {
1528 struct nl80211_pattern_support pat = {
1529 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1530 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1531 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1532 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1533 };
1534
1535 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1536 sizeof(pat), &pat))
1537 return -ENOBUFS;
1538 }
1539
1540 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1541 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1542 rdev->wiphy.wowlan->max_nd_match_sets))
1543 return -ENOBUFS;
1544
1545 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1546 return -ENOBUFS;
1547
1548 nla_nest_end(msg, nl_wowlan);
1549
1550 return 0;
1551 }
1552 #endif
1553
nl80211_send_coalesce(struct sk_buff * msg,struct cfg80211_registered_device * rdev)1554 static int nl80211_send_coalesce(struct sk_buff *msg,
1555 struct cfg80211_registered_device *rdev)
1556 {
1557 struct nl80211_coalesce_rule_support rule;
1558
1559 if (!rdev->wiphy.coalesce)
1560 return 0;
1561
1562 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1563 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1564 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1565 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1566 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1567 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1568
1569 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1570 return -ENOBUFS;
1571
1572 return 0;
1573 }
1574
1575 static int
nl80211_send_iftype_data(struct sk_buff * msg,const struct ieee80211_supported_band * sband,const struct ieee80211_sband_iftype_data * iftdata)1576 nl80211_send_iftype_data(struct sk_buff *msg,
1577 const struct ieee80211_supported_band *sband,
1578 const struct ieee80211_sband_iftype_data *iftdata)
1579 {
1580 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1581
1582 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1583 iftdata->types_mask))
1584 return -ENOBUFS;
1585
1586 if (he_cap->has_he) {
1587 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1588 sizeof(he_cap->he_cap_elem.mac_cap_info),
1589 he_cap->he_cap_elem.mac_cap_info) ||
1590 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1591 sizeof(he_cap->he_cap_elem.phy_cap_info),
1592 he_cap->he_cap_elem.phy_cap_info) ||
1593 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1594 sizeof(he_cap->he_mcs_nss_supp),
1595 &he_cap->he_mcs_nss_supp) ||
1596 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1597 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1598 return -ENOBUFS;
1599 }
1600
1601 if (sband->band == NL80211_BAND_6GHZ &&
1602 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
1603 sizeof(iftdata->he_6ghz_capa),
1604 &iftdata->he_6ghz_capa))
1605 return -ENOBUFS;
1606
1607 return 0;
1608 }
1609
nl80211_send_band_rateinfo(struct sk_buff * msg,struct ieee80211_supported_band * sband)1610 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1611 struct ieee80211_supported_band *sband)
1612 {
1613 struct nlattr *nl_rates, *nl_rate;
1614 struct ieee80211_rate *rate;
1615 int i;
1616
1617 /* add HT info */
1618 if (sband->ht_cap.ht_supported &&
1619 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1620 sizeof(sband->ht_cap.mcs),
1621 &sband->ht_cap.mcs) ||
1622 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1623 sband->ht_cap.cap) ||
1624 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1625 sband->ht_cap.ampdu_factor) ||
1626 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1627 sband->ht_cap.ampdu_density)))
1628 return -ENOBUFS;
1629
1630 /* add VHT info */
1631 if (sband->vht_cap.vht_supported &&
1632 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1633 sizeof(sband->vht_cap.vht_mcs),
1634 &sband->vht_cap.vht_mcs) ||
1635 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1636 sband->vht_cap.cap)))
1637 return -ENOBUFS;
1638
1639 if (sband->n_iftype_data) {
1640 struct nlattr *nl_iftype_data =
1641 nla_nest_start_noflag(msg,
1642 NL80211_BAND_ATTR_IFTYPE_DATA);
1643 int err;
1644
1645 if (!nl_iftype_data)
1646 return -ENOBUFS;
1647
1648 for (i = 0; i < sband->n_iftype_data; i++) {
1649 struct nlattr *iftdata;
1650
1651 iftdata = nla_nest_start_noflag(msg, i + 1);
1652 if (!iftdata)
1653 return -ENOBUFS;
1654
1655 err = nl80211_send_iftype_data(msg, sband,
1656 &sband->iftype_data[i]);
1657 if (err)
1658 return err;
1659
1660 nla_nest_end(msg, iftdata);
1661 }
1662
1663 nla_nest_end(msg, nl_iftype_data);
1664 }
1665
1666 /* add EDMG info */
1667 if (sband->edmg_cap.channels &&
1668 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1669 sband->edmg_cap.channels) ||
1670 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1671 sband->edmg_cap.bw_config)))
1672
1673 return -ENOBUFS;
1674
1675 /* add bitrates */
1676 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1677 if (!nl_rates)
1678 return -ENOBUFS;
1679
1680 for (i = 0; i < sband->n_bitrates; i++) {
1681 nl_rate = nla_nest_start_noflag(msg, i);
1682 if (!nl_rate)
1683 return -ENOBUFS;
1684
1685 rate = &sband->bitrates[i];
1686 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1687 rate->bitrate))
1688 return -ENOBUFS;
1689 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1690 nla_put_flag(msg,
1691 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1692 return -ENOBUFS;
1693
1694 nla_nest_end(msg, nl_rate);
1695 }
1696
1697 nla_nest_end(msg, nl_rates);
1698
1699 return 0;
1700 }
1701
1702 static int
nl80211_send_mgmt_stypes(struct sk_buff * msg,const struct ieee80211_txrx_stypes * mgmt_stypes)1703 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1704 const struct ieee80211_txrx_stypes *mgmt_stypes)
1705 {
1706 u16 stypes;
1707 struct nlattr *nl_ftypes, *nl_ifs;
1708 enum nl80211_iftype ift;
1709 int i;
1710
1711 if (!mgmt_stypes)
1712 return 0;
1713
1714 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1715 if (!nl_ifs)
1716 return -ENOBUFS;
1717
1718 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1719 nl_ftypes = nla_nest_start_noflag(msg, ift);
1720 if (!nl_ftypes)
1721 return -ENOBUFS;
1722 i = 0;
1723 stypes = mgmt_stypes[ift].tx;
1724 while (stypes) {
1725 if ((stypes & 1) &&
1726 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1727 (i << 4) | IEEE80211_FTYPE_MGMT))
1728 return -ENOBUFS;
1729 stypes >>= 1;
1730 i++;
1731 }
1732 nla_nest_end(msg, nl_ftypes);
1733 }
1734
1735 nla_nest_end(msg, nl_ifs);
1736
1737 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1738 if (!nl_ifs)
1739 return -ENOBUFS;
1740
1741 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1742 nl_ftypes = nla_nest_start_noflag(msg, ift);
1743 if (!nl_ftypes)
1744 return -ENOBUFS;
1745 i = 0;
1746 stypes = mgmt_stypes[ift].rx;
1747 while (stypes) {
1748 if ((stypes & 1) &&
1749 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1750 (i << 4) | IEEE80211_FTYPE_MGMT))
1751 return -ENOBUFS;
1752 stypes >>= 1;
1753 i++;
1754 }
1755 nla_nest_end(msg, nl_ftypes);
1756 }
1757 nla_nest_end(msg, nl_ifs);
1758
1759 return 0;
1760 }
1761
1762 #define CMD(op, n) \
1763 do { \
1764 if (rdev->ops->op) { \
1765 i++; \
1766 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1767 goto nla_put_failure; \
1768 } \
1769 } while (0)
1770
nl80211_add_commands_unsplit(struct cfg80211_registered_device * rdev,struct sk_buff * msg)1771 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1772 struct sk_buff *msg)
1773 {
1774 int i = 0;
1775
1776 /*
1777 * do *NOT* add anything into this function, new things need to be
1778 * advertised only to new versions of userspace that can deal with
1779 * the split (and they can't possibly care about new features...
1780 */
1781 CMD(add_virtual_intf, NEW_INTERFACE);
1782 CMD(change_virtual_intf, SET_INTERFACE);
1783 CMD(add_key, NEW_KEY);
1784 CMD(start_ap, START_AP);
1785 CMD(add_station, NEW_STATION);
1786 CMD(add_mpath, NEW_MPATH);
1787 CMD(update_mesh_config, SET_MESH_CONFIG);
1788 CMD(change_bss, SET_BSS);
1789 CMD(auth, AUTHENTICATE);
1790 CMD(assoc, ASSOCIATE);
1791 CMD(deauth, DEAUTHENTICATE);
1792 CMD(disassoc, DISASSOCIATE);
1793 CMD(join_ibss, JOIN_IBSS);
1794 CMD(join_mesh, JOIN_MESH);
1795 CMD(set_pmksa, SET_PMKSA);
1796 CMD(del_pmksa, DEL_PMKSA);
1797 CMD(flush_pmksa, FLUSH_PMKSA);
1798 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1799 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1800 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1801 CMD(mgmt_tx, FRAME);
1802 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1803 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1804 i++;
1805 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1806 goto nla_put_failure;
1807 }
1808 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1809 rdev->ops->join_mesh) {
1810 i++;
1811 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1812 goto nla_put_failure;
1813 }
1814 CMD(set_wds_peer, SET_WDS_PEER);
1815 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1816 CMD(tdls_mgmt, TDLS_MGMT);
1817 CMD(tdls_oper, TDLS_OPER);
1818 }
1819 if (rdev->wiphy.max_sched_scan_reqs)
1820 CMD(sched_scan_start, START_SCHED_SCAN);
1821 CMD(probe_client, PROBE_CLIENT);
1822 CMD(set_noack_map, SET_NOACK_MAP);
1823 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1824 i++;
1825 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1826 goto nla_put_failure;
1827 }
1828 CMD(start_p2p_device, START_P2P_DEVICE);
1829 CMD(set_mcast_rate, SET_MCAST_RATE);
1830 #ifdef CONFIG_NL80211_TESTMODE
1831 CMD(testmode_cmd, TESTMODE);
1832 #endif
1833
1834 if (rdev->ops->connect || rdev->ops->auth) {
1835 i++;
1836 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1837 goto nla_put_failure;
1838 }
1839
1840 if (rdev->ops->disconnect || rdev->ops->deauth) {
1841 i++;
1842 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1843 goto nla_put_failure;
1844 }
1845
1846 return i;
1847 nla_put_failure:
1848 return -ENOBUFS;
1849 }
1850
1851 static int
nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities * cap,struct sk_buff * msg)1852 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1853 struct sk_buff *msg)
1854 {
1855 struct nlattr *ftm;
1856
1857 if (!cap->ftm.supported)
1858 return 0;
1859
1860 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1861 if (!ftm)
1862 return -ENOBUFS;
1863
1864 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1865 return -ENOBUFS;
1866 if (cap->ftm.non_asap &&
1867 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
1868 return -ENOBUFS;
1869 if (cap->ftm.request_lci &&
1870 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
1871 return -ENOBUFS;
1872 if (cap->ftm.request_civicloc &&
1873 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
1874 return -ENOBUFS;
1875 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
1876 cap->ftm.preambles))
1877 return -ENOBUFS;
1878 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
1879 cap->ftm.bandwidths))
1880 return -ENOBUFS;
1881 if (cap->ftm.max_bursts_exponent >= 0 &&
1882 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
1883 cap->ftm.max_bursts_exponent))
1884 return -ENOBUFS;
1885 if (cap->ftm.max_ftms_per_burst &&
1886 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
1887 cap->ftm.max_ftms_per_burst))
1888 return -ENOBUFS;
1889
1890 nla_nest_end(msg, ftm);
1891 return 0;
1892 }
1893
nl80211_send_pmsr_capa(struct cfg80211_registered_device * rdev,struct sk_buff * msg)1894 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
1895 struct sk_buff *msg)
1896 {
1897 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
1898 struct nlattr *pmsr, *caps;
1899
1900 if (!cap)
1901 return 0;
1902
1903 /*
1904 * we don't need to clean up anything here since the caller
1905 * will genlmsg_cancel() if we fail
1906 */
1907
1908 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
1909 if (!pmsr)
1910 return -ENOBUFS;
1911
1912 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
1913 return -ENOBUFS;
1914
1915 if (cap->report_ap_tsf &&
1916 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
1917 return -ENOBUFS;
1918
1919 if (cap->randomize_mac_addr &&
1920 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
1921 return -ENOBUFS;
1922
1923 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
1924 if (!caps)
1925 return -ENOBUFS;
1926
1927 if (nl80211_send_pmsr_ftm_capa(cap, msg))
1928 return -ENOBUFS;
1929
1930 nla_nest_end(msg, caps);
1931 nla_nest_end(msg, pmsr);
1932
1933 return 0;
1934 }
1935
1936 static int
nl80211_put_iftype_akm_suites(struct cfg80211_registered_device * rdev,struct sk_buff * msg)1937 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
1938 struct sk_buff *msg)
1939 {
1940 int i;
1941 struct nlattr *nested, *nested_akms;
1942 const struct wiphy_iftype_akm_suites *iftype_akms;
1943
1944 if (!rdev->wiphy.num_iftype_akm_suites ||
1945 !rdev->wiphy.iftype_akm_suites)
1946 return 0;
1947
1948 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
1949 if (!nested)
1950 return -ENOBUFS;
1951
1952 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
1953 nested_akms = nla_nest_start(msg, i + 1);
1954 if (!nested_akms)
1955 return -ENOBUFS;
1956
1957 iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
1958
1959 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
1960 iftype_akms->iftypes_mask))
1961 return -ENOBUFS;
1962
1963 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
1964 sizeof(u32) * iftype_akms->n_akm_suites,
1965 iftype_akms->akm_suites)) {
1966 return -ENOBUFS;
1967 }
1968 nla_nest_end(msg, nested_akms);
1969 }
1970
1971 nla_nest_end(msg, nested);
1972
1973 return 0;
1974 }
1975
1976 static int
nl80211_put_tid_config_support(struct cfg80211_registered_device * rdev,struct sk_buff * msg)1977 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
1978 struct sk_buff *msg)
1979 {
1980 struct nlattr *supp;
1981
1982 if (!rdev->wiphy.tid_config_support.vif &&
1983 !rdev->wiphy.tid_config_support.peer)
1984 return 0;
1985
1986 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
1987 if (!supp)
1988 return -ENOSPC;
1989
1990 if (rdev->wiphy.tid_config_support.vif &&
1991 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
1992 rdev->wiphy.tid_config_support.vif,
1993 NL80211_TID_CONFIG_ATTR_PAD))
1994 goto fail;
1995
1996 if (rdev->wiphy.tid_config_support.peer &&
1997 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
1998 rdev->wiphy.tid_config_support.peer,
1999 NL80211_TID_CONFIG_ATTR_PAD))
2000 goto fail;
2001
2002 nla_nest_end(msg, supp);
2003
2004 return 0;
2005 fail:
2006 nla_nest_cancel(msg, supp);
2007 return -ENOBUFS;
2008 }
2009
2010 struct nl80211_dump_wiphy_state {
2011 s64 filter_wiphy;
2012 long start;
2013 long split_start, band_start, chan_start, capa_start;
2014 bool split;
2015 };
2016
nl80211_send_wiphy(struct cfg80211_registered_device * rdev,enum nl80211_commands cmd,struct sk_buff * msg,u32 portid,u32 seq,int flags,struct nl80211_dump_wiphy_state * state)2017 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2018 enum nl80211_commands cmd,
2019 struct sk_buff *msg, u32 portid, u32 seq,
2020 int flags, struct nl80211_dump_wiphy_state *state)
2021 {
2022 void *hdr;
2023 struct nlattr *nl_bands, *nl_band;
2024 struct nlattr *nl_freqs, *nl_freq;
2025 struct nlattr *nl_cmds;
2026 enum nl80211_band band;
2027 struct ieee80211_channel *chan;
2028 int i;
2029 const struct ieee80211_txrx_stypes *mgmt_stypes =
2030 rdev->wiphy.mgmt_stypes;
2031 u32 features;
2032
2033 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2034 if (!hdr)
2035 return -ENOBUFS;
2036
2037 if (WARN_ON(!state))
2038 return -EINVAL;
2039
2040 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2041 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2042 wiphy_name(&rdev->wiphy)) ||
2043 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2044 cfg80211_rdev_list_generation))
2045 goto nla_put_failure;
2046
2047 if (cmd != NL80211_CMD_NEW_WIPHY)
2048 goto finish;
2049
2050 switch (state->split_start) {
2051 case 0:
2052 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2053 rdev->wiphy.retry_short) ||
2054 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2055 rdev->wiphy.retry_long) ||
2056 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2057 rdev->wiphy.frag_threshold) ||
2058 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2059 rdev->wiphy.rts_threshold) ||
2060 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2061 rdev->wiphy.coverage_class) ||
2062 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2063 rdev->wiphy.max_scan_ssids) ||
2064 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2065 rdev->wiphy.max_sched_scan_ssids) ||
2066 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2067 rdev->wiphy.max_scan_ie_len) ||
2068 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2069 rdev->wiphy.max_sched_scan_ie_len) ||
2070 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2071 rdev->wiphy.max_match_sets) ||
2072 nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
2073 rdev->wiphy.max_sched_scan_plans) ||
2074 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
2075 rdev->wiphy.max_sched_scan_plan_interval) ||
2076 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
2077 rdev->wiphy.max_sched_scan_plan_iterations))
2078 goto nla_put_failure;
2079
2080 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2081 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2082 goto nla_put_failure;
2083 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2084 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2085 goto nla_put_failure;
2086 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2087 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2088 goto nla_put_failure;
2089 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2090 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2091 goto nla_put_failure;
2092 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2093 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2094 goto nla_put_failure;
2095 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2096 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2097 goto nla_put_failure;
2098 state->split_start++;
2099 if (state->split)
2100 break;
2101 /* fall through */
2102 case 1:
2103 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2104 sizeof(u32) * rdev->wiphy.n_cipher_suites,
2105 rdev->wiphy.cipher_suites))
2106 goto nla_put_failure;
2107
2108 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2109 rdev->wiphy.max_num_pmkids))
2110 goto nla_put_failure;
2111
2112 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2113 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2114 goto nla_put_failure;
2115
2116 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2117 rdev->wiphy.available_antennas_tx) ||
2118 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2119 rdev->wiphy.available_antennas_rx))
2120 goto nla_put_failure;
2121
2122 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2123 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2124 rdev->wiphy.probe_resp_offload))
2125 goto nla_put_failure;
2126
2127 if ((rdev->wiphy.available_antennas_tx ||
2128 rdev->wiphy.available_antennas_rx) &&
2129 rdev->ops->get_antenna) {
2130 u32 tx_ant = 0, rx_ant = 0;
2131 int res;
2132
2133 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2134 if (!res) {
2135 if (nla_put_u32(msg,
2136 NL80211_ATTR_WIPHY_ANTENNA_TX,
2137 tx_ant) ||
2138 nla_put_u32(msg,
2139 NL80211_ATTR_WIPHY_ANTENNA_RX,
2140 rx_ant))
2141 goto nla_put_failure;
2142 }
2143 }
2144
2145 state->split_start++;
2146 if (state->split)
2147 break;
2148 /* fall through */
2149 case 2:
2150 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2151 rdev->wiphy.interface_modes))
2152 goto nla_put_failure;
2153 state->split_start++;
2154 if (state->split)
2155 break;
2156 /* fall through */
2157 case 3:
2158 nl_bands = nla_nest_start_noflag(msg,
2159 NL80211_ATTR_WIPHY_BANDS);
2160 if (!nl_bands)
2161 goto nla_put_failure;
2162
2163 for (band = state->band_start;
2164 band < NUM_NL80211_BANDS; band++) {
2165 struct ieee80211_supported_band *sband;
2166
2167 sband = rdev->wiphy.bands[band];
2168
2169 if (!sband)
2170 continue;
2171
2172 nl_band = nla_nest_start_noflag(msg, band);
2173 if (!nl_band)
2174 goto nla_put_failure;
2175
2176 switch (state->chan_start) {
2177 case 0:
2178 if (nl80211_send_band_rateinfo(msg, sband))
2179 goto nla_put_failure;
2180 state->chan_start++;
2181 if (state->split)
2182 break;
2183 /* fall through */
2184 default:
2185 /* add frequencies */
2186 nl_freqs = nla_nest_start_noflag(msg,
2187 NL80211_BAND_ATTR_FREQS);
2188 if (!nl_freqs)
2189 goto nla_put_failure;
2190
2191 for (i = state->chan_start - 1;
2192 i < sband->n_channels;
2193 i++) {
2194 nl_freq = nla_nest_start_noflag(msg,
2195 i);
2196 if (!nl_freq)
2197 goto nla_put_failure;
2198
2199 chan = &sband->channels[i];
2200
2201 if (nl80211_msg_put_channel(
2202 msg, &rdev->wiphy, chan,
2203 state->split))
2204 goto nla_put_failure;
2205
2206 nla_nest_end(msg, nl_freq);
2207 if (state->split)
2208 break;
2209 }
2210 if (i < sband->n_channels)
2211 state->chan_start = i + 2;
2212 else
2213 state->chan_start = 0;
2214 nla_nest_end(msg, nl_freqs);
2215 }
2216
2217 nla_nest_end(msg, nl_band);
2218
2219 if (state->split) {
2220 /* start again here */
2221 if (state->chan_start)
2222 band--;
2223 break;
2224 }
2225 }
2226 nla_nest_end(msg, nl_bands);
2227
2228 if (band < NUM_NL80211_BANDS)
2229 state->band_start = band + 1;
2230 else
2231 state->band_start = 0;
2232
2233 /* if bands & channels are done, continue outside */
2234 if (state->band_start == 0 && state->chan_start == 0)
2235 state->split_start++;
2236 if (state->split)
2237 break;
2238 /* fall through */
2239 case 4:
2240 nl_cmds = nla_nest_start_noflag(msg,
2241 NL80211_ATTR_SUPPORTED_COMMANDS);
2242 if (!nl_cmds)
2243 goto nla_put_failure;
2244
2245 i = nl80211_add_commands_unsplit(rdev, msg);
2246 if (i < 0)
2247 goto nla_put_failure;
2248 if (state->split) {
2249 CMD(crit_proto_start, CRIT_PROTOCOL_START);
2250 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2251 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2252 CMD(channel_switch, CHANNEL_SWITCH);
2253 CMD(set_qos_map, SET_QOS_MAP);
2254 if (rdev->wiphy.features &
2255 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2256 CMD(add_tx_ts, ADD_TX_TS);
2257 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2258 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2259 CMD(update_ft_ies, UPDATE_FT_IES);
2260 }
2261 #undef CMD
2262
2263 nla_nest_end(msg, nl_cmds);
2264 state->split_start++;
2265 if (state->split)
2266 break;
2267 /* fall through */
2268 case 5:
2269 if (rdev->ops->remain_on_channel &&
2270 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2271 nla_put_u32(msg,
2272 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2273 rdev->wiphy.max_remain_on_channel_duration))
2274 goto nla_put_failure;
2275
2276 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2277 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2278 goto nla_put_failure;
2279
2280 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2281 goto nla_put_failure;
2282 state->split_start++;
2283 if (state->split)
2284 break;
2285 /* fall through */
2286 case 6:
2287 #ifdef CONFIG_PM
2288 if (nl80211_send_wowlan(msg, rdev, state->split))
2289 goto nla_put_failure;
2290 state->split_start++;
2291 if (state->split)
2292 break;
2293 #else
2294 state->split_start++;
2295 #endif
2296 /* fall through */
2297 case 7:
2298 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2299 rdev->wiphy.software_iftypes))
2300 goto nla_put_failure;
2301
2302 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2303 state->split))
2304 goto nla_put_failure;
2305
2306 state->split_start++;
2307 if (state->split)
2308 break;
2309 /* fall through */
2310 case 8:
2311 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2312 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2313 rdev->wiphy.ap_sme_capa))
2314 goto nla_put_failure;
2315
2316 features = rdev->wiphy.features;
2317 /*
2318 * We can only add the per-channel limit information if the
2319 * dump is split, otherwise it makes it too big. Therefore
2320 * only advertise it in that case.
2321 */
2322 if (state->split)
2323 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2324 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2325 goto nla_put_failure;
2326
2327 if (rdev->wiphy.ht_capa_mod_mask &&
2328 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2329 sizeof(*rdev->wiphy.ht_capa_mod_mask),
2330 rdev->wiphy.ht_capa_mod_mask))
2331 goto nla_put_failure;
2332
2333 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2334 rdev->wiphy.max_acl_mac_addrs &&
2335 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2336 rdev->wiphy.max_acl_mac_addrs))
2337 goto nla_put_failure;
2338
2339 /*
2340 * Any information below this point is only available to
2341 * applications that can deal with it being split. This
2342 * helps ensure that newly added capabilities don't break
2343 * older tools by overrunning their buffers.
2344 *
2345 * We still increment split_start so that in the split
2346 * case we'll continue with more data in the next round,
2347 * but break unconditionally so unsplit data stops here.
2348 */
2349 if (state->split)
2350 state->split_start++;
2351 else
2352 state->split_start = 0;
2353 break;
2354 case 9:
2355 if (rdev->wiphy.extended_capabilities &&
2356 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2357 rdev->wiphy.extended_capabilities_len,
2358 rdev->wiphy.extended_capabilities) ||
2359 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2360 rdev->wiphy.extended_capabilities_len,
2361 rdev->wiphy.extended_capabilities_mask)))
2362 goto nla_put_failure;
2363
2364 if (rdev->wiphy.vht_capa_mod_mask &&
2365 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2366 sizeof(*rdev->wiphy.vht_capa_mod_mask),
2367 rdev->wiphy.vht_capa_mod_mask))
2368 goto nla_put_failure;
2369
2370 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2371 rdev->wiphy.perm_addr))
2372 goto nla_put_failure;
2373
2374 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2375 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2376 rdev->wiphy.addr_mask))
2377 goto nla_put_failure;
2378
2379 if (rdev->wiphy.n_addresses > 1) {
2380 void *attr;
2381
2382 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2383 if (!attr)
2384 goto nla_put_failure;
2385
2386 for (i = 0; i < rdev->wiphy.n_addresses; i++)
2387 if (nla_put(msg, i + 1, ETH_ALEN,
2388 rdev->wiphy.addresses[i].addr))
2389 goto nla_put_failure;
2390
2391 nla_nest_end(msg, attr);
2392 }
2393
2394 state->split_start++;
2395 break;
2396 case 10:
2397 if (nl80211_send_coalesce(msg, rdev))
2398 goto nla_put_failure;
2399
2400 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2401 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2402 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2403 goto nla_put_failure;
2404
2405 if (rdev->wiphy.max_ap_assoc_sta &&
2406 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2407 rdev->wiphy.max_ap_assoc_sta))
2408 goto nla_put_failure;
2409
2410 state->split_start++;
2411 break;
2412 case 11:
2413 if (rdev->wiphy.n_vendor_commands) {
2414 const struct nl80211_vendor_cmd_info *info;
2415 struct nlattr *nested;
2416
2417 nested = nla_nest_start_noflag(msg,
2418 NL80211_ATTR_VENDOR_DATA);
2419 if (!nested)
2420 goto nla_put_failure;
2421
2422 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2423 info = &rdev->wiphy.vendor_commands[i].info;
2424 if (nla_put(msg, i + 1, sizeof(*info), info))
2425 goto nla_put_failure;
2426 }
2427 nla_nest_end(msg, nested);
2428 }
2429
2430 if (rdev->wiphy.n_vendor_events) {
2431 const struct nl80211_vendor_cmd_info *info;
2432 struct nlattr *nested;
2433
2434 nested = nla_nest_start_noflag(msg,
2435 NL80211_ATTR_VENDOR_EVENTS);
2436 if (!nested)
2437 goto nla_put_failure;
2438
2439 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2440 info = &rdev->wiphy.vendor_events[i];
2441 if (nla_put(msg, i + 1, sizeof(*info), info))
2442 goto nla_put_failure;
2443 }
2444 nla_nest_end(msg, nested);
2445 }
2446 state->split_start++;
2447 break;
2448 case 12:
2449 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2450 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2451 rdev->wiphy.max_num_csa_counters))
2452 goto nla_put_failure;
2453
2454 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2455 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2456 goto nla_put_failure;
2457
2458 if (rdev->wiphy.max_sched_scan_reqs &&
2459 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2460 rdev->wiphy.max_sched_scan_reqs))
2461 goto nla_put_failure;
2462
2463 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2464 sizeof(rdev->wiphy.ext_features),
2465 rdev->wiphy.ext_features))
2466 goto nla_put_failure;
2467
2468 if (rdev->wiphy.bss_select_support) {
2469 struct nlattr *nested;
2470 u32 bss_select_support = rdev->wiphy.bss_select_support;
2471
2472 nested = nla_nest_start_noflag(msg,
2473 NL80211_ATTR_BSS_SELECT);
2474 if (!nested)
2475 goto nla_put_failure;
2476
2477 i = 0;
2478 while (bss_select_support) {
2479 if ((bss_select_support & 1) &&
2480 nla_put_flag(msg, i))
2481 goto nla_put_failure;
2482 i++;
2483 bss_select_support >>= 1;
2484 }
2485 nla_nest_end(msg, nested);
2486 }
2487
2488 state->split_start++;
2489 break;
2490 case 13:
2491 if (rdev->wiphy.num_iftype_ext_capab &&
2492 rdev->wiphy.iftype_ext_capab) {
2493 struct nlattr *nested_ext_capab, *nested;
2494
2495 nested = nla_nest_start_noflag(msg,
2496 NL80211_ATTR_IFTYPE_EXT_CAPA);
2497 if (!nested)
2498 goto nla_put_failure;
2499
2500 for (i = state->capa_start;
2501 i < rdev->wiphy.num_iftype_ext_capab; i++) {
2502 const struct wiphy_iftype_ext_capab *capab;
2503
2504 capab = &rdev->wiphy.iftype_ext_capab[i];
2505
2506 nested_ext_capab = nla_nest_start_noflag(msg,
2507 i);
2508 if (!nested_ext_capab ||
2509 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2510 capab->iftype) ||
2511 nla_put(msg, NL80211_ATTR_EXT_CAPA,
2512 capab->extended_capabilities_len,
2513 capab->extended_capabilities) ||
2514 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2515 capab->extended_capabilities_len,
2516 capab->extended_capabilities_mask))
2517 goto nla_put_failure;
2518
2519 nla_nest_end(msg, nested_ext_capab);
2520 if (state->split)
2521 break;
2522 }
2523 nla_nest_end(msg, nested);
2524 if (i < rdev->wiphy.num_iftype_ext_capab) {
2525 state->capa_start = i + 1;
2526 break;
2527 }
2528 }
2529
2530 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2531 rdev->wiphy.nan_supported_bands))
2532 goto nla_put_failure;
2533
2534 if (wiphy_ext_feature_isset(&rdev->wiphy,
2535 NL80211_EXT_FEATURE_TXQS)) {
2536 struct cfg80211_txq_stats txqstats = {};
2537 int res;
2538
2539 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2540 if (!res &&
2541 !nl80211_put_txq_stats(msg, &txqstats,
2542 NL80211_ATTR_TXQ_STATS))
2543 goto nla_put_failure;
2544
2545 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2546 rdev->wiphy.txq_limit))
2547 goto nla_put_failure;
2548 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2549 rdev->wiphy.txq_memory_limit))
2550 goto nla_put_failure;
2551 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2552 rdev->wiphy.txq_quantum))
2553 goto nla_put_failure;
2554 }
2555
2556 state->split_start++;
2557 break;
2558 case 14:
2559 if (nl80211_send_pmsr_capa(rdev, msg))
2560 goto nla_put_failure;
2561
2562 state->split_start++;
2563 break;
2564 case 15:
2565 if (rdev->wiphy.akm_suites &&
2566 nla_put(msg, NL80211_ATTR_AKM_SUITES,
2567 sizeof(u32) * rdev->wiphy.n_akm_suites,
2568 rdev->wiphy.akm_suites))
2569 goto nla_put_failure;
2570
2571 if (nl80211_put_iftype_akm_suites(rdev, msg))
2572 goto nla_put_failure;
2573
2574 if (nl80211_put_tid_config_support(rdev, msg))
2575 goto nla_put_failure;
2576
2577 /* done */
2578 state->split_start = 0;
2579 break;
2580 }
2581 finish:
2582 genlmsg_end(msg, hdr);
2583 return 0;
2584
2585 nla_put_failure:
2586 genlmsg_cancel(msg, hdr);
2587 return -EMSGSIZE;
2588 }
2589
nl80211_dump_wiphy_parse(struct sk_buff * skb,struct netlink_callback * cb,struct nl80211_dump_wiphy_state * state)2590 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2591 struct netlink_callback *cb,
2592 struct nl80211_dump_wiphy_state *state)
2593 {
2594 struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
2595 int ret;
2596
2597 if (!tb)
2598 return -ENOMEM;
2599
2600 ret = nlmsg_parse_deprecated(cb->nlh,
2601 GENL_HDRLEN + nl80211_fam.hdrsize,
2602 tb, nl80211_fam.maxattr,
2603 nl80211_policy, NULL);
2604 /* ignore parse errors for backward compatibility */
2605 if (ret) {
2606 ret = 0;
2607 goto out;
2608 }
2609
2610 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2611 if (tb[NL80211_ATTR_WIPHY])
2612 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2613 if (tb[NL80211_ATTR_WDEV])
2614 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2615 if (tb[NL80211_ATTR_IFINDEX]) {
2616 struct net_device *netdev;
2617 struct cfg80211_registered_device *rdev;
2618 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2619
2620 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2621 if (!netdev) {
2622 ret = -ENODEV;
2623 goto out;
2624 }
2625 if (netdev->ieee80211_ptr) {
2626 rdev = wiphy_to_rdev(
2627 netdev->ieee80211_ptr->wiphy);
2628 state->filter_wiphy = rdev->wiphy_idx;
2629 }
2630 }
2631
2632 ret = 0;
2633 out:
2634 kfree(tb);
2635 return ret;
2636 }
2637
nl80211_dump_wiphy(struct sk_buff * skb,struct netlink_callback * cb)2638 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2639 {
2640 int idx = 0, ret;
2641 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2642 struct cfg80211_registered_device *rdev;
2643
2644 rtnl_lock();
2645 if (!state) {
2646 state = kzalloc(sizeof(*state), GFP_KERNEL);
2647 if (!state) {
2648 rtnl_unlock();
2649 return -ENOMEM;
2650 }
2651 state->filter_wiphy = -1;
2652 ret = nl80211_dump_wiphy_parse(skb, cb, state);
2653 if (ret) {
2654 kfree(state);
2655 rtnl_unlock();
2656 return ret;
2657 }
2658 cb->args[0] = (long)state;
2659 }
2660
2661 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2662 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2663 continue;
2664 if (++idx <= state->start)
2665 continue;
2666 if (state->filter_wiphy != -1 &&
2667 state->filter_wiphy != rdev->wiphy_idx)
2668 continue;
2669 /* attempt to fit multiple wiphy data chunks into the skb */
2670 do {
2671 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2672 skb,
2673 NETLINK_CB(cb->skb).portid,
2674 cb->nlh->nlmsg_seq,
2675 NLM_F_MULTI, state);
2676 if (ret < 0) {
2677 /*
2678 * If sending the wiphy data didn't fit (ENOBUFS
2679 * or EMSGSIZE returned), this SKB is still
2680 * empty (so it's not too big because another
2681 * wiphy dataset is already in the skb) and
2682 * we've not tried to adjust the dump allocation
2683 * yet ... then adjust the alloc size to be
2684 * bigger, and return 1 but with the empty skb.
2685 * This results in an empty message being RX'ed
2686 * in userspace, but that is ignored.
2687 *
2688 * We can then retry with the larger buffer.
2689 */
2690 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2691 !skb->len && !state->split &&
2692 cb->min_dump_alloc < 4096) {
2693 cb->min_dump_alloc = 4096;
2694 state->split_start = 0;
2695 rtnl_unlock();
2696 return 1;
2697 }
2698 idx--;
2699 break;
2700 }
2701 } while (state->split_start > 0);
2702 break;
2703 }
2704 rtnl_unlock();
2705
2706 state->start = idx;
2707
2708 return skb->len;
2709 }
2710
nl80211_dump_wiphy_done(struct netlink_callback * cb)2711 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2712 {
2713 kfree((void *)cb->args[0]);
2714 return 0;
2715 }
2716
nl80211_get_wiphy(struct sk_buff * skb,struct genl_info * info)2717 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2718 {
2719 struct sk_buff *msg;
2720 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2721 struct nl80211_dump_wiphy_state state = {};
2722
2723 msg = nlmsg_new(4096, GFP_KERNEL);
2724 if (!msg)
2725 return -ENOMEM;
2726
2727 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2728 info->snd_portid, info->snd_seq, 0,
2729 &state) < 0) {
2730 nlmsg_free(msg);
2731 return -ENOBUFS;
2732 }
2733
2734 return genlmsg_reply(msg, info);
2735 }
2736
2737 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2738 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
2739 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
2740 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
2741 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
2742 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
2743 };
2744
parse_txq_params(struct nlattr * tb[],struct ieee80211_txq_params * txq_params)2745 static int parse_txq_params(struct nlattr *tb[],
2746 struct ieee80211_txq_params *txq_params)
2747 {
2748 u8 ac;
2749
2750 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2751 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2752 !tb[NL80211_TXQ_ATTR_AIFS])
2753 return -EINVAL;
2754
2755 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2756 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2757 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2758 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2759 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2760
2761 if (ac >= NL80211_NUM_ACS)
2762 return -EINVAL;
2763 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2764 return 0;
2765 }
2766
nl80211_can_set_dev_channel(struct wireless_dev * wdev)2767 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2768 {
2769 /*
2770 * You can only set the channel explicitly for WDS interfaces,
2771 * all others have their channel managed via their respective
2772 * "establish a connection" command (connect, join, ...)
2773 *
2774 * For AP/GO and mesh mode, the channel can be set with the
2775 * channel userspace API, but is only stored and passed to the
2776 * low-level driver when the AP starts or the mesh is joined.
2777 * This is for backward compatibility, userspace can also give
2778 * the channel in the start-ap or join-mesh commands instead.
2779 *
2780 * Monitors are special as they are normally slaved to
2781 * whatever else is going on, so they have their own special
2782 * operation to set the monitor channel if possible.
2783 */
2784 return !wdev ||
2785 wdev->iftype == NL80211_IFTYPE_AP ||
2786 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2787 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2788 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2789 }
2790
nl80211_parse_chandef(struct cfg80211_registered_device * rdev,struct genl_info * info,struct cfg80211_chan_def * chandef)2791 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2792 struct genl_info *info,
2793 struct cfg80211_chan_def *chandef)
2794 {
2795 struct netlink_ext_ack *extack = info->extack;
2796 struct nlattr **attrs = info->attrs;
2797 u32 control_freq;
2798
2799 if (!attrs[NL80211_ATTR_WIPHY_FREQ])
2800 return -EINVAL;
2801
2802 control_freq = nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]);
2803
2804 memset(chandef, 0, sizeof(*chandef));
2805
2806 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2807 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2808 chandef->center_freq1 = control_freq;
2809 chandef->center_freq2 = 0;
2810
2811 /* Primary channel not allowed */
2812 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
2813 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
2814 "Channel is disabled");
2815 return -EINVAL;
2816 }
2817
2818 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2819 enum nl80211_channel_type chantype;
2820
2821 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2822
2823 switch (chantype) {
2824 case NL80211_CHAN_NO_HT:
2825 case NL80211_CHAN_HT20:
2826 case NL80211_CHAN_HT40PLUS:
2827 case NL80211_CHAN_HT40MINUS:
2828 cfg80211_chandef_create(chandef, chandef->chan,
2829 chantype);
2830 /* user input for center_freq is incorrect */
2831 if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
2832 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
2833 NL_SET_ERR_MSG_ATTR(extack,
2834 attrs[NL80211_ATTR_CENTER_FREQ1],
2835 "bad center frequency 1");
2836 return -EINVAL;
2837 }
2838 /* center_freq2 must be zero */
2839 if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
2840 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
2841 NL_SET_ERR_MSG_ATTR(extack,
2842 attrs[NL80211_ATTR_CENTER_FREQ2],
2843 "center frequency 2 can't be used");
2844 return -EINVAL;
2845 }
2846 break;
2847 default:
2848 NL_SET_ERR_MSG_ATTR(extack,
2849 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
2850 "invalid channel type");
2851 return -EINVAL;
2852 }
2853 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2854 chandef->width =
2855 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2856 if (attrs[NL80211_ATTR_CENTER_FREQ1])
2857 chandef->center_freq1 =
2858 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
2859 if (attrs[NL80211_ATTR_CENTER_FREQ2])
2860 chandef->center_freq2 =
2861 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
2862 }
2863
2864 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
2865 chandef->edmg.channels =
2866 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
2867
2868 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
2869 chandef->edmg.bw_config =
2870 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
2871 } else {
2872 chandef->edmg.bw_config = 0;
2873 chandef->edmg.channels = 0;
2874 }
2875
2876 if (!cfg80211_chandef_valid(chandef)) {
2877 NL_SET_ERR_MSG(extack, "invalid channel definition");
2878 return -EINVAL;
2879 }
2880
2881 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2882 IEEE80211_CHAN_DISABLED)) {
2883 NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
2884 return -EINVAL;
2885 }
2886
2887 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2888 chandef->width == NL80211_CHAN_WIDTH_10) &&
2889 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
2890 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
2891 return -EINVAL;
2892 }
2893
2894 return 0;
2895 }
2896
__nl80211_set_channel(struct cfg80211_registered_device * rdev,struct net_device * dev,struct genl_info * info)2897 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2898 struct net_device *dev,
2899 struct genl_info *info)
2900 {
2901 struct cfg80211_chan_def chandef;
2902 int result;
2903 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2904 struct wireless_dev *wdev = NULL;
2905
2906 if (dev)
2907 wdev = dev->ieee80211_ptr;
2908 if (!nl80211_can_set_dev_channel(wdev))
2909 return -EOPNOTSUPP;
2910 if (wdev)
2911 iftype = wdev->iftype;
2912
2913 result = nl80211_parse_chandef(rdev, info, &chandef);
2914 if (result)
2915 return result;
2916
2917 switch (iftype) {
2918 case NL80211_IFTYPE_AP:
2919 case NL80211_IFTYPE_P2P_GO:
2920 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2921 iftype)) {
2922 result = -EINVAL;
2923 break;
2924 }
2925 if (wdev->beacon_interval) {
2926 if (!dev || !rdev->ops->set_ap_chanwidth ||
2927 !(rdev->wiphy.features &
2928 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2929 result = -EBUSY;
2930 break;
2931 }
2932
2933 /* Only allow dynamic channel width changes */
2934 if (chandef.chan != wdev->preset_chandef.chan) {
2935 result = -EBUSY;
2936 break;
2937 }
2938 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2939 if (result)
2940 break;
2941 }
2942 wdev->preset_chandef = chandef;
2943 result = 0;
2944 break;
2945 case NL80211_IFTYPE_MESH_POINT:
2946 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2947 break;
2948 case NL80211_IFTYPE_MONITOR:
2949 result = cfg80211_set_monitor_channel(rdev, &chandef);
2950 break;
2951 default:
2952 result = -EINVAL;
2953 }
2954
2955 return result;
2956 }
2957
nl80211_set_channel(struct sk_buff * skb,struct genl_info * info)2958 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2959 {
2960 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2961 struct net_device *netdev = info->user_ptr[1];
2962
2963 return __nl80211_set_channel(rdev, netdev, info);
2964 }
2965
nl80211_set_wds_peer(struct sk_buff * skb,struct genl_info * info)2966 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2967 {
2968 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2969 struct net_device *dev = info->user_ptr[1];
2970 struct wireless_dev *wdev = dev->ieee80211_ptr;
2971 const u8 *bssid;
2972
2973 if (!info->attrs[NL80211_ATTR_MAC])
2974 return -EINVAL;
2975
2976 if (netif_running(dev))
2977 return -EBUSY;
2978
2979 if (!rdev->ops->set_wds_peer)
2980 return -EOPNOTSUPP;
2981
2982 if (wdev->iftype != NL80211_IFTYPE_WDS)
2983 return -EOPNOTSUPP;
2984
2985 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2986 return rdev_set_wds_peer(rdev, dev, bssid);
2987 }
2988
nl80211_set_wiphy(struct sk_buff * skb,struct genl_info * info)2989 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2990 {
2991 struct cfg80211_registered_device *rdev;
2992 struct net_device *netdev = NULL;
2993 struct wireless_dev *wdev;
2994 int result = 0, rem_txq_params = 0;
2995 struct nlattr *nl_txq_params;
2996 u32 changed;
2997 u8 retry_short = 0, retry_long = 0;
2998 u32 frag_threshold = 0, rts_threshold = 0;
2999 u8 coverage_class = 0;
3000 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3001
3002 ASSERT_RTNL();
3003
3004 /*
3005 * Try to find the wiphy and netdev. Normally this
3006 * function shouldn't need the netdev, but this is
3007 * done for backward compatibility -- previously
3008 * setting the channel was done per wiphy, but now
3009 * it is per netdev. Previous userland like hostapd
3010 * also passed a netdev to set_wiphy, so that it is
3011 * possible to let that go to the right netdev!
3012 */
3013
3014 if (info->attrs[NL80211_ATTR_IFINDEX]) {
3015 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3016
3017 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3018 if (netdev && netdev->ieee80211_ptr)
3019 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3020 else
3021 netdev = NULL;
3022 }
3023
3024 if (!netdev) {
3025 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3026 info->attrs);
3027 if (IS_ERR(rdev))
3028 return PTR_ERR(rdev);
3029 wdev = NULL;
3030 netdev = NULL;
3031 result = 0;
3032 } else
3033 wdev = netdev->ieee80211_ptr;
3034
3035 /*
3036 * end workaround code, by now the rdev is available
3037 * and locked, and wdev may or may not be NULL.
3038 */
3039
3040 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3041 result = cfg80211_dev_rename(
3042 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3043
3044 if (result)
3045 return result;
3046
3047 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3048 struct ieee80211_txq_params txq_params;
3049 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3050
3051 if (!rdev->ops->set_txq_params)
3052 return -EOPNOTSUPP;
3053
3054 if (!netdev)
3055 return -EINVAL;
3056
3057 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3058 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3059 return -EINVAL;
3060
3061 if (!netif_running(netdev))
3062 return -ENETDOWN;
3063
3064 nla_for_each_nested(nl_txq_params,
3065 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3066 rem_txq_params) {
3067 result = nla_parse_nested_deprecated(tb,
3068 NL80211_TXQ_ATTR_MAX,
3069 nl_txq_params,
3070 txq_params_policy,
3071 info->extack);
3072 if (result)
3073 return result;
3074 result = parse_txq_params(tb, &txq_params);
3075 if (result)
3076 return result;
3077
3078 result = rdev_set_txq_params(rdev, netdev,
3079 &txq_params);
3080 if (result)
3081 return result;
3082 }
3083 }
3084
3085 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3086 result = __nl80211_set_channel(
3087 rdev,
3088 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3089 info);
3090 if (result)
3091 return result;
3092 }
3093
3094 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3095 struct wireless_dev *txp_wdev = wdev;
3096 enum nl80211_tx_power_setting type;
3097 int idx, mbm = 0;
3098
3099 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3100 txp_wdev = NULL;
3101
3102 if (!rdev->ops->set_tx_power)
3103 return -EOPNOTSUPP;
3104
3105 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3106 type = nla_get_u32(info->attrs[idx]);
3107
3108 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
3109 (type != NL80211_TX_POWER_AUTOMATIC))
3110 return -EINVAL;
3111
3112 if (type != NL80211_TX_POWER_AUTOMATIC) {
3113 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
3114 mbm = nla_get_u32(info->attrs[idx]);
3115 }
3116
3117 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
3118 if (result)
3119 return result;
3120 }
3121
3122 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
3123 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
3124 u32 tx_ant, rx_ant;
3125
3126 if ((!rdev->wiphy.available_antennas_tx &&
3127 !rdev->wiphy.available_antennas_rx) ||
3128 !rdev->ops->set_antenna)
3129 return -EOPNOTSUPP;
3130
3131 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3132 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3133
3134 /* reject antenna configurations which don't match the
3135 * available antenna masks, except for the "all" mask */
3136 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3137 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
3138 return -EINVAL;
3139
3140 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3141 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3142
3143 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3144 if (result)
3145 return result;
3146 }
3147
3148 changed = 0;
3149
3150 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3151 retry_short = nla_get_u8(
3152 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3153
3154 changed |= WIPHY_PARAM_RETRY_SHORT;
3155 }
3156
3157 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3158 retry_long = nla_get_u8(
3159 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3160
3161 changed |= WIPHY_PARAM_RETRY_LONG;
3162 }
3163
3164 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3165 frag_threshold = nla_get_u32(
3166 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3167 if (frag_threshold < 256)
3168 return -EINVAL;
3169
3170 if (frag_threshold != (u32) -1) {
3171 /*
3172 * Fragments (apart from the last one) are required to
3173 * have even length. Make the fragmentation code
3174 * simpler by stripping LSB should someone try to use
3175 * odd threshold value.
3176 */
3177 frag_threshold &= ~0x1;
3178 }
3179 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3180 }
3181
3182 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3183 rts_threshold = nla_get_u32(
3184 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3185 changed |= WIPHY_PARAM_RTS_THRESHOLD;
3186 }
3187
3188 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3189 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
3190 return -EINVAL;
3191
3192 coverage_class = nla_get_u8(
3193 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3194 changed |= WIPHY_PARAM_COVERAGE_CLASS;
3195 }
3196
3197 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3198 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
3199 return -EOPNOTSUPP;
3200
3201 changed |= WIPHY_PARAM_DYN_ACK;
3202 }
3203
3204 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3205 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3206 NL80211_EXT_FEATURE_TXQS))
3207 return -EOPNOTSUPP;
3208 txq_limit = nla_get_u32(
3209 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3210 changed |= WIPHY_PARAM_TXQ_LIMIT;
3211 }
3212
3213 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3214 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3215 NL80211_EXT_FEATURE_TXQS))
3216 return -EOPNOTSUPP;
3217 txq_memory_limit = nla_get_u32(
3218 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3219 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3220 }
3221
3222 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3223 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3224 NL80211_EXT_FEATURE_TXQS))
3225 return -EOPNOTSUPP;
3226 txq_quantum = nla_get_u32(
3227 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3228 changed |= WIPHY_PARAM_TXQ_QUANTUM;
3229 }
3230
3231 if (changed) {
3232 u8 old_retry_short, old_retry_long;
3233 u32 old_frag_threshold, old_rts_threshold;
3234 u8 old_coverage_class;
3235 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3236
3237 if (!rdev->ops->set_wiphy_params)
3238 return -EOPNOTSUPP;
3239
3240 old_retry_short = rdev->wiphy.retry_short;
3241 old_retry_long = rdev->wiphy.retry_long;
3242 old_frag_threshold = rdev->wiphy.frag_threshold;
3243 old_rts_threshold = rdev->wiphy.rts_threshold;
3244 old_coverage_class = rdev->wiphy.coverage_class;
3245 old_txq_limit = rdev->wiphy.txq_limit;
3246 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3247 old_txq_quantum = rdev->wiphy.txq_quantum;
3248
3249 if (changed & WIPHY_PARAM_RETRY_SHORT)
3250 rdev->wiphy.retry_short = retry_short;
3251 if (changed & WIPHY_PARAM_RETRY_LONG)
3252 rdev->wiphy.retry_long = retry_long;
3253 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3254 rdev->wiphy.frag_threshold = frag_threshold;
3255 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3256 rdev->wiphy.rts_threshold = rts_threshold;
3257 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3258 rdev->wiphy.coverage_class = coverage_class;
3259 if (changed & WIPHY_PARAM_TXQ_LIMIT)
3260 rdev->wiphy.txq_limit = txq_limit;
3261 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3262 rdev->wiphy.txq_memory_limit = txq_memory_limit;
3263 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3264 rdev->wiphy.txq_quantum = txq_quantum;
3265
3266 result = rdev_set_wiphy_params(rdev, changed);
3267 if (result) {
3268 rdev->wiphy.retry_short = old_retry_short;
3269 rdev->wiphy.retry_long = old_retry_long;
3270 rdev->wiphy.frag_threshold = old_frag_threshold;
3271 rdev->wiphy.rts_threshold = old_rts_threshold;
3272 rdev->wiphy.coverage_class = old_coverage_class;
3273 rdev->wiphy.txq_limit = old_txq_limit;
3274 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3275 rdev->wiphy.txq_quantum = old_txq_quantum;
3276 return result;
3277 }
3278 }
3279 return 0;
3280 }
3281
nl80211_send_chandef(struct sk_buff * msg,const struct cfg80211_chan_def * chandef)3282 static int nl80211_send_chandef(struct sk_buff *msg,
3283 const struct cfg80211_chan_def *chandef)
3284 {
3285 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3286 return -EINVAL;
3287
3288 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3289 chandef->chan->center_freq))
3290 return -ENOBUFS;
3291 switch (chandef->width) {
3292 case NL80211_CHAN_WIDTH_20_NOHT:
3293 case NL80211_CHAN_WIDTH_20:
3294 case NL80211_CHAN_WIDTH_40:
3295 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3296 cfg80211_get_chandef_type(chandef)))
3297 return -ENOBUFS;
3298 break;
3299 default:
3300 break;
3301 }
3302 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3303 return -ENOBUFS;
3304 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3305 return -ENOBUFS;
3306 if (chandef->center_freq2 &&
3307 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3308 return -ENOBUFS;
3309 return 0;
3310 }
3311
nl80211_send_iface(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,enum nl80211_commands cmd)3312 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3313 struct cfg80211_registered_device *rdev,
3314 struct wireless_dev *wdev,
3315 enum nl80211_commands cmd)
3316 {
3317 struct net_device *dev = wdev->netdev;
3318 void *hdr;
3319
3320 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3321 cmd != NL80211_CMD_DEL_INTERFACE &&
3322 cmd != NL80211_CMD_SET_INTERFACE);
3323
3324 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3325 if (!hdr)
3326 return -1;
3327
3328 if (dev &&
3329 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3330 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3331 goto nla_put_failure;
3332
3333 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3334 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3335 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3336 NL80211_ATTR_PAD) ||
3337 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3338 nla_put_u32(msg, NL80211_ATTR_GENERATION,
3339 rdev->devlist_generation ^
3340 (cfg80211_rdev_list_generation << 2)) ||
3341 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3342 goto nla_put_failure;
3343
3344 if (rdev->ops->get_channel) {
3345 int ret;
3346 struct cfg80211_chan_def chandef = {};
3347
3348 ret = rdev_get_channel(rdev, wdev, &chandef);
3349 if (ret == 0) {
3350 if (nl80211_send_chandef(msg, &chandef))
3351 goto nla_put_failure;
3352 }
3353 }
3354
3355 if (rdev->ops->get_tx_power) {
3356 int dbm, ret;
3357
3358 ret = rdev_get_tx_power(rdev, wdev, &dbm);
3359 if (ret == 0 &&
3360 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3361 DBM_TO_MBM(dbm)))
3362 goto nla_put_failure;
3363 }
3364
3365 wdev_lock(wdev);
3366 switch (wdev->iftype) {
3367 case NL80211_IFTYPE_AP:
3368 case NL80211_IFTYPE_P2P_GO:
3369 if (wdev->ssid_len &&
3370 nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3371 goto nla_put_failure_locked;
3372 break;
3373 case NL80211_IFTYPE_STATION:
3374 case NL80211_IFTYPE_P2P_CLIENT:
3375 case NL80211_IFTYPE_ADHOC: {
3376 const u8 *ssid_ie;
3377 if (!wdev->current_bss)
3378 break;
3379 rcu_read_lock();
3380 ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3381 WLAN_EID_SSID);
3382 if (ssid_ie &&
3383 nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3384 goto nla_put_failure_rcu_locked;
3385 rcu_read_unlock();
3386 break;
3387 }
3388 default:
3389 /* nothing */
3390 break;
3391 }
3392 wdev_unlock(wdev);
3393
3394 if (rdev->ops->get_txq_stats) {
3395 struct cfg80211_txq_stats txqstats = {};
3396 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3397
3398 if (ret == 0 &&
3399 !nl80211_put_txq_stats(msg, &txqstats,
3400 NL80211_ATTR_TXQ_STATS))
3401 goto nla_put_failure;
3402 }
3403
3404 genlmsg_end(msg, hdr);
3405 return 0;
3406
3407 nla_put_failure_rcu_locked:
3408 rcu_read_unlock();
3409 nla_put_failure_locked:
3410 wdev_unlock(wdev);
3411 nla_put_failure:
3412 genlmsg_cancel(msg, hdr);
3413 return -EMSGSIZE;
3414 }
3415
nl80211_dump_interface(struct sk_buff * skb,struct netlink_callback * cb)3416 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3417 {
3418 int wp_idx = 0;
3419 int if_idx = 0;
3420 int wp_start = cb->args[0];
3421 int if_start = cb->args[1];
3422 int filter_wiphy = -1;
3423 struct cfg80211_registered_device *rdev;
3424 struct wireless_dev *wdev;
3425 int ret;
3426
3427 rtnl_lock();
3428 if (!cb->args[2]) {
3429 struct nl80211_dump_wiphy_state state = {
3430 .filter_wiphy = -1,
3431 };
3432
3433 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3434 if (ret)
3435 goto out_unlock;
3436
3437 filter_wiphy = state.filter_wiphy;
3438
3439 /*
3440 * if filtering, set cb->args[2] to +1 since 0 is the default
3441 * value needed to determine that parsing is necessary.
3442 */
3443 if (filter_wiphy >= 0)
3444 cb->args[2] = filter_wiphy + 1;
3445 else
3446 cb->args[2] = -1;
3447 } else if (cb->args[2] > 0) {
3448 filter_wiphy = cb->args[2] - 1;
3449 }
3450
3451 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3452 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3453 continue;
3454 if (wp_idx < wp_start) {
3455 wp_idx++;
3456 continue;
3457 }
3458
3459 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3460 continue;
3461
3462 if_idx = 0;
3463
3464 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3465 if (if_idx < if_start) {
3466 if_idx++;
3467 continue;
3468 }
3469 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3470 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3471 rdev, wdev,
3472 NL80211_CMD_NEW_INTERFACE) < 0) {
3473 goto out;
3474 }
3475 if_idx++;
3476 }
3477
3478 if_start = 0;
3479 wp_idx++;
3480 }
3481 out:
3482 cb->args[0] = wp_idx;
3483 cb->args[1] = if_idx;
3484
3485 ret = skb->len;
3486 out_unlock:
3487 rtnl_unlock();
3488
3489 return ret;
3490 }
3491
nl80211_get_interface(struct sk_buff * skb,struct genl_info * info)3492 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3493 {
3494 struct sk_buff *msg;
3495 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3496 struct wireless_dev *wdev = info->user_ptr[1];
3497
3498 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3499 if (!msg)
3500 return -ENOMEM;
3501
3502 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3503 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3504 nlmsg_free(msg);
3505 return -ENOBUFS;
3506 }
3507
3508 return genlmsg_reply(msg, info);
3509 }
3510
3511 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3512 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3513 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3514 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3515 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3516 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3517 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3518 };
3519
parse_monitor_flags(struct nlattr * nla,u32 * mntrflags)3520 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3521 {
3522 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3523 int flag;
3524
3525 *mntrflags = 0;
3526
3527 if (!nla)
3528 return -EINVAL;
3529
3530 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3531 return -EINVAL;
3532
3533 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3534 if (flags[flag])
3535 *mntrflags |= (1<<flag);
3536
3537 *mntrflags |= MONITOR_FLAG_CHANGED;
3538
3539 return 0;
3540 }
3541
nl80211_parse_mon_options(struct cfg80211_registered_device * rdev,enum nl80211_iftype type,struct genl_info * info,struct vif_params * params)3542 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3543 enum nl80211_iftype type,
3544 struct genl_info *info,
3545 struct vif_params *params)
3546 {
3547 bool change = false;
3548 int err;
3549
3550 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3551 if (type != NL80211_IFTYPE_MONITOR)
3552 return -EINVAL;
3553
3554 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3555 ¶ms->flags);
3556 if (err)
3557 return err;
3558
3559 change = true;
3560 }
3561
3562 if (params->flags & MONITOR_FLAG_ACTIVE &&
3563 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3564 return -EOPNOTSUPP;
3565
3566 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3567 const u8 *mumimo_groups;
3568 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3569
3570 if (type != NL80211_IFTYPE_MONITOR)
3571 return -EINVAL;
3572
3573 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3574 return -EOPNOTSUPP;
3575
3576 mumimo_groups =
3577 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3578
3579 /* bits 0 and 63 are reserved and must be zero */
3580 if ((mumimo_groups[0] & BIT(0)) ||
3581 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3582 return -EINVAL;
3583
3584 params->vht_mumimo_groups = mumimo_groups;
3585 change = true;
3586 }
3587
3588 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3589 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3590
3591 if (type != NL80211_IFTYPE_MONITOR)
3592 return -EINVAL;
3593
3594 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3595 return -EOPNOTSUPP;
3596
3597 params->vht_mumimo_follow_addr =
3598 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3599 change = true;
3600 }
3601
3602 return change ? 1 : 0;
3603 }
3604
nl80211_valid_4addr(struct cfg80211_registered_device * rdev,struct net_device * netdev,u8 use_4addr,enum nl80211_iftype iftype)3605 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3606 struct net_device *netdev, u8 use_4addr,
3607 enum nl80211_iftype iftype)
3608 {
3609 if (!use_4addr) {
3610 if (netdev && netif_is_bridge_port(netdev))
3611 return -EBUSY;
3612 return 0;
3613 }
3614
3615 switch (iftype) {
3616 case NL80211_IFTYPE_AP_VLAN:
3617 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3618 return 0;
3619 break;
3620 case NL80211_IFTYPE_STATION:
3621 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3622 return 0;
3623 break;
3624 default:
3625 break;
3626 }
3627
3628 return -EOPNOTSUPP;
3629 }
3630
nl80211_set_interface(struct sk_buff * skb,struct genl_info * info)3631 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3632 {
3633 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3634 struct vif_params params;
3635 int err;
3636 enum nl80211_iftype otype, ntype;
3637 struct net_device *dev = info->user_ptr[1];
3638 bool change = false;
3639
3640 memset(¶ms, 0, sizeof(params));
3641
3642 otype = ntype = dev->ieee80211_ptr->iftype;
3643
3644 if (info->attrs[NL80211_ATTR_IFTYPE]) {
3645 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3646 if (otype != ntype)
3647 change = true;
3648 }
3649
3650 if (info->attrs[NL80211_ATTR_MESH_ID]) {
3651 struct wireless_dev *wdev = dev->ieee80211_ptr;
3652
3653 if (ntype != NL80211_IFTYPE_MESH_POINT)
3654 return -EINVAL;
3655 if (otype != NL80211_IFTYPE_MESH_POINT)
3656 return -EINVAL;
3657 if (netif_running(dev))
3658 return -EBUSY;
3659
3660 wdev_lock(wdev);
3661 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3662 IEEE80211_MAX_MESH_ID_LEN);
3663 wdev->mesh_id_up_len =
3664 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3665 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3666 wdev->mesh_id_up_len);
3667 wdev_unlock(wdev);
3668 }
3669
3670 if (info->attrs[NL80211_ATTR_4ADDR]) {
3671 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3672 change = true;
3673 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3674 if (err)
3675 return err;
3676 } else {
3677 params.use_4addr = -1;
3678 }
3679
3680 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms);
3681 if (err < 0)
3682 return err;
3683 if (err > 0)
3684 change = true;
3685
3686 if (change)
3687 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms);
3688 else
3689 err = 0;
3690
3691 if (!err && params.use_4addr != -1)
3692 dev->ieee80211_ptr->use_4addr = params.use_4addr;
3693
3694 if (change && !err) {
3695 struct wireless_dev *wdev = dev->ieee80211_ptr;
3696
3697 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3698 }
3699
3700 return err;
3701 }
3702
nl80211_new_interface(struct sk_buff * skb,struct genl_info * info)3703 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3704 {
3705 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3706 struct vif_params params;
3707 struct wireless_dev *wdev;
3708 struct sk_buff *msg;
3709 int err;
3710 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3711
3712 /* to avoid failing a new interface creation due to pending removal */
3713 cfg80211_destroy_ifaces(rdev);
3714
3715 memset(¶ms, 0, sizeof(params));
3716
3717 if (!info->attrs[NL80211_ATTR_IFNAME])
3718 return -EINVAL;
3719
3720 if (info->attrs[NL80211_ATTR_IFTYPE])
3721 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3722
3723 if (!rdev->ops->add_virtual_intf)
3724 return -EOPNOTSUPP;
3725
3726 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3727 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3728 info->attrs[NL80211_ATTR_MAC]) {
3729 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3730 ETH_ALEN);
3731 if (!is_valid_ether_addr(params.macaddr))
3732 return -EADDRNOTAVAIL;
3733 }
3734
3735 if (info->attrs[NL80211_ATTR_4ADDR]) {
3736 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3737 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3738 if (err)
3739 return err;
3740 }
3741
3742 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3743 return -EOPNOTSUPP;
3744
3745 err = nl80211_parse_mon_options(rdev, type, info, ¶ms);
3746 if (err < 0)
3747 return err;
3748
3749 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3750 if (!msg)
3751 return -ENOMEM;
3752
3753 wdev = rdev_add_virtual_intf(rdev,
3754 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3755 NET_NAME_USER, type, ¶ms);
3756 if (WARN_ON(!wdev)) {
3757 nlmsg_free(msg);
3758 return -EPROTO;
3759 } else if (IS_ERR(wdev)) {
3760 nlmsg_free(msg);
3761 return PTR_ERR(wdev);
3762 }
3763
3764 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3765 wdev->owner_nlportid = info->snd_portid;
3766
3767 switch (type) {
3768 case NL80211_IFTYPE_MESH_POINT:
3769 if (!info->attrs[NL80211_ATTR_MESH_ID])
3770 break;
3771 wdev_lock(wdev);
3772 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3773 IEEE80211_MAX_MESH_ID_LEN);
3774 wdev->mesh_id_up_len =
3775 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3776 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3777 wdev->mesh_id_up_len);
3778 wdev_unlock(wdev);
3779 break;
3780 case NL80211_IFTYPE_NAN:
3781 case NL80211_IFTYPE_P2P_DEVICE:
3782 /*
3783 * P2P Device and NAN do not have a netdev, so don't go
3784 * through the netdev notifier and must be added here
3785 */
3786 cfg80211_init_wdev(wdev);
3787 cfg80211_register_wdev(rdev, wdev);
3788 break;
3789 default:
3790 break;
3791 }
3792
3793 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3794 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3795 nlmsg_free(msg);
3796 return -ENOBUFS;
3797 }
3798
3799 return genlmsg_reply(msg, info);
3800 }
3801
nl80211_del_interface(struct sk_buff * skb,struct genl_info * info)3802 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3803 {
3804 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3805 struct wireless_dev *wdev = info->user_ptr[1];
3806
3807 if (!rdev->ops->del_virtual_intf)
3808 return -EOPNOTSUPP;
3809
3810 /*
3811 * If we remove a wireless device without a netdev then clear
3812 * user_ptr[1] so that nl80211_post_doit won't dereference it
3813 * to check if it needs to do dev_put(). Otherwise it crashes
3814 * since the wdev has been freed, unlike with a netdev where
3815 * we need the dev_put() for the netdev to really be freed.
3816 */
3817 if (!wdev->netdev)
3818 info->user_ptr[1] = NULL;
3819
3820 return rdev_del_virtual_intf(rdev, wdev);
3821 }
3822
nl80211_set_noack_map(struct sk_buff * skb,struct genl_info * info)3823 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3824 {
3825 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3826 struct net_device *dev = info->user_ptr[1];
3827 u16 noack_map;
3828
3829 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3830 return -EINVAL;
3831
3832 if (!rdev->ops->set_noack_map)
3833 return -EOPNOTSUPP;
3834
3835 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3836
3837 return rdev_set_noack_map(rdev, dev, noack_map);
3838 }
3839
3840 struct get_key_cookie {
3841 struct sk_buff *msg;
3842 int error;
3843 int idx;
3844 };
3845
get_key_callback(void * c,struct key_params * params)3846 static void get_key_callback(void *c, struct key_params *params)
3847 {
3848 struct nlattr *key;
3849 struct get_key_cookie *cookie = c;
3850
3851 if ((params->key &&
3852 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3853 params->key_len, params->key)) ||
3854 (params->seq &&
3855 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3856 params->seq_len, params->seq)) ||
3857 (params->cipher &&
3858 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3859 params->cipher)))
3860 goto nla_put_failure;
3861
3862 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
3863 if (!key)
3864 goto nla_put_failure;
3865
3866 if ((params->key &&
3867 nla_put(cookie->msg, NL80211_KEY_DATA,
3868 params->key_len, params->key)) ||
3869 (params->seq &&
3870 nla_put(cookie->msg, NL80211_KEY_SEQ,
3871 params->seq_len, params->seq)) ||
3872 (params->cipher &&
3873 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3874 params->cipher)))
3875 goto nla_put_failure;
3876
3877 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
3878 goto nla_put_failure;
3879
3880 nla_nest_end(cookie->msg, key);
3881
3882 return;
3883 nla_put_failure:
3884 cookie->error = 1;
3885 }
3886
nl80211_get_key(struct sk_buff * skb,struct genl_info * info)3887 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3888 {
3889 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3890 int err;
3891 struct net_device *dev = info->user_ptr[1];
3892 u8 key_idx = 0;
3893 const u8 *mac_addr = NULL;
3894 bool pairwise;
3895 struct get_key_cookie cookie = {
3896 .error = 0,
3897 };
3898 void *hdr;
3899 struct sk_buff *msg;
3900
3901 if (info->attrs[NL80211_ATTR_KEY_IDX]) {
3902 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3903 if (key_idx > 5 &&
3904 !wiphy_ext_feature_isset(
3905 &rdev->wiphy,
3906 NL80211_EXT_FEATURE_BEACON_PROTECTION))
3907 return -EINVAL;
3908 }
3909
3910 if (info->attrs[NL80211_ATTR_MAC])
3911 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3912
3913 pairwise = !!mac_addr;
3914 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3915 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3916
3917 if (kt != NL80211_KEYTYPE_GROUP &&
3918 kt != NL80211_KEYTYPE_PAIRWISE)
3919 return -EINVAL;
3920 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3921 }
3922
3923 if (!rdev->ops->get_key)
3924 return -EOPNOTSUPP;
3925
3926 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3927 return -ENOENT;
3928
3929 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3930 if (!msg)
3931 return -ENOMEM;
3932
3933 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3934 NL80211_CMD_NEW_KEY);
3935 if (!hdr)
3936 goto nla_put_failure;
3937
3938 cookie.msg = msg;
3939 cookie.idx = key_idx;
3940
3941 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3942 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3943 goto nla_put_failure;
3944 if (mac_addr &&
3945 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3946 goto nla_put_failure;
3947
3948 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3949 get_key_callback);
3950
3951 if (err)
3952 goto free_msg;
3953
3954 if (cookie.error)
3955 goto nla_put_failure;
3956
3957 genlmsg_end(msg, hdr);
3958 return genlmsg_reply(msg, info);
3959
3960 nla_put_failure:
3961 err = -ENOBUFS;
3962 free_msg:
3963 nlmsg_free(msg);
3964 return err;
3965 }
3966
nl80211_set_key(struct sk_buff * skb,struct genl_info * info)3967 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3968 {
3969 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3970 struct key_parse key;
3971 int err;
3972 struct net_device *dev = info->user_ptr[1];
3973
3974 err = nl80211_parse_key(info, &key);
3975 if (err)
3976 return err;
3977
3978 if (key.idx < 0)
3979 return -EINVAL;
3980
3981 /* Only support setting default key and
3982 * Extended Key ID action NL80211_KEY_SET_TX.
3983 */
3984 if (!key.def && !key.defmgmt && !key.defbeacon &&
3985 !(key.p.mode == NL80211_KEY_SET_TX))
3986 return -EINVAL;
3987
3988 wdev_lock(dev->ieee80211_ptr);
3989
3990 if (key.def) {
3991 if (!rdev->ops->set_default_key) {
3992 err = -EOPNOTSUPP;
3993 goto out;
3994 }
3995
3996 err = nl80211_key_allowed(dev->ieee80211_ptr);
3997 if (err)
3998 goto out;
3999
4000 err = rdev_set_default_key(rdev, dev, key.idx,
4001 key.def_uni, key.def_multi);
4002
4003 if (err)
4004 goto out;
4005
4006 #ifdef CONFIG_CFG80211_WEXT
4007 dev->ieee80211_ptr->wext.default_key = key.idx;
4008 #endif
4009 } else if (key.defmgmt) {
4010 if (key.def_uni || !key.def_multi) {
4011 err = -EINVAL;
4012 goto out;
4013 }
4014
4015 if (!rdev->ops->set_default_mgmt_key) {
4016 err = -EOPNOTSUPP;
4017 goto out;
4018 }
4019
4020 err = nl80211_key_allowed(dev->ieee80211_ptr);
4021 if (err)
4022 goto out;
4023
4024 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
4025 if (err)
4026 goto out;
4027
4028 #ifdef CONFIG_CFG80211_WEXT
4029 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
4030 #endif
4031 } else if (key.defbeacon) {
4032 if (key.def_uni || !key.def_multi) {
4033 err = -EINVAL;
4034 goto out;
4035 }
4036
4037 if (!rdev->ops->set_default_beacon_key) {
4038 err = -EOPNOTSUPP;
4039 goto out;
4040 }
4041
4042 err = nl80211_key_allowed(dev->ieee80211_ptr);
4043 if (err)
4044 goto out;
4045
4046 err = rdev_set_default_beacon_key(rdev, dev, key.idx);
4047 if (err)
4048 goto out;
4049 } else if (key.p.mode == NL80211_KEY_SET_TX &&
4050 wiphy_ext_feature_isset(&rdev->wiphy,
4051 NL80211_EXT_FEATURE_EXT_KEY_ID)) {
4052 u8 *mac_addr = NULL;
4053
4054 if (info->attrs[NL80211_ATTR_MAC])
4055 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4056
4057 if (!mac_addr || key.idx < 0 || key.idx > 1) {
4058 err = -EINVAL;
4059 goto out;
4060 }
4061
4062 err = rdev_add_key(rdev, dev, key.idx,
4063 NL80211_KEYTYPE_PAIRWISE,
4064 mac_addr, &key.p);
4065 } else {
4066 err = -EINVAL;
4067 }
4068 out:
4069 wdev_unlock(dev->ieee80211_ptr);
4070
4071 return err;
4072 }
4073
nl80211_new_key(struct sk_buff * skb,struct genl_info * info)4074 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
4075 {
4076 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4077 int err;
4078 struct net_device *dev = info->user_ptr[1];
4079 struct key_parse key;
4080 const u8 *mac_addr = NULL;
4081
4082 err = nl80211_parse_key(info, &key);
4083 if (err)
4084 return err;
4085
4086 if (!key.p.key) {
4087 GENL_SET_ERR_MSG(info, "no key");
4088 return -EINVAL;
4089 }
4090
4091 if (info->attrs[NL80211_ATTR_MAC])
4092 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4093
4094 if (key.type == -1) {
4095 if (mac_addr)
4096 key.type = NL80211_KEYTYPE_PAIRWISE;
4097 else
4098 key.type = NL80211_KEYTYPE_GROUP;
4099 }
4100
4101 /* for now */
4102 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4103 key.type != NL80211_KEYTYPE_GROUP) {
4104 GENL_SET_ERR_MSG(info, "key type not pairwise or group");
4105 return -EINVAL;
4106 }
4107
4108 if (key.type == NL80211_KEYTYPE_GROUP &&
4109 info->attrs[NL80211_ATTR_VLAN_ID])
4110 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
4111
4112 if (!rdev->ops->add_key)
4113 return -EOPNOTSUPP;
4114
4115 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
4116 key.type == NL80211_KEYTYPE_PAIRWISE,
4117 mac_addr)) {
4118 GENL_SET_ERR_MSG(info, "key setting validation failed");
4119 return -EINVAL;
4120 }
4121
4122 wdev_lock(dev->ieee80211_ptr);
4123 err = nl80211_key_allowed(dev->ieee80211_ptr);
4124 if (err)
4125 GENL_SET_ERR_MSG(info, "key not allowed");
4126 if (!err) {
4127 err = rdev_add_key(rdev, dev, key.idx,
4128 key.type == NL80211_KEYTYPE_PAIRWISE,
4129 mac_addr, &key.p);
4130 if (err)
4131 GENL_SET_ERR_MSG(info, "key addition failed");
4132 }
4133 wdev_unlock(dev->ieee80211_ptr);
4134
4135 return err;
4136 }
4137
nl80211_del_key(struct sk_buff * skb,struct genl_info * info)4138 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
4139 {
4140 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4141 int err;
4142 struct net_device *dev = info->user_ptr[1];
4143 u8 *mac_addr = NULL;
4144 struct key_parse key;
4145
4146 err = nl80211_parse_key(info, &key);
4147 if (err)
4148 return err;
4149
4150 if (info->attrs[NL80211_ATTR_MAC])
4151 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4152
4153 if (key.type == -1) {
4154 if (mac_addr)
4155 key.type = NL80211_KEYTYPE_PAIRWISE;
4156 else
4157 key.type = NL80211_KEYTYPE_GROUP;
4158 }
4159
4160 /* for now */
4161 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4162 key.type != NL80211_KEYTYPE_GROUP)
4163 return -EINVAL;
4164
4165 if (!cfg80211_valid_key_idx(rdev, key.idx,
4166 key.type == NL80211_KEYTYPE_PAIRWISE))
4167 return -EINVAL;
4168
4169 if (!rdev->ops->del_key)
4170 return -EOPNOTSUPP;
4171
4172 wdev_lock(dev->ieee80211_ptr);
4173 err = nl80211_key_allowed(dev->ieee80211_ptr);
4174
4175 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4176 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4177 err = -ENOENT;
4178
4179 if (!err)
4180 err = rdev_del_key(rdev, dev, key.idx,
4181 key.type == NL80211_KEYTYPE_PAIRWISE,
4182 mac_addr);
4183
4184 #ifdef CONFIG_CFG80211_WEXT
4185 if (!err) {
4186 if (key.idx == dev->ieee80211_ptr->wext.default_key)
4187 dev->ieee80211_ptr->wext.default_key = -1;
4188 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
4189 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
4190 }
4191 #endif
4192 wdev_unlock(dev->ieee80211_ptr);
4193
4194 return err;
4195 }
4196
4197 /* This function returns an error or the number of nested attributes */
validate_acl_mac_addrs(struct nlattr * nl_attr)4198 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4199 {
4200 struct nlattr *attr;
4201 int n_entries = 0, tmp;
4202
4203 nla_for_each_nested(attr, nl_attr, tmp) {
4204 if (nla_len(attr) != ETH_ALEN)
4205 return -EINVAL;
4206
4207 n_entries++;
4208 }
4209
4210 return n_entries;
4211 }
4212
4213 /*
4214 * This function parses ACL information and allocates memory for ACL data.
4215 * On successful return, the calling function is responsible to free the
4216 * ACL buffer returned by this function.
4217 */
parse_acl_data(struct wiphy * wiphy,struct genl_info * info)4218 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
4219 struct genl_info *info)
4220 {
4221 enum nl80211_acl_policy acl_policy;
4222 struct nlattr *attr;
4223 struct cfg80211_acl_data *acl;
4224 int i = 0, n_entries, tmp;
4225
4226 if (!wiphy->max_acl_mac_addrs)
4227 return ERR_PTR(-EOPNOTSUPP);
4228
4229 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
4230 return ERR_PTR(-EINVAL);
4231
4232 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
4233 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
4234 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
4235 return ERR_PTR(-EINVAL);
4236
4237 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
4238 return ERR_PTR(-EINVAL);
4239
4240 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
4241 if (n_entries < 0)
4242 return ERR_PTR(n_entries);
4243
4244 if (n_entries > wiphy->max_acl_mac_addrs)
4245 return ERR_PTR(-ENOTSUPP);
4246
4247 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
4248 if (!acl)
4249 return ERR_PTR(-ENOMEM);
4250
4251 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
4252 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
4253 i++;
4254 }
4255
4256 acl->n_acl_entries = n_entries;
4257 acl->acl_policy = acl_policy;
4258
4259 return acl;
4260 }
4261
nl80211_set_mac_acl(struct sk_buff * skb,struct genl_info * info)4262 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
4263 {
4264 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4265 struct net_device *dev = info->user_ptr[1];
4266 struct cfg80211_acl_data *acl;
4267 int err;
4268
4269 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4270 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4271 return -EOPNOTSUPP;
4272
4273 if (!dev->ieee80211_ptr->beacon_interval)
4274 return -EINVAL;
4275
4276 acl = parse_acl_data(&rdev->wiphy, info);
4277 if (IS_ERR(acl))
4278 return PTR_ERR(acl);
4279
4280 err = rdev_set_mac_acl(rdev, dev, acl);
4281
4282 kfree(acl);
4283
4284 return err;
4285 }
4286
rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len)4287 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4288 u8 *rates, u8 rates_len)
4289 {
4290 u8 i;
4291 u32 mask = 0;
4292
4293 for (i = 0; i < rates_len; i++) {
4294 int rate = (rates[i] & 0x7f) * 5;
4295 int ridx;
4296
4297 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4298 struct ieee80211_rate *srate =
4299 &sband->bitrates[ridx];
4300 if (rate == srate->bitrate) {
4301 mask |= 1 << ridx;
4302 break;
4303 }
4304 }
4305 if (ridx == sband->n_bitrates)
4306 return 0; /* rate not found */
4307 }
4308
4309 return mask;
4310 }
4311
ht_rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len,u8 mcs[IEEE80211_HT_MCS_MASK_LEN])4312 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4313 u8 *rates, u8 rates_len,
4314 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4315 {
4316 u8 i;
4317
4318 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4319
4320 for (i = 0; i < rates_len; i++) {
4321 int ridx, rbit;
4322
4323 ridx = rates[i] / 8;
4324 rbit = BIT(rates[i] % 8);
4325
4326 /* check validity */
4327 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4328 return false;
4329
4330 /* check availability */
4331 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4332 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4333 mcs[ridx] |= rbit;
4334 else
4335 return false;
4336 }
4337
4338 return true;
4339 }
4340
vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)4341 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4342 {
4343 u16 mcs_mask = 0;
4344
4345 switch (vht_mcs_map) {
4346 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4347 break;
4348 case IEEE80211_VHT_MCS_SUPPORT_0_7:
4349 mcs_mask = 0x00FF;
4350 break;
4351 case IEEE80211_VHT_MCS_SUPPORT_0_8:
4352 mcs_mask = 0x01FF;
4353 break;
4354 case IEEE80211_VHT_MCS_SUPPORT_0_9:
4355 mcs_mask = 0x03FF;
4356 break;
4357 default:
4358 break;
4359 }
4360
4361 return mcs_mask;
4362 }
4363
vht_build_mcs_mask(u16 vht_mcs_map,u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])4364 static void vht_build_mcs_mask(u16 vht_mcs_map,
4365 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4366 {
4367 u8 nss;
4368
4369 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4370 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4371 vht_mcs_map >>= 2;
4372 }
4373 }
4374
vht_set_mcs_mask(struct ieee80211_supported_band * sband,struct nl80211_txrate_vht * txrate,u16 mcs[NL80211_VHT_NSS_MAX])4375 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4376 struct nl80211_txrate_vht *txrate,
4377 u16 mcs[NL80211_VHT_NSS_MAX])
4378 {
4379 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4380 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4381 u8 i;
4382
4383 if (!sband->vht_cap.vht_supported)
4384 return false;
4385
4386 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4387
4388 /* Build vht_mcs_mask from VHT capabilities */
4389 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4390
4391 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4392 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4393 mcs[i] = txrate->mcs[i];
4394 else
4395 return false;
4396 }
4397
4398 return true;
4399 }
4400
4401 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4402 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4403 .len = NL80211_MAX_SUPP_RATES },
4404 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
4405 .len = NL80211_MAX_SUPP_HT_RATES },
4406 [NL80211_TXRATE_VHT] = {
4407 .type = NLA_EXACT_LEN_WARN,
4408 .len = sizeof(struct nl80211_txrate_vht),
4409 },
4410 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
4411 };
4412
nl80211_parse_tx_bitrate_mask(struct genl_info * info,struct cfg80211_bitrate_mask * mask)4413 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4414 struct cfg80211_bitrate_mask *mask)
4415 {
4416 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4417 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4418 int rem, i;
4419 struct nlattr *tx_rates;
4420 struct ieee80211_supported_band *sband;
4421 u16 vht_tx_mcs_map;
4422
4423 memset(mask, 0, sizeof(*mask));
4424 /* Default to all rates enabled */
4425 for (i = 0; i < NUM_NL80211_BANDS; i++) {
4426 sband = rdev->wiphy.bands[i];
4427
4428 if (!sband)
4429 continue;
4430
4431 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4432 memcpy(mask->control[i].ht_mcs,
4433 sband->ht_cap.mcs.rx_mask,
4434 sizeof(mask->control[i].ht_mcs));
4435
4436 if (!sband->vht_cap.vht_supported)
4437 continue;
4438
4439 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4440 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4441 }
4442
4443 /* if no rates are given set it back to the defaults */
4444 if (!info->attrs[NL80211_ATTR_TX_RATES])
4445 goto out;
4446
4447 /* The nested attribute uses enum nl80211_band as the index. This maps
4448 * directly to the enum nl80211_band values used in cfg80211.
4449 */
4450 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4451 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
4452 enum nl80211_band band = nla_type(tx_rates);
4453 int err;
4454
4455 if (band < 0 || band >= NUM_NL80211_BANDS)
4456 return -EINVAL;
4457 sband = rdev->wiphy.bands[band];
4458 if (sband == NULL)
4459 return -EINVAL;
4460 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4461 tx_rates,
4462 nl80211_txattr_policy,
4463 info->extack);
4464 if (err)
4465 return err;
4466 if (tb[NL80211_TXRATE_LEGACY]) {
4467 mask->control[band].legacy = rateset_to_mask(
4468 sband,
4469 nla_data(tb[NL80211_TXRATE_LEGACY]),
4470 nla_len(tb[NL80211_TXRATE_LEGACY]));
4471 if ((mask->control[band].legacy == 0) &&
4472 nla_len(tb[NL80211_TXRATE_LEGACY]))
4473 return -EINVAL;
4474 }
4475 if (tb[NL80211_TXRATE_HT]) {
4476 if (!ht_rateset_to_mask(
4477 sband,
4478 nla_data(tb[NL80211_TXRATE_HT]),
4479 nla_len(tb[NL80211_TXRATE_HT]),
4480 mask->control[band].ht_mcs))
4481 return -EINVAL;
4482 }
4483 if (tb[NL80211_TXRATE_VHT]) {
4484 if (!vht_set_mcs_mask(
4485 sband,
4486 nla_data(tb[NL80211_TXRATE_VHT]),
4487 mask->control[band].vht_mcs))
4488 return -EINVAL;
4489 }
4490 if (tb[NL80211_TXRATE_GI]) {
4491 mask->control[band].gi =
4492 nla_get_u8(tb[NL80211_TXRATE_GI]);
4493 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4494 return -EINVAL;
4495 }
4496
4497 if (mask->control[band].legacy == 0) {
4498 /* don't allow empty legacy rates if HT or VHT
4499 * are not even supported.
4500 */
4501 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4502 rdev->wiphy.bands[band]->vht_cap.vht_supported))
4503 return -EINVAL;
4504
4505 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4506 if (mask->control[band].ht_mcs[i])
4507 goto out;
4508
4509 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4510 if (mask->control[band].vht_mcs[i])
4511 goto out;
4512
4513 /* legacy and mcs rates may not be both empty */
4514 return -EINVAL;
4515 }
4516 }
4517
4518 out:
4519 return 0;
4520 }
4521
validate_beacon_tx_rate(struct cfg80211_registered_device * rdev,enum nl80211_band band,struct cfg80211_bitrate_mask * beacon_rate)4522 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4523 enum nl80211_band band,
4524 struct cfg80211_bitrate_mask *beacon_rate)
4525 {
4526 u32 count_ht, count_vht, i;
4527 u32 rate = beacon_rate->control[band].legacy;
4528
4529 /* Allow only one rate */
4530 if (hweight32(rate) > 1)
4531 return -EINVAL;
4532
4533 count_ht = 0;
4534 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4535 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4536 return -EINVAL;
4537 } else if (beacon_rate->control[band].ht_mcs[i]) {
4538 count_ht++;
4539 if (count_ht > 1)
4540 return -EINVAL;
4541 }
4542 if (count_ht && rate)
4543 return -EINVAL;
4544 }
4545
4546 count_vht = 0;
4547 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4548 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4549 return -EINVAL;
4550 } else if (beacon_rate->control[band].vht_mcs[i]) {
4551 count_vht++;
4552 if (count_vht > 1)
4553 return -EINVAL;
4554 }
4555 if (count_vht && rate)
4556 return -EINVAL;
4557 }
4558
4559 if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
4560 return -EINVAL;
4561
4562 if (rate &&
4563 !wiphy_ext_feature_isset(&rdev->wiphy,
4564 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4565 return -EINVAL;
4566 if (count_ht &&
4567 !wiphy_ext_feature_isset(&rdev->wiphy,
4568 NL80211_EXT_FEATURE_BEACON_RATE_HT))
4569 return -EINVAL;
4570 if (count_vht &&
4571 !wiphy_ext_feature_isset(&rdev->wiphy,
4572 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4573 return -EINVAL;
4574
4575 return 0;
4576 }
4577
nl80211_parse_beacon(struct cfg80211_registered_device * rdev,struct nlattr * attrs[],struct cfg80211_beacon_data * bcn)4578 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4579 struct nlattr *attrs[],
4580 struct cfg80211_beacon_data *bcn)
4581 {
4582 bool haveinfo = false;
4583 int err;
4584
4585 memset(bcn, 0, sizeof(*bcn));
4586
4587 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4588 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4589 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4590 if (!bcn->head_len)
4591 return -EINVAL;
4592 haveinfo = true;
4593 }
4594
4595 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4596 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4597 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4598 haveinfo = true;
4599 }
4600
4601 if (!haveinfo)
4602 return -EINVAL;
4603
4604 if (attrs[NL80211_ATTR_IE]) {
4605 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
4606 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
4607 }
4608
4609 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
4610 bcn->proberesp_ies =
4611 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4612 bcn->proberesp_ies_len =
4613 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4614 }
4615
4616 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
4617 bcn->assocresp_ies =
4618 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4619 bcn->assocresp_ies_len =
4620 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4621 }
4622
4623 if (attrs[NL80211_ATTR_PROBE_RESP]) {
4624 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
4625 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
4626 }
4627
4628 if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
4629 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
4630
4631 err = nla_parse_nested_deprecated(tb,
4632 NL80211_FTM_RESP_ATTR_MAX,
4633 attrs[NL80211_ATTR_FTM_RESPONDER],
4634 NULL, NULL);
4635 if (err)
4636 return err;
4637
4638 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
4639 wiphy_ext_feature_isset(&rdev->wiphy,
4640 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
4641 bcn->ftm_responder = 1;
4642 else
4643 return -EOPNOTSUPP;
4644
4645 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
4646 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
4647 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
4648 }
4649
4650 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
4651 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4652 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4653 }
4654 } else {
4655 bcn->ftm_responder = -1;
4656 }
4657
4658 return 0;
4659 }
4660
nl80211_parse_he_obss_pd(struct nlattr * attrs,struct ieee80211_he_obss_pd * he_obss_pd)4661 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
4662 struct ieee80211_he_obss_pd *he_obss_pd)
4663 {
4664 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
4665 int err;
4666
4667 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
4668 he_obss_pd_policy, NULL);
4669 if (err)
4670 return err;
4671
4672 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
4673 he_obss_pd->min_offset =
4674 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
4675 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
4676 he_obss_pd->max_offset =
4677 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
4678
4679 if (he_obss_pd->min_offset > he_obss_pd->max_offset)
4680 return -EINVAL;
4681
4682 he_obss_pd->enable = true;
4683
4684 return 0;
4685 }
4686
nl80211_parse_he_bss_color(struct nlattr * attrs,struct cfg80211_he_bss_color * he_bss_color)4687 static int nl80211_parse_he_bss_color(struct nlattr *attrs,
4688 struct cfg80211_he_bss_color *he_bss_color)
4689 {
4690 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
4691 int err;
4692
4693 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
4694 he_bss_color_policy, NULL);
4695 if (err)
4696 return err;
4697
4698 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
4699 return -EINVAL;
4700
4701 he_bss_color->color =
4702 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
4703 he_bss_color->disabled =
4704 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
4705 he_bss_color->partial =
4706 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
4707
4708 return 0;
4709 }
4710
nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings * params,const u8 * rates)4711 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
4712 const u8 *rates)
4713 {
4714 int i;
4715
4716 if (!rates)
4717 return;
4718
4719 for (i = 0; i < rates[1]; i++) {
4720 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
4721 params->ht_required = true;
4722 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
4723 params->vht_required = true;
4724 }
4725 }
4726
4727 /*
4728 * Since the nl80211 API didn't include, from the beginning, attributes about
4729 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
4730 * benefit of drivers that rebuild IEs in the firmware.
4731 */
nl80211_calculate_ap_params(struct cfg80211_ap_settings * params)4732 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
4733 {
4734 const struct cfg80211_beacon_data *bcn = ¶ms->beacon;
4735 size_t ies_len = bcn->tail_len;
4736 const u8 *ies = bcn->tail;
4737 const u8 *rates;
4738 const u8 *cap;
4739
4740 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
4741 nl80211_check_ap_rate_selectors(params, rates);
4742
4743 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
4744 nl80211_check_ap_rate_selectors(params, rates);
4745
4746 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
4747 if (cap && cap[1] >= sizeof(*params->ht_cap))
4748 params->ht_cap = (void *)(cap + 2);
4749 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
4750 if (cap && cap[1] >= sizeof(*params->vht_cap))
4751 params->vht_cap = (void *)(cap + 2);
4752 cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
4753 if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
4754 params->he_cap = (void *)(cap + 3);
4755 }
4756
nl80211_get_ap_channel(struct cfg80211_registered_device * rdev,struct cfg80211_ap_settings * params)4757 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
4758 struct cfg80211_ap_settings *params)
4759 {
4760 struct wireless_dev *wdev;
4761 bool ret = false;
4762
4763 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4764 if (wdev->iftype != NL80211_IFTYPE_AP &&
4765 wdev->iftype != NL80211_IFTYPE_P2P_GO)
4766 continue;
4767
4768 if (!wdev->preset_chandef.chan)
4769 continue;
4770
4771 params->chandef = wdev->preset_chandef;
4772 ret = true;
4773 break;
4774 }
4775
4776 return ret;
4777 }
4778
nl80211_valid_auth_type(struct cfg80211_registered_device * rdev,enum nl80211_auth_type auth_type,enum nl80211_commands cmd)4779 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
4780 enum nl80211_auth_type auth_type,
4781 enum nl80211_commands cmd)
4782 {
4783 if (auth_type > NL80211_AUTHTYPE_MAX)
4784 return false;
4785
4786 switch (cmd) {
4787 case NL80211_CMD_AUTHENTICATE:
4788 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4789 auth_type == NL80211_AUTHTYPE_SAE)
4790 return false;
4791 if (!wiphy_ext_feature_isset(&rdev->wiphy,
4792 NL80211_EXT_FEATURE_FILS_STA) &&
4793 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4794 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4795 auth_type == NL80211_AUTHTYPE_FILS_PK))
4796 return false;
4797 return true;
4798 case NL80211_CMD_CONNECT:
4799 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4800 !wiphy_ext_feature_isset(&rdev->wiphy,
4801 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
4802 auth_type == NL80211_AUTHTYPE_SAE)
4803 return false;
4804
4805 /* FILS with SK PFS or PK not supported yet */
4806 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4807 auth_type == NL80211_AUTHTYPE_FILS_PK)
4808 return false;
4809 if (!wiphy_ext_feature_isset(
4810 &rdev->wiphy,
4811 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
4812 auth_type == NL80211_AUTHTYPE_FILS_SK)
4813 return false;
4814 return true;
4815 case NL80211_CMD_START_AP:
4816 /* SAE not supported yet */
4817 if (auth_type == NL80211_AUTHTYPE_SAE)
4818 return false;
4819 /* FILS not supported yet */
4820 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4821 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4822 auth_type == NL80211_AUTHTYPE_FILS_PK)
4823 return false;
4824 return true;
4825 default:
4826 return false;
4827 }
4828 }
4829
nl80211_start_ap(struct sk_buff * skb,struct genl_info * info)4830 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
4831 {
4832 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4833 struct net_device *dev = info->user_ptr[1];
4834 struct wireless_dev *wdev = dev->ieee80211_ptr;
4835 struct cfg80211_ap_settings params;
4836 int err;
4837
4838 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4839 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4840 return -EOPNOTSUPP;
4841
4842 if (!rdev->ops->start_ap)
4843 return -EOPNOTSUPP;
4844
4845 if (wdev->beacon_interval)
4846 return -EALREADY;
4847
4848 memset(¶ms, 0, sizeof(params));
4849
4850 /* these are required for START_AP */
4851 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
4852 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
4853 !info->attrs[NL80211_ATTR_BEACON_HEAD])
4854 return -EINVAL;
4855
4856 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon);
4857 if (err)
4858 return err;
4859
4860 params.beacon_interval =
4861 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4862 params.dtim_period =
4863 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
4864
4865 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
4866 params.beacon_interval);
4867 if (err)
4868 return err;
4869
4870 /*
4871 * In theory, some of these attributes should be required here
4872 * but since they were not used when the command was originally
4873 * added, keep them optional for old user space programs to let
4874 * them continue to work with drivers that do not need the
4875 * additional information -- drivers must check!
4876 */
4877 if (info->attrs[NL80211_ATTR_SSID]) {
4878 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4879 params.ssid_len =
4880 nla_len(info->attrs[NL80211_ATTR_SSID]);
4881 if (params.ssid_len == 0 ||
4882 params.ssid_len > IEEE80211_MAX_SSID_LEN)
4883 return -EINVAL;
4884 }
4885
4886 if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
4887 params.hidden_ssid = nla_get_u32(
4888 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4889
4890 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4891
4892 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4893 params.auth_type = nla_get_u32(
4894 info->attrs[NL80211_ATTR_AUTH_TYPE]);
4895 if (!nl80211_valid_auth_type(rdev, params.auth_type,
4896 NL80211_CMD_START_AP))
4897 return -EINVAL;
4898 } else
4899 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4900
4901 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto,
4902 NL80211_MAX_NR_CIPHER_SUITES);
4903 if (err)
4904 return err;
4905
4906 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4907 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4908 return -EOPNOTSUPP;
4909 params.inactivity_timeout = nla_get_u16(
4910 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4911 }
4912
4913 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4914 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4915 return -EINVAL;
4916 params.p2p_ctwindow =
4917 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4918 if (params.p2p_ctwindow != 0 &&
4919 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4920 return -EINVAL;
4921 }
4922
4923 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4924 u8 tmp;
4925
4926 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4927 return -EINVAL;
4928 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4929 params.p2p_opp_ps = tmp;
4930 if (params.p2p_opp_ps != 0 &&
4931 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4932 return -EINVAL;
4933 }
4934
4935 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4936 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
4937 if (err)
4938 return err;
4939 } else if (wdev->preset_chandef.chan) {
4940 params.chandef = wdev->preset_chandef;
4941 } else if (!nl80211_get_ap_channel(rdev, ¶ms))
4942 return -EINVAL;
4943
4944 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
4945 wdev->iftype))
4946 return -EINVAL;
4947
4948 if (info->attrs[NL80211_ATTR_TX_RATES]) {
4949 err = nl80211_parse_tx_bitrate_mask(info, ¶ms.beacon_rate);
4950 if (err)
4951 return err;
4952
4953 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4954 ¶ms.beacon_rate);
4955 if (err)
4956 return err;
4957 }
4958
4959 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4960 params.smps_mode =
4961 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4962 switch (params.smps_mode) {
4963 case NL80211_SMPS_OFF:
4964 break;
4965 case NL80211_SMPS_STATIC:
4966 if (!(rdev->wiphy.features &
4967 NL80211_FEATURE_STATIC_SMPS))
4968 return -EINVAL;
4969 break;
4970 case NL80211_SMPS_DYNAMIC:
4971 if (!(rdev->wiphy.features &
4972 NL80211_FEATURE_DYNAMIC_SMPS))
4973 return -EINVAL;
4974 break;
4975 default:
4976 return -EINVAL;
4977 }
4978 } else {
4979 params.smps_mode = NL80211_SMPS_OFF;
4980 }
4981
4982 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4983 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4984 return -EOPNOTSUPP;
4985
4986 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4987 params.acl = parse_acl_data(&rdev->wiphy, info);
4988 if (IS_ERR(params.acl))
4989 return PTR_ERR(params.acl);
4990 }
4991
4992 params.twt_responder =
4993 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
4994
4995 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
4996 err = nl80211_parse_he_obss_pd(
4997 info->attrs[NL80211_ATTR_HE_OBSS_PD],
4998 ¶ms.he_obss_pd);
4999 if (err)
5000 goto out;
5001 }
5002
5003 if (info->attrs[NL80211_ATTR_HE_BSS_COLOR]) {
5004 err = nl80211_parse_he_bss_color(
5005 info->attrs[NL80211_ATTR_HE_BSS_COLOR],
5006 ¶ms.he_bss_color);
5007 if (err)
5008 goto out;
5009 }
5010
5011 nl80211_calculate_ap_params(¶ms);
5012
5013 if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
5014 params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
5015
5016 wdev_lock(wdev);
5017 err = rdev_start_ap(rdev, dev, ¶ms);
5018 if (!err) {
5019 wdev->preset_chandef = params.chandef;
5020 wdev->beacon_interval = params.beacon_interval;
5021 wdev->chandef = params.chandef;
5022 wdev->ssid_len = params.ssid_len;
5023 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
5024
5025 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
5026 wdev->conn_owner_nlportid = info->snd_portid;
5027 }
5028 wdev_unlock(wdev);
5029
5030 out:
5031 kfree(params.acl);
5032
5033 return err;
5034 }
5035
nl80211_set_beacon(struct sk_buff * skb,struct genl_info * info)5036 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
5037 {
5038 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5039 struct net_device *dev = info->user_ptr[1];
5040 struct wireless_dev *wdev = dev->ieee80211_ptr;
5041 struct cfg80211_beacon_data params;
5042 int err;
5043
5044 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5045 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5046 return -EOPNOTSUPP;
5047
5048 if (!rdev->ops->change_beacon)
5049 return -EOPNOTSUPP;
5050
5051 if (!wdev->beacon_interval)
5052 return -EINVAL;
5053
5054 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms);
5055 if (err)
5056 return err;
5057
5058 wdev_lock(wdev);
5059 err = rdev_change_beacon(rdev, dev, ¶ms);
5060 wdev_unlock(wdev);
5061
5062 return err;
5063 }
5064
nl80211_stop_ap(struct sk_buff * skb,struct genl_info * info)5065 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
5066 {
5067 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5068 struct net_device *dev = info->user_ptr[1];
5069
5070 return cfg80211_stop_ap(rdev, dev, false);
5071 }
5072
5073 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
5074 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
5075 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
5076 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
5077 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
5078 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
5079 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
5080 };
5081
parse_station_flags(struct genl_info * info,enum nl80211_iftype iftype,struct station_parameters * params)5082 static int parse_station_flags(struct genl_info *info,
5083 enum nl80211_iftype iftype,
5084 struct station_parameters *params)
5085 {
5086 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
5087 struct nlattr *nla;
5088 int flag;
5089
5090 /*
5091 * Try parsing the new attribute first so userspace
5092 * can specify both for older kernels.
5093 */
5094 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
5095 if (nla) {
5096 struct nl80211_sta_flag_update *sta_flags;
5097
5098 sta_flags = nla_data(nla);
5099 params->sta_flags_mask = sta_flags->mask;
5100 params->sta_flags_set = sta_flags->set;
5101 params->sta_flags_set &= params->sta_flags_mask;
5102 if ((params->sta_flags_mask |
5103 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
5104 return -EINVAL;
5105 return 0;
5106 }
5107
5108 /* if present, parse the old attribute */
5109
5110 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
5111 if (!nla)
5112 return 0;
5113
5114 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
5115 return -EINVAL;
5116
5117 /*
5118 * Only allow certain flags for interface types so that
5119 * other attributes are silently ignored. Remember that
5120 * this is backward compatibility code with old userspace
5121 * and shouldn't be hit in other cases anyway.
5122 */
5123 switch (iftype) {
5124 case NL80211_IFTYPE_AP:
5125 case NL80211_IFTYPE_AP_VLAN:
5126 case NL80211_IFTYPE_P2P_GO:
5127 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5128 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5129 BIT(NL80211_STA_FLAG_WME) |
5130 BIT(NL80211_STA_FLAG_MFP);
5131 break;
5132 case NL80211_IFTYPE_P2P_CLIENT:
5133 case NL80211_IFTYPE_STATION:
5134 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5135 BIT(NL80211_STA_FLAG_TDLS_PEER);
5136 break;
5137 case NL80211_IFTYPE_MESH_POINT:
5138 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5139 BIT(NL80211_STA_FLAG_MFP) |
5140 BIT(NL80211_STA_FLAG_AUTHORIZED);
5141 break;
5142 default:
5143 return -EINVAL;
5144 }
5145
5146 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
5147 if (flags[flag]) {
5148 params->sta_flags_set |= (1<<flag);
5149
5150 /* no longer support new API additions in old API */
5151 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
5152 return -EINVAL;
5153 }
5154 }
5155
5156 return 0;
5157 }
5158
nl80211_put_sta_rate(struct sk_buff * msg,struct rate_info * info,int attr)5159 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
5160 {
5161 struct nlattr *rate;
5162 u32 bitrate;
5163 u16 bitrate_compat;
5164 enum nl80211_rate_info rate_flg;
5165
5166 rate = nla_nest_start_noflag(msg, attr);
5167 if (!rate)
5168 return false;
5169
5170 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
5171 bitrate = cfg80211_calculate_bitrate(info);
5172 /* report 16-bit bitrate only if we can */
5173 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
5174 if (bitrate > 0 &&
5175 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
5176 return false;
5177 if (bitrate_compat > 0 &&
5178 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
5179 return false;
5180
5181 switch (info->bw) {
5182 case RATE_INFO_BW_5:
5183 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
5184 break;
5185 case RATE_INFO_BW_10:
5186 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
5187 break;
5188 default:
5189 WARN_ON(1);
5190 /* fall through */
5191 case RATE_INFO_BW_20:
5192 rate_flg = 0;
5193 break;
5194 case RATE_INFO_BW_40:
5195 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
5196 break;
5197 case RATE_INFO_BW_80:
5198 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
5199 break;
5200 case RATE_INFO_BW_160:
5201 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
5202 break;
5203 case RATE_INFO_BW_HE_RU:
5204 rate_flg = 0;
5205 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
5206 }
5207
5208 if (rate_flg && nla_put_flag(msg, rate_flg))
5209 return false;
5210
5211 if (info->flags & RATE_INFO_FLAGS_MCS) {
5212 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
5213 return false;
5214 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5215 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5216 return false;
5217 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
5218 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
5219 return false;
5220 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
5221 return false;
5222 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5223 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5224 return false;
5225 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
5226 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
5227 return false;
5228 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
5229 return false;
5230 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
5231 return false;
5232 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
5233 return false;
5234 if (info->bw == RATE_INFO_BW_HE_RU &&
5235 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
5236 info->he_ru_alloc))
5237 return false;
5238 }
5239
5240 nla_nest_end(msg, rate);
5241 return true;
5242 }
5243
nl80211_put_signal(struct sk_buff * msg,u8 mask,s8 * signal,int id)5244 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
5245 int id)
5246 {
5247 void *attr;
5248 int i = 0;
5249
5250 if (!mask)
5251 return true;
5252
5253 attr = nla_nest_start_noflag(msg, id);
5254 if (!attr)
5255 return false;
5256
5257 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
5258 if (!(mask & BIT(i)))
5259 continue;
5260
5261 if (nla_put_u8(msg, i, signal[i]))
5262 return false;
5263 }
5264
5265 nla_nest_end(msg, attr);
5266
5267 return true;
5268 }
5269
nl80211_send_station(struct sk_buff * msg,u32 cmd,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo)5270 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
5271 u32 seq, int flags,
5272 struct cfg80211_registered_device *rdev,
5273 struct net_device *dev,
5274 const u8 *mac_addr, struct station_info *sinfo)
5275 {
5276 void *hdr;
5277 struct nlattr *sinfoattr, *bss_param;
5278
5279 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
5280 if (!hdr) {
5281 cfg80211_sinfo_release_content(sinfo);
5282 return -1;
5283 }
5284
5285 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5286 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
5287 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
5288 goto nla_put_failure;
5289
5290 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
5291 if (!sinfoattr)
5292 goto nla_put_failure;
5293
5294 #define PUT_SINFO(attr, memb, type) do { \
5295 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
5296 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
5297 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
5298 sinfo->memb)) \
5299 goto nla_put_failure; \
5300 } while (0)
5301 #define PUT_SINFO_U64(attr, memb) do { \
5302 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
5303 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
5304 sinfo->memb, NL80211_STA_INFO_PAD)) \
5305 goto nla_put_failure; \
5306 } while (0)
5307
5308 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
5309 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
5310 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
5311
5312 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
5313 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
5314 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
5315 (u32)sinfo->rx_bytes))
5316 goto nla_put_failure;
5317
5318 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
5319 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
5320 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
5321 (u32)sinfo->tx_bytes))
5322 goto nla_put_failure;
5323
5324 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
5325 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
5326 PUT_SINFO(LLID, llid, u16);
5327 PUT_SINFO(PLID, plid, u16);
5328 PUT_SINFO(PLINK_STATE, plink_state, u8);
5329 PUT_SINFO_U64(RX_DURATION, rx_duration);
5330 PUT_SINFO_U64(TX_DURATION, tx_duration);
5331
5332 if (wiphy_ext_feature_isset(&rdev->wiphy,
5333 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5334 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
5335
5336 switch (rdev->wiphy.signal_type) {
5337 case CFG80211_SIGNAL_TYPE_MBM:
5338 PUT_SINFO(SIGNAL, signal, u8);
5339 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
5340 break;
5341 default:
5342 break;
5343 }
5344 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
5345 if (!nl80211_put_signal(msg, sinfo->chains,
5346 sinfo->chain_signal,
5347 NL80211_STA_INFO_CHAIN_SIGNAL))
5348 goto nla_put_failure;
5349 }
5350 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
5351 if (!nl80211_put_signal(msg, sinfo->chains,
5352 sinfo->chain_signal_avg,
5353 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
5354 goto nla_put_failure;
5355 }
5356 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
5357 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
5358 NL80211_STA_INFO_TX_BITRATE))
5359 goto nla_put_failure;
5360 }
5361 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
5362 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
5363 NL80211_STA_INFO_RX_BITRATE))
5364 goto nla_put_failure;
5365 }
5366
5367 PUT_SINFO(RX_PACKETS, rx_packets, u32);
5368 PUT_SINFO(TX_PACKETS, tx_packets, u32);
5369 PUT_SINFO(TX_RETRIES, tx_retries, u32);
5370 PUT_SINFO(TX_FAILED, tx_failed, u32);
5371 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
5372 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
5373 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
5374 PUT_SINFO(LOCAL_PM, local_pm, u32);
5375 PUT_SINFO(PEER_PM, peer_pm, u32);
5376 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
5377 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
5378
5379 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5380 bss_param = nla_nest_start_noflag(msg,
5381 NL80211_STA_INFO_BSS_PARAM);
5382 if (!bss_param)
5383 goto nla_put_failure;
5384
5385 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5386 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5387 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5388 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5389 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5390 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5391 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5392 sinfo->bss_param.dtim_period) ||
5393 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5394 sinfo->bss_param.beacon_interval))
5395 goto nla_put_failure;
5396
5397 nla_nest_end(msg, bss_param);
5398 }
5399 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5400 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5401 sizeof(struct nl80211_sta_flag_update),
5402 &sinfo->sta_flags))
5403 goto nla_put_failure;
5404
5405 PUT_SINFO_U64(T_OFFSET, t_offset);
5406 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5407 PUT_SINFO_U64(BEACON_RX, rx_beacon);
5408 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5409 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5410 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5411 if (wiphy_ext_feature_isset(&rdev->wiphy,
5412 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5413 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5414 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5415 }
5416
5417 #undef PUT_SINFO
5418 #undef PUT_SINFO_U64
5419
5420 if (sinfo->pertid) {
5421 struct nlattr *tidsattr;
5422 int tid;
5423
5424 tidsattr = nla_nest_start_noflag(msg,
5425 NL80211_STA_INFO_TID_STATS);
5426 if (!tidsattr)
5427 goto nla_put_failure;
5428
5429 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5430 struct cfg80211_tid_stats *tidstats;
5431 struct nlattr *tidattr;
5432
5433 tidstats = &sinfo->pertid[tid];
5434
5435 if (!tidstats->filled)
5436 continue;
5437
5438 tidattr = nla_nest_start_noflag(msg, tid + 1);
5439 if (!tidattr)
5440 goto nla_put_failure;
5441
5442 #define PUT_TIDVAL_U64(attr, memb) do { \
5443 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
5444 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
5445 tidstats->memb, NL80211_TID_STATS_PAD)) \
5446 goto nla_put_failure; \
5447 } while (0)
5448
5449 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5450 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5451 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5452 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5453
5454 #undef PUT_TIDVAL_U64
5455 if ((tidstats->filled &
5456 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5457 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5458 NL80211_TID_STATS_TXQ_STATS))
5459 goto nla_put_failure;
5460
5461 nla_nest_end(msg, tidattr);
5462 }
5463
5464 nla_nest_end(msg, tidsattr);
5465 }
5466
5467 nla_nest_end(msg, sinfoattr);
5468
5469 if (sinfo->assoc_req_ies_len &&
5470 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5471 sinfo->assoc_req_ies))
5472 goto nla_put_failure;
5473
5474 cfg80211_sinfo_release_content(sinfo);
5475 genlmsg_end(msg, hdr);
5476 return 0;
5477
5478 nla_put_failure:
5479 cfg80211_sinfo_release_content(sinfo);
5480 genlmsg_cancel(msg, hdr);
5481 return -EMSGSIZE;
5482 }
5483
nl80211_dump_station(struct sk_buff * skb,struct netlink_callback * cb)5484 static int nl80211_dump_station(struct sk_buff *skb,
5485 struct netlink_callback *cb)
5486 {
5487 struct station_info sinfo;
5488 struct cfg80211_registered_device *rdev;
5489 struct wireless_dev *wdev;
5490 u8 mac_addr[ETH_ALEN];
5491 int sta_idx = cb->args[2];
5492 int err;
5493
5494 rtnl_lock();
5495 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5496 if (err)
5497 goto out_err;
5498
5499 if (!wdev->netdev) {
5500 err = -EINVAL;
5501 goto out_err;
5502 }
5503
5504 if (!rdev->ops->dump_station) {
5505 err = -EOPNOTSUPP;
5506 goto out_err;
5507 }
5508
5509 while (1) {
5510 memset(&sinfo, 0, sizeof(sinfo));
5511 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
5512 mac_addr, &sinfo);
5513 if (err == -ENOENT)
5514 break;
5515 if (err)
5516 goto out_err;
5517
5518 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
5519 NETLINK_CB(cb->skb).portid,
5520 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5521 rdev, wdev->netdev, mac_addr,
5522 &sinfo) < 0)
5523 goto out;
5524
5525 sta_idx++;
5526 }
5527
5528 out:
5529 cb->args[2] = sta_idx;
5530 err = skb->len;
5531 out_err:
5532 rtnl_unlock();
5533
5534 return err;
5535 }
5536
nl80211_get_station(struct sk_buff * skb,struct genl_info * info)5537 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
5538 {
5539 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5540 struct net_device *dev = info->user_ptr[1];
5541 struct station_info sinfo;
5542 struct sk_buff *msg;
5543 u8 *mac_addr = NULL;
5544 int err;
5545
5546 memset(&sinfo, 0, sizeof(sinfo));
5547
5548 if (!info->attrs[NL80211_ATTR_MAC])
5549 return -EINVAL;
5550
5551 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5552
5553 if (!rdev->ops->get_station)
5554 return -EOPNOTSUPP;
5555
5556 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
5557 if (err)
5558 return err;
5559
5560 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5561 if (!msg) {
5562 cfg80211_sinfo_release_content(&sinfo);
5563 return -ENOMEM;
5564 }
5565
5566 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
5567 info->snd_portid, info->snd_seq, 0,
5568 rdev, dev, mac_addr, &sinfo) < 0) {
5569 nlmsg_free(msg);
5570 return -ENOBUFS;
5571 }
5572
5573 return genlmsg_reply(msg, info);
5574 }
5575
cfg80211_check_station_change(struct wiphy * wiphy,struct station_parameters * params,enum cfg80211_station_type statype)5576 int cfg80211_check_station_change(struct wiphy *wiphy,
5577 struct station_parameters *params,
5578 enum cfg80211_station_type statype)
5579 {
5580 if (params->listen_interval != -1 &&
5581 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5582 return -EINVAL;
5583
5584 if (params->support_p2p_ps != -1 &&
5585 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5586 return -EINVAL;
5587
5588 if (params->aid &&
5589 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
5590 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5591 return -EINVAL;
5592
5593 /* When you run into this, adjust the code below for the new flag */
5594 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5595
5596 switch (statype) {
5597 case CFG80211_STA_MESH_PEER_KERNEL:
5598 case CFG80211_STA_MESH_PEER_USER:
5599 /*
5600 * No ignoring the TDLS flag here -- the userspace mesh
5601 * code doesn't have the bug of including TDLS in the
5602 * mask everywhere.
5603 */
5604 if (params->sta_flags_mask &
5605 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5606 BIT(NL80211_STA_FLAG_MFP) |
5607 BIT(NL80211_STA_FLAG_AUTHORIZED)))
5608 return -EINVAL;
5609 break;
5610 case CFG80211_STA_TDLS_PEER_SETUP:
5611 case CFG80211_STA_TDLS_PEER_ACTIVE:
5612 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5613 return -EINVAL;
5614 /* ignore since it can't change */
5615 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5616 break;
5617 default:
5618 /* disallow mesh-specific things */
5619 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
5620 return -EINVAL;
5621 if (params->local_pm)
5622 return -EINVAL;
5623 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5624 return -EINVAL;
5625 }
5626
5627 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5628 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
5629 /* TDLS can't be set, ... */
5630 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
5631 return -EINVAL;
5632 /*
5633 * ... but don't bother the driver with it. This works around
5634 * a hostapd/wpa_supplicant issue -- it always includes the
5635 * TLDS_PEER flag in the mask even for AP mode.
5636 */
5637 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5638 }
5639
5640 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5641 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5642 /* reject other things that can't change */
5643 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
5644 return -EINVAL;
5645 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
5646 return -EINVAL;
5647 if (params->supported_rates)
5648 return -EINVAL;
5649 if (params->ext_capab || params->ht_capa || params->vht_capa ||
5650 params->he_capa)
5651 return -EINVAL;
5652 }
5653
5654 if (statype != CFG80211_STA_AP_CLIENT &&
5655 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5656 if (params->vlan)
5657 return -EINVAL;
5658 }
5659
5660 switch (statype) {
5661 case CFG80211_STA_AP_MLME_CLIENT:
5662 /* Use this only for authorizing/unauthorizing a station */
5663 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5664 return -EOPNOTSUPP;
5665 break;
5666 case CFG80211_STA_AP_CLIENT:
5667 case CFG80211_STA_AP_CLIENT_UNASSOC:
5668 /* accept only the listed bits */
5669 if (params->sta_flags_mask &
5670 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5671 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5672 BIT(NL80211_STA_FLAG_ASSOCIATED) |
5673 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5674 BIT(NL80211_STA_FLAG_WME) |
5675 BIT(NL80211_STA_FLAG_MFP)))
5676 return -EINVAL;
5677
5678 /* but authenticated/associated only if driver handles it */
5679 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5680 params->sta_flags_mask &
5681 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5682 BIT(NL80211_STA_FLAG_ASSOCIATED)))
5683 return -EINVAL;
5684 break;
5685 case CFG80211_STA_IBSS:
5686 case CFG80211_STA_AP_STA:
5687 /* reject any changes other than AUTHORIZED */
5688 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
5689 return -EINVAL;
5690 break;
5691 case CFG80211_STA_TDLS_PEER_SETUP:
5692 /* reject any changes other than AUTHORIZED or WME */
5693 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5694 BIT(NL80211_STA_FLAG_WME)))
5695 return -EINVAL;
5696 /* force (at least) rates when authorizing */
5697 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
5698 !params->supported_rates)
5699 return -EINVAL;
5700 break;
5701 case CFG80211_STA_TDLS_PEER_ACTIVE:
5702 /* reject any changes */
5703 return -EINVAL;
5704 case CFG80211_STA_MESH_PEER_KERNEL:
5705 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5706 return -EINVAL;
5707 break;
5708 case CFG80211_STA_MESH_PEER_USER:
5709 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
5710 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
5711 return -EINVAL;
5712 break;
5713 }
5714
5715 /*
5716 * Older kernel versions ignored this attribute entirely, so don't
5717 * reject attempts to update it but mark it as unused instead so the
5718 * driver won't look at the data.
5719 */
5720 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
5721 statype != CFG80211_STA_TDLS_PEER_SETUP)
5722 params->opmode_notif_used = false;
5723
5724 return 0;
5725 }
5726 EXPORT_SYMBOL(cfg80211_check_station_change);
5727
5728 /*
5729 * Get vlan interface making sure it is running and on the right wiphy.
5730 */
get_vlan(struct genl_info * info,struct cfg80211_registered_device * rdev)5731 static struct net_device *get_vlan(struct genl_info *info,
5732 struct cfg80211_registered_device *rdev)
5733 {
5734 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
5735 struct net_device *v;
5736 int ret;
5737
5738 if (!vlanattr)
5739 return NULL;
5740
5741 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
5742 if (!v)
5743 return ERR_PTR(-ENODEV);
5744
5745 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
5746 ret = -EINVAL;
5747 goto error;
5748 }
5749
5750 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5751 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5752 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
5753 ret = -EINVAL;
5754 goto error;
5755 }
5756
5757 if (!netif_running(v)) {
5758 ret = -ENETDOWN;
5759 goto error;
5760 }
5761
5762 return v;
5763 error:
5764 dev_put(v);
5765 return ERR_PTR(ret);
5766 }
5767
5768 static const struct nla_policy
5769 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
5770 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
5771 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
5772 };
5773
nl80211_parse_sta_wme(struct genl_info * info,struct station_parameters * params)5774 static int nl80211_parse_sta_wme(struct genl_info *info,
5775 struct station_parameters *params)
5776 {
5777 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
5778 struct nlattr *nla;
5779 int err;
5780
5781 /* parse WME attributes if present */
5782 if (!info->attrs[NL80211_ATTR_STA_WME])
5783 return 0;
5784
5785 nla = info->attrs[NL80211_ATTR_STA_WME];
5786 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
5787 nl80211_sta_wme_policy,
5788 info->extack);
5789 if (err)
5790 return err;
5791
5792 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
5793 params->uapsd_queues = nla_get_u8(
5794 tb[NL80211_STA_WME_UAPSD_QUEUES]);
5795 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
5796 return -EINVAL;
5797
5798 if (tb[NL80211_STA_WME_MAX_SP])
5799 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
5800
5801 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
5802 return -EINVAL;
5803
5804 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
5805
5806 return 0;
5807 }
5808
nl80211_parse_sta_channel_info(struct genl_info * info,struct station_parameters * params)5809 static int nl80211_parse_sta_channel_info(struct genl_info *info,
5810 struct station_parameters *params)
5811 {
5812 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
5813 params->supported_channels =
5814 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5815 params->supported_channels_len =
5816 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5817 /*
5818 * Need to include at least one (first channel, number of
5819 * channels) tuple for each subband, and must have proper
5820 * tuples for the rest of the data as well.
5821 */
5822 if (params->supported_channels_len < 2)
5823 return -EINVAL;
5824 if (params->supported_channels_len % 2)
5825 return -EINVAL;
5826 }
5827
5828 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
5829 params->supported_oper_classes =
5830 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5831 params->supported_oper_classes_len =
5832 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5833 /*
5834 * The value of the Length field of the Supported Operating
5835 * Classes element is between 2 and 253.
5836 */
5837 if (params->supported_oper_classes_len < 2 ||
5838 params->supported_oper_classes_len > 253)
5839 return -EINVAL;
5840 }
5841 return 0;
5842 }
5843
nl80211_set_station_tdls(struct genl_info * info,struct station_parameters * params)5844 static int nl80211_set_station_tdls(struct genl_info *info,
5845 struct station_parameters *params)
5846 {
5847 int err;
5848 /* Dummy STA entry gets updated once the peer capabilities are known */
5849 if (info->attrs[NL80211_ATTR_PEER_AID])
5850 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5851 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5852 params->ht_capa =
5853 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5854 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5855 params->vht_capa =
5856 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5857 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5858 params->he_capa =
5859 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5860 params->he_capa_len =
5861 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5862
5863 if (params->he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5864 return -EINVAL;
5865 }
5866
5867 err = nl80211_parse_sta_channel_info(info, params);
5868 if (err)
5869 return err;
5870
5871 return nl80211_parse_sta_wme(info, params);
5872 }
5873
nl80211_parse_sta_txpower_setting(struct genl_info * info,struct station_parameters * params)5874 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
5875 struct station_parameters *params)
5876 {
5877 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5878 int idx;
5879
5880 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
5881 if (!rdev->ops->set_tx_power ||
5882 !wiphy_ext_feature_isset(&rdev->wiphy,
5883 NL80211_EXT_FEATURE_STA_TX_PWR))
5884 return -EOPNOTSUPP;
5885
5886 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
5887 params->txpwr.type = nla_get_u8(info->attrs[idx]);
5888
5889 if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
5890 idx = NL80211_ATTR_STA_TX_POWER;
5891
5892 if (info->attrs[idx])
5893 params->txpwr.power =
5894 nla_get_s16(info->attrs[idx]);
5895 else
5896 return -EINVAL;
5897 }
5898 params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
5899 }
5900
5901 return 0;
5902 }
5903
nl80211_set_station(struct sk_buff * skb,struct genl_info * info)5904 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
5905 {
5906 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5907 struct net_device *dev = info->user_ptr[1];
5908 struct station_parameters params;
5909 u8 *mac_addr;
5910 int err;
5911
5912 memset(¶ms, 0, sizeof(params));
5913
5914 if (!rdev->ops->change_station)
5915 return -EOPNOTSUPP;
5916
5917 /*
5918 * AID and listen_interval properties can be set only for unassociated
5919 * station. Include these parameters here and will check them in
5920 * cfg80211_check_station_change().
5921 */
5922 if (info->attrs[NL80211_ATTR_STA_AID])
5923 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5924
5925 if (info->attrs[NL80211_ATTR_VLAN_ID])
5926 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
5927
5928 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5929 params.listen_interval =
5930 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5931 else
5932 params.listen_interval = -1;
5933
5934 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
5935 params.support_p2p_ps =
5936 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5937 else
5938 params.support_p2p_ps = -1;
5939
5940 if (!info->attrs[NL80211_ATTR_MAC])
5941 return -EINVAL;
5942
5943 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5944
5945 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
5946 params.supported_rates =
5947 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5948 params.supported_rates_len =
5949 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5950 }
5951
5952 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5953 params.capability =
5954 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5955 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5956 }
5957
5958 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5959 params.ext_capab =
5960 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5961 params.ext_capab_len =
5962 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5963 }
5964
5965 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
5966 return -EINVAL;
5967
5968 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5969 params.plink_action =
5970 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5971
5972 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
5973 params.plink_state =
5974 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
5975 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
5976 params.peer_aid = nla_get_u16(
5977 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
5978 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
5979 }
5980
5981 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
5982 params.local_pm = nla_get_u32(
5983 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5984
5985 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5986 params.opmode_notif_used = true;
5987 params.opmode_notif =
5988 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5989 }
5990
5991 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
5992 params.he_6ghz_capa =
5993 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
5994
5995 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5996 params.airtime_weight =
5997 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5998
5999 if (params.airtime_weight &&
6000 !wiphy_ext_feature_isset(&rdev->wiphy,
6001 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6002 return -EOPNOTSUPP;
6003
6004 err = nl80211_parse_sta_txpower_setting(info, ¶ms);
6005 if (err)
6006 return err;
6007
6008 /* Include parameters for TDLS peer (will check later) */
6009 err = nl80211_set_station_tdls(info, ¶ms);
6010 if (err)
6011 return err;
6012
6013 params.vlan = get_vlan(info, rdev);
6014 if (IS_ERR(params.vlan))
6015 return PTR_ERR(params.vlan);
6016
6017 switch (dev->ieee80211_ptr->iftype) {
6018 case NL80211_IFTYPE_AP:
6019 case NL80211_IFTYPE_AP_VLAN:
6020 case NL80211_IFTYPE_P2P_GO:
6021 case NL80211_IFTYPE_P2P_CLIENT:
6022 case NL80211_IFTYPE_STATION:
6023 case NL80211_IFTYPE_ADHOC:
6024 case NL80211_IFTYPE_MESH_POINT:
6025 break;
6026 default:
6027 err = -EOPNOTSUPP;
6028 goto out_put_vlan;
6029 }
6030
6031 /* driver will call cfg80211_check_station_change() */
6032 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
6033
6034 out_put_vlan:
6035 if (params.vlan)
6036 dev_put(params.vlan);
6037
6038 return err;
6039 }
6040
nl80211_new_station(struct sk_buff * skb,struct genl_info * info)6041 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
6042 {
6043 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6044 int err;
6045 struct net_device *dev = info->user_ptr[1];
6046 struct station_parameters params;
6047 u8 *mac_addr = NULL;
6048 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6049 BIT(NL80211_STA_FLAG_ASSOCIATED);
6050
6051 memset(¶ms, 0, sizeof(params));
6052
6053 if (!rdev->ops->add_station)
6054 return -EOPNOTSUPP;
6055
6056 if (!info->attrs[NL80211_ATTR_MAC])
6057 return -EINVAL;
6058
6059 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
6060 return -EINVAL;
6061
6062 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
6063 return -EINVAL;
6064
6065 if (!info->attrs[NL80211_ATTR_STA_AID] &&
6066 !info->attrs[NL80211_ATTR_PEER_AID])
6067 return -EINVAL;
6068
6069 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6070 params.supported_rates =
6071 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6072 params.supported_rates_len =
6073 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6074 params.listen_interval =
6075 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
6076
6077 if (info->attrs[NL80211_ATTR_VLAN_ID])
6078 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
6079
6080 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
6081 params.support_p2p_ps =
6082 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
6083 } else {
6084 /*
6085 * if not specified, assume it's supported for P2P GO interface,
6086 * and is NOT supported for AP interface
6087 */
6088 params.support_p2p_ps =
6089 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
6090 }
6091
6092 if (info->attrs[NL80211_ATTR_PEER_AID])
6093 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
6094 else
6095 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
6096
6097 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
6098 params.capability =
6099 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
6100 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
6101 }
6102
6103 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
6104 params.ext_capab =
6105 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6106 params.ext_capab_len =
6107 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6108 }
6109
6110 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
6111 params.ht_capa =
6112 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
6113
6114 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
6115 params.vht_capa =
6116 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
6117
6118 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
6119 params.he_capa =
6120 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6121 params.he_capa_len =
6122 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6123
6124 /* max len is validated in nla policy */
6125 if (params.he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
6126 return -EINVAL;
6127 }
6128
6129 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
6130 params.he_6ghz_capa =
6131 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
6132
6133 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6134 params.opmode_notif_used = true;
6135 params.opmode_notif =
6136 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6137 }
6138
6139 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
6140 params.plink_action =
6141 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
6142
6143 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6144 params.airtime_weight =
6145 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6146
6147 if (params.airtime_weight &&
6148 !wiphy_ext_feature_isset(&rdev->wiphy,
6149 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6150 return -EOPNOTSUPP;
6151
6152 err = nl80211_parse_sta_txpower_setting(info, ¶ms);
6153 if (err)
6154 return err;
6155
6156 err = nl80211_parse_sta_channel_info(info, ¶ms);
6157 if (err)
6158 return err;
6159
6160 err = nl80211_parse_sta_wme(info, ¶ms);
6161 if (err)
6162 return err;
6163
6164 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
6165 return -EINVAL;
6166
6167 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
6168 * as userspace might just pass through the capabilities from the IEs
6169 * directly, rather than enforcing this restriction and returning an
6170 * error in this case.
6171 */
6172 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
6173 params.ht_capa = NULL;
6174 params.vht_capa = NULL;
6175
6176 /* HE requires WME */
6177 if (params.he_capa_len || params.he_6ghz_capa)
6178 return -EINVAL;
6179 }
6180
6181 /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
6182 if (params.he_6ghz_capa && (params.ht_capa || params.vht_capa))
6183 return -EINVAL;
6184
6185 /* When you run into this, adjust the code below for the new flag */
6186 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
6187
6188 switch (dev->ieee80211_ptr->iftype) {
6189 case NL80211_IFTYPE_AP:
6190 case NL80211_IFTYPE_AP_VLAN:
6191 case NL80211_IFTYPE_P2P_GO:
6192 /* ignore WME attributes if iface/sta is not capable */
6193 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
6194 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
6195 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6196
6197 /* TDLS peers cannot be added */
6198 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6199 info->attrs[NL80211_ATTR_PEER_AID])
6200 return -EINVAL;
6201 /* but don't bother the driver with it */
6202 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6203
6204 /* allow authenticated/associated only if driver handles it */
6205 if (!(rdev->wiphy.features &
6206 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6207 params.sta_flags_mask & auth_assoc)
6208 return -EINVAL;
6209
6210 /* Older userspace, or userspace wanting to be compatible with
6211 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
6212 * and assoc flags in the mask, but assumes the station will be
6213 * added as associated anyway since this was the required driver
6214 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
6215 * introduced.
6216 * In order to not bother drivers with this quirk in the API
6217 * set the flags in both the mask and set for new stations in
6218 * this case.
6219 */
6220 if (!(params.sta_flags_mask & auth_assoc)) {
6221 params.sta_flags_mask |= auth_assoc;
6222 params.sta_flags_set |= auth_assoc;
6223 }
6224
6225 /* must be last in here for error handling */
6226 params.vlan = get_vlan(info, rdev);
6227 if (IS_ERR(params.vlan))
6228 return PTR_ERR(params.vlan);
6229 break;
6230 case NL80211_IFTYPE_MESH_POINT:
6231 /* ignore uAPSD data */
6232 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6233
6234 /* associated is disallowed */
6235 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
6236 return -EINVAL;
6237 /* TDLS peers cannot be added */
6238 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6239 info->attrs[NL80211_ATTR_PEER_AID])
6240 return -EINVAL;
6241 break;
6242 case NL80211_IFTYPE_STATION:
6243 case NL80211_IFTYPE_P2P_CLIENT:
6244 /* ignore uAPSD data */
6245 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6246
6247 /* these are disallowed */
6248 if (params.sta_flags_mask &
6249 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
6250 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
6251 return -EINVAL;
6252 /* Only TDLS peers can be added */
6253 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6254 return -EINVAL;
6255 /* Can only add if TDLS ... */
6256 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
6257 return -EOPNOTSUPP;
6258 /* ... with external setup is supported */
6259 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
6260 return -EOPNOTSUPP;
6261 /*
6262 * Older wpa_supplicant versions always mark the TDLS peer
6263 * as authorized, but it shouldn't yet be.
6264 */
6265 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
6266 break;
6267 default:
6268 return -EOPNOTSUPP;
6269 }
6270
6271 /* be aware of params.vlan when changing code here */
6272
6273 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
6274
6275 if (params.vlan)
6276 dev_put(params.vlan);
6277 return err;
6278 }
6279
nl80211_del_station(struct sk_buff * skb,struct genl_info * info)6280 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
6281 {
6282 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6283 struct net_device *dev = info->user_ptr[1];
6284 struct station_del_parameters params;
6285
6286 memset(¶ms, 0, sizeof(params));
6287
6288 if (info->attrs[NL80211_ATTR_MAC])
6289 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
6290
6291 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6292 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
6293 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
6294 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6295 return -EINVAL;
6296
6297 if (!rdev->ops->del_station)
6298 return -EOPNOTSUPP;
6299
6300 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
6301 params.subtype =
6302 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
6303 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
6304 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
6305 return -EINVAL;
6306 } else {
6307 /* Default to Deauthentication frame */
6308 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
6309 }
6310
6311 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
6312 params.reason_code =
6313 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6314 if (params.reason_code == 0)
6315 return -EINVAL; /* 0 is reserved */
6316 } else {
6317 /* Default to reason code 2 */
6318 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
6319 }
6320
6321 return rdev_del_station(rdev, dev, ¶ms);
6322 }
6323
nl80211_send_mpath(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,u8 * dst,u8 * next_hop,struct mpath_info * pinfo)6324 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
6325 int flags, struct net_device *dev,
6326 u8 *dst, u8 *next_hop,
6327 struct mpath_info *pinfo)
6328 {
6329 void *hdr;
6330 struct nlattr *pinfoattr;
6331
6332 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
6333 if (!hdr)
6334 return -1;
6335
6336 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6337 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
6338 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
6339 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
6340 goto nla_put_failure;
6341
6342 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
6343 if (!pinfoattr)
6344 goto nla_put_failure;
6345 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
6346 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
6347 pinfo->frame_qlen))
6348 goto nla_put_failure;
6349 if (((pinfo->filled & MPATH_INFO_SN) &&
6350 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
6351 ((pinfo->filled & MPATH_INFO_METRIC) &&
6352 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
6353 pinfo->metric)) ||
6354 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
6355 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
6356 pinfo->exptime)) ||
6357 ((pinfo->filled & MPATH_INFO_FLAGS) &&
6358 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
6359 pinfo->flags)) ||
6360 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
6361 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
6362 pinfo->discovery_timeout)) ||
6363 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
6364 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
6365 pinfo->discovery_retries)) ||
6366 ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
6367 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
6368 pinfo->hop_count)) ||
6369 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
6370 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
6371 pinfo->path_change_count)))
6372 goto nla_put_failure;
6373
6374 nla_nest_end(msg, pinfoattr);
6375
6376 genlmsg_end(msg, hdr);
6377 return 0;
6378
6379 nla_put_failure:
6380 genlmsg_cancel(msg, hdr);
6381 return -EMSGSIZE;
6382 }
6383
nl80211_dump_mpath(struct sk_buff * skb,struct netlink_callback * cb)6384 static int nl80211_dump_mpath(struct sk_buff *skb,
6385 struct netlink_callback *cb)
6386 {
6387 struct mpath_info pinfo;
6388 struct cfg80211_registered_device *rdev;
6389 struct wireless_dev *wdev;
6390 u8 dst[ETH_ALEN];
6391 u8 next_hop[ETH_ALEN];
6392 int path_idx = cb->args[2];
6393 int err;
6394
6395 rtnl_lock();
6396 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6397 if (err)
6398 goto out_err;
6399
6400 if (!rdev->ops->dump_mpath) {
6401 err = -EOPNOTSUPP;
6402 goto out_err;
6403 }
6404
6405 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6406 err = -EOPNOTSUPP;
6407 goto out_err;
6408 }
6409
6410 while (1) {
6411 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6412 next_hop, &pinfo);
6413 if (err == -ENOENT)
6414 break;
6415 if (err)
6416 goto out_err;
6417
6418 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6419 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6420 wdev->netdev, dst, next_hop,
6421 &pinfo) < 0)
6422 goto out;
6423
6424 path_idx++;
6425 }
6426
6427 out:
6428 cb->args[2] = path_idx;
6429 err = skb->len;
6430 out_err:
6431 rtnl_unlock();
6432 return err;
6433 }
6434
nl80211_get_mpath(struct sk_buff * skb,struct genl_info * info)6435 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6436 {
6437 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6438 int err;
6439 struct net_device *dev = info->user_ptr[1];
6440 struct mpath_info pinfo;
6441 struct sk_buff *msg;
6442 u8 *dst = NULL;
6443 u8 next_hop[ETH_ALEN];
6444
6445 memset(&pinfo, 0, sizeof(pinfo));
6446
6447 if (!info->attrs[NL80211_ATTR_MAC])
6448 return -EINVAL;
6449
6450 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6451
6452 if (!rdev->ops->get_mpath)
6453 return -EOPNOTSUPP;
6454
6455 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6456 return -EOPNOTSUPP;
6457
6458 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6459 if (err)
6460 return err;
6461
6462 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6463 if (!msg)
6464 return -ENOMEM;
6465
6466 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6467 dev, dst, next_hop, &pinfo) < 0) {
6468 nlmsg_free(msg);
6469 return -ENOBUFS;
6470 }
6471
6472 return genlmsg_reply(msg, info);
6473 }
6474
nl80211_set_mpath(struct sk_buff * skb,struct genl_info * info)6475 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6476 {
6477 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6478 struct net_device *dev = info->user_ptr[1];
6479 u8 *dst = NULL;
6480 u8 *next_hop = NULL;
6481
6482 if (!info->attrs[NL80211_ATTR_MAC])
6483 return -EINVAL;
6484
6485 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6486 return -EINVAL;
6487
6488 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6489 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6490
6491 if (!rdev->ops->change_mpath)
6492 return -EOPNOTSUPP;
6493
6494 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6495 return -EOPNOTSUPP;
6496
6497 return rdev_change_mpath(rdev, dev, dst, next_hop);
6498 }
6499
nl80211_new_mpath(struct sk_buff * skb,struct genl_info * info)6500 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
6501 {
6502 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6503 struct net_device *dev = info->user_ptr[1];
6504 u8 *dst = NULL;
6505 u8 *next_hop = NULL;
6506
6507 if (!info->attrs[NL80211_ATTR_MAC])
6508 return -EINVAL;
6509
6510 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6511 return -EINVAL;
6512
6513 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6514 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6515
6516 if (!rdev->ops->add_mpath)
6517 return -EOPNOTSUPP;
6518
6519 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6520 return -EOPNOTSUPP;
6521
6522 return rdev_add_mpath(rdev, dev, dst, next_hop);
6523 }
6524
nl80211_del_mpath(struct sk_buff * skb,struct genl_info * info)6525 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
6526 {
6527 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6528 struct net_device *dev = info->user_ptr[1];
6529 u8 *dst = NULL;
6530
6531 if (info->attrs[NL80211_ATTR_MAC])
6532 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6533
6534 if (!rdev->ops->del_mpath)
6535 return -EOPNOTSUPP;
6536
6537 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6538 return -EOPNOTSUPP;
6539
6540 return rdev_del_mpath(rdev, dev, dst);
6541 }
6542
nl80211_get_mpp(struct sk_buff * skb,struct genl_info * info)6543 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
6544 {
6545 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6546 int err;
6547 struct net_device *dev = info->user_ptr[1];
6548 struct mpath_info pinfo;
6549 struct sk_buff *msg;
6550 u8 *dst = NULL;
6551 u8 mpp[ETH_ALEN];
6552
6553 memset(&pinfo, 0, sizeof(pinfo));
6554
6555 if (!info->attrs[NL80211_ATTR_MAC])
6556 return -EINVAL;
6557
6558 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6559
6560 if (!rdev->ops->get_mpp)
6561 return -EOPNOTSUPP;
6562
6563 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6564 return -EOPNOTSUPP;
6565
6566 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
6567 if (err)
6568 return err;
6569
6570 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6571 if (!msg)
6572 return -ENOMEM;
6573
6574 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6575 dev, dst, mpp, &pinfo) < 0) {
6576 nlmsg_free(msg);
6577 return -ENOBUFS;
6578 }
6579
6580 return genlmsg_reply(msg, info);
6581 }
6582
nl80211_dump_mpp(struct sk_buff * skb,struct netlink_callback * cb)6583 static int nl80211_dump_mpp(struct sk_buff *skb,
6584 struct netlink_callback *cb)
6585 {
6586 struct mpath_info pinfo;
6587 struct cfg80211_registered_device *rdev;
6588 struct wireless_dev *wdev;
6589 u8 dst[ETH_ALEN];
6590 u8 mpp[ETH_ALEN];
6591 int path_idx = cb->args[2];
6592 int err;
6593
6594 rtnl_lock();
6595 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6596 if (err)
6597 goto out_err;
6598
6599 if (!rdev->ops->dump_mpp) {
6600 err = -EOPNOTSUPP;
6601 goto out_err;
6602 }
6603
6604 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6605 err = -EOPNOTSUPP;
6606 goto out_err;
6607 }
6608
6609 while (1) {
6610 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
6611 mpp, &pinfo);
6612 if (err == -ENOENT)
6613 break;
6614 if (err)
6615 goto out_err;
6616
6617 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6618 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6619 wdev->netdev, dst, mpp,
6620 &pinfo) < 0)
6621 goto out;
6622
6623 path_idx++;
6624 }
6625
6626 out:
6627 cb->args[2] = path_idx;
6628 err = skb->len;
6629 out_err:
6630 rtnl_unlock();
6631 return err;
6632 }
6633
nl80211_set_bss(struct sk_buff * skb,struct genl_info * info)6634 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
6635 {
6636 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6637 struct net_device *dev = info->user_ptr[1];
6638 struct wireless_dev *wdev = dev->ieee80211_ptr;
6639 struct bss_parameters params;
6640 int err;
6641
6642 memset(¶ms, 0, sizeof(params));
6643 /* default to not changing parameters */
6644 params.use_cts_prot = -1;
6645 params.use_short_preamble = -1;
6646 params.use_short_slot_time = -1;
6647 params.ap_isolate = -1;
6648 params.ht_opmode = -1;
6649 params.p2p_ctwindow = -1;
6650 params.p2p_opp_ps = -1;
6651
6652 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
6653 params.use_cts_prot =
6654 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
6655 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
6656 params.use_short_preamble =
6657 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
6658 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
6659 params.use_short_slot_time =
6660 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
6661 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6662 params.basic_rates =
6663 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6664 params.basic_rates_len =
6665 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6666 }
6667 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
6668 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
6669 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
6670 params.ht_opmode =
6671 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
6672
6673 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6674 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6675 return -EINVAL;
6676 params.p2p_ctwindow =
6677 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6678 if (params.p2p_ctwindow != 0 &&
6679 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
6680 return -EINVAL;
6681 }
6682
6683 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6684 u8 tmp;
6685
6686 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6687 return -EINVAL;
6688 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6689 params.p2p_opp_ps = tmp;
6690 if (params.p2p_opp_ps &&
6691 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
6692 return -EINVAL;
6693 }
6694
6695 if (!rdev->ops->change_bss)
6696 return -EOPNOTSUPP;
6697
6698 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6699 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6700 return -EOPNOTSUPP;
6701
6702 wdev_lock(wdev);
6703 err = rdev_change_bss(rdev, dev, ¶ms);
6704 wdev_unlock(wdev);
6705
6706 return err;
6707 }
6708
nl80211_req_set_reg(struct sk_buff * skb,struct genl_info * info)6709 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
6710 {
6711 char *data = NULL;
6712 bool is_indoor;
6713 enum nl80211_user_reg_hint_type user_reg_hint_type;
6714 u32 owner_nlportid;
6715
6716 /*
6717 * You should only get this when cfg80211 hasn't yet initialized
6718 * completely when built-in to the kernel right between the time
6719 * window between nl80211_init() and regulatory_init(), if that is
6720 * even possible.
6721 */
6722 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
6723 return -EINPROGRESS;
6724
6725 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
6726 user_reg_hint_type =
6727 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
6728 else
6729 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
6730
6731 switch (user_reg_hint_type) {
6732 case NL80211_USER_REG_HINT_USER:
6733 case NL80211_USER_REG_HINT_CELL_BASE:
6734 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6735 return -EINVAL;
6736
6737 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6738 return regulatory_hint_user(data, user_reg_hint_type);
6739 case NL80211_USER_REG_HINT_INDOOR:
6740 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
6741 owner_nlportid = info->snd_portid;
6742 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
6743 } else {
6744 owner_nlportid = 0;
6745 is_indoor = true;
6746 }
6747
6748 return regulatory_hint_indoor(is_indoor, owner_nlportid);
6749 default:
6750 return -EINVAL;
6751 }
6752 }
6753
nl80211_reload_regdb(struct sk_buff * skb,struct genl_info * info)6754 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
6755 {
6756 return reg_reload_regdb();
6757 }
6758
nl80211_get_mesh_config(struct sk_buff * skb,struct genl_info * info)6759 static int nl80211_get_mesh_config(struct sk_buff *skb,
6760 struct genl_info *info)
6761 {
6762 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6763 struct net_device *dev = info->user_ptr[1];
6764 struct wireless_dev *wdev = dev->ieee80211_ptr;
6765 struct mesh_config cur_params;
6766 int err = 0;
6767 void *hdr;
6768 struct nlattr *pinfoattr;
6769 struct sk_buff *msg;
6770
6771 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6772 return -EOPNOTSUPP;
6773
6774 if (!rdev->ops->get_mesh_config)
6775 return -EOPNOTSUPP;
6776
6777 wdev_lock(wdev);
6778 /* If not connected, get default parameters */
6779 if (!wdev->mesh_id_len)
6780 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
6781 else
6782 err = rdev_get_mesh_config(rdev, dev, &cur_params);
6783 wdev_unlock(wdev);
6784
6785 if (err)
6786 return err;
6787
6788 /* Draw up a netlink message to send back */
6789 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6790 if (!msg)
6791 return -ENOMEM;
6792 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6793 NL80211_CMD_GET_MESH_CONFIG);
6794 if (!hdr)
6795 goto out;
6796 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
6797 if (!pinfoattr)
6798 goto nla_put_failure;
6799 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6800 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
6801 cur_params.dot11MeshRetryTimeout) ||
6802 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
6803 cur_params.dot11MeshConfirmTimeout) ||
6804 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
6805 cur_params.dot11MeshHoldingTimeout) ||
6806 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
6807 cur_params.dot11MeshMaxPeerLinks) ||
6808 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
6809 cur_params.dot11MeshMaxRetries) ||
6810 nla_put_u8(msg, NL80211_MESHCONF_TTL,
6811 cur_params.dot11MeshTTL) ||
6812 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
6813 cur_params.element_ttl) ||
6814 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6815 cur_params.auto_open_plinks) ||
6816 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6817 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
6818 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6819 cur_params.dot11MeshHWMPmaxPREQretries) ||
6820 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
6821 cur_params.path_refresh_time) ||
6822 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6823 cur_params.min_discovery_timeout) ||
6824 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6825 cur_params.dot11MeshHWMPactivePathTimeout) ||
6826 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6827 cur_params.dot11MeshHWMPpreqMinInterval) ||
6828 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6829 cur_params.dot11MeshHWMPperrMinInterval) ||
6830 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6831 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
6832 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
6833 cur_params.dot11MeshHWMPRootMode) ||
6834 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6835 cur_params.dot11MeshHWMPRannInterval) ||
6836 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6837 cur_params.dot11MeshGateAnnouncementProtocol) ||
6838 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
6839 cur_params.dot11MeshForwarding) ||
6840 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
6841 cur_params.rssi_threshold) ||
6842 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
6843 cur_params.ht_opmode) ||
6844 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6845 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
6846 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6847 cur_params.dot11MeshHWMProotInterval) ||
6848 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6849 cur_params.dot11MeshHWMPconfirmationInterval) ||
6850 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
6851 cur_params.power_mode) ||
6852 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
6853 cur_params.dot11MeshAwakeWindowDuration) ||
6854 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
6855 cur_params.plink_timeout) ||
6856 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
6857 cur_params.dot11MeshConnectedToMeshGate))
6858 goto nla_put_failure;
6859 nla_nest_end(msg, pinfoattr);
6860 genlmsg_end(msg, hdr);
6861 return genlmsg_reply(msg, info);
6862
6863 nla_put_failure:
6864 out:
6865 nlmsg_free(msg);
6866 return -ENOBUFS;
6867 }
6868
6869 static const struct nla_policy
6870 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
6871 [NL80211_MESHCONF_RETRY_TIMEOUT] =
6872 NLA_POLICY_RANGE(NLA_U16, 1, 255),
6873 [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
6874 NLA_POLICY_RANGE(NLA_U16, 1, 255),
6875 [NL80211_MESHCONF_HOLDING_TIMEOUT] =
6876 NLA_POLICY_RANGE(NLA_U16, 1, 255),
6877 [NL80211_MESHCONF_MAX_PEER_LINKS] =
6878 NLA_POLICY_RANGE(NLA_U16, 0, 255),
6879 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
6880 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6881 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6882 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
6883 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
6884 NLA_POLICY_RANGE(NLA_U32, 1, 255),
6885 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
6886 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
6887 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
6888 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
6889 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
6890 NLA_POLICY_MIN(NLA_U16, 1),
6891 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
6892 NLA_POLICY_MIN(NLA_U16, 1),
6893 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
6894 NLA_POLICY_MIN(NLA_U16, 1),
6895 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
6896 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
6897 NLA_POLICY_MIN(NLA_U16, 1),
6898 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
6899 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
6900 [NL80211_MESHCONF_RSSI_THRESHOLD] =
6901 NLA_POLICY_RANGE(NLA_S32, -255, 0),
6902 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
6903 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
6904 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
6905 NLA_POLICY_MIN(NLA_U16, 1),
6906 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
6907 NLA_POLICY_MIN(NLA_U16, 1),
6908 [NL80211_MESHCONF_POWER_MODE] =
6909 NLA_POLICY_RANGE(NLA_U32,
6910 NL80211_MESH_POWER_ACTIVE,
6911 NL80211_MESH_POWER_MAX),
6912 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
6913 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
6914 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
6915 };
6916
6917 static const struct nla_policy
6918 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
6919 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
6920 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
6921 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
6922 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
6923 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
6924 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
6925 [NL80211_MESH_SETUP_IE] =
6926 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
6927 IEEE80211_MAX_DATA_LEN),
6928 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
6929 };
6930
nl80211_parse_mesh_config(struct genl_info * info,struct mesh_config * cfg,u32 * mask_out)6931 static int nl80211_parse_mesh_config(struct genl_info *info,
6932 struct mesh_config *cfg,
6933 u32 *mask_out)
6934 {
6935 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
6936 u32 mask = 0;
6937 u16 ht_opmode;
6938
6939 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
6940 do { \
6941 if (tb[attr]) { \
6942 cfg->param = fn(tb[attr]); \
6943 mask |= BIT((attr) - 1); \
6944 } \
6945 } while (0)
6946
6947 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
6948 return -EINVAL;
6949 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
6950 return -EINVAL;
6951
6952 /* This makes sure that there aren't more than 32 mesh config
6953 * parameters (otherwise our bitfield scheme would not work.) */
6954 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
6955
6956 /* Fill in the params struct */
6957 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
6958 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
6959 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
6960 NL80211_MESHCONF_CONFIRM_TIMEOUT,
6961 nla_get_u16);
6962 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
6963 NL80211_MESHCONF_HOLDING_TIMEOUT,
6964 nla_get_u16);
6965 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
6966 NL80211_MESHCONF_MAX_PEER_LINKS,
6967 nla_get_u16);
6968 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
6969 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
6970 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
6971 NL80211_MESHCONF_TTL, nla_get_u8);
6972 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
6973 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
6974 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
6975 NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6976 nla_get_u8);
6977 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
6978 mask,
6979 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6980 nla_get_u32);
6981 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
6982 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6983 nla_get_u8);
6984 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
6985 NL80211_MESHCONF_PATH_REFRESH_TIME,
6986 nla_get_u32);
6987 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
6988 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
6989 return -EINVAL;
6990 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
6991 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6992 nla_get_u16);
6993 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6994 mask,
6995 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6996 nla_get_u32);
6997 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
6998 (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
6999 cfg->dot11MeshHWMPactivePathTimeout > 65535))
7000 return -EINVAL;
7001 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
7002 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
7003 nla_get_u16);
7004 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
7005 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
7006 nla_get_u16);
7007 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7008 dot11MeshHWMPnetDiameterTraversalTime, mask,
7009 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
7010 nla_get_u16);
7011 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
7012 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
7013 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
7014 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
7015 nla_get_u16);
7016 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
7017 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
7018 nla_get_u8);
7019 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
7020 NL80211_MESHCONF_FORWARDING, nla_get_u8);
7021 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
7022 NL80211_MESHCONF_RSSI_THRESHOLD,
7023 nla_get_s32);
7024 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
7025 NL80211_MESHCONF_CONNECTED_TO_GATE,
7026 nla_get_u8);
7027 /*
7028 * Check HT operation mode based on
7029 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
7030 */
7031 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
7032 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
7033
7034 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
7035 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
7036 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
7037 return -EINVAL;
7038
7039 /* NON_HT_STA bit is reserved, but some programs set it */
7040 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
7041
7042 cfg->ht_opmode = ht_opmode;
7043 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
7044 }
7045 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7046 dot11MeshHWMPactivePathToRootTimeout, mask,
7047 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
7048 nla_get_u32);
7049 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
7050 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
7051 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
7052 return -EINVAL;
7053 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
7054 NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
7055 nla_get_u16);
7056 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
7057 mask,
7058 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
7059 nla_get_u16);
7060 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
7061 NL80211_MESHCONF_POWER_MODE, nla_get_u32);
7062 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
7063 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
7064 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
7065 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
7066 if (mask_out)
7067 *mask_out = mask;
7068
7069 return 0;
7070
7071 #undef FILL_IN_MESH_PARAM_IF_SET
7072 }
7073
nl80211_parse_mesh_setup(struct genl_info * info,struct mesh_setup * setup)7074 static int nl80211_parse_mesh_setup(struct genl_info *info,
7075 struct mesh_setup *setup)
7076 {
7077 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7078 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
7079
7080 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
7081 return -EINVAL;
7082 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
7083 return -EINVAL;
7084
7085 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
7086 setup->sync_method =
7087 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
7088 IEEE80211_SYNC_METHOD_VENDOR :
7089 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
7090
7091 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
7092 setup->path_sel_proto =
7093 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
7094 IEEE80211_PATH_PROTOCOL_VENDOR :
7095 IEEE80211_PATH_PROTOCOL_HWMP;
7096
7097 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
7098 setup->path_metric =
7099 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
7100 IEEE80211_PATH_METRIC_VENDOR :
7101 IEEE80211_PATH_METRIC_AIRTIME;
7102
7103 if (tb[NL80211_MESH_SETUP_IE]) {
7104 struct nlattr *ieattr =
7105 tb[NL80211_MESH_SETUP_IE];
7106 setup->ie = nla_data(ieattr);
7107 setup->ie_len = nla_len(ieattr);
7108 }
7109 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
7110 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
7111 return -EINVAL;
7112 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
7113 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
7114 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
7115 if (setup->is_secure)
7116 setup->user_mpm = true;
7117
7118 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
7119 if (!setup->user_mpm)
7120 return -EINVAL;
7121 setup->auth_id =
7122 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
7123 }
7124
7125 return 0;
7126 }
7127
nl80211_update_mesh_config(struct sk_buff * skb,struct genl_info * info)7128 static int nl80211_update_mesh_config(struct sk_buff *skb,
7129 struct genl_info *info)
7130 {
7131 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7132 struct net_device *dev = info->user_ptr[1];
7133 struct wireless_dev *wdev = dev->ieee80211_ptr;
7134 struct mesh_config cfg = {};
7135 u32 mask;
7136 int err;
7137
7138 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
7139 return -EOPNOTSUPP;
7140
7141 if (!rdev->ops->update_mesh_config)
7142 return -EOPNOTSUPP;
7143
7144 err = nl80211_parse_mesh_config(info, &cfg, &mask);
7145 if (err)
7146 return err;
7147
7148 wdev_lock(wdev);
7149 if (!wdev->mesh_id_len)
7150 err = -ENOLINK;
7151
7152 if (!err)
7153 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
7154
7155 wdev_unlock(wdev);
7156
7157 return err;
7158 }
7159
nl80211_put_regdom(const struct ieee80211_regdomain * regdom,struct sk_buff * msg)7160 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
7161 struct sk_buff *msg)
7162 {
7163 struct nlattr *nl_reg_rules;
7164 unsigned int i;
7165
7166 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
7167 (regdom->dfs_region &&
7168 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
7169 goto nla_put_failure;
7170
7171 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
7172 if (!nl_reg_rules)
7173 goto nla_put_failure;
7174
7175 for (i = 0; i < regdom->n_reg_rules; i++) {
7176 struct nlattr *nl_reg_rule;
7177 const struct ieee80211_reg_rule *reg_rule;
7178 const struct ieee80211_freq_range *freq_range;
7179 const struct ieee80211_power_rule *power_rule;
7180 unsigned int max_bandwidth_khz;
7181
7182 reg_rule = ®dom->reg_rules[i];
7183 freq_range = ®_rule->freq_range;
7184 power_rule = ®_rule->power_rule;
7185
7186 nl_reg_rule = nla_nest_start_noflag(msg, i);
7187 if (!nl_reg_rule)
7188 goto nla_put_failure;
7189
7190 max_bandwidth_khz = freq_range->max_bandwidth_khz;
7191 if (!max_bandwidth_khz)
7192 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
7193 reg_rule);
7194
7195 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
7196 reg_rule->flags) ||
7197 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
7198 freq_range->start_freq_khz) ||
7199 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
7200 freq_range->end_freq_khz) ||
7201 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
7202 max_bandwidth_khz) ||
7203 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
7204 power_rule->max_antenna_gain) ||
7205 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
7206 power_rule->max_eirp) ||
7207 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
7208 reg_rule->dfs_cac_ms))
7209 goto nla_put_failure;
7210
7211 nla_nest_end(msg, nl_reg_rule);
7212 }
7213
7214 nla_nest_end(msg, nl_reg_rules);
7215 return 0;
7216
7217 nla_put_failure:
7218 return -EMSGSIZE;
7219 }
7220
nl80211_get_reg_do(struct sk_buff * skb,struct genl_info * info)7221 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
7222 {
7223 const struct ieee80211_regdomain *regdom = NULL;
7224 struct cfg80211_registered_device *rdev;
7225 struct wiphy *wiphy = NULL;
7226 struct sk_buff *msg;
7227 void *hdr;
7228
7229 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7230 if (!msg)
7231 return -ENOBUFS;
7232
7233 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7234 NL80211_CMD_GET_REG);
7235 if (!hdr)
7236 goto put_failure;
7237
7238 if (info->attrs[NL80211_ATTR_WIPHY]) {
7239 bool self_managed;
7240
7241 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
7242 if (IS_ERR(rdev)) {
7243 nlmsg_free(msg);
7244 return PTR_ERR(rdev);
7245 }
7246
7247 wiphy = &rdev->wiphy;
7248 self_managed = wiphy->regulatory_flags &
7249 REGULATORY_WIPHY_SELF_MANAGED;
7250 regdom = get_wiphy_regdom(wiphy);
7251
7252 /* a self-managed-reg device must have a private regdom */
7253 if (WARN_ON(!regdom && self_managed)) {
7254 nlmsg_free(msg);
7255 return -EINVAL;
7256 }
7257
7258 if (regdom &&
7259 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7260 goto nla_put_failure;
7261 }
7262
7263 if (!wiphy && reg_last_request_cell_base() &&
7264 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7265 NL80211_USER_REG_HINT_CELL_BASE))
7266 goto nla_put_failure;
7267
7268 rcu_read_lock();
7269
7270 if (!regdom)
7271 regdom = rcu_dereference(cfg80211_regdomain);
7272
7273 if (nl80211_put_regdom(regdom, msg))
7274 goto nla_put_failure_rcu;
7275
7276 rcu_read_unlock();
7277
7278 genlmsg_end(msg, hdr);
7279 return genlmsg_reply(msg, info);
7280
7281 nla_put_failure_rcu:
7282 rcu_read_unlock();
7283 nla_put_failure:
7284 put_failure:
7285 nlmsg_free(msg);
7286 return -EMSGSIZE;
7287 }
7288
nl80211_send_regdom(struct sk_buff * msg,struct netlink_callback * cb,u32 seq,int flags,struct wiphy * wiphy,const struct ieee80211_regdomain * regdom)7289 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
7290 u32 seq, int flags, struct wiphy *wiphy,
7291 const struct ieee80211_regdomain *regdom)
7292 {
7293 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7294 NL80211_CMD_GET_REG);
7295
7296 if (!hdr)
7297 return -1;
7298
7299 genl_dump_check_consistent(cb, hdr);
7300
7301 if (nl80211_put_regdom(regdom, msg))
7302 goto nla_put_failure;
7303
7304 if (!wiphy && reg_last_request_cell_base() &&
7305 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7306 NL80211_USER_REG_HINT_CELL_BASE))
7307 goto nla_put_failure;
7308
7309 if (wiphy &&
7310 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7311 goto nla_put_failure;
7312
7313 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
7314 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
7315 goto nla_put_failure;
7316
7317 genlmsg_end(msg, hdr);
7318 return 0;
7319
7320 nla_put_failure:
7321 genlmsg_cancel(msg, hdr);
7322 return -EMSGSIZE;
7323 }
7324
nl80211_get_reg_dump(struct sk_buff * skb,struct netlink_callback * cb)7325 static int nl80211_get_reg_dump(struct sk_buff *skb,
7326 struct netlink_callback *cb)
7327 {
7328 const struct ieee80211_regdomain *regdom = NULL;
7329 struct cfg80211_registered_device *rdev;
7330 int err, reg_idx, start = cb->args[2];
7331
7332 rtnl_lock();
7333
7334 if (cfg80211_regdomain && start == 0) {
7335 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7336 NLM_F_MULTI, NULL,
7337 rtnl_dereference(cfg80211_regdomain));
7338 if (err < 0)
7339 goto out_err;
7340 }
7341
7342 /* the global regdom is idx 0 */
7343 reg_idx = 1;
7344 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
7345 regdom = get_wiphy_regdom(&rdev->wiphy);
7346 if (!regdom)
7347 continue;
7348
7349 if (++reg_idx <= start)
7350 continue;
7351
7352 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7353 NLM_F_MULTI, &rdev->wiphy, regdom);
7354 if (err < 0) {
7355 reg_idx--;
7356 break;
7357 }
7358 }
7359
7360 cb->args[2] = reg_idx;
7361 err = skb->len;
7362 out_err:
7363 rtnl_unlock();
7364 return err;
7365 }
7366
7367 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
7368 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
7369 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
7370 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
7371 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
7372 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
7373 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
7374 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
7375 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
7376 };
7377
parse_reg_rule(struct nlattr * tb[],struct ieee80211_reg_rule * reg_rule)7378 static int parse_reg_rule(struct nlattr *tb[],
7379 struct ieee80211_reg_rule *reg_rule)
7380 {
7381 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
7382 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
7383
7384 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
7385 return -EINVAL;
7386 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
7387 return -EINVAL;
7388 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
7389 return -EINVAL;
7390 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
7391 return -EINVAL;
7392 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
7393 return -EINVAL;
7394
7395 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
7396
7397 freq_range->start_freq_khz =
7398 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
7399 freq_range->end_freq_khz =
7400 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7401 freq_range->max_bandwidth_khz =
7402 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7403
7404 power_rule->max_eirp =
7405 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7406
7407 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7408 power_rule->max_antenna_gain =
7409 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7410
7411 if (tb[NL80211_ATTR_DFS_CAC_TIME])
7412 reg_rule->dfs_cac_ms =
7413 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7414
7415 return 0;
7416 }
7417
nl80211_set_reg(struct sk_buff * skb,struct genl_info * info)7418 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7419 {
7420 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7421 struct nlattr *nl_reg_rule;
7422 char *alpha2;
7423 int rem_reg_rules, r;
7424 u32 num_rules = 0, rule_idx = 0;
7425 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7426 struct ieee80211_regdomain *rd;
7427
7428 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7429 return -EINVAL;
7430
7431 if (!info->attrs[NL80211_ATTR_REG_RULES])
7432 return -EINVAL;
7433
7434 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7435
7436 if (info->attrs[NL80211_ATTR_DFS_REGION])
7437 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7438
7439 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7440 rem_reg_rules) {
7441 num_rules++;
7442 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7443 return -EINVAL;
7444 }
7445
7446 if (!reg_is_valid_request(alpha2))
7447 return -EINVAL;
7448
7449 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7450 if (!rd)
7451 return -ENOMEM;
7452
7453 rd->n_reg_rules = num_rules;
7454 rd->alpha2[0] = alpha2[0];
7455 rd->alpha2[1] = alpha2[1];
7456
7457 /*
7458 * Disable DFS master mode if the DFS region was
7459 * not supported or known on this kernel.
7460 */
7461 if (reg_supported_dfs_region(dfs_region))
7462 rd->dfs_region = dfs_region;
7463
7464 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7465 rem_reg_rules) {
7466 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7467 nl_reg_rule, reg_rule_policy,
7468 info->extack);
7469 if (r)
7470 goto bad_reg;
7471 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
7472 if (r)
7473 goto bad_reg;
7474
7475 rule_idx++;
7476
7477 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
7478 r = -EINVAL;
7479 goto bad_reg;
7480 }
7481 }
7482
7483 /* set_regdom takes ownership of rd */
7484 return set_regdom(rd, REGD_SOURCE_CRDA);
7485 bad_reg:
7486 kfree(rd);
7487 return r;
7488 }
7489 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
7490
validate_scan_freqs(struct nlattr * freqs)7491 static int validate_scan_freqs(struct nlattr *freqs)
7492 {
7493 struct nlattr *attr1, *attr2;
7494 int n_channels = 0, tmp1, tmp2;
7495
7496 nla_for_each_nested(attr1, freqs, tmp1)
7497 if (nla_len(attr1) != sizeof(u32))
7498 return 0;
7499
7500 nla_for_each_nested(attr1, freqs, tmp1) {
7501 n_channels++;
7502 /*
7503 * Some hardware has a limited channel list for
7504 * scanning, and it is pretty much nonsensical
7505 * to scan for a channel twice, so disallow that
7506 * and don't require drivers to check that the
7507 * channel list they get isn't longer than what
7508 * they can scan, as long as they can scan all
7509 * the channels they registered at once.
7510 */
7511 nla_for_each_nested(attr2, freqs, tmp2)
7512 if (attr1 != attr2 &&
7513 nla_get_u32(attr1) == nla_get_u32(attr2))
7514 return 0;
7515 }
7516
7517 return n_channels;
7518 }
7519
is_band_valid(struct wiphy * wiphy,enum nl80211_band b)7520 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
7521 {
7522 return b < NUM_NL80211_BANDS && wiphy->bands[b];
7523 }
7524
parse_bss_select(struct nlattr * nla,struct wiphy * wiphy,struct cfg80211_bss_selection * bss_select)7525 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
7526 struct cfg80211_bss_selection *bss_select)
7527 {
7528 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
7529 struct nlattr *nest;
7530 int err;
7531 bool found = false;
7532 int i;
7533
7534 /* only process one nested attribute */
7535 nest = nla_data(nla);
7536 if (!nla_ok(nest, nla_len(nest)))
7537 return -EINVAL;
7538
7539 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
7540 nest, nl80211_bss_select_policy,
7541 NULL);
7542 if (err)
7543 return err;
7544
7545 /* only one attribute may be given */
7546 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
7547 if (attr[i]) {
7548 if (found)
7549 return -EINVAL;
7550 found = true;
7551 }
7552 }
7553
7554 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
7555
7556 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
7557 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
7558
7559 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
7560 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
7561 bss_select->param.band_pref =
7562 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
7563 if (!is_band_valid(wiphy, bss_select->param.band_pref))
7564 return -EINVAL;
7565 }
7566
7567 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
7568 struct nl80211_bss_select_rssi_adjust *adj_param;
7569
7570 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
7571 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
7572 bss_select->param.adjust.band = adj_param->band;
7573 bss_select->param.adjust.delta = adj_param->delta;
7574 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
7575 return -EINVAL;
7576 }
7577
7578 /* user-space did not provide behaviour attribute */
7579 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
7580 return -EINVAL;
7581
7582 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
7583 return -EINVAL;
7584
7585 return 0;
7586 }
7587
nl80211_parse_random_mac(struct nlattr ** attrs,u8 * mac_addr,u8 * mac_addr_mask)7588 int nl80211_parse_random_mac(struct nlattr **attrs,
7589 u8 *mac_addr, u8 *mac_addr_mask)
7590 {
7591 int i;
7592
7593 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
7594 eth_zero_addr(mac_addr);
7595 eth_zero_addr(mac_addr_mask);
7596 mac_addr[0] = 0x2;
7597 mac_addr_mask[0] = 0x3;
7598
7599 return 0;
7600 }
7601
7602 /* need both or none */
7603 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
7604 return -EINVAL;
7605
7606 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
7607 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
7608
7609 /* don't allow or configure an mcast address */
7610 if (!is_multicast_ether_addr(mac_addr_mask) ||
7611 is_multicast_ether_addr(mac_addr))
7612 return -EINVAL;
7613
7614 /*
7615 * allow users to pass a MAC address that has bits set outside
7616 * of the mask, but don't bother drivers with having to deal
7617 * with such bits
7618 */
7619 for (i = 0; i < ETH_ALEN; i++)
7620 mac_addr[i] &= mac_addr_mask[i];
7621
7622 return 0;
7623 }
7624
cfg80211_off_channel_oper_allowed(struct wireless_dev * wdev)7625 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
7626 {
7627 ASSERT_WDEV_LOCK(wdev);
7628
7629 if (!cfg80211_beaconing_iface_active(wdev))
7630 return true;
7631
7632 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
7633 return true;
7634
7635 return regulatory_pre_cac_allowed(wdev->wiphy);
7636 }
7637
nl80211_check_scan_feat(struct wiphy * wiphy,u32 flags,u32 flag,enum nl80211_ext_feature_index feat)7638 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
7639 enum nl80211_ext_feature_index feat)
7640 {
7641 if (!(flags & flag))
7642 return true;
7643 if (wiphy_ext_feature_isset(wiphy, feat))
7644 return true;
7645 return false;
7646 }
7647
7648 static int
nl80211_check_scan_flags(struct wiphy * wiphy,struct wireless_dev * wdev,void * request,struct nlattr ** attrs,bool is_sched_scan)7649 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
7650 void *request, struct nlattr **attrs,
7651 bool is_sched_scan)
7652 {
7653 u8 *mac_addr, *mac_addr_mask;
7654 u32 *flags;
7655 enum nl80211_feature_flags randomness_flag;
7656
7657 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
7658 return 0;
7659
7660 if (is_sched_scan) {
7661 struct cfg80211_sched_scan_request *req = request;
7662
7663 randomness_flag = wdev ?
7664 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
7665 NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7666 flags = &req->flags;
7667 mac_addr = req->mac_addr;
7668 mac_addr_mask = req->mac_addr_mask;
7669 } else {
7670 struct cfg80211_scan_request *req = request;
7671
7672 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
7673 flags = &req->flags;
7674 mac_addr = req->mac_addr;
7675 mac_addr_mask = req->mac_addr_mask;
7676 }
7677
7678 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
7679
7680 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7681 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
7682 !nl80211_check_scan_feat(wiphy, *flags,
7683 NL80211_SCAN_FLAG_LOW_SPAN,
7684 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
7685 !nl80211_check_scan_feat(wiphy, *flags,
7686 NL80211_SCAN_FLAG_LOW_POWER,
7687 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
7688 !nl80211_check_scan_feat(wiphy, *flags,
7689 NL80211_SCAN_FLAG_HIGH_ACCURACY,
7690 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
7691 !nl80211_check_scan_feat(wiphy, *flags,
7692 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
7693 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
7694 !nl80211_check_scan_feat(wiphy, *flags,
7695 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
7696 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
7697 !nl80211_check_scan_feat(wiphy, *flags,
7698 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
7699 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
7700 !nl80211_check_scan_feat(wiphy, *flags,
7701 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
7702 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
7703 !nl80211_check_scan_feat(wiphy, *flags,
7704 NL80211_SCAN_FLAG_RANDOM_SN,
7705 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
7706 !nl80211_check_scan_feat(wiphy, *flags,
7707 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
7708 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
7709 return -EOPNOTSUPP;
7710
7711 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7712 int err;
7713
7714 if (!(wiphy->features & randomness_flag) ||
7715 (wdev && wdev->current_bss))
7716 return -EOPNOTSUPP;
7717
7718 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
7719 if (err)
7720 return err;
7721 }
7722
7723 return 0;
7724 }
7725
nl80211_trigger_scan(struct sk_buff * skb,struct genl_info * info)7726 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
7727 {
7728 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7729 struct wireless_dev *wdev = info->user_ptr[1];
7730 struct cfg80211_scan_request *request;
7731 struct nlattr *attr;
7732 struct wiphy *wiphy;
7733 int err, tmp, n_ssids = 0, n_channels, i;
7734 size_t ie_len;
7735
7736 wiphy = &rdev->wiphy;
7737
7738 if (wdev->iftype == NL80211_IFTYPE_NAN)
7739 return -EOPNOTSUPP;
7740
7741 if (!rdev->ops->scan)
7742 return -EOPNOTSUPP;
7743
7744 if (rdev->scan_req || rdev->scan_msg) {
7745 err = -EBUSY;
7746 goto unlock;
7747 }
7748
7749 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7750 n_channels = validate_scan_freqs(
7751 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7752 if (!n_channels) {
7753 err = -EINVAL;
7754 goto unlock;
7755 }
7756 } else {
7757 n_channels = ieee80211_get_num_supported_channels(wiphy);
7758 }
7759
7760 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
7761 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
7762 n_ssids++;
7763
7764 if (n_ssids > wiphy->max_scan_ssids) {
7765 err = -EINVAL;
7766 goto unlock;
7767 }
7768
7769 if (info->attrs[NL80211_ATTR_IE])
7770 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7771 else
7772 ie_len = 0;
7773
7774 if (ie_len > wiphy->max_scan_ie_len) {
7775 err = -EINVAL;
7776 goto unlock;
7777 }
7778
7779 request = kzalloc(sizeof(*request)
7780 + sizeof(*request->ssids) * n_ssids
7781 + sizeof(*request->channels) * n_channels
7782 + ie_len, GFP_KERNEL);
7783 if (!request) {
7784 err = -ENOMEM;
7785 goto unlock;
7786 }
7787
7788 if (n_ssids)
7789 request->ssids = (void *)&request->channels[n_channels];
7790 request->n_ssids = n_ssids;
7791 if (ie_len) {
7792 if (n_ssids)
7793 request->ie = (void *)(request->ssids + n_ssids);
7794 else
7795 request->ie = (void *)(request->channels + n_channels);
7796 }
7797
7798 i = 0;
7799 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7800 /* user specified, bail out if channel not found */
7801 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
7802 struct ieee80211_channel *chan;
7803
7804 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7805
7806 if (!chan) {
7807 err = -EINVAL;
7808 goto out_free;
7809 }
7810
7811 /* ignore disabled channels */
7812 if (chan->flags & IEEE80211_CHAN_DISABLED)
7813 continue;
7814
7815 request->channels[i] = chan;
7816 i++;
7817 }
7818 } else {
7819 enum nl80211_band band;
7820
7821 /* all channels */
7822 for (band = 0; band < NUM_NL80211_BANDS; band++) {
7823 int j;
7824
7825 if (!wiphy->bands[band])
7826 continue;
7827 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7828 struct ieee80211_channel *chan;
7829
7830 chan = &wiphy->bands[band]->channels[j];
7831
7832 if (chan->flags & IEEE80211_CHAN_DISABLED)
7833 continue;
7834
7835 request->channels[i] = chan;
7836 i++;
7837 }
7838 }
7839 }
7840
7841 if (!i) {
7842 err = -EINVAL;
7843 goto out_free;
7844 }
7845
7846 request->n_channels = i;
7847
7848 wdev_lock(wdev);
7849 if (!cfg80211_off_channel_oper_allowed(wdev)) {
7850 struct ieee80211_channel *chan;
7851
7852 if (request->n_channels != 1) {
7853 wdev_unlock(wdev);
7854 err = -EBUSY;
7855 goto out_free;
7856 }
7857
7858 chan = request->channels[0];
7859 if (chan->center_freq != wdev->chandef.chan->center_freq) {
7860 wdev_unlock(wdev);
7861 err = -EBUSY;
7862 goto out_free;
7863 }
7864 }
7865 wdev_unlock(wdev);
7866
7867 i = 0;
7868 if (n_ssids) {
7869 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
7870 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7871 err = -EINVAL;
7872 goto out_free;
7873 }
7874 request->ssids[i].ssid_len = nla_len(attr);
7875 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
7876 i++;
7877 }
7878 }
7879
7880 if (info->attrs[NL80211_ATTR_IE]) {
7881 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7882 memcpy((void *)request->ie,
7883 nla_data(info->attrs[NL80211_ATTR_IE]),
7884 request->ie_len);
7885 }
7886
7887 for (i = 0; i < NUM_NL80211_BANDS; i++)
7888 if (wiphy->bands[i])
7889 request->rates[i] =
7890 (1 << wiphy->bands[i]->n_bitrates) - 1;
7891
7892 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
7893 nla_for_each_nested(attr,
7894 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
7895 tmp) {
7896 enum nl80211_band band = nla_type(attr);
7897
7898 if (band < 0 || band >= NUM_NL80211_BANDS) {
7899 err = -EINVAL;
7900 goto out_free;
7901 }
7902
7903 if (!wiphy->bands[band])
7904 continue;
7905
7906 err = ieee80211_get_ratemask(wiphy->bands[band],
7907 nla_data(attr),
7908 nla_len(attr),
7909 &request->rates[band]);
7910 if (err)
7911 goto out_free;
7912 }
7913 }
7914
7915 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
7916 if (!wiphy_ext_feature_isset(wiphy,
7917 NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
7918 err = -EOPNOTSUPP;
7919 goto out_free;
7920 }
7921
7922 request->duration =
7923 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
7924 request->duration_mandatory =
7925 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
7926 }
7927
7928 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
7929 false);
7930 if (err)
7931 goto out_free;
7932
7933 request->no_cck =
7934 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7935
7936 /* Initial implementation used NL80211_ATTR_MAC to set the specific
7937 * BSSID to scan for. This was problematic because that same attribute
7938 * was already used for another purpose (local random MAC address). The
7939 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
7940 * compatibility with older userspace components, also use the
7941 * NL80211_ATTR_MAC value here if it can be determined to be used for
7942 * the specific BSSID use case instead of the random MAC address
7943 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
7944 */
7945 if (info->attrs[NL80211_ATTR_BSSID])
7946 memcpy(request->bssid,
7947 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
7948 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
7949 info->attrs[NL80211_ATTR_MAC])
7950 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
7951 ETH_ALEN);
7952 else
7953 eth_broadcast_addr(request->bssid);
7954
7955 request->wdev = wdev;
7956 request->wiphy = &rdev->wiphy;
7957 request->scan_start = jiffies;
7958
7959 rdev->scan_req = request;
7960 err = rdev_scan(rdev, request);
7961
7962 if (!err) {
7963 nl80211_send_scan_start(rdev, wdev);
7964 if (wdev->netdev)
7965 dev_hold(wdev->netdev);
7966 } else {
7967 out_free:
7968 rdev->scan_req = NULL;
7969 kfree(request);
7970 }
7971
7972 unlock:
7973 return err;
7974 }
7975
nl80211_abort_scan(struct sk_buff * skb,struct genl_info * info)7976 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
7977 {
7978 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7979 struct wireless_dev *wdev = info->user_ptr[1];
7980
7981 if (!rdev->ops->abort_scan)
7982 return -EOPNOTSUPP;
7983
7984 if (rdev->scan_msg)
7985 return 0;
7986
7987 if (!rdev->scan_req)
7988 return -ENOENT;
7989
7990 rdev_abort_scan(rdev, wdev);
7991 return 0;
7992 }
7993
7994 static int
nl80211_parse_sched_scan_plans(struct wiphy * wiphy,int n_plans,struct cfg80211_sched_scan_request * request,struct nlattr ** attrs)7995 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
7996 struct cfg80211_sched_scan_request *request,
7997 struct nlattr **attrs)
7998 {
7999 int tmp, err, i = 0;
8000 struct nlattr *attr;
8001
8002 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8003 u32 interval;
8004
8005 /*
8006 * If scan plans are not specified,
8007 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
8008 * case one scan plan will be set with the specified scan
8009 * interval and infinite number of iterations.
8010 */
8011 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
8012 if (!interval)
8013 return -EINVAL;
8014
8015 request->scan_plans[0].interval =
8016 DIV_ROUND_UP(interval, MSEC_PER_SEC);
8017 if (!request->scan_plans[0].interval)
8018 return -EINVAL;
8019
8020 if (request->scan_plans[0].interval >
8021 wiphy->max_sched_scan_plan_interval)
8022 request->scan_plans[0].interval =
8023 wiphy->max_sched_scan_plan_interval;
8024
8025 return 0;
8026 }
8027
8028 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
8029 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
8030
8031 if (WARN_ON(i >= n_plans))
8032 return -EINVAL;
8033
8034 err = nla_parse_nested_deprecated(plan,
8035 NL80211_SCHED_SCAN_PLAN_MAX,
8036 attr, nl80211_plan_policy,
8037 NULL);
8038 if (err)
8039 return err;
8040
8041 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
8042 return -EINVAL;
8043
8044 request->scan_plans[i].interval =
8045 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
8046 if (!request->scan_plans[i].interval ||
8047 request->scan_plans[i].interval >
8048 wiphy->max_sched_scan_plan_interval)
8049 return -EINVAL;
8050
8051 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
8052 request->scan_plans[i].iterations =
8053 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
8054 if (!request->scan_plans[i].iterations ||
8055 (request->scan_plans[i].iterations >
8056 wiphy->max_sched_scan_plan_iterations))
8057 return -EINVAL;
8058 } else if (i < n_plans - 1) {
8059 /*
8060 * All scan plans but the last one must specify
8061 * a finite number of iterations
8062 */
8063 return -EINVAL;
8064 }
8065
8066 i++;
8067 }
8068
8069 /*
8070 * The last scan plan must not specify the number of
8071 * iterations, it is supposed to run infinitely
8072 */
8073 if (request->scan_plans[n_plans - 1].iterations)
8074 return -EINVAL;
8075
8076 return 0;
8077 }
8078
8079 static int
nl80211_parse_sched_scan_per_band_rssi(struct wiphy * wiphy,struct cfg80211_match_set * match_sets,struct nlattr * tb_band_rssi,s32 rssi_thold)8080 nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
8081 struct cfg80211_match_set *match_sets,
8082 struct nlattr *tb_band_rssi,
8083 s32 rssi_thold)
8084 {
8085 struct nlattr *attr;
8086 int i, tmp, ret = 0;
8087
8088 if (!wiphy_ext_feature_isset(wiphy,
8089 NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
8090 if (tb_band_rssi)
8091 ret = -EOPNOTSUPP;
8092 else
8093 for (i = 0; i < NUM_NL80211_BANDS; i++)
8094 match_sets->per_band_rssi_thold[i] =
8095 NL80211_SCAN_RSSI_THOLD_OFF;
8096 return ret;
8097 }
8098
8099 for (i = 0; i < NUM_NL80211_BANDS; i++)
8100 match_sets->per_band_rssi_thold[i] = rssi_thold;
8101
8102 nla_for_each_nested(attr, tb_band_rssi, tmp) {
8103 enum nl80211_band band = nla_type(attr);
8104
8105 if (band < 0 || band >= NUM_NL80211_BANDS)
8106 return -EINVAL;
8107
8108 match_sets->per_band_rssi_thold[band] = nla_get_s32(attr);
8109 }
8110
8111 return 0;
8112 }
8113
8114 static struct cfg80211_sched_scan_request *
nl80211_parse_sched_scan(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,int max_match_sets)8115 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
8116 struct nlattr **attrs, int max_match_sets)
8117 {
8118 struct cfg80211_sched_scan_request *request;
8119 struct nlattr *attr;
8120 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
8121 enum nl80211_band band;
8122 size_t ie_len;
8123 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
8124 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
8125
8126 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8127 n_channels = validate_scan_freqs(
8128 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
8129 if (!n_channels)
8130 return ERR_PTR(-EINVAL);
8131 } else {
8132 n_channels = ieee80211_get_num_supported_channels(wiphy);
8133 }
8134
8135 if (attrs[NL80211_ATTR_SCAN_SSIDS])
8136 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8137 tmp)
8138 n_ssids++;
8139
8140 if (n_ssids > wiphy->max_sched_scan_ssids)
8141 return ERR_PTR(-EINVAL);
8142
8143 /*
8144 * First, count the number of 'real' matchsets. Due to an issue with
8145 * the old implementation, matchsets containing only the RSSI attribute
8146 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
8147 * RSSI for all matchsets, rather than their own matchset for reporting
8148 * all APs with a strong RSSI. This is needed to be compatible with
8149 * older userspace that treated a matchset with only the RSSI as the
8150 * global RSSI for all other matchsets - if there are other matchsets.
8151 */
8152 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8153 nla_for_each_nested(attr,
8154 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8155 tmp) {
8156 struct nlattr *rssi;
8157
8158 err = nla_parse_nested_deprecated(tb,
8159 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8160 attr,
8161 nl80211_match_policy,
8162 NULL);
8163 if (err)
8164 return ERR_PTR(err);
8165
8166 /* SSID and BSSID are mutually exclusive */
8167 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
8168 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
8169 return ERR_PTR(-EINVAL);
8170
8171 /* add other standalone attributes here */
8172 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
8173 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
8174 n_match_sets++;
8175 continue;
8176 }
8177 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8178 if (rssi)
8179 default_match_rssi = nla_get_s32(rssi);
8180 }
8181 }
8182
8183 /* However, if there's no other matchset, add the RSSI one */
8184 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
8185 n_match_sets = 1;
8186
8187 if (n_match_sets > max_match_sets)
8188 return ERR_PTR(-EINVAL);
8189
8190 if (attrs[NL80211_ATTR_IE])
8191 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
8192 else
8193 ie_len = 0;
8194
8195 if (ie_len > wiphy->max_sched_scan_ie_len)
8196 return ERR_PTR(-EINVAL);
8197
8198 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8199 /*
8200 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
8201 * each scan plan already specifies its own interval
8202 */
8203 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8204 return ERR_PTR(-EINVAL);
8205
8206 nla_for_each_nested(attr,
8207 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
8208 n_plans++;
8209 } else {
8210 /*
8211 * The scan interval attribute is kept for backward
8212 * compatibility. If no scan plans are specified and sched scan
8213 * interval is specified, one scan plan will be set with this
8214 * scan interval and infinite number of iterations.
8215 */
8216 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8217 return ERR_PTR(-EINVAL);
8218
8219 n_plans = 1;
8220 }
8221
8222 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
8223 return ERR_PTR(-EINVAL);
8224
8225 if (!wiphy_ext_feature_isset(
8226 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
8227 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
8228 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
8229 return ERR_PTR(-EINVAL);
8230
8231 request = kzalloc(sizeof(*request)
8232 + sizeof(*request->ssids) * n_ssids
8233 + sizeof(*request->match_sets) * n_match_sets
8234 + sizeof(*request->scan_plans) * n_plans
8235 + sizeof(*request->channels) * n_channels
8236 + ie_len, GFP_KERNEL);
8237 if (!request)
8238 return ERR_PTR(-ENOMEM);
8239
8240 if (n_ssids)
8241 request->ssids = (void *)&request->channels[n_channels];
8242 request->n_ssids = n_ssids;
8243 if (ie_len) {
8244 if (n_ssids)
8245 request->ie = (void *)(request->ssids + n_ssids);
8246 else
8247 request->ie = (void *)(request->channels + n_channels);
8248 }
8249
8250 if (n_match_sets) {
8251 if (request->ie)
8252 request->match_sets = (void *)(request->ie + ie_len);
8253 else if (n_ssids)
8254 request->match_sets =
8255 (void *)(request->ssids + n_ssids);
8256 else
8257 request->match_sets =
8258 (void *)(request->channels + n_channels);
8259 }
8260 request->n_match_sets = n_match_sets;
8261
8262 if (n_match_sets)
8263 request->scan_plans = (void *)(request->match_sets +
8264 n_match_sets);
8265 else if (request->ie)
8266 request->scan_plans = (void *)(request->ie + ie_len);
8267 else if (n_ssids)
8268 request->scan_plans = (void *)(request->ssids + n_ssids);
8269 else
8270 request->scan_plans = (void *)(request->channels + n_channels);
8271
8272 request->n_scan_plans = n_plans;
8273
8274 i = 0;
8275 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8276 /* user specified, bail out if channel not found */
8277 nla_for_each_nested(attr,
8278 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
8279 tmp) {
8280 struct ieee80211_channel *chan;
8281
8282 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
8283
8284 if (!chan) {
8285 err = -EINVAL;
8286 goto out_free;
8287 }
8288
8289 /* ignore disabled channels */
8290 if (chan->flags & IEEE80211_CHAN_DISABLED)
8291 continue;
8292
8293 request->channels[i] = chan;
8294 i++;
8295 }
8296 } else {
8297 /* all channels */
8298 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8299 int j;
8300
8301 if (!wiphy->bands[band])
8302 continue;
8303 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8304 struct ieee80211_channel *chan;
8305
8306 chan = &wiphy->bands[band]->channels[j];
8307
8308 if (chan->flags & IEEE80211_CHAN_DISABLED)
8309 continue;
8310
8311 request->channels[i] = chan;
8312 i++;
8313 }
8314 }
8315 }
8316
8317 if (!i) {
8318 err = -EINVAL;
8319 goto out_free;
8320 }
8321
8322 request->n_channels = i;
8323
8324 i = 0;
8325 if (n_ssids) {
8326 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8327 tmp) {
8328 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8329 err = -EINVAL;
8330 goto out_free;
8331 }
8332 request->ssids[i].ssid_len = nla_len(attr);
8333 memcpy(request->ssids[i].ssid, nla_data(attr),
8334 nla_len(attr));
8335 i++;
8336 }
8337 }
8338
8339 i = 0;
8340 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8341 nla_for_each_nested(attr,
8342 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8343 tmp) {
8344 struct nlattr *ssid, *bssid, *rssi;
8345
8346 err = nla_parse_nested_deprecated(tb,
8347 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8348 attr,
8349 nl80211_match_policy,
8350 NULL);
8351 if (err)
8352 goto out_free;
8353 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
8354 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
8355
8356 if (!ssid && !bssid) {
8357 i++;
8358 continue;
8359 }
8360
8361 if (WARN_ON(i >= n_match_sets)) {
8362 /* this indicates a programming error,
8363 * the loop above should have verified
8364 * things properly
8365 */
8366 err = -EINVAL;
8367 goto out_free;
8368 }
8369
8370 if (ssid) {
8371 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
8372 err = -EINVAL;
8373 goto out_free;
8374 }
8375 memcpy(request->match_sets[i].ssid.ssid,
8376 nla_data(ssid), nla_len(ssid));
8377 request->match_sets[i].ssid.ssid_len =
8378 nla_len(ssid);
8379 }
8380 if (bssid) {
8381 if (nla_len(bssid) != ETH_ALEN) {
8382 err = -EINVAL;
8383 goto out_free;
8384 }
8385 memcpy(request->match_sets[i].bssid,
8386 nla_data(bssid), ETH_ALEN);
8387 }
8388
8389 /* special attribute - old implementation w/a */
8390 request->match_sets[i].rssi_thold = default_match_rssi;
8391 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8392 if (rssi)
8393 request->match_sets[i].rssi_thold =
8394 nla_get_s32(rssi);
8395
8396 /* Parse per band RSSI attribute */
8397 err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
8398 &request->match_sets[i],
8399 tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
8400 request->match_sets[i].rssi_thold);
8401 if (err)
8402 goto out_free;
8403
8404 i++;
8405 }
8406
8407 /* there was no other matchset, so the RSSI one is alone */
8408 if (i == 0 && n_match_sets)
8409 request->match_sets[0].rssi_thold = default_match_rssi;
8410
8411 request->min_rssi_thold = INT_MAX;
8412 for (i = 0; i < n_match_sets; i++)
8413 request->min_rssi_thold =
8414 min(request->match_sets[i].rssi_thold,
8415 request->min_rssi_thold);
8416 } else {
8417 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8418 }
8419
8420 if (ie_len) {
8421 request->ie_len = ie_len;
8422 memcpy((void *)request->ie,
8423 nla_data(attrs[NL80211_ATTR_IE]),
8424 request->ie_len);
8425 }
8426
8427 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8428 if (err)
8429 goto out_free;
8430
8431 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8432 request->delay =
8433 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8434
8435 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8436 request->relative_rssi = nla_get_s8(
8437 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8438 request->relative_rssi_set = true;
8439 }
8440
8441 if (request->relative_rssi_set &&
8442 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8443 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8444
8445 rssi_adjust = nla_data(
8446 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8447 request->rssi_adjust.band = rssi_adjust->band;
8448 request->rssi_adjust.delta = rssi_adjust->delta;
8449 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8450 err = -EINVAL;
8451 goto out_free;
8452 }
8453 }
8454
8455 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8456 if (err)
8457 goto out_free;
8458
8459 request->scan_start = jiffies;
8460
8461 return request;
8462
8463 out_free:
8464 kfree(request);
8465 return ERR_PTR(err);
8466 }
8467
nl80211_start_sched_scan(struct sk_buff * skb,struct genl_info * info)8468 static int nl80211_start_sched_scan(struct sk_buff *skb,
8469 struct genl_info *info)
8470 {
8471 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8472 struct net_device *dev = info->user_ptr[1];
8473 struct wireless_dev *wdev = dev->ieee80211_ptr;
8474 struct cfg80211_sched_scan_request *sched_scan_req;
8475 bool want_multi;
8476 int err;
8477
8478 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8479 return -EOPNOTSUPP;
8480
8481 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
8482 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
8483 if (err)
8484 return err;
8485
8486 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
8487 info->attrs,
8488 rdev->wiphy.max_match_sets);
8489
8490 err = PTR_ERR_OR_ZERO(sched_scan_req);
8491 if (err)
8492 goto out_err;
8493
8494 /* leave request id zero for legacy request
8495 * or if driver does not support multi-scheduled scan
8496 */
8497 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
8498 while (!sched_scan_req->reqid)
8499 sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
8500 }
8501
8502 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
8503 if (err)
8504 goto out_free;
8505
8506 sched_scan_req->dev = dev;
8507 sched_scan_req->wiphy = &rdev->wiphy;
8508
8509 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
8510 sched_scan_req->owner_nlportid = info->snd_portid;
8511
8512 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
8513
8514 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
8515 return 0;
8516
8517 out_free:
8518 kfree(sched_scan_req);
8519 out_err:
8520 return err;
8521 }
8522
nl80211_stop_sched_scan(struct sk_buff * skb,struct genl_info * info)8523 static int nl80211_stop_sched_scan(struct sk_buff *skb,
8524 struct genl_info *info)
8525 {
8526 struct cfg80211_sched_scan_request *req;
8527 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8528 u64 cookie;
8529
8530 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
8531 return -EOPNOTSUPP;
8532
8533 if (info->attrs[NL80211_ATTR_COOKIE]) {
8534 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8535 return __cfg80211_stop_sched_scan(rdev, cookie, false);
8536 }
8537
8538 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
8539 struct cfg80211_sched_scan_request,
8540 list);
8541 if (!req || req->reqid ||
8542 (req->owner_nlportid &&
8543 req->owner_nlportid != info->snd_portid))
8544 return -ENOENT;
8545
8546 return cfg80211_stop_sched_scan_req(rdev, req, false);
8547 }
8548
nl80211_start_radar_detection(struct sk_buff * skb,struct genl_info * info)8549 static int nl80211_start_radar_detection(struct sk_buff *skb,
8550 struct genl_info *info)
8551 {
8552 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8553 struct net_device *dev = info->user_ptr[1];
8554 struct wireless_dev *wdev = dev->ieee80211_ptr;
8555 struct wiphy *wiphy = wdev->wiphy;
8556 struct cfg80211_chan_def chandef;
8557 enum nl80211_dfs_regions dfs_region;
8558 unsigned int cac_time_ms;
8559 int err;
8560
8561 dfs_region = reg_get_dfs_region(wiphy);
8562 if (dfs_region == NL80211_DFS_UNSET)
8563 return -EINVAL;
8564
8565 err = nl80211_parse_chandef(rdev, info, &chandef);
8566 if (err)
8567 return err;
8568
8569 if (netif_carrier_ok(dev))
8570 return -EBUSY;
8571
8572 if (wdev->cac_started)
8573 return -EBUSY;
8574
8575 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8576 if (err < 0)
8577 return err;
8578
8579 if (err == 0)
8580 return -EINVAL;
8581
8582 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
8583 return -EINVAL;
8584
8585 /* CAC start is offloaded to HW and can't be started manually */
8586 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
8587 return -EOPNOTSUPP;
8588
8589 if (!rdev->ops->start_radar_detection)
8590 return -EOPNOTSUPP;
8591
8592 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
8593 if (WARN_ON(!cac_time_ms))
8594 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
8595
8596 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
8597 if (!err) {
8598 wdev->chandef = chandef;
8599 wdev->cac_started = true;
8600 wdev->cac_start_time = jiffies;
8601 wdev->cac_time_ms = cac_time_ms;
8602 }
8603 return err;
8604 }
8605
nl80211_notify_radar_detection(struct sk_buff * skb,struct genl_info * info)8606 static int nl80211_notify_radar_detection(struct sk_buff *skb,
8607 struct genl_info *info)
8608 {
8609 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8610 struct net_device *dev = info->user_ptr[1];
8611 struct wireless_dev *wdev = dev->ieee80211_ptr;
8612 struct wiphy *wiphy = wdev->wiphy;
8613 struct cfg80211_chan_def chandef;
8614 enum nl80211_dfs_regions dfs_region;
8615 int err;
8616
8617 dfs_region = reg_get_dfs_region(wiphy);
8618 if (dfs_region == NL80211_DFS_UNSET) {
8619 GENL_SET_ERR_MSG(info,
8620 "DFS Region is not set. Unexpected Radar indication");
8621 return -EINVAL;
8622 }
8623
8624 err = nl80211_parse_chandef(rdev, info, &chandef);
8625 if (err) {
8626 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
8627 return err;
8628 }
8629
8630 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8631 if (err < 0) {
8632 GENL_SET_ERR_MSG(info, "chandef is invalid");
8633 return err;
8634 }
8635
8636 if (err == 0) {
8637 GENL_SET_ERR_MSG(info,
8638 "Unexpected Radar indication for chandef/iftype");
8639 return -EINVAL;
8640 }
8641
8642 /* Do not process this notification if radar is already detected
8643 * by kernel on this channel, and return success.
8644 */
8645 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
8646 return 0;
8647
8648 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
8649
8650 cfg80211_sched_dfs_chan_update(rdev);
8651
8652 rdev->radar_chandef = chandef;
8653
8654 /* Propagate this notification to other radios as well */
8655 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
8656
8657 return 0;
8658 }
8659
nl80211_channel_switch(struct sk_buff * skb,struct genl_info * info)8660 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
8661 {
8662 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8663 struct net_device *dev = info->user_ptr[1];
8664 struct wireless_dev *wdev = dev->ieee80211_ptr;
8665 struct cfg80211_csa_settings params;
8666 /* csa_attrs is defined static to avoid waste of stack size - this
8667 * function is called under RTNL lock, so this should not be a problem.
8668 */
8669 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
8670 int err;
8671 bool need_new_beacon = false;
8672 bool need_handle_dfs_flag = true;
8673 int len, i;
8674 u32 cs_count;
8675
8676 if (!rdev->ops->channel_switch ||
8677 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
8678 return -EOPNOTSUPP;
8679
8680 switch (dev->ieee80211_ptr->iftype) {
8681 case NL80211_IFTYPE_AP:
8682 case NL80211_IFTYPE_P2P_GO:
8683 need_new_beacon = true;
8684 /* For all modes except AP the handle_dfs flag needs to be
8685 * supplied to tell the kernel that userspace will handle radar
8686 * events when they happen. Otherwise a switch to a channel
8687 * requiring DFS will be rejected.
8688 */
8689 need_handle_dfs_flag = false;
8690
8691 /* useless if AP is not running */
8692 if (!wdev->beacon_interval)
8693 return -ENOTCONN;
8694 break;
8695 case NL80211_IFTYPE_ADHOC:
8696 if (!wdev->ssid_len)
8697 return -ENOTCONN;
8698 break;
8699 case NL80211_IFTYPE_MESH_POINT:
8700 if (!wdev->mesh_id_len)
8701 return -ENOTCONN;
8702 break;
8703 default:
8704 return -EOPNOTSUPP;
8705 }
8706
8707 memset(¶ms, 0, sizeof(params));
8708 params.beacon_csa.ftm_responder = -1;
8709
8710 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8711 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
8712 return -EINVAL;
8713
8714 /* only important for AP, IBSS and mesh create IEs internally */
8715 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
8716 return -EINVAL;
8717
8718 /* Even though the attribute is u32, the specification says
8719 * u8, so let's make sure we don't overflow.
8720 */
8721 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
8722 if (cs_count > 255)
8723 return -EINVAL;
8724
8725 params.count = cs_count;
8726
8727 if (!need_new_beacon)
8728 goto skip_beacons;
8729
8730 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_after);
8731 if (err)
8732 return err;
8733
8734 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
8735 info->attrs[NL80211_ATTR_CSA_IES],
8736 nl80211_policy, info->extack);
8737 if (err)
8738 return err;
8739
8740 err = nl80211_parse_beacon(rdev, csa_attrs, ¶ms.beacon_csa);
8741 if (err)
8742 return err;
8743
8744 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
8745 return -EINVAL;
8746
8747 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8748 if (!len || (len % sizeof(u16)))
8749 return -EINVAL;
8750
8751 params.n_counter_offsets_beacon = len / sizeof(u16);
8752 if (rdev->wiphy.max_num_csa_counters &&
8753 (params.n_counter_offsets_beacon >
8754 rdev->wiphy.max_num_csa_counters))
8755 return -EINVAL;
8756
8757 params.counter_offsets_beacon =
8758 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8759
8760 /* sanity checks - counters should fit and be the same */
8761 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
8762 u16 offset = params.counter_offsets_beacon[i];
8763
8764 if (offset >= params.beacon_csa.tail_len)
8765 return -EINVAL;
8766
8767 if (params.beacon_csa.tail[offset] != params.count)
8768 return -EINVAL;
8769 }
8770
8771 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
8772 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8773 if (!len || (len % sizeof(u16)))
8774 return -EINVAL;
8775
8776 params.n_counter_offsets_presp = len / sizeof(u16);
8777 if (rdev->wiphy.max_num_csa_counters &&
8778 (params.n_counter_offsets_presp >
8779 rdev->wiphy.max_num_csa_counters))
8780 return -EINVAL;
8781
8782 params.counter_offsets_presp =
8783 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8784
8785 /* sanity checks - counters should fit and be the same */
8786 for (i = 0; i < params.n_counter_offsets_presp; i++) {
8787 u16 offset = params.counter_offsets_presp[i];
8788
8789 if (offset >= params.beacon_csa.probe_resp_len)
8790 return -EINVAL;
8791
8792 if (params.beacon_csa.probe_resp[offset] !=
8793 params.count)
8794 return -EINVAL;
8795 }
8796 }
8797
8798 skip_beacons:
8799 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
8800 if (err)
8801 return err;
8802
8803 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
8804 wdev->iftype))
8805 return -EINVAL;
8806
8807 err = cfg80211_chandef_dfs_required(wdev->wiphy,
8808 ¶ms.chandef,
8809 wdev->iftype);
8810 if (err < 0)
8811 return err;
8812
8813 if (err > 0) {
8814 params.radar_required = true;
8815 if (need_handle_dfs_flag &&
8816 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
8817 return -EINVAL;
8818 }
8819 }
8820
8821 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
8822 params.block_tx = true;
8823
8824 wdev_lock(wdev);
8825 err = rdev_channel_switch(rdev, dev, ¶ms);
8826 wdev_unlock(wdev);
8827
8828 return err;
8829 }
8830
nl80211_send_bss(struct sk_buff * msg,struct netlink_callback * cb,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,struct cfg80211_internal_bss * intbss)8831 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
8832 u32 seq, int flags,
8833 struct cfg80211_registered_device *rdev,
8834 struct wireless_dev *wdev,
8835 struct cfg80211_internal_bss *intbss)
8836 {
8837 struct cfg80211_bss *res = &intbss->pub;
8838 const struct cfg80211_bss_ies *ies;
8839 void *hdr;
8840 struct nlattr *bss;
8841
8842 ASSERT_WDEV_LOCK(wdev);
8843
8844 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8845 NL80211_CMD_NEW_SCAN_RESULTS);
8846 if (!hdr)
8847 return -1;
8848
8849 genl_dump_check_consistent(cb, hdr);
8850
8851 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
8852 goto nla_put_failure;
8853 if (wdev->netdev &&
8854 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
8855 goto nla_put_failure;
8856 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
8857 NL80211_ATTR_PAD))
8858 goto nla_put_failure;
8859
8860 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
8861 if (!bss)
8862 goto nla_put_failure;
8863 if ((!is_zero_ether_addr(res->bssid) &&
8864 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
8865 goto nla_put_failure;
8866
8867 rcu_read_lock();
8868 /* indicate whether we have probe response data or not */
8869 if (rcu_access_pointer(res->proberesp_ies) &&
8870 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
8871 goto fail_unlock_rcu;
8872
8873 /* this pointer prefers to be pointed to probe response data
8874 * but is always valid
8875 */
8876 ies = rcu_dereference(res->ies);
8877 if (ies) {
8878 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
8879 NL80211_BSS_PAD))
8880 goto fail_unlock_rcu;
8881 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
8882 ies->len, ies->data))
8883 goto fail_unlock_rcu;
8884 }
8885
8886 /* and this pointer is always (unless driver didn't know) beacon data */
8887 ies = rcu_dereference(res->beacon_ies);
8888 if (ies && ies->from_beacon) {
8889 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
8890 NL80211_BSS_PAD))
8891 goto fail_unlock_rcu;
8892 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
8893 ies->len, ies->data))
8894 goto fail_unlock_rcu;
8895 }
8896 rcu_read_unlock();
8897
8898 if (res->beacon_interval &&
8899 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
8900 goto nla_put_failure;
8901 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
8902 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
8903 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
8904 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
8905 jiffies_to_msecs(jiffies - intbss->ts)))
8906 goto nla_put_failure;
8907
8908 if (intbss->parent_tsf &&
8909 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
8910 intbss->parent_tsf, NL80211_BSS_PAD) ||
8911 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
8912 intbss->parent_bssid)))
8913 goto nla_put_failure;
8914
8915 if (intbss->ts_boottime &&
8916 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
8917 intbss->ts_boottime, NL80211_BSS_PAD))
8918 goto nla_put_failure;
8919
8920 if (!nl80211_put_signal(msg, intbss->pub.chains,
8921 intbss->pub.chain_signal,
8922 NL80211_BSS_CHAIN_SIGNAL))
8923 goto nla_put_failure;
8924
8925 switch (rdev->wiphy.signal_type) {
8926 case CFG80211_SIGNAL_TYPE_MBM:
8927 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
8928 goto nla_put_failure;
8929 break;
8930 case CFG80211_SIGNAL_TYPE_UNSPEC:
8931 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
8932 goto nla_put_failure;
8933 break;
8934 default:
8935 break;
8936 }
8937
8938 switch (wdev->iftype) {
8939 case NL80211_IFTYPE_P2P_CLIENT:
8940 case NL80211_IFTYPE_STATION:
8941 if (intbss == wdev->current_bss &&
8942 nla_put_u32(msg, NL80211_BSS_STATUS,
8943 NL80211_BSS_STATUS_ASSOCIATED))
8944 goto nla_put_failure;
8945 break;
8946 case NL80211_IFTYPE_ADHOC:
8947 if (intbss == wdev->current_bss &&
8948 nla_put_u32(msg, NL80211_BSS_STATUS,
8949 NL80211_BSS_STATUS_IBSS_JOINED))
8950 goto nla_put_failure;
8951 break;
8952 default:
8953 break;
8954 }
8955
8956 nla_nest_end(msg, bss);
8957
8958 genlmsg_end(msg, hdr);
8959 return 0;
8960
8961 fail_unlock_rcu:
8962 rcu_read_unlock();
8963 nla_put_failure:
8964 genlmsg_cancel(msg, hdr);
8965 return -EMSGSIZE;
8966 }
8967
nl80211_dump_scan(struct sk_buff * skb,struct netlink_callback * cb)8968 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
8969 {
8970 struct cfg80211_registered_device *rdev;
8971 struct cfg80211_internal_bss *scan;
8972 struct wireless_dev *wdev;
8973 int start = cb->args[2], idx = 0;
8974 int err;
8975
8976 rtnl_lock();
8977 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8978 if (err) {
8979 rtnl_unlock();
8980 return err;
8981 }
8982
8983 wdev_lock(wdev);
8984 spin_lock_bh(&rdev->bss_lock);
8985
8986 /*
8987 * dump_scan will be called multiple times to break up the scan results
8988 * into multiple messages. It is unlikely that any more bss-es will be
8989 * expired after the first call, so only call only call this on the
8990 * first dump_scan invocation.
8991 */
8992 if (start == 0)
8993 cfg80211_bss_expire(rdev);
8994
8995 cb->seq = rdev->bss_generation;
8996
8997 list_for_each_entry(scan, &rdev->bss_list, list) {
8998 if (++idx <= start)
8999 continue;
9000 if (nl80211_send_bss(skb, cb,
9001 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9002 rdev, wdev, scan) < 0) {
9003 idx--;
9004 break;
9005 }
9006 }
9007
9008 spin_unlock_bh(&rdev->bss_lock);
9009 wdev_unlock(wdev);
9010
9011 cb->args[2] = idx;
9012 rtnl_unlock();
9013
9014 return skb->len;
9015 }
9016
nl80211_send_survey(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,bool allow_radio_stats,struct survey_info * survey)9017 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
9018 int flags, struct net_device *dev,
9019 bool allow_radio_stats,
9020 struct survey_info *survey)
9021 {
9022 void *hdr;
9023 struct nlattr *infoattr;
9024
9025 /* skip radio stats if userspace didn't request them */
9026 if (!survey->channel && !allow_radio_stats)
9027 return 0;
9028
9029 hdr = nl80211hdr_put(msg, portid, seq, flags,
9030 NL80211_CMD_NEW_SURVEY_RESULTS);
9031 if (!hdr)
9032 return -ENOMEM;
9033
9034 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
9035 goto nla_put_failure;
9036
9037 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
9038 if (!infoattr)
9039 goto nla_put_failure;
9040
9041 if (survey->channel &&
9042 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
9043 survey->channel->center_freq))
9044 goto nla_put_failure;
9045
9046 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
9047 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
9048 goto nla_put_failure;
9049 if ((survey->filled & SURVEY_INFO_IN_USE) &&
9050 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
9051 goto nla_put_failure;
9052 if ((survey->filled & SURVEY_INFO_TIME) &&
9053 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
9054 survey->time, NL80211_SURVEY_INFO_PAD))
9055 goto nla_put_failure;
9056 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
9057 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
9058 survey->time_busy, NL80211_SURVEY_INFO_PAD))
9059 goto nla_put_failure;
9060 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
9061 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
9062 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
9063 goto nla_put_failure;
9064 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
9065 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
9066 survey->time_rx, NL80211_SURVEY_INFO_PAD))
9067 goto nla_put_failure;
9068 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
9069 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
9070 survey->time_tx, NL80211_SURVEY_INFO_PAD))
9071 goto nla_put_failure;
9072 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
9073 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
9074 survey->time_scan, NL80211_SURVEY_INFO_PAD))
9075 goto nla_put_failure;
9076 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
9077 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
9078 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
9079 goto nla_put_failure;
9080
9081 nla_nest_end(msg, infoattr);
9082
9083 genlmsg_end(msg, hdr);
9084 return 0;
9085
9086 nla_put_failure:
9087 genlmsg_cancel(msg, hdr);
9088 return -EMSGSIZE;
9089 }
9090
nl80211_dump_survey(struct sk_buff * skb,struct netlink_callback * cb)9091 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
9092 {
9093 struct nlattr **attrbuf;
9094 struct survey_info survey;
9095 struct cfg80211_registered_device *rdev;
9096 struct wireless_dev *wdev;
9097 int survey_idx = cb->args[2];
9098 int res;
9099 bool radio_stats;
9100
9101 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
9102 if (!attrbuf)
9103 return -ENOMEM;
9104
9105 rtnl_lock();
9106 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9107 if (res)
9108 goto out_err;
9109
9110 /* prepare_wdev_dump parsed the attributes */
9111 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
9112
9113 if (!wdev->netdev) {
9114 res = -EINVAL;
9115 goto out_err;
9116 }
9117
9118 if (!rdev->ops->dump_survey) {
9119 res = -EOPNOTSUPP;
9120 goto out_err;
9121 }
9122
9123 while (1) {
9124 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
9125 if (res == -ENOENT)
9126 break;
9127 if (res)
9128 goto out_err;
9129
9130 /* don't send disabled channels, but do send non-channel data */
9131 if (survey.channel &&
9132 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
9133 survey_idx++;
9134 continue;
9135 }
9136
9137 if (nl80211_send_survey(skb,
9138 NETLINK_CB(cb->skb).portid,
9139 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9140 wdev->netdev, radio_stats, &survey) < 0)
9141 goto out;
9142 survey_idx++;
9143 }
9144
9145 out:
9146 cb->args[2] = survey_idx;
9147 res = skb->len;
9148 out_err:
9149 kfree(attrbuf);
9150 rtnl_unlock();
9151 return res;
9152 }
9153
nl80211_valid_wpa_versions(u32 wpa_versions)9154 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
9155 {
9156 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
9157 NL80211_WPA_VERSION_2 |
9158 NL80211_WPA_VERSION_3));
9159 }
9160
nl80211_authenticate(struct sk_buff * skb,struct genl_info * info)9161 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
9162 {
9163 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9164 struct net_device *dev = info->user_ptr[1];
9165 struct ieee80211_channel *chan;
9166 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
9167 int err, ssid_len, ie_len = 0, auth_data_len = 0;
9168 enum nl80211_auth_type auth_type;
9169 struct key_parse key;
9170 bool local_state_change;
9171
9172 if (!info->attrs[NL80211_ATTR_MAC])
9173 return -EINVAL;
9174
9175 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
9176 return -EINVAL;
9177
9178 if (!info->attrs[NL80211_ATTR_SSID])
9179 return -EINVAL;
9180
9181 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9182 return -EINVAL;
9183
9184 err = nl80211_parse_key(info, &key);
9185 if (err)
9186 return err;
9187
9188 if (key.idx >= 0) {
9189 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
9190 return -EINVAL;
9191 if (!key.p.key || !key.p.key_len)
9192 return -EINVAL;
9193 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
9194 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
9195 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
9196 key.p.key_len != WLAN_KEY_LEN_WEP104))
9197 return -EINVAL;
9198 if (key.idx > 3)
9199 return -EINVAL;
9200 } else {
9201 key.p.key_len = 0;
9202 key.p.key = NULL;
9203 }
9204
9205 if (key.idx >= 0) {
9206 int i;
9207 bool ok = false;
9208
9209 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
9210 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
9211 ok = true;
9212 break;
9213 }
9214 }
9215 if (!ok)
9216 return -EINVAL;
9217 }
9218
9219 if (!rdev->ops->auth)
9220 return -EOPNOTSUPP;
9221
9222 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9223 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9224 return -EOPNOTSUPP;
9225
9226 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9227 chan = nl80211_get_valid_chan(&rdev->wiphy,
9228 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9229 if (!chan)
9230 return -EINVAL;
9231
9232 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9233 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9234
9235 if (info->attrs[NL80211_ATTR_IE]) {
9236 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9237 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9238 }
9239
9240 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9241 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
9242 return -EINVAL;
9243
9244 if ((auth_type == NL80211_AUTHTYPE_SAE ||
9245 auth_type == NL80211_AUTHTYPE_FILS_SK ||
9246 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
9247 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
9248 !info->attrs[NL80211_ATTR_AUTH_DATA])
9249 return -EINVAL;
9250
9251 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
9252 if (auth_type != NL80211_AUTHTYPE_SAE &&
9253 auth_type != NL80211_AUTHTYPE_FILS_SK &&
9254 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
9255 auth_type != NL80211_AUTHTYPE_FILS_PK)
9256 return -EINVAL;
9257 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
9258 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
9259 /* need to include at least Auth Transaction and Status Code */
9260 if (auth_data_len < 4)
9261 return -EINVAL;
9262 }
9263
9264 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9265
9266 /*
9267 * Since we no longer track auth state, ignore
9268 * requests to only change local state.
9269 */
9270 if (local_state_change)
9271 return 0;
9272
9273 wdev_lock(dev->ieee80211_ptr);
9274 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
9275 ssid, ssid_len, ie, ie_len,
9276 key.p.key, key.p.key_len, key.idx,
9277 auth_data, auth_data_len);
9278 wdev_unlock(dev->ieee80211_ptr);
9279 return err;
9280 }
9281
validate_pae_over_nl80211(struct cfg80211_registered_device * rdev,struct genl_info * info)9282 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
9283 struct genl_info *info)
9284 {
9285 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9286 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
9287 return -EINVAL;
9288 }
9289
9290 if (!rdev->ops->tx_control_port ||
9291 !wiphy_ext_feature_isset(&rdev->wiphy,
9292 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
9293 return -EOPNOTSUPP;
9294
9295 return 0;
9296 }
9297
nl80211_crypto_settings(struct cfg80211_registered_device * rdev,struct genl_info * info,struct cfg80211_crypto_settings * settings,int cipher_limit)9298 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
9299 struct genl_info *info,
9300 struct cfg80211_crypto_settings *settings,
9301 int cipher_limit)
9302 {
9303 memset(settings, 0, sizeof(*settings));
9304
9305 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
9306
9307 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
9308 u16 proto;
9309
9310 proto = nla_get_u16(
9311 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
9312 settings->control_port_ethertype = cpu_to_be16(proto);
9313 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
9314 proto != ETH_P_PAE)
9315 return -EINVAL;
9316 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
9317 settings->control_port_no_encrypt = true;
9318 } else
9319 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
9320
9321 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9322 int r = validate_pae_over_nl80211(rdev, info);
9323
9324 if (r < 0)
9325 return r;
9326
9327 settings->control_port_over_nl80211 = true;
9328 }
9329
9330 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
9331 void *data;
9332 int len, i;
9333
9334 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9335 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9336 settings->n_ciphers_pairwise = len / sizeof(u32);
9337
9338 if (len % sizeof(u32))
9339 return -EINVAL;
9340
9341 if (settings->n_ciphers_pairwise > cipher_limit)
9342 return -EINVAL;
9343
9344 memcpy(settings->ciphers_pairwise, data, len);
9345
9346 for (i = 0; i < settings->n_ciphers_pairwise; i++)
9347 if (!cfg80211_supported_cipher_suite(
9348 &rdev->wiphy,
9349 settings->ciphers_pairwise[i]))
9350 return -EINVAL;
9351 }
9352
9353 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
9354 settings->cipher_group =
9355 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
9356 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
9357 settings->cipher_group))
9358 return -EINVAL;
9359 }
9360
9361 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
9362 settings->wpa_versions =
9363 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
9364 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
9365 return -EINVAL;
9366 }
9367
9368 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
9369 void *data;
9370 int len;
9371
9372 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
9373 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
9374 settings->n_akm_suites = len / sizeof(u32);
9375
9376 if (len % sizeof(u32))
9377 return -EINVAL;
9378
9379 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
9380 return -EINVAL;
9381
9382 memcpy(settings->akm_suites, data, len);
9383 }
9384
9385 if (info->attrs[NL80211_ATTR_PMK]) {
9386 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
9387 return -EINVAL;
9388 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9389 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
9390 return -EINVAL;
9391 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9392 }
9393
9394 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
9395 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9396 NL80211_EXT_FEATURE_SAE_OFFLOAD))
9397 return -EINVAL;
9398 settings->sae_pwd =
9399 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9400 settings->sae_pwd_len =
9401 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9402 }
9403
9404 return 0;
9405 }
9406
nl80211_associate(struct sk_buff * skb,struct genl_info * info)9407 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
9408 {
9409 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9410 struct net_device *dev = info->user_ptr[1];
9411 struct ieee80211_channel *chan;
9412 struct cfg80211_assoc_request req = {};
9413 const u8 *bssid, *ssid;
9414 int err, ssid_len = 0;
9415
9416 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9417 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9418 return -EPERM;
9419
9420 if (!info->attrs[NL80211_ATTR_MAC] ||
9421 !info->attrs[NL80211_ATTR_SSID] ||
9422 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9423 return -EINVAL;
9424
9425 if (!rdev->ops->assoc)
9426 return -EOPNOTSUPP;
9427
9428 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9429 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9430 return -EOPNOTSUPP;
9431
9432 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9433
9434 chan = nl80211_get_valid_chan(&rdev->wiphy,
9435 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9436 if (!chan)
9437 return -EINVAL;
9438
9439 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9440 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9441
9442 if (info->attrs[NL80211_ATTR_IE]) {
9443 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9444 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9445 }
9446
9447 if (info->attrs[NL80211_ATTR_USE_MFP]) {
9448 enum nl80211_mfp mfp =
9449 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9450 if (mfp == NL80211_MFP_REQUIRED)
9451 req.use_mfp = true;
9452 else if (mfp != NL80211_MFP_NO)
9453 return -EINVAL;
9454 }
9455
9456 if (info->attrs[NL80211_ATTR_PREV_BSSID])
9457 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9458
9459 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9460 req.flags |= ASSOC_REQ_DISABLE_HT;
9461
9462 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9463 memcpy(&req.ht_capa_mask,
9464 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9465 sizeof(req.ht_capa_mask));
9466
9467 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9468 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9469 return -EINVAL;
9470 memcpy(&req.ht_capa,
9471 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9472 sizeof(req.ht_capa));
9473 }
9474
9475 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9476 req.flags |= ASSOC_REQ_DISABLE_VHT;
9477
9478 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9479 memcpy(&req.vht_capa_mask,
9480 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9481 sizeof(req.vht_capa_mask));
9482
9483 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9484 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9485 return -EINVAL;
9486 memcpy(&req.vht_capa,
9487 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9488 sizeof(req.vht_capa));
9489 }
9490
9491 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9492 if (!((rdev->wiphy.features &
9493 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9494 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9495 !wiphy_ext_feature_isset(&rdev->wiphy,
9496 NL80211_EXT_FEATURE_RRM))
9497 return -EINVAL;
9498 req.flags |= ASSOC_REQ_USE_RRM;
9499 }
9500
9501 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
9502 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
9503 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
9504 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
9505 return -EINVAL;
9506 req.fils_nonces =
9507 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
9508 }
9509
9510 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
9511 if (!err) {
9512 wdev_lock(dev->ieee80211_ptr);
9513
9514 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
9515 ssid, ssid_len, &req);
9516
9517 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9518 dev->ieee80211_ptr->conn_owner_nlportid =
9519 info->snd_portid;
9520 memcpy(dev->ieee80211_ptr->disconnect_bssid,
9521 bssid, ETH_ALEN);
9522 }
9523
9524 wdev_unlock(dev->ieee80211_ptr);
9525 }
9526
9527 return err;
9528 }
9529
nl80211_deauthenticate(struct sk_buff * skb,struct genl_info * info)9530 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
9531 {
9532 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9533 struct net_device *dev = info->user_ptr[1];
9534 const u8 *ie = NULL, *bssid;
9535 int ie_len = 0, err;
9536 u16 reason_code;
9537 bool local_state_change;
9538
9539 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9540 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9541 return -EPERM;
9542
9543 if (!info->attrs[NL80211_ATTR_MAC])
9544 return -EINVAL;
9545
9546 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9547 return -EINVAL;
9548
9549 if (!rdev->ops->deauth)
9550 return -EOPNOTSUPP;
9551
9552 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9553 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9554 return -EOPNOTSUPP;
9555
9556 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9557
9558 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9559 if (reason_code == 0) {
9560 /* Reason Code 0 is reserved */
9561 return -EINVAL;
9562 }
9563
9564 if (info->attrs[NL80211_ATTR_IE]) {
9565 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9566 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9567 }
9568
9569 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9570
9571 wdev_lock(dev->ieee80211_ptr);
9572 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
9573 local_state_change);
9574 wdev_unlock(dev->ieee80211_ptr);
9575 return err;
9576 }
9577
nl80211_disassociate(struct sk_buff * skb,struct genl_info * info)9578 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
9579 {
9580 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9581 struct net_device *dev = info->user_ptr[1];
9582 const u8 *ie = NULL, *bssid;
9583 int ie_len = 0, err;
9584 u16 reason_code;
9585 bool local_state_change;
9586
9587 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9588 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9589 return -EPERM;
9590
9591 if (!info->attrs[NL80211_ATTR_MAC])
9592 return -EINVAL;
9593
9594 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9595 return -EINVAL;
9596
9597 if (!rdev->ops->disassoc)
9598 return -EOPNOTSUPP;
9599
9600 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9601 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9602 return -EOPNOTSUPP;
9603
9604 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9605
9606 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9607 if (reason_code == 0) {
9608 /* Reason Code 0 is reserved */
9609 return -EINVAL;
9610 }
9611
9612 if (info->attrs[NL80211_ATTR_IE]) {
9613 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9614 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9615 }
9616
9617 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9618
9619 wdev_lock(dev->ieee80211_ptr);
9620 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
9621 local_state_change);
9622 wdev_unlock(dev->ieee80211_ptr);
9623 return err;
9624 }
9625
9626 static bool
nl80211_parse_mcast_rate(struct cfg80211_registered_device * rdev,int mcast_rate[NUM_NL80211_BANDS],int rateval)9627 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
9628 int mcast_rate[NUM_NL80211_BANDS],
9629 int rateval)
9630 {
9631 struct wiphy *wiphy = &rdev->wiphy;
9632 bool found = false;
9633 int band, i;
9634
9635 for (band = 0; band < NUM_NL80211_BANDS; band++) {
9636 struct ieee80211_supported_band *sband;
9637
9638 sband = wiphy->bands[band];
9639 if (!sband)
9640 continue;
9641
9642 for (i = 0; i < sband->n_bitrates; i++) {
9643 if (sband->bitrates[i].bitrate == rateval) {
9644 mcast_rate[band] = i + 1;
9645 found = true;
9646 break;
9647 }
9648 }
9649 }
9650
9651 return found;
9652 }
9653
nl80211_join_ibss(struct sk_buff * skb,struct genl_info * info)9654 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
9655 {
9656 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9657 struct net_device *dev = info->user_ptr[1];
9658 struct cfg80211_ibss_params ibss;
9659 struct wiphy *wiphy;
9660 struct cfg80211_cached_keys *connkeys = NULL;
9661 int err;
9662
9663 memset(&ibss, 0, sizeof(ibss));
9664
9665 if (!info->attrs[NL80211_ATTR_SSID] ||
9666 !nla_len(info->attrs[NL80211_ATTR_SSID]))
9667 return -EINVAL;
9668
9669 ibss.beacon_interval = 100;
9670
9671 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
9672 ibss.beacon_interval =
9673 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9674
9675 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
9676 ibss.beacon_interval);
9677 if (err)
9678 return err;
9679
9680 if (!rdev->ops->join_ibss)
9681 return -EOPNOTSUPP;
9682
9683 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9684 return -EOPNOTSUPP;
9685
9686 wiphy = &rdev->wiphy;
9687
9688 if (info->attrs[NL80211_ATTR_MAC]) {
9689 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9690
9691 if (!is_valid_ether_addr(ibss.bssid))
9692 return -EINVAL;
9693 }
9694 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9695 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9696
9697 if (info->attrs[NL80211_ATTR_IE]) {
9698 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9699 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9700 }
9701
9702 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
9703 if (err)
9704 return err;
9705
9706 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
9707 NL80211_IFTYPE_ADHOC))
9708 return -EINVAL;
9709
9710 switch (ibss.chandef.width) {
9711 case NL80211_CHAN_WIDTH_5:
9712 case NL80211_CHAN_WIDTH_10:
9713 case NL80211_CHAN_WIDTH_20_NOHT:
9714 break;
9715 case NL80211_CHAN_WIDTH_20:
9716 case NL80211_CHAN_WIDTH_40:
9717 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9718 return -EINVAL;
9719 break;
9720 case NL80211_CHAN_WIDTH_80:
9721 case NL80211_CHAN_WIDTH_80P80:
9722 case NL80211_CHAN_WIDTH_160:
9723 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9724 return -EINVAL;
9725 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9726 NL80211_EXT_FEATURE_VHT_IBSS))
9727 return -EINVAL;
9728 break;
9729 default:
9730 return -EINVAL;
9731 }
9732
9733 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
9734 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
9735
9736 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9737 u8 *rates =
9738 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9739 int n_rates =
9740 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9741 struct ieee80211_supported_band *sband =
9742 wiphy->bands[ibss.chandef.chan->band];
9743
9744 err = ieee80211_get_ratemask(sband, rates, n_rates,
9745 &ibss.basic_rates);
9746 if (err)
9747 return err;
9748 }
9749
9750 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9751 memcpy(&ibss.ht_capa_mask,
9752 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9753 sizeof(ibss.ht_capa_mask));
9754
9755 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9756 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9757 return -EINVAL;
9758 memcpy(&ibss.ht_capa,
9759 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9760 sizeof(ibss.ht_capa));
9761 }
9762
9763 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9764 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
9765 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9766 return -EINVAL;
9767
9768 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9769 bool no_ht = false;
9770
9771 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
9772 if (IS_ERR(connkeys))
9773 return PTR_ERR(connkeys);
9774
9775 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
9776 no_ht) {
9777 kzfree(connkeys);
9778 return -EINVAL;
9779 }
9780 }
9781
9782 ibss.control_port =
9783 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
9784
9785 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9786 int r = validate_pae_over_nl80211(rdev, info);
9787
9788 if (r < 0) {
9789 kzfree(connkeys);
9790 return r;
9791 }
9792
9793 ibss.control_port_over_nl80211 = true;
9794 }
9795
9796 ibss.userspace_handles_dfs =
9797 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
9798
9799 wdev_lock(dev->ieee80211_ptr);
9800 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
9801 if (err)
9802 kzfree(connkeys);
9803 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9804 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9805 wdev_unlock(dev->ieee80211_ptr);
9806
9807 return err;
9808 }
9809
nl80211_leave_ibss(struct sk_buff * skb,struct genl_info * info)9810 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
9811 {
9812 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9813 struct net_device *dev = info->user_ptr[1];
9814
9815 if (!rdev->ops->leave_ibss)
9816 return -EOPNOTSUPP;
9817
9818 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9819 return -EOPNOTSUPP;
9820
9821 return cfg80211_leave_ibss(rdev, dev, false);
9822 }
9823
nl80211_set_mcast_rate(struct sk_buff * skb,struct genl_info * info)9824 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
9825 {
9826 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9827 struct net_device *dev = info->user_ptr[1];
9828 int mcast_rate[NUM_NL80211_BANDS];
9829 u32 nla_rate;
9830 int err;
9831
9832 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
9833 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
9834 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
9835 return -EOPNOTSUPP;
9836
9837 if (!rdev->ops->set_mcast_rate)
9838 return -EOPNOTSUPP;
9839
9840 memset(mcast_rate, 0, sizeof(mcast_rate));
9841
9842 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
9843 return -EINVAL;
9844
9845 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
9846 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
9847 return -EINVAL;
9848
9849 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
9850
9851 return err;
9852 }
9853
9854 static struct sk_buff *
__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,int approxlen,u32 portid,u32 seq,enum nl80211_commands cmd,enum nl80211_attrs attr,const struct nl80211_vendor_cmd_info * info,gfp_t gfp)9855 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
9856 struct wireless_dev *wdev, int approxlen,
9857 u32 portid, u32 seq, enum nl80211_commands cmd,
9858 enum nl80211_attrs attr,
9859 const struct nl80211_vendor_cmd_info *info,
9860 gfp_t gfp)
9861 {
9862 struct sk_buff *skb;
9863 void *hdr;
9864 struct nlattr *data;
9865
9866 skb = nlmsg_new(approxlen + 100, gfp);
9867 if (!skb)
9868 return NULL;
9869
9870 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
9871 if (!hdr) {
9872 kfree_skb(skb);
9873 return NULL;
9874 }
9875
9876 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
9877 goto nla_put_failure;
9878
9879 if (info) {
9880 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
9881 info->vendor_id))
9882 goto nla_put_failure;
9883 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
9884 info->subcmd))
9885 goto nla_put_failure;
9886 }
9887
9888 if (wdev) {
9889 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
9890 wdev_id(wdev), NL80211_ATTR_PAD))
9891 goto nla_put_failure;
9892 if (wdev->netdev &&
9893 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
9894 wdev->netdev->ifindex))
9895 goto nla_put_failure;
9896 }
9897
9898 data = nla_nest_start_noflag(skb, attr);
9899 if (!data)
9900 goto nla_put_failure;
9901
9902 ((void **)skb->cb)[0] = rdev;
9903 ((void **)skb->cb)[1] = hdr;
9904 ((void **)skb->cb)[2] = data;
9905
9906 return skb;
9907
9908 nla_put_failure:
9909 kfree_skb(skb);
9910 return NULL;
9911 }
9912
__cfg80211_alloc_event_skb(struct wiphy * wiphy,struct wireless_dev * wdev,enum nl80211_commands cmd,enum nl80211_attrs attr,unsigned int portid,int vendor_event_idx,int approxlen,gfp_t gfp)9913 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
9914 struct wireless_dev *wdev,
9915 enum nl80211_commands cmd,
9916 enum nl80211_attrs attr,
9917 unsigned int portid,
9918 int vendor_event_idx,
9919 int approxlen, gfp_t gfp)
9920 {
9921 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9922 const struct nl80211_vendor_cmd_info *info;
9923
9924 switch (cmd) {
9925 case NL80211_CMD_TESTMODE:
9926 if (WARN_ON(vendor_event_idx != -1))
9927 return NULL;
9928 info = NULL;
9929 break;
9930 case NL80211_CMD_VENDOR:
9931 if (WARN_ON(vendor_event_idx < 0 ||
9932 vendor_event_idx >= wiphy->n_vendor_events))
9933 return NULL;
9934 info = &wiphy->vendor_events[vendor_event_idx];
9935 break;
9936 default:
9937 WARN_ON(1);
9938 return NULL;
9939 }
9940
9941 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
9942 cmd, attr, info, gfp);
9943 }
9944 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
9945
__cfg80211_send_event_skb(struct sk_buff * skb,gfp_t gfp)9946 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
9947 {
9948 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9949 void *hdr = ((void **)skb->cb)[1];
9950 struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
9951 struct nlattr *data = ((void **)skb->cb)[2];
9952 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
9953
9954 /* clear CB data for netlink core to own from now on */
9955 memset(skb->cb, 0, sizeof(skb->cb));
9956
9957 nla_nest_end(skb, data);
9958 genlmsg_end(skb, hdr);
9959
9960 if (nlhdr->nlmsg_pid) {
9961 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
9962 nlhdr->nlmsg_pid);
9963 } else {
9964 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
9965 mcgrp = NL80211_MCGRP_VENDOR;
9966
9967 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
9968 skb, 0, mcgrp, gfp);
9969 }
9970 }
9971 EXPORT_SYMBOL(__cfg80211_send_event_skb);
9972
9973 #ifdef CONFIG_NL80211_TESTMODE
nl80211_testmode_do(struct sk_buff * skb,struct genl_info * info)9974 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
9975 {
9976 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9977 struct wireless_dev *wdev =
9978 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9979 int err;
9980
9981 if (!rdev->ops->testmode_cmd)
9982 return -EOPNOTSUPP;
9983
9984 if (IS_ERR(wdev)) {
9985 err = PTR_ERR(wdev);
9986 if (err != -EINVAL)
9987 return err;
9988 wdev = NULL;
9989 } else if (wdev->wiphy != &rdev->wiphy) {
9990 return -EINVAL;
9991 }
9992
9993 if (!info->attrs[NL80211_ATTR_TESTDATA])
9994 return -EINVAL;
9995
9996 rdev->cur_cmd_info = info;
9997 err = rdev_testmode_cmd(rdev, wdev,
9998 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
9999 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
10000 rdev->cur_cmd_info = NULL;
10001
10002 return err;
10003 }
10004
nl80211_testmode_dump(struct sk_buff * skb,struct netlink_callback * cb)10005 static int nl80211_testmode_dump(struct sk_buff *skb,
10006 struct netlink_callback *cb)
10007 {
10008 struct cfg80211_registered_device *rdev;
10009 struct nlattr **attrbuf = NULL;
10010 int err;
10011 long phy_idx;
10012 void *data = NULL;
10013 int data_len = 0;
10014
10015 rtnl_lock();
10016
10017 if (cb->args[0]) {
10018 /*
10019 * 0 is a valid index, but not valid for args[0],
10020 * so we need to offset by 1.
10021 */
10022 phy_idx = cb->args[0] - 1;
10023
10024 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
10025 if (!rdev) {
10026 err = -ENOENT;
10027 goto out_err;
10028 }
10029 } else {
10030 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
10031 GFP_KERNEL);
10032 if (!attrbuf) {
10033 err = -ENOMEM;
10034 goto out_err;
10035 }
10036
10037 err = nlmsg_parse_deprecated(cb->nlh,
10038 GENL_HDRLEN + nl80211_fam.hdrsize,
10039 attrbuf, nl80211_fam.maxattr,
10040 nl80211_policy, NULL);
10041 if (err)
10042 goto out_err;
10043
10044 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
10045 if (IS_ERR(rdev)) {
10046 err = PTR_ERR(rdev);
10047 goto out_err;
10048 }
10049 phy_idx = rdev->wiphy_idx;
10050
10051 if (attrbuf[NL80211_ATTR_TESTDATA])
10052 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
10053 }
10054
10055 if (cb->args[1]) {
10056 data = nla_data((void *)cb->args[1]);
10057 data_len = nla_len((void *)cb->args[1]);
10058 }
10059
10060 if (!rdev->ops->testmode_dump) {
10061 err = -EOPNOTSUPP;
10062 goto out_err;
10063 }
10064
10065 while (1) {
10066 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
10067 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10068 NL80211_CMD_TESTMODE);
10069 struct nlattr *tmdata;
10070
10071 if (!hdr)
10072 break;
10073
10074 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
10075 genlmsg_cancel(skb, hdr);
10076 break;
10077 }
10078
10079 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
10080 if (!tmdata) {
10081 genlmsg_cancel(skb, hdr);
10082 break;
10083 }
10084 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
10085 nla_nest_end(skb, tmdata);
10086
10087 if (err == -ENOBUFS || err == -ENOENT) {
10088 genlmsg_cancel(skb, hdr);
10089 break;
10090 } else if (err) {
10091 genlmsg_cancel(skb, hdr);
10092 goto out_err;
10093 }
10094
10095 genlmsg_end(skb, hdr);
10096 }
10097
10098 err = skb->len;
10099 /* see above */
10100 cb->args[0] = phy_idx + 1;
10101 out_err:
10102 kfree(attrbuf);
10103 rtnl_unlock();
10104 return err;
10105 }
10106 #endif
10107
nl80211_connect(struct sk_buff * skb,struct genl_info * info)10108 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
10109 {
10110 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10111 struct net_device *dev = info->user_ptr[1];
10112 struct cfg80211_connect_params connect;
10113 struct wiphy *wiphy;
10114 struct cfg80211_cached_keys *connkeys = NULL;
10115 int err;
10116
10117 memset(&connect, 0, sizeof(connect));
10118
10119 if (!info->attrs[NL80211_ATTR_SSID] ||
10120 !nla_len(info->attrs[NL80211_ATTR_SSID]))
10121 return -EINVAL;
10122
10123 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10124 connect.auth_type =
10125 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10126 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
10127 NL80211_CMD_CONNECT))
10128 return -EINVAL;
10129 } else
10130 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
10131
10132 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
10133
10134 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
10135 !wiphy_ext_feature_isset(&rdev->wiphy,
10136 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
10137 return -EINVAL;
10138 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
10139
10140 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
10141 NL80211_MAX_NR_CIPHER_SUITES);
10142 if (err)
10143 return err;
10144
10145 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10146 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10147 return -EOPNOTSUPP;
10148
10149 wiphy = &rdev->wiphy;
10150
10151 connect.bg_scan_period = -1;
10152 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
10153 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
10154 connect.bg_scan_period =
10155 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
10156 }
10157
10158 if (info->attrs[NL80211_ATTR_MAC])
10159 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10160 else if (info->attrs[NL80211_ATTR_MAC_HINT])
10161 connect.bssid_hint =
10162 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
10163 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10164 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10165
10166 if (info->attrs[NL80211_ATTR_IE]) {
10167 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10168 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10169 }
10170
10171 if (info->attrs[NL80211_ATTR_USE_MFP]) {
10172 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
10173 if (connect.mfp == NL80211_MFP_OPTIONAL &&
10174 !wiphy_ext_feature_isset(&rdev->wiphy,
10175 NL80211_EXT_FEATURE_MFP_OPTIONAL))
10176 return -EOPNOTSUPP;
10177 } else {
10178 connect.mfp = NL80211_MFP_NO;
10179 }
10180
10181 if (info->attrs[NL80211_ATTR_PREV_BSSID])
10182 connect.prev_bssid =
10183 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
10184
10185 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10186 connect.channel = nl80211_get_valid_chan(
10187 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
10188 if (!connect.channel)
10189 return -EINVAL;
10190 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
10191 connect.channel_hint = nl80211_get_valid_chan(
10192 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
10193 if (!connect.channel_hint)
10194 return -EINVAL;
10195 }
10196
10197 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
10198 connect.edmg.channels =
10199 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
10200
10201 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
10202 connect.edmg.bw_config =
10203 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
10204 }
10205
10206 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
10207 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
10208 if (IS_ERR(connkeys))
10209 return PTR_ERR(connkeys);
10210 }
10211
10212 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
10213 connect.flags |= ASSOC_REQ_DISABLE_HT;
10214
10215 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10216 memcpy(&connect.ht_capa_mask,
10217 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10218 sizeof(connect.ht_capa_mask));
10219
10220 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10221 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
10222 kzfree(connkeys);
10223 return -EINVAL;
10224 }
10225 memcpy(&connect.ht_capa,
10226 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10227 sizeof(connect.ht_capa));
10228 }
10229
10230 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10231 connect.flags |= ASSOC_REQ_DISABLE_VHT;
10232
10233 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10234 memcpy(&connect.vht_capa_mask,
10235 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10236 sizeof(connect.vht_capa_mask));
10237
10238 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10239 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
10240 kzfree(connkeys);
10241 return -EINVAL;
10242 }
10243 memcpy(&connect.vht_capa,
10244 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10245 sizeof(connect.vht_capa));
10246 }
10247
10248 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10249 if (!((rdev->wiphy.features &
10250 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10251 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10252 !wiphy_ext_feature_isset(&rdev->wiphy,
10253 NL80211_EXT_FEATURE_RRM)) {
10254 kzfree(connkeys);
10255 return -EINVAL;
10256 }
10257 connect.flags |= ASSOC_REQ_USE_RRM;
10258 }
10259
10260 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
10261 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
10262 kzfree(connkeys);
10263 return -EOPNOTSUPP;
10264 }
10265
10266 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
10267 /* bss selection makes no sense if bssid is set */
10268 if (connect.bssid) {
10269 kzfree(connkeys);
10270 return -EINVAL;
10271 }
10272
10273 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
10274 wiphy, &connect.bss_select);
10275 if (err) {
10276 kzfree(connkeys);
10277 return err;
10278 }
10279 }
10280
10281 if (wiphy_ext_feature_isset(&rdev->wiphy,
10282 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
10283 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10284 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10285 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10286 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10287 connect.fils_erp_username =
10288 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10289 connect.fils_erp_username_len =
10290 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10291 connect.fils_erp_realm =
10292 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10293 connect.fils_erp_realm_len =
10294 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10295 connect.fils_erp_next_seq_num =
10296 nla_get_u16(
10297 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10298 connect.fils_erp_rrk =
10299 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10300 connect.fils_erp_rrk_len =
10301 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10302 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10303 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10304 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10305 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10306 kzfree(connkeys);
10307 return -EINVAL;
10308 }
10309
10310 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
10311 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10312 kzfree(connkeys);
10313 GENL_SET_ERR_MSG(info,
10314 "external auth requires connection ownership");
10315 return -EINVAL;
10316 }
10317 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
10318 }
10319
10320 wdev_lock(dev->ieee80211_ptr);
10321
10322 err = cfg80211_connect(rdev, dev, &connect, connkeys,
10323 connect.prev_bssid);
10324 if (err)
10325 kzfree(connkeys);
10326
10327 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10328 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10329 if (connect.bssid)
10330 memcpy(dev->ieee80211_ptr->disconnect_bssid,
10331 connect.bssid, ETH_ALEN);
10332 else
10333 memset(dev->ieee80211_ptr->disconnect_bssid,
10334 0, ETH_ALEN);
10335 }
10336
10337 wdev_unlock(dev->ieee80211_ptr);
10338
10339 return err;
10340 }
10341
nl80211_update_connect_params(struct sk_buff * skb,struct genl_info * info)10342 static int nl80211_update_connect_params(struct sk_buff *skb,
10343 struct genl_info *info)
10344 {
10345 struct cfg80211_connect_params connect = {};
10346 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10347 struct net_device *dev = info->user_ptr[1];
10348 struct wireless_dev *wdev = dev->ieee80211_ptr;
10349 bool fils_sk_offload;
10350 u32 auth_type;
10351 u32 changed = 0;
10352 int ret;
10353
10354 if (!rdev->ops->update_connect_params)
10355 return -EOPNOTSUPP;
10356
10357 if (info->attrs[NL80211_ATTR_IE]) {
10358 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10359 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10360 changed |= UPDATE_ASSOC_IES;
10361 }
10362
10363 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
10364 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
10365
10366 /*
10367 * when driver supports fils-sk offload all attributes must be
10368 * provided. So the else covers "fils-sk-not-all" and
10369 * "no-fils-sk-any".
10370 */
10371 if (fils_sk_offload &&
10372 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10373 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10374 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10375 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10376 connect.fils_erp_username =
10377 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10378 connect.fils_erp_username_len =
10379 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10380 connect.fils_erp_realm =
10381 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10382 connect.fils_erp_realm_len =
10383 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10384 connect.fils_erp_next_seq_num =
10385 nla_get_u16(
10386 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10387 connect.fils_erp_rrk =
10388 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10389 connect.fils_erp_rrk_len =
10390 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10391 changed |= UPDATE_FILS_ERP_INFO;
10392 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10393 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10394 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10395 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10396 return -EINVAL;
10397 }
10398
10399 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10400 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10401 if (!nl80211_valid_auth_type(rdev, auth_type,
10402 NL80211_CMD_CONNECT))
10403 return -EINVAL;
10404
10405 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
10406 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
10407 return -EINVAL;
10408
10409 connect.auth_type = auth_type;
10410 changed |= UPDATE_AUTH_TYPE;
10411 }
10412
10413 wdev_lock(dev->ieee80211_ptr);
10414 if (!wdev->current_bss)
10415 ret = -ENOLINK;
10416 else
10417 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
10418 wdev_unlock(dev->ieee80211_ptr);
10419
10420 return ret;
10421 }
10422
nl80211_disconnect(struct sk_buff * skb,struct genl_info * info)10423 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
10424 {
10425 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10426 struct net_device *dev = info->user_ptr[1];
10427 u16 reason;
10428 int ret;
10429
10430 if (dev->ieee80211_ptr->conn_owner_nlportid &&
10431 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10432 return -EPERM;
10433
10434 if (!info->attrs[NL80211_ATTR_REASON_CODE])
10435 reason = WLAN_REASON_DEAUTH_LEAVING;
10436 else
10437 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10438
10439 if (reason == 0)
10440 return -EINVAL;
10441
10442 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10443 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10444 return -EOPNOTSUPP;
10445
10446 wdev_lock(dev->ieee80211_ptr);
10447 ret = cfg80211_disconnect(rdev, dev, reason, true);
10448 wdev_unlock(dev->ieee80211_ptr);
10449 return ret;
10450 }
10451
nl80211_wiphy_netns(struct sk_buff * skb,struct genl_info * info)10452 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
10453 {
10454 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10455 struct net *net;
10456 int err;
10457
10458 if (info->attrs[NL80211_ATTR_PID]) {
10459 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
10460
10461 net = get_net_ns_by_pid(pid);
10462 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
10463 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
10464
10465 net = get_net_ns_by_fd(fd);
10466 } else {
10467 return -EINVAL;
10468 }
10469
10470 if (IS_ERR(net))
10471 return PTR_ERR(net);
10472
10473 err = 0;
10474
10475 /* check if anything to do */
10476 if (!net_eq(wiphy_net(&rdev->wiphy), net))
10477 err = cfg80211_switch_netns(rdev, net);
10478
10479 put_net(net);
10480 return err;
10481 }
10482
nl80211_setdel_pmksa(struct sk_buff * skb,struct genl_info * info)10483 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
10484 {
10485 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10486 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
10487 struct cfg80211_pmksa *pmksa) = NULL;
10488 struct net_device *dev = info->user_ptr[1];
10489 struct cfg80211_pmksa pmksa;
10490
10491 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
10492
10493 if (!info->attrs[NL80211_ATTR_PMKID])
10494 return -EINVAL;
10495
10496 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
10497
10498 if (info->attrs[NL80211_ATTR_MAC]) {
10499 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10500 } else if (info->attrs[NL80211_ATTR_SSID] &&
10501 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
10502 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
10503 info->attrs[NL80211_ATTR_PMK])) {
10504 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10505 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10506 pmksa.cache_id =
10507 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
10508 } else {
10509 return -EINVAL;
10510 }
10511 if (info->attrs[NL80211_ATTR_PMK]) {
10512 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
10513 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
10514 }
10515
10516 if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
10517 pmksa.pmk_lifetime =
10518 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
10519
10520 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
10521 pmksa.pmk_reauth_threshold =
10522 nla_get_u8(
10523 info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
10524
10525 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10526 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
10527 !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
10528 wiphy_ext_feature_isset(&rdev->wiphy,
10529 NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
10530 return -EOPNOTSUPP;
10531
10532 switch (info->genlhdr->cmd) {
10533 case NL80211_CMD_SET_PMKSA:
10534 rdev_ops = rdev->ops->set_pmksa;
10535 break;
10536 case NL80211_CMD_DEL_PMKSA:
10537 rdev_ops = rdev->ops->del_pmksa;
10538 break;
10539 default:
10540 WARN_ON(1);
10541 break;
10542 }
10543
10544 if (!rdev_ops)
10545 return -EOPNOTSUPP;
10546
10547 return rdev_ops(&rdev->wiphy, dev, &pmksa);
10548 }
10549
nl80211_flush_pmksa(struct sk_buff * skb,struct genl_info * info)10550 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
10551 {
10552 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10553 struct net_device *dev = info->user_ptr[1];
10554
10555 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10556 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10557 return -EOPNOTSUPP;
10558
10559 if (!rdev->ops->flush_pmksa)
10560 return -EOPNOTSUPP;
10561
10562 return rdev_flush_pmksa(rdev, dev);
10563 }
10564
nl80211_tdls_mgmt(struct sk_buff * skb,struct genl_info * info)10565 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
10566 {
10567 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10568 struct net_device *dev = info->user_ptr[1];
10569 u8 action_code, dialog_token;
10570 u32 peer_capability = 0;
10571 u16 status_code;
10572 u8 *peer;
10573 bool initiator;
10574
10575 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10576 !rdev->ops->tdls_mgmt)
10577 return -EOPNOTSUPP;
10578
10579 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
10580 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
10581 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
10582 !info->attrs[NL80211_ATTR_IE] ||
10583 !info->attrs[NL80211_ATTR_MAC])
10584 return -EINVAL;
10585
10586 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10587 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
10588 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
10589 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
10590 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
10591 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
10592 peer_capability =
10593 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
10594
10595 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
10596 dialog_token, status_code, peer_capability,
10597 initiator,
10598 nla_data(info->attrs[NL80211_ATTR_IE]),
10599 nla_len(info->attrs[NL80211_ATTR_IE]));
10600 }
10601
nl80211_tdls_oper(struct sk_buff * skb,struct genl_info * info)10602 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
10603 {
10604 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10605 struct net_device *dev = info->user_ptr[1];
10606 enum nl80211_tdls_operation operation;
10607 u8 *peer;
10608
10609 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10610 !rdev->ops->tdls_oper)
10611 return -EOPNOTSUPP;
10612
10613 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
10614 !info->attrs[NL80211_ATTR_MAC])
10615 return -EINVAL;
10616
10617 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
10618 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10619
10620 return rdev_tdls_oper(rdev, dev, peer, operation);
10621 }
10622
nl80211_remain_on_channel(struct sk_buff * skb,struct genl_info * info)10623 static int nl80211_remain_on_channel(struct sk_buff *skb,
10624 struct genl_info *info)
10625 {
10626 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10627 struct wireless_dev *wdev = info->user_ptr[1];
10628 struct cfg80211_chan_def chandef;
10629 const struct cfg80211_chan_def *compat_chandef;
10630 struct sk_buff *msg;
10631 void *hdr;
10632 u64 cookie;
10633 u32 duration;
10634 int err;
10635
10636 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10637 !info->attrs[NL80211_ATTR_DURATION])
10638 return -EINVAL;
10639
10640 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10641
10642 if (!rdev->ops->remain_on_channel ||
10643 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
10644 return -EOPNOTSUPP;
10645
10646 /*
10647 * We should be on that channel for at least a minimum amount of
10648 * time (10ms) but no longer than the driver supports.
10649 */
10650 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10651 duration > rdev->wiphy.max_remain_on_channel_duration)
10652 return -EINVAL;
10653
10654 err = nl80211_parse_chandef(rdev, info, &chandef);
10655 if (err)
10656 return err;
10657
10658 wdev_lock(wdev);
10659 if (!cfg80211_off_channel_oper_allowed(wdev) &&
10660 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
10661 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
10662 &chandef);
10663 if (compat_chandef != &chandef) {
10664 wdev_unlock(wdev);
10665 return -EBUSY;
10666 }
10667 }
10668 wdev_unlock(wdev);
10669
10670 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10671 if (!msg)
10672 return -ENOMEM;
10673
10674 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10675 NL80211_CMD_REMAIN_ON_CHANNEL);
10676 if (!hdr) {
10677 err = -ENOBUFS;
10678 goto free_msg;
10679 }
10680
10681 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
10682 duration, &cookie);
10683
10684 if (err)
10685 goto free_msg;
10686
10687 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10688 NL80211_ATTR_PAD))
10689 goto nla_put_failure;
10690
10691 genlmsg_end(msg, hdr);
10692
10693 return genlmsg_reply(msg, info);
10694
10695 nla_put_failure:
10696 err = -ENOBUFS;
10697 free_msg:
10698 nlmsg_free(msg);
10699 return err;
10700 }
10701
nl80211_cancel_remain_on_channel(struct sk_buff * skb,struct genl_info * info)10702 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
10703 struct genl_info *info)
10704 {
10705 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10706 struct wireless_dev *wdev = info->user_ptr[1];
10707 u64 cookie;
10708
10709 if (!info->attrs[NL80211_ATTR_COOKIE])
10710 return -EINVAL;
10711
10712 if (!rdev->ops->cancel_remain_on_channel)
10713 return -EOPNOTSUPP;
10714
10715 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10716
10717 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
10718 }
10719
nl80211_set_tx_bitrate_mask(struct sk_buff * skb,struct genl_info * info)10720 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
10721 struct genl_info *info)
10722 {
10723 struct cfg80211_bitrate_mask mask;
10724 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10725 struct net_device *dev = info->user_ptr[1];
10726 int err;
10727
10728 if (!rdev->ops->set_bitrate_mask)
10729 return -EOPNOTSUPP;
10730
10731 err = nl80211_parse_tx_bitrate_mask(info, &mask);
10732 if (err)
10733 return err;
10734
10735 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
10736 }
10737
nl80211_register_mgmt(struct sk_buff * skb,struct genl_info * info)10738 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
10739 {
10740 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10741 struct wireless_dev *wdev = info->user_ptr[1];
10742 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
10743
10744 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
10745 return -EINVAL;
10746
10747 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
10748 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
10749
10750 switch (wdev->iftype) {
10751 case NL80211_IFTYPE_STATION:
10752 case NL80211_IFTYPE_ADHOC:
10753 case NL80211_IFTYPE_P2P_CLIENT:
10754 case NL80211_IFTYPE_AP:
10755 case NL80211_IFTYPE_AP_VLAN:
10756 case NL80211_IFTYPE_MESH_POINT:
10757 case NL80211_IFTYPE_P2P_GO:
10758 case NL80211_IFTYPE_P2P_DEVICE:
10759 break;
10760 case NL80211_IFTYPE_NAN:
10761 default:
10762 return -EOPNOTSUPP;
10763 }
10764
10765 /* not much point in registering if we can't reply */
10766 if (!rdev->ops->mgmt_tx)
10767 return -EOPNOTSUPP;
10768
10769 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
10770 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10771 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
10772 }
10773
nl80211_tx_mgmt(struct sk_buff * skb,struct genl_info * info)10774 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
10775 {
10776 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10777 struct wireless_dev *wdev = info->user_ptr[1];
10778 struct cfg80211_chan_def chandef;
10779 int err;
10780 void *hdr = NULL;
10781 u64 cookie;
10782 struct sk_buff *msg = NULL;
10783 struct cfg80211_mgmt_tx_params params = {
10784 .dont_wait_for_ack =
10785 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
10786 };
10787
10788 if (!info->attrs[NL80211_ATTR_FRAME])
10789 return -EINVAL;
10790
10791 if (!rdev->ops->mgmt_tx)
10792 return -EOPNOTSUPP;
10793
10794 switch (wdev->iftype) {
10795 case NL80211_IFTYPE_P2P_DEVICE:
10796 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10797 return -EINVAL;
10798 case NL80211_IFTYPE_STATION:
10799 case NL80211_IFTYPE_ADHOC:
10800 case NL80211_IFTYPE_P2P_CLIENT:
10801 case NL80211_IFTYPE_AP:
10802 case NL80211_IFTYPE_AP_VLAN:
10803 case NL80211_IFTYPE_MESH_POINT:
10804 case NL80211_IFTYPE_P2P_GO:
10805 break;
10806 case NL80211_IFTYPE_NAN:
10807 default:
10808 return -EOPNOTSUPP;
10809 }
10810
10811 if (info->attrs[NL80211_ATTR_DURATION]) {
10812 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10813 return -EINVAL;
10814 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10815
10816 /*
10817 * We should wait on the channel for at least a minimum amount
10818 * of time (10ms) but no longer than the driver supports.
10819 */
10820 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10821 params.wait > rdev->wiphy.max_remain_on_channel_duration)
10822 return -EINVAL;
10823 }
10824
10825 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
10826
10827 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10828 return -EINVAL;
10829
10830 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
10831
10832 /* get the channel if any has been specified, otherwise pass NULL to
10833 * the driver. The latter will use the current one
10834 */
10835 chandef.chan = NULL;
10836 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10837 err = nl80211_parse_chandef(rdev, info, &chandef);
10838 if (err)
10839 return err;
10840 }
10841
10842 if (!chandef.chan && params.offchan)
10843 return -EINVAL;
10844
10845 wdev_lock(wdev);
10846 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
10847 wdev_unlock(wdev);
10848 return -EBUSY;
10849 }
10850 wdev_unlock(wdev);
10851
10852 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
10853 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
10854
10855 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
10856 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10857 int i;
10858
10859 if (len % sizeof(u16))
10860 return -EINVAL;
10861
10862 params.n_csa_offsets = len / sizeof(u16);
10863 params.csa_offsets =
10864 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10865
10866 /* check that all the offsets fit the frame */
10867 for (i = 0; i < params.n_csa_offsets; i++) {
10868 if (params.csa_offsets[i] >= params.len)
10869 return -EINVAL;
10870 }
10871 }
10872
10873 if (!params.dont_wait_for_ack) {
10874 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10875 if (!msg)
10876 return -ENOMEM;
10877
10878 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10879 NL80211_CMD_FRAME);
10880 if (!hdr) {
10881 err = -ENOBUFS;
10882 goto free_msg;
10883 }
10884 }
10885
10886 params.chan = chandef.chan;
10887 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie);
10888 if (err)
10889 goto free_msg;
10890
10891 if (msg) {
10892 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10893 NL80211_ATTR_PAD))
10894 goto nla_put_failure;
10895
10896 genlmsg_end(msg, hdr);
10897 return genlmsg_reply(msg, info);
10898 }
10899
10900 return 0;
10901
10902 nla_put_failure:
10903 err = -ENOBUFS;
10904 free_msg:
10905 nlmsg_free(msg);
10906 return err;
10907 }
10908
nl80211_tx_mgmt_cancel_wait(struct sk_buff * skb,struct genl_info * info)10909 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
10910 {
10911 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10912 struct wireless_dev *wdev = info->user_ptr[1];
10913 u64 cookie;
10914
10915 if (!info->attrs[NL80211_ATTR_COOKIE])
10916 return -EINVAL;
10917
10918 if (!rdev->ops->mgmt_tx_cancel_wait)
10919 return -EOPNOTSUPP;
10920
10921 switch (wdev->iftype) {
10922 case NL80211_IFTYPE_STATION:
10923 case NL80211_IFTYPE_ADHOC:
10924 case NL80211_IFTYPE_P2P_CLIENT:
10925 case NL80211_IFTYPE_AP:
10926 case NL80211_IFTYPE_AP_VLAN:
10927 case NL80211_IFTYPE_P2P_GO:
10928 case NL80211_IFTYPE_P2P_DEVICE:
10929 break;
10930 case NL80211_IFTYPE_NAN:
10931 default:
10932 return -EOPNOTSUPP;
10933 }
10934
10935 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10936
10937 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
10938 }
10939
nl80211_set_power_save(struct sk_buff * skb,struct genl_info * info)10940 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
10941 {
10942 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10943 struct wireless_dev *wdev;
10944 struct net_device *dev = info->user_ptr[1];
10945 u8 ps_state;
10946 bool state;
10947 int err;
10948
10949 if (!info->attrs[NL80211_ATTR_PS_STATE])
10950 return -EINVAL;
10951
10952 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
10953
10954 wdev = dev->ieee80211_ptr;
10955
10956 if (!rdev->ops->set_power_mgmt)
10957 return -EOPNOTSUPP;
10958
10959 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
10960
10961 if (state == wdev->ps)
10962 return 0;
10963
10964 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
10965 if (!err)
10966 wdev->ps = state;
10967 return err;
10968 }
10969
nl80211_get_power_save(struct sk_buff * skb,struct genl_info * info)10970 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
10971 {
10972 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10973 enum nl80211_ps_state ps_state;
10974 struct wireless_dev *wdev;
10975 struct net_device *dev = info->user_ptr[1];
10976 struct sk_buff *msg;
10977 void *hdr;
10978 int err;
10979
10980 wdev = dev->ieee80211_ptr;
10981
10982 if (!rdev->ops->set_power_mgmt)
10983 return -EOPNOTSUPP;
10984
10985 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10986 if (!msg)
10987 return -ENOMEM;
10988
10989 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10990 NL80211_CMD_GET_POWER_SAVE);
10991 if (!hdr) {
10992 err = -ENOBUFS;
10993 goto free_msg;
10994 }
10995
10996 if (wdev->ps)
10997 ps_state = NL80211_PS_ENABLED;
10998 else
10999 ps_state = NL80211_PS_DISABLED;
11000
11001 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
11002 goto nla_put_failure;
11003
11004 genlmsg_end(msg, hdr);
11005 return genlmsg_reply(msg, info);
11006
11007 nla_put_failure:
11008 err = -ENOBUFS;
11009 free_msg:
11010 nlmsg_free(msg);
11011 return err;
11012 }
11013
11014 static const struct nla_policy
11015 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
11016 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
11017 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
11018 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
11019 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
11020 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
11021 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
11022 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
11023 };
11024
nl80211_set_cqm_txe(struct genl_info * info,u32 rate,u32 pkts,u32 intvl)11025 static int nl80211_set_cqm_txe(struct genl_info *info,
11026 u32 rate, u32 pkts, u32 intvl)
11027 {
11028 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11029 struct net_device *dev = info->user_ptr[1];
11030 struct wireless_dev *wdev = dev->ieee80211_ptr;
11031
11032 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
11033 return -EINVAL;
11034
11035 if (!rdev->ops->set_cqm_txe_config)
11036 return -EOPNOTSUPP;
11037
11038 if (wdev->iftype != NL80211_IFTYPE_STATION &&
11039 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11040 return -EOPNOTSUPP;
11041
11042 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
11043 }
11044
cfg80211_cqm_rssi_update(struct cfg80211_registered_device * rdev,struct net_device * dev)11045 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
11046 struct net_device *dev)
11047 {
11048 struct wireless_dev *wdev = dev->ieee80211_ptr;
11049 s32 last, low, high;
11050 u32 hyst;
11051 int i, n, low_index;
11052 int err;
11053
11054 /* RSSI reporting disabled? */
11055 if (!wdev->cqm_config)
11056 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
11057
11058 /*
11059 * Obtain current RSSI value if possible, if not and no RSSI threshold
11060 * event has been received yet, we should receive an event after a
11061 * connection is established and enough beacons received to calculate
11062 * the average.
11063 */
11064 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
11065 rdev->ops->get_station) {
11066 struct station_info sinfo = {};
11067 u8 *mac_addr;
11068
11069 mac_addr = wdev->current_bss->pub.bssid;
11070
11071 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
11072 if (err)
11073 return err;
11074
11075 cfg80211_sinfo_release_content(&sinfo);
11076 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
11077 wdev->cqm_config->last_rssi_event_value =
11078 (s8) sinfo.rx_beacon_signal_avg;
11079 }
11080
11081 last = wdev->cqm_config->last_rssi_event_value;
11082 hyst = wdev->cqm_config->rssi_hyst;
11083 n = wdev->cqm_config->n_rssi_thresholds;
11084
11085 for (i = 0; i < n; i++) {
11086 i = array_index_nospec(i, n);
11087 if (last < wdev->cqm_config->rssi_thresholds[i])
11088 break;
11089 }
11090
11091 low_index = i - 1;
11092 if (low_index >= 0) {
11093 low_index = array_index_nospec(low_index, n);
11094 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
11095 } else {
11096 low = S32_MIN;
11097 }
11098 if (i < n) {
11099 i = array_index_nospec(i, n);
11100 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
11101 } else {
11102 high = S32_MAX;
11103 }
11104
11105 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
11106 }
11107
nl80211_set_cqm_rssi(struct genl_info * info,const s32 * thresholds,int n_thresholds,u32 hysteresis)11108 static int nl80211_set_cqm_rssi(struct genl_info *info,
11109 const s32 *thresholds, int n_thresholds,
11110 u32 hysteresis)
11111 {
11112 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11113 struct net_device *dev = info->user_ptr[1];
11114 struct wireless_dev *wdev = dev->ieee80211_ptr;
11115 int i, err;
11116 s32 prev = S32_MIN;
11117
11118 /* Check all values negative and sorted */
11119 for (i = 0; i < n_thresholds; i++) {
11120 if (thresholds[i] > 0 || thresholds[i] <= prev)
11121 return -EINVAL;
11122
11123 prev = thresholds[i];
11124 }
11125
11126 if (wdev->iftype != NL80211_IFTYPE_STATION &&
11127 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11128 return -EOPNOTSUPP;
11129
11130 wdev_lock(wdev);
11131 cfg80211_cqm_config_free(wdev);
11132 wdev_unlock(wdev);
11133
11134 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
11135 if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
11136 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
11137
11138 return rdev_set_cqm_rssi_config(rdev, dev,
11139 thresholds[0], hysteresis);
11140 }
11141
11142 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11143 NL80211_EXT_FEATURE_CQM_RSSI_LIST))
11144 return -EOPNOTSUPP;
11145
11146 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
11147 n_thresholds = 0;
11148
11149 wdev_lock(wdev);
11150 if (n_thresholds) {
11151 struct cfg80211_cqm_config *cqm_config;
11152
11153 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
11154 n_thresholds * sizeof(s32), GFP_KERNEL);
11155 if (!cqm_config) {
11156 err = -ENOMEM;
11157 goto unlock;
11158 }
11159
11160 cqm_config->rssi_hyst = hysteresis;
11161 cqm_config->n_rssi_thresholds = n_thresholds;
11162 memcpy(cqm_config->rssi_thresholds, thresholds,
11163 n_thresholds * sizeof(s32));
11164
11165 wdev->cqm_config = cqm_config;
11166 }
11167
11168 err = cfg80211_cqm_rssi_update(rdev, dev);
11169
11170 unlock:
11171 wdev_unlock(wdev);
11172
11173 return err;
11174 }
11175
nl80211_set_cqm(struct sk_buff * skb,struct genl_info * info)11176 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
11177 {
11178 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
11179 struct nlattr *cqm;
11180 int err;
11181
11182 cqm = info->attrs[NL80211_ATTR_CQM];
11183 if (!cqm)
11184 return -EINVAL;
11185
11186 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
11187 nl80211_attr_cqm_policy,
11188 info->extack);
11189 if (err)
11190 return err;
11191
11192 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
11193 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
11194 const s32 *thresholds =
11195 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11196 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11197 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
11198
11199 if (len % 4)
11200 return -EINVAL;
11201
11202 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
11203 hysteresis);
11204 }
11205
11206 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
11207 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
11208 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
11209 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
11210 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
11211 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
11212
11213 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
11214 }
11215
11216 return -EINVAL;
11217 }
11218
nl80211_join_ocb(struct sk_buff * skb,struct genl_info * info)11219 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
11220 {
11221 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11222 struct net_device *dev = info->user_ptr[1];
11223 struct ocb_setup setup = {};
11224 int err;
11225
11226 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11227 if (err)
11228 return err;
11229
11230 return cfg80211_join_ocb(rdev, dev, &setup);
11231 }
11232
nl80211_leave_ocb(struct sk_buff * skb,struct genl_info * info)11233 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
11234 {
11235 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11236 struct net_device *dev = info->user_ptr[1];
11237
11238 return cfg80211_leave_ocb(rdev, dev);
11239 }
11240
nl80211_join_mesh(struct sk_buff * skb,struct genl_info * info)11241 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
11242 {
11243 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11244 struct net_device *dev = info->user_ptr[1];
11245 struct mesh_config cfg;
11246 struct mesh_setup setup;
11247 int err;
11248
11249 /* start with default */
11250 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
11251 memcpy(&setup, &default_mesh_setup, sizeof(setup));
11252
11253 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
11254 /* and parse parameters if given */
11255 err = nl80211_parse_mesh_config(info, &cfg, NULL);
11256 if (err)
11257 return err;
11258 }
11259
11260 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
11261 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
11262 return -EINVAL;
11263
11264 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
11265 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
11266
11267 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11268 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
11269 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11270 return -EINVAL;
11271
11272 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
11273 setup.beacon_interval =
11274 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11275
11276 err = cfg80211_validate_beacon_int(rdev,
11277 NL80211_IFTYPE_MESH_POINT,
11278 setup.beacon_interval);
11279 if (err)
11280 return err;
11281 }
11282
11283 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
11284 setup.dtim_period =
11285 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
11286 if (setup.dtim_period < 1 || setup.dtim_period > 100)
11287 return -EINVAL;
11288 }
11289
11290 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
11291 /* parse additional setup parameters if given */
11292 err = nl80211_parse_mesh_setup(info, &setup);
11293 if (err)
11294 return err;
11295 }
11296
11297 if (setup.user_mpm)
11298 cfg.auto_open_plinks = false;
11299
11300 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11301 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11302 if (err)
11303 return err;
11304 } else {
11305 /* __cfg80211_join_mesh() will sort it out */
11306 setup.chandef.chan = NULL;
11307 }
11308
11309 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11310 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11311 int n_rates =
11312 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11313 struct ieee80211_supported_band *sband;
11314
11315 if (!setup.chandef.chan)
11316 return -EINVAL;
11317
11318 sband = rdev->wiphy.bands[setup.chandef.chan->band];
11319
11320 err = ieee80211_get_ratemask(sband, rates, n_rates,
11321 &setup.basic_rates);
11322 if (err)
11323 return err;
11324 }
11325
11326 if (info->attrs[NL80211_ATTR_TX_RATES]) {
11327 err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
11328 if (err)
11329 return err;
11330
11331 if (!setup.chandef.chan)
11332 return -EINVAL;
11333
11334 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
11335 &setup.beacon_rate);
11336 if (err)
11337 return err;
11338 }
11339
11340 setup.userspace_handles_dfs =
11341 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11342
11343 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11344 int r = validate_pae_over_nl80211(rdev, info);
11345
11346 if (r < 0)
11347 return r;
11348
11349 setup.control_port_over_nl80211 = true;
11350 }
11351
11352 wdev_lock(dev->ieee80211_ptr);
11353 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
11354 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
11355 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11356 wdev_unlock(dev->ieee80211_ptr);
11357
11358 return err;
11359 }
11360
nl80211_leave_mesh(struct sk_buff * skb,struct genl_info * info)11361 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
11362 {
11363 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11364 struct net_device *dev = info->user_ptr[1];
11365
11366 return cfg80211_leave_mesh(rdev, dev);
11367 }
11368
11369 #ifdef CONFIG_PM
nl80211_send_wowlan_patterns(struct sk_buff * msg,struct cfg80211_registered_device * rdev)11370 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
11371 struct cfg80211_registered_device *rdev)
11372 {
11373 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
11374 struct nlattr *nl_pats, *nl_pat;
11375 int i, pat_len;
11376
11377 if (!wowlan->n_patterns)
11378 return 0;
11379
11380 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
11381 if (!nl_pats)
11382 return -ENOBUFS;
11383
11384 for (i = 0; i < wowlan->n_patterns; i++) {
11385 nl_pat = nla_nest_start_noflag(msg, i + 1);
11386 if (!nl_pat)
11387 return -ENOBUFS;
11388 pat_len = wowlan->patterns[i].pattern_len;
11389 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
11390 wowlan->patterns[i].mask) ||
11391 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11392 wowlan->patterns[i].pattern) ||
11393 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11394 wowlan->patterns[i].pkt_offset))
11395 return -ENOBUFS;
11396 nla_nest_end(msg, nl_pat);
11397 }
11398 nla_nest_end(msg, nl_pats);
11399
11400 return 0;
11401 }
11402
nl80211_send_wowlan_tcp(struct sk_buff * msg,struct cfg80211_wowlan_tcp * tcp)11403 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
11404 struct cfg80211_wowlan_tcp *tcp)
11405 {
11406 struct nlattr *nl_tcp;
11407
11408 if (!tcp)
11409 return 0;
11410
11411 nl_tcp = nla_nest_start_noflag(msg,
11412 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
11413 if (!nl_tcp)
11414 return -ENOBUFS;
11415
11416 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
11417 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
11418 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
11419 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
11420 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
11421 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
11422 tcp->payload_len, tcp->payload) ||
11423 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
11424 tcp->data_interval) ||
11425 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
11426 tcp->wake_len, tcp->wake_data) ||
11427 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
11428 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
11429 return -ENOBUFS;
11430
11431 if (tcp->payload_seq.len &&
11432 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
11433 sizeof(tcp->payload_seq), &tcp->payload_seq))
11434 return -ENOBUFS;
11435
11436 if (tcp->payload_tok.len &&
11437 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
11438 sizeof(tcp->payload_tok) + tcp->tokens_size,
11439 &tcp->payload_tok))
11440 return -ENOBUFS;
11441
11442 nla_nest_end(msg, nl_tcp);
11443
11444 return 0;
11445 }
11446
nl80211_send_wowlan_nd(struct sk_buff * msg,struct cfg80211_sched_scan_request * req)11447 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
11448 struct cfg80211_sched_scan_request *req)
11449 {
11450 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
11451 int i;
11452
11453 if (!req)
11454 return 0;
11455
11456 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
11457 if (!nd)
11458 return -ENOBUFS;
11459
11460 if (req->n_scan_plans == 1 &&
11461 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
11462 req->scan_plans[0].interval * 1000))
11463 return -ENOBUFS;
11464
11465 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
11466 return -ENOBUFS;
11467
11468 if (req->relative_rssi_set) {
11469 struct nl80211_bss_select_rssi_adjust rssi_adjust;
11470
11471 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
11472 req->relative_rssi))
11473 return -ENOBUFS;
11474
11475 rssi_adjust.band = req->rssi_adjust.band;
11476 rssi_adjust.delta = req->rssi_adjust.delta;
11477 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
11478 sizeof(rssi_adjust), &rssi_adjust))
11479 return -ENOBUFS;
11480 }
11481
11482 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11483 if (!freqs)
11484 return -ENOBUFS;
11485
11486 for (i = 0; i < req->n_channels; i++) {
11487 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11488 return -ENOBUFS;
11489 }
11490
11491 nla_nest_end(msg, freqs);
11492
11493 if (req->n_match_sets) {
11494 matches = nla_nest_start_noflag(msg,
11495 NL80211_ATTR_SCHED_SCAN_MATCH);
11496 if (!matches)
11497 return -ENOBUFS;
11498
11499 for (i = 0; i < req->n_match_sets; i++) {
11500 match = nla_nest_start_noflag(msg, i);
11501 if (!match)
11502 return -ENOBUFS;
11503
11504 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
11505 req->match_sets[i].ssid.ssid_len,
11506 req->match_sets[i].ssid.ssid))
11507 return -ENOBUFS;
11508 nla_nest_end(msg, match);
11509 }
11510 nla_nest_end(msg, matches);
11511 }
11512
11513 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
11514 if (!scan_plans)
11515 return -ENOBUFS;
11516
11517 for (i = 0; i < req->n_scan_plans; i++) {
11518 scan_plan = nla_nest_start_noflag(msg, i + 1);
11519 if (!scan_plan)
11520 return -ENOBUFS;
11521
11522 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
11523 req->scan_plans[i].interval) ||
11524 (req->scan_plans[i].iterations &&
11525 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
11526 req->scan_plans[i].iterations)))
11527 return -ENOBUFS;
11528 nla_nest_end(msg, scan_plan);
11529 }
11530 nla_nest_end(msg, scan_plans);
11531
11532 nla_nest_end(msg, nd);
11533
11534 return 0;
11535 }
11536
nl80211_get_wowlan(struct sk_buff * skb,struct genl_info * info)11537 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
11538 {
11539 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11540 struct sk_buff *msg;
11541 void *hdr;
11542 u32 size = NLMSG_DEFAULT_SIZE;
11543
11544 if (!rdev->wiphy.wowlan)
11545 return -EOPNOTSUPP;
11546
11547 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
11548 /* adjust size to have room for all the data */
11549 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
11550 rdev->wiphy.wowlan_config->tcp->payload_len +
11551 rdev->wiphy.wowlan_config->tcp->wake_len +
11552 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
11553 }
11554
11555 msg = nlmsg_new(size, GFP_KERNEL);
11556 if (!msg)
11557 return -ENOMEM;
11558
11559 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11560 NL80211_CMD_GET_WOWLAN);
11561 if (!hdr)
11562 goto nla_put_failure;
11563
11564 if (rdev->wiphy.wowlan_config) {
11565 struct nlattr *nl_wowlan;
11566
11567 nl_wowlan = nla_nest_start_noflag(msg,
11568 NL80211_ATTR_WOWLAN_TRIGGERS);
11569 if (!nl_wowlan)
11570 goto nla_put_failure;
11571
11572 if ((rdev->wiphy.wowlan_config->any &&
11573 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
11574 (rdev->wiphy.wowlan_config->disconnect &&
11575 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
11576 (rdev->wiphy.wowlan_config->magic_pkt &&
11577 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
11578 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
11579 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
11580 (rdev->wiphy.wowlan_config->eap_identity_req &&
11581 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
11582 (rdev->wiphy.wowlan_config->four_way_handshake &&
11583 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
11584 (rdev->wiphy.wowlan_config->rfkill_release &&
11585 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
11586 goto nla_put_failure;
11587
11588 if (nl80211_send_wowlan_patterns(msg, rdev))
11589 goto nla_put_failure;
11590
11591 if (nl80211_send_wowlan_tcp(msg,
11592 rdev->wiphy.wowlan_config->tcp))
11593 goto nla_put_failure;
11594
11595 if (nl80211_send_wowlan_nd(
11596 msg,
11597 rdev->wiphy.wowlan_config->nd_config))
11598 goto nla_put_failure;
11599
11600 nla_nest_end(msg, nl_wowlan);
11601 }
11602
11603 genlmsg_end(msg, hdr);
11604 return genlmsg_reply(msg, info);
11605
11606 nla_put_failure:
11607 nlmsg_free(msg);
11608 return -ENOBUFS;
11609 }
11610
nl80211_parse_wowlan_tcp(struct cfg80211_registered_device * rdev,struct nlattr * attr,struct cfg80211_wowlan * trig)11611 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
11612 struct nlattr *attr,
11613 struct cfg80211_wowlan *trig)
11614 {
11615 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
11616 struct cfg80211_wowlan_tcp *cfg;
11617 struct nl80211_wowlan_tcp_data_token *tok = NULL;
11618 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
11619 u32 size;
11620 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
11621 int err, port;
11622
11623 if (!rdev->wiphy.wowlan->tcp)
11624 return -EINVAL;
11625
11626 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
11627 nl80211_wowlan_tcp_policy, NULL);
11628 if (err)
11629 return err;
11630
11631 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
11632 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
11633 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
11634 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
11635 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
11636 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
11637 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
11638 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
11639 return -EINVAL;
11640
11641 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
11642 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
11643 return -EINVAL;
11644
11645 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
11646 rdev->wiphy.wowlan->tcp->data_interval_max ||
11647 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
11648 return -EINVAL;
11649
11650 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
11651 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
11652 return -EINVAL;
11653
11654 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
11655 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
11656 return -EINVAL;
11657
11658 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
11659 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11660
11661 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11662 tokens_size = tokln - sizeof(*tok);
11663
11664 if (!tok->len || tokens_size % tok->len)
11665 return -EINVAL;
11666 if (!rdev->wiphy.wowlan->tcp->tok)
11667 return -EINVAL;
11668 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
11669 return -EINVAL;
11670 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
11671 return -EINVAL;
11672 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
11673 return -EINVAL;
11674 if (tok->offset + tok->len > data_size)
11675 return -EINVAL;
11676 }
11677
11678 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
11679 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
11680 if (!rdev->wiphy.wowlan->tcp->seq)
11681 return -EINVAL;
11682 if (seq->len == 0 || seq->len > 4)
11683 return -EINVAL;
11684 if (seq->len + seq->offset > data_size)
11685 return -EINVAL;
11686 }
11687
11688 size = sizeof(*cfg);
11689 size += data_size;
11690 size += wake_size + wake_mask_size;
11691 size += tokens_size;
11692
11693 cfg = kzalloc(size, GFP_KERNEL);
11694 if (!cfg)
11695 return -ENOMEM;
11696 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
11697 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
11698 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
11699 ETH_ALEN);
11700 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
11701 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
11702 else
11703 port = 0;
11704 #ifdef CONFIG_INET
11705 /* allocate a socket and port for it and use it */
11706 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
11707 IPPROTO_TCP, &cfg->sock, 1);
11708 if (err) {
11709 kfree(cfg);
11710 return err;
11711 }
11712 if (inet_csk_get_port(cfg->sock->sk, port)) {
11713 sock_release(cfg->sock);
11714 kfree(cfg);
11715 return -EADDRINUSE;
11716 }
11717 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
11718 #else
11719 if (!port) {
11720 kfree(cfg);
11721 return -EINVAL;
11722 }
11723 cfg->src_port = port;
11724 #endif
11725
11726 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
11727 cfg->payload_len = data_size;
11728 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
11729 memcpy((void *)cfg->payload,
11730 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
11731 data_size);
11732 if (seq)
11733 cfg->payload_seq = *seq;
11734 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
11735 cfg->wake_len = wake_size;
11736 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
11737 memcpy((void *)cfg->wake_data,
11738 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
11739 wake_size);
11740 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
11741 data_size + wake_size;
11742 memcpy((void *)cfg->wake_mask,
11743 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
11744 wake_mask_size);
11745 if (tok) {
11746 cfg->tokens_size = tokens_size;
11747 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
11748 }
11749
11750 trig->tcp = cfg;
11751
11752 return 0;
11753 }
11754
nl80211_parse_wowlan_nd(struct cfg80211_registered_device * rdev,const struct wiphy_wowlan_support * wowlan,struct nlattr * attr,struct cfg80211_wowlan * trig)11755 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
11756 const struct wiphy_wowlan_support *wowlan,
11757 struct nlattr *attr,
11758 struct cfg80211_wowlan *trig)
11759 {
11760 struct nlattr **tb;
11761 int err;
11762
11763 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
11764 if (!tb)
11765 return -ENOMEM;
11766
11767 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
11768 err = -EOPNOTSUPP;
11769 goto out;
11770 }
11771
11772 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
11773 nl80211_policy, NULL);
11774 if (err)
11775 goto out;
11776
11777 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
11778 wowlan->max_nd_match_sets);
11779 err = PTR_ERR_OR_ZERO(trig->nd_config);
11780 if (err)
11781 trig->nd_config = NULL;
11782
11783 out:
11784 kfree(tb);
11785 return err;
11786 }
11787
nl80211_set_wowlan(struct sk_buff * skb,struct genl_info * info)11788 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
11789 {
11790 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11791 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
11792 struct cfg80211_wowlan new_triggers = {};
11793 struct cfg80211_wowlan *ntrig;
11794 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
11795 int err, i;
11796 bool prev_enabled = rdev->wiphy.wowlan_config;
11797 bool regular = false;
11798
11799 if (!wowlan)
11800 return -EOPNOTSUPP;
11801
11802 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
11803 cfg80211_rdev_free_wowlan(rdev);
11804 rdev->wiphy.wowlan_config = NULL;
11805 goto set_wakeup;
11806 }
11807
11808 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
11809 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
11810 nl80211_wowlan_policy, info->extack);
11811 if (err)
11812 return err;
11813
11814 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
11815 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
11816 return -EINVAL;
11817 new_triggers.any = true;
11818 }
11819
11820 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
11821 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
11822 return -EINVAL;
11823 new_triggers.disconnect = true;
11824 regular = true;
11825 }
11826
11827 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
11828 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
11829 return -EINVAL;
11830 new_triggers.magic_pkt = true;
11831 regular = true;
11832 }
11833
11834 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
11835 return -EINVAL;
11836
11837 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
11838 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
11839 return -EINVAL;
11840 new_triggers.gtk_rekey_failure = true;
11841 regular = true;
11842 }
11843
11844 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
11845 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
11846 return -EINVAL;
11847 new_triggers.eap_identity_req = true;
11848 regular = true;
11849 }
11850
11851 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
11852 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
11853 return -EINVAL;
11854 new_triggers.four_way_handshake = true;
11855 regular = true;
11856 }
11857
11858 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
11859 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
11860 return -EINVAL;
11861 new_triggers.rfkill_release = true;
11862 regular = true;
11863 }
11864
11865 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
11866 struct nlattr *pat;
11867 int n_patterns = 0;
11868 int rem, pat_len, mask_len, pkt_offset;
11869 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11870
11871 regular = true;
11872
11873 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11874 rem)
11875 n_patterns++;
11876 if (n_patterns > wowlan->n_patterns)
11877 return -EINVAL;
11878
11879 new_triggers.patterns = kcalloc(n_patterns,
11880 sizeof(new_triggers.patterns[0]),
11881 GFP_KERNEL);
11882 if (!new_triggers.patterns)
11883 return -ENOMEM;
11884
11885 new_triggers.n_patterns = n_patterns;
11886 i = 0;
11887
11888 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11889 rem) {
11890 u8 *mask_pat;
11891
11892 err = nla_parse_nested_deprecated(pat_tb,
11893 MAX_NL80211_PKTPAT,
11894 pat,
11895 nl80211_packet_pattern_policy,
11896 info->extack);
11897 if (err)
11898 goto error;
11899
11900 err = -EINVAL;
11901 if (!pat_tb[NL80211_PKTPAT_MASK] ||
11902 !pat_tb[NL80211_PKTPAT_PATTERN])
11903 goto error;
11904 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11905 mask_len = DIV_ROUND_UP(pat_len, 8);
11906 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11907 goto error;
11908 if (pat_len > wowlan->pattern_max_len ||
11909 pat_len < wowlan->pattern_min_len)
11910 goto error;
11911
11912 if (!pat_tb[NL80211_PKTPAT_OFFSET])
11913 pkt_offset = 0;
11914 else
11915 pkt_offset = nla_get_u32(
11916 pat_tb[NL80211_PKTPAT_OFFSET]);
11917 if (pkt_offset > wowlan->max_pkt_offset)
11918 goto error;
11919 new_triggers.patterns[i].pkt_offset = pkt_offset;
11920
11921 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11922 if (!mask_pat) {
11923 err = -ENOMEM;
11924 goto error;
11925 }
11926 new_triggers.patterns[i].mask = mask_pat;
11927 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11928 mask_len);
11929 mask_pat += mask_len;
11930 new_triggers.patterns[i].pattern = mask_pat;
11931 new_triggers.patterns[i].pattern_len = pat_len;
11932 memcpy(mask_pat,
11933 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11934 pat_len);
11935 i++;
11936 }
11937 }
11938
11939 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
11940 regular = true;
11941 err = nl80211_parse_wowlan_tcp(
11942 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
11943 &new_triggers);
11944 if (err)
11945 goto error;
11946 }
11947
11948 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
11949 regular = true;
11950 err = nl80211_parse_wowlan_nd(
11951 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
11952 &new_triggers);
11953 if (err)
11954 goto error;
11955 }
11956
11957 /* The 'any' trigger means the device continues operating more or less
11958 * as in its normal operation mode and wakes up the host on most of the
11959 * normal interrupts (like packet RX, ...)
11960 * It therefore makes little sense to combine with the more constrained
11961 * wakeup trigger modes.
11962 */
11963 if (new_triggers.any && regular) {
11964 err = -EINVAL;
11965 goto error;
11966 }
11967
11968 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
11969 if (!ntrig) {
11970 err = -ENOMEM;
11971 goto error;
11972 }
11973 cfg80211_rdev_free_wowlan(rdev);
11974 rdev->wiphy.wowlan_config = ntrig;
11975
11976 set_wakeup:
11977 if (rdev->ops->set_wakeup &&
11978 prev_enabled != !!rdev->wiphy.wowlan_config)
11979 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
11980
11981 return 0;
11982 error:
11983 for (i = 0; i < new_triggers.n_patterns; i++)
11984 kfree(new_triggers.patterns[i].mask);
11985 kfree(new_triggers.patterns);
11986 if (new_triggers.tcp && new_triggers.tcp->sock)
11987 sock_release(new_triggers.tcp->sock);
11988 kfree(new_triggers.tcp);
11989 kfree(new_triggers.nd_config);
11990 return err;
11991 }
11992 #endif
11993
nl80211_send_coalesce_rules(struct sk_buff * msg,struct cfg80211_registered_device * rdev)11994 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
11995 struct cfg80211_registered_device *rdev)
11996 {
11997 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
11998 int i, j, pat_len;
11999 struct cfg80211_coalesce_rules *rule;
12000
12001 if (!rdev->coalesce->n_rules)
12002 return 0;
12003
12004 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
12005 if (!nl_rules)
12006 return -ENOBUFS;
12007
12008 for (i = 0; i < rdev->coalesce->n_rules; i++) {
12009 nl_rule = nla_nest_start_noflag(msg, i + 1);
12010 if (!nl_rule)
12011 return -ENOBUFS;
12012
12013 rule = &rdev->coalesce->rules[i];
12014 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
12015 rule->delay))
12016 return -ENOBUFS;
12017
12018 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
12019 rule->condition))
12020 return -ENOBUFS;
12021
12022 nl_pats = nla_nest_start_noflag(msg,
12023 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
12024 if (!nl_pats)
12025 return -ENOBUFS;
12026
12027 for (j = 0; j < rule->n_patterns; j++) {
12028 nl_pat = nla_nest_start_noflag(msg, j + 1);
12029 if (!nl_pat)
12030 return -ENOBUFS;
12031 pat_len = rule->patterns[j].pattern_len;
12032 if (nla_put(msg, NL80211_PKTPAT_MASK,
12033 DIV_ROUND_UP(pat_len, 8),
12034 rule->patterns[j].mask) ||
12035 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
12036 rule->patterns[j].pattern) ||
12037 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
12038 rule->patterns[j].pkt_offset))
12039 return -ENOBUFS;
12040 nla_nest_end(msg, nl_pat);
12041 }
12042 nla_nest_end(msg, nl_pats);
12043 nla_nest_end(msg, nl_rule);
12044 }
12045 nla_nest_end(msg, nl_rules);
12046
12047 return 0;
12048 }
12049
nl80211_get_coalesce(struct sk_buff * skb,struct genl_info * info)12050 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
12051 {
12052 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12053 struct sk_buff *msg;
12054 void *hdr;
12055
12056 if (!rdev->wiphy.coalesce)
12057 return -EOPNOTSUPP;
12058
12059 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12060 if (!msg)
12061 return -ENOMEM;
12062
12063 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12064 NL80211_CMD_GET_COALESCE);
12065 if (!hdr)
12066 goto nla_put_failure;
12067
12068 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
12069 goto nla_put_failure;
12070
12071 genlmsg_end(msg, hdr);
12072 return genlmsg_reply(msg, info);
12073
12074 nla_put_failure:
12075 nlmsg_free(msg);
12076 return -ENOBUFS;
12077 }
12078
cfg80211_rdev_free_coalesce(struct cfg80211_registered_device * rdev)12079 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
12080 {
12081 struct cfg80211_coalesce *coalesce = rdev->coalesce;
12082 int i, j;
12083 struct cfg80211_coalesce_rules *rule;
12084
12085 if (!coalesce)
12086 return;
12087
12088 for (i = 0; i < coalesce->n_rules; i++) {
12089 rule = &coalesce->rules[i];
12090 for (j = 0; j < rule->n_patterns; j++)
12091 kfree(rule->patterns[j].mask);
12092 kfree(rule->patterns);
12093 }
12094 kfree(coalesce->rules);
12095 kfree(coalesce);
12096 rdev->coalesce = NULL;
12097 }
12098
nl80211_parse_coalesce_rule(struct cfg80211_registered_device * rdev,struct nlattr * rule,struct cfg80211_coalesce_rules * new_rule)12099 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
12100 struct nlattr *rule,
12101 struct cfg80211_coalesce_rules *new_rule)
12102 {
12103 int err, i;
12104 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12105 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
12106 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
12107 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
12108
12109 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
12110 rule, nl80211_coalesce_policy, NULL);
12111 if (err)
12112 return err;
12113
12114 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
12115 new_rule->delay =
12116 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
12117 if (new_rule->delay > coalesce->max_delay)
12118 return -EINVAL;
12119
12120 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
12121 new_rule->condition =
12122 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
12123
12124 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
12125 return -EINVAL;
12126
12127 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12128 rem)
12129 n_patterns++;
12130 if (n_patterns > coalesce->n_patterns)
12131 return -EINVAL;
12132
12133 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
12134 GFP_KERNEL);
12135 if (!new_rule->patterns)
12136 return -ENOMEM;
12137
12138 new_rule->n_patterns = n_patterns;
12139 i = 0;
12140
12141 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12142 rem) {
12143 u8 *mask_pat;
12144
12145 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
12146 pat,
12147 nl80211_packet_pattern_policy,
12148 NULL);
12149 if (err)
12150 return err;
12151
12152 if (!pat_tb[NL80211_PKTPAT_MASK] ||
12153 !pat_tb[NL80211_PKTPAT_PATTERN])
12154 return -EINVAL;
12155 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
12156 mask_len = DIV_ROUND_UP(pat_len, 8);
12157 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
12158 return -EINVAL;
12159 if (pat_len > coalesce->pattern_max_len ||
12160 pat_len < coalesce->pattern_min_len)
12161 return -EINVAL;
12162
12163 if (!pat_tb[NL80211_PKTPAT_OFFSET])
12164 pkt_offset = 0;
12165 else
12166 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
12167 if (pkt_offset > coalesce->max_pkt_offset)
12168 return -EINVAL;
12169 new_rule->patterns[i].pkt_offset = pkt_offset;
12170
12171 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12172 if (!mask_pat)
12173 return -ENOMEM;
12174
12175 new_rule->patterns[i].mask = mask_pat;
12176 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12177 mask_len);
12178
12179 mask_pat += mask_len;
12180 new_rule->patterns[i].pattern = mask_pat;
12181 new_rule->patterns[i].pattern_len = pat_len;
12182 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12183 pat_len);
12184 i++;
12185 }
12186
12187 return 0;
12188 }
12189
nl80211_set_coalesce(struct sk_buff * skb,struct genl_info * info)12190 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
12191 {
12192 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12193 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12194 struct cfg80211_coalesce new_coalesce = {};
12195 struct cfg80211_coalesce *n_coalesce;
12196 int err, rem_rule, n_rules = 0, i, j;
12197 struct nlattr *rule;
12198 struct cfg80211_coalesce_rules *tmp_rule;
12199
12200 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
12201 return -EOPNOTSUPP;
12202
12203 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
12204 cfg80211_rdev_free_coalesce(rdev);
12205 rdev_set_coalesce(rdev, NULL);
12206 return 0;
12207 }
12208
12209 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12210 rem_rule)
12211 n_rules++;
12212 if (n_rules > coalesce->n_rules)
12213 return -EINVAL;
12214
12215 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
12216 GFP_KERNEL);
12217 if (!new_coalesce.rules)
12218 return -ENOMEM;
12219
12220 new_coalesce.n_rules = n_rules;
12221 i = 0;
12222
12223 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12224 rem_rule) {
12225 err = nl80211_parse_coalesce_rule(rdev, rule,
12226 &new_coalesce.rules[i]);
12227 if (err)
12228 goto error;
12229
12230 i++;
12231 }
12232
12233 err = rdev_set_coalesce(rdev, &new_coalesce);
12234 if (err)
12235 goto error;
12236
12237 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
12238 if (!n_coalesce) {
12239 err = -ENOMEM;
12240 goto error;
12241 }
12242 cfg80211_rdev_free_coalesce(rdev);
12243 rdev->coalesce = n_coalesce;
12244
12245 return 0;
12246 error:
12247 for (i = 0; i < new_coalesce.n_rules; i++) {
12248 tmp_rule = &new_coalesce.rules[i];
12249 for (j = 0; j < tmp_rule->n_patterns; j++)
12250 kfree(tmp_rule->patterns[j].mask);
12251 kfree(tmp_rule->patterns);
12252 }
12253 kfree(new_coalesce.rules);
12254
12255 return err;
12256 }
12257
nl80211_set_rekey_data(struct sk_buff * skb,struct genl_info * info)12258 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
12259 {
12260 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12261 struct net_device *dev = info->user_ptr[1];
12262 struct wireless_dev *wdev = dev->ieee80211_ptr;
12263 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
12264 struct cfg80211_gtk_rekey_data rekey_data = {};
12265 int err;
12266
12267 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
12268 return -EINVAL;
12269
12270 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
12271 info->attrs[NL80211_ATTR_REKEY_DATA],
12272 nl80211_rekey_policy, info->extack);
12273 if (err)
12274 return err;
12275
12276 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
12277 !tb[NL80211_REKEY_DATA_KCK])
12278 return -EINVAL;
12279 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
12280 return -ERANGE;
12281 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
12282 return -ERANGE;
12283 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
12284 return -ERANGE;
12285
12286 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
12287 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
12288 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
12289
12290 wdev_lock(wdev);
12291 if (!wdev->current_bss) {
12292 err = -ENOTCONN;
12293 goto out;
12294 }
12295
12296 if (!rdev->ops->set_rekey_data) {
12297 err = -EOPNOTSUPP;
12298 goto out;
12299 }
12300
12301 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
12302 out:
12303 wdev_unlock(wdev);
12304 return err;
12305 }
12306
nl80211_register_unexpected_frame(struct sk_buff * skb,struct genl_info * info)12307 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
12308 struct genl_info *info)
12309 {
12310 struct net_device *dev = info->user_ptr[1];
12311 struct wireless_dev *wdev = dev->ieee80211_ptr;
12312
12313 if (wdev->iftype != NL80211_IFTYPE_AP &&
12314 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12315 return -EINVAL;
12316
12317 if (wdev->ap_unexpected_nlportid)
12318 return -EBUSY;
12319
12320 wdev->ap_unexpected_nlportid = info->snd_portid;
12321 return 0;
12322 }
12323
nl80211_probe_client(struct sk_buff * skb,struct genl_info * info)12324 static int nl80211_probe_client(struct sk_buff *skb,
12325 struct genl_info *info)
12326 {
12327 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12328 struct net_device *dev = info->user_ptr[1];
12329 struct wireless_dev *wdev = dev->ieee80211_ptr;
12330 struct sk_buff *msg;
12331 void *hdr;
12332 const u8 *addr;
12333 u64 cookie;
12334 int err;
12335
12336 if (wdev->iftype != NL80211_IFTYPE_AP &&
12337 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12338 return -EOPNOTSUPP;
12339
12340 if (!info->attrs[NL80211_ATTR_MAC])
12341 return -EINVAL;
12342
12343 if (!rdev->ops->probe_client)
12344 return -EOPNOTSUPP;
12345
12346 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12347 if (!msg)
12348 return -ENOMEM;
12349
12350 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12351 NL80211_CMD_PROBE_CLIENT);
12352 if (!hdr) {
12353 err = -ENOBUFS;
12354 goto free_msg;
12355 }
12356
12357 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12358
12359 err = rdev_probe_client(rdev, dev, addr, &cookie);
12360 if (err)
12361 goto free_msg;
12362
12363 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12364 NL80211_ATTR_PAD))
12365 goto nla_put_failure;
12366
12367 genlmsg_end(msg, hdr);
12368
12369 return genlmsg_reply(msg, info);
12370
12371 nla_put_failure:
12372 err = -ENOBUFS;
12373 free_msg:
12374 nlmsg_free(msg);
12375 return err;
12376 }
12377
nl80211_register_beacons(struct sk_buff * skb,struct genl_info * info)12378 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
12379 {
12380 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12381 struct cfg80211_beacon_registration *reg, *nreg;
12382 int rv;
12383
12384 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
12385 return -EOPNOTSUPP;
12386
12387 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
12388 if (!nreg)
12389 return -ENOMEM;
12390
12391 /* First, check if already registered. */
12392 spin_lock_bh(&rdev->beacon_registrations_lock);
12393 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
12394 if (reg->nlportid == info->snd_portid) {
12395 rv = -EALREADY;
12396 goto out_err;
12397 }
12398 }
12399 /* Add it to the list */
12400 nreg->nlportid = info->snd_portid;
12401 list_add(&nreg->list, &rdev->beacon_registrations);
12402
12403 spin_unlock_bh(&rdev->beacon_registrations_lock);
12404
12405 return 0;
12406 out_err:
12407 spin_unlock_bh(&rdev->beacon_registrations_lock);
12408 kfree(nreg);
12409 return rv;
12410 }
12411
nl80211_start_p2p_device(struct sk_buff * skb,struct genl_info * info)12412 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
12413 {
12414 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12415 struct wireless_dev *wdev = info->user_ptr[1];
12416 int err;
12417
12418 if (!rdev->ops->start_p2p_device)
12419 return -EOPNOTSUPP;
12420
12421 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12422 return -EOPNOTSUPP;
12423
12424 if (wdev_running(wdev))
12425 return 0;
12426
12427 if (rfkill_blocked(rdev->rfkill))
12428 return -ERFKILL;
12429
12430 err = rdev_start_p2p_device(rdev, wdev);
12431 if (err)
12432 return err;
12433
12434 wdev->is_running = true;
12435 rdev->opencount++;
12436
12437 return 0;
12438 }
12439
nl80211_stop_p2p_device(struct sk_buff * skb,struct genl_info * info)12440 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
12441 {
12442 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12443 struct wireless_dev *wdev = info->user_ptr[1];
12444
12445 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12446 return -EOPNOTSUPP;
12447
12448 if (!rdev->ops->stop_p2p_device)
12449 return -EOPNOTSUPP;
12450
12451 cfg80211_stop_p2p_device(rdev, wdev);
12452
12453 return 0;
12454 }
12455
nl80211_start_nan(struct sk_buff * skb,struct genl_info * info)12456 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
12457 {
12458 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12459 struct wireless_dev *wdev = info->user_ptr[1];
12460 struct cfg80211_nan_conf conf = {};
12461 int err;
12462
12463 if (wdev->iftype != NL80211_IFTYPE_NAN)
12464 return -EOPNOTSUPP;
12465
12466 if (wdev_running(wdev))
12467 return -EEXIST;
12468
12469 if (rfkill_blocked(rdev->rfkill))
12470 return -ERFKILL;
12471
12472 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
12473 return -EINVAL;
12474
12475 conf.master_pref =
12476 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12477
12478 if (info->attrs[NL80211_ATTR_BANDS]) {
12479 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12480
12481 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12482 return -EOPNOTSUPP;
12483
12484 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12485 return -EINVAL;
12486
12487 conf.bands = bands;
12488 }
12489
12490 err = rdev_start_nan(rdev, wdev, &conf);
12491 if (err)
12492 return err;
12493
12494 wdev->is_running = true;
12495 rdev->opencount++;
12496
12497 return 0;
12498 }
12499
nl80211_stop_nan(struct sk_buff * skb,struct genl_info * info)12500 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
12501 {
12502 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12503 struct wireless_dev *wdev = info->user_ptr[1];
12504
12505 if (wdev->iftype != NL80211_IFTYPE_NAN)
12506 return -EOPNOTSUPP;
12507
12508 cfg80211_stop_nan(rdev, wdev);
12509
12510 return 0;
12511 }
12512
validate_nan_filter(struct nlattr * filter_attr)12513 static int validate_nan_filter(struct nlattr *filter_attr)
12514 {
12515 struct nlattr *attr;
12516 int len = 0, n_entries = 0, rem;
12517
12518 nla_for_each_nested(attr, filter_attr, rem) {
12519 len += nla_len(attr);
12520 n_entries++;
12521 }
12522
12523 if (len >= U8_MAX)
12524 return -EINVAL;
12525
12526 return n_entries;
12527 }
12528
handle_nan_filter(struct nlattr * attr_filter,struct cfg80211_nan_func * func,bool tx)12529 static int handle_nan_filter(struct nlattr *attr_filter,
12530 struct cfg80211_nan_func *func,
12531 bool tx)
12532 {
12533 struct nlattr *attr;
12534 int n_entries, rem, i;
12535 struct cfg80211_nan_func_filter *filter;
12536
12537 n_entries = validate_nan_filter(attr_filter);
12538 if (n_entries < 0)
12539 return n_entries;
12540
12541 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
12542
12543 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
12544 if (!filter)
12545 return -ENOMEM;
12546
12547 i = 0;
12548 nla_for_each_nested(attr, attr_filter, rem) {
12549 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
12550 if (!filter[i].filter)
12551 goto err;
12552
12553 filter[i].len = nla_len(attr);
12554 i++;
12555 }
12556 if (tx) {
12557 func->num_tx_filters = n_entries;
12558 func->tx_filters = filter;
12559 } else {
12560 func->num_rx_filters = n_entries;
12561 func->rx_filters = filter;
12562 }
12563
12564 return 0;
12565
12566 err:
12567 i = 0;
12568 nla_for_each_nested(attr, attr_filter, rem) {
12569 kfree(filter[i].filter);
12570 i++;
12571 }
12572 kfree(filter);
12573 return -ENOMEM;
12574 }
12575
nl80211_nan_add_func(struct sk_buff * skb,struct genl_info * info)12576 static int nl80211_nan_add_func(struct sk_buff *skb,
12577 struct genl_info *info)
12578 {
12579 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12580 struct wireless_dev *wdev = info->user_ptr[1];
12581 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
12582 struct cfg80211_nan_func *func;
12583 struct sk_buff *msg = NULL;
12584 void *hdr = NULL;
12585 int err = 0;
12586
12587 if (wdev->iftype != NL80211_IFTYPE_NAN)
12588 return -EOPNOTSUPP;
12589
12590 if (!wdev_running(wdev))
12591 return -ENOTCONN;
12592
12593 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
12594 return -EINVAL;
12595
12596 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
12597 info->attrs[NL80211_ATTR_NAN_FUNC],
12598 nl80211_nan_func_policy,
12599 info->extack);
12600 if (err)
12601 return err;
12602
12603 func = kzalloc(sizeof(*func), GFP_KERNEL);
12604 if (!func)
12605 return -ENOMEM;
12606
12607 func->cookie = cfg80211_assign_cookie(rdev);
12608
12609 if (!tb[NL80211_NAN_FUNC_TYPE] ||
12610 nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
12611 err = -EINVAL;
12612 goto out;
12613 }
12614
12615
12616 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
12617
12618 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
12619 err = -EINVAL;
12620 goto out;
12621 }
12622
12623 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
12624 sizeof(func->service_id));
12625
12626 func->close_range =
12627 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
12628
12629 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
12630 func->serv_spec_info_len =
12631 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
12632 func->serv_spec_info =
12633 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
12634 func->serv_spec_info_len,
12635 GFP_KERNEL);
12636 if (!func->serv_spec_info) {
12637 err = -ENOMEM;
12638 goto out;
12639 }
12640 }
12641
12642 if (tb[NL80211_NAN_FUNC_TTL])
12643 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
12644
12645 switch (func->type) {
12646 case NL80211_NAN_FUNC_PUBLISH:
12647 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
12648 err = -EINVAL;
12649 goto out;
12650 }
12651
12652 func->publish_type =
12653 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
12654 func->publish_bcast =
12655 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
12656
12657 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
12658 func->publish_bcast) {
12659 err = -EINVAL;
12660 goto out;
12661 }
12662 break;
12663 case NL80211_NAN_FUNC_SUBSCRIBE:
12664 func->subscribe_active =
12665 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
12666 break;
12667 case NL80211_NAN_FUNC_FOLLOW_UP:
12668 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
12669 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
12670 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
12671 err = -EINVAL;
12672 goto out;
12673 }
12674
12675 func->followup_id =
12676 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
12677 func->followup_reqid =
12678 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
12679 memcpy(func->followup_dest.addr,
12680 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
12681 sizeof(func->followup_dest.addr));
12682 if (func->ttl) {
12683 err = -EINVAL;
12684 goto out;
12685 }
12686 break;
12687 default:
12688 err = -EINVAL;
12689 goto out;
12690 }
12691
12692 if (tb[NL80211_NAN_FUNC_SRF]) {
12693 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
12694
12695 err = nla_parse_nested_deprecated(srf_tb,
12696 NL80211_NAN_SRF_ATTR_MAX,
12697 tb[NL80211_NAN_FUNC_SRF],
12698 nl80211_nan_srf_policy,
12699 info->extack);
12700 if (err)
12701 goto out;
12702
12703 func->srf_include =
12704 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
12705
12706 if (srf_tb[NL80211_NAN_SRF_BF]) {
12707 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
12708 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
12709 err = -EINVAL;
12710 goto out;
12711 }
12712
12713 func->srf_bf_len =
12714 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
12715 func->srf_bf =
12716 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
12717 func->srf_bf_len, GFP_KERNEL);
12718 if (!func->srf_bf) {
12719 err = -ENOMEM;
12720 goto out;
12721 }
12722
12723 func->srf_bf_idx =
12724 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
12725 } else {
12726 struct nlattr *attr, *mac_attr =
12727 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
12728 int n_entries, rem, i = 0;
12729
12730 if (!mac_attr) {
12731 err = -EINVAL;
12732 goto out;
12733 }
12734
12735 n_entries = validate_acl_mac_addrs(mac_attr);
12736 if (n_entries <= 0) {
12737 err = -EINVAL;
12738 goto out;
12739 }
12740
12741 func->srf_num_macs = n_entries;
12742 func->srf_macs =
12743 kcalloc(n_entries, sizeof(*func->srf_macs),
12744 GFP_KERNEL);
12745 if (!func->srf_macs) {
12746 err = -ENOMEM;
12747 goto out;
12748 }
12749
12750 nla_for_each_nested(attr, mac_attr, rem)
12751 memcpy(func->srf_macs[i++].addr, nla_data(attr),
12752 sizeof(*func->srf_macs));
12753 }
12754 }
12755
12756 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
12757 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
12758 func, true);
12759 if (err)
12760 goto out;
12761 }
12762
12763 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
12764 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
12765 func, false);
12766 if (err)
12767 goto out;
12768 }
12769
12770 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12771 if (!msg) {
12772 err = -ENOMEM;
12773 goto out;
12774 }
12775
12776 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12777 NL80211_CMD_ADD_NAN_FUNCTION);
12778 /* This can't really happen - we just allocated 4KB */
12779 if (WARN_ON(!hdr)) {
12780 err = -ENOMEM;
12781 goto out;
12782 }
12783
12784 err = rdev_add_nan_func(rdev, wdev, func);
12785 out:
12786 if (err < 0) {
12787 cfg80211_free_nan_func(func);
12788 nlmsg_free(msg);
12789 return err;
12790 }
12791
12792 /* propagate the instance id and cookie to userspace */
12793 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
12794 NL80211_ATTR_PAD))
12795 goto nla_put_failure;
12796
12797 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12798 if (!func_attr)
12799 goto nla_put_failure;
12800
12801 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
12802 func->instance_id))
12803 goto nla_put_failure;
12804
12805 nla_nest_end(msg, func_attr);
12806
12807 genlmsg_end(msg, hdr);
12808 return genlmsg_reply(msg, info);
12809
12810 nla_put_failure:
12811 nlmsg_free(msg);
12812 return -ENOBUFS;
12813 }
12814
nl80211_nan_del_func(struct sk_buff * skb,struct genl_info * info)12815 static int nl80211_nan_del_func(struct sk_buff *skb,
12816 struct genl_info *info)
12817 {
12818 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12819 struct wireless_dev *wdev = info->user_ptr[1];
12820 u64 cookie;
12821
12822 if (wdev->iftype != NL80211_IFTYPE_NAN)
12823 return -EOPNOTSUPP;
12824
12825 if (!wdev_running(wdev))
12826 return -ENOTCONN;
12827
12828 if (!info->attrs[NL80211_ATTR_COOKIE])
12829 return -EINVAL;
12830
12831 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12832
12833 rdev_del_nan_func(rdev, wdev, cookie);
12834
12835 return 0;
12836 }
12837
nl80211_nan_change_config(struct sk_buff * skb,struct genl_info * info)12838 static int nl80211_nan_change_config(struct sk_buff *skb,
12839 struct genl_info *info)
12840 {
12841 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12842 struct wireless_dev *wdev = info->user_ptr[1];
12843 struct cfg80211_nan_conf conf = {};
12844 u32 changed = 0;
12845
12846 if (wdev->iftype != NL80211_IFTYPE_NAN)
12847 return -EOPNOTSUPP;
12848
12849 if (!wdev_running(wdev))
12850 return -ENOTCONN;
12851
12852 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
12853 conf.master_pref =
12854 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12855 if (conf.master_pref <= 1 || conf.master_pref == 255)
12856 return -EINVAL;
12857
12858 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
12859 }
12860
12861 if (info->attrs[NL80211_ATTR_BANDS]) {
12862 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12863
12864 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12865 return -EOPNOTSUPP;
12866
12867 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12868 return -EINVAL;
12869
12870 conf.bands = bands;
12871 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
12872 }
12873
12874 if (!changed)
12875 return -EINVAL;
12876
12877 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
12878 }
12879
cfg80211_nan_match(struct wireless_dev * wdev,struct cfg80211_nan_match_params * match,gfp_t gfp)12880 void cfg80211_nan_match(struct wireless_dev *wdev,
12881 struct cfg80211_nan_match_params *match, gfp_t gfp)
12882 {
12883 struct wiphy *wiphy = wdev->wiphy;
12884 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12885 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
12886 struct sk_buff *msg;
12887 void *hdr;
12888
12889 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
12890 return;
12891
12892 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12893 if (!msg)
12894 return;
12895
12896 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
12897 if (!hdr) {
12898 nlmsg_free(msg);
12899 return;
12900 }
12901
12902 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12903 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12904 wdev->netdev->ifindex)) ||
12905 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12906 NL80211_ATTR_PAD))
12907 goto nla_put_failure;
12908
12909 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
12910 NL80211_ATTR_PAD) ||
12911 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
12912 goto nla_put_failure;
12913
12914 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
12915 if (!match_attr)
12916 goto nla_put_failure;
12917
12918 local_func_attr = nla_nest_start_noflag(msg,
12919 NL80211_NAN_MATCH_FUNC_LOCAL);
12920 if (!local_func_attr)
12921 goto nla_put_failure;
12922
12923 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
12924 goto nla_put_failure;
12925
12926 nla_nest_end(msg, local_func_attr);
12927
12928 peer_func_attr = nla_nest_start_noflag(msg,
12929 NL80211_NAN_MATCH_FUNC_PEER);
12930 if (!peer_func_attr)
12931 goto nla_put_failure;
12932
12933 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
12934 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
12935 goto nla_put_failure;
12936
12937 if (match->info && match->info_len &&
12938 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
12939 match->info))
12940 goto nla_put_failure;
12941
12942 nla_nest_end(msg, peer_func_attr);
12943 nla_nest_end(msg, match_attr);
12944 genlmsg_end(msg, hdr);
12945
12946 if (!wdev->owner_nlportid)
12947 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12948 msg, 0, NL80211_MCGRP_NAN, gfp);
12949 else
12950 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12951 wdev->owner_nlportid);
12952
12953 return;
12954
12955 nla_put_failure:
12956 nlmsg_free(msg);
12957 }
12958 EXPORT_SYMBOL(cfg80211_nan_match);
12959
cfg80211_nan_func_terminated(struct wireless_dev * wdev,u8 inst_id,enum nl80211_nan_func_term_reason reason,u64 cookie,gfp_t gfp)12960 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
12961 u8 inst_id,
12962 enum nl80211_nan_func_term_reason reason,
12963 u64 cookie, gfp_t gfp)
12964 {
12965 struct wiphy *wiphy = wdev->wiphy;
12966 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12967 struct sk_buff *msg;
12968 struct nlattr *func_attr;
12969 void *hdr;
12970
12971 if (WARN_ON(!inst_id))
12972 return;
12973
12974 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12975 if (!msg)
12976 return;
12977
12978 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
12979 if (!hdr) {
12980 nlmsg_free(msg);
12981 return;
12982 }
12983
12984 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12985 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12986 wdev->netdev->ifindex)) ||
12987 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12988 NL80211_ATTR_PAD))
12989 goto nla_put_failure;
12990
12991 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12992 NL80211_ATTR_PAD))
12993 goto nla_put_failure;
12994
12995 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12996 if (!func_attr)
12997 goto nla_put_failure;
12998
12999 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
13000 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
13001 goto nla_put_failure;
13002
13003 nla_nest_end(msg, func_attr);
13004 genlmsg_end(msg, hdr);
13005
13006 if (!wdev->owner_nlportid)
13007 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13008 msg, 0, NL80211_MCGRP_NAN, gfp);
13009 else
13010 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
13011 wdev->owner_nlportid);
13012
13013 return;
13014
13015 nla_put_failure:
13016 nlmsg_free(msg);
13017 }
13018 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
13019
nl80211_get_protocol_features(struct sk_buff * skb,struct genl_info * info)13020 static int nl80211_get_protocol_features(struct sk_buff *skb,
13021 struct genl_info *info)
13022 {
13023 void *hdr;
13024 struct sk_buff *msg;
13025
13026 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13027 if (!msg)
13028 return -ENOMEM;
13029
13030 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13031 NL80211_CMD_GET_PROTOCOL_FEATURES);
13032 if (!hdr)
13033 goto nla_put_failure;
13034
13035 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
13036 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
13037 goto nla_put_failure;
13038
13039 genlmsg_end(msg, hdr);
13040 return genlmsg_reply(msg, info);
13041
13042 nla_put_failure:
13043 kfree_skb(msg);
13044 return -ENOBUFS;
13045 }
13046
nl80211_update_ft_ies(struct sk_buff * skb,struct genl_info * info)13047 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
13048 {
13049 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13050 struct cfg80211_update_ft_ies_params ft_params;
13051 struct net_device *dev = info->user_ptr[1];
13052
13053 if (!rdev->ops->update_ft_ies)
13054 return -EOPNOTSUPP;
13055
13056 if (!info->attrs[NL80211_ATTR_MDID] ||
13057 !info->attrs[NL80211_ATTR_IE])
13058 return -EINVAL;
13059
13060 memset(&ft_params, 0, sizeof(ft_params));
13061 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
13062 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13063 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13064
13065 return rdev_update_ft_ies(rdev, dev, &ft_params);
13066 }
13067
nl80211_crit_protocol_start(struct sk_buff * skb,struct genl_info * info)13068 static int nl80211_crit_protocol_start(struct sk_buff *skb,
13069 struct genl_info *info)
13070 {
13071 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13072 struct wireless_dev *wdev = info->user_ptr[1];
13073 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
13074 u16 duration;
13075 int ret;
13076
13077 if (!rdev->ops->crit_proto_start)
13078 return -EOPNOTSUPP;
13079
13080 if (WARN_ON(!rdev->ops->crit_proto_stop))
13081 return -EINVAL;
13082
13083 if (rdev->crit_proto_nlportid)
13084 return -EBUSY;
13085
13086 /* determine protocol if provided */
13087 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
13088 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
13089
13090 if (proto >= NUM_NL80211_CRIT_PROTO)
13091 return -EINVAL;
13092
13093 /* timeout must be provided */
13094 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
13095 return -EINVAL;
13096
13097 duration =
13098 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
13099
13100 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
13101 return -ERANGE;
13102
13103 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
13104 if (!ret)
13105 rdev->crit_proto_nlportid = info->snd_portid;
13106
13107 return ret;
13108 }
13109
nl80211_crit_protocol_stop(struct sk_buff * skb,struct genl_info * info)13110 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
13111 struct genl_info *info)
13112 {
13113 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13114 struct wireless_dev *wdev = info->user_ptr[1];
13115
13116 if (!rdev->ops->crit_proto_stop)
13117 return -EOPNOTSUPP;
13118
13119 if (rdev->crit_proto_nlportid) {
13120 rdev->crit_proto_nlportid = 0;
13121 rdev_crit_proto_stop(rdev, wdev);
13122 }
13123 return 0;
13124 }
13125
nl80211_vendor_check_policy(const struct wiphy_vendor_command * vcmd,struct nlattr * attr,struct netlink_ext_ack * extack)13126 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
13127 struct nlattr *attr,
13128 struct netlink_ext_ack *extack)
13129 {
13130 if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
13131 if (attr->nla_type & NLA_F_NESTED) {
13132 NL_SET_ERR_MSG_ATTR(extack, attr,
13133 "unexpected nested data");
13134 return -EINVAL;
13135 }
13136
13137 return 0;
13138 }
13139
13140 if (!(attr->nla_type & NLA_F_NESTED)) {
13141 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
13142 return -EINVAL;
13143 }
13144
13145 return nl80211_validate_nested(attr, vcmd->maxattr, vcmd->policy,
13146 extack);
13147 }
13148
nl80211_vendor_cmd(struct sk_buff * skb,struct genl_info * info)13149 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
13150 {
13151 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13152 struct wireless_dev *wdev =
13153 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
13154 int i, err;
13155 u32 vid, subcmd;
13156
13157 if (!rdev->wiphy.vendor_commands)
13158 return -EOPNOTSUPP;
13159
13160 if (IS_ERR(wdev)) {
13161 err = PTR_ERR(wdev);
13162 if (err != -EINVAL)
13163 return err;
13164 wdev = NULL;
13165 } else if (wdev->wiphy != &rdev->wiphy) {
13166 return -EINVAL;
13167 }
13168
13169 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
13170 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
13171 return -EINVAL;
13172
13173 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
13174 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
13175 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
13176 const struct wiphy_vendor_command *vcmd;
13177 void *data = NULL;
13178 int len = 0;
13179
13180 vcmd = &rdev->wiphy.vendor_commands[i];
13181
13182 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13183 continue;
13184
13185 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13186 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13187 if (!wdev)
13188 return -EINVAL;
13189 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13190 !wdev->netdev)
13191 return -EINVAL;
13192
13193 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13194 if (!wdev_running(wdev))
13195 return -ENETDOWN;
13196 }
13197 } else {
13198 wdev = NULL;
13199 }
13200
13201 if (!vcmd->doit)
13202 return -EOPNOTSUPP;
13203
13204 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
13205 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13206 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13207
13208 err = nl80211_vendor_check_policy(vcmd,
13209 info->attrs[NL80211_ATTR_VENDOR_DATA],
13210 info->extack);
13211 if (err)
13212 return err;
13213 }
13214
13215 rdev->cur_cmd_info = info;
13216 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
13217 rdev->cur_cmd_info = NULL;
13218 return err;
13219 }
13220
13221 return -EOPNOTSUPP;
13222 }
13223
nl80211_prepare_vendor_dump(struct sk_buff * skb,struct netlink_callback * cb,struct cfg80211_registered_device ** rdev,struct wireless_dev ** wdev)13224 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
13225 struct netlink_callback *cb,
13226 struct cfg80211_registered_device **rdev,
13227 struct wireless_dev **wdev)
13228 {
13229 struct nlattr **attrbuf;
13230 u32 vid, subcmd;
13231 unsigned int i;
13232 int vcmd_idx = -1;
13233 int err;
13234 void *data = NULL;
13235 unsigned int data_len = 0;
13236
13237 if (cb->args[0]) {
13238 /* subtract the 1 again here */
13239 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
13240 struct wireless_dev *tmp;
13241
13242 if (!wiphy)
13243 return -ENODEV;
13244 *rdev = wiphy_to_rdev(wiphy);
13245 *wdev = NULL;
13246
13247 if (cb->args[1]) {
13248 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
13249 if (tmp->identifier == cb->args[1] - 1) {
13250 *wdev = tmp;
13251 break;
13252 }
13253 }
13254 }
13255
13256 /* keep rtnl locked in successful case */
13257 return 0;
13258 }
13259
13260 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
13261 if (!attrbuf)
13262 return -ENOMEM;
13263
13264 err = nlmsg_parse_deprecated(cb->nlh,
13265 GENL_HDRLEN + nl80211_fam.hdrsize,
13266 attrbuf, nl80211_fam.maxattr,
13267 nl80211_policy, NULL);
13268 if (err)
13269 goto out;
13270
13271 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
13272 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
13273 err = -EINVAL;
13274 goto out;
13275 }
13276
13277 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
13278 if (IS_ERR(*wdev))
13279 *wdev = NULL;
13280
13281 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
13282 if (IS_ERR(*rdev)) {
13283 err = PTR_ERR(*rdev);
13284 goto out;
13285 }
13286
13287 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
13288 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
13289
13290 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
13291 const struct wiphy_vendor_command *vcmd;
13292
13293 vcmd = &(*rdev)->wiphy.vendor_commands[i];
13294
13295 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13296 continue;
13297
13298 if (!vcmd->dumpit) {
13299 err = -EOPNOTSUPP;
13300 goto out;
13301 }
13302
13303 vcmd_idx = i;
13304 break;
13305 }
13306
13307 if (vcmd_idx < 0) {
13308 err = -EOPNOTSUPP;
13309 goto out;
13310 }
13311
13312 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
13313 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13314 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13315
13316 err = nl80211_vendor_check_policy(
13317 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
13318 attrbuf[NL80211_ATTR_VENDOR_DATA],
13319 cb->extack);
13320 if (err)
13321 goto out;
13322 }
13323
13324 /* 0 is the first index - add 1 to parse only once */
13325 cb->args[0] = (*rdev)->wiphy_idx + 1;
13326 /* add 1 to know if it was NULL */
13327 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
13328 cb->args[2] = vcmd_idx;
13329 cb->args[3] = (unsigned long)data;
13330 cb->args[4] = data_len;
13331
13332 /* keep rtnl locked in successful case */
13333 err = 0;
13334 out:
13335 kfree(attrbuf);
13336 return err;
13337 }
13338
nl80211_vendor_cmd_dump(struct sk_buff * skb,struct netlink_callback * cb)13339 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
13340 struct netlink_callback *cb)
13341 {
13342 struct cfg80211_registered_device *rdev;
13343 struct wireless_dev *wdev;
13344 unsigned int vcmd_idx;
13345 const struct wiphy_vendor_command *vcmd;
13346 void *data;
13347 int data_len;
13348 int err;
13349 struct nlattr *vendor_data;
13350
13351 rtnl_lock();
13352 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
13353 if (err)
13354 goto out;
13355
13356 vcmd_idx = cb->args[2];
13357 data = (void *)cb->args[3];
13358 data_len = cb->args[4];
13359 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
13360
13361 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13362 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13363 if (!wdev) {
13364 err = -EINVAL;
13365 goto out;
13366 }
13367 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13368 !wdev->netdev) {
13369 err = -EINVAL;
13370 goto out;
13371 }
13372
13373 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13374 if (!wdev_running(wdev)) {
13375 err = -ENETDOWN;
13376 goto out;
13377 }
13378 }
13379 }
13380
13381 while (1) {
13382 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13383 cb->nlh->nlmsg_seq, NLM_F_MULTI,
13384 NL80211_CMD_VENDOR);
13385 if (!hdr)
13386 break;
13387
13388 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13389 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
13390 wdev_id(wdev),
13391 NL80211_ATTR_PAD))) {
13392 genlmsg_cancel(skb, hdr);
13393 break;
13394 }
13395
13396 vendor_data = nla_nest_start_noflag(skb,
13397 NL80211_ATTR_VENDOR_DATA);
13398 if (!vendor_data) {
13399 genlmsg_cancel(skb, hdr);
13400 break;
13401 }
13402
13403 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
13404 (unsigned long *)&cb->args[5]);
13405 nla_nest_end(skb, vendor_data);
13406
13407 if (err == -ENOBUFS || err == -ENOENT) {
13408 genlmsg_cancel(skb, hdr);
13409 break;
13410 } else if (err) {
13411 genlmsg_cancel(skb, hdr);
13412 goto out;
13413 }
13414
13415 genlmsg_end(skb, hdr);
13416 }
13417
13418 err = skb->len;
13419 out:
13420 rtnl_unlock();
13421 return err;
13422 }
13423
__cfg80211_alloc_reply_skb(struct wiphy * wiphy,enum nl80211_commands cmd,enum nl80211_attrs attr,int approxlen)13424 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
13425 enum nl80211_commands cmd,
13426 enum nl80211_attrs attr,
13427 int approxlen)
13428 {
13429 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13430
13431 if (WARN_ON(!rdev->cur_cmd_info))
13432 return NULL;
13433
13434 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
13435 rdev->cur_cmd_info->snd_portid,
13436 rdev->cur_cmd_info->snd_seq,
13437 cmd, attr, NULL, GFP_KERNEL);
13438 }
13439 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
13440
cfg80211_vendor_cmd_reply(struct sk_buff * skb)13441 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
13442 {
13443 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
13444 void *hdr = ((void **)skb->cb)[1];
13445 struct nlattr *data = ((void **)skb->cb)[2];
13446
13447 /* clear CB data for netlink core to own from now on */
13448 memset(skb->cb, 0, sizeof(skb->cb));
13449
13450 if (WARN_ON(!rdev->cur_cmd_info)) {
13451 kfree_skb(skb);
13452 return -EINVAL;
13453 }
13454
13455 nla_nest_end(skb, data);
13456 genlmsg_end(skb, hdr);
13457 return genlmsg_reply(skb, rdev->cur_cmd_info);
13458 }
13459 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
13460
cfg80211_vendor_cmd_get_sender(struct wiphy * wiphy)13461 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
13462 {
13463 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13464
13465 if (WARN_ON(!rdev->cur_cmd_info))
13466 return 0;
13467
13468 return rdev->cur_cmd_info->snd_portid;
13469 }
13470 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
13471
nl80211_set_qos_map(struct sk_buff * skb,struct genl_info * info)13472 static int nl80211_set_qos_map(struct sk_buff *skb,
13473 struct genl_info *info)
13474 {
13475 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13476 struct cfg80211_qos_map *qos_map = NULL;
13477 struct net_device *dev = info->user_ptr[1];
13478 u8 *pos, len, num_des, des_len, des;
13479 int ret;
13480
13481 if (!rdev->ops->set_qos_map)
13482 return -EOPNOTSUPP;
13483
13484 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
13485 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
13486 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
13487
13488 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
13489 len > IEEE80211_QOS_MAP_LEN_MAX)
13490 return -EINVAL;
13491
13492 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
13493 if (!qos_map)
13494 return -ENOMEM;
13495
13496 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
13497 if (num_des) {
13498 des_len = num_des *
13499 sizeof(struct cfg80211_dscp_exception);
13500 memcpy(qos_map->dscp_exception, pos, des_len);
13501 qos_map->num_des = num_des;
13502 for (des = 0; des < num_des; des++) {
13503 if (qos_map->dscp_exception[des].up > 7) {
13504 kfree(qos_map);
13505 return -EINVAL;
13506 }
13507 }
13508 pos += des_len;
13509 }
13510 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
13511 }
13512
13513 wdev_lock(dev->ieee80211_ptr);
13514 ret = nl80211_key_allowed(dev->ieee80211_ptr);
13515 if (!ret)
13516 ret = rdev_set_qos_map(rdev, dev, qos_map);
13517 wdev_unlock(dev->ieee80211_ptr);
13518
13519 kfree(qos_map);
13520 return ret;
13521 }
13522
nl80211_add_tx_ts(struct sk_buff * skb,struct genl_info * info)13523 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
13524 {
13525 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13526 struct net_device *dev = info->user_ptr[1];
13527 struct wireless_dev *wdev = dev->ieee80211_ptr;
13528 const u8 *peer;
13529 u8 tsid, up;
13530 u16 admitted_time = 0;
13531 int err;
13532
13533 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
13534 return -EOPNOTSUPP;
13535
13536 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
13537 !info->attrs[NL80211_ATTR_USER_PRIO])
13538 return -EINVAL;
13539
13540 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13541 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
13542
13543 /* WMM uses TIDs 0-7 even for TSPEC */
13544 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
13545 /* TODO: handle 802.11 TSPEC/admission control
13546 * need more attributes for that (e.g. BA session requirement);
13547 * change the WMM adminssion test above to allow both then
13548 */
13549 return -EINVAL;
13550 }
13551
13552 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13553
13554 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
13555 admitted_time =
13556 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
13557 if (!admitted_time)
13558 return -EINVAL;
13559 }
13560
13561 wdev_lock(wdev);
13562 switch (wdev->iftype) {
13563 case NL80211_IFTYPE_STATION:
13564 case NL80211_IFTYPE_P2P_CLIENT:
13565 if (wdev->current_bss)
13566 break;
13567 err = -ENOTCONN;
13568 goto out;
13569 default:
13570 err = -EOPNOTSUPP;
13571 goto out;
13572 }
13573
13574 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
13575
13576 out:
13577 wdev_unlock(wdev);
13578 return err;
13579 }
13580
nl80211_del_tx_ts(struct sk_buff * skb,struct genl_info * info)13581 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
13582 {
13583 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13584 struct net_device *dev = info->user_ptr[1];
13585 struct wireless_dev *wdev = dev->ieee80211_ptr;
13586 const u8 *peer;
13587 u8 tsid;
13588 int err;
13589
13590 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
13591 return -EINVAL;
13592
13593 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13594 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13595
13596 wdev_lock(wdev);
13597 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
13598 wdev_unlock(wdev);
13599
13600 return err;
13601 }
13602
nl80211_tdls_channel_switch(struct sk_buff * skb,struct genl_info * info)13603 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
13604 struct genl_info *info)
13605 {
13606 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13607 struct net_device *dev = info->user_ptr[1];
13608 struct wireless_dev *wdev = dev->ieee80211_ptr;
13609 struct cfg80211_chan_def chandef = {};
13610 const u8 *addr;
13611 u8 oper_class;
13612 int err;
13613
13614 if (!rdev->ops->tdls_channel_switch ||
13615 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13616 return -EOPNOTSUPP;
13617
13618 switch (dev->ieee80211_ptr->iftype) {
13619 case NL80211_IFTYPE_STATION:
13620 case NL80211_IFTYPE_P2P_CLIENT:
13621 break;
13622 default:
13623 return -EOPNOTSUPP;
13624 }
13625
13626 if (!info->attrs[NL80211_ATTR_MAC] ||
13627 !info->attrs[NL80211_ATTR_OPER_CLASS])
13628 return -EINVAL;
13629
13630 err = nl80211_parse_chandef(rdev, info, &chandef);
13631 if (err)
13632 return err;
13633
13634 /*
13635 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
13636 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
13637 * specification is not defined for them.
13638 */
13639 if (chandef.chan->band == NL80211_BAND_2GHZ &&
13640 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
13641 chandef.width != NL80211_CHAN_WIDTH_20)
13642 return -EINVAL;
13643
13644 /* we will be active on the TDLS link */
13645 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
13646 wdev->iftype))
13647 return -EINVAL;
13648
13649 /* don't allow switching to DFS channels */
13650 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
13651 return -EINVAL;
13652
13653 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13654 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
13655
13656 wdev_lock(wdev);
13657 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
13658 wdev_unlock(wdev);
13659
13660 return err;
13661 }
13662
nl80211_tdls_cancel_channel_switch(struct sk_buff * skb,struct genl_info * info)13663 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
13664 struct genl_info *info)
13665 {
13666 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13667 struct net_device *dev = info->user_ptr[1];
13668 struct wireless_dev *wdev = dev->ieee80211_ptr;
13669 const u8 *addr;
13670
13671 if (!rdev->ops->tdls_channel_switch ||
13672 !rdev->ops->tdls_cancel_channel_switch ||
13673 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13674 return -EOPNOTSUPP;
13675
13676 switch (dev->ieee80211_ptr->iftype) {
13677 case NL80211_IFTYPE_STATION:
13678 case NL80211_IFTYPE_P2P_CLIENT:
13679 break;
13680 default:
13681 return -EOPNOTSUPP;
13682 }
13683
13684 if (!info->attrs[NL80211_ATTR_MAC])
13685 return -EINVAL;
13686
13687 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13688
13689 wdev_lock(wdev);
13690 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
13691 wdev_unlock(wdev);
13692
13693 return 0;
13694 }
13695
nl80211_set_multicast_to_unicast(struct sk_buff * skb,struct genl_info * info)13696 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
13697 struct genl_info *info)
13698 {
13699 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13700 struct net_device *dev = info->user_ptr[1];
13701 struct wireless_dev *wdev = dev->ieee80211_ptr;
13702 const struct nlattr *nla;
13703 bool enabled;
13704
13705 if (!rdev->ops->set_multicast_to_unicast)
13706 return -EOPNOTSUPP;
13707
13708 if (wdev->iftype != NL80211_IFTYPE_AP &&
13709 wdev->iftype != NL80211_IFTYPE_P2P_GO)
13710 return -EOPNOTSUPP;
13711
13712 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
13713 enabled = nla_get_flag(nla);
13714
13715 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
13716 }
13717
nl80211_set_pmk(struct sk_buff * skb,struct genl_info * info)13718 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
13719 {
13720 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13721 struct net_device *dev = info->user_ptr[1];
13722 struct wireless_dev *wdev = dev->ieee80211_ptr;
13723 struct cfg80211_pmk_conf pmk_conf = {};
13724 int ret;
13725
13726 if (wdev->iftype != NL80211_IFTYPE_STATION &&
13727 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13728 return -EOPNOTSUPP;
13729
13730 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13731 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13732 return -EOPNOTSUPP;
13733
13734 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
13735 return -EINVAL;
13736
13737 wdev_lock(wdev);
13738 if (!wdev->current_bss) {
13739 ret = -ENOTCONN;
13740 goto out;
13741 }
13742
13743 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13744 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
13745 ret = -EINVAL;
13746 goto out;
13747 }
13748
13749 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
13750 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
13751 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
13752 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
13753 ret = -EINVAL;
13754 goto out;
13755 }
13756
13757 if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
13758 int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13759
13760 if (r0_name_len != WLAN_PMK_NAME_LEN) {
13761 ret = -EINVAL;
13762 goto out;
13763 }
13764
13765 pmk_conf.pmk_r0_name =
13766 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13767 }
13768
13769 ret = rdev_set_pmk(rdev, dev, &pmk_conf);
13770 out:
13771 wdev_unlock(wdev);
13772 return ret;
13773 }
13774
nl80211_del_pmk(struct sk_buff * skb,struct genl_info * info)13775 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
13776 {
13777 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13778 struct net_device *dev = info->user_ptr[1];
13779 struct wireless_dev *wdev = dev->ieee80211_ptr;
13780 const u8 *aa;
13781 int ret;
13782
13783 if (wdev->iftype != NL80211_IFTYPE_STATION &&
13784 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13785 return -EOPNOTSUPP;
13786
13787 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13788 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13789 return -EOPNOTSUPP;
13790
13791 if (!info->attrs[NL80211_ATTR_MAC])
13792 return -EINVAL;
13793
13794 wdev_lock(wdev);
13795 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13796 ret = rdev_del_pmk(rdev, dev, aa);
13797 wdev_unlock(wdev);
13798
13799 return ret;
13800 }
13801
nl80211_external_auth(struct sk_buff * skb,struct genl_info * info)13802 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
13803 {
13804 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13805 struct net_device *dev = info->user_ptr[1];
13806 struct cfg80211_external_auth_params params;
13807
13808 if (!rdev->ops->external_auth)
13809 return -EOPNOTSUPP;
13810
13811 if (!info->attrs[NL80211_ATTR_SSID] &&
13812 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
13813 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
13814 return -EINVAL;
13815
13816 if (!info->attrs[NL80211_ATTR_BSSID])
13817 return -EINVAL;
13818
13819 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
13820 return -EINVAL;
13821
13822 memset(¶ms, 0, sizeof(params));
13823
13824 if (info->attrs[NL80211_ATTR_SSID]) {
13825 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13826 if (params.ssid.ssid_len == 0 ||
13827 params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
13828 return -EINVAL;
13829 memcpy(params.ssid.ssid,
13830 nla_data(info->attrs[NL80211_ATTR_SSID]),
13831 params.ssid.ssid_len);
13832 }
13833
13834 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
13835 ETH_ALEN);
13836
13837 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13838
13839 if (info->attrs[NL80211_ATTR_PMKID])
13840 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13841
13842 return rdev_external_auth(rdev, dev, ¶ms);
13843 }
13844
nl80211_tx_control_port(struct sk_buff * skb,struct genl_info * info)13845 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
13846 {
13847 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13848 struct net_device *dev = info->user_ptr[1];
13849 struct wireless_dev *wdev = dev->ieee80211_ptr;
13850 const u8 *buf;
13851 size_t len;
13852 u8 *dest;
13853 u16 proto;
13854 bool noencrypt;
13855 int err;
13856
13857 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13858 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
13859 return -EOPNOTSUPP;
13860
13861 if (!rdev->ops->tx_control_port)
13862 return -EOPNOTSUPP;
13863
13864 if (!info->attrs[NL80211_ATTR_FRAME] ||
13865 !info->attrs[NL80211_ATTR_MAC] ||
13866 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
13867 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
13868 return -EINVAL;
13869 }
13870
13871 wdev_lock(wdev);
13872
13873 switch (wdev->iftype) {
13874 case NL80211_IFTYPE_AP:
13875 case NL80211_IFTYPE_P2P_GO:
13876 case NL80211_IFTYPE_MESH_POINT:
13877 break;
13878 case NL80211_IFTYPE_ADHOC:
13879 case NL80211_IFTYPE_STATION:
13880 case NL80211_IFTYPE_P2P_CLIENT:
13881 if (wdev->current_bss)
13882 break;
13883 err = -ENOTCONN;
13884 goto out;
13885 default:
13886 err = -EOPNOTSUPP;
13887 goto out;
13888 }
13889
13890 wdev_unlock(wdev);
13891
13892 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13893 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13894 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13895 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
13896 noencrypt =
13897 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
13898
13899 return rdev_tx_control_port(rdev, dev, buf, len,
13900 dest, cpu_to_be16(proto), noencrypt);
13901
13902 out:
13903 wdev_unlock(wdev);
13904 return err;
13905 }
13906
nl80211_get_ftm_responder_stats(struct sk_buff * skb,struct genl_info * info)13907 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
13908 struct genl_info *info)
13909 {
13910 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13911 struct net_device *dev = info->user_ptr[1];
13912 struct wireless_dev *wdev = dev->ieee80211_ptr;
13913 struct cfg80211_ftm_responder_stats ftm_stats = {};
13914 struct sk_buff *msg;
13915 void *hdr;
13916 struct nlattr *ftm_stats_attr;
13917 int err;
13918
13919 if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
13920 return -EOPNOTSUPP;
13921
13922 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
13923 if (err)
13924 return err;
13925
13926 if (!ftm_stats.filled)
13927 return -ENODATA;
13928
13929 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13930 if (!msg)
13931 return -ENOMEM;
13932
13933 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13934 NL80211_CMD_GET_FTM_RESPONDER_STATS);
13935 if (!hdr)
13936 goto nla_put_failure;
13937
13938 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
13939 goto nla_put_failure;
13940
13941 ftm_stats_attr = nla_nest_start_noflag(msg,
13942 NL80211_ATTR_FTM_RESPONDER_STATS);
13943 if (!ftm_stats_attr)
13944 goto nla_put_failure;
13945
13946 #define SET_FTM(field, name, type) \
13947 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13948 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
13949 ftm_stats.field)) \
13950 goto nla_put_failure; } while (0)
13951 #define SET_FTM_U64(field, name) \
13952 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13953 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
13954 ftm_stats.field, NL80211_FTM_STATS_PAD)) \
13955 goto nla_put_failure; } while (0)
13956
13957 SET_FTM(success_num, SUCCESS_NUM, u32);
13958 SET_FTM(partial_num, PARTIAL_NUM, u32);
13959 SET_FTM(failed_num, FAILED_NUM, u32);
13960 SET_FTM(asap_num, ASAP_NUM, u32);
13961 SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
13962 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
13963 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
13964 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
13965 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
13966 #undef SET_FTM
13967
13968 nla_nest_end(msg, ftm_stats_attr);
13969
13970 genlmsg_end(msg, hdr);
13971 return genlmsg_reply(msg, info);
13972
13973 nla_put_failure:
13974 nlmsg_free(msg);
13975 return -ENOBUFS;
13976 }
13977
nl80211_update_owe_info(struct sk_buff * skb,struct genl_info * info)13978 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
13979 {
13980 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13981 struct cfg80211_update_owe_info owe_info;
13982 struct net_device *dev = info->user_ptr[1];
13983
13984 if (!rdev->ops->update_owe_info)
13985 return -EOPNOTSUPP;
13986
13987 if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
13988 !info->attrs[NL80211_ATTR_MAC])
13989 return -EINVAL;
13990
13991 memset(&owe_info, 0, sizeof(owe_info));
13992 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13993 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
13994
13995 if (info->attrs[NL80211_ATTR_IE]) {
13996 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13997 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13998 }
13999
14000 return rdev_update_owe_info(rdev, dev, &owe_info);
14001 }
14002
nl80211_probe_mesh_link(struct sk_buff * skb,struct genl_info * info)14003 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
14004 {
14005 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14006 struct net_device *dev = info->user_ptr[1];
14007 struct wireless_dev *wdev = dev->ieee80211_ptr;
14008 struct station_info sinfo = {};
14009 const u8 *buf;
14010 size_t len;
14011 u8 *dest;
14012 int err;
14013
14014 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
14015 return -EOPNOTSUPP;
14016
14017 if (!info->attrs[NL80211_ATTR_MAC] ||
14018 !info->attrs[NL80211_ATTR_FRAME]) {
14019 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
14020 return -EINVAL;
14021 }
14022
14023 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
14024 return -EOPNOTSUPP;
14025
14026 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
14027 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14028 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14029
14030 if (len < sizeof(struct ethhdr))
14031 return -EINVAL;
14032
14033 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
14034 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
14035 return -EINVAL;
14036
14037 err = rdev_get_station(rdev, dev, dest, &sinfo);
14038 if (err)
14039 return err;
14040
14041 cfg80211_sinfo_release_content(&sinfo);
14042
14043 return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
14044 }
14045
parse_tid_conf(struct cfg80211_registered_device * rdev,struct nlattr * attrs[],struct net_device * dev,struct cfg80211_tid_cfg * tid_conf,struct genl_info * info,const u8 * peer)14046 static int parse_tid_conf(struct cfg80211_registered_device *rdev,
14047 struct nlattr *attrs[], struct net_device *dev,
14048 struct cfg80211_tid_cfg *tid_conf,
14049 struct genl_info *info, const u8 *peer)
14050 {
14051 struct netlink_ext_ack *extack = info->extack;
14052 u64 mask;
14053 int err;
14054
14055 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
14056 return -EINVAL;
14057
14058 tid_conf->config_override =
14059 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
14060 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
14061
14062 if (tid_conf->config_override) {
14063 if (rdev->ops->reset_tid_config) {
14064 err = rdev_reset_tid_config(rdev, dev, peer,
14065 tid_conf->tids);
14066 /* If peer is there no other configuration will be
14067 * allowed
14068 */
14069 if (err || peer)
14070 return err;
14071 } else {
14072 return -EINVAL;
14073 }
14074 }
14075
14076 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
14077 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
14078 tid_conf->noack =
14079 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
14080 }
14081
14082 if (peer)
14083 mask = rdev->wiphy.tid_config_support.peer;
14084 else
14085 mask = rdev->wiphy.tid_config_support.vif;
14086
14087 if (tid_conf->mask & ~mask) {
14088 NL_SET_ERR_MSG(extack, "unsupported TID configuration");
14089 return -ENOTSUPP;
14090 }
14091
14092 return 0;
14093 }
14094
nl80211_set_tid_config(struct sk_buff * skb,struct genl_info * info)14095 static int nl80211_set_tid_config(struct sk_buff *skb,
14096 struct genl_info *info)
14097 {
14098 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14099 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
14100 struct net_device *dev = info->user_ptr[1];
14101 struct cfg80211_tid_config *tid_config;
14102 struct nlattr *tid;
14103 int conf_idx = 0, rem_conf;
14104 int ret = -EINVAL;
14105 u32 num_conf = 0;
14106
14107 if (!info->attrs[NL80211_ATTR_TID_CONFIG])
14108 return -EINVAL;
14109
14110 if (!rdev->ops->set_tid_config)
14111 return -EOPNOTSUPP;
14112
14113 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14114 rem_conf)
14115 num_conf++;
14116
14117 tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
14118 GFP_KERNEL);
14119 if (!tid_config)
14120 return -ENOMEM;
14121
14122 tid_config->n_tid_conf = num_conf;
14123
14124 if (info->attrs[NL80211_ATTR_MAC])
14125 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14126
14127 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14128 rem_conf) {
14129 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
14130 tid, NULL, NULL);
14131
14132 if (ret)
14133 goto bad_tid_conf;
14134
14135 ret = parse_tid_conf(rdev, attrs, dev,
14136 &tid_config->tid_conf[conf_idx],
14137 info, tid_config->peer);
14138 if (ret)
14139 goto bad_tid_conf;
14140
14141 conf_idx++;
14142 }
14143
14144 ret = rdev_set_tid_config(rdev, dev, tid_config);
14145
14146 bad_tid_conf:
14147 kfree(tid_config);
14148 return ret;
14149 }
14150
14151 #define NL80211_FLAG_NEED_WIPHY 0x01
14152 #define NL80211_FLAG_NEED_NETDEV 0x02
14153 #define NL80211_FLAG_NEED_RTNL 0x04
14154 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
14155 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
14156 NL80211_FLAG_CHECK_NETDEV_UP)
14157 #define NL80211_FLAG_NEED_WDEV 0x10
14158 /* If a netdev is associated, it must be UP, P2P must be started */
14159 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
14160 NL80211_FLAG_CHECK_NETDEV_UP)
14161 #define NL80211_FLAG_CLEAR_SKB 0x20
14162
nl80211_pre_doit(const struct genl_ops * ops,struct sk_buff * skb,struct genl_info * info)14163 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
14164 struct genl_info *info)
14165 {
14166 struct cfg80211_registered_device *rdev;
14167 struct wireless_dev *wdev;
14168 struct net_device *dev;
14169 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
14170
14171 if (rtnl)
14172 rtnl_lock();
14173
14174 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
14175 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
14176 if (IS_ERR(rdev)) {
14177 if (rtnl)
14178 rtnl_unlock();
14179 return PTR_ERR(rdev);
14180 }
14181 info->user_ptr[0] = rdev;
14182 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
14183 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14184 ASSERT_RTNL();
14185
14186 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
14187 info->attrs);
14188 if (IS_ERR(wdev)) {
14189 if (rtnl)
14190 rtnl_unlock();
14191 return PTR_ERR(wdev);
14192 }
14193
14194 dev = wdev->netdev;
14195 rdev = wiphy_to_rdev(wdev->wiphy);
14196
14197 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
14198 if (!dev) {
14199 if (rtnl)
14200 rtnl_unlock();
14201 return -EINVAL;
14202 }
14203
14204 info->user_ptr[1] = dev;
14205 } else {
14206 info->user_ptr[1] = wdev;
14207 }
14208
14209 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
14210 !wdev_running(wdev)) {
14211 if (rtnl)
14212 rtnl_unlock();
14213 return -ENETDOWN;
14214 }
14215
14216 if (dev)
14217 dev_hold(dev);
14218
14219 info->user_ptr[0] = rdev;
14220 }
14221
14222 return 0;
14223 }
14224
nl80211_post_doit(const struct genl_ops * ops,struct sk_buff * skb,struct genl_info * info)14225 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
14226 struct genl_info *info)
14227 {
14228 if (info->user_ptr[1]) {
14229 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14230 struct wireless_dev *wdev = info->user_ptr[1];
14231
14232 if (wdev->netdev)
14233 dev_put(wdev->netdev);
14234 } else {
14235 dev_put(info->user_ptr[1]);
14236 }
14237 }
14238
14239 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
14240 rtnl_unlock();
14241
14242 /* If needed, clear the netlink message payload from the SKB
14243 * as it might contain key data that shouldn't stick around on
14244 * the heap after the SKB is freed. The netlink message header
14245 * is still needed for further processing, so leave it intact.
14246 */
14247 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
14248 struct nlmsghdr *nlh = nlmsg_hdr(skb);
14249
14250 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
14251 }
14252 }
14253
14254 static const struct genl_ops nl80211_ops[] = {
14255 {
14256 .cmd = NL80211_CMD_GET_WIPHY,
14257 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14258 .doit = nl80211_get_wiphy,
14259 .dumpit = nl80211_dump_wiphy,
14260 .done = nl80211_dump_wiphy_done,
14261 /* can be retrieved by unprivileged users */
14262 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14263 NL80211_FLAG_NEED_RTNL,
14264 },
14265 {
14266 .cmd = NL80211_CMD_SET_WIPHY,
14267 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14268 .doit = nl80211_set_wiphy,
14269 .flags = GENL_UNS_ADMIN_PERM,
14270 .internal_flags = NL80211_FLAG_NEED_RTNL,
14271 },
14272 {
14273 .cmd = NL80211_CMD_GET_INTERFACE,
14274 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14275 .doit = nl80211_get_interface,
14276 .dumpit = nl80211_dump_interface,
14277 /* can be retrieved by unprivileged users */
14278 .internal_flags = NL80211_FLAG_NEED_WDEV |
14279 NL80211_FLAG_NEED_RTNL,
14280 },
14281 {
14282 .cmd = NL80211_CMD_SET_INTERFACE,
14283 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14284 .doit = nl80211_set_interface,
14285 .flags = GENL_UNS_ADMIN_PERM,
14286 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14287 NL80211_FLAG_NEED_RTNL,
14288 },
14289 {
14290 .cmd = NL80211_CMD_NEW_INTERFACE,
14291 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14292 .doit = nl80211_new_interface,
14293 .flags = GENL_UNS_ADMIN_PERM,
14294 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14295 NL80211_FLAG_NEED_RTNL,
14296 },
14297 {
14298 .cmd = NL80211_CMD_DEL_INTERFACE,
14299 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14300 .doit = nl80211_del_interface,
14301 .flags = GENL_UNS_ADMIN_PERM,
14302 .internal_flags = NL80211_FLAG_NEED_WDEV |
14303 NL80211_FLAG_NEED_RTNL,
14304 },
14305 {
14306 .cmd = NL80211_CMD_GET_KEY,
14307 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14308 .doit = nl80211_get_key,
14309 .flags = GENL_UNS_ADMIN_PERM,
14310 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14311 NL80211_FLAG_NEED_RTNL,
14312 },
14313 {
14314 .cmd = NL80211_CMD_SET_KEY,
14315 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14316 .doit = nl80211_set_key,
14317 .flags = GENL_UNS_ADMIN_PERM,
14318 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14319 NL80211_FLAG_NEED_RTNL |
14320 NL80211_FLAG_CLEAR_SKB,
14321 },
14322 {
14323 .cmd = NL80211_CMD_NEW_KEY,
14324 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14325 .doit = nl80211_new_key,
14326 .flags = GENL_UNS_ADMIN_PERM,
14327 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14328 NL80211_FLAG_NEED_RTNL |
14329 NL80211_FLAG_CLEAR_SKB,
14330 },
14331 {
14332 .cmd = NL80211_CMD_DEL_KEY,
14333 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14334 .doit = nl80211_del_key,
14335 .flags = GENL_UNS_ADMIN_PERM,
14336 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14337 NL80211_FLAG_NEED_RTNL,
14338 },
14339 {
14340 .cmd = NL80211_CMD_SET_BEACON,
14341 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14342 .flags = GENL_UNS_ADMIN_PERM,
14343 .doit = nl80211_set_beacon,
14344 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14345 NL80211_FLAG_NEED_RTNL,
14346 },
14347 {
14348 .cmd = NL80211_CMD_START_AP,
14349 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14350 .flags = GENL_UNS_ADMIN_PERM,
14351 .doit = nl80211_start_ap,
14352 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14353 NL80211_FLAG_NEED_RTNL,
14354 },
14355 {
14356 .cmd = NL80211_CMD_STOP_AP,
14357 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14358 .flags = GENL_UNS_ADMIN_PERM,
14359 .doit = nl80211_stop_ap,
14360 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14361 NL80211_FLAG_NEED_RTNL,
14362 },
14363 {
14364 .cmd = NL80211_CMD_GET_STATION,
14365 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14366 .doit = nl80211_get_station,
14367 .dumpit = nl80211_dump_station,
14368 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14369 NL80211_FLAG_NEED_RTNL,
14370 },
14371 {
14372 .cmd = NL80211_CMD_SET_STATION,
14373 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14374 .doit = nl80211_set_station,
14375 .flags = GENL_UNS_ADMIN_PERM,
14376 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14377 NL80211_FLAG_NEED_RTNL,
14378 },
14379 {
14380 .cmd = NL80211_CMD_NEW_STATION,
14381 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14382 .doit = nl80211_new_station,
14383 .flags = GENL_UNS_ADMIN_PERM,
14384 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14385 NL80211_FLAG_NEED_RTNL,
14386 },
14387 {
14388 .cmd = NL80211_CMD_DEL_STATION,
14389 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14390 .doit = nl80211_del_station,
14391 .flags = GENL_UNS_ADMIN_PERM,
14392 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14393 NL80211_FLAG_NEED_RTNL,
14394 },
14395 {
14396 .cmd = NL80211_CMD_GET_MPATH,
14397 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14398 .doit = nl80211_get_mpath,
14399 .dumpit = nl80211_dump_mpath,
14400 .flags = GENL_UNS_ADMIN_PERM,
14401 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14402 NL80211_FLAG_NEED_RTNL,
14403 },
14404 {
14405 .cmd = NL80211_CMD_GET_MPP,
14406 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14407 .doit = nl80211_get_mpp,
14408 .dumpit = nl80211_dump_mpp,
14409 .flags = GENL_UNS_ADMIN_PERM,
14410 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14411 NL80211_FLAG_NEED_RTNL,
14412 },
14413 {
14414 .cmd = NL80211_CMD_SET_MPATH,
14415 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14416 .doit = nl80211_set_mpath,
14417 .flags = GENL_UNS_ADMIN_PERM,
14418 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14419 NL80211_FLAG_NEED_RTNL,
14420 },
14421 {
14422 .cmd = NL80211_CMD_NEW_MPATH,
14423 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14424 .doit = nl80211_new_mpath,
14425 .flags = GENL_UNS_ADMIN_PERM,
14426 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14427 NL80211_FLAG_NEED_RTNL,
14428 },
14429 {
14430 .cmd = NL80211_CMD_DEL_MPATH,
14431 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14432 .doit = nl80211_del_mpath,
14433 .flags = GENL_UNS_ADMIN_PERM,
14434 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14435 NL80211_FLAG_NEED_RTNL,
14436 },
14437 {
14438 .cmd = NL80211_CMD_SET_BSS,
14439 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14440 .doit = nl80211_set_bss,
14441 .flags = GENL_UNS_ADMIN_PERM,
14442 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14443 NL80211_FLAG_NEED_RTNL,
14444 },
14445 {
14446 .cmd = NL80211_CMD_GET_REG,
14447 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14448 .doit = nl80211_get_reg_do,
14449 .dumpit = nl80211_get_reg_dump,
14450 .internal_flags = NL80211_FLAG_NEED_RTNL,
14451 /* can be retrieved by unprivileged users */
14452 },
14453 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
14454 {
14455 .cmd = NL80211_CMD_SET_REG,
14456 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14457 .doit = nl80211_set_reg,
14458 .flags = GENL_ADMIN_PERM,
14459 .internal_flags = NL80211_FLAG_NEED_RTNL,
14460 },
14461 #endif
14462 {
14463 .cmd = NL80211_CMD_REQ_SET_REG,
14464 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14465 .doit = nl80211_req_set_reg,
14466 .flags = GENL_ADMIN_PERM,
14467 },
14468 {
14469 .cmd = NL80211_CMD_RELOAD_REGDB,
14470 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14471 .doit = nl80211_reload_regdb,
14472 .flags = GENL_ADMIN_PERM,
14473 },
14474 {
14475 .cmd = NL80211_CMD_GET_MESH_CONFIG,
14476 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14477 .doit = nl80211_get_mesh_config,
14478 /* can be retrieved by unprivileged users */
14479 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14480 NL80211_FLAG_NEED_RTNL,
14481 },
14482 {
14483 .cmd = NL80211_CMD_SET_MESH_CONFIG,
14484 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14485 .doit = nl80211_update_mesh_config,
14486 .flags = GENL_UNS_ADMIN_PERM,
14487 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14488 NL80211_FLAG_NEED_RTNL,
14489 },
14490 {
14491 .cmd = NL80211_CMD_TRIGGER_SCAN,
14492 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14493 .doit = nl80211_trigger_scan,
14494 .flags = GENL_UNS_ADMIN_PERM,
14495 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14496 NL80211_FLAG_NEED_RTNL,
14497 },
14498 {
14499 .cmd = NL80211_CMD_ABORT_SCAN,
14500 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14501 .doit = nl80211_abort_scan,
14502 .flags = GENL_UNS_ADMIN_PERM,
14503 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14504 NL80211_FLAG_NEED_RTNL,
14505 },
14506 {
14507 .cmd = NL80211_CMD_GET_SCAN,
14508 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14509 .dumpit = nl80211_dump_scan,
14510 },
14511 {
14512 .cmd = NL80211_CMD_START_SCHED_SCAN,
14513 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14514 .doit = nl80211_start_sched_scan,
14515 .flags = GENL_UNS_ADMIN_PERM,
14516 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14517 NL80211_FLAG_NEED_RTNL,
14518 },
14519 {
14520 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
14521 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14522 .doit = nl80211_stop_sched_scan,
14523 .flags = GENL_UNS_ADMIN_PERM,
14524 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14525 NL80211_FLAG_NEED_RTNL,
14526 },
14527 {
14528 .cmd = NL80211_CMD_AUTHENTICATE,
14529 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14530 .doit = nl80211_authenticate,
14531 .flags = GENL_UNS_ADMIN_PERM,
14532 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14533 NL80211_FLAG_NEED_RTNL |
14534 NL80211_FLAG_CLEAR_SKB,
14535 },
14536 {
14537 .cmd = NL80211_CMD_ASSOCIATE,
14538 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14539 .doit = nl80211_associate,
14540 .flags = GENL_UNS_ADMIN_PERM,
14541 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14542 NL80211_FLAG_NEED_RTNL |
14543 NL80211_FLAG_CLEAR_SKB,
14544 },
14545 {
14546 .cmd = NL80211_CMD_DEAUTHENTICATE,
14547 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14548 .doit = nl80211_deauthenticate,
14549 .flags = GENL_UNS_ADMIN_PERM,
14550 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14551 NL80211_FLAG_NEED_RTNL,
14552 },
14553 {
14554 .cmd = NL80211_CMD_DISASSOCIATE,
14555 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14556 .doit = nl80211_disassociate,
14557 .flags = GENL_UNS_ADMIN_PERM,
14558 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14559 NL80211_FLAG_NEED_RTNL,
14560 },
14561 {
14562 .cmd = NL80211_CMD_JOIN_IBSS,
14563 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14564 .doit = nl80211_join_ibss,
14565 .flags = GENL_UNS_ADMIN_PERM,
14566 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14567 NL80211_FLAG_NEED_RTNL,
14568 },
14569 {
14570 .cmd = NL80211_CMD_LEAVE_IBSS,
14571 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14572 .doit = nl80211_leave_ibss,
14573 .flags = GENL_UNS_ADMIN_PERM,
14574 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14575 NL80211_FLAG_NEED_RTNL,
14576 },
14577 #ifdef CONFIG_NL80211_TESTMODE
14578 {
14579 .cmd = NL80211_CMD_TESTMODE,
14580 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14581 .doit = nl80211_testmode_do,
14582 .dumpit = nl80211_testmode_dump,
14583 .flags = GENL_UNS_ADMIN_PERM,
14584 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14585 NL80211_FLAG_NEED_RTNL,
14586 },
14587 #endif
14588 {
14589 .cmd = NL80211_CMD_CONNECT,
14590 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14591 .doit = nl80211_connect,
14592 .flags = GENL_UNS_ADMIN_PERM,
14593 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14594 NL80211_FLAG_NEED_RTNL |
14595 NL80211_FLAG_CLEAR_SKB,
14596 },
14597 {
14598 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
14599 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14600 .doit = nl80211_update_connect_params,
14601 .flags = GENL_ADMIN_PERM,
14602 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14603 NL80211_FLAG_NEED_RTNL |
14604 NL80211_FLAG_CLEAR_SKB,
14605 },
14606 {
14607 .cmd = NL80211_CMD_DISCONNECT,
14608 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14609 .doit = nl80211_disconnect,
14610 .flags = GENL_UNS_ADMIN_PERM,
14611 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14612 NL80211_FLAG_NEED_RTNL,
14613 },
14614 {
14615 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
14616 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14617 .doit = nl80211_wiphy_netns,
14618 .flags = GENL_UNS_ADMIN_PERM,
14619 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14620 NL80211_FLAG_NEED_RTNL,
14621 },
14622 {
14623 .cmd = NL80211_CMD_GET_SURVEY,
14624 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14625 .dumpit = nl80211_dump_survey,
14626 },
14627 {
14628 .cmd = NL80211_CMD_SET_PMKSA,
14629 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14630 .doit = nl80211_setdel_pmksa,
14631 .flags = GENL_UNS_ADMIN_PERM,
14632 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14633 NL80211_FLAG_NEED_RTNL |
14634 NL80211_FLAG_CLEAR_SKB,
14635 },
14636 {
14637 .cmd = NL80211_CMD_DEL_PMKSA,
14638 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14639 .doit = nl80211_setdel_pmksa,
14640 .flags = GENL_UNS_ADMIN_PERM,
14641 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14642 NL80211_FLAG_NEED_RTNL,
14643 },
14644 {
14645 .cmd = NL80211_CMD_FLUSH_PMKSA,
14646 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14647 .doit = nl80211_flush_pmksa,
14648 .flags = GENL_UNS_ADMIN_PERM,
14649 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14650 NL80211_FLAG_NEED_RTNL,
14651 },
14652 {
14653 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
14654 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14655 .doit = nl80211_remain_on_channel,
14656 .flags = GENL_UNS_ADMIN_PERM,
14657 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14658 NL80211_FLAG_NEED_RTNL,
14659 },
14660 {
14661 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14662 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14663 .doit = nl80211_cancel_remain_on_channel,
14664 .flags = GENL_UNS_ADMIN_PERM,
14665 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14666 NL80211_FLAG_NEED_RTNL,
14667 },
14668 {
14669 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
14670 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14671 .doit = nl80211_set_tx_bitrate_mask,
14672 .flags = GENL_UNS_ADMIN_PERM,
14673 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14674 NL80211_FLAG_NEED_RTNL,
14675 },
14676 {
14677 .cmd = NL80211_CMD_REGISTER_FRAME,
14678 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14679 .doit = nl80211_register_mgmt,
14680 .flags = GENL_UNS_ADMIN_PERM,
14681 .internal_flags = NL80211_FLAG_NEED_WDEV |
14682 NL80211_FLAG_NEED_RTNL,
14683 },
14684 {
14685 .cmd = NL80211_CMD_FRAME,
14686 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14687 .doit = nl80211_tx_mgmt,
14688 .flags = GENL_UNS_ADMIN_PERM,
14689 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14690 NL80211_FLAG_NEED_RTNL,
14691 },
14692 {
14693 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
14694 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14695 .doit = nl80211_tx_mgmt_cancel_wait,
14696 .flags = GENL_UNS_ADMIN_PERM,
14697 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14698 NL80211_FLAG_NEED_RTNL,
14699 },
14700 {
14701 .cmd = NL80211_CMD_SET_POWER_SAVE,
14702 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14703 .doit = nl80211_set_power_save,
14704 .flags = GENL_UNS_ADMIN_PERM,
14705 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14706 NL80211_FLAG_NEED_RTNL,
14707 },
14708 {
14709 .cmd = NL80211_CMD_GET_POWER_SAVE,
14710 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14711 .doit = nl80211_get_power_save,
14712 /* can be retrieved by unprivileged users */
14713 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14714 NL80211_FLAG_NEED_RTNL,
14715 },
14716 {
14717 .cmd = NL80211_CMD_SET_CQM,
14718 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14719 .doit = nl80211_set_cqm,
14720 .flags = GENL_UNS_ADMIN_PERM,
14721 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14722 NL80211_FLAG_NEED_RTNL,
14723 },
14724 {
14725 .cmd = NL80211_CMD_SET_CHANNEL,
14726 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14727 .doit = nl80211_set_channel,
14728 .flags = GENL_UNS_ADMIN_PERM,
14729 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14730 NL80211_FLAG_NEED_RTNL,
14731 },
14732 {
14733 .cmd = NL80211_CMD_SET_WDS_PEER,
14734 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14735 .doit = nl80211_set_wds_peer,
14736 .flags = GENL_UNS_ADMIN_PERM,
14737 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14738 NL80211_FLAG_NEED_RTNL,
14739 },
14740 {
14741 .cmd = NL80211_CMD_JOIN_MESH,
14742 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14743 .doit = nl80211_join_mesh,
14744 .flags = GENL_UNS_ADMIN_PERM,
14745 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14746 NL80211_FLAG_NEED_RTNL,
14747 },
14748 {
14749 .cmd = NL80211_CMD_LEAVE_MESH,
14750 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14751 .doit = nl80211_leave_mesh,
14752 .flags = GENL_UNS_ADMIN_PERM,
14753 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14754 NL80211_FLAG_NEED_RTNL,
14755 },
14756 {
14757 .cmd = NL80211_CMD_JOIN_OCB,
14758 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14759 .doit = nl80211_join_ocb,
14760 .flags = GENL_UNS_ADMIN_PERM,
14761 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14762 NL80211_FLAG_NEED_RTNL,
14763 },
14764 {
14765 .cmd = NL80211_CMD_LEAVE_OCB,
14766 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14767 .doit = nl80211_leave_ocb,
14768 .flags = GENL_UNS_ADMIN_PERM,
14769 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14770 NL80211_FLAG_NEED_RTNL,
14771 },
14772 #ifdef CONFIG_PM
14773 {
14774 .cmd = NL80211_CMD_GET_WOWLAN,
14775 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14776 .doit = nl80211_get_wowlan,
14777 /* can be retrieved by unprivileged users */
14778 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14779 NL80211_FLAG_NEED_RTNL,
14780 },
14781 {
14782 .cmd = NL80211_CMD_SET_WOWLAN,
14783 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14784 .doit = nl80211_set_wowlan,
14785 .flags = GENL_UNS_ADMIN_PERM,
14786 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14787 NL80211_FLAG_NEED_RTNL,
14788 },
14789 #endif
14790 {
14791 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
14792 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14793 .doit = nl80211_set_rekey_data,
14794 .flags = GENL_UNS_ADMIN_PERM,
14795 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14796 NL80211_FLAG_NEED_RTNL |
14797 NL80211_FLAG_CLEAR_SKB,
14798 },
14799 {
14800 .cmd = NL80211_CMD_TDLS_MGMT,
14801 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14802 .doit = nl80211_tdls_mgmt,
14803 .flags = GENL_UNS_ADMIN_PERM,
14804 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14805 NL80211_FLAG_NEED_RTNL,
14806 },
14807 {
14808 .cmd = NL80211_CMD_TDLS_OPER,
14809 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14810 .doit = nl80211_tdls_oper,
14811 .flags = GENL_UNS_ADMIN_PERM,
14812 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14813 NL80211_FLAG_NEED_RTNL,
14814 },
14815 {
14816 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
14817 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14818 .doit = nl80211_register_unexpected_frame,
14819 .flags = GENL_UNS_ADMIN_PERM,
14820 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14821 NL80211_FLAG_NEED_RTNL,
14822 },
14823 {
14824 .cmd = NL80211_CMD_PROBE_CLIENT,
14825 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14826 .doit = nl80211_probe_client,
14827 .flags = GENL_UNS_ADMIN_PERM,
14828 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14829 NL80211_FLAG_NEED_RTNL,
14830 },
14831 {
14832 .cmd = NL80211_CMD_REGISTER_BEACONS,
14833 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14834 .doit = nl80211_register_beacons,
14835 .flags = GENL_UNS_ADMIN_PERM,
14836 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14837 NL80211_FLAG_NEED_RTNL,
14838 },
14839 {
14840 .cmd = NL80211_CMD_SET_NOACK_MAP,
14841 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14842 .doit = nl80211_set_noack_map,
14843 .flags = GENL_UNS_ADMIN_PERM,
14844 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14845 NL80211_FLAG_NEED_RTNL,
14846 },
14847 {
14848 .cmd = NL80211_CMD_START_P2P_DEVICE,
14849 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14850 .doit = nl80211_start_p2p_device,
14851 .flags = GENL_UNS_ADMIN_PERM,
14852 .internal_flags = NL80211_FLAG_NEED_WDEV |
14853 NL80211_FLAG_NEED_RTNL,
14854 },
14855 {
14856 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
14857 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14858 .doit = nl80211_stop_p2p_device,
14859 .flags = GENL_UNS_ADMIN_PERM,
14860 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14861 NL80211_FLAG_NEED_RTNL,
14862 },
14863 {
14864 .cmd = NL80211_CMD_START_NAN,
14865 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14866 .doit = nl80211_start_nan,
14867 .flags = GENL_ADMIN_PERM,
14868 .internal_flags = NL80211_FLAG_NEED_WDEV |
14869 NL80211_FLAG_NEED_RTNL,
14870 },
14871 {
14872 .cmd = NL80211_CMD_STOP_NAN,
14873 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14874 .doit = nl80211_stop_nan,
14875 .flags = GENL_ADMIN_PERM,
14876 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14877 NL80211_FLAG_NEED_RTNL,
14878 },
14879 {
14880 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
14881 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14882 .doit = nl80211_nan_add_func,
14883 .flags = GENL_ADMIN_PERM,
14884 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14885 NL80211_FLAG_NEED_RTNL,
14886 },
14887 {
14888 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
14889 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14890 .doit = nl80211_nan_del_func,
14891 .flags = GENL_ADMIN_PERM,
14892 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14893 NL80211_FLAG_NEED_RTNL,
14894 },
14895 {
14896 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
14897 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14898 .doit = nl80211_nan_change_config,
14899 .flags = GENL_ADMIN_PERM,
14900 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14901 NL80211_FLAG_NEED_RTNL,
14902 },
14903 {
14904 .cmd = NL80211_CMD_SET_MCAST_RATE,
14905 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14906 .doit = nl80211_set_mcast_rate,
14907 .flags = GENL_UNS_ADMIN_PERM,
14908 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14909 NL80211_FLAG_NEED_RTNL,
14910 },
14911 {
14912 .cmd = NL80211_CMD_SET_MAC_ACL,
14913 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14914 .doit = nl80211_set_mac_acl,
14915 .flags = GENL_UNS_ADMIN_PERM,
14916 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14917 NL80211_FLAG_NEED_RTNL,
14918 },
14919 {
14920 .cmd = NL80211_CMD_RADAR_DETECT,
14921 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14922 .doit = nl80211_start_radar_detection,
14923 .flags = GENL_UNS_ADMIN_PERM,
14924 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14925 NL80211_FLAG_NEED_RTNL,
14926 },
14927 {
14928 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
14929 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14930 .doit = nl80211_get_protocol_features,
14931 },
14932 {
14933 .cmd = NL80211_CMD_UPDATE_FT_IES,
14934 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14935 .doit = nl80211_update_ft_ies,
14936 .flags = GENL_UNS_ADMIN_PERM,
14937 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14938 NL80211_FLAG_NEED_RTNL,
14939 },
14940 {
14941 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
14942 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14943 .doit = nl80211_crit_protocol_start,
14944 .flags = GENL_UNS_ADMIN_PERM,
14945 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14946 NL80211_FLAG_NEED_RTNL,
14947 },
14948 {
14949 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
14950 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14951 .doit = nl80211_crit_protocol_stop,
14952 .flags = GENL_UNS_ADMIN_PERM,
14953 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14954 NL80211_FLAG_NEED_RTNL,
14955 },
14956 {
14957 .cmd = NL80211_CMD_GET_COALESCE,
14958 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14959 .doit = nl80211_get_coalesce,
14960 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14961 NL80211_FLAG_NEED_RTNL,
14962 },
14963 {
14964 .cmd = NL80211_CMD_SET_COALESCE,
14965 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14966 .doit = nl80211_set_coalesce,
14967 .flags = GENL_UNS_ADMIN_PERM,
14968 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14969 NL80211_FLAG_NEED_RTNL,
14970 },
14971 {
14972 .cmd = NL80211_CMD_CHANNEL_SWITCH,
14973 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14974 .doit = nl80211_channel_switch,
14975 .flags = GENL_UNS_ADMIN_PERM,
14976 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14977 NL80211_FLAG_NEED_RTNL,
14978 },
14979 {
14980 .cmd = NL80211_CMD_VENDOR,
14981 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14982 .doit = nl80211_vendor_cmd,
14983 .dumpit = nl80211_vendor_cmd_dump,
14984 .flags = GENL_UNS_ADMIN_PERM,
14985 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14986 NL80211_FLAG_NEED_RTNL |
14987 NL80211_FLAG_CLEAR_SKB,
14988 },
14989 {
14990 .cmd = NL80211_CMD_SET_QOS_MAP,
14991 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14992 .doit = nl80211_set_qos_map,
14993 .flags = GENL_UNS_ADMIN_PERM,
14994 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14995 NL80211_FLAG_NEED_RTNL,
14996 },
14997 {
14998 .cmd = NL80211_CMD_ADD_TX_TS,
14999 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15000 .doit = nl80211_add_tx_ts,
15001 .flags = GENL_UNS_ADMIN_PERM,
15002 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15003 NL80211_FLAG_NEED_RTNL,
15004 },
15005 {
15006 .cmd = NL80211_CMD_DEL_TX_TS,
15007 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15008 .doit = nl80211_del_tx_ts,
15009 .flags = GENL_UNS_ADMIN_PERM,
15010 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15011 NL80211_FLAG_NEED_RTNL,
15012 },
15013 {
15014 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
15015 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15016 .doit = nl80211_tdls_channel_switch,
15017 .flags = GENL_UNS_ADMIN_PERM,
15018 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15019 NL80211_FLAG_NEED_RTNL,
15020 },
15021 {
15022 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
15023 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15024 .doit = nl80211_tdls_cancel_channel_switch,
15025 .flags = GENL_UNS_ADMIN_PERM,
15026 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15027 NL80211_FLAG_NEED_RTNL,
15028 },
15029 {
15030 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
15031 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15032 .doit = nl80211_set_multicast_to_unicast,
15033 .flags = GENL_UNS_ADMIN_PERM,
15034 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15035 NL80211_FLAG_NEED_RTNL,
15036 },
15037 {
15038 .cmd = NL80211_CMD_SET_PMK,
15039 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15040 .doit = nl80211_set_pmk,
15041 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15042 NL80211_FLAG_NEED_RTNL |
15043 NL80211_FLAG_CLEAR_SKB,
15044 },
15045 {
15046 .cmd = NL80211_CMD_DEL_PMK,
15047 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15048 .doit = nl80211_del_pmk,
15049 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15050 NL80211_FLAG_NEED_RTNL,
15051 },
15052 {
15053 .cmd = NL80211_CMD_EXTERNAL_AUTH,
15054 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15055 .doit = nl80211_external_auth,
15056 .flags = GENL_ADMIN_PERM,
15057 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15058 NL80211_FLAG_NEED_RTNL,
15059 },
15060 {
15061 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
15062 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15063 .doit = nl80211_tx_control_port,
15064 .flags = GENL_UNS_ADMIN_PERM,
15065 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15066 NL80211_FLAG_NEED_RTNL,
15067 },
15068 {
15069 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
15070 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15071 .doit = nl80211_get_ftm_responder_stats,
15072 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15073 NL80211_FLAG_NEED_RTNL,
15074 },
15075 {
15076 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
15077 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15078 .doit = nl80211_pmsr_start,
15079 .flags = GENL_UNS_ADMIN_PERM,
15080 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15081 NL80211_FLAG_NEED_RTNL,
15082 },
15083 {
15084 .cmd = NL80211_CMD_NOTIFY_RADAR,
15085 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15086 .doit = nl80211_notify_radar_detection,
15087 .flags = GENL_UNS_ADMIN_PERM,
15088 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15089 NL80211_FLAG_NEED_RTNL,
15090 },
15091 {
15092 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
15093 .doit = nl80211_update_owe_info,
15094 .flags = GENL_ADMIN_PERM,
15095 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15096 NL80211_FLAG_NEED_RTNL,
15097 },
15098 {
15099 .cmd = NL80211_CMD_PROBE_MESH_LINK,
15100 .doit = nl80211_probe_mesh_link,
15101 .flags = GENL_UNS_ADMIN_PERM,
15102 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15103 NL80211_FLAG_NEED_RTNL,
15104 },
15105 {
15106 .cmd = NL80211_CMD_SET_TID_CONFIG,
15107 .doit = nl80211_set_tid_config,
15108 .flags = GENL_UNS_ADMIN_PERM,
15109 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15110 NL80211_FLAG_NEED_RTNL,
15111 },
15112 };
15113
15114 static struct genl_family nl80211_fam __ro_after_init = {
15115 .name = NL80211_GENL_NAME, /* have users key off the name instead */
15116 .hdrsize = 0, /* no private header */
15117 .version = 1, /* no particular meaning now */
15118 .maxattr = NL80211_ATTR_MAX,
15119 .policy = nl80211_policy,
15120 .netnsok = true,
15121 .pre_doit = nl80211_pre_doit,
15122 .post_doit = nl80211_post_doit,
15123 .module = THIS_MODULE,
15124 .ops = nl80211_ops,
15125 .n_ops = ARRAY_SIZE(nl80211_ops),
15126 .mcgrps = nl80211_mcgrps,
15127 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
15128 .parallel_ops = true,
15129 };
15130
15131 /* notification functions */
15132
nl80211_notify_wiphy(struct cfg80211_registered_device * rdev,enum nl80211_commands cmd)15133 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
15134 enum nl80211_commands cmd)
15135 {
15136 struct sk_buff *msg;
15137 struct nl80211_dump_wiphy_state state = {};
15138
15139 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
15140 cmd != NL80211_CMD_DEL_WIPHY);
15141
15142 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15143 if (!msg)
15144 return;
15145
15146 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
15147 nlmsg_free(msg);
15148 return;
15149 }
15150
15151 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15152 NL80211_MCGRP_CONFIG, GFP_KERNEL);
15153 }
15154
nl80211_notify_iface(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,enum nl80211_commands cmd)15155 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
15156 struct wireless_dev *wdev,
15157 enum nl80211_commands cmd)
15158 {
15159 struct sk_buff *msg;
15160
15161 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15162 if (!msg)
15163 return;
15164
15165 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
15166 nlmsg_free(msg);
15167 return;
15168 }
15169
15170 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15171 NL80211_MCGRP_CONFIG, GFP_KERNEL);
15172 }
15173
nl80211_add_scan_req(struct sk_buff * msg,struct cfg80211_registered_device * rdev)15174 static int nl80211_add_scan_req(struct sk_buff *msg,
15175 struct cfg80211_registered_device *rdev)
15176 {
15177 struct cfg80211_scan_request *req = rdev->scan_req;
15178 struct nlattr *nest;
15179 int i;
15180
15181 if (WARN_ON(!req))
15182 return 0;
15183
15184 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
15185 if (!nest)
15186 goto nla_put_failure;
15187 for (i = 0; i < req->n_ssids; i++) {
15188 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
15189 goto nla_put_failure;
15190 }
15191 nla_nest_end(msg, nest);
15192
15193 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
15194 if (!nest)
15195 goto nla_put_failure;
15196 for (i = 0; i < req->n_channels; i++) {
15197 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
15198 goto nla_put_failure;
15199 }
15200 nla_nest_end(msg, nest);
15201
15202 if (req->ie &&
15203 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
15204 goto nla_put_failure;
15205
15206 if (req->flags &&
15207 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
15208 goto nla_put_failure;
15209
15210 if (req->info.scan_start_tsf &&
15211 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
15212 req->info.scan_start_tsf, NL80211_BSS_PAD) ||
15213 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
15214 req->info.tsf_bssid)))
15215 goto nla_put_failure;
15216
15217 return 0;
15218 nla_put_failure:
15219 return -ENOBUFS;
15220 }
15221
nl80211_prep_scan_msg(struct sk_buff * msg,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 portid,u32 seq,int flags,u32 cmd)15222 static int nl80211_prep_scan_msg(struct sk_buff *msg,
15223 struct cfg80211_registered_device *rdev,
15224 struct wireless_dev *wdev,
15225 u32 portid, u32 seq, int flags,
15226 u32 cmd)
15227 {
15228 void *hdr;
15229
15230 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
15231 if (!hdr)
15232 return -1;
15233
15234 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15235 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15236 wdev->netdev->ifindex)) ||
15237 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15238 NL80211_ATTR_PAD))
15239 goto nla_put_failure;
15240
15241 /* ignore errors and send incomplete event anyway */
15242 nl80211_add_scan_req(msg, rdev);
15243
15244 genlmsg_end(msg, hdr);
15245 return 0;
15246
15247 nla_put_failure:
15248 genlmsg_cancel(msg, hdr);
15249 return -EMSGSIZE;
15250 }
15251
15252 static int
nl80211_prep_sched_scan_msg(struct sk_buff * msg,struct cfg80211_sched_scan_request * req,u32 cmd)15253 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
15254 struct cfg80211_sched_scan_request *req, u32 cmd)
15255 {
15256 void *hdr;
15257
15258 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15259 if (!hdr)
15260 return -1;
15261
15262 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
15263 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
15264 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
15265 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
15266 NL80211_ATTR_PAD))
15267 goto nla_put_failure;
15268
15269 genlmsg_end(msg, hdr);
15270 return 0;
15271
15272 nla_put_failure:
15273 genlmsg_cancel(msg, hdr);
15274 return -EMSGSIZE;
15275 }
15276
nl80211_send_scan_start(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev)15277 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
15278 struct wireless_dev *wdev)
15279 {
15280 struct sk_buff *msg;
15281
15282 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15283 if (!msg)
15284 return;
15285
15286 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
15287 NL80211_CMD_TRIGGER_SCAN) < 0) {
15288 nlmsg_free(msg);
15289 return;
15290 }
15291
15292 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15293 NL80211_MCGRP_SCAN, GFP_KERNEL);
15294 }
15295
nl80211_build_scan_msg(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,bool aborted)15296 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
15297 struct wireless_dev *wdev, bool aborted)
15298 {
15299 struct sk_buff *msg;
15300
15301 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15302 if (!msg)
15303 return NULL;
15304
15305 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
15306 aborted ? NL80211_CMD_SCAN_ABORTED :
15307 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
15308 nlmsg_free(msg);
15309 return NULL;
15310 }
15311
15312 return msg;
15313 }
15314
15315 /* send message created by nl80211_build_scan_msg() */
nl80211_send_scan_msg(struct cfg80211_registered_device * rdev,struct sk_buff * msg)15316 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
15317 struct sk_buff *msg)
15318 {
15319 if (!msg)
15320 return;
15321
15322 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15323 NL80211_MCGRP_SCAN, GFP_KERNEL);
15324 }
15325
nl80211_send_sched_scan(struct cfg80211_sched_scan_request * req,u32 cmd)15326 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
15327 {
15328 struct sk_buff *msg;
15329
15330 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15331 if (!msg)
15332 return;
15333
15334 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
15335 nlmsg_free(msg);
15336 return;
15337 }
15338
15339 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
15340 NL80211_MCGRP_SCAN, GFP_KERNEL);
15341 }
15342
nl80211_reg_change_event_fill(struct sk_buff * msg,struct regulatory_request * request)15343 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
15344 struct regulatory_request *request)
15345 {
15346 /* Userspace can always count this one always being set */
15347 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
15348 goto nla_put_failure;
15349
15350 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
15351 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15352 NL80211_REGDOM_TYPE_WORLD))
15353 goto nla_put_failure;
15354 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
15355 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15356 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
15357 goto nla_put_failure;
15358 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
15359 request->intersect) {
15360 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15361 NL80211_REGDOM_TYPE_INTERSECTION))
15362 goto nla_put_failure;
15363 } else {
15364 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15365 NL80211_REGDOM_TYPE_COUNTRY) ||
15366 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
15367 request->alpha2))
15368 goto nla_put_failure;
15369 }
15370
15371 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
15372 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
15373
15374 if (wiphy &&
15375 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
15376 goto nla_put_failure;
15377
15378 if (wiphy &&
15379 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
15380 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
15381 goto nla_put_failure;
15382 }
15383
15384 return true;
15385
15386 nla_put_failure:
15387 return false;
15388 }
15389
15390 /*
15391 * This can happen on global regulatory changes or device specific settings
15392 * based on custom regulatory domains.
15393 */
nl80211_common_reg_change_event(enum nl80211_commands cmd_id,struct regulatory_request * request)15394 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
15395 struct regulatory_request *request)
15396 {
15397 struct sk_buff *msg;
15398 void *hdr;
15399
15400 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15401 if (!msg)
15402 return;
15403
15404 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
15405 if (!hdr)
15406 goto nla_put_failure;
15407
15408 if (!nl80211_reg_change_event_fill(msg, request))
15409 goto nla_put_failure;
15410
15411 genlmsg_end(msg, hdr);
15412
15413 rcu_read_lock();
15414 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15415 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15416 rcu_read_unlock();
15417
15418 return;
15419
15420 nla_put_failure:
15421 nlmsg_free(msg);
15422 }
15423
nl80211_send_mlme_event(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,enum nl80211_commands cmd,gfp_t gfp,int uapsd_queues,const u8 * req_ies,size_t req_ies_len)15424 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
15425 struct net_device *netdev,
15426 const u8 *buf, size_t len,
15427 enum nl80211_commands cmd, gfp_t gfp,
15428 int uapsd_queues, const u8 *req_ies,
15429 size_t req_ies_len)
15430 {
15431 struct sk_buff *msg;
15432 void *hdr;
15433
15434 msg = nlmsg_new(100 + len + req_ies_len, gfp);
15435 if (!msg)
15436 return;
15437
15438 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15439 if (!hdr) {
15440 nlmsg_free(msg);
15441 return;
15442 }
15443
15444 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15445 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15446 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15447 (req_ies &&
15448 nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
15449 goto nla_put_failure;
15450
15451 if (uapsd_queues >= 0) {
15452 struct nlattr *nla_wmm =
15453 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
15454 if (!nla_wmm)
15455 goto nla_put_failure;
15456
15457 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
15458 uapsd_queues))
15459 goto nla_put_failure;
15460
15461 nla_nest_end(msg, nla_wmm);
15462 }
15463
15464 genlmsg_end(msg, hdr);
15465
15466 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15467 NL80211_MCGRP_MLME, gfp);
15468 return;
15469
15470 nla_put_failure:
15471 nlmsg_free(msg);
15472 }
15473
nl80211_send_rx_auth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,gfp_t gfp)15474 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
15475 struct net_device *netdev, const u8 *buf,
15476 size_t len, gfp_t gfp)
15477 {
15478 nl80211_send_mlme_event(rdev, netdev, buf, len,
15479 NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0);
15480 }
15481
nl80211_send_rx_assoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,gfp_t gfp,int uapsd_queues,const u8 * req_ies,size_t req_ies_len)15482 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
15483 struct net_device *netdev, const u8 *buf,
15484 size_t len, gfp_t gfp, int uapsd_queues,
15485 const u8 *req_ies, size_t req_ies_len)
15486 {
15487 nl80211_send_mlme_event(rdev, netdev, buf, len,
15488 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
15489 req_ies, req_ies_len);
15490 }
15491
nl80211_send_deauth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,gfp_t gfp)15492 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
15493 struct net_device *netdev, const u8 *buf,
15494 size_t len, gfp_t gfp)
15495 {
15496 nl80211_send_mlme_event(rdev, netdev, buf, len,
15497 NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0);
15498 }
15499
nl80211_send_disassoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,gfp_t gfp)15500 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
15501 struct net_device *netdev, const u8 *buf,
15502 size_t len, gfp_t gfp)
15503 {
15504 nl80211_send_mlme_event(rdev, netdev, buf, len,
15505 NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0);
15506 }
15507
cfg80211_rx_unprot_mlme_mgmt(struct net_device * dev,const u8 * buf,size_t len)15508 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
15509 size_t len)
15510 {
15511 struct wireless_dev *wdev = dev->ieee80211_ptr;
15512 struct wiphy *wiphy = wdev->wiphy;
15513 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15514 const struct ieee80211_mgmt *mgmt = (void *)buf;
15515 u32 cmd;
15516
15517 if (WARN_ON(len < 2))
15518 return;
15519
15520 if (ieee80211_is_deauth(mgmt->frame_control))
15521 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
15522 else
15523 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
15524
15525 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
15526 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
15527 NULL, 0);
15528 }
15529 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
15530
nl80211_send_mlme_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,int cmd,const u8 * addr,gfp_t gfp)15531 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
15532 struct net_device *netdev, int cmd,
15533 const u8 *addr, gfp_t gfp)
15534 {
15535 struct sk_buff *msg;
15536 void *hdr;
15537
15538 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15539 if (!msg)
15540 return;
15541
15542 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15543 if (!hdr) {
15544 nlmsg_free(msg);
15545 return;
15546 }
15547
15548 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15549 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15550 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15551 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
15552 goto nla_put_failure;
15553
15554 genlmsg_end(msg, hdr);
15555
15556 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15557 NL80211_MCGRP_MLME, gfp);
15558 return;
15559
15560 nla_put_failure:
15561 nlmsg_free(msg);
15562 }
15563
nl80211_send_auth_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)15564 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
15565 struct net_device *netdev, const u8 *addr,
15566 gfp_t gfp)
15567 {
15568 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
15569 addr, gfp);
15570 }
15571
nl80211_send_assoc_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)15572 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
15573 struct net_device *netdev, const u8 *addr,
15574 gfp_t gfp)
15575 {
15576 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
15577 addr, gfp);
15578 }
15579
nl80211_send_connect_result(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_connect_resp_params * cr,gfp_t gfp)15580 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
15581 struct net_device *netdev,
15582 struct cfg80211_connect_resp_params *cr,
15583 gfp_t gfp)
15584 {
15585 struct sk_buff *msg;
15586 void *hdr;
15587
15588 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
15589 cr->fils.kek_len + cr->fils.pmk_len +
15590 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15591 if (!msg)
15592 return;
15593
15594 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
15595 if (!hdr) {
15596 nlmsg_free(msg);
15597 return;
15598 }
15599
15600 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15601 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15602 (cr->bssid &&
15603 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
15604 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
15605 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
15606 cr->status) ||
15607 (cr->status < 0 &&
15608 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15609 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
15610 cr->timeout_reason))) ||
15611 (cr->req_ie &&
15612 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
15613 (cr->resp_ie &&
15614 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
15615 cr->resp_ie)) ||
15616 (cr->fils.update_erp_next_seq_num &&
15617 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15618 cr->fils.erp_next_seq_num)) ||
15619 (cr->status == WLAN_STATUS_SUCCESS &&
15620 ((cr->fils.kek &&
15621 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
15622 cr->fils.kek)) ||
15623 (cr->fils.pmk &&
15624 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
15625 (cr->fils.pmkid &&
15626 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
15627 goto nla_put_failure;
15628
15629 genlmsg_end(msg, hdr);
15630
15631 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15632 NL80211_MCGRP_MLME, gfp);
15633 return;
15634
15635 nla_put_failure:
15636 nlmsg_free(msg);
15637 }
15638
nl80211_send_roamed(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_roam_info * info,gfp_t gfp)15639 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
15640 struct net_device *netdev,
15641 struct cfg80211_roam_info *info, gfp_t gfp)
15642 {
15643 struct sk_buff *msg;
15644 void *hdr;
15645 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
15646
15647 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
15648 info->fils.kek_len + info->fils.pmk_len +
15649 (info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15650 if (!msg)
15651 return;
15652
15653 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
15654 if (!hdr) {
15655 nlmsg_free(msg);
15656 return;
15657 }
15658
15659 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15660 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15661 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
15662 (info->req_ie &&
15663 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
15664 info->req_ie)) ||
15665 (info->resp_ie &&
15666 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
15667 info->resp_ie)) ||
15668 (info->fils.update_erp_next_seq_num &&
15669 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15670 info->fils.erp_next_seq_num)) ||
15671 (info->fils.kek &&
15672 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
15673 info->fils.kek)) ||
15674 (info->fils.pmk &&
15675 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
15676 (info->fils.pmkid &&
15677 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
15678 goto nla_put_failure;
15679
15680 genlmsg_end(msg, hdr);
15681
15682 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15683 NL80211_MCGRP_MLME, gfp);
15684 return;
15685
15686 nla_put_failure:
15687 nlmsg_free(msg);
15688 }
15689
nl80211_send_port_authorized(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid)15690 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
15691 struct net_device *netdev, const u8 *bssid)
15692 {
15693 struct sk_buff *msg;
15694 void *hdr;
15695
15696 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15697 if (!msg)
15698 return;
15699
15700 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
15701 if (!hdr) {
15702 nlmsg_free(msg);
15703 return;
15704 }
15705
15706 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15707 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15708 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15709 goto nla_put_failure;
15710
15711 genlmsg_end(msg, hdr);
15712
15713 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15714 NL80211_MCGRP_MLME, GFP_KERNEL);
15715 return;
15716
15717 nla_put_failure:
15718 nlmsg_free(msg);
15719 }
15720
nl80211_send_disconnected(struct cfg80211_registered_device * rdev,struct net_device * netdev,u16 reason,const u8 * ie,size_t ie_len,bool from_ap)15721 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
15722 struct net_device *netdev, u16 reason,
15723 const u8 *ie, size_t ie_len, bool from_ap)
15724 {
15725 struct sk_buff *msg;
15726 void *hdr;
15727
15728 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
15729 if (!msg)
15730 return;
15731
15732 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
15733 if (!hdr) {
15734 nlmsg_free(msg);
15735 return;
15736 }
15737
15738 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15739 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15740 (reason &&
15741 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
15742 (from_ap &&
15743 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
15744 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
15745 goto nla_put_failure;
15746
15747 genlmsg_end(msg, hdr);
15748
15749 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15750 NL80211_MCGRP_MLME, GFP_KERNEL);
15751 return;
15752
15753 nla_put_failure:
15754 nlmsg_free(msg);
15755 }
15756
nl80211_send_ibss_bssid(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,gfp_t gfp)15757 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
15758 struct net_device *netdev, const u8 *bssid,
15759 gfp_t gfp)
15760 {
15761 struct sk_buff *msg;
15762 void *hdr;
15763
15764 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15765 if (!msg)
15766 return;
15767
15768 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
15769 if (!hdr) {
15770 nlmsg_free(msg);
15771 return;
15772 }
15773
15774 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15775 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15776 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15777 goto nla_put_failure;
15778
15779 genlmsg_end(msg, hdr);
15780
15781 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15782 NL80211_MCGRP_MLME, gfp);
15783 return;
15784
15785 nla_put_failure:
15786 nlmsg_free(msg);
15787 }
15788
cfg80211_notify_new_peer_candidate(struct net_device * dev,const u8 * addr,const u8 * ie,u8 ie_len,int sig_dbm,gfp_t gfp)15789 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
15790 const u8 *ie, u8 ie_len,
15791 int sig_dbm, gfp_t gfp)
15792 {
15793 struct wireless_dev *wdev = dev->ieee80211_ptr;
15794 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15795 struct sk_buff *msg;
15796 void *hdr;
15797
15798 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
15799 return;
15800
15801 trace_cfg80211_notify_new_peer_candidate(dev, addr);
15802
15803 msg = nlmsg_new(100 + ie_len, gfp);
15804 if (!msg)
15805 return;
15806
15807 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
15808 if (!hdr) {
15809 nlmsg_free(msg);
15810 return;
15811 }
15812
15813 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15814 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15815 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15816 (ie_len && ie &&
15817 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
15818 (sig_dbm &&
15819 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
15820 goto nla_put_failure;
15821
15822 genlmsg_end(msg, hdr);
15823
15824 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15825 NL80211_MCGRP_MLME, gfp);
15826 return;
15827
15828 nla_put_failure:
15829 nlmsg_free(msg);
15830 }
15831 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
15832
nl80211_michael_mic_failure(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,enum nl80211_key_type key_type,int key_id,const u8 * tsc,gfp_t gfp)15833 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
15834 struct net_device *netdev, const u8 *addr,
15835 enum nl80211_key_type key_type, int key_id,
15836 const u8 *tsc, gfp_t gfp)
15837 {
15838 struct sk_buff *msg;
15839 void *hdr;
15840
15841 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15842 if (!msg)
15843 return;
15844
15845 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
15846 if (!hdr) {
15847 nlmsg_free(msg);
15848 return;
15849 }
15850
15851 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15852 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15853 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
15854 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
15855 (key_id != -1 &&
15856 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
15857 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
15858 goto nla_put_failure;
15859
15860 genlmsg_end(msg, hdr);
15861
15862 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15863 NL80211_MCGRP_MLME, gfp);
15864 return;
15865
15866 nla_put_failure:
15867 nlmsg_free(msg);
15868 }
15869
nl80211_send_beacon_hint_event(struct wiphy * wiphy,struct ieee80211_channel * channel_before,struct ieee80211_channel * channel_after)15870 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
15871 struct ieee80211_channel *channel_before,
15872 struct ieee80211_channel *channel_after)
15873 {
15874 struct sk_buff *msg;
15875 void *hdr;
15876 struct nlattr *nl_freq;
15877
15878 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
15879 if (!msg)
15880 return;
15881
15882 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
15883 if (!hdr) {
15884 nlmsg_free(msg);
15885 return;
15886 }
15887
15888 /*
15889 * Since we are applying the beacon hint to a wiphy we know its
15890 * wiphy_idx is valid
15891 */
15892 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
15893 goto nla_put_failure;
15894
15895 /* Before */
15896 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
15897 if (!nl_freq)
15898 goto nla_put_failure;
15899
15900 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
15901 goto nla_put_failure;
15902 nla_nest_end(msg, nl_freq);
15903
15904 /* After */
15905 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
15906 if (!nl_freq)
15907 goto nla_put_failure;
15908
15909 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
15910 goto nla_put_failure;
15911 nla_nest_end(msg, nl_freq);
15912
15913 genlmsg_end(msg, hdr);
15914
15915 rcu_read_lock();
15916 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15917 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15918 rcu_read_unlock();
15919
15920 return;
15921
15922 nla_put_failure:
15923 nlmsg_free(msg);
15924 }
15925
nl80211_send_remain_on_chan_event(int cmd,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)15926 static void nl80211_send_remain_on_chan_event(
15927 int cmd, struct cfg80211_registered_device *rdev,
15928 struct wireless_dev *wdev, u64 cookie,
15929 struct ieee80211_channel *chan,
15930 unsigned int duration, gfp_t gfp)
15931 {
15932 struct sk_buff *msg;
15933 void *hdr;
15934
15935 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15936 if (!msg)
15937 return;
15938
15939 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15940 if (!hdr) {
15941 nlmsg_free(msg);
15942 return;
15943 }
15944
15945 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15946 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15947 wdev->netdev->ifindex)) ||
15948 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15949 NL80211_ATTR_PAD) ||
15950 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
15951 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
15952 NL80211_CHAN_NO_HT) ||
15953 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15954 NL80211_ATTR_PAD))
15955 goto nla_put_failure;
15956
15957 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
15958 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
15959 goto nla_put_failure;
15960
15961 genlmsg_end(msg, hdr);
15962
15963 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15964 NL80211_MCGRP_MLME, gfp);
15965 return;
15966
15967 nla_put_failure:
15968 nlmsg_free(msg);
15969 }
15970
cfg80211_ready_on_channel(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)15971 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
15972 struct ieee80211_channel *chan,
15973 unsigned int duration, gfp_t gfp)
15974 {
15975 struct wiphy *wiphy = wdev->wiphy;
15976 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15977
15978 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
15979 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
15980 rdev, wdev, cookie, chan,
15981 duration, gfp);
15982 }
15983 EXPORT_SYMBOL(cfg80211_ready_on_channel);
15984
cfg80211_remain_on_channel_expired(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,gfp_t gfp)15985 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
15986 struct ieee80211_channel *chan,
15987 gfp_t gfp)
15988 {
15989 struct wiphy *wiphy = wdev->wiphy;
15990 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15991
15992 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
15993 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15994 rdev, wdev, cookie, chan, 0, gfp);
15995 }
15996 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
15997
cfg80211_tx_mgmt_expired(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,gfp_t gfp)15998 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
15999 struct ieee80211_channel *chan,
16000 gfp_t gfp)
16001 {
16002 struct wiphy *wiphy = wdev->wiphy;
16003 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16004
16005 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
16006 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
16007 rdev, wdev, cookie, chan, 0, gfp);
16008 }
16009 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
16010
cfg80211_new_sta(struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo,gfp_t gfp)16011 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
16012 struct station_info *sinfo, gfp_t gfp)
16013 {
16014 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16015 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16016 struct sk_buff *msg;
16017
16018 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
16019
16020 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16021 if (!msg)
16022 return;
16023
16024 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
16025 rdev, dev, mac_addr, sinfo) < 0) {
16026 nlmsg_free(msg);
16027 return;
16028 }
16029
16030 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16031 NL80211_MCGRP_MLME, gfp);
16032 }
16033 EXPORT_SYMBOL(cfg80211_new_sta);
16034
cfg80211_del_sta_sinfo(struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo,gfp_t gfp)16035 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
16036 struct station_info *sinfo, gfp_t gfp)
16037 {
16038 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16039 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16040 struct sk_buff *msg;
16041 struct station_info empty_sinfo = {};
16042
16043 if (!sinfo)
16044 sinfo = &empty_sinfo;
16045
16046 trace_cfg80211_del_sta(dev, mac_addr);
16047
16048 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16049 if (!msg) {
16050 cfg80211_sinfo_release_content(sinfo);
16051 return;
16052 }
16053
16054 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
16055 rdev, dev, mac_addr, sinfo) < 0) {
16056 nlmsg_free(msg);
16057 return;
16058 }
16059
16060 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16061 NL80211_MCGRP_MLME, gfp);
16062 }
16063 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
16064
cfg80211_conn_failed(struct net_device * dev,const u8 * mac_addr,enum nl80211_connect_failed_reason reason,gfp_t gfp)16065 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
16066 enum nl80211_connect_failed_reason reason,
16067 gfp_t gfp)
16068 {
16069 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16070 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16071 struct sk_buff *msg;
16072 void *hdr;
16073
16074 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
16075 if (!msg)
16076 return;
16077
16078 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
16079 if (!hdr) {
16080 nlmsg_free(msg);
16081 return;
16082 }
16083
16084 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16085 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
16086 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
16087 goto nla_put_failure;
16088
16089 genlmsg_end(msg, hdr);
16090
16091 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16092 NL80211_MCGRP_MLME, gfp);
16093 return;
16094
16095 nla_put_failure:
16096 nlmsg_free(msg);
16097 }
16098 EXPORT_SYMBOL(cfg80211_conn_failed);
16099
__nl80211_unexpected_frame(struct net_device * dev,u8 cmd,const u8 * addr,gfp_t gfp)16100 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
16101 const u8 *addr, gfp_t gfp)
16102 {
16103 struct wireless_dev *wdev = dev->ieee80211_ptr;
16104 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16105 struct sk_buff *msg;
16106 void *hdr;
16107 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
16108
16109 if (!nlportid)
16110 return false;
16111
16112 msg = nlmsg_new(100, gfp);
16113 if (!msg)
16114 return true;
16115
16116 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16117 if (!hdr) {
16118 nlmsg_free(msg);
16119 return true;
16120 }
16121
16122 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16123 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16124 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
16125 goto nla_put_failure;
16126
16127 genlmsg_end(msg, hdr);
16128 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16129 return true;
16130
16131 nla_put_failure:
16132 nlmsg_free(msg);
16133 return true;
16134 }
16135
cfg80211_rx_spurious_frame(struct net_device * dev,const u8 * addr,gfp_t gfp)16136 bool cfg80211_rx_spurious_frame(struct net_device *dev,
16137 const u8 *addr, gfp_t gfp)
16138 {
16139 struct wireless_dev *wdev = dev->ieee80211_ptr;
16140 bool ret;
16141
16142 trace_cfg80211_rx_spurious_frame(dev, addr);
16143
16144 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16145 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
16146 trace_cfg80211_return_bool(false);
16147 return false;
16148 }
16149 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
16150 addr, gfp);
16151 trace_cfg80211_return_bool(ret);
16152 return ret;
16153 }
16154 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
16155
cfg80211_rx_unexpected_4addr_frame(struct net_device * dev,const u8 * addr,gfp_t gfp)16156 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
16157 const u8 *addr, gfp_t gfp)
16158 {
16159 struct wireless_dev *wdev = dev->ieee80211_ptr;
16160 bool ret;
16161
16162 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
16163
16164 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16165 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
16166 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
16167 trace_cfg80211_return_bool(false);
16168 return false;
16169 }
16170 ret = __nl80211_unexpected_frame(dev,
16171 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
16172 addr, gfp);
16173 trace_cfg80211_return_bool(ret);
16174 return ret;
16175 }
16176 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
16177
nl80211_send_mgmt(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 nlportid,int freq,int sig_dbm,const u8 * buf,size_t len,u32 flags,gfp_t gfp)16178 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
16179 struct wireless_dev *wdev, u32 nlportid,
16180 int freq, int sig_dbm,
16181 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
16182 {
16183 struct net_device *netdev = wdev->netdev;
16184 struct sk_buff *msg;
16185 void *hdr;
16186
16187 msg = nlmsg_new(100 + len, gfp);
16188 if (!msg)
16189 return -ENOMEM;
16190
16191 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16192 if (!hdr) {
16193 nlmsg_free(msg);
16194 return -ENOMEM;
16195 }
16196
16197 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16198 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16199 netdev->ifindex)) ||
16200 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16201 NL80211_ATTR_PAD) ||
16202 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
16203 (sig_dbm &&
16204 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16205 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16206 (flags &&
16207 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
16208 goto nla_put_failure;
16209
16210 genlmsg_end(msg, hdr);
16211
16212 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16213
16214 nla_put_failure:
16215 nlmsg_free(msg);
16216 return -ENOBUFS;
16217 }
16218
cfg80211_mgmt_tx_status(struct wireless_dev * wdev,u64 cookie,const u8 * buf,size_t len,bool ack,gfp_t gfp)16219 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
16220 const u8 *buf, size_t len, bool ack, gfp_t gfp)
16221 {
16222 struct wiphy *wiphy = wdev->wiphy;
16223 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16224 struct net_device *netdev = wdev->netdev;
16225 struct sk_buff *msg;
16226 void *hdr;
16227
16228 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
16229
16230 msg = nlmsg_new(100 + len, gfp);
16231 if (!msg)
16232 return;
16233
16234 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
16235 if (!hdr) {
16236 nlmsg_free(msg);
16237 return;
16238 }
16239
16240 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16241 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16242 netdev->ifindex)) ||
16243 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16244 NL80211_ATTR_PAD) ||
16245 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16246 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16247 NL80211_ATTR_PAD) ||
16248 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
16249 goto nla_put_failure;
16250
16251 genlmsg_end(msg, hdr);
16252
16253 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16254 NL80211_MCGRP_MLME, gfp);
16255 return;
16256
16257 nla_put_failure:
16258 nlmsg_free(msg);
16259 }
16260 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
16261
__nl80211_rx_control_port(struct net_device * dev,struct sk_buff * skb,bool unencrypted,gfp_t gfp)16262 static int __nl80211_rx_control_port(struct net_device *dev,
16263 struct sk_buff *skb,
16264 bool unencrypted, gfp_t gfp)
16265 {
16266 struct wireless_dev *wdev = dev->ieee80211_ptr;
16267 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16268 struct ethhdr *ehdr = eth_hdr(skb);
16269 const u8 *addr = ehdr->h_source;
16270 u16 proto = be16_to_cpu(skb->protocol);
16271 struct sk_buff *msg;
16272 void *hdr;
16273 struct nlattr *frame;
16274
16275 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
16276
16277 if (!nlportid)
16278 return -ENOENT;
16279
16280 msg = nlmsg_new(100 + skb->len, gfp);
16281 if (!msg)
16282 return -ENOMEM;
16283
16284 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
16285 if (!hdr) {
16286 nlmsg_free(msg);
16287 return -ENOBUFS;
16288 }
16289
16290 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16291 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16292 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16293 NL80211_ATTR_PAD) ||
16294 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16295 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
16296 (unencrypted && nla_put_flag(msg,
16297 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
16298 goto nla_put_failure;
16299
16300 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
16301 if (!frame)
16302 goto nla_put_failure;
16303
16304 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
16305 genlmsg_end(msg, hdr);
16306
16307 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16308
16309 nla_put_failure:
16310 nlmsg_free(msg);
16311 return -ENOBUFS;
16312 }
16313
cfg80211_rx_control_port(struct net_device * dev,struct sk_buff * skb,bool unencrypted)16314 bool cfg80211_rx_control_port(struct net_device *dev,
16315 struct sk_buff *skb, bool unencrypted)
16316 {
16317 int ret;
16318
16319 trace_cfg80211_rx_control_port(dev, skb, unencrypted);
16320 ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
16321 trace_cfg80211_return_bool(ret == 0);
16322 return ret == 0;
16323 }
16324 EXPORT_SYMBOL(cfg80211_rx_control_port);
16325
cfg80211_prepare_cqm(struct net_device * dev,const char * mac,gfp_t gfp)16326 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
16327 const char *mac, gfp_t gfp)
16328 {
16329 struct wireless_dev *wdev = dev->ieee80211_ptr;
16330 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16331 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16332 void **cb;
16333
16334 if (!msg)
16335 return NULL;
16336
16337 cb = (void **)msg->cb;
16338
16339 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
16340 if (!cb[0]) {
16341 nlmsg_free(msg);
16342 return NULL;
16343 }
16344
16345 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16346 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16347 goto nla_put_failure;
16348
16349 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
16350 goto nla_put_failure;
16351
16352 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
16353 if (!cb[1])
16354 goto nla_put_failure;
16355
16356 cb[2] = rdev;
16357
16358 return msg;
16359 nla_put_failure:
16360 nlmsg_free(msg);
16361 return NULL;
16362 }
16363
cfg80211_send_cqm(struct sk_buff * msg,gfp_t gfp)16364 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
16365 {
16366 void **cb = (void **)msg->cb;
16367 struct cfg80211_registered_device *rdev = cb[2];
16368
16369 nla_nest_end(msg, cb[1]);
16370 genlmsg_end(msg, cb[0]);
16371
16372 memset(msg->cb, 0, sizeof(msg->cb));
16373
16374 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16375 NL80211_MCGRP_MLME, gfp);
16376 }
16377
cfg80211_cqm_rssi_notify(struct net_device * dev,enum nl80211_cqm_rssi_threshold_event rssi_event,s32 rssi_level,gfp_t gfp)16378 void cfg80211_cqm_rssi_notify(struct net_device *dev,
16379 enum nl80211_cqm_rssi_threshold_event rssi_event,
16380 s32 rssi_level, gfp_t gfp)
16381 {
16382 struct sk_buff *msg;
16383 struct wireless_dev *wdev = dev->ieee80211_ptr;
16384 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16385
16386 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
16387
16388 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
16389 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
16390 return;
16391
16392 if (wdev->cqm_config) {
16393 wdev->cqm_config->last_rssi_event_value = rssi_level;
16394
16395 cfg80211_cqm_rssi_update(rdev, dev);
16396
16397 if (rssi_level == 0)
16398 rssi_level = wdev->cqm_config->last_rssi_event_value;
16399 }
16400
16401 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
16402 if (!msg)
16403 return;
16404
16405 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
16406 rssi_event))
16407 goto nla_put_failure;
16408
16409 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
16410 rssi_level))
16411 goto nla_put_failure;
16412
16413 cfg80211_send_cqm(msg, gfp);
16414
16415 return;
16416
16417 nla_put_failure:
16418 nlmsg_free(msg);
16419 }
16420 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
16421
cfg80211_cqm_txe_notify(struct net_device * dev,const u8 * peer,u32 num_packets,u32 rate,u32 intvl,gfp_t gfp)16422 void cfg80211_cqm_txe_notify(struct net_device *dev,
16423 const u8 *peer, u32 num_packets,
16424 u32 rate, u32 intvl, gfp_t gfp)
16425 {
16426 struct sk_buff *msg;
16427
16428 msg = cfg80211_prepare_cqm(dev, peer, gfp);
16429 if (!msg)
16430 return;
16431
16432 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
16433 goto nla_put_failure;
16434
16435 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
16436 goto nla_put_failure;
16437
16438 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
16439 goto nla_put_failure;
16440
16441 cfg80211_send_cqm(msg, gfp);
16442 return;
16443
16444 nla_put_failure:
16445 nlmsg_free(msg);
16446 }
16447 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
16448
cfg80211_cqm_pktloss_notify(struct net_device * dev,const u8 * peer,u32 num_packets,gfp_t gfp)16449 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
16450 const u8 *peer, u32 num_packets, gfp_t gfp)
16451 {
16452 struct sk_buff *msg;
16453
16454 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
16455
16456 msg = cfg80211_prepare_cqm(dev, peer, gfp);
16457 if (!msg)
16458 return;
16459
16460 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
16461 goto nla_put_failure;
16462
16463 cfg80211_send_cqm(msg, gfp);
16464 return;
16465
16466 nla_put_failure:
16467 nlmsg_free(msg);
16468 }
16469 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
16470
cfg80211_cqm_beacon_loss_notify(struct net_device * dev,gfp_t gfp)16471 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
16472 {
16473 struct sk_buff *msg;
16474
16475 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
16476 if (!msg)
16477 return;
16478
16479 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
16480 goto nla_put_failure;
16481
16482 cfg80211_send_cqm(msg, gfp);
16483 return;
16484
16485 nla_put_failure:
16486 nlmsg_free(msg);
16487 }
16488 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
16489
nl80211_gtk_rekey_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)16490 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
16491 struct net_device *netdev, const u8 *bssid,
16492 const u8 *replay_ctr, gfp_t gfp)
16493 {
16494 struct sk_buff *msg;
16495 struct nlattr *rekey_attr;
16496 void *hdr;
16497
16498 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16499 if (!msg)
16500 return;
16501
16502 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
16503 if (!hdr) {
16504 nlmsg_free(msg);
16505 return;
16506 }
16507
16508 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16509 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16510 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16511 goto nla_put_failure;
16512
16513 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
16514 if (!rekey_attr)
16515 goto nla_put_failure;
16516
16517 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
16518 NL80211_REPLAY_CTR_LEN, replay_ctr))
16519 goto nla_put_failure;
16520
16521 nla_nest_end(msg, rekey_attr);
16522
16523 genlmsg_end(msg, hdr);
16524
16525 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16526 NL80211_MCGRP_MLME, gfp);
16527 return;
16528
16529 nla_put_failure:
16530 nlmsg_free(msg);
16531 }
16532
cfg80211_gtk_rekey_notify(struct net_device * dev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)16533 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
16534 const u8 *replay_ctr, gfp_t gfp)
16535 {
16536 struct wireless_dev *wdev = dev->ieee80211_ptr;
16537 struct wiphy *wiphy = wdev->wiphy;
16538 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16539
16540 trace_cfg80211_gtk_rekey_notify(dev, bssid);
16541 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
16542 }
16543 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
16544
16545 static void
nl80211_pmksa_candidate_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,int index,const u8 * bssid,bool preauth,gfp_t gfp)16546 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
16547 struct net_device *netdev, int index,
16548 const u8 *bssid, bool preauth, gfp_t gfp)
16549 {
16550 struct sk_buff *msg;
16551 struct nlattr *attr;
16552 void *hdr;
16553
16554 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16555 if (!msg)
16556 return;
16557
16558 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
16559 if (!hdr) {
16560 nlmsg_free(msg);
16561 return;
16562 }
16563
16564 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16565 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16566 goto nla_put_failure;
16567
16568 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
16569 if (!attr)
16570 goto nla_put_failure;
16571
16572 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
16573 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
16574 (preauth &&
16575 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
16576 goto nla_put_failure;
16577
16578 nla_nest_end(msg, attr);
16579
16580 genlmsg_end(msg, hdr);
16581
16582 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16583 NL80211_MCGRP_MLME, gfp);
16584 return;
16585
16586 nla_put_failure:
16587 nlmsg_free(msg);
16588 }
16589
cfg80211_pmksa_candidate_notify(struct net_device * dev,int index,const u8 * bssid,bool preauth,gfp_t gfp)16590 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
16591 const u8 *bssid, bool preauth, gfp_t gfp)
16592 {
16593 struct wireless_dev *wdev = dev->ieee80211_ptr;
16594 struct wiphy *wiphy = wdev->wiphy;
16595 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16596
16597 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
16598 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
16599 }
16600 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
16601
nl80211_ch_switch_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_chan_def * chandef,gfp_t gfp,enum nl80211_commands notif,u8 count)16602 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
16603 struct net_device *netdev,
16604 struct cfg80211_chan_def *chandef,
16605 gfp_t gfp,
16606 enum nl80211_commands notif,
16607 u8 count)
16608 {
16609 struct sk_buff *msg;
16610 void *hdr;
16611
16612 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16613 if (!msg)
16614 return;
16615
16616 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
16617 if (!hdr) {
16618 nlmsg_free(msg);
16619 return;
16620 }
16621
16622 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16623 goto nla_put_failure;
16624
16625 if (nl80211_send_chandef(msg, chandef))
16626 goto nla_put_failure;
16627
16628 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
16629 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
16630 goto nla_put_failure;
16631
16632 genlmsg_end(msg, hdr);
16633
16634 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16635 NL80211_MCGRP_MLME, gfp);
16636 return;
16637
16638 nla_put_failure:
16639 nlmsg_free(msg);
16640 }
16641
cfg80211_ch_switch_notify(struct net_device * dev,struct cfg80211_chan_def * chandef)16642 void cfg80211_ch_switch_notify(struct net_device *dev,
16643 struct cfg80211_chan_def *chandef)
16644 {
16645 struct wireless_dev *wdev = dev->ieee80211_ptr;
16646 struct wiphy *wiphy = wdev->wiphy;
16647 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16648
16649 ASSERT_WDEV_LOCK(wdev);
16650
16651 trace_cfg80211_ch_switch_notify(dev, chandef);
16652
16653 wdev->chandef = *chandef;
16654 wdev->preset_chandef = *chandef;
16655
16656 if ((wdev->iftype == NL80211_IFTYPE_STATION ||
16657 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
16658 !WARN_ON(!wdev->current_bss))
16659 cfg80211_update_assoc_bss_entry(wdev, chandef->chan);
16660
16661 cfg80211_sched_dfs_chan_update(rdev);
16662
16663 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16664 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
16665 }
16666 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
16667
cfg80211_ch_switch_started_notify(struct net_device * dev,struct cfg80211_chan_def * chandef,u8 count)16668 void cfg80211_ch_switch_started_notify(struct net_device *dev,
16669 struct cfg80211_chan_def *chandef,
16670 u8 count)
16671 {
16672 struct wireless_dev *wdev = dev->ieee80211_ptr;
16673 struct wiphy *wiphy = wdev->wiphy;
16674 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16675
16676 trace_cfg80211_ch_switch_started_notify(dev, chandef);
16677
16678 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16679 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
16680 }
16681 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
16682
16683 void
nl80211_radar_notify(struct cfg80211_registered_device * rdev,const struct cfg80211_chan_def * chandef,enum nl80211_radar_event event,struct net_device * netdev,gfp_t gfp)16684 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
16685 const struct cfg80211_chan_def *chandef,
16686 enum nl80211_radar_event event,
16687 struct net_device *netdev, gfp_t gfp)
16688 {
16689 struct sk_buff *msg;
16690 void *hdr;
16691
16692 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16693 if (!msg)
16694 return;
16695
16696 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
16697 if (!hdr) {
16698 nlmsg_free(msg);
16699 return;
16700 }
16701
16702 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16703 goto nla_put_failure;
16704
16705 /* NOP and radar events don't need a netdev parameter */
16706 if (netdev) {
16707 struct wireless_dev *wdev = netdev->ieee80211_ptr;
16708
16709 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16710 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16711 NL80211_ATTR_PAD))
16712 goto nla_put_failure;
16713 }
16714
16715 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
16716 goto nla_put_failure;
16717
16718 if (nl80211_send_chandef(msg, chandef))
16719 goto nla_put_failure;
16720
16721 genlmsg_end(msg, hdr);
16722
16723 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16724 NL80211_MCGRP_MLME, gfp);
16725 return;
16726
16727 nla_put_failure:
16728 nlmsg_free(msg);
16729 }
16730
cfg80211_sta_opmode_change_notify(struct net_device * dev,const u8 * mac,struct sta_opmode_info * sta_opmode,gfp_t gfp)16731 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
16732 struct sta_opmode_info *sta_opmode,
16733 gfp_t gfp)
16734 {
16735 struct sk_buff *msg;
16736 struct wireless_dev *wdev = dev->ieee80211_ptr;
16737 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16738 void *hdr;
16739
16740 if (WARN_ON(!mac))
16741 return;
16742
16743 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16744 if (!msg)
16745 return;
16746
16747 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
16748 if (!hdr) {
16749 nlmsg_free(msg);
16750 return;
16751 }
16752
16753 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16754 goto nla_put_failure;
16755
16756 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16757 goto nla_put_failure;
16758
16759 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
16760 goto nla_put_failure;
16761
16762 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
16763 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
16764 goto nla_put_failure;
16765
16766 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
16767 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
16768 goto nla_put_failure;
16769
16770 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
16771 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
16772 goto nla_put_failure;
16773
16774 genlmsg_end(msg, hdr);
16775
16776 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16777 NL80211_MCGRP_MLME, gfp);
16778
16779 return;
16780
16781 nla_put_failure:
16782 nlmsg_free(msg);
16783 }
16784 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
16785
cfg80211_probe_status(struct net_device * dev,const u8 * addr,u64 cookie,bool acked,s32 ack_signal,bool is_valid_ack_signal,gfp_t gfp)16786 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
16787 u64 cookie, bool acked, s32 ack_signal,
16788 bool is_valid_ack_signal, gfp_t gfp)
16789 {
16790 struct wireless_dev *wdev = dev->ieee80211_ptr;
16791 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16792 struct sk_buff *msg;
16793 void *hdr;
16794
16795 trace_cfg80211_probe_status(dev, addr, cookie, acked);
16796
16797 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16798
16799 if (!msg)
16800 return;
16801
16802 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
16803 if (!hdr) {
16804 nlmsg_free(msg);
16805 return;
16806 }
16807
16808 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16809 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16810 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16811 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16812 NL80211_ATTR_PAD) ||
16813 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
16814 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
16815 ack_signal)))
16816 goto nla_put_failure;
16817
16818 genlmsg_end(msg, hdr);
16819
16820 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16821 NL80211_MCGRP_MLME, gfp);
16822 return;
16823
16824 nla_put_failure:
16825 nlmsg_free(msg);
16826 }
16827 EXPORT_SYMBOL(cfg80211_probe_status);
16828
cfg80211_report_obss_beacon(struct wiphy * wiphy,const u8 * frame,size_t len,int freq,int sig_dbm)16829 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
16830 const u8 *frame, size_t len,
16831 int freq, int sig_dbm)
16832 {
16833 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16834 struct sk_buff *msg;
16835 void *hdr;
16836 struct cfg80211_beacon_registration *reg;
16837
16838 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
16839
16840 spin_lock_bh(&rdev->beacon_registrations_lock);
16841 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
16842 msg = nlmsg_new(len + 100, GFP_ATOMIC);
16843 if (!msg) {
16844 spin_unlock_bh(&rdev->beacon_registrations_lock);
16845 return;
16846 }
16847
16848 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16849 if (!hdr)
16850 goto nla_put_failure;
16851
16852 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16853 (freq &&
16854 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
16855 (sig_dbm &&
16856 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16857 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
16858 goto nla_put_failure;
16859
16860 genlmsg_end(msg, hdr);
16861
16862 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
16863 }
16864 spin_unlock_bh(&rdev->beacon_registrations_lock);
16865 return;
16866
16867 nla_put_failure:
16868 spin_unlock_bh(&rdev->beacon_registrations_lock);
16869 nlmsg_free(msg);
16870 }
16871 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
16872
16873 #ifdef CONFIG_PM
cfg80211_net_detect_results(struct sk_buff * msg,struct cfg80211_wowlan_wakeup * wakeup)16874 static int cfg80211_net_detect_results(struct sk_buff *msg,
16875 struct cfg80211_wowlan_wakeup *wakeup)
16876 {
16877 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
16878 struct nlattr *nl_results, *nl_match, *nl_freqs;
16879 int i, j;
16880
16881 nl_results = nla_nest_start_noflag(msg,
16882 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
16883 if (!nl_results)
16884 return -EMSGSIZE;
16885
16886 for (i = 0; i < nd->n_matches; i++) {
16887 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
16888
16889 nl_match = nla_nest_start_noflag(msg, i);
16890 if (!nl_match)
16891 break;
16892
16893 /* The SSID attribute is optional in nl80211, but for
16894 * simplicity reasons it's always present in the
16895 * cfg80211 structure. If a driver can't pass the
16896 * SSID, that needs to be changed. A zero length SSID
16897 * is still a valid SSID (wildcard), so it cannot be
16898 * used for this purpose.
16899 */
16900 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
16901 match->ssid.ssid)) {
16902 nla_nest_cancel(msg, nl_match);
16903 goto out;
16904 }
16905
16906 if (match->n_channels) {
16907 nl_freqs = nla_nest_start_noflag(msg,
16908 NL80211_ATTR_SCAN_FREQUENCIES);
16909 if (!nl_freqs) {
16910 nla_nest_cancel(msg, nl_match);
16911 goto out;
16912 }
16913
16914 for (j = 0; j < match->n_channels; j++) {
16915 if (nla_put_u32(msg, j, match->channels[j])) {
16916 nla_nest_cancel(msg, nl_freqs);
16917 nla_nest_cancel(msg, nl_match);
16918 goto out;
16919 }
16920 }
16921
16922 nla_nest_end(msg, nl_freqs);
16923 }
16924
16925 nla_nest_end(msg, nl_match);
16926 }
16927
16928 out:
16929 nla_nest_end(msg, nl_results);
16930 return 0;
16931 }
16932
cfg80211_report_wowlan_wakeup(struct wireless_dev * wdev,struct cfg80211_wowlan_wakeup * wakeup,gfp_t gfp)16933 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
16934 struct cfg80211_wowlan_wakeup *wakeup,
16935 gfp_t gfp)
16936 {
16937 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16938 struct sk_buff *msg;
16939 void *hdr;
16940 int size = 200;
16941
16942 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
16943
16944 if (wakeup)
16945 size += wakeup->packet_present_len;
16946
16947 msg = nlmsg_new(size, gfp);
16948 if (!msg)
16949 return;
16950
16951 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
16952 if (!hdr)
16953 goto free_msg;
16954
16955 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16956 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16957 NL80211_ATTR_PAD))
16958 goto free_msg;
16959
16960 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16961 wdev->netdev->ifindex))
16962 goto free_msg;
16963
16964 if (wakeup) {
16965 struct nlattr *reasons;
16966
16967 reasons = nla_nest_start_noflag(msg,
16968 NL80211_ATTR_WOWLAN_TRIGGERS);
16969 if (!reasons)
16970 goto free_msg;
16971
16972 if (wakeup->disconnect &&
16973 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
16974 goto free_msg;
16975 if (wakeup->magic_pkt &&
16976 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
16977 goto free_msg;
16978 if (wakeup->gtk_rekey_failure &&
16979 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
16980 goto free_msg;
16981 if (wakeup->eap_identity_req &&
16982 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
16983 goto free_msg;
16984 if (wakeup->four_way_handshake &&
16985 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
16986 goto free_msg;
16987 if (wakeup->rfkill_release &&
16988 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
16989 goto free_msg;
16990
16991 if (wakeup->pattern_idx >= 0 &&
16992 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
16993 wakeup->pattern_idx))
16994 goto free_msg;
16995
16996 if (wakeup->tcp_match &&
16997 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
16998 goto free_msg;
16999
17000 if (wakeup->tcp_connlost &&
17001 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
17002 goto free_msg;
17003
17004 if (wakeup->tcp_nomoretokens &&
17005 nla_put_flag(msg,
17006 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
17007 goto free_msg;
17008
17009 if (wakeup->packet) {
17010 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
17011 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
17012
17013 if (!wakeup->packet_80211) {
17014 pkt_attr =
17015 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
17016 len_attr =
17017 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
17018 }
17019
17020 if (wakeup->packet_len &&
17021 nla_put_u32(msg, len_attr, wakeup->packet_len))
17022 goto free_msg;
17023
17024 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
17025 wakeup->packet))
17026 goto free_msg;
17027 }
17028
17029 if (wakeup->net_detect &&
17030 cfg80211_net_detect_results(msg, wakeup))
17031 goto free_msg;
17032
17033 nla_nest_end(msg, reasons);
17034 }
17035
17036 genlmsg_end(msg, hdr);
17037
17038 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17039 NL80211_MCGRP_MLME, gfp);
17040 return;
17041
17042 free_msg:
17043 nlmsg_free(msg);
17044 }
17045 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
17046 #endif
17047
cfg80211_tdls_oper_request(struct net_device * dev,const u8 * peer,enum nl80211_tdls_operation oper,u16 reason_code,gfp_t gfp)17048 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
17049 enum nl80211_tdls_operation oper,
17050 u16 reason_code, gfp_t gfp)
17051 {
17052 struct wireless_dev *wdev = dev->ieee80211_ptr;
17053 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17054 struct sk_buff *msg;
17055 void *hdr;
17056
17057 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
17058 reason_code);
17059
17060 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17061 if (!msg)
17062 return;
17063
17064 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
17065 if (!hdr) {
17066 nlmsg_free(msg);
17067 return;
17068 }
17069
17070 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17071 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17072 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
17073 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
17074 (reason_code > 0 &&
17075 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
17076 goto nla_put_failure;
17077
17078 genlmsg_end(msg, hdr);
17079
17080 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17081 NL80211_MCGRP_MLME, gfp);
17082 return;
17083
17084 nla_put_failure:
17085 nlmsg_free(msg);
17086 }
17087 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
17088
nl80211_netlink_notify(struct notifier_block * nb,unsigned long state,void * _notify)17089 static int nl80211_netlink_notify(struct notifier_block * nb,
17090 unsigned long state,
17091 void *_notify)
17092 {
17093 struct netlink_notify *notify = _notify;
17094 struct cfg80211_registered_device *rdev;
17095 struct wireless_dev *wdev;
17096 struct cfg80211_beacon_registration *reg, *tmp;
17097
17098 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
17099 return NOTIFY_DONE;
17100
17101 rcu_read_lock();
17102
17103 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
17104 struct cfg80211_sched_scan_request *sched_scan_req;
17105
17106 list_for_each_entry_rcu(sched_scan_req,
17107 &rdev->sched_scan_req_list,
17108 list) {
17109 if (sched_scan_req->owner_nlportid == notify->portid) {
17110 sched_scan_req->nl_owner_dead = true;
17111 schedule_work(&rdev->sched_scan_stop_wk);
17112 }
17113 }
17114
17115 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
17116 cfg80211_mlme_unregister_socket(wdev, notify->portid);
17117
17118 if (wdev->owner_nlportid == notify->portid) {
17119 wdev->nl_owner_dead = true;
17120 schedule_work(&rdev->destroy_work);
17121 } else if (wdev->conn_owner_nlportid == notify->portid) {
17122 schedule_work(&wdev->disconnect_wk);
17123 }
17124
17125 cfg80211_release_pmsr(wdev, notify->portid);
17126 }
17127
17128 spin_lock_bh(&rdev->beacon_registrations_lock);
17129 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
17130 list) {
17131 if (reg->nlportid == notify->portid) {
17132 list_del(®->list);
17133 kfree(reg);
17134 break;
17135 }
17136 }
17137 spin_unlock_bh(&rdev->beacon_registrations_lock);
17138 }
17139
17140 rcu_read_unlock();
17141
17142 /*
17143 * It is possible that the user space process that is controlling the
17144 * indoor setting disappeared, so notify the regulatory core.
17145 */
17146 regulatory_netlink_notify(notify->portid);
17147 return NOTIFY_OK;
17148 }
17149
17150 static struct notifier_block nl80211_netlink_notifier = {
17151 .notifier_call = nl80211_netlink_notify,
17152 };
17153
cfg80211_ft_event(struct net_device * netdev,struct cfg80211_ft_event_params * ft_event)17154 void cfg80211_ft_event(struct net_device *netdev,
17155 struct cfg80211_ft_event_params *ft_event)
17156 {
17157 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
17158 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17159 struct sk_buff *msg;
17160 void *hdr;
17161
17162 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
17163
17164 if (!ft_event->target_ap)
17165 return;
17166
17167 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
17168 GFP_KERNEL);
17169 if (!msg)
17170 return;
17171
17172 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
17173 if (!hdr)
17174 goto out;
17175
17176 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17177 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17178 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
17179 goto out;
17180
17181 if (ft_event->ies &&
17182 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
17183 goto out;
17184 if (ft_event->ric_ies &&
17185 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
17186 ft_event->ric_ies))
17187 goto out;
17188
17189 genlmsg_end(msg, hdr);
17190
17191 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17192 NL80211_MCGRP_MLME, GFP_KERNEL);
17193 return;
17194 out:
17195 nlmsg_free(msg);
17196 }
17197 EXPORT_SYMBOL(cfg80211_ft_event);
17198
cfg80211_crit_proto_stopped(struct wireless_dev * wdev,gfp_t gfp)17199 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
17200 {
17201 struct cfg80211_registered_device *rdev;
17202 struct sk_buff *msg;
17203 void *hdr;
17204 u32 nlportid;
17205
17206 rdev = wiphy_to_rdev(wdev->wiphy);
17207 if (!rdev->crit_proto_nlportid)
17208 return;
17209
17210 nlportid = rdev->crit_proto_nlportid;
17211 rdev->crit_proto_nlportid = 0;
17212
17213 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17214 if (!msg)
17215 return;
17216
17217 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
17218 if (!hdr)
17219 goto nla_put_failure;
17220
17221 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17222 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17223 NL80211_ATTR_PAD))
17224 goto nla_put_failure;
17225
17226 genlmsg_end(msg, hdr);
17227
17228 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
17229 return;
17230
17231 nla_put_failure:
17232 nlmsg_free(msg);
17233 }
17234 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
17235
nl80211_send_ap_stopped(struct wireless_dev * wdev)17236 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
17237 {
17238 struct wiphy *wiphy = wdev->wiphy;
17239 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17240 struct sk_buff *msg;
17241 void *hdr;
17242
17243 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17244 if (!msg)
17245 return;
17246
17247 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
17248 if (!hdr)
17249 goto out;
17250
17251 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17252 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
17253 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17254 NL80211_ATTR_PAD))
17255 goto out;
17256
17257 genlmsg_end(msg, hdr);
17258
17259 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
17260 NL80211_MCGRP_MLME, GFP_KERNEL);
17261 return;
17262 out:
17263 nlmsg_free(msg);
17264 }
17265
cfg80211_external_auth_request(struct net_device * dev,struct cfg80211_external_auth_params * params,gfp_t gfp)17266 int cfg80211_external_auth_request(struct net_device *dev,
17267 struct cfg80211_external_auth_params *params,
17268 gfp_t gfp)
17269 {
17270 struct wireless_dev *wdev = dev->ieee80211_ptr;
17271 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17272 struct sk_buff *msg;
17273 void *hdr;
17274
17275 if (!wdev->conn_owner_nlportid)
17276 return -EINVAL;
17277
17278 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17279 if (!msg)
17280 return -ENOMEM;
17281
17282 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
17283 if (!hdr)
17284 goto nla_put_failure;
17285
17286 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17287 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17288 nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
17289 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
17290 params->action) ||
17291 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
17292 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
17293 params->ssid.ssid))
17294 goto nla_put_failure;
17295
17296 genlmsg_end(msg, hdr);
17297 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
17298 wdev->conn_owner_nlportid);
17299 return 0;
17300
17301 nla_put_failure:
17302 nlmsg_free(msg);
17303 return -ENOBUFS;
17304 }
17305 EXPORT_SYMBOL(cfg80211_external_auth_request);
17306
cfg80211_update_owe_info_event(struct net_device * netdev,struct cfg80211_update_owe_info * owe_info,gfp_t gfp)17307 void cfg80211_update_owe_info_event(struct net_device *netdev,
17308 struct cfg80211_update_owe_info *owe_info,
17309 gfp_t gfp)
17310 {
17311 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
17312 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17313 struct sk_buff *msg;
17314 void *hdr;
17315
17316 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
17317
17318 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17319 if (!msg)
17320 return;
17321
17322 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
17323 if (!hdr)
17324 goto nla_put_failure;
17325
17326 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17327 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17328 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
17329 goto nla_put_failure;
17330
17331 if (!owe_info->ie_len ||
17332 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
17333 goto nla_put_failure;
17334
17335 genlmsg_end(msg, hdr);
17336
17337 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17338 NL80211_MCGRP_MLME, gfp);
17339 return;
17340
17341 nla_put_failure:
17342 genlmsg_cancel(msg, hdr);
17343 nlmsg_free(msg);
17344 }
17345 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
17346
17347 /* initialisation/exit functions */
17348
nl80211_init(void)17349 int __init nl80211_init(void)
17350 {
17351 int err;
17352
17353 err = genl_register_family(&nl80211_fam);
17354 if (err)
17355 return err;
17356
17357 err = netlink_register_notifier(&nl80211_netlink_notifier);
17358 if (err)
17359 goto err_out;
17360
17361 return 0;
17362 err_out:
17363 genl_unregister_family(&nl80211_fam);
17364 return err;
17365 }
17366
nl80211_exit(void)17367 void nl80211_exit(void)
17368 {
17369 netlink_unregister_notifier(&nl80211_netlink_notifier);
17370 genl_unregister_family(&nl80211_fam);
17371 }
17372