1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include "core.h" 23 #include "nl80211.h" 24 #include "reg.h" 25 26 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type); 27 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 28 struct genl_info *info, 29 struct cfg80211_crypto_settings *settings, 30 int cipher_limit); 31 32 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 33 struct genl_info *info); 34 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 35 struct genl_info *info); 36 37 /* the netlink family */ 38 static struct genl_family nl80211_fam = { 39 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 40 .name = "nl80211", /* have users key off the name instead */ 41 .hdrsize = 0, /* no private header */ 42 .version = 1, /* no particular meaning now */ 43 .maxattr = NL80211_ATTR_MAX, 44 .netnsok = true, 45 .pre_doit = nl80211_pre_doit, 46 .post_doit = nl80211_post_doit, 47 }; 48 49 /* returns ERR_PTR values */ 50 static struct wireless_dev * 51 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs) 52 { 53 struct cfg80211_registered_device *rdev; 54 struct wireless_dev *result = NULL; 55 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX]; 56 bool have_wdev_id = attrs[NL80211_ATTR_WDEV]; 57 u64 wdev_id; 58 int wiphy_idx = -1; 59 int ifidx = -1; 60 61 assert_cfg80211_lock(); 62 63 if (!have_ifidx && !have_wdev_id) 64 return ERR_PTR(-EINVAL); 65 66 if (have_ifidx) 67 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 68 if (have_wdev_id) { 69 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 70 wiphy_idx = wdev_id >> 32; 71 } 72 73 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 74 struct wireless_dev *wdev; 75 76 if (wiphy_net(&rdev->wiphy) != netns) 77 continue; 78 79 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx) 80 continue; 81 82 mutex_lock(&rdev->devlist_mtx); 83 list_for_each_entry(wdev, &rdev->wdev_list, list) { 84 if (have_ifidx && wdev->netdev && 85 wdev->netdev->ifindex == ifidx) { 86 result = wdev; 87 break; 88 } 89 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 90 result = wdev; 91 break; 92 } 93 } 94 mutex_unlock(&rdev->devlist_mtx); 95 96 if (result) 97 break; 98 } 99 100 if (result) 101 return result; 102 return ERR_PTR(-ENODEV); 103 } 104 105 static struct cfg80211_registered_device * 106 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs) 107 { 108 struct cfg80211_registered_device *rdev = NULL, *tmp; 109 struct net_device *netdev; 110 111 assert_cfg80211_lock(); 112 113 if (!attrs[NL80211_ATTR_WIPHY] && 114 !attrs[NL80211_ATTR_IFINDEX] && 115 !attrs[NL80211_ATTR_WDEV]) 116 return ERR_PTR(-EINVAL); 117 118 if (attrs[NL80211_ATTR_WIPHY]) 119 rdev = cfg80211_rdev_by_wiphy_idx( 120 nla_get_u32(attrs[NL80211_ATTR_WIPHY])); 121 122 if (attrs[NL80211_ATTR_WDEV]) { 123 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 124 struct wireless_dev *wdev; 125 bool found = false; 126 127 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32); 128 if (tmp) { 129 /* make sure wdev exists */ 130 mutex_lock(&tmp->devlist_mtx); 131 list_for_each_entry(wdev, &tmp->wdev_list, list) { 132 if (wdev->identifier != (u32)wdev_id) 133 continue; 134 found = true; 135 break; 136 } 137 mutex_unlock(&tmp->devlist_mtx); 138 139 if (!found) 140 tmp = NULL; 141 142 if (rdev && tmp != rdev) 143 return ERR_PTR(-EINVAL); 144 rdev = tmp; 145 } 146 } 147 148 if (attrs[NL80211_ATTR_IFINDEX]) { 149 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 150 netdev = dev_get_by_index(netns, ifindex); 151 if (netdev) { 152 if (netdev->ieee80211_ptr) 153 tmp = wiphy_to_dev( 154 netdev->ieee80211_ptr->wiphy); 155 else 156 tmp = NULL; 157 158 dev_put(netdev); 159 160 /* not wireless device -- return error */ 161 if (!tmp) 162 return ERR_PTR(-EINVAL); 163 164 /* mismatch -- return error */ 165 if (rdev && tmp != rdev) 166 return ERR_PTR(-EINVAL); 167 168 rdev = tmp; 169 } 170 } 171 172 if (!rdev) 173 return ERR_PTR(-ENODEV); 174 175 if (netns != wiphy_net(&rdev->wiphy)) 176 return ERR_PTR(-ENODEV); 177 178 return rdev; 179 } 180 181 /* 182 * This function returns a pointer to the driver 183 * that the genl_info item that is passed refers to. 184 * If successful, it returns non-NULL and also locks 185 * the driver's mutex! 186 * 187 * This means that you need to call cfg80211_unlock_rdev() 188 * before being allowed to acquire &cfg80211_mutex! 189 * 190 * This is necessary because we need to lock the global 191 * mutex to get an item off the list safely, and then 192 * we lock the rdev mutex so it doesn't go away under us. 193 * 194 * We don't want to keep cfg80211_mutex locked 195 * for all the time in order to allow requests on 196 * other interfaces to go through at the same time. 197 * 198 * The result of this can be a PTR_ERR and hence must 199 * be checked with IS_ERR() for errors. 200 */ 201 static struct cfg80211_registered_device * 202 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info) 203 { 204 struct cfg80211_registered_device *rdev; 205 206 mutex_lock(&cfg80211_mutex); 207 rdev = __cfg80211_rdev_from_attrs(netns, info->attrs); 208 209 /* if it is not an error we grab the lock on 210 * it to assure it won't be going away while 211 * we operate on it */ 212 if (!IS_ERR(rdev)) 213 mutex_lock(&rdev->mtx); 214 215 mutex_unlock(&cfg80211_mutex); 216 217 return rdev; 218 } 219 220 /* policy for the attributes */ 221 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 222 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 223 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 224 .len = 20-1 }, 225 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 226 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 227 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 228 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 229 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 230 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 231 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 232 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 233 234 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 235 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 236 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 237 238 [NL80211_ATTR_MAC] = { .len = ETH_ALEN }, 239 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN }, 240 241 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 242 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 243 .len = WLAN_MAX_KEY_LEN }, 244 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 245 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 246 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 247 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 248 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 }, 249 250 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 251 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 252 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 253 .len = IEEE80211_MAX_DATA_LEN }, 254 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 255 .len = IEEE80211_MAX_DATA_LEN }, 256 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 257 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 258 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 259 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 260 .len = NL80211_MAX_SUPP_RATES }, 261 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 262 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 263 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 264 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 265 .len = IEEE80211_MAX_MESH_ID_LEN }, 266 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 267 268 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 269 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 270 271 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 272 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 273 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 274 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 275 .len = NL80211_MAX_SUPP_RATES }, 276 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 277 278 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 279 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 280 281 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN }, 282 283 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 284 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 285 .len = IEEE80211_MAX_DATA_LEN }, 286 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 287 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 288 289 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 290 .len = IEEE80211_MAX_SSID_LEN }, 291 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 292 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 293 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 294 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 295 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 296 [NL80211_ATTR_STA_FLAGS2] = { 297 .len = sizeof(struct nl80211_sta_flag_update), 298 }, 299 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 300 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 301 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 302 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 303 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 304 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 305 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 306 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 307 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 308 .len = WLAN_PMKID_LEN }, 309 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 310 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 311 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 312 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 313 .len = IEEE80211_MAX_DATA_LEN }, 314 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 315 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 316 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 317 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 318 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 319 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 320 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 321 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 322 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 323 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 324 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 325 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 326 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 327 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 328 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, 329 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 330 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 331 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 332 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 }, 333 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY, 334 .len = IEEE80211_MAX_DATA_LEN }, 335 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY, 336 .len = IEEE80211_MAX_DATA_LEN }, 337 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 338 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 339 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 340 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 341 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 342 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 343 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 344 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 345 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 346 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 347 .len = IEEE80211_MAX_DATA_LEN }, 348 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 349 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 350 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 351 .len = NL80211_HT_CAPABILITY_LEN 352 }, 353 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 354 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 355 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 356 [NL80211_ATTR_WDEV] = { .type = NLA_U64 }, 357 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 }, 358 }; 359 360 /* policy for the key attributes */ 361 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 362 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 363 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 364 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 365 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 366 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 367 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 368 [NL80211_KEY_TYPE] = { .type = NLA_U32 }, 369 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 370 }; 371 372 /* policy for the key default flags */ 373 static const struct nla_policy 374 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 375 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 376 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 377 }; 378 379 /* policy for WoWLAN attributes */ 380 static const struct nla_policy 381 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 382 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 383 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 384 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 385 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 386 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 387 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 388 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 389 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 390 }; 391 392 /* policy for GTK rekey offload attributes */ 393 static const struct nla_policy 394 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 395 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN }, 396 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN }, 397 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN }, 398 }; 399 400 static const struct nla_policy 401 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 402 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY, 403 .len = IEEE80211_MAX_SSID_LEN }, 404 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 }, 405 }; 406 407 /* ifidx get helper */ 408 static int nl80211_get_ifidx(struct netlink_callback *cb) 409 { 410 int res; 411 412 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 413 nl80211_fam.attrbuf, nl80211_fam.maxattr, 414 nl80211_policy); 415 if (res) 416 return res; 417 418 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 419 return -EINVAL; 420 421 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 422 if (!res) 423 return -EINVAL; 424 return res; 425 } 426 427 static int nl80211_prepare_netdev_dump(struct sk_buff *skb, 428 struct netlink_callback *cb, 429 struct cfg80211_registered_device **rdev, 430 struct net_device **dev) 431 { 432 int ifidx = cb->args[0]; 433 int err; 434 435 if (!ifidx) 436 ifidx = nl80211_get_ifidx(cb); 437 if (ifidx < 0) 438 return ifidx; 439 440 cb->args[0] = ifidx; 441 442 rtnl_lock(); 443 444 *dev = __dev_get_by_index(sock_net(skb->sk), ifidx); 445 if (!*dev) { 446 err = -ENODEV; 447 goto out_rtnl; 448 } 449 450 *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 451 if (IS_ERR(*rdev)) { 452 err = PTR_ERR(*rdev); 453 goto out_rtnl; 454 } 455 456 return 0; 457 out_rtnl: 458 rtnl_unlock(); 459 return err; 460 } 461 462 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev) 463 { 464 cfg80211_unlock_rdev(rdev); 465 rtnl_unlock(); 466 } 467 468 /* IE validation */ 469 static bool is_valid_ie_attr(const struct nlattr *attr) 470 { 471 const u8 *pos; 472 int len; 473 474 if (!attr) 475 return true; 476 477 pos = nla_data(attr); 478 len = nla_len(attr); 479 480 while (len) { 481 u8 elemlen; 482 483 if (len < 2) 484 return false; 485 len -= 2; 486 487 elemlen = pos[1]; 488 if (elemlen > len) 489 return false; 490 491 len -= elemlen; 492 pos += 2 + elemlen; 493 } 494 495 return true; 496 } 497 498 /* message building helper */ 499 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq, 500 int flags, u8 cmd) 501 { 502 /* since there is no private header just add the generic one */ 503 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd); 504 } 505 506 static int nl80211_msg_put_channel(struct sk_buff *msg, 507 struct ieee80211_channel *chan) 508 { 509 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ, 510 chan->center_freq)) 511 goto nla_put_failure; 512 513 if ((chan->flags & IEEE80211_CHAN_DISABLED) && 514 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) 515 goto nla_put_failure; 516 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) && 517 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN)) 518 goto nla_put_failure; 519 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) && 520 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS)) 521 goto nla_put_failure; 522 if ((chan->flags & IEEE80211_CHAN_RADAR) && 523 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 524 goto nla_put_failure; 525 526 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 527 DBM_TO_MBM(chan->max_power))) 528 goto nla_put_failure; 529 530 return 0; 531 532 nla_put_failure: 533 return -ENOBUFS; 534 } 535 536 /* netlink command implementations */ 537 538 struct key_parse { 539 struct key_params p; 540 int idx; 541 int type; 542 bool def, defmgmt; 543 bool def_uni, def_multi; 544 }; 545 546 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 547 { 548 struct nlattr *tb[NL80211_KEY_MAX + 1]; 549 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 550 nl80211_key_policy); 551 if (err) 552 return err; 553 554 k->def = !!tb[NL80211_KEY_DEFAULT]; 555 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 556 557 if (k->def) { 558 k->def_uni = true; 559 k->def_multi = true; 560 } 561 if (k->defmgmt) 562 k->def_multi = true; 563 564 if (tb[NL80211_KEY_IDX]) 565 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 566 567 if (tb[NL80211_KEY_DATA]) { 568 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 569 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 570 } 571 572 if (tb[NL80211_KEY_SEQ]) { 573 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 574 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 575 } 576 577 if (tb[NL80211_KEY_CIPHER]) 578 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 579 580 if (tb[NL80211_KEY_TYPE]) { 581 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 582 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 583 return -EINVAL; 584 } 585 586 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 587 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 588 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 589 tb[NL80211_KEY_DEFAULT_TYPES], 590 nl80211_key_default_policy); 591 if (err) 592 return err; 593 594 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 595 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 596 } 597 598 return 0; 599 } 600 601 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 602 { 603 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 604 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 605 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 606 } 607 608 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 609 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 610 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 611 } 612 613 if (info->attrs[NL80211_ATTR_KEY_IDX]) 614 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 615 616 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 617 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 618 619 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 620 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 621 622 if (k->def) { 623 k->def_uni = true; 624 k->def_multi = true; 625 } 626 if (k->defmgmt) 627 k->def_multi = true; 628 629 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 630 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 631 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 632 return -EINVAL; 633 } 634 635 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 636 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 637 int err = nla_parse_nested( 638 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 639 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 640 nl80211_key_default_policy); 641 if (err) 642 return err; 643 644 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 645 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 646 } 647 648 return 0; 649 } 650 651 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 652 { 653 int err; 654 655 memset(k, 0, sizeof(*k)); 656 k->idx = -1; 657 k->type = -1; 658 659 if (info->attrs[NL80211_ATTR_KEY]) 660 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 661 else 662 err = nl80211_parse_key_old(info, k); 663 664 if (err) 665 return err; 666 667 if (k->def && k->defmgmt) 668 return -EINVAL; 669 670 if (k->defmgmt) { 671 if (k->def_uni || !k->def_multi) 672 return -EINVAL; 673 } 674 675 if (k->idx != -1) { 676 if (k->defmgmt) { 677 if (k->idx < 4 || k->idx > 5) 678 return -EINVAL; 679 } else if (k->def) { 680 if (k->idx < 0 || k->idx > 3) 681 return -EINVAL; 682 } else { 683 if (k->idx < 0 || k->idx > 5) 684 return -EINVAL; 685 } 686 } 687 688 return 0; 689 } 690 691 static struct cfg80211_cached_keys * 692 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 693 struct nlattr *keys) 694 { 695 struct key_parse parse; 696 struct nlattr *key; 697 struct cfg80211_cached_keys *result; 698 int rem, err, def = 0; 699 700 result = kzalloc(sizeof(*result), GFP_KERNEL); 701 if (!result) 702 return ERR_PTR(-ENOMEM); 703 704 result->def = -1; 705 result->defmgmt = -1; 706 707 nla_for_each_nested(key, keys, rem) { 708 memset(&parse, 0, sizeof(parse)); 709 parse.idx = -1; 710 711 err = nl80211_parse_key_new(key, &parse); 712 if (err) 713 goto error; 714 err = -EINVAL; 715 if (!parse.p.key) 716 goto error; 717 if (parse.idx < 0 || parse.idx > 4) 718 goto error; 719 if (parse.def) { 720 if (def) 721 goto error; 722 def = 1; 723 result->def = parse.idx; 724 if (!parse.def_uni || !parse.def_multi) 725 goto error; 726 } else if (parse.defmgmt) 727 goto error; 728 err = cfg80211_validate_key_settings(rdev, &parse.p, 729 parse.idx, false, NULL); 730 if (err) 731 goto error; 732 result->params[parse.idx].cipher = parse.p.cipher; 733 result->params[parse.idx].key_len = parse.p.key_len; 734 result->params[parse.idx].key = result->data[parse.idx]; 735 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 736 } 737 738 return result; 739 error: 740 kfree(result); 741 return ERR_PTR(err); 742 } 743 744 static int nl80211_key_allowed(struct wireless_dev *wdev) 745 { 746 ASSERT_WDEV_LOCK(wdev); 747 748 switch (wdev->iftype) { 749 case NL80211_IFTYPE_AP: 750 case NL80211_IFTYPE_AP_VLAN: 751 case NL80211_IFTYPE_P2P_GO: 752 case NL80211_IFTYPE_MESH_POINT: 753 break; 754 case NL80211_IFTYPE_ADHOC: 755 if (!wdev->current_bss) 756 return -ENOLINK; 757 break; 758 case NL80211_IFTYPE_STATION: 759 case NL80211_IFTYPE_P2P_CLIENT: 760 if (wdev->sme_state != CFG80211_SME_CONNECTED) 761 return -ENOLINK; 762 break; 763 default: 764 return -EINVAL; 765 } 766 767 return 0; 768 } 769 770 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 771 { 772 struct nlattr *nl_modes = nla_nest_start(msg, attr); 773 int i; 774 775 if (!nl_modes) 776 goto nla_put_failure; 777 778 i = 0; 779 while (ifmodes) { 780 if ((ifmodes & 1) && nla_put_flag(msg, i)) 781 goto nla_put_failure; 782 ifmodes >>= 1; 783 i++; 784 } 785 786 nla_nest_end(msg, nl_modes); 787 return 0; 788 789 nla_put_failure: 790 return -ENOBUFS; 791 } 792 793 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 794 struct sk_buff *msg) 795 { 796 struct nlattr *nl_combis; 797 int i, j; 798 799 nl_combis = nla_nest_start(msg, 800 NL80211_ATTR_INTERFACE_COMBINATIONS); 801 if (!nl_combis) 802 goto nla_put_failure; 803 804 for (i = 0; i < wiphy->n_iface_combinations; i++) { 805 const struct ieee80211_iface_combination *c; 806 struct nlattr *nl_combi, *nl_limits; 807 808 c = &wiphy->iface_combinations[i]; 809 810 nl_combi = nla_nest_start(msg, i + 1); 811 if (!nl_combi) 812 goto nla_put_failure; 813 814 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS); 815 if (!nl_limits) 816 goto nla_put_failure; 817 818 for (j = 0; j < c->n_limits; j++) { 819 struct nlattr *nl_limit; 820 821 nl_limit = nla_nest_start(msg, j + 1); 822 if (!nl_limit) 823 goto nla_put_failure; 824 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, 825 c->limits[j].max)) 826 goto nla_put_failure; 827 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 828 c->limits[j].types)) 829 goto nla_put_failure; 830 nla_nest_end(msg, nl_limit); 831 } 832 833 nla_nest_end(msg, nl_limits); 834 835 if (c->beacon_int_infra_match && 836 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH)) 837 goto nla_put_failure; 838 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 839 c->num_different_channels) || 840 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM, 841 c->max_interfaces)) 842 goto nla_put_failure; 843 844 nla_nest_end(msg, nl_combi); 845 } 846 847 nla_nest_end(msg, nl_combis); 848 849 return 0; 850 nla_put_failure: 851 return -ENOBUFS; 852 } 853 854 static int nl80211_send_wiphy(struct sk_buff *msg, u32 portid, u32 seq, int flags, 855 struct cfg80211_registered_device *dev) 856 { 857 void *hdr; 858 struct nlattr *nl_bands, *nl_band; 859 struct nlattr *nl_freqs, *nl_freq; 860 struct nlattr *nl_rates, *nl_rate; 861 struct nlattr *nl_cmds; 862 enum ieee80211_band band; 863 struct ieee80211_channel *chan; 864 struct ieee80211_rate *rate; 865 int i; 866 const struct ieee80211_txrx_stypes *mgmt_stypes = 867 dev->wiphy.mgmt_stypes; 868 869 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY); 870 if (!hdr) 871 return -1; 872 873 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) || 874 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) || 875 nla_put_u32(msg, NL80211_ATTR_GENERATION, 876 cfg80211_rdev_list_generation) || 877 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 878 dev->wiphy.retry_short) || 879 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 880 dev->wiphy.retry_long) || 881 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 882 dev->wiphy.frag_threshold) || 883 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 884 dev->wiphy.rts_threshold) || 885 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 886 dev->wiphy.coverage_class) || 887 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 888 dev->wiphy.max_scan_ssids) || 889 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 890 dev->wiphy.max_sched_scan_ssids) || 891 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 892 dev->wiphy.max_scan_ie_len) || 893 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 894 dev->wiphy.max_sched_scan_ie_len) || 895 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS, 896 dev->wiphy.max_match_sets)) 897 goto nla_put_failure; 898 899 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) && 900 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN)) 901 goto nla_put_failure; 902 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) && 903 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH)) 904 goto nla_put_failure; 905 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 906 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD)) 907 goto nla_put_failure; 908 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) && 909 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT)) 910 goto nla_put_failure; 911 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) && 912 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT)) 913 goto nla_put_failure; 914 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) && 915 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) 916 goto nla_put_failure; 917 918 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES, 919 sizeof(u32) * dev->wiphy.n_cipher_suites, 920 dev->wiphy.cipher_suites)) 921 goto nla_put_failure; 922 923 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 924 dev->wiphy.max_num_pmkids)) 925 goto nla_put_failure; 926 927 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 928 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE)) 929 goto nla_put_failure; 930 931 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 932 dev->wiphy.available_antennas_tx) || 933 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 934 dev->wiphy.available_antennas_rx)) 935 goto nla_put_failure; 936 937 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) && 938 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 939 dev->wiphy.probe_resp_offload)) 940 goto nla_put_failure; 941 942 if ((dev->wiphy.available_antennas_tx || 943 dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) { 944 u32 tx_ant = 0, rx_ant = 0; 945 int res; 946 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant); 947 if (!res) { 948 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, 949 tx_ant) || 950 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, 951 rx_ant)) 952 goto nla_put_failure; 953 } 954 } 955 956 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 957 dev->wiphy.interface_modes)) 958 goto nla_put_failure; 959 960 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 961 if (!nl_bands) 962 goto nla_put_failure; 963 964 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 965 if (!dev->wiphy.bands[band]) 966 continue; 967 968 nl_band = nla_nest_start(msg, band); 969 if (!nl_band) 970 goto nla_put_failure; 971 972 /* add HT info */ 973 if (dev->wiphy.bands[band]->ht_cap.ht_supported && 974 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET, 975 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 976 &dev->wiphy.bands[band]->ht_cap.mcs) || 977 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA, 978 dev->wiphy.bands[band]->ht_cap.cap) || 979 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 980 dev->wiphy.bands[band]->ht_cap.ampdu_factor) || 981 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 982 dev->wiphy.bands[band]->ht_cap.ampdu_density))) 983 goto nla_put_failure; 984 985 /* add VHT info */ 986 if (dev->wiphy.bands[band]->vht_cap.vht_supported && 987 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET, 988 sizeof(dev->wiphy.bands[band]->vht_cap.vht_mcs), 989 &dev->wiphy.bands[band]->vht_cap.vht_mcs) || 990 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA, 991 dev->wiphy.bands[band]->vht_cap.cap))) 992 goto nla_put_failure; 993 994 /* add frequencies */ 995 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 996 if (!nl_freqs) 997 goto nla_put_failure; 998 999 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 1000 nl_freq = nla_nest_start(msg, i); 1001 if (!nl_freq) 1002 goto nla_put_failure; 1003 1004 chan = &dev->wiphy.bands[band]->channels[i]; 1005 1006 if (nl80211_msg_put_channel(msg, chan)) 1007 goto nla_put_failure; 1008 1009 nla_nest_end(msg, nl_freq); 1010 } 1011 1012 nla_nest_end(msg, nl_freqs); 1013 1014 /* add bitrates */ 1015 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 1016 if (!nl_rates) 1017 goto nla_put_failure; 1018 1019 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 1020 nl_rate = nla_nest_start(msg, i); 1021 if (!nl_rate) 1022 goto nla_put_failure; 1023 1024 rate = &dev->wiphy.bands[band]->bitrates[i]; 1025 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE, 1026 rate->bitrate)) 1027 goto nla_put_failure; 1028 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) && 1029 nla_put_flag(msg, 1030 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE)) 1031 goto nla_put_failure; 1032 1033 nla_nest_end(msg, nl_rate); 1034 } 1035 1036 nla_nest_end(msg, nl_rates); 1037 1038 nla_nest_end(msg, nl_band); 1039 } 1040 nla_nest_end(msg, nl_bands); 1041 1042 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 1043 if (!nl_cmds) 1044 goto nla_put_failure; 1045 1046 i = 0; 1047 #define CMD(op, n) \ 1048 do { \ 1049 if (dev->ops->op) { \ 1050 i++; \ 1051 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \ 1052 goto nla_put_failure; \ 1053 } \ 1054 } while (0) 1055 1056 CMD(add_virtual_intf, NEW_INTERFACE); 1057 CMD(change_virtual_intf, SET_INTERFACE); 1058 CMD(add_key, NEW_KEY); 1059 CMD(start_ap, START_AP); 1060 CMD(add_station, NEW_STATION); 1061 CMD(add_mpath, NEW_MPATH); 1062 CMD(update_mesh_config, SET_MESH_CONFIG); 1063 CMD(change_bss, SET_BSS); 1064 CMD(auth, AUTHENTICATE); 1065 CMD(assoc, ASSOCIATE); 1066 CMD(deauth, DEAUTHENTICATE); 1067 CMD(disassoc, DISASSOCIATE); 1068 CMD(join_ibss, JOIN_IBSS); 1069 CMD(join_mesh, JOIN_MESH); 1070 CMD(set_pmksa, SET_PMKSA); 1071 CMD(del_pmksa, DEL_PMKSA); 1072 CMD(flush_pmksa, FLUSH_PMKSA); 1073 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 1074 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 1075 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 1076 CMD(mgmt_tx, FRAME); 1077 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 1078 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 1079 i++; 1080 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS)) 1081 goto nla_put_failure; 1082 } 1083 if (dev->ops->set_monitor_channel || dev->ops->start_ap || 1084 dev->ops->join_mesh) { 1085 i++; 1086 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL)) 1087 goto nla_put_failure; 1088 } 1089 CMD(set_wds_peer, SET_WDS_PEER); 1090 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 1091 CMD(tdls_mgmt, TDLS_MGMT); 1092 CMD(tdls_oper, TDLS_OPER); 1093 } 1094 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) 1095 CMD(sched_scan_start, START_SCHED_SCAN); 1096 CMD(probe_client, PROBE_CLIENT); 1097 CMD(set_noack_map, SET_NOACK_MAP); 1098 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 1099 i++; 1100 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 1101 goto nla_put_failure; 1102 } 1103 CMD(start_p2p_device, START_P2P_DEVICE); 1104 1105 #ifdef CONFIG_NL80211_TESTMODE 1106 CMD(testmode_cmd, TESTMODE); 1107 #endif 1108 1109 #undef CMD 1110 1111 if (dev->ops->connect || dev->ops->auth) { 1112 i++; 1113 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT)) 1114 goto nla_put_failure; 1115 } 1116 1117 if (dev->ops->disconnect || dev->ops->deauth) { 1118 i++; 1119 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT)) 1120 goto nla_put_failure; 1121 } 1122 1123 nla_nest_end(msg, nl_cmds); 1124 1125 if (dev->ops->remain_on_channel && 1126 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) && 1127 nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 1128 dev->wiphy.max_remain_on_channel_duration)) 1129 goto nla_put_failure; 1130 1131 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) && 1132 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) 1133 goto nla_put_failure; 1134 1135 if (mgmt_stypes) { 1136 u16 stypes; 1137 struct nlattr *nl_ftypes, *nl_ifs; 1138 enum nl80211_iftype ift; 1139 1140 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES); 1141 if (!nl_ifs) 1142 goto nla_put_failure; 1143 1144 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1145 nl_ftypes = nla_nest_start(msg, ift); 1146 if (!nl_ftypes) 1147 goto nla_put_failure; 1148 i = 0; 1149 stypes = mgmt_stypes[ift].tx; 1150 while (stypes) { 1151 if ((stypes & 1) && 1152 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1153 (i << 4) | IEEE80211_FTYPE_MGMT)) 1154 goto nla_put_failure; 1155 stypes >>= 1; 1156 i++; 1157 } 1158 nla_nest_end(msg, nl_ftypes); 1159 } 1160 1161 nla_nest_end(msg, nl_ifs); 1162 1163 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES); 1164 if (!nl_ifs) 1165 goto nla_put_failure; 1166 1167 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1168 nl_ftypes = nla_nest_start(msg, ift); 1169 if (!nl_ftypes) 1170 goto nla_put_failure; 1171 i = 0; 1172 stypes = mgmt_stypes[ift].rx; 1173 while (stypes) { 1174 if ((stypes & 1) && 1175 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1176 (i << 4) | IEEE80211_FTYPE_MGMT)) 1177 goto nla_put_failure; 1178 stypes >>= 1; 1179 i++; 1180 } 1181 nla_nest_end(msg, nl_ftypes); 1182 } 1183 nla_nest_end(msg, nl_ifs); 1184 } 1185 1186 #ifdef CONFIG_PM 1187 if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) { 1188 struct nlattr *nl_wowlan; 1189 1190 nl_wowlan = nla_nest_start(msg, 1191 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 1192 if (!nl_wowlan) 1193 goto nla_put_failure; 1194 1195 if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) && 1196 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 1197 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) && 1198 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 1199 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) && 1200 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 1201 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) && 1202 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) || 1203 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) && 1204 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 1205 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) && 1206 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 1207 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) && 1208 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 1209 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) && 1210 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 1211 goto nla_put_failure; 1212 if (dev->wiphy.wowlan.n_patterns) { 1213 struct nl80211_wowlan_pattern_support pat = { 1214 .max_patterns = dev->wiphy.wowlan.n_patterns, 1215 .min_pattern_len = 1216 dev->wiphy.wowlan.pattern_min_len, 1217 .max_pattern_len = 1218 dev->wiphy.wowlan.pattern_max_len, 1219 }; 1220 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1221 sizeof(pat), &pat)) 1222 goto nla_put_failure; 1223 } 1224 1225 nla_nest_end(msg, nl_wowlan); 1226 } 1227 #endif 1228 1229 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 1230 dev->wiphy.software_iftypes)) 1231 goto nla_put_failure; 1232 1233 if (nl80211_put_iface_combinations(&dev->wiphy, msg)) 1234 goto nla_put_failure; 1235 1236 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) && 1237 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME, 1238 dev->wiphy.ap_sme_capa)) 1239 goto nla_put_failure; 1240 1241 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, 1242 dev->wiphy.features)) 1243 goto nla_put_failure; 1244 1245 if (dev->wiphy.ht_capa_mod_mask && 1246 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 1247 sizeof(*dev->wiphy.ht_capa_mod_mask), 1248 dev->wiphy.ht_capa_mod_mask)) 1249 goto nla_put_failure; 1250 1251 return genlmsg_end(msg, hdr); 1252 1253 nla_put_failure: 1254 genlmsg_cancel(msg, hdr); 1255 return -EMSGSIZE; 1256 } 1257 1258 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 1259 { 1260 int idx = 0; 1261 int start = cb->args[0]; 1262 struct cfg80211_registered_device *dev; 1263 1264 mutex_lock(&cfg80211_mutex); 1265 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 1266 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 1267 continue; 1268 if (++idx <= start) 1269 continue; 1270 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).portid, 1271 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1272 dev) < 0) { 1273 idx--; 1274 break; 1275 } 1276 } 1277 mutex_unlock(&cfg80211_mutex); 1278 1279 cb->args[0] = idx; 1280 1281 return skb->len; 1282 } 1283 1284 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 1285 { 1286 struct sk_buff *msg; 1287 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1288 1289 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1290 if (!msg) 1291 return -ENOMEM; 1292 1293 if (nl80211_send_wiphy(msg, info->snd_portid, info->snd_seq, 0, dev) < 0) { 1294 nlmsg_free(msg); 1295 return -ENOBUFS; 1296 } 1297 1298 return genlmsg_reply(msg, info); 1299 } 1300 1301 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 1302 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 1303 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 1304 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 1305 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 1306 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 1307 }; 1308 1309 static int parse_txq_params(struct nlattr *tb[], 1310 struct ieee80211_txq_params *txq_params) 1311 { 1312 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || 1313 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 1314 !tb[NL80211_TXQ_ATTR_AIFS]) 1315 return -EINVAL; 1316 1317 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); 1318 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 1319 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 1320 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 1321 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 1322 1323 if (txq_params->ac >= NL80211_NUM_ACS) 1324 return -EINVAL; 1325 1326 return 0; 1327 } 1328 1329 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 1330 { 1331 /* 1332 * You can only set the channel explicitly for WDS interfaces, 1333 * all others have their channel managed via their respective 1334 * "establish a connection" command (connect, join, ...) 1335 * 1336 * For AP/GO and mesh mode, the channel can be set with the 1337 * channel userspace API, but is only stored and passed to the 1338 * low-level driver when the AP starts or the mesh is joined. 1339 * This is for backward compatibility, userspace can also give 1340 * the channel in the start-ap or join-mesh commands instead. 1341 * 1342 * Monitors are special as they are normally slaved to 1343 * whatever else is going on, so they have their own special 1344 * operation to set the monitor channel if possible. 1345 */ 1346 return !wdev || 1347 wdev->iftype == NL80211_IFTYPE_AP || 1348 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 1349 wdev->iftype == NL80211_IFTYPE_MONITOR || 1350 wdev->iftype == NL80211_IFTYPE_P2P_GO; 1351 } 1352 1353 static bool nl80211_valid_channel_type(struct genl_info *info, 1354 enum nl80211_channel_type *channel_type) 1355 { 1356 enum nl80211_channel_type tmp; 1357 1358 if (!info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 1359 return false; 1360 1361 tmp = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1362 if (tmp != NL80211_CHAN_NO_HT && 1363 tmp != NL80211_CHAN_HT20 && 1364 tmp != NL80211_CHAN_HT40PLUS && 1365 tmp != NL80211_CHAN_HT40MINUS) 1366 return false; 1367 1368 if (channel_type) 1369 *channel_type = tmp; 1370 1371 return true; 1372 } 1373 1374 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 1375 struct wireless_dev *wdev, 1376 struct genl_info *info) 1377 { 1378 struct ieee80211_channel *channel; 1379 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 1380 u32 freq; 1381 int result; 1382 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR; 1383 1384 if (wdev) 1385 iftype = wdev->iftype; 1386 1387 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 1388 return -EINVAL; 1389 1390 if (!nl80211_can_set_dev_channel(wdev)) 1391 return -EOPNOTSUPP; 1392 1393 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] && 1394 !nl80211_valid_channel_type(info, &channel_type)) 1395 return -EINVAL; 1396 1397 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 1398 1399 mutex_lock(&rdev->devlist_mtx); 1400 switch (iftype) { 1401 case NL80211_IFTYPE_AP: 1402 case NL80211_IFTYPE_P2P_GO: 1403 if (wdev->beacon_interval) { 1404 result = -EBUSY; 1405 break; 1406 } 1407 channel = rdev_freq_to_chan(rdev, freq, channel_type); 1408 if (!channel || !cfg80211_can_beacon_sec_chan(&rdev->wiphy, 1409 channel, 1410 channel_type)) { 1411 result = -EINVAL; 1412 break; 1413 } 1414 wdev->preset_chan = channel; 1415 wdev->preset_chantype = channel_type; 1416 result = 0; 1417 break; 1418 case NL80211_IFTYPE_MESH_POINT: 1419 result = cfg80211_set_mesh_freq(rdev, wdev, freq, channel_type); 1420 break; 1421 case NL80211_IFTYPE_MONITOR: 1422 result = cfg80211_set_monitor_channel(rdev, freq, channel_type); 1423 break; 1424 default: 1425 result = -EINVAL; 1426 } 1427 mutex_unlock(&rdev->devlist_mtx); 1428 1429 return result; 1430 } 1431 1432 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 1433 { 1434 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1435 struct net_device *netdev = info->user_ptr[1]; 1436 1437 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 1438 } 1439 1440 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info) 1441 { 1442 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1443 struct net_device *dev = info->user_ptr[1]; 1444 struct wireless_dev *wdev = dev->ieee80211_ptr; 1445 const u8 *bssid; 1446 1447 if (!info->attrs[NL80211_ATTR_MAC]) 1448 return -EINVAL; 1449 1450 if (netif_running(dev)) 1451 return -EBUSY; 1452 1453 if (!rdev->ops->set_wds_peer) 1454 return -EOPNOTSUPP; 1455 1456 if (wdev->iftype != NL80211_IFTYPE_WDS) 1457 return -EOPNOTSUPP; 1458 1459 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 1460 return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid); 1461 } 1462 1463 1464 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 1465 { 1466 struct cfg80211_registered_device *rdev; 1467 struct net_device *netdev = NULL; 1468 struct wireless_dev *wdev; 1469 int result = 0, rem_txq_params = 0; 1470 struct nlattr *nl_txq_params; 1471 u32 changed; 1472 u8 retry_short = 0, retry_long = 0; 1473 u32 frag_threshold = 0, rts_threshold = 0; 1474 u8 coverage_class = 0; 1475 1476 /* 1477 * Try to find the wiphy and netdev. Normally this 1478 * function shouldn't need the netdev, but this is 1479 * done for backward compatibility -- previously 1480 * setting the channel was done per wiphy, but now 1481 * it is per netdev. Previous userland like hostapd 1482 * also passed a netdev to set_wiphy, so that it is 1483 * possible to let that go to the right netdev! 1484 */ 1485 mutex_lock(&cfg80211_mutex); 1486 1487 if (info->attrs[NL80211_ATTR_IFINDEX]) { 1488 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 1489 1490 netdev = dev_get_by_index(genl_info_net(info), ifindex); 1491 if (netdev && netdev->ieee80211_ptr) { 1492 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 1493 mutex_lock(&rdev->mtx); 1494 } else 1495 netdev = NULL; 1496 } 1497 1498 if (!netdev) { 1499 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info), 1500 info->attrs); 1501 if (IS_ERR(rdev)) { 1502 mutex_unlock(&cfg80211_mutex); 1503 return PTR_ERR(rdev); 1504 } 1505 wdev = NULL; 1506 netdev = NULL; 1507 result = 0; 1508 1509 mutex_lock(&rdev->mtx); 1510 } else if (nl80211_can_set_dev_channel(netdev->ieee80211_ptr)) 1511 wdev = netdev->ieee80211_ptr; 1512 else 1513 wdev = NULL; 1514 1515 /* 1516 * end workaround code, by now the rdev is available 1517 * and locked, and wdev may or may not be NULL. 1518 */ 1519 1520 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 1521 result = cfg80211_dev_rename( 1522 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 1523 1524 mutex_unlock(&cfg80211_mutex); 1525 1526 if (result) 1527 goto bad_res; 1528 1529 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 1530 struct ieee80211_txq_params txq_params; 1531 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 1532 1533 if (!rdev->ops->set_txq_params) { 1534 result = -EOPNOTSUPP; 1535 goto bad_res; 1536 } 1537 1538 if (!netdev) { 1539 result = -EINVAL; 1540 goto bad_res; 1541 } 1542 1543 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 1544 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 1545 result = -EINVAL; 1546 goto bad_res; 1547 } 1548 1549 if (!netif_running(netdev)) { 1550 result = -ENETDOWN; 1551 goto bad_res; 1552 } 1553 1554 nla_for_each_nested(nl_txq_params, 1555 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 1556 rem_txq_params) { 1557 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 1558 nla_data(nl_txq_params), 1559 nla_len(nl_txq_params), 1560 txq_params_policy); 1561 result = parse_txq_params(tb, &txq_params); 1562 if (result) 1563 goto bad_res; 1564 1565 result = rdev->ops->set_txq_params(&rdev->wiphy, 1566 netdev, 1567 &txq_params); 1568 if (result) 1569 goto bad_res; 1570 } 1571 } 1572 1573 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 1574 result = __nl80211_set_channel(rdev, wdev, info); 1575 if (result) 1576 goto bad_res; 1577 } 1578 1579 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 1580 enum nl80211_tx_power_setting type; 1581 int idx, mbm = 0; 1582 1583 if (!rdev->ops->set_tx_power) { 1584 result = -EOPNOTSUPP; 1585 goto bad_res; 1586 } 1587 1588 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 1589 type = nla_get_u32(info->attrs[idx]); 1590 1591 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 1592 (type != NL80211_TX_POWER_AUTOMATIC)) { 1593 result = -EINVAL; 1594 goto bad_res; 1595 } 1596 1597 if (type != NL80211_TX_POWER_AUTOMATIC) { 1598 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 1599 mbm = nla_get_u32(info->attrs[idx]); 1600 } 1601 1602 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm); 1603 if (result) 1604 goto bad_res; 1605 } 1606 1607 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 1608 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 1609 u32 tx_ant, rx_ant; 1610 if ((!rdev->wiphy.available_antennas_tx && 1611 !rdev->wiphy.available_antennas_rx) || 1612 !rdev->ops->set_antenna) { 1613 result = -EOPNOTSUPP; 1614 goto bad_res; 1615 } 1616 1617 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 1618 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 1619 1620 /* reject antenna configurations which don't match the 1621 * available antenna masks, except for the "all" mask */ 1622 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 1623 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) { 1624 result = -EINVAL; 1625 goto bad_res; 1626 } 1627 1628 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 1629 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 1630 1631 result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant); 1632 if (result) 1633 goto bad_res; 1634 } 1635 1636 changed = 0; 1637 1638 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 1639 retry_short = nla_get_u8( 1640 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 1641 if (retry_short == 0) { 1642 result = -EINVAL; 1643 goto bad_res; 1644 } 1645 changed |= WIPHY_PARAM_RETRY_SHORT; 1646 } 1647 1648 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 1649 retry_long = nla_get_u8( 1650 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 1651 if (retry_long == 0) { 1652 result = -EINVAL; 1653 goto bad_res; 1654 } 1655 changed |= WIPHY_PARAM_RETRY_LONG; 1656 } 1657 1658 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 1659 frag_threshold = nla_get_u32( 1660 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 1661 if (frag_threshold < 256) { 1662 result = -EINVAL; 1663 goto bad_res; 1664 } 1665 if (frag_threshold != (u32) -1) { 1666 /* 1667 * Fragments (apart from the last one) are required to 1668 * have even length. Make the fragmentation code 1669 * simpler by stripping LSB should someone try to use 1670 * odd threshold value. 1671 */ 1672 frag_threshold &= ~0x1; 1673 } 1674 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 1675 } 1676 1677 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 1678 rts_threshold = nla_get_u32( 1679 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 1680 changed |= WIPHY_PARAM_RTS_THRESHOLD; 1681 } 1682 1683 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 1684 coverage_class = nla_get_u8( 1685 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 1686 changed |= WIPHY_PARAM_COVERAGE_CLASS; 1687 } 1688 1689 if (changed) { 1690 u8 old_retry_short, old_retry_long; 1691 u32 old_frag_threshold, old_rts_threshold; 1692 u8 old_coverage_class; 1693 1694 if (!rdev->ops->set_wiphy_params) { 1695 result = -EOPNOTSUPP; 1696 goto bad_res; 1697 } 1698 1699 old_retry_short = rdev->wiphy.retry_short; 1700 old_retry_long = rdev->wiphy.retry_long; 1701 old_frag_threshold = rdev->wiphy.frag_threshold; 1702 old_rts_threshold = rdev->wiphy.rts_threshold; 1703 old_coverage_class = rdev->wiphy.coverage_class; 1704 1705 if (changed & WIPHY_PARAM_RETRY_SHORT) 1706 rdev->wiphy.retry_short = retry_short; 1707 if (changed & WIPHY_PARAM_RETRY_LONG) 1708 rdev->wiphy.retry_long = retry_long; 1709 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 1710 rdev->wiphy.frag_threshold = frag_threshold; 1711 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 1712 rdev->wiphy.rts_threshold = rts_threshold; 1713 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 1714 rdev->wiphy.coverage_class = coverage_class; 1715 1716 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed); 1717 if (result) { 1718 rdev->wiphy.retry_short = old_retry_short; 1719 rdev->wiphy.retry_long = old_retry_long; 1720 rdev->wiphy.frag_threshold = old_frag_threshold; 1721 rdev->wiphy.rts_threshold = old_rts_threshold; 1722 rdev->wiphy.coverage_class = old_coverage_class; 1723 } 1724 } 1725 1726 bad_res: 1727 mutex_unlock(&rdev->mtx); 1728 if (netdev) 1729 dev_put(netdev); 1730 return result; 1731 } 1732 1733 static inline u64 wdev_id(struct wireless_dev *wdev) 1734 { 1735 return (u64)wdev->identifier | 1736 ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32); 1737 } 1738 1739 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags, 1740 struct cfg80211_registered_device *rdev, 1741 struct wireless_dev *wdev) 1742 { 1743 struct net_device *dev = wdev->netdev; 1744 void *hdr; 1745 1746 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE); 1747 if (!hdr) 1748 return -1; 1749 1750 if (dev && 1751 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 1752 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name))) 1753 goto nla_put_failure; 1754 1755 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 1756 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) || 1757 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 1758 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) || 1759 nla_put_u32(msg, NL80211_ATTR_GENERATION, 1760 rdev->devlist_generation ^ 1761 (cfg80211_rdev_list_generation << 2))) 1762 goto nla_put_failure; 1763 1764 if (rdev->ops->get_channel) { 1765 struct ieee80211_channel *chan; 1766 enum nl80211_channel_type channel_type; 1767 1768 chan = rdev->ops->get_channel(&rdev->wiphy, wdev, 1769 &channel_type); 1770 if (chan && 1771 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 1772 chan->center_freq) || 1773 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 1774 channel_type))) 1775 goto nla_put_failure; 1776 } 1777 1778 return genlmsg_end(msg, hdr); 1779 1780 nla_put_failure: 1781 genlmsg_cancel(msg, hdr); 1782 return -EMSGSIZE; 1783 } 1784 1785 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 1786 { 1787 int wp_idx = 0; 1788 int if_idx = 0; 1789 int wp_start = cb->args[0]; 1790 int if_start = cb->args[1]; 1791 struct cfg80211_registered_device *rdev; 1792 struct wireless_dev *wdev; 1793 1794 mutex_lock(&cfg80211_mutex); 1795 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1796 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1797 continue; 1798 if (wp_idx < wp_start) { 1799 wp_idx++; 1800 continue; 1801 } 1802 if_idx = 0; 1803 1804 mutex_lock(&rdev->devlist_mtx); 1805 list_for_each_entry(wdev, &rdev->wdev_list, list) { 1806 if (if_idx < if_start) { 1807 if_idx++; 1808 continue; 1809 } 1810 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid, 1811 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1812 rdev, wdev) < 0) { 1813 mutex_unlock(&rdev->devlist_mtx); 1814 goto out; 1815 } 1816 if_idx++; 1817 } 1818 mutex_unlock(&rdev->devlist_mtx); 1819 1820 wp_idx++; 1821 } 1822 out: 1823 mutex_unlock(&cfg80211_mutex); 1824 1825 cb->args[0] = wp_idx; 1826 cb->args[1] = if_idx; 1827 1828 return skb->len; 1829 } 1830 1831 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 1832 { 1833 struct sk_buff *msg; 1834 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1835 struct wireless_dev *wdev = info->user_ptr[1]; 1836 1837 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1838 if (!msg) 1839 return -ENOMEM; 1840 1841 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 1842 dev, wdev) < 0) { 1843 nlmsg_free(msg); 1844 return -ENOBUFS; 1845 } 1846 1847 return genlmsg_reply(msg, info); 1848 } 1849 1850 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 1851 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 1852 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 1853 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 1854 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 1855 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 1856 }; 1857 1858 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 1859 { 1860 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 1861 int flag; 1862 1863 *mntrflags = 0; 1864 1865 if (!nla) 1866 return -EINVAL; 1867 1868 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 1869 nla, mntr_flags_policy)) 1870 return -EINVAL; 1871 1872 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 1873 if (flags[flag]) 1874 *mntrflags |= (1<<flag); 1875 1876 return 0; 1877 } 1878 1879 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 1880 struct net_device *netdev, u8 use_4addr, 1881 enum nl80211_iftype iftype) 1882 { 1883 if (!use_4addr) { 1884 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 1885 return -EBUSY; 1886 return 0; 1887 } 1888 1889 switch (iftype) { 1890 case NL80211_IFTYPE_AP_VLAN: 1891 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 1892 return 0; 1893 break; 1894 case NL80211_IFTYPE_STATION: 1895 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 1896 return 0; 1897 break; 1898 default: 1899 break; 1900 } 1901 1902 return -EOPNOTSUPP; 1903 } 1904 1905 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 1906 { 1907 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1908 struct vif_params params; 1909 int err; 1910 enum nl80211_iftype otype, ntype; 1911 struct net_device *dev = info->user_ptr[1]; 1912 u32 _flags, *flags = NULL; 1913 bool change = false; 1914 1915 memset(¶ms, 0, sizeof(params)); 1916 1917 otype = ntype = dev->ieee80211_ptr->iftype; 1918 1919 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1920 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1921 if (otype != ntype) 1922 change = true; 1923 if (ntype > NL80211_IFTYPE_MAX) 1924 return -EINVAL; 1925 } 1926 1927 if (info->attrs[NL80211_ATTR_MESH_ID]) { 1928 struct wireless_dev *wdev = dev->ieee80211_ptr; 1929 1930 if (ntype != NL80211_IFTYPE_MESH_POINT) 1931 return -EINVAL; 1932 if (netif_running(dev)) 1933 return -EBUSY; 1934 1935 wdev_lock(wdev); 1936 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 1937 IEEE80211_MAX_MESH_ID_LEN); 1938 wdev->mesh_id_up_len = 1939 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1940 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 1941 wdev->mesh_id_up_len); 1942 wdev_unlock(wdev); 1943 } 1944 1945 if (info->attrs[NL80211_ATTR_4ADDR]) { 1946 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1947 change = true; 1948 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 1949 if (err) 1950 return err; 1951 } else { 1952 params.use_4addr = -1; 1953 } 1954 1955 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 1956 if (ntype != NL80211_IFTYPE_MONITOR) 1957 return -EINVAL; 1958 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 1959 &_flags); 1960 if (err) 1961 return err; 1962 1963 flags = &_flags; 1964 change = true; 1965 } 1966 1967 if (change) 1968 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 1969 else 1970 err = 0; 1971 1972 if (!err && params.use_4addr != -1) 1973 dev->ieee80211_ptr->use_4addr = params.use_4addr; 1974 1975 return err; 1976 } 1977 1978 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 1979 { 1980 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1981 struct vif_params params; 1982 struct wireless_dev *wdev; 1983 struct sk_buff *msg; 1984 int err; 1985 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 1986 u32 flags; 1987 1988 memset(¶ms, 0, sizeof(params)); 1989 1990 if (!info->attrs[NL80211_ATTR_IFNAME]) 1991 return -EINVAL; 1992 1993 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1994 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1995 if (type > NL80211_IFTYPE_MAX) 1996 return -EINVAL; 1997 } 1998 1999 if (!rdev->ops->add_virtual_intf || 2000 !(rdev->wiphy.interface_modes & (1 << type))) 2001 return -EOPNOTSUPP; 2002 2003 if (info->attrs[NL80211_ATTR_4ADDR]) { 2004 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 2005 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 2006 if (err) 2007 return err; 2008 } 2009 2010 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2011 if (!msg) 2012 return -ENOMEM; 2013 2014 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 2015 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 2016 &flags); 2017 wdev = rdev->ops->add_virtual_intf(&rdev->wiphy, 2018 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 2019 type, err ? NULL : &flags, ¶ms); 2020 if (IS_ERR(wdev)) { 2021 nlmsg_free(msg); 2022 return PTR_ERR(wdev); 2023 } 2024 2025 switch (type) { 2026 case NL80211_IFTYPE_MESH_POINT: 2027 if (!info->attrs[NL80211_ATTR_MESH_ID]) 2028 break; 2029 wdev_lock(wdev); 2030 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2031 IEEE80211_MAX_MESH_ID_LEN); 2032 wdev->mesh_id_up_len = 2033 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 2034 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 2035 wdev->mesh_id_up_len); 2036 wdev_unlock(wdev); 2037 break; 2038 case NL80211_IFTYPE_P2P_DEVICE: 2039 /* 2040 * P2P Device doesn't have a netdev, so doesn't go 2041 * through the netdev notifier and must be added here 2042 */ 2043 mutex_init(&wdev->mtx); 2044 INIT_LIST_HEAD(&wdev->event_list); 2045 spin_lock_init(&wdev->event_lock); 2046 INIT_LIST_HEAD(&wdev->mgmt_registrations); 2047 spin_lock_init(&wdev->mgmt_registrations_lock); 2048 2049 mutex_lock(&rdev->devlist_mtx); 2050 wdev->identifier = ++rdev->wdev_id; 2051 list_add_rcu(&wdev->list, &rdev->wdev_list); 2052 rdev->devlist_generation++; 2053 mutex_unlock(&rdev->devlist_mtx); 2054 break; 2055 default: 2056 break; 2057 } 2058 2059 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 2060 rdev, wdev) < 0) { 2061 nlmsg_free(msg); 2062 return -ENOBUFS; 2063 } 2064 2065 return genlmsg_reply(msg, info); 2066 } 2067 2068 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 2069 { 2070 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2071 struct wireless_dev *wdev = info->user_ptr[1]; 2072 2073 if (!rdev->ops->del_virtual_intf) 2074 return -EOPNOTSUPP; 2075 2076 /* 2077 * If we remove a wireless device without a netdev then clear 2078 * user_ptr[1] so that nl80211_post_doit won't dereference it 2079 * to check if it needs to do dev_put(). Otherwise it crashes 2080 * since the wdev has been freed, unlike with a netdev where 2081 * we need the dev_put() for the netdev to really be freed. 2082 */ 2083 if (!wdev->netdev) 2084 info->user_ptr[1] = NULL; 2085 2086 return rdev->ops->del_virtual_intf(&rdev->wiphy, wdev); 2087 } 2088 2089 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 2090 { 2091 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2092 struct net_device *dev = info->user_ptr[1]; 2093 u16 noack_map; 2094 2095 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 2096 return -EINVAL; 2097 2098 if (!rdev->ops->set_noack_map) 2099 return -EOPNOTSUPP; 2100 2101 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 2102 2103 return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map); 2104 } 2105 2106 struct get_key_cookie { 2107 struct sk_buff *msg; 2108 int error; 2109 int idx; 2110 }; 2111 2112 static void get_key_callback(void *c, struct key_params *params) 2113 { 2114 struct nlattr *key; 2115 struct get_key_cookie *cookie = c; 2116 2117 if ((params->key && 2118 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA, 2119 params->key_len, params->key)) || 2120 (params->seq && 2121 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ, 2122 params->seq_len, params->seq)) || 2123 (params->cipher && 2124 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 2125 params->cipher))) 2126 goto nla_put_failure; 2127 2128 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 2129 if (!key) 2130 goto nla_put_failure; 2131 2132 if ((params->key && 2133 nla_put(cookie->msg, NL80211_KEY_DATA, 2134 params->key_len, params->key)) || 2135 (params->seq && 2136 nla_put(cookie->msg, NL80211_KEY_SEQ, 2137 params->seq_len, params->seq)) || 2138 (params->cipher && 2139 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER, 2140 params->cipher))) 2141 goto nla_put_failure; 2142 2143 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx)) 2144 goto nla_put_failure; 2145 2146 nla_nest_end(cookie->msg, key); 2147 2148 return; 2149 nla_put_failure: 2150 cookie->error = 1; 2151 } 2152 2153 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 2154 { 2155 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2156 int err; 2157 struct net_device *dev = info->user_ptr[1]; 2158 u8 key_idx = 0; 2159 const u8 *mac_addr = NULL; 2160 bool pairwise; 2161 struct get_key_cookie cookie = { 2162 .error = 0, 2163 }; 2164 void *hdr; 2165 struct sk_buff *msg; 2166 2167 if (info->attrs[NL80211_ATTR_KEY_IDX]) 2168 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 2169 2170 if (key_idx > 5) 2171 return -EINVAL; 2172 2173 if (info->attrs[NL80211_ATTR_MAC]) 2174 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2175 2176 pairwise = !!mac_addr; 2177 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 2178 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 2179 if (kt >= NUM_NL80211_KEYTYPES) 2180 return -EINVAL; 2181 if (kt != NL80211_KEYTYPE_GROUP && 2182 kt != NL80211_KEYTYPE_PAIRWISE) 2183 return -EINVAL; 2184 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 2185 } 2186 2187 if (!rdev->ops->get_key) 2188 return -EOPNOTSUPP; 2189 2190 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2191 if (!msg) 2192 return -ENOMEM; 2193 2194 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 2195 NL80211_CMD_NEW_KEY); 2196 if (IS_ERR(hdr)) 2197 return PTR_ERR(hdr); 2198 2199 cookie.msg = msg; 2200 cookie.idx = key_idx; 2201 2202 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2203 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx)) 2204 goto nla_put_failure; 2205 if (mac_addr && 2206 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 2207 goto nla_put_failure; 2208 2209 if (pairwise && mac_addr && 2210 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2211 return -ENOENT; 2212 2213 err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise, 2214 mac_addr, &cookie, get_key_callback); 2215 2216 if (err) 2217 goto free_msg; 2218 2219 if (cookie.error) 2220 goto nla_put_failure; 2221 2222 genlmsg_end(msg, hdr); 2223 return genlmsg_reply(msg, info); 2224 2225 nla_put_failure: 2226 err = -ENOBUFS; 2227 free_msg: 2228 nlmsg_free(msg); 2229 return err; 2230 } 2231 2232 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 2233 { 2234 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2235 struct key_parse key; 2236 int err; 2237 struct net_device *dev = info->user_ptr[1]; 2238 2239 err = nl80211_parse_key(info, &key); 2240 if (err) 2241 return err; 2242 2243 if (key.idx < 0) 2244 return -EINVAL; 2245 2246 /* only support setting default key */ 2247 if (!key.def && !key.defmgmt) 2248 return -EINVAL; 2249 2250 wdev_lock(dev->ieee80211_ptr); 2251 2252 if (key.def) { 2253 if (!rdev->ops->set_default_key) { 2254 err = -EOPNOTSUPP; 2255 goto out; 2256 } 2257 2258 err = nl80211_key_allowed(dev->ieee80211_ptr); 2259 if (err) 2260 goto out; 2261 2262 err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx, 2263 key.def_uni, key.def_multi); 2264 2265 if (err) 2266 goto out; 2267 2268 #ifdef CONFIG_CFG80211_WEXT 2269 dev->ieee80211_ptr->wext.default_key = key.idx; 2270 #endif 2271 } else { 2272 if (key.def_uni || !key.def_multi) { 2273 err = -EINVAL; 2274 goto out; 2275 } 2276 2277 if (!rdev->ops->set_default_mgmt_key) { 2278 err = -EOPNOTSUPP; 2279 goto out; 2280 } 2281 2282 err = nl80211_key_allowed(dev->ieee80211_ptr); 2283 if (err) 2284 goto out; 2285 2286 err = rdev->ops->set_default_mgmt_key(&rdev->wiphy, 2287 dev, key.idx); 2288 if (err) 2289 goto out; 2290 2291 #ifdef CONFIG_CFG80211_WEXT 2292 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 2293 #endif 2294 } 2295 2296 out: 2297 wdev_unlock(dev->ieee80211_ptr); 2298 2299 return err; 2300 } 2301 2302 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 2303 { 2304 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2305 int err; 2306 struct net_device *dev = info->user_ptr[1]; 2307 struct key_parse key; 2308 const u8 *mac_addr = NULL; 2309 2310 err = nl80211_parse_key(info, &key); 2311 if (err) 2312 return err; 2313 2314 if (!key.p.key) 2315 return -EINVAL; 2316 2317 if (info->attrs[NL80211_ATTR_MAC]) 2318 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2319 2320 if (key.type == -1) { 2321 if (mac_addr) 2322 key.type = NL80211_KEYTYPE_PAIRWISE; 2323 else 2324 key.type = NL80211_KEYTYPE_GROUP; 2325 } 2326 2327 /* for now */ 2328 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2329 key.type != NL80211_KEYTYPE_GROUP) 2330 return -EINVAL; 2331 2332 if (!rdev->ops->add_key) 2333 return -EOPNOTSUPP; 2334 2335 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 2336 key.type == NL80211_KEYTYPE_PAIRWISE, 2337 mac_addr)) 2338 return -EINVAL; 2339 2340 wdev_lock(dev->ieee80211_ptr); 2341 err = nl80211_key_allowed(dev->ieee80211_ptr); 2342 if (!err) 2343 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx, 2344 key.type == NL80211_KEYTYPE_PAIRWISE, 2345 mac_addr, &key.p); 2346 wdev_unlock(dev->ieee80211_ptr); 2347 2348 return err; 2349 } 2350 2351 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 2352 { 2353 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2354 int err; 2355 struct net_device *dev = info->user_ptr[1]; 2356 u8 *mac_addr = NULL; 2357 struct key_parse key; 2358 2359 err = nl80211_parse_key(info, &key); 2360 if (err) 2361 return err; 2362 2363 if (info->attrs[NL80211_ATTR_MAC]) 2364 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2365 2366 if (key.type == -1) { 2367 if (mac_addr) 2368 key.type = NL80211_KEYTYPE_PAIRWISE; 2369 else 2370 key.type = NL80211_KEYTYPE_GROUP; 2371 } 2372 2373 /* for now */ 2374 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2375 key.type != NL80211_KEYTYPE_GROUP) 2376 return -EINVAL; 2377 2378 if (!rdev->ops->del_key) 2379 return -EOPNOTSUPP; 2380 2381 wdev_lock(dev->ieee80211_ptr); 2382 err = nl80211_key_allowed(dev->ieee80211_ptr); 2383 2384 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr && 2385 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2386 err = -ENOENT; 2387 2388 if (!err) 2389 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, 2390 key.type == NL80211_KEYTYPE_PAIRWISE, 2391 mac_addr); 2392 2393 #ifdef CONFIG_CFG80211_WEXT 2394 if (!err) { 2395 if (key.idx == dev->ieee80211_ptr->wext.default_key) 2396 dev->ieee80211_ptr->wext.default_key = -1; 2397 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 2398 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 2399 } 2400 #endif 2401 wdev_unlock(dev->ieee80211_ptr); 2402 2403 return err; 2404 } 2405 2406 static int nl80211_parse_beacon(struct genl_info *info, 2407 struct cfg80211_beacon_data *bcn) 2408 { 2409 bool haveinfo = false; 2410 2411 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) || 2412 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) || 2413 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) || 2414 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP])) 2415 return -EINVAL; 2416 2417 memset(bcn, 0, sizeof(*bcn)); 2418 2419 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 2420 bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2421 bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2422 if (!bcn->head_len) 2423 return -EINVAL; 2424 haveinfo = true; 2425 } 2426 2427 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 2428 bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2429 bcn->tail_len = 2430 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2431 haveinfo = true; 2432 } 2433 2434 if (!haveinfo) 2435 return -EINVAL; 2436 2437 if (info->attrs[NL80211_ATTR_IE]) { 2438 bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]); 2439 bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]); 2440 } 2441 2442 if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) { 2443 bcn->proberesp_ies = 2444 nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2445 bcn->proberesp_ies_len = 2446 nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2447 } 2448 2449 if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 2450 bcn->assocresp_ies = 2451 nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2452 bcn->assocresp_ies_len = 2453 nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2454 } 2455 2456 if (info->attrs[NL80211_ATTR_PROBE_RESP]) { 2457 bcn->probe_resp = 2458 nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]); 2459 bcn->probe_resp_len = 2460 nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]); 2461 } 2462 2463 return 0; 2464 } 2465 2466 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev, 2467 struct cfg80211_ap_settings *params) 2468 { 2469 struct wireless_dev *wdev; 2470 bool ret = false; 2471 2472 mutex_lock(&rdev->devlist_mtx); 2473 2474 list_for_each_entry(wdev, &rdev->wdev_list, list) { 2475 if (wdev->iftype != NL80211_IFTYPE_AP && 2476 wdev->iftype != NL80211_IFTYPE_P2P_GO) 2477 continue; 2478 2479 if (!wdev->preset_chan) 2480 continue; 2481 2482 params->channel = wdev->preset_chan; 2483 params->channel_type = wdev->preset_chantype; 2484 ret = true; 2485 break; 2486 } 2487 2488 mutex_unlock(&rdev->devlist_mtx); 2489 2490 return ret; 2491 } 2492 2493 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 2494 { 2495 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2496 struct net_device *dev = info->user_ptr[1]; 2497 struct wireless_dev *wdev = dev->ieee80211_ptr; 2498 struct cfg80211_ap_settings params; 2499 int err; 2500 2501 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2502 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2503 return -EOPNOTSUPP; 2504 2505 if (!rdev->ops->start_ap) 2506 return -EOPNOTSUPP; 2507 2508 if (wdev->beacon_interval) 2509 return -EALREADY; 2510 2511 memset(¶ms, 0, sizeof(params)); 2512 2513 /* these are required for START_AP */ 2514 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 2515 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 2516 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 2517 return -EINVAL; 2518 2519 err = nl80211_parse_beacon(info, ¶ms.beacon); 2520 if (err) 2521 return err; 2522 2523 params.beacon_interval = 2524 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 2525 params.dtim_period = 2526 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 2527 2528 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval); 2529 if (err) 2530 return err; 2531 2532 /* 2533 * In theory, some of these attributes should be required here 2534 * but since they were not used when the command was originally 2535 * added, keep them optional for old user space programs to let 2536 * them continue to work with drivers that do not need the 2537 * additional information -- drivers must check! 2538 */ 2539 if (info->attrs[NL80211_ATTR_SSID]) { 2540 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 2541 params.ssid_len = 2542 nla_len(info->attrs[NL80211_ATTR_SSID]); 2543 if (params.ssid_len == 0 || 2544 params.ssid_len > IEEE80211_MAX_SSID_LEN) 2545 return -EINVAL; 2546 } 2547 2548 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) { 2549 params.hidden_ssid = nla_get_u32( 2550 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 2551 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE && 2552 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN && 2553 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS) 2554 return -EINVAL; 2555 } 2556 2557 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 2558 2559 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 2560 params.auth_type = nla_get_u32( 2561 info->attrs[NL80211_ATTR_AUTH_TYPE]); 2562 if (!nl80211_valid_auth_type(params.auth_type)) 2563 return -EINVAL; 2564 } else 2565 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 2566 2567 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto, 2568 NL80211_MAX_NR_CIPHER_SUITES); 2569 if (err) 2570 return err; 2571 2572 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 2573 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) 2574 return -EOPNOTSUPP; 2575 params.inactivity_timeout = nla_get_u16( 2576 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 2577 } 2578 2579 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 2580 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 2581 2582 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] && 2583 !nl80211_valid_channel_type(info, &channel_type)) 2584 return -EINVAL; 2585 2586 params.channel = rdev_freq_to_chan(rdev, 2587 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]), 2588 channel_type); 2589 if (!params.channel) 2590 return -EINVAL; 2591 params.channel_type = channel_type; 2592 } else if (wdev->preset_chan) { 2593 params.channel = wdev->preset_chan; 2594 params.channel_type = wdev->preset_chantype; 2595 } else if (!nl80211_get_ap_channel(rdev, ¶ms)) 2596 return -EINVAL; 2597 2598 if (!cfg80211_can_beacon_sec_chan(&rdev->wiphy, params.channel, 2599 params.channel_type)) 2600 return -EINVAL; 2601 2602 mutex_lock(&rdev->devlist_mtx); 2603 err = cfg80211_can_use_chan(rdev, wdev, params.channel, 2604 CHAN_MODE_SHARED); 2605 mutex_unlock(&rdev->devlist_mtx); 2606 2607 if (err) 2608 return err; 2609 2610 err = rdev->ops->start_ap(&rdev->wiphy, dev, ¶ms); 2611 if (!err) { 2612 wdev->preset_chan = params.channel; 2613 wdev->preset_chantype = params.channel_type; 2614 wdev->beacon_interval = params.beacon_interval; 2615 wdev->channel = params.channel; 2616 } 2617 return err; 2618 } 2619 2620 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 2621 { 2622 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2623 struct net_device *dev = info->user_ptr[1]; 2624 struct wireless_dev *wdev = dev->ieee80211_ptr; 2625 struct cfg80211_beacon_data params; 2626 int err; 2627 2628 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2629 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2630 return -EOPNOTSUPP; 2631 2632 if (!rdev->ops->change_beacon) 2633 return -EOPNOTSUPP; 2634 2635 if (!wdev->beacon_interval) 2636 return -EINVAL; 2637 2638 err = nl80211_parse_beacon(info, ¶ms); 2639 if (err) 2640 return err; 2641 2642 return rdev->ops->change_beacon(&rdev->wiphy, dev, ¶ms); 2643 } 2644 2645 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 2646 { 2647 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2648 struct net_device *dev = info->user_ptr[1]; 2649 2650 return cfg80211_stop_ap(rdev, dev); 2651 } 2652 2653 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 2654 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 2655 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 2656 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 2657 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 2658 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 2659 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 2660 }; 2661 2662 static int parse_station_flags(struct genl_info *info, 2663 enum nl80211_iftype iftype, 2664 struct station_parameters *params) 2665 { 2666 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 2667 struct nlattr *nla; 2668 int flag; 2669 2670 /* 2671 * Try parsing the new attribute first so userspace 2672 * can specify both for older kernels. 2673 */ 2674 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 2675 if (nla) { 2676 struct nl80211_sta_flag_update *sta_flags; 2677 2678 sta_flags = nla_data(nla); 2679 params->sta_flags_mask = sta_flags->mask; 2680 params->sta_flags_set = sta_flags->set; 2681 if ((params->sta_flags_mask | 2682 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 2683 return -EINVAL; 2684 return 0; 2685 } 2686 2687 /* if present, parse the old attribute */ 2688 2689 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 2690 if (!nla) 2691 return 0; 2692 2693 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 2694 nla, sta_flags_policy)) 2695 return -EINVAL; 2696 2697 /* 2698 * Only allow certain flags for interface types so that 2699 * other attributes are silently ignored. Remember that 2700 * this is backward compatibility code with old userspace 2701 * and shouldn't be hit in other cases anyway. 2702 */ 2703 switch (iftype) { 2704 case NL80211_IFTYPE_AP: 2705 case NL80211_IFTYPE_AP_VLAN: 2706 case NL80211_IFTYPE_P2P_GO: 2707 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2708 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 2709 BIT(NL80211_STA_FLAG_WME) | 2710 BIT(NL80211_STA_FLAG_MFP); 2711 break; 2712 case NL80211_IFTYPE_P2P_CLIENT: 2713 case NL80211_IFTYPE_STATION: 2714 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2715 BIT(NL80211_STA_FLAG_TDLS_PEER); 2716 break; 2717 case NL80211_IFTYPE_MESH_POINT: 2718 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 2719 BIT(NL80211_STA_FLAG_MFP) | 2720 BIT(NL80211_STA_FLAG_AUTHORIZED); 2721 default: 2722 return -EINVAL; 2723 } 2724 2725 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) { 2726 if (flags[flag]) { 2727 params->sta_flags_set |= (1<<flag); 2728 2729 /* no longer support new API additions in old API */ 2730 if (flag > NL80211_STA_FLAG_MAX_OLD_API) 2731 return -EINVAL; 2732 } 2733 } 2734 2735 return 0; 2736 } 2737 2738 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, 2739 int attr) 2740 { 2741 struct nlattr *rate; 2742 u32 bitrate; 2743 u16 bitrate_compat; 2744 2745 rate = nla_nest_start(msg, attr); 2746 if (!rate) 2747 goto nla_put_failure; 2748 2749 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 2750 bitrate = cfg80211_calculate_bitrate(info); 2751 /* report 16-bit bitrate only if we can */ 2752 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0; 2753 if ((bitrate > 0 && 2754 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) || 2755 (bitrate_compat > 0 && 2756 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) || 2757 ((info->flags & RATE_INFO_FLAGS_MCS) && 2758 nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) || 2759 ((info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) && 2760 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) || 2761 ((info->flags & RATE_INFO_FLAGS_SHORT_GI) && 2762 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))) 2763 goto nla_put_failure; 2764 2765 nla_nest_end(msg, rate); 2766 return true; 2767 2768 nla_put_failure: 2769 return false; 2770 } 2771 2772 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq, 2773 int flags, 2774 struct cfg80211_registered_device *rdev, 2775 struct net_device *dev, 2776 const u8 *mac_addr, struct station_info *sinfo) 2777 { 2778 void *hdr; 2779 struct nlattr *sinfoattr, *bss_param; 2780 2781 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION); 2782 if (!hdr) 2783 return -1; 2784 2785 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2786 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 2787 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation)) 2788 goto nla_put_failure; 2789 2790 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 2791 if (!sinfoattr) 2792 goto nla_put_failure; 2793 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) && 2794 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME, 2795 sinfo->connected_time)) 2796 goto nla_put_failure; 2797 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) && 2798 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME, 2799 sinfo->inactive_time)) 2800 goto nla_put_failure; 2801 if ((sinfo->filled & STATION_INFO_RX_BYTES) && 2802 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES, 2803 sinfo->rx_bytes)) 2804 goto nla_put_failure; 2805 if ((sinfo->filled & STATION_INFO_TX_BYTES) && 2806 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 2807 sinfo->tx_bytes)) 2808 goto nla_put_failure; 2809 if ((sinfo->filled & STATION_INFO_LLID) && 2810 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid)) 2811 goto nla_put_failure; 2812 if ((sinfo->filled & STATION_INFO_PLID) && 2813 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid)) 2814 goto nla_put_failure; 2815 if ((sinfo->filled & STATION_INFO_PLINK_STATE) && 2816 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE, 2817 sinfo->plink_state)) 2818 goto nla_put_failure; 2819 switch (rdev->wiphy.signal_type) { 2820 case CFG80211_SIGNAL_TYPE_MBM: 2821 if ((sinfo->filled & STATION_INFO_SIGNAL) && 2822 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL, 2823 sinfo->signal)) 2824 goto nla_put_failure; 2825 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) && 2826 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG, 2827 sinfo->signal_avg)) 2828 goto nla_put_failure; 2829 break; 2830 default: 2831 break; 2832 } 2833 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 2834 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 2835 NL80211_STA_INFO_TX_BITRATE)) 2836 goto nla_put_failure; 2837 } 2838 if (sinfo->filled & STATION_INFO_RX_BITRATE) { 2839 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 2840 NL80211_STA_INFO_RX_BITRATE)) 2841 goto nla_put_failure; 2842 } 2843 if ((sinfo->filled & STATION_INFO_RX_PACKETS) && 2844 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS, 2845 sinfo->rx_packets)) 2846 goto nla_put_failure; 2847 if ((sinfo->filled & STATION_INFO_TX_PACKETS) && 2848 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS, 2849 sinfo->tx_packets)) 2850 goto nla_put_failure; 2851 if ((sinfo->filled & STATION_INFO_TX_RETRIES) && 2852 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES, 2853 sinfo->tx_retries)) 2854 goto nla_put_failure; 2855 if ((sinfo->filled & STATION_INFO_TX_FAILED) && 2856 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED, 2857 sinfo->tx_failed)) 2858 goto nla_put_failure; 2859 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) && 2860 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS, 2861 sinfo->beacon_loss_count)) 2862 goto nla_put_failure; 2863 if (sinfo->filled & STATION_INFO_BSS_PARAM) { 2864 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM); 2865 if (!bss_param) 2866 goto nla_put_failure; 2867 2868 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) && 2869 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) || 2870 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) && 2871 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) || 2872 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) && 2873 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) || 2874 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 2875 sinfo->bss_param.dtim_period) || 2876 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 2877 sinfo->bss_param.beacon_interval)) 2878 goto nla_put_failure; 2879 2880 nla_nest_end(msg, bss_param); 2881 } 2882 if ((sinfo->filled & STATION_INFO_STA_FLAGS) && 2883 nla_put(msg, NL80211_STA_INFO_STA_FLAGS, 2884 sizeof(struct nl80211_sta_flag_update), 2885 &sinfo->sta_flags)) 2886 goto nla_put_failure; 2887 if ((sinfo->filled & STATION_INFO_T_OFFSET) && 2888 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET, 2889 sinfo->t_offset)) 2890 goto nla_put_failure; 2891 nla_nest_end(msg, sinfoattr); 2892 2893 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) && 2894 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 2895 sinfo->assoc_req_ies)) 2896 goto nla_put_failure; 2897 2898 return genlmsg_end(msg, hdr); 2899 2900 nla_put_failure: 2901 genlmsg_cancel(msg, hdr); 2902 return -EMSGSIZE; 2903 } 2904 2905 static int nl80211_dump_station(struct sk_buff *skb, 2906 struct netlink_callback *cb) 2907 { 2908 struct station_info sinfo; 2909 struct cfg80211_registered_device *dev; 2910 struct net_device *netdev; 2911 u8 mac_addr[ETH_ALEN]; 2912 int sta_idx = cb->args[1]; 2913 int err; 2914 2915 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 2916 if (err) 2917 return err; 2918 2919 if (!dev->ops->dump_station) { 2920 err = -EOPNOTSUPP; 2921 goto out_err; 2922 } 2923 2924 while (1) { 2925 memset(&sinfo, 0, sizeof(sinfo)); 2926 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx, 2927 mac_addr, &sinfo); 2928 if (err == -ENOENT) 2929 break; 2930 if (err) 2931 goto out_err; 2932 2933 if (nl80211_send_station(skb, 2934 NETLINK_CB(cb->skb).portid, 2935 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2936 dev, netdev, mac_addr, 2937 &sinfo) < 0) 2938 goto out; 2939 2940 sta_idx++; 2941 } 2942 2943 2944 out: 2945 cb->args[1] = sta_idx; 2946 err = skb->len; 2947 out_err: 2948 nl80211_finish_netdev_dump(dev); 2949 2950 return err; 2951 } 2952 2953 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 2954 { 2955 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2956 struct net_device *dev = info->user_ptr[1]; 2957 struct station_info sinfo; 2958 struct sk_buff *msg; 2959 u8 *mac_addr = NULL; 2960 int err; 2961 2962 memset(&sinfo, 0, sizeof(sinfo)); 2963 2964 if (!info->attrs[NL80211_ATTR_MAC]) 2965 return -EINVAL; 2966 2967 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2968 2969 if (!rdev->ops->get_station) 2970 return -EOPNOTSUPP; 2971 2972 err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo); 2973 if (err) 2974 return err; 2975 2976 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2977 if (!msg) 2978 return -ENOMEM; 2979 2980 if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0, 2981 rdev, dev, mac_addr, &sinfo) < 0) { 2982 nlmsg_free(msg); 2983 return -ENOBUFS; 2984 } 2985 2986 return genlmsg_reply(msg, info); 2987 } 2988 2989 /* 2990 * Get vlan interface making sure it is running and on the right wiphy. 2991 */ 2992 static struct net_device *get_vlan(struct genl_info *info, 2993 struct cfg80211_registered_device *rdev) 2994 { 2995 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 2996 struct net_device *v; 2997 int ret; 2998 2999 if (!vlanattr) 3000 return NULL; 3001 3002 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 3003 if (!v) 3004 return ERR_PTR(-ENODEV); 3005 3006 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 3007 ret = -EINVAL; 3008 goto error; 3009 } 3010 3011 if (!netif_running(v)) { 3012 ret = -ENETDOWN; 3013 goto error; 3014 } 3015 3016 return v; 3017 error: 3018 dev_put(v); 3019 return ERR_PTR(ret); 3020 } 3021 3022 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 3023 { 3024 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3025 int err; 3026 struct net_device *dev = info->user_ptr[1]; 3027 struct station_parameters params; 3028 u8 *mac_addr = NULL; 3029 3030 memset(¶ms, 0, sizeof(params)); 3031 3032 params.listen_interval = -1; 3033 params.plink_state = -1; 3034 3035 if (info->attrs[NL80211_ATTR_STA_AID]) 3036 return -EINVAL; 3037 3038 if (!info->attrs[NL80211_ATTR_MAC]) 3039 return -EINVAL; 3040 3041 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3042 3043 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 3044 params.supported_rates = 3045 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3046 params.supported_rates_len = 3047 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3048 } 3049 3050 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 3051 params.listen_interval = 3052 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 3053 3054 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 3055 params.ht_capa = 3056 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 3057 3058 if (!rdev->ops->change_station) 3059 return -EOPNOTSUPP; 3060 3061 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 3062 return -EINVAL; 3063 3064 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 3065 params.plink_action = 3066 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 3067 3068 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) 3069 params.plink_state = 3070 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 3071 3072 switch (dev->ieee80211_ptr->iftype) { 3073 case NL80211_IFTYPE_AP: 3074 case NL80211_IFTYPE_AP_VLAN: 3075 case NL80211_IFTYPE_P2P_GO: 3076 /* disallow mesh-specific things */ 3077 if (params.plink_action) 3078 return -EINVAL; 3079 3080 /* TDLS can't be set, ... */ 3081 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3082 return -EINVAL; 3083 /* 3084 * ... but don't bother the driver with it. This works around 3085 * a hostapd/wpa_supplicant issue -- it always includes the 3086 * TLDS_PEER flag in the mask even for AP mode. 3087 */ 3088 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3089 3090 /* accept only the listed bits */ 3091 if (params.sta_flags_mask & 3092 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 3093 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 3094 BIT(NL80211_STA_FLAG_WME) | 3095 BIT(NL80211_STA_FLAG_MFP))) 3096 return -EINVAL; 3097 3098 /* must be last in here for error handling */ 3099 params.vlan = get_vlan(info, rdev); 3100 if (IS_ERR(params.vlan)) 3101 return PTR_ERR(params.vlan); 3102 break; 3103 case NL80211_IFTYPE_P2P_CLIENT: 3104 case NL80211_IFTYPE_STATION: 3105 /* 3106 * Don't allow userspace to change the TDLS_PEER flag, 3107 * but silently ignore attempts to change it since we 3108 * don't have state here to verify that it doesn't try 3109 * to change the flag. 3110 */ 3111 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3112 /* fall through */ 3113 case NL80211_IFTYPE_ADHOC: 3114 /* disallow things sta doesn't support */ 3115 if (params.plink_action) 3116 return -EINVAL; 3117 if (params.ht_capa) 3118 return -EINVAL; 3119 if (params.listen_interval >= 0) 3120 return -EINVAL; 3121 /* reject any changes other than AUTHORIZED */ 3122 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 3123 return -EINVAL; 3124 break; 3125 case NL80211_IFTYPE_MESH_POINT: 3126 /* disallow things mesh doesn't support */ 3127 if (params.vlan) 3128 return -EINVAL; 3129 if (params.ht_capa) 3130 return -EINVAL; 3131 if (params.listen_interval >= 0) 3132 return -EINVAL; 3133 /* 3134 * No special handling for TDLS here -- the userspace 3135 * mesh code doesn't have this bug. 3136 */ 3137 if (params.sta_flags_mask & 3138 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3139 BIT(NL80211_STA_FLAG_MFP) | 3140 BIT(NL80211_STA_FLAG_AUTHORIZED))) 3141 return -EINVAL; 3142 break; 3143 default: 3144 return -EOPNOTSUPP; 3145 } 3146 3147 /* be aware of params.vlan when changing code here */ 3148 3149 err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, ¶ms); 3150 3151 if (params.vlan) 3152 dev_put(params.vlan); 3153 3154 return err; 3155 } 3156 3157 static struct nla_policy 3158 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = { 3159 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 3160 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 3161 }; 3162 3163 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 3164 { 3165 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3166 int err; 3167 struct net_device *dev = info->user_ptr[1]; 3168 struct station_parameters params; 3169 u8 *mac_addr = NULL; 3170 3171 memset(¶ms, 0, sizeof(params)); 3172 3173 if (!info->attrs[NL80211_ATTR_MAC]) 3174 return -EINVAL; 3175 3176 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 3177 return -EINVAL; 3178 3179 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 3180 return -EINVAL; 3181 3182 if (!info->attrs[NL80211_ATTR_STA_AID]) 3183 return -EINVAL; 3184 3185 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3186 params.supported_rates = 3187 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3188 params.supported_rates_len = 3189 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3190 params.listen_interval = 3191 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 3192 3193 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 3194 if (!params.aid || params.aid > IEEE80211_MAX_AID) 3195 return -EINVAL; 3196 3197 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 3198 params.ht_capa = 3199 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 3200 3201 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 3202 params.plink_action = 3203 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 3204 3205 if (!rdev->ops->add_station) 3206 return -EOPNOTSUPP; 3207 3208 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 3209 return -EINVAL; 3210 3211 switch (dev->ieee80211_ptr->iftype) { 3212 case NL80211_IFTYPE_AP: 3213 case NL80211_IFTYPE_AP_VLAN: 3214 case NL80211_IFTYPE_P2P_GO: 3215 /* parse WME attributes if sta is WME capable */ 3216 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 3217 (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) && 3218 info->attrs[NL80211_ATTR_STA_WME]) { 3219 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 3220 struct nlattr *nla; 3221 3222 nla = info->attrs[NL80211_ATTR_STA_WME]; 3223 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 3224 nl80211_sta_wme_policy); 3225 if (err) 3226 return err; 3227 3228 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 3229 params.uapsd_queues = 3230 nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]); 3231 if (params.uapsd_queues & 3232 ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 3233 return -EINVAL; 3234 3235 if (tb[NL80211_STA_WME_MAX_SP]) 3236 params.max_sp = 3237 nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 3238 3239 if (params.max_sp & 3240 ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 3241 return -EINVAL; 3242 3243 params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 3244 } 3245 /* TDLS peers cannot be added */ 3246 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3247 return -EINVAL; 3248 /* but don't bother the driver with it */ 3249 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3250 3251 /* must be last in here for error handling */ 3252 params.vlan = get_vlan(info, rdev); 3253 if (IS_ERR(params.vlan)) 3254 return PTR_ERR(params.vlan); 3255 break; 3256 case NL80211_IFTYPE_MESH_POINT: 3257 /* TDLS peers cannot be added */ 3258 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3259 return -EINVAL; 3260 break; 3261 case NL80211_IFTYPE_STATION: 3262 /* Only TDLS peers can be added */ 3263 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 3264 return -EINVAL; 3265 /* Can only add if TDLS ... */ 3266 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 3267 return -EOPNOTSUPP; 3268 /* ... with external setup is supported */ 3269 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 3270 return -EOPNOTSUPP; 3271 break; 3272 default: 3273 return -EOPNOTSUPP; 3274 } 3275 3276 /* be aware of params.vlan when changing code here */ 3277 3278 err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, ¶ms); 3279 3280 if (params.vlan) 3281 dev_put(params.vlan); 3282 return err; 3283 } 3284 3285 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 3286 { 3287 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3288 struct net_device *dev = info->user_ptr[1]; 3289 u8 *mac_addr = NULL; 3290 3291 if (info->attrs[NL80211_ATTR_MAC]) 3292 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3293 3294 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3295 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 3296 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 3297 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3298 return -EINVAL; 3299 3300 if (!rdev->ops->del_station) 3301 return -EOPNOTSUPP; 3302 3303 return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr); 3304 } 3305 3306 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq, 3307 int flags, struct net_device *dev, 3308 u8 *dst, u8 *next_hop, 3309 struct mpath_info *pinfo) 3310 { 3311 void *hdr; 3312 struct nlattr *pinfoattr; 3313 3314 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION); 3315 if (!hdr) 3316 return -1; 3317 3318 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3319 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || 3320 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) || 3321 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation)) 3322 goto nla_put_failure; 3323 3324 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 3325 if (!pinfoattr) 3326 goto nla_put_failure; 3327 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) && 3328 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 3329 pinfo->frame_qlen)) 3330 goto nla_put_failure; 3331 if (((pinfo->filled & MPATH_INFO_SN) && 3332 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) || 3333 ((pinfo->filled & MPATH_INFO_METRIC) && 3334 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC, 3335 pinfo->metric)) || 3336 ((pinfo->filled & MPATH_INFO_EXPTIME) && 3337 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME, 3338 pinfo->exptime)) || 3339 ((pinfo->filled & MPATH_INFO_FLAGS) && 3340 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS, 3341 pinfo->flags)) || 3342 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) && 3343 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 3344 pinfo->discovery_timeout)) || 3345 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) && 3346 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 3347 pinfo->discovery_retries))) 3348 goto nla_put_failure; 3349 3350 nla_nest_end(msg, pinfoattr); 3351 3352 return genlmsg_end(msg, hdr); 3353 3354 nla_put_failure: 3355 genlmsg_cancel(msg, hdr); 3356 return -EMSGSIZE; 3357 } 3358 3359 static int nl80211_dump_mpath(struct sk_buff *skb, 3360 struct netlink_callback *cb) 3361 { 3362 struct mpath_info pinfo; 3363 struct cfg80211_registered_device *dev; 3364 struct net_device *netdev; 3365 u8 dst[ETH_ALEN]; 3366 u8 next_hop[ETH_ALEN]; 3367 int path_idx = cb->args[1]; 3368 int err; 3369 3370 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 3371 if (err) 3372 return err; 3373 3374 if (!dev->ops->dump_mpath) { 3375 err = -EOPNOTSUPP; 3376 goto out_err; 3377 } 3378 3379 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 3380 err = -EOPNOTSUPP; 3381 goto out_err; 3382 } 3383 3384 while (1) { 3385 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx, 3386 dst, next_hop, &pinfo); 3387 if (err == -ENOENT) 3388 break; 3389 if (err) 3390 goto out_err; 3391 3392 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 3393 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3394 netdev, dst, next_hop, 3395 &pinfo) < 0) 3396 goto out; 3397 3398 path_idx++; 3399 } 3400 3401 3402 out: 3403 cb->args[1] = path_idx; 3404 err = skb->len; 3405 out_err: 3406 nl80211_finish_netdev_dump(dev); 3407 return err; 3408 } 3409 3410 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 3411 { 3412 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3413 int err; 3414 struct net_device *dev = info->user_ptr[1]; 3415 struct mpath_info pinfo; 3416 struct sk_buff *msg; 3417 u8 *dst = NULL; 3418 u8 next_hop[ETH_ALEN]; 3419 3420 memset(&pinfo, 0, sizeof(pinfo)); 3421 3422 if (!info->attrs[NL80211_ATTR_MAC]) 3423 return -EINVAL; 3424 3425 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3426 3427 if (!rdev->ops->get_mpath) 3428 return -EOPNOTSUPP; 3429 3430 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3431 return -EOPNOTSUPP; 3432 3433 err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo); 3434 if (err) 3435 return err; 3436 3437 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3438 if (!msg) 3439 return -ENOMEM; 3440 3441 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 3442 dev, dst, next_hop, &pinfo) < 0) { 3443 nlmsg_free(msg); 3444 return -ENOBUFS; 3445 } 3446 3447 return genlmsg_reply(msg, info); 3448 } 3449 3450 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 3451 { 3452 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3453 struct net_device *dev = info->user_ptr[1]; 3454 u8 *dst = NULL; 3455 u8 *next_hop = NULL; 3456 3457 if (!info->attrs[NL80211_ATTR_MAC]) 3458 return -EINVAL; 3459 3460 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3461 return -EINVAL; 3462 3463 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3464 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3465 3466 if (!rdev->ops->change_mpath) 3467 return -EOPNOTSUPP; 3468 3469 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3470 return -EOPNOTSUPP; 3471 3472 return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop); 3473 } 3474 3475 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 3476 { 3477 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3478 struct net_device *dev = info->user_ptr[1]; 3479 u8 *dst = NULL; 3480 u8 *next_hop = NULL; 3481 3482 if (!info->attrs[NL80211_ATTR_MAC]) 3483 return -EINVAL; 3484 3485 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3486 return -EINVAL; 3487 3488 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3489 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3490 3491 if (!rdev->ops->add_mpath) 3492 return -EOPNOTSUPP; 3493 3494 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3495 return -EOPNOTSUPP; 3496 3497 return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop); 3498 } 3499 3500 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 3501 { 3502 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3503 struct net_device *dev = info->user_ptr[1]; 3504 u8 *dst = NULL; 3505 3506 if (info->attrs[NL80211_ATTR_MAC]) 3507 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3508 3509 if (!rdev->ops->del_mpath) 3510 return -EOPNOTSUPP; 3511 3512 return rdev->ops->del_mpath(&rdev->wiphy, dev, dst); 3513 } 3514 3515 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 3516 { 3517 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3518 struct net_device *dev = info->user_ptr[1]; 3519 struct bss_parameters params; 3520 3521 memset(¶ms, 0, sizeof(params)); 3522 /* default to not changing parameters */ 3523 params.use_cts_prot = -1; 3524 params.use_short_preamble = -1; 3525 params.use_short_slot_time = -1; 3526 params.ap_isolate = -1; 3527 params.ht_opmode = -1; 3528 3529 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 3530 params.use_cts_prot = 3531 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 3532 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 3533 params.use_short_preamble = 3534 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 3535 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 3536 params.use_short_slot_time = 3537 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 3538 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 3539 params.basic_rates = 3540 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3541 params.basic_rates_len = 3542 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3543 } 3544 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 3545 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 3546 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 3547 params.ht_opmode = 3548 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 3549 3550 if (!rdev->ops->change_bss) 3551 return -EOPNOTSUPP; 3552 3553 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3554 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3555 return -EOPNOTSUPP; 3556 3557 return rdev->ops->change_bss(&rdev->wiphy, dev, ¶ms); 3558 } 3559 3560 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 3561 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 3562 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 3563 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 3564 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 3565 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 3566 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 3567 }; 3568 3569 static int parse_reg_rule(struct nlattr *tb[], 3570 struct ieee80211_reg_rule *reg_rule) 3571 { 3572 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 3573 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 3574 3575 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 3576 return -EINVAL; 3577 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 3578 return -EINVAL; 3579 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 3580 return -EINVAL; 3581 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 3582 return -EINVAL; 3583 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 3584 return -EINVAL; 3585 3586 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 3587 3588 freq_range->start_freq_khz = 3589 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 3590 freq_range->end_freq_khz = 3591 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 3592 freq_range->max_bandwidth_khz = 3593 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 3594 3595 power_rule->max_eirp = 3596 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 3597 3598 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 3599 power_rule->max_antenna_gain = 3600 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 3601 3602 return 0; 3603 } 3604 3605 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 3606 { 3607 int r; 3608 char *data = NULL; 3609 enum nl80211_user_reg_hint_type user_reg_hint_type; 3610 3611 /* 3612 * You should only get this when cfg80211 hasn't yet initialized 3613 * completely when built-in to the kernel right between the time 3614 * window between nl80211_init() and regulatory_init(), if that is 3615 * even possible. 3616 */ 3617 mutex_lock(&cfg80211_mutex); 3618 if (unlikely(!cfg80211_regdomain)) { 3619 mutex_unlock(&cfg80211_mutex); 3620 return -EINPROGRESS; 3621 } 3622 mutex_unlock(&cfg80211_mutex); 3623 3624 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 3625 return -EINVAL; 3626 3627 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 3628 3629 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]) 3630 user_reg_hint_type = 3631 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]); 3632 else 3633 user_reg_hint_type = NL80211_USER_REG_HINT_USER; 3634 3635 switch (user_reg_hint_type) { 3636 case NL80211_USER_REG_HINT_USER: 3637 case NL80211_USER_REG_HINT_CELL_BASE: 3638 break; 3639 default: 3640 return -EINVAL; 3641 } 3642 3643 r = regulatory_hint_user(data, user_reg_hint_type); 3644 3645 return r; 3646 } 3647 3648 static int nl80211_get_mesh_config(struct sk_buff *skb, 3649 struct genl_info *info) 3650 { 3651 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3652 struct net_device *dev = info->user_ptr[1]; 3653 struct wireless_dev *wdev = dev->ieee80211_ptr; 3654 struct mesh_config cur_params; 3655 int err = 0; 3656 void *hdr; 3657 struct nlattr *pinfoattr; 3658 struct sk_buff *msg; 3659 3660 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 3661 return -EOPNOTSUPP; 3662 3663 if (!rdev->ops->get_mesh_config) 3664 return -EOPNOTSUPP; 3665 3666 wdev_lock(wdev); 3667 /* If not connected, get default parameters */ 3668 if (!wdev->mesh_id_len) 3669 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 3670 else 3671 err = rdev->ops->get_mesh_config(&rdev->wiphy, dev, 3672 &cur_params); 3673 wdev_unlock(wdev); 3674 3675 if (err) 3676 return err; 3677 3678 /* Draw up a netlink message to send back */ 3679 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3680 if (!msg) 3681 return -ENOMEM; 3682 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 3683 NL80211_CMD_GET_MESH_CONFIG); 3684 if (!hdr) 3685 goto out; 3686 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); 3687 if (!pinfoattr) 3688 goto nla_put_failure; 3689 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3690 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 3691 cur_params.dot11MeshRetryTimeout) || 3692 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 3693 cur_params.dot11MeshConfirmTimeout) || 3694 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 3695 cur_params.dot11MeshHoldingTimeout) || 3696 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 3697 cur_params.dot11MeshMaxPeerLinks) || 3698 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES, 3699 cur_params.dot11MeshMaxRetries) || 3700 nla_put_u8(msg, NL80211_MESHCONF_TTL, 3701 cur_params.dot11MeshTTL) || 3702 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL, 3703 cur_params.element_ttl) || 3704 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 3705 cur_params.auto_open_plinks) || 3706 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 3707 cur_params.dot11MeshNbrOffsetMaxNeighbor) || 3708 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3709 cur_params.dot11MeshHWMPmaxPREQretries) || 3710 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 3711 cur_params.path_refresh_time) || 3712 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3713 cur_params.min_discovery_timeout) || 3714 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3715 cur_params.dot11MeshHWMPactivePathTimeout) || 3716 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3717 cur_params.dot11MeshHWMPpreqMinInterval) || 3718 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3719 cur_params.dot11MeshHWMPperrMinInterval) || 3720 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3721 cur_params.dot11MeshHWMPnetDiameterTraversalTime) || 3722 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 3723 cur_params.dot11MeshHWMPRootMode) || 3724 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3725 cur_params.dot11MeshHWMPRannInterval) || 3726 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3727 cur_params.dot11MeshGateAnnouncementProtocol) || 3728 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING, 3729 cur_params.dot11MeshForwarding) || 3730 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 3731 cur_params.rssi_threshold) || 3732 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE, 3733 cur_params.ht_opmode) || 3734 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 3735 cur_params.dot11MeshHWMPactivePathToRootTimeout) || 3736 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 3737 cur_params.dot11MeshHWMProotInterval) || 3738 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 3739 cur_params.dot11MeshHWMPconfirmationInterval)) 3740 goto nla_put_failure; 3741 nla_nest_end(msg, pinfoattr); 3742 genlmsg_end(msg, hdr); 3743 return genlmsg_reply(msg, info); 3744 3745 nla_put_failure: 3746 genlmsg_cancel(msg, hdr); 3747 out: 3748 nlmsg_free(msg); 3749 return -ENOBUFS; 3750 } 3751 3752 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 3753 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 3754 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 3755 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 3756 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 3757 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 3758 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 3759 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 }, 3760 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 3761 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 }, 3762 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 3763 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 3764 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 3765 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 3766 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 3767 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 }, 3768 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 3769 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 }, 3770 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 }, 3771 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 }, 3772 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 }, 3773 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 }, 3774 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 }, 3775 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 }, 3776 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 }, 3777 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 }, 3778 }; 3779 3780 static const struct nla_policy 3781 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 3782 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 }, 3783 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 3784 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 3785 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 3786 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY, 3787 .len = IEEE80211_MAX_DATA_LEN }, 3788 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 3789 }; 3790 3791 static int nl80211_parse_mesh_config(struct genl_info *info, 3792 struct mesh_config *cfg, 3793 u32 *mask_out) 3794 { 3795 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 3796 u32 mask = 0; 3797 3798 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \ 3799 do {\ 3800 if (table[attr_num]) {\ 3801 cfg->param = nla_fn(table[attr_num]); \ 3802 mask |= (1 << (attr_num - 1)); \ 3803 } \ 3804 } while (0);\ 3805 3806 3807 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 3808 return -EINVAL; 3809 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 3810 info->attrs[NL80211_ATTR_MESH_CONFIG], 3811 nl80211_meshconf_params_policy)) 3812 return -EINVAL; 3813 3814 /* This makes sure that there aren't more than 32 mesh config 3815 * parameters (otherwise our bitfield scheme would not work.) */ 3816 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 3817 3818 /* Fill in the params struct */ 3819 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 3820 mask, NL80211_MESHCONF_RETRY_TIMEOUT, 3821 nla_get_u16); 3822 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 3823 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, 3824 nla_get_u16); 3825 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 3826 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, 3827 nla_get_u16); 3828 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 3829 mask, NL80211_MESHCONF_MAX_PEER_LINKS, 3830 nla_get_u16); 3831 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 3832 mask, NL80211_MESHCONF_MAX_RETRIES, 3833 nla_get_u8); 3834 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 3835 mask, NL80211_MESHCONF_TTL, nla_get_u8); 3836 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 3837 mask, NL80211_MESHCONF_ELEMENT_TTL, 3838 nla_get_u8); 3839 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 3840 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 3841 nla_get_u8); 3842 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, mask, 3843 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 3844 nla_get_u32); 3845 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 3846 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3847 nla_get_u8); 3848 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 3849 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, 3850 nla_get_u32); 3851 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 3852 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3853 nla_get_u16); 3854 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, mask, 3855 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3856 nla_get_u32); 3857 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 3858 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3859 nla_get_u16); 3860 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, 3861 mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3862 nla_get_u16); 3863 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3864 dot11MeshHWMPnetDiameterTraversalTime, mask, 3865 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3866 nla_get_u16); 3867 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask, 3868 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8); 3869 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask, 3870 NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3871 nla_get_u16); 3872 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3873 dot11MeshGateAnnouncementProtocol, mask, 3874 NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3875 nla_get_u8); 3876 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 3877 mask, NL80211_MESHCONF_FORWARDING, 3878 nla_get_u8); 3879 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 3880 mask, NL80211_MESHCONF_RSSI_THRESHOLD, 3881 nla_get_u32); 3882 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 3883 mask, NL80211_MESHCONF_HT_OPMODE, 3884 nla_get_u16); 3885 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout, 3886 mask, 3887 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 3888 nla_get_u32); 3889 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 3890 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 3891 nla_get_u16); 3892 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3893 dot11MeshHWMPconfirmationInterval, mask, 3894 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 3895 nla_get_u16); 3896 if (mask_out) 3897 *mask_out = mask; 3898 3899 return 0; 3900 3901 #undef FILL_IN_MESH_PARAM_IF_SET 3902 } 3903 3904 static int nl80211_parse_mesh_setup(struct genl_info *info, 3905 struct mesh_setup *setup) 3906 { 3907 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 3908 3909 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 3910 return -EINVAL; 3911 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX, 3912 info->attrs[NL80211_ATTR_MESH_SETUP], 3913 nl80211_mesh_setup_params_policy)) 3914 return -EINVAL; 3915 3916 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC]) 3917 setup->sync_method = 3918 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ? 3919 IEEE80211_SYNC_METHOD_VENDOR : 3920 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET; 3921 3922 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 3923 setup->path_sel_proto = 3924 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 3925 IEEE80211_PATH_PROTOCOL_VENDOR : 3926 IEEE80211_PATH_PROTOCOL_HWMP; 3927 3928 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 3929 setup->path_metric = 3930 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 3931 IEEE80211_PATH_METRIC_VENDOR : 3932 IEEE80211_PATH_METRIC_AIRTIME; 3933 3934 3935 if (tb[NL80211_MESH_SETUP_IE]) { 3936 struct nlattr *ieattr = 3937 tb[NL80211_MESH_SETUP_IE]; 3938 if (!is_valid_ie_attr(ieattr)) 3939 return -EINVAL; 3940 setup->ie = nla_data(ieattr); 3941 setup->ie_len = nla_len(ieattr); 3942 } 3943 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 3944 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 3945 3946 return 0; 3947 } 3948 3949 static int nl80211_update_mesh_config(struct sk_buff *skb, 3950 struct genl_info *info) 3951 { 3952 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3953 struct net_device *dev = info->user_ptr[1]; 3954 struct wireless_dev *wdev = dev->ieee80211_ptr; 3955 struct mesh_config cfg; 3956 u32 mask; 3957 int err; 3958 3959 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 3960 return -EOPNOTSUPP; 3961 3962 if (!rdev->ops->update_mesh_config) 3963 return -EOPNOTSUPP; 3964 3965 err = nl80211_parse_mesh_config(info, &cfg, &mask); 3966 if (err) 3967 return err; 3968 3969 wdev_lock(wdev); 3970 if (!wdev->mesh_id_len) 3971 err = -ENOLINK; 3972 3973 if (!err) 3974 err = rdev->ops->update_mesh_config(&rdev->wiphy, dev, 3975 mask, &cfg); 3976 3977 wdev_unlock(wdev); 3978 3979 return err; 3980 } 3981 3982 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 3983 { 3984 struct sk_buff *msg; 3985 void *hdr = NULL; 3986 struct nlattr *nl_reg_rules; 3987 unsigned int i; 3988 int err = -EINVAL; 3989 3990 mutex_lock(&cfg80211_mutex); 3991 3992 if (!cfg80211_regdomain) 3993 goto out; 3994 3995 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3996 if (!msg) { 3997 err = -ENOBUFS; 3998 goto out; 3999 } 4000 4001 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 4002 NL80211_CMD_GET_REG); 4003 if (!hdr) 4004 goto put_failure; 4005 4006 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 4007 cfg80211_regdomain->alpha2) || 4008 (cfg80211_regdomain->dfs_region && 4009 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, 4010 cfg80211_regdomain->dfs_region))) 4011 goto nla_put_failure; 4012 4013 if (reg_last_request_cell_base() && 4014 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 4015 NL80211_USER_REG_HINT_CELL_BASE)) 4016 goto nla_put_failure; 4017 4018 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 4019 if (!nl_reg_rules) 4020 goto nla_put_failure; 4021 4022 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) { 4023 struct nlattr *nl_reg_rule; 4024 const struct ieee80211_reg_rule *reg_rule; 4025 const struct ieee80211_freq_range *freq_range; 4026 const struct ieee80211_power_rule *power_rule; 4027 4028 reg_rule = &cfg80211_regdomain->reg_rules[i]; 4029 freq_range = ®_rule->freq_range; 4030 power_rule = ®_rule->power_rule; 4031 4032 nl_reg_rule = nla_nest_start(msg, i); 4033 if (!nl_reg_rule) 4034 goto nla_put_failure; 4035 4036 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS, 4037 reg_rule->flags) || 4038 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START, 4039 freq_range->start_freq_khz) || 4040 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END, 4041 freq_range->end_freq_khz) || 4042 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 4043 freq_range->max_bandwidth_khz) || 4044 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 4045 power_rule->max_antenna_gain) || 4046 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 4047 power_rule->max_eirp)) 4048 goto nla_put_failure; 4049 4050 nla_nest_end(msg, nl_reg_rule); 4051 } 4052 4053 nla_nest_end(msg, nl_reg_rules); 4054 4055 genlmsg_end(msg, hdr); 4056 err = genlmsg_reply(msg, info); 4057 goto out; 4058 4059 nla_put_failure: 4060 genlmsg_cancel(msg, hdr); 4061 put_failure: 4062 nlmsg_free(msg); 4063 err = -EMSGSIZE; 4064 out: 4065 mutex_unlock(&cfg80211_mutex); 4066 return err; 4067 } 4068 4069 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 4070 { 4071 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 4072 struct nlattr *nl_reg_rule; 4073 char *alpha2 = NULL; 4074 int rem_reg_rules = 0, r = 0; 4075 u32 num_rules = 0, rule_idx = 0, size_of_regd; 4076 u8 dfs_region = 0; 4077 struct ieee80211_regdomain *rd = NULL; 4078 4079 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 4080 return -EINVAL; 4081 4082 if (!info->attrs[NL80211_ATTR_REG_RULES]) 4083 return -EINVAL; 4084 4085 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 4086 4087 if (info->attrs[NL80211_ATTR_DFS_REGION]) 4088 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 4089 4090 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 4091 rem_reg_rules) { 4092 num_rules++; 4093 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 4094 return -EINVAL; 4095 } 4096 4097 mutex_lock(&cfg80211_mutex); 4098 4099 if (!reg_is_valid_request(alpha2)) { 4100 r = -EINVAL; 4101 goto bad_reg; 4102 } 4103 4104 size_of_regd = sizeof(struct ieee80211_regdomain) + 4105 (num_rules * sizeof(struct ieee80211_reg_rule)); 4106 4107 rd = kzalloc(size_of_regd, GFP_KERNEL); 4108 if (!rd) { 4109 r = -ENOMEM; 4110 goto bad_reg; 4111 } 4112 4113 rd->n_reg_rules = num_rules; 4114 rd->alpha2[0] = alpha2[0]; 4115 rd->alpha2[1] = alpha2[1]; 4116 4117 /* 4118 * Disable DFS master mode if the DFS region was 4119 * not supported or known on this kernel. 4120 */ 4121 if (reg_supported_dfs_region(dfs_region)) 4122 rd->dfs_region = dfs_region; 4123 4124 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 4125 rem_reg_rules) { 4126 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 4127 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 4128 reg_rule_policy); 4129 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 4130 if (r) 4131 goto bad_reg; 4132 4133 rule_idx++; 4134 4135 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 4136 r = -EINVAL; 4137 goto bad_reg; 4138 } 4139 } 4140 4141 BUG_ON(rule_idx != num_rules); 4142 4143 r = set_regdom(rd); 4144 4145 mutex_unlock(&cfg80211_mutex); 4146 4147 return r; 4148 4149 bad_reg: 4150 mutex_unlock(&cfg80211_mutex); 4151 kfree(rd); 4152 return r; 4153 } 4154 4155 static int validate_scan_freqs(struct nlattr *freqs) 4156 { 4157 struct nlattr *attr1, *attr2; 4158 int n_channels = 0, tmp1, tmp2; 4159 4160 nla_for_each_nested(attr1, freqs, tmp1) { 4161 n_channels++; 4162 /* 4163 * Some hardware has a limited channel list for 4164 * scanning, and it is pretty much nonsensical 4165 * to scan for a channel twice, so disallow that 4166 * and don't require drivers to check that the 4167 * channel list they get isn't longer than what 4168 * they can scan, as long as they can scan all 4169 * the channels they registered at once. 4170 */ 4171 nla_for_each_nested(attr2, freqs, tmp2) 4172 if (attr1 != attr2 && 4173 nla_get_u32(attr1) == nla_get_u32(attr2)) 4174 return 0; 4175 } 4176 4177 return n_channels; 4178 } 4179 4180 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 4181 { 4182 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4183 struct wireless_dev *wdev = info->user_ptr[1]; 4184 struct cfg80211_scan_request *request; 4185 struct nlattr *attr; 4186 struct wiphy *wiphy; 4187 int err, tmp, n_ssids = 0, n_channels, i; 4188 size_t ie_len; 4189 4190 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4191 return -EINVAL; 4192 4193 wiphy = &rdev->wiphy; 4194 4195 if (!rdev->ops->scan) 4196 return -EOPNOTSUPP; 4197 4198 if (rdev->scan_req) 4199 return -EBUSY; 4200 4201 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4202 n_channels = validate_scan_freqs( 4203 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 4204 if (!n_channels) 4205 return -EINVAL; 4206 } else { 4207 enum ieee80211_band band; 4208 n_channels = 0; 4209 4210 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 4211 if (wiphy->bands[band]) 4212 n_channels += wiphy->bands[band]->n_channels; 4213 } 4214 4215 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 4216 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 4217 n_ssids++; 4218 4219 if (n_ssids > wiphy->max_scan_ssids) 4220 return -EINVAL; 4221 4222 if (info->attrs[NL80211_ATTR_IE]) 4223 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4224 else 4225 ie_len = 0; 4226 4227 if (ie_len > wiphy->max_scan_ie_len) 4228 return -EINVAL; 4229 4230 request = kzalloc(sizeof(*request) 4231 + sizeof(*request->ssids) * n_ssids 4232 + sizeof(*request->channels) * n_channels 4233 + ie_len, GFP_KERNEL); 4234 if (!request) 4235 return -ENOMEM; 4236 4237 if (n_ssids) 4238 request->ssids = (void *)&request->channels[n_channels]; 4239 request->n_ssids = n_ssids; 4240 if (ie_len) { 4241 if (request->ssids) 4242 request->ie = (void *)(request->ssids + n_ssids); 4243 else 4244 request->ie = (void *)(request->channels + n_channels); 4245 } 4246 4247 i = 0; 4248 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4249 /* user specified, bail out if channel not found */ 4250 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 4251 struct ieee80211_channel *chan; 4252 4253 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4254 4255 if (!chan) { 4256 err = -EINVAL; 4257 goto out_free; 4258 } 4259 4260 /* ignore disabled channels */ 4261 if (chan->flags & IEEE80211_CHAN_DISABLED) 4262 continue; 4263 4264 request->channels[i] = chan; 4265 i++; 4266 } 4267 } else { 4268 enum ieee80211_band band; 4269 4270 /* all channels */ 4271 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4272 int j; 4273 if (!wiphy->bands[band]) 4274 continue; 4275 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 4276 struct ieee80211_channel *chan; 4277 4278 chan = &wiphy->bands[band]->channels[j]; 4279 4280 if (chan->flags & IEEE80211_CHAN_DISABLED) 4281 continue; 4282 4283 request->channels[i] = chan; 4284 i++; 4285 } 4286 } 4287 } 4288 4289 if (!i) { 4290 err = -EINVAL; 4291 goto out_free; 4292 } 4293 4294 request->n_channels = i; 4295 4296 i = 0; 4297 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 4298 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 4299 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 4300 err = -EINVAL; 4301 goto out_free; 4302 } 4303 request->ssids[i].ssid_len = nla_len(attr); 4304 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 4305 i++; 4306 } 4307 } 4308 4309 if (info->attrs[NL80211_ATTR_IE]) { 4310 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4311 memcpy((void *)request->ie, 4312 nla_data(info->attrs[NL80211_ATTR_IE]), 4313 request->ie_len); 4314 } 4315 4316 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 4317 if (wiphy->bands[i]) 4318 request->rates[i] = 4319 (1 << wiphy->bands[i]->n_bitrates) - 1; 4320 4321 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 4322 nla_for_each_nested(attr, 4323 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 4324 tmp) { 4325 enum ieee80211_band band = nla_type(attr); 4326 4327 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 4328 err = -EINVAL; 4329 goto out_free; 4330 } 4331 err = ieee80211_get_ratemask(wiphy->bands[band], 4332 nla_data(attr), 4333 nla_len(attr), 4334 &request->rates[band]); 4335 if (err) 4336 goto out_free; 4337 } 4338 } 4339 4340 request->no_cck = 4341 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 4342 4343 request->wdev = wdev; 4344 request->wiphy = &rdev->wiphy; 4345 4346 rdev->scan_req = request; 4347 err = rdev->ops->scan(&rdev->wiphy, request); 4348 4349 if (!err) { 4350 nl80211_send_scan_start(rdev, wdev); 4351 if (wdev->netdev) 4352 dev_hold(wdev->netdev); 4353 } else { 4354 out_free: 4355 rdev->scan_req = NULL; 4356 kfree(request); 4357 } 4358 4359 return err; 4360 } 4361 4362 static int nl80211_start_sched_scan(struct sk_buff *skb, 4363 struct genl_info *info) 4364 { 4365 struct cfg80211_sched_scan_request *request; 4366 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4367 struct net_device *dev = info->user_ptr[1]; 4368 struct nlattr *attr; 4369 struct wiphy *wiphy; 4370 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i; 4371 u32 interval; 4372 enum ieee80211_band band; 4373 size_t ie_len; 4374 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 4375 4376 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4377 !rdev->ops->sched_scan_start) 4378 return -EOPNOTSUPP; 4379 4380 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4381 return -EINVAL; 4382 4383 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 4384 return -EINVAL; 4385 4386 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 4387 if (interval == 0) 4388 return -EINVAL; 4389 4390 wiphy = &rdev->wiphy; 4391 4392 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4393 n_channels = validate_scan_freqs( 4394 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 4395 if (!n_channels) 4396 return -EINVAL; 4397 } else { 4398 n_channels = 0; 4399 4400 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 4401 if (wiphy->bands[band]) 4402 n_channels += wiphy->bands[band]->n_channels; 4403 } 4404 4405 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 4406 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4407 tmp) 4408 n_ssids++; 4409 4410 if (n_ssids > wiphy->max_sched_scan_ssids) 4411 return -EINVAL; 4412 4413 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) 4414 nla_for_each_nested(attr, 4415 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4416 tmp) 4417 n_match_sets++; 4418 4419 if (n_match_sets > wiphy->max_match_sets) 4420 return -EINVAL; 4421 4422 if (info->attrs[NL80211_ATTR_IE]) 4423 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4424 else 4425 ie_len = 0; 4426 4427 if (ie_len > wiphy->max_sched_scan_ie_len) 4428 return -EINVAL; 4429 4430 mutex_lock(&rdev->sched_scan_mtx); 4431 4432 if (rdev->sched_scan_req) { 4433 err = -EINPROGRESS; 4434 goto out; 4435 } 4436 4437 request = kzalloc(sizeof(*request) 4438 + sizeof(*request->ssids) * n_ssids 4439 + sizeof(*request->match_sets) * n_match_sets 4440 + sizeof(*request->channels) * n_channels 4441 + ie_len, GFP_KERNEL); 4442 if (!request) { 4443 err = -ENOMEM; 4444 goto out; 4445 } 4446 4447 if (n_ssids) 4448 request->ssids = (void *)&request->channels[n_channels]; 4449 request->n_ssids = n_ssids; 4450 if (ie_len) { 4451 if (request->ssids) 4452 request->ie = (void *)(request->ssids + n_ssids); 4453 else 4454 request->ie = (void *)(request->channels + n_channels); 4455 } 4456 4457 if (n_match_sets) { 4458 if (request->ie) 4459 request->match_sets = (void *)(request->ie + ie_len); 4460 else if (request->ssids) 4461 request->match_sets = 4462 (void *)(request->ssids + n_ssids); 4463 else 4464 request->match_sets = 4465 (void *)(request->channels + n_channels); 4466 } 4467 request->n_match_sets = n_match_sets; 4468 4469 i = 0; 4470 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4471 /* user specified, bail out if channel not found */ 4472 nla_for_each_nested(attr, 4473 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], 4474 tmp) { 4475 struct ieee80211_channel *chan; 4476 4477 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4478 4479 if (!chan) { 4480 err = -EINVAL; 4481 goto out_free; 4482 } 4483 4484 /* ignore disabled channels */ 4485 if (chan->flags & IEEE80211_CHAN_DISABLED) 4486 continue; 4487 4488 request->channels[i] = chan; 4489 i++; 4490 } 4491 } else { 4492 /* all channels */ 4493 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4494 int j; 4495 if (!wiphy->bands[band]) 4496 continue; 4497 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 4498 struct ieee80211_channel *chan; 4499 4500 chan = &wiphy->bands[band]->channels[j]; 4501 4502 if (chan->flags & IEEE80211_CHAN_DISABLED) 4503 continue; 4504 4505 request->channels[i] = chan; 4506 i++; 4507 } 4508 } 4509 } 4510 4511 if (!i) { 4512 err = -EINVAL; 4513 goto out_free; 4514 } 4515 4516 request->n_channels = i; 4517 4518 i = 0; 4519 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 4520 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4521 tmp) { 4522 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 4523 err = -EINVAL; 4524 goto out_free; 4525 } 4526 request->ssids[i].ssid_len = nla_len(attr); 4527 memcpy(request->ssids[i].ssid, nla_data(attr), 4528 nla_len(attr)); 4529 i++; 4530 } 4531 } 4532 4533 i = 0; 4534 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 4535 nla_for_each_nested(attr, 4536 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4537 tmp) { 4538 struct nlattr *ssid, *rssi; 4539 4540 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 4541 nla_data(attr), nla_len(attr), 4542 nl80211_match_policy); 4543 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]; 4544 if (ssid) { 4545 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { 4546 err = -EINVAL; 4547 goto out_free; 4548 } 4549 memcpy(request->match_sets[i].ssid.ssid, 4550 nla_data(ssid), nla_len(ssid)); 4551 request->match_sets[i].ssid.ssid_len = 4552 nla_len(ssid); 4553 } 4554 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 4555 if (rssi) 4556 request->rssi_thold = nla_get_u32(rssi); 4557 else 4558 request->rssi_thold = 4559 NL80211_SCAN_RSSI_THOLD_OFF; 4560 i++; 4561 } 4562 } 4563 4564 if (info->attrs[NL80211_ATTR_IE]) { 4565 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4566 memcpy((void *)request->ie, 4567 nla_data(info->attrs[NL80211_ATTR_IE]), 4568 request->ie_len); 4569 } 4570 4571 request->dev = dev; 4572 request->wiphy = &rdev->wiphy; 4573 request->interval = interval; 4574 4575 err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request); 4576 if (!err) { 4577 rdev->sched_scan_req = request; 4578 nl80211_send_sched_scan(rdev, dev, 4579 NL80211_CMD_START_SCHED_SCAN); 4580 goto out; 4581 } 4582 4583 out_free: 4584 kfree(request); 4585 out: 4586 mutex_unlock(&rdev->sched_scan_mtx); 4587 return err; 4588 } 4589 4590 static int nl80211_stop_sched_scan(struct sk_buff *skb, 4591 struct genl_info *info) 4592 { 4593 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4594 int err; 4595 4596 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4597 !rdev->ops->sched_scan_stop) 4598 return -EOPNOTSUPP; 4599 4600 mutex_lock(&rdev->sched_scan_mtx); 4601 err = __cfg80211_stop_sched_scan(rdev, false); 4602 mutex_unlock(&rdev->sched_scan_mtx); 4603 4604 return err; 4605 } 4606 4607 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 4608 u32 seq, int flags, 4609 struct cfg80211_registered_device *rdev, 4610 struct wireless_dev *wdev, 4611 struct cfg80211_internal_bss *intbss) 4612 { 4613 struct cfg80211_bss *res = &intbss->pub; 4614 void *hdr; 4615 struct nlattr *bss; 4616 4617 ASSERT_WDEV_LOCK(wdev); 4618 4619 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 4620 NL80211_CMD_NEW_SCAN_RESULTS); 4621 if (!hdr) 4622 return -1; 4623 4624 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 4625 4626 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) || 4627 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 4628 goto nla_put_failure; 4629 4630 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 4631 if (!bss) 4632 goto nla_put_failure; 4633 if ((!is_zero_ether_addr(res->bssid) && 4634 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)) || 4635 (res->information_elements && res->len_information_elements && 4636 nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS, 4637 res->len_information_elements, 4638 res->information_elements)) || 4639 (res->beacon_ies && res->len_beacon_ies && 4640 res->beacon_ies != res->information_elements && 4641 nla_put(msg, NL80211_BSS_BEACON_IES, 4642 res->len_beacon_ies, res->beacon_ies))) 4643 goto nla_put_failure; 4644 if (res->tsf && 4645 nla_put_u64(msg, NL80211_BSS_TSF, res->tsf)) 4646 goto nla_put_failure; 4647 if (res->beacon_interval && 4648 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval)) 4649 goto nla_put_failure; 4650 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) || 4651 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) || 4652 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO, 4653 jiffies_to_msecs(jiffies - intbss->ts))) 4654 goto nla_put_failure; 4655 4656 switch (rdev->wiphy.signal_type) { 4657 case CFG80211_SIGNAL_TYPE_MBM: 4658 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal)) 4659 goto nla_put_failure; 4660 break; 4661 case CFG80211_SIGNAL_TYPE_UNSPEC: 4662 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal)) 4663 goto nla_put_failure; 4664 break; 4665 default: 4666 break; 4667 } 4668 4669 switch (wdev->iftype) { 4670 case NL80211_IFTYPE_P2P_CLIENT: 4671 case NL80211_IFTYPE_STATION: 4672 if (intbss == wdev->current_bss && 4673 nla_put_u32(msg, NL80211_BSS_STATUS, 4674 NL80211_BSS_STATUS_ASSOCIATED)) 4675 goto nla_put_failure; 4676 break; 4677 case NL80211_IFTYPE_ADHOC: 4678 if (intbss == wdev->current_bss && 4679 nla_put_u32(msg, NL80211_BSS_STATUS, 4680 NL80211_BSS_STATUS_IBSS_JOINED)) 4681 goto nla_put_failure; 4682 break; 4683 default: 4684 break; 4685 } 4686 4687 nla_nest_end(msg, bss); 4688 4689 return genlmsg_end(msg, hdr); 4690 4691 nla_put_failure: 4692 genlmsg_cancel(msg, hdr); 4693 return -EMSGSIZE; 4694 } 4695 4696 static int nl80211_dump_scan(struct sk_buff *skb, 4697 struct netlink_callback *cb) 4698 { 4699 struct cfg80211_registered_device *rdev; 4700 struct net_device *dev; 4701 struct cfg80211_internal_bss *scan; 4702 struct wireless_dev *wdev; 4703 int start = cb->args[1], idx = 0; 4704 int err; 4705 4706 err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev); 4707 if (err) 4708 return err; 4709 4710 wdev = dev->ieee80211_ptr; 4711 4712 wdev_lock(wdev); 4713 spin_lock_bh(&rdev->bss_lock); 4714 cfg80211_bss_expire(rdev); 4715 4716 cb->seq = rdev->bss_generation; 4717 4718 list_for_each_entry(scan, &rdev->bss_list, list) { 4719 if (++idx <= start) 4720 continue; 4721 if (nl80211_send_bss(skb, cb, 4722 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4723 rdev, wdev, scan) < 0) { 4724 idx--; 4725 break; 4726 } 4727 } 4728 4729 spin_unlock_bh(&rdev->bss_lock); 4730 wdev_unlock(wdev); 4731 4732 cb->args[1] = idx; 4733 nl80211_finish_netdev_dump(rdev); 4734 4735 return skb->len; 4736 } 4737 4738 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq, 4739 int flags, struct net_device *dev, 4740 struct survey_info *survey) 4741 { 4742 void *hdr; 4743 struct nlattr *infoattr; 4744 4745 hdr = nl80211hdr_put(msg, portid, seq, flags, 4746 NL80211_CMD_NEW_SURVEY_RESULTS); 4747 if (!hdr) 4748 return -ENOMEM; 4749 4750 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 4751 goto nla_put_failure; 4752 4753 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 4754 if (!infoattr) 4755 goto nla_put_failure; 4756 4757 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY, 4758 survey->channel->center_freq)) 4759 goto nla_put_failure; 4760 4761 if ((survey->filled & SURVEY_INFO_NOISE_DBM) && 4762 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise)) 4763 goto nla_put_failure; 4764 if ((survey->filled & SURVEY_INFO_IN_USE) && 4765 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE)) 4766 goto nla_put_failure; 4767 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) && 4768 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME, 4769 survey->channel_time)) 4770 goto nla_put_failure; 4771 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) && 4772 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY, 4773 survey->channel_time_busy)) 4774 goto nla_put_failure; 4775 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) && 4776 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY, 4777 survey->channel_time_ext_busy)) 4778 goto nla_put_failure; 4779 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) && 4780 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX, 4781 survey->channel_time_rx)) 4782 goto nla_put_failure; 4783 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) && 4784 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX, 4785 survey->channel_time_tx)) 4786 goto nla_put_failure; 4787 4788 nla_nest_end(msg, infoattr); 4789 4790 return genlmsg_end(msg, hdr); 4791 4792 nla_put_failure: 4793 genlmsg_cancel(msg, hdr); 4794 return -EMSGSIZE; 4795 } 4796 4797 static int nl80211_dump_survey(struct sk_buff *skb, 4798 struct netlink_callback *cb) 4799 { 4800 struct survey_info survey; 4801 struct cfg80211_registered_device *dev; 4802 struct net_device *netdev; 4803 int survey_idx = cb->args[1]; 4804 int res; 4805 4806 res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 4807 if (res) 4808 return res; 4809 4810 if (!dev->ops->dump_survey) { 4811 res = -EOPNOTSUPP; 4812 goto out_err; 4813 } 4814 4815 while (1) { 4816 struct ieee80211_channel *chan; 4817 4818 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx, 4819 &survey); 4820 if (res == -ENOENT) 4821 break; 4822 if (res) 4823 goto out_err; 4824 4825 /* Survey without a channel doesn't make sense */ 4826 if (!survey.channel) { 4827 res = -EINVAL; 4828 goto out; 4829 } 4830 4831 chan = ieee80211_get_channel(&dev->wiphy, 4832 survey.channel->center_freq); 4833 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) { 4834 survey_idx++; 4835 continue; 4836 } 4837 4838 if (nl80211_send_survey(skb, 4839 NETLINK_CB(cb->skb).portid, 4840 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4841 netdev, 4842 &survey) < 0) 4843 goto out; 4844 survey_idx++; 4845 } 4846 4847 out: 4848 cb->args[1] = survey_idx; 4849 res = skb->len; 4850 out_err: 4851 nl80211_finish_netdev_dump(dev); 4852 return res; 4853 } 4854 4855 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type) 4856 { 4857 return auth_type <= NL80211_AUTHTYPE_MAX; 4858 } 4859 4860 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 4861 { 4862 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 4863 NL80211_WPA_VERSION_2)); 4864 } 4865 4866 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 4867 { 4868 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4869 struct net_device *dev = info->user_ptr[1]; 4870 struct ieee80211_channel *chan; 4871 const u8 *bssid, *ssid, *ie = NULL; 4872 int err, ssid_len, ie_len = 0; 4873 enum nl80211_auth_type auth_type; 4874 struct key_parse key; 4875 bool local_state_change; 4876 4877 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4878 return -EINVAL; 4879 4880 if (!info->attrs[NL80211_ATTR_MAC]) 4881 return -EINVAL; 4882 4883 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 4884 return -EINVAL; 4885 4886 if (!info->attrs[NL80211_ATTR_SSID]) 4887 return -EINVAL; 4888 4889 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4890 return -EINVAL; 4891 4892 err = nl80211_parse_key(info, &key); 4893 if (err) 4894 return err; 4895 4896 if (key.idx >= 0) { 4897 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 4898 return -EINVAL; 4899 if (!key.p.key || !key.p.key_len) 4900 return -EINVAL; 4901 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 4902 key.p.key_len != WLAN_KEY_LEN_WEP40) && 4903 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 4904 key.p.key_len != WLAN_KEY_LEN_WEP104)) 4905 return -EINVAL; 4906 if (key.idx > 4) 4907 return -EINVAL; 4908 } else { 4909 key.p.key_len = 0; 4910 key.p.key = NULL; 4911 } 4912 4913 if (key.idx >= 0) { 4914 int i; 4915 bool ok = false; 4916 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 4917 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 4918 ok = true; 4919 break; 4920 } 4921 } 4922 if (!ok) 4923 return -EINVAL; 4924 } 4925 4926 if (!rdev->ops->auth) 4927 return -EOPNOTSUPP; 4928 4929 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4930 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4931 return -EOPNOTSUPP; 4932 4933 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4934 chan = ieee80211_get_channel(&rdev->wiphy, 4935 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4936 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 4937 return -EINVAL; 4938 4939 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4940 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4941 4942 if (info->attrs[NL80211_ATTR_IE]) { 4943 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4944 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4945 } 4946 4947 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 4948 if (!nl80211_valid_auth_type(auth_type)) 4949 return -EINVAL; 4950 4951 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4952 4953 /* 4954 * Since we no longer track auth state, ignore 4955 * requests to only change local state. 4956 */ 4957 if (local_state_change) 4958 return 0; 4959 4960 return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 4961 ssid, ssid_len, ie, ie_len, 4962 key.p.key, key.p.key_len, key.idx); 4963 } 4964 4965 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 4966 struct genl_info *info, 4967 struct cfg80211_crypto_settings *settings, 4968 int cipher_limit) 4969 { 4970 memset(settings, 0, sizeof(*settings)); 4971 4972 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 4973 4974 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 4975 u16 proto; 4976 proto = nla_get_u16( 4977 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 4978 settings->control_port_ethertype = cpu_to_be16(proto); 4979 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 4980 proto != ETH_P_PAE) 4981 return -EINVAL; 4982 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 4983 settings->control_port_no_encrypt = true; 4984 } else 4985 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 4986 4987 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 4988 void *data; 4989 int len, i; 4990 4991 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 4992 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 4993 settings->n_ciphers_pairwise = len / sizeof(u32); 4994 4995 if (len % sizeof(u32)) 4996 return -EINVAL; 4997 4998 if (settings->n_ciphers_pairwise > cipher_limit) 4999 return -EINVAL; 5000 5001 memcpy(settings->ciphers_pairwise, data, len); 5002 5003 for (i = 0; i < settings->n_ciphers_pairwise; i++) 5004 if (!cfg80211_supported_cipher_suite( 5005 &rdev->wiphy, 5006 settings->ciphers_pairwise[i])) 5007 return -EINVAL; 5008 } 5009 5010 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 5011 settings->cipher_group = 5012 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 5013 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 5014 settings->cipher_group)) 5015 return -EINVAL; 5016 } 5017 5018 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 5019 settings->wpa_versions = 5020 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 5021 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 5022 return -EINVAL; 5023 } 5024 5025 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 5026 void *data; 5027 int len; 5028 5029 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 5030 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 5031 settings->n_akm_suites = len / sizeof(u32); 5032 5033 if (len % sizeof(u32)) 5034 return -EINVAL; 5035 5036 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) 5037 return -EINVAL; 5038 5039 memcpy(settings->akm_suites, data, len); 5040 } 5041 5042 return 0; 5043 } 5044 5045 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 5046 { 5047 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5048 struct net_device *dev = info->user_ptr[1]; 5049 struct cfg80211_crypto_settings crypto; 5050 struct ieee80211_channel *chan; 5051 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 5052 int err, ssid_len, ie_len = 0; 5053 bool use_mfp = false; 5054 u32 flags = 0; 5055 struct ieee80211_ht_cap *ht_capa = NULL; 5056 struct ieee80211_ht_cap *ht_capa_mask = NULL; 5057 5058 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5059 return -EINVAL; 5060 5061 if (!info->attrs[NL80211_ATTR_MAC] || 5062 !info->attrs[NL80211_ATTR_SSID] || 5063 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5064 return -EINVAL; 5065 5066 if (!rdev->ops->assoc) 5067 return -EOPNOTSUPP; 5068 5069 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5070 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5071 return -EOPNOTSUPP; 5072 5073 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5074 5075 chan = ieee80211_get_channel(&rdev->wiphy, 5076 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5077 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 5078 return -EINVAL; 5079 5080 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5081 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5082 5083 if (info->attrs[NL80211_ATTR_IE]) { 5084 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5085 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5086 } 5087 5088 if (info->attrs[NL80211_ATTR_USE_MFP]) { 5089 enum nl80211_mfp mfp = 5090 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 5091 if (mfp == NL80211_MFP_REQUIRED) 5092 use_mfp = true; 5093 else if (mfp != NL80211_MFP_NO) 5094 return -EINVAL; 5095 } 5096 5097 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 5098 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 5099 5100 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 5101 flags |= ASSOC_REQ_DISABLE_HT; 5102 5103 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5104 ht_capa_mask = 5105 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]); 5106 5107 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 5108 if (!ht_capa_mask) 5109 return -EINVAL; 5110 ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 5111 } 5112 5113 err = nl80211_crypto_settings(rdev, info, &crypto, 1); 5114 if (!err) 5115 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 5116 ssid, ssid_len, ie, ie_len, use_mfp, 5117 &crypto, flags, ht_capa, 5118 ht_capa_mask); 5119 5120 return err; 5121 } 5122 5123 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 5124 { 5125 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5126 struct net_device *dev = info->user_ptr[1]; 5127 const u8 *ie = NULL, *bssid; 5128 int ie_len = 0; 5129 u16 reason_code; 5130 bool local_state_change; 5131 5132 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5133 return -EINVAL; 5134 5135 if (!info->attrs[NL80211_ATTR_MAC]) 5136 return -EINVAL; 5137 5138 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5139 return -EINVAL; 5140 5141 if (!rdev->ops->deauth) 5142 return -EOPNOTSUPP; 5143 5144 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5145 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5146 return -EOPNOTSUPP; 5147 5148 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5149 5150 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5151 if (reason_code == 0) { 5152 /* Reason Code 0 is reserved */ 5153 return -EINVAL; 5154 } 5155 5156 if (info->attrs[NL80211_ATTR_IE]) { 5157 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5158 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5159 } 5160 5161 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5162 5163 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 5164 local_state_change); 5165 } 5166 5167 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 5168 { 5169 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5170 struct net_device *dev = info->user_ptr[1]; 5171 const u8 *ie = NULL, *bssid; 5172 int ie_len = 0; 5173 u16 reason_code; 5174 bool local_state_change; 5175 5176 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5177 return -EINVAL; 5178 5179 if (!info->attrs[NL80211_ATTR_MAC]) 5180 return -EINVAL; 5181 5182 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5183 return -EINVAL; 5184 5185 if (!rdev->ops->disassoc) 5186 return -EOPNOTSUPP; 5187 5188 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5189 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5190 return -EOPNOTSUPP; 5191 5192 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5193 5194 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5195 if (reason_code == 0) { 5196 /* Reason Code 0 is reserved */ 5197 return -EINVAL; 5198 } 5199 5200 if (info->attrs[NL80211_ATTR_IE]) { 5201 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5202 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5203 } 5204 5205 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5206 5207 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 5208 local_state_change); 5209 } 5210 5211 static bool 5212 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 5213 int mcast_rate[IEEE80211_NUM_BANDS], 5214 int rateval) 5215 { 5216 struct wiphy *wiphy = &rdev->wiphy; 5217 bool found = false; 5218 int band, i; 5219 5220 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 5221 struct ieee80211_supported_band *sband; 5222 5223 sband = wiphy->bands[band]; 5224 if (!sband) 5225 continue; 5226 5227 for (i = 0; i < sband->n_bitrates; i++) { 5228 if (sband->bitrates[i].bitrate == rateval) { 5229 mcast_rate[band] = i + 1; 5230 found = true; 5231 break; 5232 } 5233 } 5234 } 5235 5236 return found; 5237 } 5238 5239 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 5240 { 5241 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5242 struct net_device *dev = info->user_ptr[1]; 5243 struct cfg80211_ibss_params ibss; 5244 struct wiphy *wiphy; 5245 struct cfg80211_cached_keys *connkeys = NULL; 5246 int err; 5247 5248 memset(&ibss, 0, sizeof(ibss)); 5249 5250 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5251 return -EINVAL; 5252 5253 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 5254 !info->attrs[NL80211_ATTR_SSID] || 5255 !nla_len(info->attrs[NL80211_ATTR_SSID])) 5256 return -EINVAL; 5257 5258 ibss.beacon_interval = 100; 5259 5260 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 5261 ibss.beacon_interval = 5262 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 5263 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 5264 return -EINVAL; 5265 } 5266 5267 if (!rdev->ops->join_ibss) 5268 return -EOPNOTSUPP; 5269 5270 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 5271 return -EOPNOTSUPP; 5272 5273 wiphy = &rdev->wiphy; 5274 5275 if (info->attrs[NL80211_ATTR_MAC]) { 5276 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5277 5278 if (!is_valid_ether_addr(ibss.bssid)) 5279 return -EINVAL; 5280 } 5281 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5282 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5283 5284 if (info->attrs[NL80211_ATTR_IE]) { 5285 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5286 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5287 } 5288 5289 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 5290 enum nl80211_channel_type channel_type; 5291 5292 if (!nl80211_valid_channel_type(info, &channel_type)) 5293 return -EINVAL; 5294 5295 if (channel_type != NL80211_CHAN_NO_HT && 5296 !(wiphy->features & NL80211_FEATURE_HT_IBSS)) 5297 return -EINVAL; 5298 5299 ibss.channel_type = channel_type; 5300 } else { 5301 ibss.channel_type = NL80211_CHAN_NO_HT; 5302 } 5303 5304 ibss.channel = rdev_freq_to_chan(rdev, 5305 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]), 5306 ibss.channel_type); 5307 if (!ibss.channel || 5308 ibss.channel->flags & IEEE80211_CHAN_NO_IBSS || 5309 ibss.channel->flags & IEEE80211_CHAN_DISABLED) 5310 return -EINVAL; 5311 5312 /* Both channels should be able to initiate communication */ 5313 if ((ibss.channel_type == NL80211_CHAN_HT40PLUS || 5314 ibss.channel_type == NL80211_CHAN_HT40MINUS) && 5315 !cfg80211_can_beacon_sec_chan(&rdev->wiphy, ibss.channel, 5316 ibss.channel_type)) 5317 return -EINVAL; 5318 5319 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 5320 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 5321 5322 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 5323 u8 *rates = 5324 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5325 int n_rates = 5326 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5327 struct ieee80211_supported_band *sband = 5328 wiphy->bands[ibss.channel->band]; 5329 5330 err = ieee80211_get_ratemask(sband, rates, n_rates, 5331 &ibss.basic_rates); 5332 if (err) 5333 return err; 5334 } 5335 5336 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 5337 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 5338 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 5339 return -EINVAL; 5340 5341 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 5342 connkeys = nl80211_parse_connkeys(rdev, 5343 info->attrs[NL80211_ATTR_KEYS]); 5344 if (IS_ERR(connkeys)) 5345 return PTR_ERR(connkeys); 5346 } 5347 5348 ibss.control_port = 5349 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 5350 5351 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 5352 if (err) 5353 kfree(connkeys); 5354 return err; 5355 } 5356 5357 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 5358 { 5359 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5360 struct net_device *dev = info->user_ptr[1]; 5361 5362 if (!rdev->ops->leave_ibss) 5363 return -EOPNOTSUPP; 5364 5365 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 5366 return -EOPNOTSUPP; 5367 5368 return cfg80211_leave_ibss(rdev, dev, false); 5369 } 5370 5371 #ifdef CONFIG_NL80211_TESTMODE 5372 static struct genl_multicast_group nl80211_testmode_mcgrp = { 5373 .name = "testmode", 5374 }; 5375 5376 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 5377 { 5378 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5379 int err; 5380 5381 if (!info->attrs[NL80211_ATTR_TESTDATA]) 5382 return -EINVAL; 5383 5384 err = -EOPNOTSUPP; 5385 if (rdev->ops->testmode_cmd) { 5386 rdev->testmode_info = info; 5387 err = rdev->ops->testmode_cmd(&rdev->wiphy, 5388 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 5389 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 5390 rdev->testmode_info = NULL; 5391 } 5392 5393 return err; 5394 } 5395 5396 static int nl80211_testmode_dump(struct sk_buff *skb, 5397 struct netlink_callback *cb) 5398 { 5399 struct cfg80211_registered_device *rdev; 5400 int err; 5401 long phy_idx; 5402 void *data = NULL; 5403 int data_len = 0; 5404 5405 if (cb->args[0]) { 5406 /* 5407 * 0 is a valid index, but not valid for args[0], 5408 * so we need to offset by 1. 5409 */ 5410 phy_idx = cb->args[0] - 1; 5411 } else { 5412 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 5413 nl80211_fam.attrbuf, nl80211_fam.maxattr, 5414 nl80211_policy); 5415 if (err) 5416 return err; 5417 5418 mutex_lock(&cfg80211_mutex); 5419 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), 5420 nl80211_fam.attrbuf); 5421 if (IS_ERR(rdev)) { 5422 mutex_unlock(&cfg80211_mutex); 5423 return PTR_ERR(rdev); 5424 } 5425 phy_idx = rdev->wiphy_idx; 5426 rdev = NULL; 5427 mutex_unlock(&cfg80211_mutex); 5428 5429 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]) 5430 cb->args[1] = 5431 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]; 5432 } 5433 5434 if (cb->args[1]) { 5435 data = nla_data((void *)cb->args[1]); 5436 data_len = nla_len((void *)cb->args[1]); 5437 } 5438 5439 mutex_lock(&cfg80211_mutex); 5440 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 5441 if (!rdev) { 5442 mutex_unlock(&cfg80211_mutex); 5443 return -ENOENT; 5444 } 5445 cfg80211_lock_rdev(rdev); 5446 mutex_unlock(&cfg80211_mutex); 5447 5448 if (!rdev->ops->testmode_dump) { 5449 err = -EOPNOTSUPP; 5450 goto out_err; 5451 } 5452 5453 while (1) { 5454 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 5455 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5456 NL80211_CMD_TESTMODE); 5457 struct nlattr *tmdata; 5458 5459 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 5460 genlmsg_cancel(skb, hdr); 5461 break; 5462 } 5463 5464 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 5465 if (!tmdata) { 5466 genlmsg_cancel(skb, hdr); 5467 break; 5468 } 5469 err = rdev->ops->testmode_dump(&rdev->wiphy, skb, cb, 5470 data, data_len); 5471 nla_nest_end(skb, tmdata); 5472 5473 if (err == -ENOBUFS || err == -ENOENT) { 5474 genlmsg_cancel(skb, hdr); 5475 break; 5476 } else if (err) { 5477 genlmsg_cancel(skb, hdr); 5478 goto out_err; 5479 } 5480 5481 genlmsg_end(skb, hdr); 5482 } 5483 5484 err = skb->len; 5485 /* see above */ 5486 cb->args[0] = phy_idx + 1; 5487 out_err: 5488 cfg80211_unlock_rdev(rdev); 5489 return err; 5490 } 5491 5492 static struct sk_buff * 5493 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 5494 int approxlen, u32 portid, u32 seq, gfp_t gfp) 5495 { 5496 struct sk_buff *skb; 5497 void *hdr; 5498 struct nlattr *data; 5499 5500 skb = nlmsg_new(approxlen + 100, gfp); 5501 if (!skb) 5502 return NULL; 5503 5504 hdr = nl80211hdr_put(skb, portid, seq, 0, NL80211_CMD_TESTMODE); 5505 if (!hdr) { 5506 kfree_skb(skb); 5507 return NULL; 5508 } 5509 5510 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 5511 goto nla_put_failure; 5512 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 5513 5514 ((void **)skb->cb)[0] = rdev; 5515 ((void **)skb->cb)[1] = hdr; 5516 ((void **)skb->cb)[2] = data; 5517 5518 return skb; 5519 5520 nla_put_failure: 5521 kfree_skb(skb); 5522 return NULL; 5523 } 5524 5525 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 5526 int approxlen) 5527 { 5528 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5529 5530 if (WARN_ON(!rdev->testmode_info)) 5531 return NULL; 5532 5533 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 5534 rdev->testmode_info->snd_portid, 5535 rdev->testmode_info->snd_seq, 5536 GFP_KERNEL); 5537 } 5538 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 5539 5540 int cfg80211_testmode_reply(struct sk_buff *skb) 5541 { 5542 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 5543 void *hdr = ((void **)skb->cb)[1]; 5544 struct nlattr *data = ((void **)skb->cb)[2]; 5545 5546 if (WARN_ON(!rdev->testmode_info)) { 5547 kfree_skb(skb); 5548 return -EINVAL; 5549 } 5550 5551 nla_nest_end(skb, data); 5552 genlmsg_end(skb, hdr); 5553 return genlmsg_reply(skb, rdev->testmode_info); 5554 } 5555 EXPORT_SYMBOL(cfg80211_testmode_reply); 5556 5557 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 5558 int approxlen, gfp_t gfp) 5559 { 5560 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5561 5562 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 5563 } 5564 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 5565 5566 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 5567 { 5568 void *hdr = ((void **)skb->cb)[1]; 5569 struct nlattr *data = ((void **)skb->cb)[2]; 5570 5571 nla_nest_end(skb, data); 5572 genlmsg_end(skb, hdr); 5573 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 5574 } 5575 EXPORT_SYMBOL(cfg80211_testmode_event); 5576 #endif 5577 5578 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 5579 { 5580 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5581 struct net_device *dev = info->user_ptr[1]; 5582 struct cfg80211_connect_params connect; 5583 struct wiphy *wiphy; 5584 struct cfg80211_cached_keys *connkeys = NULL; 5585 int err; 5586 5587 memset(&connect, 0, sizeof(connect)); 5588 5589 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5590 return -EINVAL; 5591 5592 if (!info->attrs[NL80211_ATTR_SSID] || 5593 !nla_len(info->attrs[NL80211_ATTR_SSID])) 5594 return -EINVAL; 5595 5596 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 5597 connect.auth_type = 5598 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 5599 if (!nl80211_valid_auth_type(connect.auth_type)) 5600 return -EINVAL; 5601 } else 5602 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 5603 5604 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 5605 5606 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 5607 NL80211_MAX_NR_CIPHER_SUITES); 5608 if (err) 5609 return err; 5610 5611 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5612 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5613 return -EOPNOTSUPP; 5614 5615 wiphy = &rdev->wiphy; 5616 5617 connect.bg_scan_period = -1; 5618 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 5619 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 5620 connect.bg_scan_period = 5621 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 5622 } 5623 5624 if (info->attrs[NL80211_ATTR_MAC]) 5625 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5626 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5627 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5628 5629 if (info->attrs[NL80211_ATTR_IE]) { 5630 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5631 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5632 } 5633 5634 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 5635 connect.channel = 5636 ieee80211_get_channel(wiphy, 5637 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5638 if (!connect.channel || 5639 connect.channel->flags & IEEE80211_CHAN_DISABLED) 5640 return -EINVAL; 5641 } 5642 5643 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 5644 connkeys = nl80211_parse_connkeys(rdev, 5645 info->attrs[NL80211_ATTR_KEYS]); 5646 if (IS_ERR(connkeys)) 5647 return PTR_ERR(connkeys); 5648 } 5649 5650 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 5651 connect.flags |= ASSOC_REQ_DISABLE_HT; 5652 5653 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5654 memcpy(&connect.ht_capa_mask, 5655 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 5656 sizeof(connect.ht_capa_mask)); 5657 5658 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 5659 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) { 5660 kfree(connkeys); 5661 return -EINVAL; 5662 } 5663 memcpy(&connect.ht_capa, 5664 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 5665 sizeof(connect.ht_capa)); 5666 } 5667 5668 err = cfg80211_connect(rdev, dev, &connect, connkeys); 5669 if (err) 5670 kfree(connkeys); 5671 return err; 5672 } 5673 5674 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 5675 { 5676 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5677 struct net_device *dev = info->user_ptr[1]; 5678 u16 reason; 5679 5680 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5681 reason = WLAN_REASON_DEAUTH_LEAVING; 5682 else 5683 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5684 5685 if (reason == 0) 5686 return -EINVAL; 5687 5688 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5689 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5690 return -EOPNOTSUPP; 5691 5692 return cfg80211_disconnect(rdev, dev, reason, true); 5693 } 5694 5695 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 5696 { 5697 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5698 struct net *net; 5699 int err; 5700 u32 pid; 5701 5702 if (!info->attrs[NL80211_ATTR_PID]) 5703 return -EINVAL; 5704 5705 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 5706 5707 net = get_net_ns_by_pid(pid); 5708 if (IS_ERR(net)) 5709 return PTR_ERR(net); 5710 5711 err = 0; 5712 5713 /* check if anything to do */ 5714 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 5715 err = cfg80211_switch_netns(rdev, net); 5716 5717 put_net(net); 5718 return err; 5719 } 5720 5721 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 5722 { 5723 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5724 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 5725 struct cfg80211_pmksa *pmksa) = NULL; 5726 struct net_device *dev = info->user_ptr[1]; 5727 struct cfg80211_pmksa pmksa; 5728 5729 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 5730 5731 if (!info->attrs[NL80211_ATTR_MAC]) 5732 return -EINVAL; 5733 5734 if (!info->attrs[NL80211_ATTR_PMKID]) 5735 return -EINVAL; 5736 5737 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 5738 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5739 5740 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5741 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5742 return -EOPNOTSUPP; 5743 5744 switch (info->genlhdr->cmd) { 5745 case NL80211_CMD_SET_PMKSA: 5746 rdev_ops = rdev->ops->set_pmksa; 5747 break; 5748 case NL80211_CMD_DEL_PMKSA: 5749 rdev_ops = rdev->ops->del_pmksa; 5750 break; 5751 default: 5752 WARN_ON(1); 5753 break; 5754 } 5755 5756 if (!rdev_ops) 5757 return -EOPNOTSUPP; 5758 5759 return rdev_ops(&rdev->wiphy, dev, &pmksa); 5760 } 5761 5762 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 5763 { 5764 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5765 struct net_device *dev = info->user_ptr[1]; 5766 5767 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5768 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5769 return -EOPNOTSUPP; 5770 5771 if (!rdev->ops->flush_pmksa) 5772 return -EOPNOTSUPP; 5773 5774 return rdev->ops->flush_pmksa(&rdev->wiphy, dev); 5775 } 5776 5777 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 5778 { 5779 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5780 struct net_device *dev = info->user_ptr[1]; 5781 u8 action_code, dialog_token; 5782 u16 status_code; 5783 u8 *peer; 5784 5785 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 5786 !rdev->ops->tdls_mgmt) 5787 return -EOPNOTSUPP; 5788 5789 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 5790 !info->attrs[NL80211_ATTR_STATUS_CODE] || 5791 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 5792 !info->attrs[NL80211_ATTR_IE] || 5793 !info->attrs[NL80211_ATTR_MAC]) 5794 return -EINVAL; 5795 5796 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 5797 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 5798 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 5799 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 5800 5801 return rdev->ops->tdls_mgmt(&rdev->wiphy, dev, peer, action_code, 5802 dialog_token, status_code, 5803 nla_data(info->attrs[NL80211_ATTR_IE]), 5804 nla_len(info->attrs[NL80211_ATTR_IE])); 5805 } 5806 5807 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 5808 { 5809 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5810 struct net_device *dev = info->user_ptr[1]; 5811 enum nl80211_tdls_operation operation; 5812 u8 *peer; 5813 5814 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 5815 !rdev->ops->tdls_oper) 5816 return -EOPNOTSUPP; 5817 5818 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 5819 !info->attrs[NL80211_ATTR_MAC]) 5820 return -EINVAL; 5821 5822 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 5823 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 5824 5825 return rdev->ops->tdls_oper(&rdev->wiphy, dev, peer, operation); 5826 } 5827 5828 static int nl80211_remain_on_channel(struct sk_buff *skb, 5829 struct genl_info *info) 5830 { 5831 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5832 struct wireless_dev *wdev = info->user_ptr[1]; 5833 struct ieee80211_channel *chan; 5834 struct sk_buff *msg; 5835 void *hdr; 5836 u64 cookie; 5837 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 5838 u32 freq, duration; 5839 int err; 5840 5841 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 5842 !info->attrs[NL80211_ATTR_DURATION]) 5843 return -EINVAL; 5844 5845 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 5846 5847 if (!rdev->ops->remain_on_channel || 5848 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 5849 return -EOPNOTSUPP; 5850 5851 /* 5852 * We should be on that channel for at least a minimum amount of 5853 * time (10ms) but no longer than the driver supports. 5854 */ 5855 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 5856 duration > rdev->wiphy.max_remain_on_channel_duration) 5857 return -EINVAL; 5858 5859 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] && 5860 !nl80211_valid_channel_type(info, &channel_type)) 5861 return -EINVAL; 5862 5863 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 5864 chan = rdev_freq_to_chan(rdev, freq, channel_type); 5865 if (chan == NULL) 5866 return -EINVAL; 5867 5868 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5869 if (!msg) 5870 return -ENOMEM; 5871 5872 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 5873 NL80211_CMD_REMAIN_ON_CHANNEL); 5874 5875 if (IS_ERR(hdr)) { 5876 err = PTR_ERR(hdr); 5877 goto free_msg; 5878 } 5879 5880 err = rdev->ops->remain_on_channel(&rdev->wiphy, wdev, chan, 5881 channel_type, duration, &cookie); 5882 5883 if (err) 5884 goto free_msg; 5885 5886 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 5887 goto nla_put_failure; 5888 5889 genlmsg_end(msg, hdr); 5890 5891 return genlmsg_reply(msg, info); 5892 5893 nla_put_failure: 5894 err = -ENOBUFS; 5895 free_msg: 5896 nlmsg_free(msg); 5897 return err; 5898 } 5899 5900 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 5901 struct genl_info *info) 5902 { 5903 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5904 struct wireless_dev *wdev = info->user_ptr[1]; 5905 u64 cookie; 5906 5907 if (!info->attrs[NL80211_ATTR_COOKIE]) 5908 return -EINVAL; 5909 5910 if (!rdev->ops->cancel_remain_on_channel) 5911 return -EOPNOTSUPP; 5912 5913 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 5914 5915 return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, wdev, cookie); 5916 } 5917 5918 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 5919 u8 *rates, u8 rates_len) 5920 { 5921 u8 i; 5922 u32 mask = 0; 5923 5924 for (i = 0; i < rates_len; i++) { 5925 int rate = (rates[i] & 0x7f) * 5; 5926 int ridx; 5927 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 5928 struct ieee80211_rate *srate = 5929 &sband->bitrates[ridx]; 5930 if (rate == srate->bitrate) { 5931 mask |= 1 << ridx; 5932 break; 5933 } 5934 } 5935 if (ridx == sband->n_bitrates) 5936 return 0; /* rate not found */ 5937 } 5938 5939 return mask; 5940 } 5941 5942 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 5943 u8 *rates, u8 rates_len, 5944 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 5945 { 5946 u8 i; 5947 5948 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 5949 5950 for (i = 0; i < rates_len; i++) { 5951 int ridx, rbit; 5952 5953 ridx = rates[i] / 8; 5954 rbit = BIT(rates[i] % 8); 5955 5956 /* check validity */ 5957 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 5958 return false; 5959 5960 /* check availability */ 5961 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 5962 mcs[ridx] |= rbit; 5963 else 5964 return false; 5965 } 5966 5967 return true; 5968 } 5969 5970 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 5971 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 5972 .len = NL80211_MAX_SUPP_RATES }, 5973 [NL80211_TXRATE_MCS] = { .type = NLA_BINARY, 5974 .len = NL80211_MAX_SUPP_HT_RATES }, 5975 }; 5976 5977 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 5978 struct genl_info *info) 5979 { 5980 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 5981 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5982 struct cfg80211_bitrate_mask mask; 5983 int rem, i; 5984 struct net_device *dev = info->user_ptr[1]; 5985 struct nlattr *tx_rates; 5986 struct ieee80211_supported_band *sband; 5987 5988 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 5989 return -EINVAL; 5990 5991 if (!rdev->ops->set_bitrate_mask) 5992 return -EOPNOTSUPP; 5993 5994 memset(&mask, 0, sizeof(mask)); 5995 /* Default to all rates enabled */ 5996 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 5997 sband = rdev->wiphy.bands[i]; 5998 mask.control[i].legacy = 5999 sband ? (1 << sband->n_bitrates) - 1 : 0; 6000 if (sband) 6001 memcpy(mask.control[i].mcs, 6002 sband->ht_cap.mcs.rx_mask, 6003 sizeof(mask.control[i].mcs)); 6004 else 6005 memset(mask.control[i].mcs, 0, 6006 sizeof(mask.control[i].mcs)); 6007 } 6008 6009 /* 6010 * The nested attribute uses enum nl80211_band as the index. This maps 6011 * directly to the enum ieee80211_band values used in cfg80211. 6012 */ 6013 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 6014 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 6015 { 6016 enum ieee80211_band band = nla_type(tx_rates); 6017 if (band < 0 || band >= IEEE80211_NUM_BANDS) 6018 return -EINVAL; 6019 sband = rdev->wiphy.bands[band]; 6020 if (sband == NULL) 6021 return -EINVAL; 6022 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 6023 nla_len(tx_rates), nl80211_txattr_policy); 6024 if (tb[NL80211_TXRATE_LEGACY]) { 6025 mask.control[band].legacy = rateset_to_mask( 6026 sband, 6027 nla_data(tb[NL80211_TXRATE_LEGACY]), 6028 nla_len(tb[NL80211_TXRATE_LEGACY])); 6029 if ((mask.control[band].legacy == 0) && 6030 nla_len(tb[NL80211_TXRATE_LEGACY])) 6031 return -EINVAL; 6032 } 6033 if (tb[NL80211_TXRATE_MCS]) { 6034 if (!ht_rateset_to_mask( 6035 sband, 6036 nla_data(tb[NL80211_TXRATE_MCS]), 6037 nla_len(tb[NL80211_TXRATE_MCS]), 6038 mask.control[band].mcs)) 6039 return -EINVAL; 6040 } 6041 6042 if (mask.control[band].legacy == 0) { 6043 /* don't allow empty legacy rates if HT 6044 * is not even supported. */ 6045 if (!rdev->wiphy.bands[band]->ht_cap.ht_supported) 6046 return -EINVAL; 6047 6048 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 6049 if (mask.control[band].mcs[i]) 6050 break; 6051 6052 /* legacy and mcs rates may not be both empty */ 6053 if (i == IEEE80211_HT_MCS_MASK_LEN) 6054 return -EINVAL; 6055 } 6056 } 6057 6058 return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask); 6059 } 6060 6061 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 6062 { 6063 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6064 struct wireless_dev *wdev = info->user_ptr[1]; 6065 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 6066 6067 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 6068 return -EINVAL; 6069 6070 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 6071 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 6072 6073 switch (wdev->iftype) { 6074 case NL80211_IFTYPE_STATION: 6075 case NL80211_IFTYPE_ADHOC: 6076 case NL80211_IFTYPE_P2P_CLIENT: 6077 case NL80211_IFTYPE_AP: 6078 case NL80211_IFTYPE_AP_VLAN: 6079 case NL80211_IFTYPE_MESH_POINT: 6080 case NL80211_IFTYPE_P2P_GO: 6081 case NL80211_IFTYPE_P2P_DEVICE: 6082 break; 6083 default: 6084 return -EOPNOTSUPP; 6085 } 6086 6087 /* not much point in registering if we can't reply */ 6088 if (!rdev->ops->mgmt_tx) 6089 return -EOPNOTSUPP; 6090 6091 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type, 6092 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 6093 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 6094 } 6095 6096 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 6097 { 6098 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6099 struct wireless_dev *wdev = info->user_ptr[1]; 6100 struct ieee80211_channel *chan; 6101 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 6102 bool channel_type_valid = false; 6103 u32 freq; 6104 int err; 6105 void *hdr = NULL; 6106 u64 cookie; 6107 struct sk_buff *msg = NULL; 6108 unsigned int wait = 0; 6109 bool offchan, no_cck, dont_wait_for_ack; 6110 6111 dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK]; 6112 6113 if (!info->attrs[NL80211_ATTR_FRAME] || 6114 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 6115 return -EINVAL; 6116 6117 if (!rdev->ops->mgmt_tx) 6118 return -EOPNOTSUPP; 6119 6120 switch (wdev->iftype) { 6121 case NL80211_IFTYPE_STATION: 6122 case NL80211_IFTYPE_ADHOC: 6123 case NL80211_IFTYPE_P2P_CLIENT: 6124 case NL80211_IFTYPE_AP: 6125 case NL80211_IFTYPE_AP_VLAN: 6126 case NL80211_IFTYPE_MESH_POINT: 6127 case NL80211_IFTYPE_P2P_GO: 6128 case NL80211_IFTYPE_P2P_DEVICE: 6129 break; 6130 default: 6131 return -EOPNOTSUPP; 6132 } 6133 6134 if (info->attrs[NL80211_ATTR_DURATION]) { 6135 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 6136 return -EINVAL; 6137 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 6138 6139 /* 6140 * We should wait on the channel for at least a minimum amount 6141 * of time (10ms) but no longer than the driver supports. 6142 */ 6143 if (wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 6144 wait > rdev->wiphy.max_remain_on_channel_duration) 6145 return -EINVAL; 6146 6147 } 6148 6149 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 6150 if (!nl80211_valid_channel_type(info, &channel_type)) 6151 return -EINVAL; 6152 channel_type_valid = true; 6153 } 6154 6155 offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 6156 6157 if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 6158 return -EINVAL; 6159 6160 no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 6161 6162 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 6163 chan = rdev_freq_to_chan(rdev, freq, channel_type); 6164 if (chan == NULL) 6165 return -EINVAL; 6166 6167 if (!dont_wait_for_ack) { 6168 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6169 if (!msg) 6170 return -ENOMEM; 6171 6172 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6173 NL80211_CMD_FRAME); 6174 6175 if (IS_ERR(hdr)) { 6176 err = PTR_ERR(hdr); 6177 goto free_msg; 6178 } 6179 } 6180 6181 err = cfg80211_mlme_mgmt_tx(rdev, wdev, chan, offchan, channel_type, 6182 channel_type_valid, wait, 6183 nla_data(info->attrs[NL80211_ATTR_FRAME]), 6184 nla_len(info->attrs[NL80211_ATTR_FRAME]), 6185 no_cck, dont_wait_for_ack, &cookie); 6186 if (err) 6187 goto free_msg; 6188 6189 if (msg) { 6190 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 6191 goto nla_put_failure; 6192 6193 genlmsg_end(msg, hdr); 6194 return genlmsg_reply(msg, info); 6195 } 6196 6197 return 0; 6198 6199 nla_put_failure: 6200 err = -ENOBUFS; 6201 free_msg: 6202 nlmsg_free(msg); 6203 return err; 6204 } 6205 6206 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 6207 { 6208 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6209 struct wireless_dev *wdev = info->user_ptr[1]; 6210 u64 cookie; 6211 6212 if (!info->attrs[NL80211_ATTR_COOKIE]) 6213 return -EINVAL; 6214 6215 if (!rdev->ops->mgmt_tx_cancel_wait) 6216 return -EOPNOTSUPP; 6217 6218 switch (wdev->iftype) { 6219 case NL80211_IFTYPE_STATION: 6220 case NL80211_IFTYPE_ADHOC: 6221 case NL80211_IFTYPE_P2P_CLIENT: 6222 case NL80211_IFTYPE_AP: 6223 case NL80211_IFTYPE_AP_VLAN: 6224 case NL80211_IFTYPE_P2P_GO: 6225 case NL80211_IFTYPE_P2P_DEVICE: 6226 break; 6227 default: 6228 return -EOPNOTSUPP; 6229 } 6230 6231 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 6232 6233 return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, wdev, cookie); 6234 } 6235 6236 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 6237 { 6238 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6239 struct wireless_dev *wdev; 6240 struct net_device *dev = info->user_ptr[1]; 6241 u8 ps_state; 6242 bool state; 6243 int err; 6244 6245 if (!info->attrs[NL80211_ATTR_PS_STATE]) 6246 return -EINVAL; 6247 6248 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 6249 6250 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) 6251 return -EINVAL; 6252 6253 wdev = dev->ieee80211_ptr; 6254 6255 if (!rdev->ops->set_power_mgmt) 6256 return -EOPNOTSUPP; 6257 6258 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 6259 6260 if (state == wdev->ps) 6261 return 0; 6262 6263 err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state, 6264 wdev->ps_timeout); 6265 if (!err) 6266 wdev->ps = state; 6267 return err; 6268 } 6269 6270 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 6271 { 6272 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6273 enum nl80211_ps_state ps_state; 6274 struct wireless_dev *wdev; 6275 struct net_device *dev = info->user_ptr[1]; 6276 struct sk_buff *msg; 6277 void *hdr; 6278 int err; 6279 6280 wdev = dev->ieee80211_ptr; 6281 6282 if (!rdev->ops->set_power_mgmt) 6283 return -EOPNOTSUPP; 6284 6285 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6286 if (!msg) 6287 return -ENOMEM; 6288 6289 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6290 NL80211_CMD_GET_POWER_SAVE); 6291 if (!hdr) { 6292 err = -ENOBUFS; 6293 goto free_msg; 6294 } 6295 6296 if (wdev->ps) 6297 ps_state = NL80211_PS_ENABLED; 6298 else 6299 ps_state = NL80211_PS_DISABLED; 6300 6301 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state)) 6302 goto nla_put_failure; 6303 6304 genlmsg_end(msg, hdr); 6305 return genlmsg_reply(msg, info); 6306 6307 nla_put_failure: 6308 err = -ENOBUFS; 6309 free_msg: 6310 nlmsg_free(msg); 6311 return err; 6312 } 6313 6314 static struct nla_policy 6315 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 6316 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 6317 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 6318 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 6319 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 }, 6320 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 }, 6321 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 }, 6322 }; 6323 6324 static int nl80211_set_cqm_txe(struct genl_info *info, 6325 u32 rate, u32 pkts, u32 intvl) 6326 { 6327 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6328 struct wireless_dev *wdev; 6329 struct net_device *dev = info->user_ptr[1]; 6330 6331 if ((rate < 0 || rate > 100) || 6332 (intvl < 0 || intvl > NL80211_CQM_TXE_MAX_INTVL)) 6333 return -EINVAL; 6334 6335 wdev = dev->ieee80211_ptr; 6336 6337 if (!rdev->ops->set_cqm_txe_config) 6338 return -EOPNOTSUPP; 6339 6340 if (wdev->iftype != NL80211_IFTYPE_STATION && 6341 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 6342 return -EOPNOTSUPP; 6343 6344 return rdev->ops->set_cqm_txe_config(wdev->wiphy, dev, 6345 rate, pkts, intvl); 6346 } 6347 6348 static int nl80211_set_cqm_rssi(struct genl_info *info, 6349 s32 threshold, u32 hysteresis) 6350 { 6351 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6352 struct wireless_dev *wdev; 6353 struct net_device *dev = info->user_ptr[1]; 6354 6355 if (threshold > 0) 6356 return -EINVAL; 6357 6358 wdev = dev->ieee80211_ptr; 6359 6360 if (!rdev->ops->set_cqm_rssi_config) 6361 return -EOPNOTSUPP; 6362 6363 if (wdev->iftype != NL80211_IFTYPE_STATION && 6364 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 6365 return -EOPNOTSUPP; 6366 6367 return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev, 6368 threshold, hysteresis); 6369 } 6370 6371 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 6372 { 6373 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 6374 struct nlattr *cqm; 6375 int err; 6376 6377 cqm = info->attrs[NL80211_ATTR_CQM]; 6378 if (!cqm) { 6379 err = -EINVAL; 6380 goto out; 6381 } 6382 6383 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 6384 nl80211_attr_cqm_policy); 6385 if (err) 6386 goto out; 6387 6388 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 6389 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 6390 s32 threshold; 6391 u32 hysteresis; 6392 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 6393 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 6394 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 6395 } else if (attrs[NL80211_ATTR_CQM_TXE_RATE] && 6396 attrs[NL80211_ATTR_CQM_TXE_PKTS] && 6397 attrs[NL80211_ATTR_CQM_TXE_INTVL]) { 6398 u32 rate, pkts, intvl; 6399 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]); 6400 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]); 6401 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]); 6402 err = nl80211_set_cqm_txe(info, rate, pkts, intvl); 6403 } else 6404 err = -EINVAL; 6405 6406 out: 6407 return err; 6408 } 6409 6410 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 6411 { 6412 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6413 struct net_device *dev = info->user_ptr[1]; 6414 struct mesh_config cfg; 6415 struct mesh_setup setup; 6416 int err; 6417 6418 /* start with default */ 6419 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 6420 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 6421 6422 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 6423 /* and parse parameters if given */ 6424 err = nl80211_parse_mesh_config(info, &cfg, NULL); 6425 if (err) 6426 return err; 6427 } 6428 6429 if (!info->attrs[NL80211_ATTR_MESH_ID] || 6430 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 6431 return -EINVAL; 6432 6433 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 6434 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 6435 6436 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 6437 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 6438 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 6439 return -EINVAL; 6440 6441 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 6442 /* parse additional setup parameters if given */ 6443 err = nl80211_parse_mesh_setup(info, &setup); 6444 if (err) 6445 return err; 6446 } 6447 6448 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 6449 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 6450 6451 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] && 6452 !nl80211_valid_channel_type(info, &channel_type)) 6453 return -EINVAL; 6454 6455 setup.channel = rdev_freq_to_chan(rdev, 6456 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]), 6457 channel_type); 6458 if (!setup.channel) 6459 return -EINVAL; 6460 setup.channel_type = channel_type; 6461 } else { 6462 /* cfg80211_join_mesh() will sort it out */ 6463 setup.channel = NULL; 6464 } 6465 6466 return cfg80211_join_mesh(rdev, dev, &setup, &cfg); 6467 } 6468 6469 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 6470 { 6471 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6472 struct net_device *dev = info->user_ptr[1]; 6473 6474 return cfg80211_leave_mesh(rdev, dev); 6475 } 6476 6477 #ifdef CONFIG_PM 6478 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 6479 { 6480 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6481 struct sk_buff *msg; 6482 void *hdr; 6483 6484 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 6485 return -EOPNOTSUPP; 6486 6487 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6488 if (!msg) 6489 return -ENOMEM; 6490 6491 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6492 NL80211_CMD_GET_WOWLAN); 6493 if (!hdr) 6494 goto nla_put_failure; 6495 6496 if (rdev->wowlan) { 6497 struct nlattr *nl_wowlan; 6498 6499 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 6500 if (!nl_wowlan) 6501 goto nla_put_failure; 6502 6503 if ((rdev->wowlan->any && 6504 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 6505 (rdev->wowlan->disconnect && 6506 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 6507 (rdev->wowlan->magic_pkt && 6508 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 6509 (rdev->wowlan->gtk_rekey_failure && 6510 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 6511 (rdev->wowlan->eap_identity_req && 6512 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 6513 (rdev->wowlan->four_way_handshake && 6514 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 6515 (rdev->wowlan->rfkill_release && 6516 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 6517 goto nla_put_failure; 6518 if (rdev->wowlan->n_patterns) { 6519 struct nlattr *nl_pats, *nl_pat; 6520 int i, pat_len; 6521 6522 nl_pats = nla_nest_start(msg, 6523 NL80211_WOWLAN_TRIG_PKT_PATTERN); 6524 if (!nl_pats) 6525 goto nla_put_failure; 6526 6527 for (i = 0; i < rdev->wowlan->n_patterns; i++) { 6528 nl_pat = nla_nest_start(msg, i + 1); 6529 if (!nl_pat) 6530 goto nla_put_failure; 6531 pat_len = rdev->wowlan->patterns[i].pattern_len; 6532 if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK, 6533 DIV_ROUND_UP(pat_len, 8), 6534 rdev->wowlan->patterns[i].mask) || 6535 nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN, 6536 pat_len, 6537 rdev->wowlan->patterns[i].pattern)) 6538 goto nla_put_failure; 6539 nla_nest_end(msg, nl_pat); 6540 } 6541 nla_nest_end(msg, nl_pats); 6542 } 6543 6544 nla_nest_end(msg, nl_wowlan); 6545 } 6546 6547 genlmsg_end(msg, hdr); 6548 return genlmsg_reply(msg, info); 6549 6550 nla_put_failure: 6551 nlmsg_free(msg); 6552 return -ENOBUFS; 6553 } 6554 6555 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 6556 { 6557 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6558 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 6559 struct cfg80211_wowlan new_triggers = {}; 6560 struct cfg80211_wowlan *ntrig; 6561 struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan; 6562 int err, i; 6563 bool prev_enabled = rdev->wowlan; 6564 6565 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 6566 return -EOPNOTSUPP; 6567 6568 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) { 6569 cfg80211_rdev_free_wowlan(rdev); 6570 rdev->wowlan = NULL; 6571 goto set_wakeup; 6572 } 6573 6574 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG, 6575 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6576 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6577 nl80211_wowlan_policy); 6578 if (err) 6579 return err; 6580 6581 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 6582 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 6583 return -EINVAL; 6584 new_triggers.any = true; 6585 } 6586 6587 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 6588 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 6589 return -EINVAL; 6590 new_triggers.disconnect = true; 6591 } 6592 6593 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 6594 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 6595 return -EINVAL; 6596 new_triggers.magic_pkt = true; 6597 } 6598 6599 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 6600 return -EINVAL; 6601 6602 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 6603 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 6604 return -EINVAL; 6605 new_triggers.gtk_rekey_failure = true; 6606 } 6607 6608 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 6609 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 6610 return -EINVAL; 6611 new_triggers.eap_identity_req = true; 6612 } 6613 6614 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 6615 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 6616 return -EINVAL; 6617 new_triggers.four_way_handshake = true; 6618 } 6619 6620 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 6621 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 6622 return -EINVAL; 6623 new_triggers.rfkill_release = true; 6624 } 6625 6626 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 6627 struct nlattr *pat; 6628 int n_patterns = 0; 6629 int rem, pat_len, mask_len; 6630 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT]; 6631 6632 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6633 rem) 6634 n_patterns++; 6635 if (n_patterns > wowlan->n_patterns) 6636 return -EINVAL; 6637 6638 new_triggers.patterns = kcalloc(n_patterns, 6639 sizeof(new_triggers.patterns[0]), 6640 GFP_KERNEL); 6641 if (!new_triggers.patterns) 6642 return -ENOMEM; 6643 6644 new_triggers.n_patterns = n_patterns; 6645 i = 0; 6646 6647 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6648 rem) { 6649 nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT, 6650 nla_data(pat), nla_len(pat), NULL); 6651 err = -EINVAL; 6652 if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] || 6653 !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]) 6654 goto error; 6655 pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]); 6656 mask_len = DIV_ROUND_UP(pat_len, 8); 6657 if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) != 6658 mask_len) 6659 goto error; 6660 if (pat_len > wowlan->pattern_max_len || 6661 pat_len < wowlan->pattern_min_len) 6662 goto error; 6663 6664 new_triggers.patterns[i].mask = 6665 kmalloc(mask_len + pat_len, GFP_KERNEL); 6666 if (!new_triggers.patterns[i].mask) { 6667 err = -ENOMEM; 6668 goto error; 6669 } 6670 new_triggers.patterns[i].pattern = 6671 new_triggers.patterns[i].mask + mask_len; 6672 memcpy(new_triggers.patterns[i].mask, 6673 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]), 6674 mask_len); 6675 new_triggers.patterns[i].pattern_len = pat_len; 6676 memcpy(new_triggers.patterns[i].pattern, 6677 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]), 6678 pat_len); 6679 i++; 6680 } 6681 } 6682 6683 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL); 6684 if (!ntrig) { 6685 err = -ENOMEM; 6686 goto error; 6687 } 6688 cfg80211_rdev_free_wowlan(rdev); 6689 rdev->wowlan = ntrig; 6690 6691 set_wakeup: 6692 if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan) 6693 rdev->ops->set_wakeup(&rdev->wiphy, rdev->wowlan); 6694 6695 return 0; 6696 error: 6697 for (i = 0; i < new_triggers.n_patterns; i++) 6698 kfree(new_triggers.patterns[i].mask); 6699 kfree(new_triggers.patterns); 6700 return err; 6701 } 6702 #endif 6703 6704 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 6705 { 6706 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6707 struct net_device *dev = info->user_ptr[1]; 6708 struct wireless_dev *wdev = dev->ieee80211_ptr; 6709 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 6710 struct cfg80211_gtk_rekey_data rekey_data; 6711 int err; 6712 6713 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 6714 return -EINVAL; 6715 6716 err = nla_parse(tb, MAX_NL80211_REKEY_DATA, 6717 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]), 6718 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]), 6719 nl80211_rekey_policy); 6720 if (err) 6721 return err; 6722 6723 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) 6724 return -ERANGE; 6725 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) 6726 return -ERANGE; 6727 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN) 6728 return -ERANGE; 6729 6730 memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]), 6731 NL80211_KEK_LEN); 6732 memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]), 6733 NL80211_KCK_LEN); 6734 memcpy(rekey_data.replay_ctr, 6735 nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]), 6736 NL80211_REPLAY_CTR_LEN); 6737 6738 wdev_lock(wdev); 6739 if (!wdev->current_bss) { 6740 err = -ENOTCONN; 6741 goto out; 6742 } 6743 6744 if (!rdev->ops->set_rekey_data) { 6745 err = -EOPNOTSUPP; 6746 goto out; 6747 } 6748 6749 err = rdev->ops->set_rekey_data(&rdev->wiphy, dev, &rekey_data); 6750 out: 6751 wdev_unlock(wdev); 6752 return err; 6753 } 6754 6755 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 6756 struct genl_info *info) 6757 { 6758 struct net_device *dev = info->user_ptr[1]; 6759 struct wireless_dev *wdev = dev->ieee80211_ptr; 6760 6761 if (wdev->iftype != NL80211_IFTYPE_AP && 6762 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6763 return -EINVAL; 6764 6765 if (wdev->ap_unexpected_nlportid) 6766 return -EBUSY; 6767 6768 wdev->ap_unexpected_nlportid = info->snd_portid; 6769 return 0; 6770 } 6771 6772 static int nl80211_probe_client(struct sk_buff *skb, 6773 struct genl_info *info) 6774 { 6775 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6776 struct net_device *dev = info->user_ptr[1]; 6777 struct wireless_dev *wdev = dev->ieee80211_ptr; 6778 struct sk_buff *msg; 6779 void *hdr; 6780 const u8 *addr; 6781 u64 cookie; 6782 int err; 6783 6784 if (wdev->iftype != NL80211_IFTYPE_AP && 6785 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6786 return -EOPNOTSUPP; 6787 6788 if (!info->attrs[NL80211_ATTR_MAC]) 6789 return -EINVAL; 6790 6791 if (!rdev->ops->probe_client) 6792 return -EOPNOTSUPP; 6793 6794 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6795 if (!msg) 6796 return -ENOMEM; 6797 6798 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6799 NL80211_CMD_PROBE_CLIENT); 6800 6801 if (IS_ERR(hdr)) { 6802 err = PTR_ERR(hdr); 6803 goto free_msg; 6804 } 6805 6806 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 6807 6808 err = rdev->ops->probe_client(&rdev->wiphy, dev, addr, &cookie); 6809 if (err) 6810 goto free_msg; 6811 6812 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 6813 goto nla_put_failure; 6814 6815 genlmsg_end(msg, hdr); 6816 6817 return genlmsg_reply(msg, info); 6818 6819 nla_put_failure: 6820 err = -ENOBUFS; 6821 free_msg: 6822 nlmsg_free(msg); 6823 return err; 6824 } 6825 6826 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 6827 { 6828 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6829 6830 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 6831 return -EOPNOTSUPP; 6832 6833 if (rdev->ap_beacons_nlportid) 6834 return -EBUSY; 6835 6836 rdev->ap_beacons_nlportid = info->snd_portid; 6837 6838 return 0; 6839 } 6840 6841 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info) 6842 { 6843 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6844 struct wireless_dev *wdev = info->user_ptr[1]; 6845 int err; 6846 6847 if (!rdev->ops->start_p2p_device) 6848 return -EOPNOTSUPP; 6849 6850 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 6851 return -EOPNOTSUPP; 6852 6853 if (wdev->p2p_started) 6854 return 0; 6855 6856 mutex_lock(&rdev->devlist_mtx); 6857 err = cfg80211_can_add_interface(rdev, wdev->iftype); 6858 mutex_unlock(&rdev->devlist_mtx); 6859 if (err) 6860 return err; 6861 6862 err = rdev->ops->start_p2p_device(&rdev->wiphy, wdev); 6863 if (err) 6864 return err; 6865 6866 wdev->p2p_started = true; 6867 mutex_lock(&rdev->devlist_mtx); 6868 rdev->opencount++; 6869 mutex_unlock(&rdev->devlist_mtx); 6870 6871 return 0; 6872 } 6873 6874 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info) 6875 { 6876 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6877 struct wireless_dev *wdev = info->user_ptr[1]; 6878 6879 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 6880 return -EOPNOTSUPP; 6881 6882 if (!rdev->ops->stop_p2p_device) 6883 return -EOPNOTSUPP; 6884 6885 if (!wdev->p2p_started) 6886 return 0; 6887 6888 rdev->ops->stop_p2p_device(&rdev->wiphy, wdev); 6889 wdev->p2p_started = false; 6890 6891 mutex_lock(&rdev->devlist_mtx); 6892 rdev->opencount--; 6893 mutex_unlock(&rdev->devlist_mtx); 6894 6895 if (WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev)) { 6896 rdev->scan_req->aborted = true; 6897 ___cfg80211_scan_done(rdev, true); 6898 } 6899 6900 return 0; 6901 } 6902 6903 #define NL80211_FLAG_NEED_WIPHY 0x01 6904 #define NL80211_FLAG_NEED_NETDEV 0x02 6905 #define NL80211_FLAG_NEED_RTNL 0x04 6906 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 6907 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 6908 NL80211_FLAG_CHECK_NETDEV_UP) 6909 #define NL80211_FLAG_NEED_WDEV 0x10 6910 /* If a netdev is associated, it must be UP, P2P must be started */ 6911 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ 6912 NL80211_FLAG_CHECK_NETDEV_UP) 6913 6914 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 6915 struct genl_info *info) 6916 { 6917 struct cfg80211_registered_device *rdev; 6918 struct wireless_dev *wdev; 6919 struct net_device *dev; 6920 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL; 6921 6922 if (rtnl) 6923 rtnl_lock(); 6924 6925 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) { 6926 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 6927 if (IS_ERR(rdev)) { 6928 if (rtnl) 6929 rtnl_unlock(); 6930 return PTR_ERR(rdev); 6931 } 6932 info->user_ptr[0] = rdev; 6933 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV || 6934 ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 6935 mutex_lock(&cfg80211_mutex); 6936 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info), 6937 info->attrs); 6938 if (IS_ERR(wdev)) { 6939 mutex_unlock(&cfg80211_mutex); 6940 if (rtnl) 6941 rtnl_unlock(); 6942 return PTR_ERR(wdev); 6943 } 6944 6945 dev = wdev->netdev; 6946 rdev = wiphy_to_dev(wdev->wiphy); 6947 6948 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) { 6949 if (!dev) { 6950 mutex_unlock(&cfg80211_mutex); 6951 if (rtnl) 6952 rtnl_unlock(); 6953 return -EINVAL; 6954 } 6955 6956 info->user_ptr[1] = dev; 6957 } else { 6958 info->user_ptr[1] = wdev; 6959 } 6960 6961 if (dev) { 6962 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 6963 !netif_running(dev)) { 6964 mutex_unlock(&cfg80211_mutex); 6965 if (rtnl) 6966 rtnl_unlock(); 6967 return -ENETDOWN; 6968 } 6969 6970 dev_hold(dev); 6971 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) { 6972 if (!wdev->p2p_started) { 6973 mutex_unlock(&cfg80211_mutex); 6974 if (rtnl) 6975 rtnl_unlock(); 6976 return -ENETDOWN; 6977 } 6978 } 6979 6980 cfg80211_lock_rdev(rdev); 6981 6982 mutex_unlock(&cfg80211_mutex); 6983 6984 info->user_ptr[0] = rdev; 6985 } 6986 6987 return 0; 6988 } 6989 6990 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 6991 struct genl_info *info) 6992 { 6993 if (info->user_ptr[0]) 6994 cfg80211_unlock_rdev(info->user_ptr[0]); 6995 if (info->user_ptr[1]) { 6996 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 6997 struct wireless_dev *wdev = info->user_ptr[1]; 6998 6999 if (wdev->netdev) 7000 dev_put(wdev->netdev); 7001 } else { 7002 dev_put(info->user_ptr[1]); 7003 } 7004 } 7005 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) 7006 rtnl_unlock(); 7007 } 7008 7009 static struct genl_ops nl80211_ops[] = { 7010 { 7011 .cmd = NL80211_CMD_GET_WIPHY, 7012 .doit = nl80211_get_wiphy, 7013 .dumpit = nl80211_dump_wiphy, 7014 .policy = nl80211_policy, 7015 /* can be retrieved by unprivileged users */ 7016 .internal_flags = NL80211_FLAG_NEED_WIPHY, 7017 }, 7018 { 7019 .cmd = NL80211_CMD_SET_WIPHY, 7020 .doit = nl80211_set_wiphy, 7021 .policy = nl80211_policy, 7022 .flags = GENL_ADMIN_PERM, 7023 .internal_flags = NL80211_FLAG_NEED_RTNL, 7024 }, 7025 { 7026 .cmd = NL80211_CMD_GET_INTERFACE, 7027 .doit = nl80211_get_interface, 7028 .dumpit = nl80211_dump_interface, 7029 .policy = nl80211_policy, 7030 /* can be retrieved by unprivileged users */ 7031 .internal_flags = NL80211_FLAG_NEED_WDEV, 7032 }, 7033 { 7034 .cmd = NL80211_CMD_SET_INTERFACE, 7035 .doit = nl80211_set_interface, 7036 .policy = nl80211_policy, 7037 .flags = GENL_ADMIN_PERM, 7038 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7039 NL80211_FLAG_NEED_RTNL, 7040 }, 7041 { 7042 .cmd = NL80211_CMD_NEW_INTERFACE, 7043 .doit = nl80211_new_interface, 7044 .policy = nl80211_policy, 7045 .flags = GENL_ADMIN_PERM, 7046 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7047 NL80211_FLAG_NEED_RTNL, 7048 }, 7049 { 7050 .cmd = NL80211_CMD_DEL_INTERFACE, 7051 .doit = nl80211_del_interface, 7052 .policy = nl80211_policy, 7053 .flags = GENL_ADMIN_PERM, 7054 .internal_flags = NL80211_FLAG_NEED_WDEV | 7055 NL80211_FLAG_NEED_RTNL, 7056 }, 7057 { 7058 .cmd = NL80211_CMD_GET_KEY, 7059 .doit = nl80211_get_key, 7060 .policy = nl80211_policy, 7061 .flags = GENL_ADMIN_PERM, 7062 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7063 NL80211_FLAG_NEED_RTNL, 7064 }, 7065 { 7066 .cmd = NL80211_CMD_SET_KEY, 7067 .doit = nl80211_set_key, 7068 .policy = nl80211_policy, 7069 .flags = GENL_ADMIN_PERM, 7070 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7071 NL80211_FLAG_NEED_RTNL, 7072 }, 7073 { 7074 .cmd = NL80211_CMD_NEW_KEY, 7075 .doit = nl80211_new_key, 7076 .policy = nl80211_policy, 7077 .flags = GENL_ADMIN_PERM, 7078 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7079 NL80211_FLAG_NEED_RTNL, 7080 }, 7081 { 7082 .cmd = NL80211_CMD_DEL_KEY, 7083 .doit = nl80211_del_key, 7084 .policy = nl80211_policy, 7085 .flags = GENL_ADMIN_PERM, 7086 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7087 NL80211_FLAG_NEED_RTNL, 7088 }, 7089 { 7090 .cmd = NL80211_CMD_SET_BEACON, 7091 .policy = nl80211_policy, 7092 .flags = GENL_ADMIN_PERM, 7093 .doit = nl80211_set_beacon, 7094 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7095 NL80211_FLAG_NEED_RTNL, 7096 }, 7097 { 7098 .cmd = NL80211_CMD_START_AP, 7099 .policy = nl80211_policy, 7100 .flags = GENL_ADMIN_PERM, 7101 .doit = nl80211_start_ap, 7102 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7103 NL80211_FLAG_NEED_RTNL, 7104 }, 7105 { 7106 .cmd = NL80211_CMD_STOP_AP, 7107 .policy = nl80211_policy, 7108 .flags = GENL_ADMIN_PERM, 7109 .doit = nl80211_stop_ap, 7110 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7111 NL80211_FLAG_NEED_RTNL, 7112 }, 7113 { 7114 .cmd = NL80211_CMD_GET_STATION, 7115 .doit = nl80211_get_station, 7116 .dumpit = nl80211_dump_station, 7117 .policy = nl80211_policy, 7118 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7119 NL80211_FLAG_NEED_RTNL, 7120 }, 7121 { 7122 .cmd = NL80211_CMD_SET_STATION, 7123 .doit = nl80211_set_station, 7124 .policy = nl80211_policy, 7125 .flags = GENL_ADMIN_PERM, 7126 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7127 NL80211_FLAG_NEED_RTNL, 7128 }, 7129 { 7130 .cmd = NL80211_CMD_NEW_STATION, 7131 .doit = nl80211_new_station, 7132 .policy = nl80211_policy, 7133 .flags = GENL_ADMIN_PERM, 7134 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7135 NL80211_FLAG_NEED_RTNL, 7136 }, 7137 { 7138 .cmd = NL80211_CMD_DEL_STATION, 7139 .doit = nl80211_del_station, 7140 .policy = nl80211_policy, 7141 .flags = GENL_ADMIN_PERM, 7142 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7143 NL80211_FLAG_NEED_RTNL, 7144 }, 7145 { 7146 .cmd = NL80211_CMD_GET_MPATH, 7147 .doit = nl80211_get_mpath, 7148 .dumpit = nl80211_dump_mpath, 7149 .policy = nl80211_policy, 7150 .flags = GENL_ADMIN_PERM, 7151 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7152 NL80211_FLAG_NEED_RTNL, 7153 }, 7154 { 7155 .cmd = NL80211_CMD_SET_MPATH, 7156 .doit = nl80211_set_mpath, 7157 .policy = nl80211_policy, 7158 .flags = GENL_ADMIN_PERM, 7159 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7160 NL80211_FLAG_NEED_RTNL, 7161 }, 7162 { 7163 .cmd = NL80211_CMD_NEW_MPATH, 7164 .doit = nl80211_new_mpath, 7165 .policy = nl80211_policy, 7166 .flags = GENL_ADMIN_PERM, 7167 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7168 NL80211_FLAG_NEED_RTNL, 7169 }, 7170 { 7171 .cmd = NL80211_CMD_DEL_MPATH, 7172 .doit = nl80211_del_mpath, 7173 .policy = nl80211_policy, 7174 .flags = GENL_ADMIN_PERM, 7175 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7176 NL80211_FLAG_NEED_RTNL, 7177 }, 7178 { 7179 .cmd = NL80211_CMD_SET_BSS, 7180 .doit = nl80211_set_bss, 7181 .policy = nl80211_policy, 7182 .flags = GENL_ADMIN_PERM, 7183 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7184 NL80211_FLAG_NEED_RTNL, 7185 }, 7186 { 7187 .cmd = NL80211_CMD_GET_REG, 7188 .doit = nl80211_get_reg, 7189 .policy = nl80211_policy, 7190 /* can be retrieved by unprivileged users */ 7191 }, 7192 { 7193 .cmd = NL80211_CMD_SET_REG, 7194 .doit = nl80211_set_reg, 7195 .policy = nl80211_policy, 7196 .flags = GENL_ADMIN_PERM, 7197 }, 7198 { 7199 .cmd = NL80211_CMD_REQ_SET_REG, 7200 .doit = nl80211_req_set_reg, 7201 .policy = nl80211_policy, 7202 .flags = GENL_ADMIN_PERM, 7203 }, 7204 { 7205 .cmd = NL80211_CMD_GET_MESH_CONFIG, 7206 .doit = nl80211_get_mesh_config, 7207 .policy = nl80211_policy, 7208 /* can be retrieved by unprivileged users */ 7209 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7210 NL80211_FLAG_NEED_RTNL, 7211 }, 7212 { 7213 .cmd = NL80211_CMD_SET_MESH_CONFIG, 7214 .doit = nl80211_update_mesh_config, 7215 .policy = nl80211_policy, 7216 .flags = GENL_ADMIN_PERM, 7217 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7218 NL80211_FLAG_NEED_RTNL, 7219 }, 7220 { 7221 .cmd = NL80211_CMD_TRIGGER_SCAN, 7222 .doit = nl80211_trigger_scan, 7223 .policy = nl80211_policy, 7224 .flags = GENL_ADMIN_PERM, 7225 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7226 NL80211_FLAG_NEED_RTNL, 7227 }, 7228 { 7229 .cmd = NL80211_CMD_GET_SCAN, 7230 .policy = nl80211_policy, 7231 .dumpit = nl80211_dump_scan, 7232 }, 7233 { 7234 .cmd = NL80211_CMD_START_SCHED_SCAN, 7235 .doit = nl80211_start_sched_scan, 7236 .policy = nl80211_policy, 7237 .flags = GENL_ADMIN_PERM, 7238 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7239 NL80211_FLAG_NEED_RTNL, 7240 }, 7241 { 7242 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 7243 .doit = nl80211_stop_sched_scan, 7244 .policy = nl80211_policy, 7245 .flags = GENL_ADMIN_PERM, 7246 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7247 NL80211_FLAG_NEED_RTNL, 7248 }, 7249 { 7250 .cmd = NL80211_CMD_AUTHENTICATE, 7251 .doit = nl80211_authenticate, 7252 .policy = nl80211_policy, 7253 .flags = GENL_ADMIN_PERM, 7254 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7255 NL80211_FLAG_NEED_RTNL, 7256 }, 7257 { 7258 .cmd = NL80211_CMD_ASSOCIATE, 7259 .doit = nl80211_associate, 7260 .policy = nl80211_policy, 7261 .flags = GENL_ADMIN_PERM, 7262 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7263 NL80211_FLAG_NEED_RTNL, 7264 }, 7265 { 7266 .cmd = NL80211_CMD_DEAUTHENTICATE, 7267 .doit = nl80211_deauthenticate, 7268 .policy = nl80211_policy, 7269 .flags = GENL_ADMIN_PERM, 7270 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7271 NL80211_FLAG_NEED_RTNL, 7272 }, 7273 { 7274 .cmd = NL80211_CMD_DISASSOCIATE, 7275 .doit = nl80211_disassociate, 7276 .policy = nl80211_policy, 7277 .flags = GENL_ADMIN_PERM, 7278 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7279 NL80211_FLAG_NEED_RTNL, 7280 }, 7281 { 7282 .cmd = NL80211_CMD_JOIN_IBSS, 7283 .doit = nl80211_join_ibss, 7284 .policy = nl80211_policy, 7285 .flags = GENL_ADMIN_PERM, 7286 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7287 NL80211_FLAG_NEED_RTNL, 7288 }, 7289 { 7290 .cmd = NL80211_CMD_LEAVE_IBSS, 7291 .doit = nl80211_leave_ibss, 7292 .policy = nl80211_policy, 7293 .flags = GENL_ADMIN_PERM, 7294 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7295 NL80211_FLAG_NEED_RTNL, 7296 }, 7297 #ifdef CONFIG_NL80211_TESTMODE 7298 { 7299 .cmd = NL80211_CMD_TESTMODE, 7300 .doit = nl80211_testmode_do, 7301 .dumpit = nl80211_testmode_dump, 7302 .policy = nl80211_policy, 7303 .flags = GENL_ADMIN_PERM, 7304 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7305 NL80211_FLAG_NEED_RTNL, 7306 }, 7307 #endif 7308 { 7309 .cmd = NL80211_CMD_CONNECT, 7310 .doit = nl80211_connect, 7311 .policy = nl80211_policy, 7312 .flags = GENL_ADMIN_PERM, 7313 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7314 NL80211_FLAG_NEED_RTNL, 7315 }, 7316 { 7317 .cmd = NL80211_CMD_DISCONNECT, 7318 .doit = nl80211_disconnect, 7319 .policy = nl80211_policy, 7320 .flags = GENL_ADMIN_PERM, 7321 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7322 NL80211_FLAG_NEED_RTNL, 7323 }, 7324 { 7325 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 7326 .doit = nl80211_wiphy_netns, 7327 .policy = nl80211_policy, 7328 .flags = GENL_ADMIN_PERM, 7329 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7330 NL80211_FLAG_NEED_RTNL, 7331 }, 7332 { 7333 .cmd = NL80211_CMD_GET_SURVEY, 7334 .policy = nl80211_policy, 7335 .dumpit = nl80211_dump_survey, 7336 }, 7337 { 7338 .cmd = NL80211_CMD_SET_PMKSA, 7339 .doit = nl80211_setdel_pmksa, 7340 .policy = nl80211_policy, 7341 .flags = GENL_ADMIN_PERM, 7342 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7343 NL80211_FLAG_NEED_RTNL, 7344 }, 7345 { 7346 .cmd = NL80211_CMD_DEL_PMKSA, 7347 .doit = nl80211_setdel_pmksa, 7348 .policy = nl80211_policy, 7349 .flags = GENL_ADMIN_PERM, 7350 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7351 NL80211_FLAG_NEED_RTNL, 7352 }, 7353 { 7354 .cmd = NL80211_CMD_FLUSH_PMKSA, 7355 .doit = nl80211_flush_pmksa, 7356 .policy = nl80211_policy, 7357 .flags = GENL_ADMIN_PERM, 7358 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7359 NL80211_FLAG_NEED_RTNL, 7360 }, 7361 { 7362 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 7363 .doit = nl80211_remain_on_channel, 7364 .policy = nl80211_policy, 7365 .flags = GENL_ADMIN_PERM, 7366 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7367 NL80211_FLAG_NEED_RTNL, 7368 }, 7369 { 7370 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 7371 .doit = nl80211_cancel_remain_on_channel, 7372 .policy = nl80211_policy, 7373 .flags = GENL_ADMIN_PERM, 7374 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7375 NL80211_FLAG_NEED_RTNL, 7376 }, 7377 { 7378 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 7379 .doit = nl80211_set_tx_bitrate_mask, 7380 .policy = nl80211_policy, 7381 .flags = GENL_ADMIN_PERM, 7382 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7383 NL80211_FLAG_NEED_RTNL, 7384 }, 7385 { 7386 .cmd = NL80211_CMD_REGISTER_FRAME, 7387 .doit = nl80211_register_mgmt, 7388 .policy = nl80211_policy, 7389 .flags = GENL_ADMIN_PERM, 7390 .internal_flags = NL80211_FLAG_NEED_WDEV | 7391 NL80211_FLAG_NEED_RTNL, 7392 }, 7393 { 7394 .cmd = NL80211_CMD_FRAME, 7395 .doit = nl80211_tx_mgmt, 7396 .policy = nl80211_policy, 7397 .flags = GENL_ADMIN_PERM, 7398 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7399 NL80211_FLAG_NEED_RTNL, 7400 }, 7401 { 7402 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 7403 .doit = nl80211_tx_mgmt_cancel_wait, 7404 .policy = nl80211_policy, 7405 .flags = GENL_ADMIN_PERM, 7406 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7407 NL80211_FLAG_NEED_RTNL, 7408 }, 7409 { 7410 .cmd = NL80211_CMD_SET_POWER_SAVE, 7411 .doit = nl80211_set_power_save, 7412 .policy = nl80211_policy, 7413 .flags = GENL_ADMIN_PERM, 7414 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7415 NL80211_FLAG_NEED_RTNL, 7416 }, 7417 { 7418 .cmd = NL80211_CMD_GET_POWER_SAVE, 7419 .doit = nl80211_get_power_save, 7420 .policy = nl80211_policy, 7421 /* can be retrieved by unprivileged users */ 7422 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7423 NL80211_FLAG_NEED_RTNL, 7424 }, 7425 { 7426 .cmd = NL80211_CMD_SET_CQM, 7427 .doit = nl80211_set_cqm, 7428 .policy = nl80211_policy, 7429 .flags = GENL_ADMIN_PERM, 7430 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7431 NL80211_FLAG_NEED_RTNL, 7432 }, 7433 { 7434 .cmd = NL80211_CMD_SET_CHANNEL, 7435 .doit = nl80211_set_channel, 7436 .policy = nl80211_policy, 7437 .flags = GENL_ADMIN_PERM, 7438 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7439 NL80211_FLAG_NEED_RTNL, 7440 }, 7441 { 7442 .cmd = NL80211_CMD_SET_WDS_PEER, 7443 .doit = nl80211_set_wds_peer, 7444 .policy = nl80211_policy, 7445 .flags = GENL_ADMIN_PERM, 7446 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7447 NL80211_FLAG_NEED_RTNL, 7448 }, 7449 { 7450 .cmd = NL80211_CMD_JOIN_MESH, 7451 .doit = nl80211_join_mesh, 7452 .policy = nl80211_policy, 7453 .flags = GENL_ADMIN_PERM, 7454 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7455 NL80211_FLAG_NEED_RTNL, 7456 }, 7457 { 7458 .cmd = NL80211_CMD_LEAVE_MESH, 7459 .doit = nl80211_leave_mesh, 7460 .policy = nl80211_policy, 7461 .flags = GENL_ADMIN_PERM, 7462 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7463 NL80211_FLAG_NEED_RTNL, 7464 }, 7465 #ifdef CONFIG_PM 7466 { 7467 .cmd = NL80211_CMD_GET_WOWLAN, 7468 .doit = nl80211_get_wowlan, 7469 .policy = nl80211_policy, 7470 /* can be retrieved by unprivileged users */ 7471 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7472 NL80211_FLAG_NEED_RTNL, 7473 }, 7474 { 7475 .cmd = NL80211_CMD_SET_WOWLAN, 7476 .doit = nl80211_set_wowlan, 7477 .policy = nl80211_policy, 7478 .flags = GENL_ADMIN_PERM, 7479 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7480 NL80211_FLAG_NEED_RTNL, 7481 }, 7482 #endif 7483 { 7484 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 7485 .doit = nl80211_set_rekey_data, 7486 .policy = nl80211_policy, 7487 .flags = GENL_ADMIN_PERM, 7488 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7489 NL80211_FLAG_NEED_RTNL, 7490 }, 7491 { 7492 .cmd = NL80211_CMD_TDLS_MGMT, 7493 .doit = nl80211_tdls_mgmt, 7494 .policy = nl80211_policy, 7495 .flags = GENL_ADMIN_PERM, 7496 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7497 NL80211_FLAG_NEED_RTNL, 7498 }, 7499 { 7500 .cmd = NL80211_CMD_TDLS_OPER, 7501 .doit = nl80211_tdls_oper, 7502 .policy = nl80211_policy, 7503 .flags = GENL_ADMIN_PERM, 7504 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7505 NL80211_FLAG_NEED_RTNL, 7506 }, 7507 { 7508 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 7509 .doit = nl80211_register_unexpected_frame, 7510 .policy = nl80211_policy, 7511 .flags = GENL_ADMIN_PERM, 7512 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7513 NL80211_FLAG_NEED_RTNL, 7514 }, 7515 { 7516 .cmd = NL80211_CMD_PROBE_CLIENT, 7517 .doit = nl80211_probe_client, 7518 .policy = nl80211_policy, 7519 .flags = GENL_ADMIN_PERM, 7520 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7521 NL80211_FLAG_NEED_RTNL, 7522 }, 7523 { 7524 .cmd = NL80211_CMD_REGISTER_BEACONS, 7525 .doit = nl80211_register_beacons, 7526 .policy = nl80211_policy, 7527 .flags = GENL_ADMIN_PERM, 7528 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7529 NL80211_FLAG_NEED_RTNL, 7530 }, 7531 { 7532 .cmd = NL80211_CMD_SET_NOACK_MAP, 7533 .doit = nl80211_set_noack_map, 7534 .policy = nl80211_policy, 7535 .flags = GENL_ADMIN_PERM, 7536 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7537 NL80211_FLAG_NEED_RTNL, 7538 }, 7539 { 7540 .cmd = NL80211_CMD_START_P2P_DEVICE, 7541 .doit = nl80211_start_p2p_device, 7542 .policy = nl80211_policy, 7543 .flags = GENL_ADMIN_PERM, 7544 .internal_flags = NL80211_FLAG_NEED_WDEV | 7545 NL80211_FLAG_NEED_RTNL, 7546 }, 7547 { 7548 .cmd = NL80211_CMD_STOP_P2P_DEVICE, 7549 .doit = nl80211_stop_p2p_device, 7550 .policy = nl80211_policy, 7551 .flags = GENL_ADMIN_PERM, 7552 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7553 NL80211_FLAG_NEED_RTNL, 7554 }, 7555 }; 7556 7557 static struct genl_multicast_group nl80211_mlme_mcgrp = { 7558 .name = "mlme", 7559 }; 7560 7561 /* multicast groups */ 7562 static struct genl_multicast_group nl80211_config_mcgrp = { 7563 .name = "config", 7564 }; 7565 static struct genl_multicast_group nl80211_scan_mcgrp = { 7566 .name = "scan", 7567 }; 7568 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 7569 .name = "regulatory", 7570 }; 7571 7572 /* notification functions */ 7573 7574 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 7575 { 7576 struct sk_buff *msg; 7577 7578 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7579 if (!msg) 7580 return; 7581 7582 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 7583 nlmsg_free(msg); 7584 return; 7585 } 7586 7587 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7588 nl80211_config_mcgrp.id, GFP_KERNEL); 7589 } 7590 7591 static int nl80211_add_scan_req(struct sk_buff *msg, 7592 struct cfg80211_registered_device *rdev) 7593 { 7594 struct cfg80211_scan_request *req = rdev->scan_req; 7595 struct nlattr *nest; 7596 int i; 7597 7598 ASSERT_RDEV_LOCK(rdev); 7599 7600 if (WARN_ON(!req)) 7601 return 0; 7602 7603 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 7604 if (!nest) 7605 goto nla_put_failure; 7606 for (i = 0; i < req->n_ssids; i++) { 7607 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid)) 7608 goto nla_put_failure; 7609 } 7610 nla_nest_end(msg, nest); 7611 7612 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 7613 if (!nest) 7614 goto nla_put_failure; 7615 for (i = 0; i < req->n_channels; i++) { 7616 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 7617 goto nla_put_failure; 7618 } 7619 nla_nest_end(msg, nest); 7620 7621 if (req->ie && 7622 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie)) 7623 goto nla_put_failure; 7624 7625 return 0; 7626 nla_put_failure: 7627 return -ENOBUFS; 7628 } 7629 7630 static int nl80211_send_scan_msg(struct sk_buff *msg, 7631 struct cfg80211_registered_device *rdev, 7632 struct wireless_dev *wdev, 7633 u32 portid, u32 seq, int flags, 7634 u32 cmd) 7635 { 7636 void *hdr; 7637 7638 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 7639 if (!hdr) 7640 return -1; 7641 7642 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7643 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 7644 wdev->netdev->ifindex)) || 7645 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 7646 goto nla_put_failure; 7647 7648 /* ignore errors and send incomplete event anyway */ 7649 nl80211_add_scan_req(msg, rdev); 7650 7651 return genlmsg_end(msg, hdr); 7652 7653 nla_put_failure: 7654 genlmsg_cancel(msg, hdr); 7655 return -EMSGSIZE; 7656 } 7657 7658 static int 7659 nl80211_send_sched_scan_msg(struct sk_buff *msg, 7660 struct cfg80211_registered_device *rdev, 7661 struct net_device *netdev, 7662 u32 portid, u32 seq, int flags, u32 cmd) 7663 { 7664 void *hdr; 7665 7666 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 7667 if (!hdr) 7668 return -1; 7669 7670 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7671 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 7672 goto nla_put_failure; 7673 7674 return genlmsg_end(msg, hdr); 7675 7676 nla_put_failure: 7677 genlmsg_cancel(msg, hdr); 7678 return -EMSGSIZE; 7679 } 7680 7681 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 7682 struct wireless_dev *wdev) 7683 { 7684 struct sk_buff *msg; 7685 7686 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7687 if (!msg) 7688 return; 7689 7690 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 7691 NL80211_CMD_TRIGGER_SCAN) < 0) { 7692 nlmsg_free(msg); 7693 return; 7694 } 7695 7696 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7697 nl80211_scan_mcgrp.id, GFP_KERNEL); 7698 } 7699 7700 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 7701 struct wireless_dev *wdev) 7702 { 7703 struct sk_buff *msg; 7704 7705 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7706 if (!msg) 7707 return; 7708 7709 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 7710 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 7711 nlmsg_free(msg); 7712 return; 7713 } 7714 7715 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7716 nl80211_scan_mcgrp.id, GFP_KERNEL); 7717 } 7718 7719 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 7720 struct wireless_dev *wdev) 7721 { 7722 struct sk_buff *msg; 7723 7724 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7725 if (!msg) 7726 return; 7727 7728 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 7729 NL80211_CMD_SCAN_ABORTED) < 0) { 7730 nlmsg_free(msg); 7731 return; 7732 } 7733 7734 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7735 nl80211_scan_mcgrp.id, GFP_KERNEL); 7736 } 7737 7738 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, 7739 struct net_device *netdev) 7740 { 7741 struct sk_buff *msg; 7742 7743 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7744 if (!msg) 7745 return; 7746 7747 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, 7748 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) { 7749 nlmsg_free(msg); 7750 return; 7751 } 7752 7753 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7754 nl80211_scan_mcgrp.id, GFP_KERNEL); 7755 } 7756 7757 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, 7758 struct net_device *netdev, u32 cmd) 7759 { 7760 struct sk_buff *msg; 7761 7762 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7763 if (!msg) 7764 return; 7765 7766 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) { 7767 nlmsg_free(msg); 7768 return; 7769 } 7770 7771 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7772 nl80211_scan_mcgrp.id, GFP_KERNEL); 7773 } 7774 7775 /* 7776 * This can happen on global regulatory changes or device specific settings 7777 * based on custom world regulatory domains. 7778 */ 7779 void nl80211_send_reg_change_event(struct regulatory_request *request) 7780 { 7781 struct sk_buff *msg; 7782 void *hdr; 7783 7784 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7785 if (!msg) 7786 return; 7787 7788 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 7789 if (!hdr) { 7790 nlmsg_free(msg); 7791 return; 7792 } 7793 7794 /* Userspace can always count this one always being set */ 7795 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator)) 7796 goto nla_put_failure; 7797 7798 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') { 7799 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7800 NL80211_REGDOM_TYPE_WORLD)) 7801 goto nla_put_failure; 7802 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') { 7803 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7804 NL80211_REGDOM_TYPE_CUSTOM_WORLD)) 7805 goto nla_put_failure; 7806 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 7807 request->intersect) { 7808 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7809 NL80211_REGDOM_TYPE_INTERSECTION)) 7810 goto nla_put_failure; 7811 } else { 7812 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7813 NL80211_REGDOM_TYPE_COUNTRY) || 7814 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 7815 request->alpha2)) 7816 goto nla_put_failure; 7817 } 7818 7819 if (wiphy_idx_valid(request->wiphy_idx) && 7820 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx)) 7821 goto nla_put_failure; 7822 7823 genlmsg_end(msg, hdr); 7824 7825 rcu_read_lock(); 7826 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 7827 GFP_ATOMIC); 7828 rcu_read_unlock(); 7829 7830 return; 7831 7832 nla_put_failure: 7833 genlmsg_cancel(msg, hdr); 7834 nlmsg_free(msg); 7835 } 7836 7837 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 7838 struct net_device *netdev, 7839 const u8 *buf, size_t len, 7840 enum nl80211_commands cmd, gfp_t gfp) 7841 { 7842 struct sk_buff *msg; 7843 void *hdr; 7844 7845 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7846 if (!msg) 7847 return; 7848 7849 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7850 if (!hdr) { 7851 nlmsg_free(msg); 7852 return; 7853 } 7854 7855 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7856 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7857 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 7858 goto nla_put_failure; 7859 7860 genlmsg_end(msg, hdr); 7861 7862 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7863 nl80211_mlme_mcgrp.id, gfp); 7864 return; 7865 7866 nla_put_failure: 7867 genlmsg_cancel(msg, hdr); 7868 nlmsg_free(msg); 7869 } 7870 7871 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 7872 struct net_device *netdev, const u8 *buf, 7873 size_t len, gfp_t gfp) 7874 { 7875 nl80211_send_mlme_event(rdev, netdev, buf, len, 7876 NL80211_CMD_AUTHENTICATE, gfp); 7877 } 7878 7879 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 7880 struct net_device *netdev, const u8 *buf, 7881 size_t len, gfp_t gfp) 7882 { 7883 nl80211_send_mlme_event(rdev, netdev, buf, len, 7884 NL80211_CMD_ASSOCIATE, gfp); 7885 } 7886 7887 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 7888 struct net_device *netdev, const u8 *buf, 7889 size_t len, gfp_t gfp) 7890 { 7891 nl80211_send_mlme_event(rdev, netdev, buf, len, 7892 NL80211_CMD_DEAUTHENTICATE, gfp); 7893 } 7894 7895 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 7896 struct net_device *netdev, const u8 *buf, 7897 size_t len, gfp_t gfp) 7898 { 7899 nl80211_send_mlme_event(rdev, netdev, buf, len, 7900 NL80211_CMD_DISASSOCIATE, gfp); 7901 } 7902 7903 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev, 7904 struct net_device *netdev, const u8 *buf, 7905 size_t len, gfp_t gfp) 7906 { 7907 nl80211_send_mlme_event(rdev, netdev, buf, len, 7908 NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp); 7909 } 7910 7911 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev, 7912 struct net_device *netdev, const u8 *buf, 7913 size_t len, gfp_t gfp) 7914 { 7915 nl80211_send_mlme_event(rdev, netdev, buf, len, 7916 NL80211_CMD_UNPROT_DISASSOCIATE, gfp); 7917 } 7918 7919 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 7920 struct net_device *netdev, int cmd, 7921 const u8 *addr, gfp_t gfp) 7922 { 7923 struct sk_buff *msg; 7924 void *hdr; 7925 7926 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7927 if (!msg) 7928 return; 7929 7930 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7931 if (!hdr) { 7932 nlmsg_free(msg); 7933 return; 7934 } 7935 7936 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7937 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7938 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 7939 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 7940 goto nla_put_failure; 7941 7942 genlmsg_end(msg, hdr); 7943 7944 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7945 nl80211_mlme_mcgrp.id, gfp); 7946 return; 7947 7948 nla_put_failure: 7949 genlmsg_cancel(msg, hdr); 7950 nlmsg_free(msg); 7951 } 7952 7953 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 7954 struct net_device *netdev, const u8 *addr, 7955 gfp_t gfp) 7956 { 7957 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 7958 addr, gfp); 7959 } 7960 7961 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 7962 struct net_device *netdev, const u8 *addr, 7963 gfp_t gfp) 7964 { 7965 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 7966 addr, gfp); 7967 } 7968 7969 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 7970 struct net_device *netdev, const u8 *bssid, 7971 const u8 *req_ie, size_t req_ie_len, 7972 const u8 *resp_ie, size_t resp_ie_len, 7973 u16 status, gfp_t gfp) 7974 { 7975 struct sk_buff *msg; 7976 void *hdr; 7977 7978 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7979 if (!msg) 7980 return; 7981 7982 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 7983 if (!hdr) { 7984 nlmsg_free(msg); 7985 return; 7986 } 7987 7988 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7989 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7990 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) || 7991 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) || 7992 (req_ie && 7993 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 7994 (resp_ie && 7995 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 7996 goto nla_put_failure; 7997 7998 genlmsg_end(msg, hdr); 7999 8000 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8001 nl80211_mlme_mcgrp.id, gfp); 8002 return; 8003 8004 nla_put_failure: 8005 genlmsg_cancel(msg, hdr); 8006 nlmsg_free(msg); 8007 8008 } 8009 8010 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 8011 struct net_device *netdev, const u8 *bssid, 8012 const u8 *req_ie, size_t req_ie_len, 8013 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 8014 { 8015 struct sk_buff *msg; 8016 void *hdr; 8017 8018 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8019 if (!msg) 8020 return; 8021 8022 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 8023 if (!hdr) { 8024 nlmsg_free(msg); 8025 return; 8026 } 8027 8028 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8029 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8030 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) || 8031 (req_ie && 8032 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 8033 (resp_ie && 8034 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 8035 goto nla_put_failure; 8036 8037 genlmsg_end(msg, hdr); 8038 8039 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8040 nl80211_mlme_mcgrp.id, gfp); 8041 return; 8042 8043 nla_put_failure: 8044 genlmsg_cancel(msg, hdr); 8045 nlmsg_free(msg); 8046 8047 } 8048 8049 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 8050 struct net_device *netdev, u16 reason, 8051 const u8 *ie, size_t ie_len, bool from_ap) 8052 { 8053 struct sk_buff *msg; 8054 void *hdr; 8055 8056 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8057 if (!msg) 8058 return; 8059 8060 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 8061 if (!hdr) { 8062 nlmsg_free(msg); 8063 return; 8064 } 8065 8066 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8067 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8068 (from_ap && reason && 8069 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) || 8070 (from_ap && 8071 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) || 8072 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) 8073 goto nla_put_failure; 8074 8075 genlmsg_end(msg, hdr); 8076 8077 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8078 nl80211_mlme_mcgrp.id, GFP_KERNEL); 8079 return; 8080 8081 nla_put_failure: 8082 genlmsg_cancel(msg, hdr); 8083 nlmsg_free(msg); 8084 8085 } 8086 8087 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 8088 struct net_device *netdev, const u8 *bssid, 8089 gfp_t gfp) 8090 { 8091 struct sk_buff *msg; 8092 void *hdr; 8093 8094 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8095 if (!msg) 8096 return; 8097 8098 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 8099 if (!hdr) { 8100 nlmsg_free(msg); 8101 return; 8102 } 8103 8104 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8105 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8106 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 8107 goto nla_put_failure; 8108 8109 genlmsg_end(msg, hdr); 8110 8111 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8112 nl80211_mlme_mcgrp.id, gfp); 8113 return; 8114 8115 nla_put_failure: 8116 genlmsg_cancel(msg, hdr); 8117 nlmsg_free(msg); 8118 } 8119 8120 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev, 8121 struct net_device *netdev, 8122 const u8 *macaddr, const u8* ie, u8 ie_len, 8123 gfp_t gfp) 8124 { 8125 struct sk_buff *msg; 8126 void *hdr; 8127 8128 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8129 if (!msg) 8130 return; 8131 8132 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 8133 if (!hdr) { 8134 nlmsg_free(msg); 8135 return; 8136 } 8137 8138 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8139 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8140 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr) || 8141 (ie_len && ie && 8142 nla_put(msg, NL80211_ATTR_IE, ie_len , ie))) 8143 goto nla_put_failure; 8144 8145 genlmsg_end(msg, hdr); 8146 8147 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8148 nl80211_mlme_mcgrp.id, gfp); 8149 return; 8150 8151 nla_put_failure: 8152 genlmsg_cancel(msg, hdr); 8153 nlmsg_free(msg); 8154 } 8155 8156 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 8157 struct net_device *netdev, const u8 *addr, 8158 enum nl80211_key_type key_type, int key_id, 8159 const u8 *tsc, gfp_t gfp) 8160 { 8161 struct sk_buff *msg; 8162 void *hdr; 8163 8164 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8165 if (!msg) 8166 return; 8167 8168 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 8169 if (!hdr) { 8170 nlmsg_free(msg); 8171 return; 8172 } 8173 8174 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8175 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8176 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) || 8177 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) || 8178 (key_id != -1 && 8179 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) || 8180 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc))) 8181 goto nla_put_failure; 8182 8183 genlmsg_end(msg, hdr); 8184 8185 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8186 nl80211_mlme_mcgrp.id, gfp); 8187 return; 8188 8189 nla_put_failure: 8190 genlmsg_cancel(msg, hdr); 8191 nlmsg_free(msg); 8192 } 8193 8194 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 8195 struct ieee80211_channel *channel_before, 8196 struct ieee80211_channel *channel_after) 8197 { 8198 struct sk_buff *msg; 8199 void *hdr; 8200 struct nlattr *nl_freq; 8201 8202 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 8203 if (!msg) 8204 return; 8205 8206 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 8207 if (!hdr) { 8208 nlmsg_free(msg); 8209 return; 8210 } 8211 8212 /* 8213 * Since we are applying the beacon hint to a wiphy we know its 8214 * wiphy_idx is valid 8215 */ 8216 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 8217 goto nla_put_failure; 8218 8219 /* Before */ 8220 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 8221 if (!nl_freq) 8222 goto nla_put_failure; 8223 if (nl80211_msg_put_channel(msg, channel_before)) 8224 goto nla_put_failure; 8225 nla_nest_end(msg, nl_freq); 8226 8227 /* After */ 8228 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 8229 if (!nl_freq) 8230 goto nla_put_failure; 8231 if (nl80211_msg_put_channel(msg, channel_after)) 8232 goto nla_put_failure; 8233 nla_nest_end(msg, nl_freq); 8234 8235 genlmsg_end(msg, hdr); 8236 8237 rcu_read_lock(); 8238 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 8239 GFP_ATOMIC); 8240 rcu_read_unlock(); 8241 8242 return; 8243 8244 nla_put_failure: 8245 genlmsg_cancel(msg, hdr); 8246 nlmsg_free(msg); 8247 } 8248 8249 static void nl80211_send_remain_on_chan_event( 8250 int cmd, struct cfg80211_registered_device *rdev, 8251 struct wireless_dev *wdev, u64 cookie, 8252 struct ieee80211_channel *chan, 8253 enum nl80211_channel_type channel_type, 8254 unsigned int duration, gfp_t gfp) 8255 { 8256 struct sk_buff *msg; 8257 void *hdr; 8258 8259 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8260 if (!msg) 8261 return; 8262 8263 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 8264 if (!hdr) { 8265 nlmsg_free(msg); 8266 return; 8267 } 8268 8269 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8270 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 8271 wdev->netdev->ifindex)) || 8272 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 8273 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 8274 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type) || 8275 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 8276 goto nla_put_failure; 8277 8278 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL && 8279 nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) 8280 goto nla_put_failure; 8281 8282 genlmsg_end(msg, hdr); 8283 8284 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8285 nl80211_mlme_mcgrp.id, gfp); 8286 return; 8287 8288 nla_put_failure: 8289 genlmsg_cancel(msg, hdr); 8290 nlmsg_free(msg); 8291 } 8292 8293 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 8294 struct wireless_dev *wdev, u64 cookie, 8295 struct ieee80211_channel *chan, 8296 enum nl80211_channel_type channel_type, 8297 unsigned int duration, gfp_t gfp) 8298 { 8299 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 8300 rdev, wdev, cookie, chan, 8301 channel_type, duration, gfp); 8302 } 8303 8304 void nl80211_send_remain_on_channel_cancel( 8305 struct cfg80211_registered_device *rdev, 8306 struct wireless_dev *wdev, 8307 u64 cookie, struct ieee80211_channel *chan, 8308 enum nl80211_channel_type channel_type, gfp_t gfp) 8309 { 8310 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 8311 rdev, wdev, cookie, chan, 8312 channel_type, 0, gfp); 8313 } 8314 8315 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 8316 struct net_device *dev, const u8 *mac_addr, 8317 struct station_info *sinfo, gfp_t gfp) 8318 { 8319 struct sk_buff *msg; 8320 8321 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8322 if (!msg) 8323 return; 8324 8325 if (nl80211_send_station(msg, 0, 0, 0, 8326 rdev, dev, mac_addr, sinfo) < 0) { 8327 nlmsg_free(msg); 8328 return; 8329 } 8330 8331 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8332 nl80211_mlme_mcgrp.id, gfp); 8333 } 8334 8335 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev, 8336 struct net_device *dev, const u8 *mac_addr, 8337 gfp_t gfp) 8338 { 8339 struct sk_buff *msg; 8340 void *hdr; 8341 8342 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8343 if (!msg) 8344 return; 8345 8346 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION); 8347 if (!hdr) { 8348 nlmsg_free(msg); 8349 return; 8350 } 8351 8352 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8353 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 8354 goto nla_put_failure; 8355 8356 genlmsg_end(msg, hdr); 8357 8358 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8359 nl80211_mlme_mcgrp.id, gfp); 8360 return; 8361 8362 nla_put_failure: 8363 genlmsg_cancel(msg, hdr); 8364 nlmsg_free(msg); 8365 } 8366 8367 void nl80211_send_conn_failed_event(struct cfg80211_registered_device *rdev, 8368 struct net_device *dev, const u8 *mac_addr, 8369 enum nl80211_connect_failed_reason reason, 8370 gfp_t gfp) 8371 { 8372 struct sk_buff *msg; 8373 void *hdr; 8374 8375 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 8376 if (!msg) 8377 return; 8378 8379 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED); 8380 if (!hdr) { 8381 nlmsg_free(msg); 8382 return; 8383 } 8384 8385 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8386 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 8387 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason)) 8388 goto nla_put_failure; 8389 8390 genlmsg_end(msg, hdr); 8391 8392 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8393 nl80211_mlme_mcgrp.id, gfp); 8394 return; 8395 8396 nla_put_failure: 8397 genlmsg_cancel(msg, hdr); 8398 nlmsg_free(msg); 8399 } 8400 8401 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 8402 const u8 *addr, gfp_t gfp) 8403 { 8404 struct wireless_dev *wdev = dev->ieee80211_ptr; 8405 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 8406 struct sk_buff *msg; 8407 void *hdr; 8408 int err; 8409 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid); 8410 8411 if (!nlportid) 8412 return false; 8413 8414 msg = nlmsg_new(100, gfp); 8415 if (!msg) 8416 return true; 8417 8418 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 8419 if (!hdr) { 8420 nlmsg_free(msg); 8421 return true; 8422 } 8423 8424 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8425 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8426 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 8427 goto nla_put_failure; 8428 8429 err = genlmsg_end(msg, hdr); 8430 if (err < 0) { 8431 nlmsg_free(msg); 8432 return true; 8433 } 8434 8435 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 8436 return true; 8437 8438 nla_put_failure: 8439 genlmsg_cancel(msg, hdr); 8440 nlmsg_free(msg); 8441 return true; 8442 } 8443 8444 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp) 8445 { 8446 return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 8447 addr, gfp); 8448 } 8449 8450 bool nl80211_unexpected_4addr_frame(struct net_device *dev, 8451 const u8 *addr, gfp_t gfp) 8452 { 8453 return __nl80211_unexpected_frame(dev, 8454 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 8455 addr, gfp); 8456 } 8457 8458 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 8459 struct wireless_dev *wdev, u32 nlportid, 8460 int freq, int sig_dbm, 8461 const u8 *buf, size_t len, gfp_t gfp) 8462 { 8463 struct net_device *netdev = wdev->netdev; 8464 struct sk_buff *msg; 8465 void *hdr; 8466 8467 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8468 if (!msg) 8469 return -ENOMEM; 8470 8471 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 8472 if (!hdr) { 8473 nlmsg_free(msg); 8474 return -ENOMEM; 8475 } 8476 8477 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8478 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 8479 netdev->ifindex)) || 8480 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 8481 (sig_dbm && 8482 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 8483 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 8484 goto nla_put_failure; 8485 8486 genlmsg_end(msg, hdr); 8487 8488 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 8489 8490 nla_put_failure: 8491 genlmsg_cancel(msg, hdr); 8492 nlmsg_free(msg); 8493 return -ENOBUFS; 8494 } 8495 8496 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev, 8497 struct wireless_dev *wdev, u64 cookie, 8498 const u8 *buf, size_t len, bool ack, 8499 gfp_t gfp) 8500 { 8501 struct net_device *netdev = wdev->netdev; 8502 struct sk_buff *msg; 8503 void *hdr; 8504 8505 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8506 if (!msg) 8507 return; 8508 8509 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS); 8510 if (!hdr) { 8511 nlmsg_free(msg); 8512 return; 8513 } 8514 8515 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8516 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 8517 netdev->ifindex)) || 8518 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 8519 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 8520 (ack && nla_put_flag(msg, NL80211_ATTR_ACK))) 8521 goto nla_put_failure; 8522 8523 genlmsg_end(msg, hdr); 8524 8525 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 8526 return; 8527 8528 nla_put_failure: 8529 genlmsg_cancel(msg, hdr); 8530 nlmsg_free(msg); 8531 } 8532 8533 void 8534 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, 8535 struct net_device *netdev, 8536 enum nl80211_cqm_rssi_threshold_event rssi_event, 8537 gfp_t gfp) 8538 { 8539 struct sk_buff *msg; 8540 struct nlattr *pinfoattr; 8541 void *hdr; 8542 8543 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8544 if (!msg) 8545 return; 8546 8547 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 8548 if (!hdr) { 8549 nlmsg_free(msg); 8550 return; 8551 } 8552 8553 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8554 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 8555 goto nla_put_failure; 8556 8557 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 8558 if (!pinfoattr) 8559 goto nla_put_failure; 8560 8561 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 8562 rssi_event)) 8563 goto nla_put_failure; 8564 8565 nla_nest_end(msg, pinfoattr); 8566 8567 genlmsg_end(msg, hdr); 8568 8569 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8570 nl80211_mlme_mcgrp.id, gfp); 8571 return; 8572 8573 nla_put_failure: 8574 genlmsg_cancel(msg, hdr); 8575 nlmsg_free(msg); 8576 } 8577 8578 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 8579 struct net_device *netdev, const u8 *bssid, 8580 const u8 *replay_ctr, gfp_t gfp) 8581 { 8582 struct sk_buff *msg; 8583 struct nlattr *rekey_attr; 8584 void *hdr; 8585 8586 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8587 if (!msg) 8588 return; 8589 8590 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 8591 if (!hdr) { 8592 nlmsg_free(msg); 8593 return; 8594 } 8595 8596 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8597 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8598 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 8599 goto nla_put_failure; 8600 8601 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 8602 if (!rekey_attr) 8603 goto nla_put_failure; 8604 8605 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, 8606 NL80211_REPLAY_CTR_LEN, replay_ctr)) 8607 goto nla_put_failure; 8608 8609 nla_nest_end(msg, rekey_attr); 8610 8611 genlmsg_end(msg, hdr); 8612 8613 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8614 nl80211_mlme_mcgrp.id, gfp); 8615 return; 8616 8617 nla_put_failure: 8618 genlmsg_cancel(msg, hdr); 8619 nlmsg_free(msg); 8620 } 8621 8622 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 8623 struct net_device *netdev, int index, 8624 const u8 *bssid, bool preauth, gfp_t gfp) 8625 { 8626 struct sk_buff *msg; 8627 struct nlattr *attr; 8628 void *hdr; 8629 8630 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8631 if (!msg) 8632 return; 8633 8634 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 8635 if (!hdr) { 8636 nlmsg_free(msg); 8637 return; 8638 } 8639 8640 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8641 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 8642 goto nla_put_failure; 8643 8644 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE); 8645 if (!attr) 8646 goto nla_put_failure; 8647 8648 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) || 8649 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) || 8650 (preauth && 8651 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH))) 8652 goto nla_put_failure; 8653 8654 nla_nest_end(msg, attr); 8655 8656 genlmsg_end(msg, hdr); 8657 8658 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8659 nl80211_mlme_mcgrp.id, gfp); 8660 return; 8661 8662 nla_put_failure: 8663 genlmsg_cancel(msg, hdr); 8664 nlmsg_free(msg); 8665 } 8666 8667 void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev, 8668 struct net_device *netdev, int freq, 8669 enum nl80211_channel_type type, gfp_t gfp) 8670 { 8671 struct sk_buff *msg; 8672 void *hdr; 8673 8674 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8675 if (!msg) 8676 return; 8677 8678 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY); 8679 if (!hdr) { 8680 nlmsg_free(msg); 8681 return; 8682 } 8683 8684 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8685 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 8686 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, type)) 8687 goto nla_put_failure; 8688 8689 genlmsg_end(msg, hdr); 8690 8691 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8692 nl80211_mlme_mcgrp.id, gfp); 8693 return; 8694 8695 nla_put_failure: 8696 genlmsg_cancel(msg, hdr); 8697 nlmsg_free(msg); 8698 } 8699 8700 void 8701 nl80211_send_cqm_txe_notify(struct cfg80211_registered_device *rdev, 8702 struct net_device *netdev, const u8 *peer, 8703 u32 num_packets, u32 rate, u32 intvl, gfp_t gfp) 8704 { 8705 struct sk_buff *msg; 8706 struct nlattr *pinfoattr; 8707 void *hdr; 8708 8709 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 8710 if (!msg) 8711 return; 8712 8713 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 8714 if (!hdr) { 8715 nlmsg_free(msg); 8716 return; 8717 } 8718 8719 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8720 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8721 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 8722 goto nla_put_failure; 8723 8724 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 8725 if (!pinfoattr) 8726 goto nla_put_failure; 8727 8728 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets)) 8729 goto nla_put_failure; 8730 8731 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate)) 8732 goto nla_put_failure; 8733 8734 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl)) 8735 goto nla_put_failure; 8736 8737 nla_nest_end(msg, pinfoattr); 8738 8739 genlmsg_end(msg, hdr); 8740 8741 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8742 nl80211_mlme_mcgrp.id, gfp); 8743 return; 8744 8745 nla_put_failure: 8746 genlmsg_cancel(msg, hdr); 8747 nlmsg_free(msg); 8748 } 8749 8750 void 8751 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev, 8752 struct net_device *netdev, const u8 *peer, 8753 u32 num_packets, gfp_t gfp) 8754 { 8755 struct sk_buff *msg; 8756 struct nlattr *pinfoattr; 8757 void *hdr; 8758 8759 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8760 if (!msg) 8761 return; 8762 8763 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 8764 if (!hdr) { 8765 nlmsg_free(msg); 8766 return; 8767 } 8768 8769 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8770 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8771 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 8772 goto nla_put_failure; 8773 8774 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 8775 if (!pinfoattr) 8776 goto nla_put_failure; 8777 8778 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets)) 8779 goto nla_put_failure; 8780 8781 nla_nest_end(msg, pinfoattr); 8782 8783 genlmsg_end(msg, hdr); 8784 8785 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8786 nl80211_mlme_mcgrp.id, gfp); 8787 return; 8788 8789 nla_put_failure: 8790 genlmsg_cancel(msg, hdr); 8791 nlmsg_free(msg); 8792 } 8793 8794 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 8795 u64 cookie, bool acked, gfp_t gfp) 8796 { 8797 struct wireless_dev *wdev = dev->ieee80211_ptr; 8798 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 8799 struct sk_buff *msg; 8800 void *hdr; 8801 int err; 8802 8803 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8804 if (!msg) 8805 return; 8806 8807 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 8808 if (!hdr) { 8809 nlmsg_free(msg); 8810 return; 8811 } 8812 8813 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8814 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8815 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 8816 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 8817 (acked && nla_put_flag(msg, NL80211_ATTR_ACK))) 8818 goto nla_put_failure; 8819 8820 err = genlmsg_end(msg, hdr); 8821 if (err < 0) { 8822 nlmsg_free(msg); 8823 return; 8824 } 8825 8826 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8827 nl80211_mlme_mcgrp.id, gfp); 8828 return; 8829 8830 nla_put_failure: 8831 genlmsg_cancel(msg, hdr); 8832 nlmsg_free(msg); 8833 } 8834 EXPORT_SYMBOL(cfg80211_probe_status); 8835 8836 void cfg80211_report_obss_beacon(struct wiphy *wiphy, 8837 const u8 *frame, size_t len, 8838 int freq, int sig_dbm, gfp_t gfp) 8839 { 8840 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 8841 struct sk_buff *msg; 8842 void *hdr; 8843 u32 nlportid = ACCESS_ONCE(rdev->ap_beacons_nlportid); 8844 8845 if (!nlportid) 8846 return; 8847 8848 msg = nlmsg_new(len + 100, gfp); 8849 if (!msg) 8850 return; 8851 8852 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 8853 if (!hdr) { 8854 nlmsg_free(msg); 8855 return; 8856 } 8857 8858 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8859 (freq && 8860 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) || 8861 (sig_dbm && 8862 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 8863 nla_put(msg, NL80211_ATTR_FRAME, len, frame)) 8864 goto nla_put_failure; 8865 8866 genlmsg_end(msg, hdr); 8867 8868 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 8869 return; 8870 8871 nla_put_failure: 8872 genlmsg_cancel(msg, hdr); 8873 nlmsg_free(msg); 8874 } 8875 EXPORT_SYMBOL(cfg80211_report_obss_beacon); 8876 8877 static int nl80211_netlink_notify(struct notifier_block * nb, 8878 unsigned long state, 8879 void *_notify) 8880 { 8881 struct netlink_notify *notify = _notify; 8882 struct cfg80211_registered_device *rdev; 8883 struct wireless_dev *wdev; 8884 8885 if (state != NETLINK_URELEASE) 8886 return NOTIFY_DONE; 8887 8888 rcu_read_lock(); 8889 8890 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 8891 list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) 8892 cfg80211_mlme_unregister_socket(wdev, notify->portid); 8893 if (rdev->ap_beacons_nlportid == notify->portid) 8894 rdev->ap_beacons_nlportid = 0; 8895 } 8896 8897 rcu_read_unlock(); 8898 8899 return NOTIFY_DONE; 8900 } 8901 8902 static struct notifier_block nl80211_netlink_notifier = { 8903 .notifier_call = nl80211_netlink_notify, 8904 }; 8905 8906 /* initialisation/exit functions */ 8907 8908 int nl80211_init(void) 8909 { 8910 int err; 8911 8912 err = genl_register_family_with_ops(&nl80211_fam, 8913 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 8914 if (err) 8915 return err; 8916 8917 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 8918 if (err) 8919 goto err_out; 8920 8921 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 8922 if (err) 8923 goto err_out; 8924 8925 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 8926 if (err) 8927 goto err_out; 8928 8929 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 8930 if (err) 8931 goto err_out; 8932 8933 #ifdef CONFIG_NL80211_TESTMODE 8934 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 8935 if (err) 8936 goto err_out; 8937 #endif 8938 8939 err = netlink_register_notifier(&nl80211_netlink_notifier); 8940 if (err) 8941 goto err_out; 8942 8943 return 0; 8944 err_out: 8945 genl_unregister_family(&nl80211_fam); 8946 return err; 8947 } 8948 8949 void nl80211_exit(void) 8950 { 8951 netlink_unregister_notifier(&nl80211_netlink_notifier); 8952 genl_unregister_family(&nl80211_fam); 8953 } 8954