1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include "core.h" 23 #include "nl80211.h" 24 #include "reg.h" 25 26 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type); 27 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 28 struct genl_info *info, 29 struct cfg80211_crypto_settings *settings, 30 int cipher_limit); 31 32 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 33 struct genl_info *info); 34 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 35 struct genl_info *info); 36 37 /* the netlink family */ 38 static struct genl_family nl80211_fam = { 39 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 40 .name = "nl80211", /* have users key off the name instead */ 41 .hdrsize = 0, /* no private header */ 42 .version = 1, /* no particular meaning now */ 43 .maxattr = NL80211_ATTR_MAX, 44 .netnsok = true, 45 .pre_doit = nl80211_pre_doit, 46 .post_doit = nl80211_post_doit, 47 }; 48 49 /* internal helper: get rdev and dev */ 50 static int get_rdev_dev_by_ifindex(struct net *netns, struct nlattr **attrs, 51 struct cfg80211_registered_device **rdev, 52 struct net_device **dev) 53 { 54 int ifindex; 55 56 if (!attrs[NL80211_ATTR_IFINDEX]) 57 return -EINVAL; 58 59 ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 60 *dev = dev_get_by_index(netns, ifindex); 61 if (!*dev) 62 return -ENODEV; 63 64 *rdev = cfg80211_get_dev_from_ifindex(netns, ifindex); 65 if (IS_ERR(*rdev)) { 66 dev_put(*dev); 67 return PTR_ERR(*rdev); 68 } 69 70 return 0; 71 } 72 73 /* policy for the attributes */ 74 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 75 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 76 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 77 .len = 20-1 }, 78 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 79 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 80 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 81 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 82 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 83 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 84 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 85 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 86 87 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 88 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 89 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 90 91 [NL80211_ATTR_MAC] = { .len = ETH_ALEN }, 92 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN }, 93 94 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 95 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 96 .len = WLAN_MAX_KEY_LEN }, 97 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 98 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 99 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 100 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 101 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 }, 102 103 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 104 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 105 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 106 .len = IEEE80211_MAX_DATA_LEN }, 107 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 108 .len = IEEE80211_MAX_DATA_LEN }, 109 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 110 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 111 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 112 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 113 .len = NL80211_MAX_SUPP_RATES }, 114 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 115 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 116 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 117 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 118 .len = IEEE80211_MAX_MESH_ID_LEN }, 119 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 120 121 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 122 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 123 124 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 125 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 126 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 127 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 128 .len = NL80211_MAX_SUPP_RATES }, 129 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 130 131 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 132 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 133 134 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN }, 135 136 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 137 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 138 .len = IEEE80211_MAX_DATA_LEN }, 139 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 140 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 141 142 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 143 .len = IEEE80211_MAX_SSID_LEN }, 144 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 145 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 146 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 147 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 148 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 149 [NL80211_ATTR_STA_FLAGS2] = { 150 .len = sizeof(struct nl80211_sta_flag_update), 151 }, 152 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 153 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 154 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 155 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 156 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 157 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 158 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 159 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 160 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 161 .len = WLAN_PMKID_LEN }, 162 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 163 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 164 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 165 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 166 .len = IEEE80211_MAX_DATA_LEN }, 167 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 168 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 169 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 170 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 171 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 172 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 173 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 174 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 175 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 176 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 177 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 178 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 179 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 180 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 181 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, 182 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 183 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 184 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 185 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 }, 186 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY, 187 .len = IEEE80211_MAX_DATA_LEN }, 188 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY, 189 .len = IEEE80211_MAX_DATA_LEN }, 190 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 191 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 192 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 193 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 194 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 195 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 196 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 197 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 198 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 199 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 200 .len = IEEE80211_MAX_DATA_LEN }, 201 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 202 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 203 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 204 .len = NL80211_HT_CAPABILITY_LEN 205 }, 206 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 207 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 208 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 209 }; 210 211 /* policy for the key attributes */ 212 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 213 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 214 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 215 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 216 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 217 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 218 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 219 [NL80211_KEY_TYPE] = { .type = NLA_U32 }, 220 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 221 }; 222 223 /* policy for the key default flags */ 224 static const struct nla_policy 225 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 226 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 227 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 228 }; 229 230 /* policy for WoWLAN attributes */ 231 static const struct nla_policy 232 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 233 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 234 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 235 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 236 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 237 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 238 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 239 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 240 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 241 }; 242 243 /* policy for GTK rekey offload attributes */ 244 static const struct nla_policy 245 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 246 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN }, 247 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN }, 248 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN }, 249 }; 250 251 static const struct nla_policy 252 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 253 [NL80211_ATTR_SCHED_SCAN_MATCH_SSID] = { .type = NLA_BINARY, 254 .len = IEEE80211_MAX_SSID_LEN }, 255 }; 256 257 /* ifidx get helper */ 258 static int nl80211_get_ifidx(struct netlink_callback *cb) 259 { 260 int res; 261 262 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 263 nl80211_fam.attrbuf, nl80211_fam.maxattr, 264 nl80211_policy); 265 if (res) 266 return res; 267 268 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 269 return -EINVAL; 270 271 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 272 if (!res) 273 return -EINVAL; 274 return res; 275 } 276 277 static int nl80211_prepare_netdev_dump(struct sk_buff *skb, 278 struct netlink_callback *cb, 279 struct cfg80211_registered_device **rdev, 280 struct net_device **dev) 281 { 282 int ifidx = cb->args[0]; 283 int err; 284 285 if (!ifidx) 286 ifidx = nl80211_get_ifidx(cb); 287 if (ifidx < 0) 288 return ifidx; 289 290 cb->args[0] = ifidx; 291 292 rtnl_lock(); 293 294 *dev = __dev_get_by_index(sock_net(skb->sk), ifidx); 295 if (!*dev) { 296 err = -ENODEV; 297 goto out_rtnl; 298 } 299 300 *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 301 if (IS_ERR(*rdev)) { 302 err = PTR_ERR(*rdev); 303 goto out_rtnl; 304 } 305 306 return 0; 307 out_rtnl: 308 rtnl_unlock(); 309 return err; 310 } 311 312 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev) 313 { 314 cfg80211_unlock_rdev(rdev); 315 rtnl_unlock(); 316 } 317 318 /* IE validation */ 319 static bool is_valid_ie_attr(const struct nlattr *attr) 320 { 321 const u8 *pos; 322 int len; 323 324 if (!attr) 325 return true; 326 327 pos = nla_data(attr); 328 len = nla_len(attr); 329 330 while (len) { 331 u8 elemlen; 332 333 if (len < 2) 334 return false; 335 len -= 2; 336 337 elemlen = pos[1]; 338 if (elemlen > len) 339 return false; 340 341 len -= elemlen; 342 pos += 2 + elemlen; 343 } 344 345 return true; 346 } 347 348 /* message building helper */ 349 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq, 350 int flags, u8 cmd) 351 { 352 /* since there is no private header just add the generic one */ 353 return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd); 354 } 355 356 static int nl80211_msg_put_channel(struct sk_buff *msg, 357 struct ieee80211_channel *chan) 358 { 359 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ, 360 chan->center_freq); 361 362 if (chan->flags & IEEE80211_CHAN_DISABLED) 363 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED); 364 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) 365 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN); 366 if (chan->flags & IEEE80211_CHAN_NO_IBSS) 367 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS); 368 if (chan->flags & IEEE80211_CHAN_RADAR) 369 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR); 370 371 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 372 DBM_TO_MBM(chan->max_power)); 373 374 return 0; 375 376 nla_put_failure: 377 return -ENOBUFS; 378 } 379 380 /* netlink command implementations */ 381 382 struct key_parse { 383 struct key_params p; 384 int idx; 385 int type; 386 bool def, defmgmt; 387 bool def_uni, def_multi; 388 }; 389 390 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 391 { 392 struct nlattr *tb[NL80211_KEY_MAX + 1]; 393 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 394 nl80211_key_policy); 395 if (err) 396 return err; 397 398 k->def = !!tb[NL80211_KEY_DEFAULT]; 399 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 400 401 if (k->def) { 402 k->def_uni = true; 403 k->def_multi = true; 404 } 405 if (k->defmgmt) 406 k->def_multi = true; 407 408 if (tb[NL80211_KEY_IDX]) 409 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 410 411 if (tb[NL80211_KEY_DATA]) { 412 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 413 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 414 } 415 416 if (tb[NL80211_KEY_SEQ]) { 417 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 418 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 419 } 420 421 if (tb[NL80211_KEY_CIPHER]) 422 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 423 424 if (tb[NL80211_KEY_TYPE]) { 425 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 426 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 427 return -EINVAL; 428 } 429 430 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 431 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 432 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 433 tb[NL80211_KEY_DEFAULT_TYPES], 434 nl80211_key_default_policy); 435 if (err) 436 return err; 437 438 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 439 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 440 } 441 442 return 0; 443 } 444 445 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 446 { 447 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 448 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 449 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 450 } 451 452 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 453 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 454 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 455 } 456 457 if (info->attrs[NL80211_ATTR_KEY_IDX]) 458 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 459 460 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 461 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 462 463 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 464 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 465 466 if (k->def) { 467 k->def_uni = true; 468 k->def_multi = true; 469 } 470 if (k->defmgmt) 471 k->def_multi = true; 472 473 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 474 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 475 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 476 return -EINVAL; 477 } 478 479 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 480 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 481 int err = nla_parse_nested( 482 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 483 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 484 nl80211_key_default_policy); 485 if (err) 486 return err; 487 488 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 489 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 490 } 491 492 return 0; 493 } 494 495 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 496 { 497 int err; 498 499 memset(k, 0, sizeof(*k)); 500 k->idx = -1; 501 k->type = -1; 502 503 if (info->attrs[NL80211_ATTR_KEY]) 504 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 505 else 506 err = nl80211_parse_key_old(info, k); 507 508 if (err) 509 return err; 510 511 if (k->def && k->defmgmt) 512 return -EINVAL; 513 514 if (k->defmgmt) { 515 if (k->def_uni || !k->def_multi) 516 return -EINVAL; 517 } 518 519 if (k->idx != -1) { 520 if (k->defmgmt) { 521 if (k->idx < 4 || k->idx > 5) 522 return -EINVAL; 523 } else if (k->def) { 524 if (k->idx < 0 || k->idx > 3) 525 return -EINVAL; 526 } else { 527 if (k->idx < 0 || k->idx > 5) 528 return -EINVAL; 529 } 530 } 531 532 return 0; 533 } 534 535 static struct cfg80211_cached_keys * 536 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 537 struct nlattr *keys) 538 { 539 struct key_parse parse; 540 struct nlattr *key; 541 struct cfg80211_cached_keys *result; 542 int rem, err, def = 0; 543 544 result = kzalloc(sizeof(*result), GFP_KERNEL); 545 if (!result) 546 return ERR_PTR(-ENOMEM); 547 548 result->def = -1; 549 result->defmgmt = -1; 550 551 nla_for_each_nested(key, keys, rem) { 552 memset(&parse, 0, sizeof(parse)); 553 parse.idx = -1; 554 555 err = nl80211_parse_key_new(key, &parse); 556 if (err) 557 goto error; 558 err = -EINVAL; 559 if (!parse.p.key) 560 goto error; 561 if (parse.idx < 0 || parse.idx > 4) 562 goto error; 563 if (parse.def) { 564 if (def) 565 goto error; 566 def = 1; 567 result->def = parse.idx; 568 if (!parse.def_uni || !parse.def_multi) 569 goto error; 570 } else if (parse.defmgmt) 571 goto error; 572 err = cfg80211_validate_key_settings(rdev, &parse.p, 573 parse.idx, false, NULL); 574 if (err) 575 goto error; 576 result->params[parse.idx].cipher = parse.p.cipher; 577 result->params[parse.idx].key_len = parse.p.key_len; 578 result->params[parse.idx].key = result->data[parse.idx]; 579 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 580 } 581 582 return result; 583 error: 584 kfree(result); 585 return ERR_PTR(err); 586 } 587 588 static int nl80211_key_allowed(struct wireless_dev *wdev) 589 { 590 ASSERT_WDEV_LOCK(wdev); 591 592 switch (wdev->iftype) { 593 case NL80211_IFTYPE_AP: 594 case NL80211_IFTYPE_AP_VLAN: 595 case NL80211_IFTYPE_P2P_GO: 596 case NL80211_IFTYPE_MESH_POINT: 597 break; 598 case NL80211_IFTYPE_ADHOC: 599 if (!wdev->current_bss) 600 return -ENOLINK; 601 break; 602 case NL80211_IFTYPE_STATION: 603 case NL80211_IFTYPE_P2P_CLIENT: 604 if (wdev->sme_state != CFG80211_SME_CONNECTED) 605 return -ENOLINK; 606 break; 607 default: 608 return -EINVAL; 609 } 610 611 return 0; 612 } 613 614 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 615 { 616 struct nlattr *nl_modes = nla_nest_start(msg, attr); 617 int i; 618 619 if (!nl_modes) 620 goto nla_put_failure; 621 622 i = 0; 623 while (ifmodes) { 624 if (ifmodes & 1) 625 NLA_PUT_FLAG(msg, i); 626 ifmodes >>= 1; 627 i++; 628 } 629 630 nla_nest_end(msg, nl_modes); 631 return 0; 632 633 nla_put_failure: 634 return -ENOBUFS; 635 } 636 637 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 638 struct sk_buff *msg) 639 { 640 struct nlattr *nl_combis; 641 int i, j; 642 643 nl_combis = nla_nest_start(msg, 644 NL80211_ATTR_INTERFACE_COMBINATIONS); 645 if (!nl_combis) 646 goto nla_put_failure; 647 648 for (i = 0; i < wiphy->n_iface_combinations; i++) { 649 const struct ieee80211_iface_combination *c; 650 struct nlattr *nl_combi, *nl_limits; 651 652 c = &wiphy->iface_combinations[i]; 653 654 nl_combi = nla_nest_start(msg, i + 1); 655 if (!nl_combi) 656 goto nla_put_failure; 657 658 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS); 659 if (!nl_limits) 660 goto nla_put_failure; 661 662 for (j = 0; j < c->n_limits; j++) { 663 struct nlattr *nl_limit; 664 665 nl_limit = nla_nest_start(msg, j + 1); 666 if (!nl_limit) 667 goto nla_put_failure; 668 NLA_PUT_U32(msg, NL80211_IFACE_LIMIT_MAX, 669 c->limits[j].max); 670 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 671 c->limits[j].types)) 672 goto nla_put_failure; 673 nla_nest_end(msg, nl_limit); 674 } 675 676 nla_nest_end(msg, nl_limits); 677 678 if (c->beacon_int_infra_match) 679 NLA_PUT_FLAG(msg, 680 NL80211_IFACE_COMB_STA_AP_BI_MATCH); 681 NLA_PUT_U32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 682 c->num_different_channels); 683 NLA_PUT_U32(msg, NL80211_IFACE_COMB_MAXNUM, 684 c->max_interfaces); 685 686 nla_nest_end(msg, nl_combi); 687 } 688 689 nla_nest_end(msg, nl_combis); 690 691 return 0; 692 nla_put_failure: 693 return -ENOBUFS; 694 } 695 696 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags, 697 struct cfg80211_registered_device *dev) 698 { 699 void *hdr; 700 struct nlattr *nl_bands, *nl_band; 701 struct nlattr *nl_freqs, *nl_freq; 702 struct nlattr *nl_rates, *nl_rate; 703 struct nlattr *nl_cmds; 704 enum ieee80211_band band; 705 struct ieee80211_channel *chan; 706 struct ieee80211_rate *rate; 707 int i; 708 const struct ieee80211_txrx_stypes *mgmt_stypes = 709 dev->wiphy.mgmt_stypes; 710 711 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY); 712 if (!hdr) 713 return -1; 714 715 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx); 716 NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)); 717 718 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 719 cfg80211_rdev_list_generation); 720 721 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 722 dev->wiphy.retry_short); 723 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 724 dev->wiphy.retry_long); 725 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 726 dev->wiphy.frag_threshold); 727 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 728 dev->wiphy.rts_threshold); 729 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 730 dev->wiphy.coverage_class); 731 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 732 dev->wiphy.max_scan_ssids); 733 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 734 dev->wiphy.max_sched_scan_ssids); 735 NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 736 dev->wiphy.max_scan_ie_len); 737 NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 738 dev->wiphy.max_sched_scan_ie_len); 739 NLA_PUT_U8(msg, NL80211_ATTR_MAX_MATCH_SETS, 740 dev->wiphy.max_match_sets); 741 742 if (dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) 743 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_IBSS_RSN); 744 if (dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) 745 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH); 746 if (dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) 747 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_AP_UAPSD); 748 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) 749 NLA_PUT_FLAG(msg, NL80211_ATTR_ROAM_SUPPORT); 750 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) 751 NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_SUPPORT); 752 if (dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) 753 NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP); 754 755 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES, 756 sizeof(u32) * dev->wiphy.n_cipher_suites, 757 dev->wiphy.cipher_suites); 758 759 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 760 dev->wiphy.max_num_pmkids); 761 762 if (dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) 763 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE); 764 765 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 766 dev->wiphy.available_antennas_tx); 767 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 768 dev->wiphy.available_antennas_rx); 769 770 if (dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) 771 NLA_PUT_U32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 772 dev->wiphy.probe_resp_offload); 773 774 if ((dev->wiphy.available_antennas_tx || 775 dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) { 776 u32 tx_ant = 0, rx_ant = 0; 777 int res; 778 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant); 779 if (!res) { 780 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, tx_ant); 781 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, rx_ant); 782 } 783 } 784 785 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 786 dev->wiphy.interface_modes)) 787 goto nla_put_failure; 788 789 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 790 if (!nl_bands) 791 goto nla_put_failure; 792 793 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 794 if (!dev->wiphy.bands[band]) 795 continue; 796 797 nl_band = nla_nest_start(msg, band); 798 if (!nl_band) 799 goto nla_put_failure; 800 801 /* add HT info */ 802 if (dev->wiphy.bands[band]->ht_cap.ht_supported) { 803 NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET, 804 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 805 &dev->wiphy.bands[band]->ht_cap.mcs); 806 NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA, 807 dev->wiphy.bands[band]->ht_cap.cap); 808 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 809 dev->wiphy.bands[band]->ht_cap.ampdu_factor); 810 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 811 dev->wiphy.bands[band]->ht_cap.ampdu_density); 812 } 813 814 /* add frequencies */ 815 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 816 if (!nl_freqs) 817 goto nla_put_failure; 818 819 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 820 nl_freq = nla_nest_start(msg, i); 821 if (!nl_freq) 822 goto nla_put_failure; 823 824 chan = &dev->wiphy.bands[band]->channels[i]; 825 826 if (nl80211_msg_put_channel(msg, chan)) 827 goto nla_put_failure; 828 829 nla_nest_end(msg, nl_freq); 830 } 831 832 nla_nest_end(msg, nl_freqs); 833 834 /* add bitrates */ 835 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 836 if (!nl_rates) 837 goto nla_put_failure; 838 839 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 840 nl_rate = nla_nest_start(msg, i); 841 if (!nl_rate) 842 goto nla_put_failure; 843 844 rate = &dev->wiphy.bands[band]->bitrates[i]; 845 NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE, 846 rate->bitrate); 847 if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) 848 NLA_PUT_FLAG(msg, 849 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE); 850 851 nla_nest_end(msg, nl_rate); 852 } 853 854 nla_nest_end(msg, nl_rates); 855 856 nla_nest_end(msg, nl_band); 857 } 858 nla_nest_end(msg, nl_bands); 859 860 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 861 if (!nl_cmds) 862 goto nla_put_failure; 863 864 i = 0; 865 #define CMD(op, n) \ 866 do { \ 867 if (dev->ops->op) { \ 868 i++; \ 869 NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \ 870 } \ 871 } while (0) 872 873 CMD(add_virtual_intf, NEW_INTERFACE); 874 CMD(change_virtual_intf, SET_INTERFACE); 875 CMD(add_key, NEW_KEY); 876 CMD(start_ap, START_AP); 877 CMD(add_station, NEW_STATION); 878 CMD(add_mpath, NEW_MPATH); 879 CMD(update_mesh_config, SET_MESH_CONFIG); 880 CMD(change_bss, SET_BSS); 881 CMD(auth, AUTHENTICATE); 882 CMD(assoc, ASSOCIATE); 883 CMD(deauth, DEAUTHENTICATE); 884 CMD(disassoc, DISASSOCIATE); 885 CMD(join_ibss, JOIN_IBSS); 886 CMD(join_mesh, JOIN_MESH); 887 CMD(set_pmksa, SET_PMKSA); 888 CMD(del_pmksa, DEL_PMKSA); 889 CMD(flush_pmksa, FLUSH_PMKSA); 890 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 891 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 892 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 893 CMD(mgmt_tx, FRAME); 894 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 895 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 896 i++; 897 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS); 898 } 899 CMD(set_channel, SET_CHANNEL); 900 CMD(set_wds_peer, SET_WDS_PEER); 901 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 902 CMD(tdls_mgmt, TDLS_MGMT); 903 CMD(tdls_oper, TDLS_OPER); 904 } 905 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) 906 CMD(sched_scan_start, START_SCHED_SCAN); 907 CMD(probe_client, PROBE_CLIENT); 908 CMD(set_noack_map, SET_NOACK_MAP); 909 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 910 i++; 911 NLA_PUT_U32(msg, i, NL80211_CMD_REGISTER_BEACONS); 912 } 913 914 #ifdef CONFIG_NL80211_TESTMODE 915 CMD(testmode_cmd, TESTMODE); 916 #endif 917 918 #undef CMD 919 920 if (dev->ops->connect || dev->ops->auth) { 921 i++; 922 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT); 923 } 924 925 if (dev->ops->disconnect || dev->ops->deauth) { 926 i++; 927 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT); 928 } 929 930 nla_nest_end(msg, nl_cmds); 931 932 if (dev->ops->remain_on_channel && 933 dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 934 NLA_PUT_U32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 935 dev->wiphy.max_remain_on_channel_duration); 936 937 if (dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) 938 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 939 940 if (mgmt_stypes) { 941 u16 stypes; 942 struct nlattr *nl_ftypes, *nl_ifs; 943 enum nl80211_iftype ift; 944 945 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES); 946 if (!nl_ifs) 947 goto nla_put_failure; 948 949 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 950 nl_ftypes = nla_nest_start(msg, ift); 951 if (!nl_ftypes) 952 goto nla_put_failure; 953 i = 0; 954 stypes = mgmt_stypes[ift].tx; 955 while (stypes) { 956 if (stypes & 1) 957 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, 958 (i << 4) | IEEE80211_FTYPE_MGMT); 959 stypes >>= 1; 960 i++; 961 } 962 nla_nest_end(msg, nl_ftypes); 963 } 964 965 nla_nest_end(msg, nl_ifs); 966 967 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES); 968 if (!nl_ifs) 969 goto nla_put_failure; 970 971 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 972 nl_ftypes = nla_nest_start(msg, ift); 973 if (!nl_ftypes) 974 goto nla_put_failure; 975 i = 0; 976 stypes = mgmt_stypes[ift].rx; 977 while (stypes) { 978 if (stypes & 1) 979 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, 980 (i << 4) | IEEE80211_FTYPE_MGMT); 981 stypes >>= 1; 982 i++; 983 } 984 nla_nest_end(msg, nl_ftypes); 985 } 986 nla_nest_end(msg, nl_ifs); 987 } 988 989 if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) { 990 struct nlattr *nl_wowlan; 991 992 nl_wowlan = nla_nest_start(msg, 993 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 994 if (!nl_wowlan) 995 goto nla_put_failure; 996 997 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) 998 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY); 999 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) 1000 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT); 1001 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) 1002 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT); 1003 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) 1004 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED); 1005 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) 1006 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE); 1007 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) 1008 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST); 1009 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) 1010 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE); 1011 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) 1012 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE); 1013 if (dev->wiphy.wowlan.n_patterns) { 1014 struct nl80211_wowlan_pattern_support pat = { 1015 .max_patterns = dev->wiphy.wowlan.n_patterns, 1016 .min_pattern_len = 1017 dev->wiphy.wowlan.pattern_min_len, 1018 .max_pattern_len = 1019 dev->wiphy.wowlan.pattern_max_len, 1020 }; 1021 NLA_PUT(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1022 sizeof(pat), &pat); 1023 } 1024 1025 nla_nest_end(msg, nl_wowlan); 1026 } 1027 1028 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 1029 dev->wiphy.software_iftypes)) 1030 goto nla_put_failure; 1031 1032 if (nl80211_put_iface_combinations(&dev->wiphy, msg)) 1033 goto nla_put_failure; 1034 1035 if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) 1036 NLA_PUT_U32(msg, NL80211_ATTR_DEVICE_AP_SME, 1037 dev->wiphy.ap_sme_capa); 1038 1039 NLA_PUT_U32(msg, NL80211_ATTR_FEATURE_FLAGS, dev->wiphy.features); 1040 1041 if (dev->wiphy.ht_capa_mod_mask) 1042 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 1043 sizeof(*dev->wiphy.ht_capa_mod_mask), 1044 dev->wiphy.ht_capa_mod_mask); 1045 1046 return genlmsg_end(msg, hdr); 1047 1048 nla_put_failure: 1049 genlmsg_cancel(msg, hdr); 1050 return -EMSGSIZE; 1051 } 1052 1053 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 1054 { 1055 int idx = 0; 1056 int start = cb->args[0]; 1057 struct cfg80211_registered_device *dev; 1058 1059 mutex_lock(&cfg80211_mutex); 1060 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 1061 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 1062 continue; 1063 if (++idx <= start) 1064 continue; 1065 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid, 1066 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1067 dev) < 0) { 1068 idx--; 1069 break; 1070 } 1071 } 1072 mutex_unlock(&cfg80211_mutex); 1073 1074 cb->args[0] = idx; 1075 1076 return skb->len; 1077 } 1078 1079 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 1080 { 1081 struct sk_buff *msg; 1082 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1083 1084 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1085 if (!msg) 1086 return -ENOMEM; 1087 1088 if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) { 1089 nlmsg_free(msg); 1090 return -ENOBUFS; 1091 } 1092 1093 return genlmsg_reply(msg, info); 1094 } 1095 1096 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 1097 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 1098 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 1099 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 1100 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 1101 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 1102 }; 1103 1104 static int parse_txq_params(struct nlattr *tb[], 1105 struct ieee80211_txq_params *txq_params) 1106 { 1107 if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] || 1108 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 1109 !tb[NL80211_TXQ_ATTR_AIFS]) 1110 return -EINVAL; 1111 1112 txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]); 1113 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 1114 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 1115 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 1116 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 1117 1118 return 0; 1119 } 1120 1121 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 1122 { 1123 /* 1124 * You can only set the channel explicitly for AP, mesh 1125 * and WDS type interfaces; all others have their channel 1126 * managed via their respective "establish a connection" 1127 * command (connect, join, ...) 1128 * 1129 * Monitors are special as they are normally slaved to 1130 * whatever else is going on, so they behave as though 1131 * you tried setting the wiphy channel itself. 1132 */ 1133 return !wdev || 1134 wdev->iftype == NL80211_IFTYPE_AP || 1135 wdev->iftype == NL80211_IFTYPE_WDS || 1136 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 1137 wdev->iftype == NL80211_IFTYPE_MONITOR || 1138 wdev->iftype == NL80211_IFTYPE_P2P_GO; 1139 } 1140 1141 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 1142 struct wireless_dev *wdev, 1143 struct genl_info *info) 1144 { 1145 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 1146 u32 freq; 1147 int result; 1148 1149 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 1150 return -EINVAL; 1151 1152 if (!nl80211_can_set_dev_channel(wdev)) 1153 return -EOPNOTSUPP; 1154 1155 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 1156 channel_type = nla_get_u32(info->attrs[ 1157 NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1158 if (channel_type != NL80211_CHAN_NO_HT && 1159 channel_type != NL80211_CHAN_HT20 && 1160 channel_type != NL80211_CHAN_HT40PLUS && 1161 channel_type != NL80211_CHAN_HT40MINUS) 1162 return -EINVAL; 1163 } 1164 1165 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 1166 1167 mutex_lock(&rdev->devlist_mtx); 1168 if (wdev) { 1169 wdev_lock(wdev); 1170 result = cfg80211_set_freq(rdev, wdev, freq, channel_type); 1171 wdev_unlock(wdev); 1172 } else { 1173 result = cfg80211_set_freq(rdev, NULL, freq, channel_type); 1174 } 1175 mutex_unlock(&rdev->devlist_mtx); 1176 1177 return result; 1178 } 1179 1180 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 1181 { 1182 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1183 struct net_device *netdev = info->user_ptr[1]; 1184 1185 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 1186 } 1187 1188 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info) 1189 { 1190 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1191 struct net_device *dev = info->user_ptr[1]; 1192 struct wireless_dev *wdev = dev->ieee80211_ptr; 1193 const u8 *bssid; 1194 1195 if (!info->attrs[NL80211_ATTR_MAC]) 1196 return -EINVAL; 1197 1198 if (netif_running(dev)) 1199 return -EBUSY; 1200 1201 if (!rdev->ops->set_wds_peer) 1202 return -EOPNOTSUPP; 1203 1204 if (wdev->iftype != NL80211_IFTYPE_WDS) 1205 return -EOPNOTSUPP; 1206 1207 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 1208 return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid); 1209 } 1210 1211 1212 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 1213 { 1214 struct cfg80211_registered_device *rdev; 1215 struct net_device *netdev = NULL; 1216 struct wireless_dev *wdev; 1217 int result = 0, rem_txq_params = 0; 1218 struct nlattr *nl_txq_params; 1219 u32 changed; 1220 u8 retry_short = 0, retry_long = 0; 1221 u32 frag_threshold = 0, rts_threshold = 0; 1222 u8 coverage_class = 0; 1223 1224 /* 1225 * Try to find the wiphy and netdev. Normally this 1226 * function shouldn't need the netdev, but this is 1227 * done for backward compatibility -- previously 1228 * setting the channel was done per wiphy, but now 1229 * it is per netdev. Previous userland like hostapd 1230 * also passed a netdev to set_wiphy, so that it is 1231 * possible to let that go to the right netdev! 1232 */ 1233 mutex_lock(&cfg80211_mutex); 1234 1235 if (info->attrs[NL80211_ATTR_IFINDEX]) { 1236 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 1237 1238 netdev = dev_get_by_index(genl_info_net(info), ifindex); 1239 if (netdev && netdev->ieee80211_ptr) { 1240 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 1241 mutex_lock(&rdev->mtx); 1242 } else 1243 netdev = NULL; 1244 } 1245 1246 if (!netdev) { 1247 rdev = __cfg80211_rdev_from_info(info); 1248 if (IS_ERR(rdev)) { 1249 mutex_unlock(&cfg80211_mutex); 1250 return PTR_ERR(rdev); 1251 } 1252 wdev = NULL; 1253 netdev = NULL; 1254 result = 0; 1255 1256 mutex_lock(&rdev->mtx); 1257 } else if (netif_running(netdev) && 1258 nl80211_can_set_dev_channel(netdev->ieee80211_ptr)) 1259 wdev = netdev->ieee80211_ptr; 1260 else 1261 wdev = NULL; 1262 1263 /* 1264 * end workaround code, by now the rdev is available 1265 * and locked, and wdev may or may not be NULL. 1266 */ 1267 1268 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 1269 result = cfg80211_dev_rename( 1270 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 1271 1272 mutex_unlock(&cfg80211_mutex); 1273 1274 if (result) 1275 goto bad_res; 1276 1277 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 1278 struct ieee80211_txq_params txq_params; 1279 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 1280 1281 if (!rdev->ops->set_txq_params) { 1282 result = -EOPNOTSUPP; 1283 goto bad_res; 1284 } 1285 1286 if (!netdev) { 1287 result = -EINVAL; 1288 goto bad_res; 1289 } 1290 1291 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 1292 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 1293 result = -EINVAL; 1294 goto bad_res; 1295 } 1296 1297 if (!netif_running(netdev)) { 1298 result = -ENETDOWN; 1299 goto bad_res; 1300 } 1301 1302 nla_for_each_nested(nl_txq_params, 1303 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 1304 rem_txq_params) { 1305 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 1306 nla_data(nl_txq_params), 1307 nla_len(nl_txq_params), 1308 txq_params_policy); 1309 result = parse_txq_params(tb, &txq_params); 1310 if (result) 1311 goto bad_res; 1312 1313 result = rdev->ops->set_txq_params(&rdev->wiphy, 1314 netdev, 1315 &txq_params); 1316 if (result) 1317 goto bad_res; 1318 } 1319 } 1320 1321 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 1322 result = __nl80211_set_channel(rdev, wdev, info); 1323 if (result) 1324 goto bad_res; 1325 } 1326 1327 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 1328 enum nl80211_tx_power_setting type; 1329 int idx, mbm = 0; 1330 1331 if (!rdev->ops->set_tx_power) { 1332 result = -EOPNOTSUPP; 1333 goto bad_res; 1334 } 1335 1336 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 1337 type = nla_get_u32(info->attrs[idx]); 1338 1339 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 1340 (type != NL80211_TX_POWER_AUTOMATIC)) { 1341 result = -EINVAL; 1342 goto bad_res; 1343 } 1344 1345 if (type != NL80211_TX_POWER_AUTOMATIC) { 1346 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 1347 mbm = nla_get_u32(info->attrs[idx]); 1348 } 1349 1350 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm); 1351 if (result) 1352 goto bad_res; 1353 } 1354 1355 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 1356 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 1357 u32 tx_ant, rx_ant; 1358 if ((!rdev->wiphy.available_antennas_tx && 1359 !rdev->wiphy.available_antennas_rx) || 1360 !rdev->ops->set_antenna) { 1361 result = -EOPNOTSUPP; 1362 goto bad_res; 1363 } 1364 1365 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 1366 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 1367 1368 /* reject antenna configurations which don't match the 1369 * available antenna masks, except for the "all" mask */ 1370 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 1371 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) { 1372 result = -EINVAL; 1373 goto bad_res; 1374 } 1375 1376 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 1377 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 1378 1379 result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant); 1380 if (result) 1381 goto bad_res; 1382 } 1383 1384 changed = 0; 1385 1386 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 1387 retry_short = nla_get_u8( 1388 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 1389 if (retry_short == 0) { 1390 result = -EINVAL; 1391 goto bad_res; 1392 } 1393 changed |= WIPHY_PARAM_RETRY_SHORT; 1394 } 1395 1396 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 1397 retry_long = nla_get_u8( 1398 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 1399 if (retry_long == 0) { 1400 result = -EINVAL; 1401 goto bad_res; 1402 } 1403 changed |= WIPHY_PARAM_RETRY_LONG; 1404 } 1405 1406 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 1407 frag_threshold = nla_get_u32( 1408 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 1409 if (frag_threshold < 256) { 1410 result = -EINVAL; 1411 goto bad_res; 1412 } 1413 if (frag_threshold != (u32) -1) { 1414 /* 1415 * Fragments (apart from the last one) are required to 1416 * have even length. Make the fragmentation code 1417 * simpler by stripping LSB should someone try to use 1418 * odd threshold value. 1419 */ 1420 frag_threshold &= ~0x1; 1421 } 1422 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 1423 } 1424 1425 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 1426 rts_threshold = nla_get_u32( 1427 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 1428 changed |= WIPHY_PARAM_RTS_THRESHOLD; 1429 } 1430 1431 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 1432 coverage_class = nla_get_u8( 1433 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 1434 changed |= WIPHY_PARAM_COVERAGE_CLASS; 1435 } 1436 1437 if (changed) { 1438 u8 old_retry_short, old_retry_long; 1439 u32 old_frag_threshold, old_rts_threshold; 1440 u8 old_coverage_class; 1441 1442 if (!rdev->ops->set_wiphy_params) { 1443 result = -EOPNOTSUPP; 1444 goto bad_res; 1445 } 1446 1447 old_retry_short = rdev->wiphy.retry_short; 1448 old_retry_long = rdev->wiphy.retry_long; 1449 old_frag_threshold = rdev->wiphy.frag_threshold; 1450 old_rts_threshold = rdev->wiphy.rts_threshold; 1451 old_coverage_class = rdev->wiphy.coverage_class; 1452 1453 if (changed & WIPHY_PARAM_RETRY_SHORT) 1454 rdev->wiphy.retry_short = retry_short; 1455 if (changed & WIPHY_PARAM_RETRY_LONG) 1456 rdev->wiphy.retry_long = retry_long; 1457 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 1458 rdev->wiphy.frag_threshold = frag_threshold; 1459 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 1460 rdev->wiphy.rts_threshold = rts_threshold; 1461 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 1462 rdev->wiphy.coverage_class = coverage_class; 1463 1464 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed); 1465 if (result) { 1466 rdev->wiphy.retry_short = old_retry_short; 1467 rdev->wiphy.retry_long = old_retry_long; 1468 rdev->wiphy.frag_threshold = old_frag_threshold; 1469 rdev->wiphy.rts_threshold = old_rts_threshold; 1470 rdev->wiphy.coverage_class = old_coverage_class; 1471 } 1472 } 1473 1474 bad_res: 1475 mutex_unlock(&rdev->mtx); 1476 if (netdev) 1477 dev_put(netdev); 1478 return result; 1479 } 1480 1481 1482 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags, 1483 struct cfg80211_registered_device *rdev, 1484 struct net_device *dev) 1485 { 1486 void *hdr; 1487 1488 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE); 1489 if (!hdr) 1490 return -1; 1491 1492 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1493 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 1494 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name); 1495 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype); 1496 1497 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 1498 rdev->devlist_generation ^ 1499 (cfg80211_rdev_list_generation << 2)); 1500 1501 return genlmsg_end(msg, hdr); 1502 1503 nla_put_failure: 1504 genlmsg_cancel(msg, hdr); 1505 return -EMSGSIZE; 1506 } 1507 1508 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 1509 { 1510 int wp_idx = 0; 1511 int if_idx = 0; 1512 int wp_start = cb->args[0]; 1513 int if_start = cb->args[1]; 1514 struct cfg80211_registered_device *rdev; 1515 struct wireless_dev *wdev; 1516 1517 mutex_lock(&cfg80211_mutex); 1518 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1519 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1520 continue; 1521 if (wp_idx < wp_start) { 1522 wp_idx++; 1523 continue; 1524 } 1525 if_idx = 0; 1526 1527 mutex_lock(&rdev->devlist_mtx); 1528 list_for_each_entry(wdev, &rdev->netdev_list, list) { 1529 if (if_idx < if_start) { 1530 if_idx++; 1531 continue; 1532 } 1533 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid, 1534 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1535 rdev, wdev->netdev) < 0) { 1536 mutex_unlock(&rdev->devlist_mtx); 1537 goto out; 1538 } 1539 if_idx++; 1540 } 1541 mutex_unlock(&rdev->devlist_mtx); 1542 1543 wp_idx++; 1544 } 1545 out: 1546 mutex_unlock(&cfg80211_mutex); 1547 1548 cb->args[0] = wp_idx; 1549 cb->args[1] = if_idx; 1550 1551 return skb->len; 1552 } 1553 1554 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 1555 { 1556 struct sk_buff *msg; 1557 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1558 struct net_device *netdev = info->user_ptr[1]; 1559 1560 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1561 if (!msg) 1562 return -ENOMEM; 1563 1564 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, 1565 dev, netdev) < 0) { 1566 nlmsg_free(msg); 1567 return -ENOBUFS; 1568 } 1569 1570 return genlmsg_reply(msg, info); 1571 } 1572 1573 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 1574 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 1575 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 1576 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 1577 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 1578 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 1579 }; 1580 1581 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 1582 { 1583 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 1584 int flag; 1585 1586 *mntrflags = 0; 1587 1588 if (!nla) 1589 return -EINVAL; 1590 1591 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 1592 nla, mntr_flags_policy)) 1593 return -EINVAL; 1594 1595 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 1596 if (flags[flag]) 1597 *mntrflags |= (1<<flag); 1598 1599 return 0; 1600 } 1601 1602 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 1603 struct net_device *netdev, u8 use_4addr, 1604 enum nl80211_iftype iftype) 1605 { 1606 if (!use_4addr) { 1607 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 1608 return -EBUSY; 1609 return 0; 1610 } 1611 1612 switch (iftype) { 1613 case NL80211_IFTYPE_AP_VLAN: 1614 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 1615 return 0; 1616 break; 1617 case NL80211_IFTYPE_STATION: 1618 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 1619 return 0; 1620 break; 1621 default: 1622 break; 1623 } 1624 1625 return -EOPNOTSUPP; 1626 } 1627 1628 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 1629 { 1630 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1631 struct vif_params params; 1632 int err; 1633 enum nl80211_iftype otype, ntype; 1634 struct net_device *dev = info->user_ptr[1]; 1635 u32 _flags, *flags = NULL; 1636 bool change = false; 1637 1638 memset(¶ms, 0, sizeof(params)); 1639 1640 otype = ntype = dev->ieee80211_ptr->iftype; 1641 1642 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1643 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1644 if (otype != ntype) 1645 change = true; 1646 if (ntype > NL80211_IFTYPE_MAX) 1647 return -EINVAL; 1648 } 1649 1650 if (info->attrs[NL80211_ATTR_MESH_ID]) { 1651 struct wireless_dev *wdev = dev->ieee80211_ptr; 1652 1653 if (ntype != NL80211_IFTYPE_MESH_POINT) 1654 return -EINVAL; 1655 if (netif_running(dev)) 1656 return -EBUSY; 1657 1658 wdev_lock(wdev); 1659 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 1660 IEEE80211_MAX_MESH_ID_LEN); 1661 wdev->mesh_id_up_len = 1662 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1663 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 1664 wdev->mesh_id_up_len); 1665 wdev_unlock(wdev); 1666 } 1667 1668 if (info->attrs[NL80211_ATTR_4ADDR]) { 1669 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1670 change = true; 1671 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 1672 if (err) 1673 return err; 1674 } else { 1675 params.use_4addr = -1; 1676 } 1677 1678 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 1679 if (ntype != NL80211_IFTYPE_MONITOR) 1680 return -EINVAL; 1681 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 1682 &_flags); 1683 if (err) 1684 return err; 1685 1686 flags = &_flags; 1687 change = true; 1688 } 1689 1690 if (change) 1691 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 1692 else 1693 err = 0; 1694 1695 if (!err && params.use_4addr != -1) 1696 dev->ieee80211_ptr->use_4addr = params.use_4addr; 1697 1698 return err; 1699 } 1700 1701 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 1702 { 1703 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1704 struct vif_params params; 1705 struct net_device *dev; 1706 int err; 1707 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 1708 u32 flags; 1709 1710 memset(¶ms, 0, sizeof(params)); 1711 1712 if (!info->attrs[NL80211_ATTR_IFNAME]) 1713 return -EINVAL; 1714 1715 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1716 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1717 if (type > NL80211_IFTYPE_MAX) 1718 return -EINVAL; 1719 } 1720 1721 if (!rdev->ops->add_virtual_intf || 1722 !(rdev->wiphy.interface_modes & (1 << type))) 1723 return -EOPNOTSUPP; 1724 1725 if (info->attrs[NL80211_ATTR_4ADDR]) { 1726 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1727 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 1728 if (err) 1729 return err; 1730 } 1731 1732 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 1733 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 1734 &flags); 1735 dev = rdev->ops->add_virtual_intf(&rdev->wiphy, 1736 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 1737 type, err ? NULL : &flags, ¶ms); 1738 if (IS_ERR(dev)) 1739 return PTR_ERR(dev); 1740 1741 if (type == NL80211_IFTYPE_MESH_POINT && 1742 info->attrs[NL80211_ATTR_MESH_ID]) { 1743 struct wireless_dev *wdev = dev->ieee80211_ptr; 1744 1745 wdev_lock(wdev); 1746 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 1747 IEEE80211_MAX_MESH_ID_LEN); 1748 wdev->mesh_id_up_len = 1749 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1750 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 1751 wdev->mesh_id_up_len); 1752 wdev_unlock(wdev); 1753 } 1754 1755 return 0; 1756 } 1757 1758 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 1759 { 1760 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1761 struct net_device *dev = info->user_ptr[1]; 1762 1763 if (!rdev->ops->del_virtual_intf) 1764 return -EOPNOTSUPP; 1765 1766 return rdev->ops->del_virtual_intf(&rdev->wiphy, dev); 1767 } 1768 1769 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 1770 { 1771 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1772 struct net_device *dev = info->user_ptr[1]; 1773 u16 noack_map; 1774 1775 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 1776 return -EINVAL; 1777 1778 if (!rdev->ops->set_noack_map) 1779 return -EOPNOTSUPP; 1780 1781 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 1782 1783 return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map); 1784 } 1785 1786 struct get_key_cookie { 1787 struct sk_buff *msg; 1788 int error; 1789 int idx; 1790 }; 1791 1792 static void get_key_callback(void *c, struct key_params *params) 1793 { 1794 struct nlattr *key; 1795 struct get_key_cookie *cookie = c; 1796 1797 if (params->key) 1798 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA, 1799 params->key_len, params->key); 1800 1801 if (params->seq) 1802 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ, 1803 params->seq_len, params->seq); 1804 1805 if (params->cipher) 1806 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 1807 params->cipher); 1808 1809 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 1810 if (!key) 1811 goto nla_put_failure; 1812 1813 if (params->key) 1814 NLA_PUT(cookie->msg, NL80211_KEY_DATA, 1815 params->key_len, params->key); 1816 1817 if (params->seq) 1818 NLA_PUT(cookie->msg, NL80211_KEY_SEQ, 1819 params->seq_len, params->seq); 1820 1821 if (params->cipher) 1822 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER, 1823 params->cipher); 1824 1825 NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx); 1826 1827 nla_nest_end(cookie->msg, key); 1828 1829 return; 1830 nla_put_failure: 1831 cookie->error = 1; 1832 } 1833 1834 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 1835 { 1836 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1837 int err; 1838 struct net_device *dev = info->user_ptr[1]; 1839 u8 key_idx = 0; 1840 const u8 *mac_addr = NULL; 1841 bool pairwise; 1842 struct get_key_cookie cookie = { 1843 .error = 0, 1844 }; 1845 void *hdr; 1846 struct sk_buff *msg; 1847 1848 if (info->attrs[NL80211_ATTR_KEY_IDX]) 1849 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 1850 1851 if (key_idx > 5) 1852 return -EINVAL; 1853 1854 if (info->attrs[NL80211_ATTR_MAC]) 1855 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1856 1857 pairwise = !!mac_addr; 1858 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 1859 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 1860 if (kt >= NUM_NL80211_KEYTYPES) 1861 return -EINVAL; 1862 if (kt != NL80211_KEYTYPE_GROUP && 1863 kt != NL80211_KEYTYPE_PAIRWISE) 1864 return -EINVAL; 1865 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 1866 } 1867 1868 if (!rdev->ops->get_key) 1869 return -EOPNOTSUPP; 1870 1871 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1872 if (!msg) 1873 return -ENOMEM; 1874 1875 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 1876 NL80211_CMD_NEW_KEY); 1877 if (IS_ERR(hdr)) 1878 return PTR_ERR(hdr); 1879 1880 cookie.msg = msg; 1881 cookie.idx = key_idx; 1882 1883 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1884 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 1885 if (mac_addr) 1886 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 1887 1888 if (pairwise && mac_addr && 1889 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 1890 return -ENOENT; 1891 1892 err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise, 1893 mac_addr, &cookie, get_key_callback); 1894 1895 if (err) 1896 goto free_msg; 1897 1898 if (cookie.error) 1899 goto nla_put_failure; 1900 1901 genlmsg_end(msg, hdr); 1902 return genlmsg_reply(msg, info); 1903 1904 nla_put_failure: 1905 err = -ENOBUFS; 1906 free_msg: 1907 nlmsg_free(msg); 1908 return err; 1909 } 1910 1911 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 1912 { 1913 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1914 struct key_parse key; 1915 int err; 1916 struct net_device *dev = info->user_ptr[1]; 1917 1918 err = nl80211_parse_key(info, &key); 1919 if (err) 1920 return err; 1921 1922 if (key.idx < 0) 1923 return -EINVAL; 1924 1925 /* only support setting default key */ 1926 if (!key.def && !key.defmgmt) 1927 return -EINVAL; 1928 1929 wdev_lock(dev->ieee80211_ptr); 1930 1931 if (key.def) { 1932 if (!rdev->ops->set_default_key) { 1933 err = -EOPNOTSUPP; 1934 goto out; 1935 } 1936 1937 err = nl80211_key_allowed(dev->ieee80211_ptr); 1938 if (err) 1939 goto out; 1940 1941 err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx, 1942 key.def_uni, key.def_multi); 1943 1944 if (err) 1945 goto out; 1946 1947 #ifdef CONFIG_CFG80211_WEXT 1948 dev->ieee80211_ptr->wext.default_key = key.idx; 1949 #endif 1950 } else { 1951 if (key.def_uni || !key.def_multi) { 1952 err = -EINVAL; 1953 goto out; 1954 } 1955 1956 if (!rdev->ops->set_default_mgmt_key) { 1957 err = -EOPNOTSUPP; 1958 goto out; 1959 } 1960 1961 err = nl80211_key_allowed(dev->ieee80211_ptr); 1962 if (err) 1963 goto out; 1964 1965 err = rdev->ops->set_default_mgmt_key(&rdev->wiphy, 1966 dev, key.idx); 1967 if (err) 1968 goto out; 1969 1970 #ifdef CONFIG_CFG80211_WEXT 1971 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 1972 #endif 1973 } 1974 1975 out: 1976 wdev_unlock(dev->ieee80211_ptr); 1977 1978 return err; 1979 } 1980 1981 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 1982 { 1983 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1984 int err; 1985 struct net_device *dev = info->user_ptr[1]; 1986 struct key_parse key; 1987 const u8 *mac_addr = NULL; 1988 1989 err = nl80211_parse_key(info, &key); 1990 if (err) 1991 return err; 1992 1993 if (!key.p.key) 1994 return -EINVAL; 1995 1996 if (info->attrs[NL80211_ATTR_MAC]) 1997 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1998 1999 if (key.type == -1) { 2000 if (mac_addr) 2001 key.type = NL80211_KEYTYPE_PAIRWISE; 2002 else 2003 key.type = NL80211_KEYTYPE_GROUP; 2004 } 2005 2006 /* for now */ 2007 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2008 key.type != NL80211_KEYTYPE_GROUP) 2009 return -EINVAL; 2010 2011 if (!rdev->ops->add_key) 2012 return -EOPNOTSUPP; 2013 2014 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 2015 key.type == NL80211_KEYTYPE_PAIRWISE, 2016 mac_addr)) 2017 return -EINVAL; 2018 2019 wdev_lock(dev->ieee80211_ptr); 2020 err = nl80211_key_allowed(dev->ieee80211_ptr); 2021 if (!err) 2022 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx, 2023 key.type == NL80211_KEYTYPE_PAIRWISE, 2024 mac_addr, &key.p); 2025 wdev_unlock(dev->ieee80211_ptr); 2026 2027 return err; 2028 } 2029 2030 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 2031 { 2032 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2033 int err; 2034 struct net_device *dev = info->user_ptr[1]; 2035 u8 *mac_addr = NULL; 2036 struct key_parse key; 2037 2038 err = nl80211_parse_key(info, &key); 2039 if (err) 2040 return err; 2041 2042 if (info->attrs[NL80211_ATTR_MAC]) 2043 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2044 2045 if (key.type == -1) { 2046 if (mac_addr) 2047 key.type = NL80211_KEYTYPE_PAIRWISE; 2048 else 2049 key.type = NL80211_KEYTYPE_GROUP; 2050 } 2051 2052 /* for now */ 2053 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2054 key.type != NL80211_KEYTYPE_GROUP) 2055 return -EINVAL; 2056 2057 if (!rdev->ops->del_key) 2058 return -EOPNOTSUPP; 2059 2060 wdev_lock(dev->ieee80211_ptr); 2061 err = nl80211_key_allowed(dev->ieee80211_ptr); 2062 2063 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr && 2064 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2065 err = -ENOENT; 2066 2067 if (!err) 2068 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, 2069 key.type == NL80211_KEYTYPE_PAIRWISE, 2070 mac_addr); 2071 2072 #ifdef CONFIG_CFG80211_WEXT 2073 if (!err) { 2074 if (key.idx == dev->ieee80211_ptr->wext.default_key) 2075 dev->ieee80211_ptr->wext.default_key = -1; 2076 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 2077 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 2078 } 2079 #endif 2080 wdev_unlock(dev->ieee80211_ptr); 2081 2082 return err; 2083 } 2084 2085 static int nl80211_parse_beacon(struct genl_info *info, 2086 struct cfg80211_beacon_data *bcn) 2087 { 2088 bool haveinfo = false; 2089 2090 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) || 2091 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) || 2092 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) || 2093 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP])) 2094 return -EINVAL; 2095 2096 memset(bcn, 0, sizeof(*bcn)); 2097 2098 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 2099 bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2100 bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2101 if (!bcn->head_len) 2102 return -EINVAL; 2103 haveinfo = true; 2104 } 2105 2106 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 2107 bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2108 bcn->tail_len = 2109 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2110 haveinfo = true; 2111 } 2112 2113 if (!haveinfo) 2114 return -EINVAL; 2115 2116 if (info->attrs[NL80211_ATTR_IE]) { 2117 bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]); 2118 bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]); 2119 } 2120 2121 if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) { 2122 bcn->proberesp_ies = 2123 nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2124 bcn->proberesp_ies_len = 2125 nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2126 } 2127 2128 if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 2129 bcn->assocresp_ies = 2130 nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2131 bcn->assocresp_ies_len = 2132 nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2133 } 2134 2135 if (info->attrs[NL80211_ATTR_PROBE_RESP]) { 2136 bcn->probe_resp = 2137 nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]); 2138 bcn->probe_resp_len = 2139 nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]); 2140 } 2141 2142 return 0; 2143 } 2144 2145 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 2146 { 2147 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2148 struct net_device *dev = info->user_ptr[1]; 2149 struct wireless_dev *wdev = dev->ieee80211_ptr; 2150 struct cfg80211_ap_settings params; 2151 int err; 2152 2153 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2154 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2155 return -EOPNOTSUPP; 2156 2157 if (!rdev->ops->start_ap) 2158 return -EOPNOTSUPP; 2159 2160 if (wdev->beacon_interval) 2161 return -EALREADY; 2162 2163 memset(¶ms, 0, sizeof(params)); 2164 2165 /* these are required for START_AP */ 2166 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 2167 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 2168 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 2169 return -EINVAL; 2170 2171 err = nl80211_parse_beacon(info, ¶ms.beacon); 2172 if (err) 2173 return err; 2174 2175 params.beacon_interval = 2176 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 2177 params.dtim_period = 2178 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 2179 2180 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval); 2181 if (err) 2182 return err; 2183 2184 /* 2185 * In theory, some of these attributes should be required here 2186 * but since they were not used when the command was originally 2187 * added, keep them optional for old user space programs to let 2188 * them continue to work with drivers that do not need the 2189 * additional information -- drivers must check! 2190 */ 2191 if (info->attrs[NL80211_ATTR_SSID]) { 2192 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 2193 params.ssid_len = 2194 nla_len(info->attrs[NL80211_ATTR_SSID]); 2195 if (params.ssid_len == 0 || 2196 params.ssid_len > IEEE80211_MAX_SSID_LEN) 2197 return -EINVAL; 2198 } 2199 2200 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) { 2201 params.hidden_ssid = nla_get_u32( 2202 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 2203 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE && 2204 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN && 2205 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS) 2206 return -EINVAL; 2207 } 2208 2209 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 2210 2211 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 2212 params.auth_type = nla_get_u32( 2213 info->attrs[NL80211_ATTR_AUTH_TYPE]); 2214 if (!nl80211_valid_auth_type(params.auth_type)) 2215 return -EINVAL; 2216 } else 2217 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 2218 2219 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto, 2220 NL80211_MAX_NR_CIPHER_SUITES); 2221 if (err) 2222 return err; 2223 2224 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 2225 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) 2226 return -EOPNOTSUPP; 2227 params.inactivity_timeout = nla_get_u16( 2228 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 2229 } 2230 2231 err = rdev->ops->start_ap(&rdev->wiphy, dev, ¶ms); 2232 if (!err) 2233 wdev->beacon_interval = params.beacon_interval; 2234 return err; 2235 } 2236 2237 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 2238 { 2239 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2240 struct net_device *dev = info->user_ptr[1]; 2241 struct wireless_dev *wdev = dev->ieee80211_ptr; 2242 struct cfg80211_beacon_data params; 2243 int err; 2244 2245 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2246 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2247 return -EOPNOTSUPP; 2248 2249 if (!rdev->ops->change_beacon) 2250 return -EOPNOTSUPP; 2251 2252 if (!wdev->beacon_interval) 2253 return -EINVAL; 2254 2255 err = nl80211_parse_beacon(info, ¶ms); 2256 if (err) 2257 return err; 2258 2259 return rdev->ops->change_beacon(&rdev->wiphy, dev, ¶ms); 2260 } 2261 2262 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 2263 { 2264 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2265 struct net_device *dev = info->user_ptr[1]; 2266 struct wireless_dev *wdev = dev->ieee80211_ptr; 2267 int err; 2268 2269 if (!rdev->ops->stop_ap) 2270 return -EOPNOTSUPP; 2271 2272 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2273 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2274 return -EOPNOTSUPP; 2275 2276 if (!wdev->beacon_interval) 2277 return -ENOENT; 2278 2279 err = rdev->ops->stop_ap(&rdev->wiphy, dev); 2280 if (!err) 2281 wdev->beacon_interval = 0; 2282 return err; 2283 } 2284 2285 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 2286 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 2287 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 2288 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 2289 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 2290 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 2291 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 2292 }; 2293 2294 static int parse_station_flags(struct genl_info *info, 2295 enum nl80211_iftype iftype, 2296 struct station_parameters *params) 2297 { 2298 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 2299 struct nlattr *nla; 2300 int flag; 2301 2302 /* 2303 * Try parsing the new attribute first so userspace 2304 * can specify both for older kernels. 2305 */ 2306 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 2307 if (nla) { 2308 struct nl80211_sta_flag_update *sta_flags; 2309 2310 sta_flags = nla_data(nla); 2311 params->sta_flags_mask = sta_flags->mask; 2312 params->sta_flags_set = sta_flags->set; 2313 if ((params->sta_flags_mask | 2314 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 2315 return -EINVAL; 2316 return 0; 2317 } 2318 2319 /* if present, parse the old attribute */ 2320 2321 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 2322 if (!nla) 2323 return 0; 2324 2325 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 2326 nla, sta_flags_policy)) 2327 return -EINVAL; 2328 2329 /* 2330 * Only allow certain flags for interface types so that 2331 * other attributes are silently ignored. Remember that 2332 * this is backward compatibility code with old userspace 2333 * and shouldn't be hit in other cases anyway. 2334 */ 2335 switch (iftype) { 2336 case NL80211_IFTYPE_AP: 2337 case NL80211_IFTYPE_AP_VLAN: 2338 case NL80211_IFTYPE_P2P_GO: 2339 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2340 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 2341 BIT(NL80211_STA_FLAG_WME) | 2342 BIT(NL80211_STA_FLAG_MFP); 2343 break; 2344 case NL80211_IFTYPE_P2P_CLIENT: 2345 case NL80211_IFTYPE_STATION: 2346 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2347 BIT(NL80211_STA_FLAG_TDLS_PEER); 2348 break; 2349 case NL80211_IFTYPE_MESH_POINT: 2350 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 2351 BIT(NL80211_STA_FLAG_MFP) | 2352 BIT(NL80211_STA_FLAG_AUTHORIZED); 2353 default: 2354 return -EINVAL; 2355 } 2356 2357 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) 2358 if (flags[flag]) 2359 params->sta_flags_set |= (1<<flag); 2360 2361 return 0; 2362 } 2363 2364 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, 2365 int attr) 2366 { 2367 struct nlattr *rate; 2368 u16 bitrate; 2369 2370 rate = nla_nest_start(msg, attr); 2371 if (!rate) 2372 goto nla_put_failure; 2373 2374 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 2375 bitrate = cfg80211_calculate_bitrate(info); 2376 if (bitrate > 0) 2377 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate); 2378 2379 if (info->flags & RATE_INFO_FLAGS_MCS) 2380 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, info->mcs); 2381 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) 2382 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH); 2383 if (info->flags & RATE_INFO_FLAGS_SHORT_GI) 2384 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI); 2385 2386 nla_nest_end(msg, rate); 2387 return true; 2388 2389 nla_put_failure: 2390 return false; 2391 } 2392 2393 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq, 2394 int flags, 2395 struct cfg80211_registered_device *rdev, 2396 struct net_device *dev, 2397 const u8 *mac_addr, struct station_info *sinfo) 2398 { 2399 void *hdr; 2400 struct nlattr *sinfoattr, *bss_param; 2401 2402 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 2403 if (!hdr) 2404 return -1; 2405 2406 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2407 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 2408 2409 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation); 2410 2411 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 2412 if (!sinfoattr) 2413 goto nla_put_failure; 2414 if (sinfo->filled & STATION_INFO_CONNECTED_TIME) 2415 NLA_PUT_U32(msg, NL80211_STA_INFO_CONNECTED_TIME, 2416 sinfo->connected_time); 2417 if (sinfo->filled & STATION_INFO_INACTIVE_TIME) 2418 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME, 2419 sinfo->inactive_time); 2420 if (sinfo->filled & STATION_INFO_RX_BYTES) 2421 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES, 2422 sinfo->rx_bytes); 2423 if (sinfo->filled & STATION_INFO_TX_BYTES) 2424 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES, 2425 sinfo->tx_bytes); 2426 if (sinfo->filled & STATION_INFO_LLID) 2427 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID, 2428 sinfo->llid); 2429 if (sinfo->filled & STATION_INFO_PLID) 2430 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID, 2431 sinfo->plid); 2432 if (sinfo->filled & STATION_INFO_PLINK_STATE) 2433 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE, 2434 sinfo->plink_state); 2435 switch (rdev->wiphy.signal_type) { 2436 case CFG80211_SIGNAL_TYPE_MBM: 2437 if (sinfo->filled & STATION_INFO_SIGNAL) 2438 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL, 2439 sinfo->signal); 2440 if (sinfo->filled & STATION_INFO_SIGNAL_AVG) 2441 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL_AVG, 2442 sinfo->signal_avg); 2443 break; 2444 default: 2445 break; 2446 } 2447 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 2448 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 2449 NL80211_STA_INFO_TX_BITRATE)) 2450 goto nla_put_failure; 2451 } 2452 if (sinfo->filled & STATION_INFO_RX_BITRATE) { 2453 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 2454 NL80211_STA_INFO_RX_BITRATE)) 2455 goto nla_put_failure; 2456 } 2457 if (sinfo->filled & STATION_INFO_RX_PACKETS) 2458 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS, 2459 sinfo->rx_packets); 2460 if (sinfo->filled & STATION_INFO_TX_PACKETS) 2461 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS, 2462 sinfo->tx_packets); 2463 if (sinfo->filled & STATION_INFO_TX_RETRIES) 2464 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_RETRIES, 2465 sinfo->tx_retries); 2466 if (sinfo->filled & STATION_INFO_TX_FAILED) 2467 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_FAILED, 2468 sinfo->tx_failed); 2469 if (sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) 2470 NLA_PUT_U32(msg, NL80211_STA_INFO_BEACON_LOSS, 2471 sinfo->beacon_loss_count); 2472 if (sinfo->filled & STATION_INFO_BSS_PARAM) { 2473 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM); 2474 if (!bss_param) 2475 goto nla_put_failure; 2476 2477 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) 2478 NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_CTS_PROT); 2479 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) 2480 NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE); 2481 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) 2482 NLA_PUT_FLAG(msg, 2483 NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME); 2484 NLA_PUT_U8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 2485 sinfo->bss_param.dtim_period); 2486 NLA_PUT_U16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 2487 sinfo->bss_param.beacon_interval); 2488 2489 nla_nest_end(msg, bss_param); 2490 } 2491 if (sinfo->filled & STATION_INFO_STA_FLAGS) 2492 NLA_PUT(msg, NL80211_STA_INFO_STA_FLAGS, 2493 sizeof(struct nl80211_sta_flag_update), 2494 &sinfo->sta_flags); 2495 nla_nest_end(msg, sinfoattr); 2496 2497 if (sinfo->filled & STATION_INFO_ASSOC_REQ_IES) 2498 NLA_PUT(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 2499 sinfo->assoc_req_ies); 2500 2501 return genlmsg_end(msg, hdr); 2502 2503 nla_put_failure: 2504 genlmsg_cancel(msg, hdr); 2505 return -EMSGSIZE; 2506 } 2507 2508 static int nl80211_dump_station(struct sk_buff *skb, 2509 struct netlink_callback *cb) 2510 { 2511 struct station_info sinfo; 2512 struct cfg80211_registered_device *dev; 2513 struct net_device *netdev; 2514 u8 mac_addr[ETH_ALEN]; 2515 int sta_idx = cb->args[1]; 2516 int err; 2517 2518 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 2519 if (err) 2520 return err; 2521 2522 if (!dev->ops->dump_station) { 2523 err = -EOPNOTSUPP; 2524 goto out_err; 2525 } 2526 2527 while (1) { 2528 memset(&sinfo, 0, sizeof(sinfo)); 2529 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx, 2530 mac_addr, &sinfo); 2531 if (err == -ENOENT) 2532 break; 2533 if (err) 2534 goto out_err; 2535 2536 if (nl80211_send_station(skb, 2537 NETLINK_CB(cb->skb).pid, 2538 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2539 dev, netdev, mac_addr, 2540 &sinfo) < 0) 2541 goto out; 2542 2543 sta_idx++; 2544 } 2545 2546 2547 out: 2548 cb->args[1] = sta_idx; 2549 err = skb->len; 2550 out_err: 2551 nl80211_finish_netdev_dump(dev); 2552 2553 return err; 2554 } 2555 2556 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 2557 { 2558 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2559 struct net_device *dev = info->user_ptr[1]; 2560 struct station_info sinfo; 2561 struct sk_buff *msg; 2562 u8 *mac_addr = NULL; 2563 int err; 2564 2565 memset(&sinfo, 0, sizeof(sinfo)); 2566 2567 if (!info->attrs[NL80211_ATTR_MAC]) 2568 return -EINVAL; 2569 2570 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2571 2572 if (!rdev->ops->get_station) 2573 return -EOPNOTSUPP; 2574 2575 err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo); 2576 if (err) 2577 return err; 2578 2579 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2580 if (!msg) 2581 return -ENOMEM; 2582 2583 if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0, 2584 rdev, dev, mac_addr, &sinfo) < 0) { 2585 nlmsg_free(msg); 2586 return -ENOBUFS; 2587 } 2588 2589 return genlmsg_reply(msg, info); 2590 } 2591 2592 /* 2593 * Get vlan interface making sure it is running and on the right wiphy. 2594 */ 2595 static struct net_device *get_vlan(struct genl_info *info, 2596 struct cfg80211_registered_device *rdev) 2597 { 2598 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 2599 struct net_device *v; 2600 int ret; 2601 2602 if (!vlanattr) 2603 return NULL; 2604 2605 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 2606 if (!v) 2607 return ERR_PTR(-ENODEV); 2608 2609 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 2610 ret = -EINVAL; 2611 goto error; 2612 } 2613 2614 if (!netif_running(v)) { 2615 ret = -ENETDOWN; 2616 goto error; 2617 } 2618 2619 return v; 2620 error: 2621 dev_put(v); 2622 return ERR_PTR(ret); 2623 } 2624 2625 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 2626 { 2627 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2628 int err; 2629 struct net_device *dev = info->user_ptr[1]; 2630 struct station_parameters params; 2631 u8 *mac_addr = NULL; 2632 2633 memset(¶ms, 0, sizeof(params)); 2634 2635 params.listen_interval = -1; 2636 params.plink_state = -1; 2637 2638 if (info->attrs[NL80211_ATTR_STA_AID]) 2639 return -EINVAL; 2640 2641 if (!info->attrs[NL80211_ATTR_MAC]) 2642 return -EINVAL; 2643 2644 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2645 2646 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 2647 params.supported_rates = 2648 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2649 params.supported_rates_len = 2650 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2651 } 2652 2653 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2654 params.listen_interval = 2655 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2656 2657 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2658 params.ht_capa = 2659 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2660 2661 if (!rdev->ops->change_station) 2662 return -EOPNOTSUPP; 2663 2664 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 2665 return -EINVAL; 2666 2667 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 2668 params.plink_action = 2669 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 2670 2671 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) 2672 params.plink_state = 2673 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 2674 2675 switch (dev->ieee80211_ptr->iftype) { 2676 case NL80211_IFTYPE_AP: 2677 case NL80211_IFTYPE_AP_VLAN: 2678 case NL80211_IFTYPE_P2P_GO: 2679 /* disallow mesh-specific things */ 2680 if (params.plink_action) 2681 return -EINVAL; 2682 2683 /* TDLS can't be set, ... */ 2684 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 2685 return -EINVAL; 2686 /* 2687 * ... but don't bother the driver with it. This works around 2688 * a hostapd/wpa_supplicant issue -- it always includes the 2689 * TLDS_PEER flag in the mask even for AP mode. 2690 */ 2691 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 2692 2693 /* accept only the listed bits */ 2694 if (params.sta_flags_mask & 2695 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 2696 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 2697 BIT(NL80211_STA_FLAG_WME) | 2698 BIT(NL80211_STA_FLAG_MFP))) 2699 return -EINVAL; 2700 2701 /* must be last in here for error handling */ 2702 params.vlan = get_vlan(info, rdev); 2703 if (IS_ERR(params.vlan)) 2704 return PTR_ERR(params.vlan); 2705 break; 2706 case NL80211_IFTYPE_P2P_CLIENT: 2707 case NL80211_IFTYPE_STATION: 2708 /* 2709 * Don't allow userspace to change the TDLS_PEER flag, 2710 * but silently ignore attempts to change it since we 2711 * don't have state here to verify that it doesn't try 2712 * to change the flag. 2713 */ 2714 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 2715 /* fall through */ 2716 case NL80211_IFTYPE_ADHOC: 2717 /* disallow things sta doesn't support */ 2718 if (params.plink_action) 2719 return -EINVAL; 2720 if (params.ht_capa) 2721 return -EINVAL; 2722 if (params.listen_interval >= 0) 2723 return -EINVAL; 2724 /* reject any changes other than AUTHORIZED */ 2725 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 2726 return -EINVAL; 2727 break; 2728 case NL80211_IFTYPE_MESH_POINT: 2729 /* disallow things mesh doesn't support */ 2730 if (params.vlan) 2731 return -EINVAL; 2732 if (params.ht_capa) 2733 return -EINVAL; 2734 if (params.listen_interval >= 0) 2735 return -EINVAL; 2736 /* 2737 * No special handling for TDLS here -- the userspace 2738 * mesh code doesn't have this bug. 2739 */ 2740 if (params.sta_flags_mask & 2741 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 2742 BIT(NL80211_STA_FLAG_MFP) | 2743 BIT(NL80211_STA_FLAG_AUTHORIZED))) 2744 return -EINVAL; 2745 break; 2746 default: 2747 return -EOPNOTSUPP; 2748 } 2749 2750 /* be aware of params.vlan when changing code here */ 2751 2752 err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2753 2754 if (params.vlan) 2755 dev_put(params.vlan); 2756 2757 return err; 2758 } 2759 2760 static struct nla_policy 2761 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = { 2762 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 2763 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 2764 }; 2765 2766 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 2767 { 2768 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2769 int err; 2770 struct net_device *dev = info->user_ptr[1]; 2771 struct station_parameters params; 2772 u8 *mac_addr = NULL; 2773 2774 memset(¶ms, 0, sizeof(params)); 2775 2776 if (!info->attrs[NL80211_ATTR_MAC]) 2777 return -EINVAL; 2778 2779 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2780 return -EINVAL; 2781 2782 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 2783 return -EINVAL; 2784 2785 if (!info->attrs[NL80211_ATTR_STA_AID]) 2786 return -EINVAL; 2787 2788 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2789 params.supported_rates = 2790 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2791 params.supported_rates_len = 2792 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2793 params.listen_interval = 2794 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2795 2796 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 2797 if (!params.aid || params.aid > IEEE80211_MAX_AID) 2798 return -EINVAL; 2799 2800 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2801 params.ht_capa = 2802 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2803 2804 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 2805 params.plink_action = 2806 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 2807 2808 if (!rdev->ops->add_station) 2809 return -EOPNOTSUPP; 2810 2811 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 2812 return -EINVAL; 2813 2814 switch (dev->ieee80211_ptr->iftype) { 2815 case NL80211_IFTYPE_AP: 2816 case NL80211_IFTYPE_AP_VLAN: 2817 case NL80211_IFTYPE_P2P_GO: 2818 /* parse WME attributes if sta is WME capable */ 2819 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 2820 (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) && 2821 info->attrs[NL80211_ATTR_STA_WME]) { 2822 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 2823 struct nlattr *nla; 2824 2825 nla = info->attrs[NL80211_ATTR_STA_WME]; 2826 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 2827 nl80211_sta_wme_policy); 2828 if (err) 2829 return err; 2830 2831 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 2832 params.uapsd_queues = 2833 nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]); 2834 if (params.uapsd_queues & 2835 ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 2836 return -EINVAL; 2837 2838 if (tb[NL80211_STA_WME_MAX_SP]) 2839 params.max_sp = 2840 nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 2841 2842 if (params.max_sp & 2843 ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 2844 return -EINVAL; 2845 2846 params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 2847 } 2848 /* TDLS peers cannot be added */ 2849 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 2850 return -EINVAL; 2851 /* but don't bother the driver with it */ 2852 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 2853 2854 /* must be last in here for error handling */ 2855 params.vlan = get_vlan(info, rdev); 2856 if (IS_ERR(params.vlan)) 2857 return PTR_ERR(params.vlan); 2858 break; 2859 case NL80211_IFTYPE_MESH_POINT: 2860 /* TDLS peers cannot be added */ 2861 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 2862 return -EINVAL; 2863 break; 2864 case NL80211_IFTYPE_STATION: 2865 /* Only TDLS peers can be added */ 2866 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 2867 return -EINVAL; 2868 /* Can only add if TDLS ... */ 2869 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 2870 return -EOPNOTSUPP; 2871 /* ... with external setup is supported */ 2872 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 2873 return -EOPNOTSUPP; 2874 break; 2875 default: 2876 return -EOPNOTSUPP; 2877 } 2878 2879 /* be aware of params.vlan when changing code here */ 2880 2881 err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2882 2883 if (params.vlan) 2884 dev_put(params.vlan); 2885 return err; 2886 } 2887 2888 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 2889 { 2890 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2891 struct net_device *dev = info->user_ptr[1]; 2892 u8 *mac_addr = NULL; 2893 2894 if (info->attrs[NL80211_ATTR_MAC]) 2895 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2896 2897 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2898 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 2899 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 2900 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2901 return -EINVAL; 2902 2903 if (!rdev->ops->del_station) 2904 return -EOPNOTSUPP; 2905 2906 return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr); 2907 } 2908 2909 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq, 2910 int flags, struct net_device *dev, 2911 u8 *dst, u8 *next_hop, 2912 struct mpath_info *pinfo) 2913 { 2914 void *hdr; 2915 struct nlattr *pinfoattr; 2916 2917 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 2918 if (!hdr) 2919 return -1; 2920 2921 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2922 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 2923 NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop); 2924 2925 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation); 2926 2927 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 2928 if (!pinfoattr) 2929 goto nla_put_failure; 2930 if (pinfo->filled & MPATH_INFO_FRAME_QLEN) 2931 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 2932 pinfo->frame_qlen); 2933 if (pinfo->filled & MPATH_INFO_SN) 2934 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN, 2935 pinfo->sn); 2936 if (pinfo->filled & MPATH_INFO_METRIC) 2937 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC, 2938 pinfo->metric); 2939 if (pinfo->filled & MPATH_INFO_EXPTIME) 2940 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME, 2941 pinfo->exptime); 2942 if (pinfo->filled & MPATH_INFO_FLAGS) 2943 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS, 2944 pinfo->flags); 2945 if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) 2946 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 2947 pinfo->discovery_timeout); 2948 if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) 2949 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 2950 pinfo->discovery_retries); 2951 2952 nla_nest_end(msg, pinfoattr); 2953 2954 return genlmsg_end(msg, hdr); 2955 2956 nla_put_failure: 2957 genlmsg_cancel(msg, hdr); 2958 return -EMSGSIZE; 2959 } 2960 2961 static int nl80211_dump_mpath(struct sk_buff *skb, 2962 struct netlink_callback *cb) 2963 { 2964 struct mpath_info pinfo; 2965 struct cfg80211_registered_device *dev; 2966 struct net_device *netdev; 2967 u8 dst[ETH_ALEN]; 2968 u8 next_hop[ETH_ALEN]; 2969 int path_idx = cb->args[1]; 2970 int err; 2971 2972 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 2973 if (err) 2974 return err; 2975 2976 if (!dev->ops->dump_mpath) { 2977 err = -EOPNOTSUPP; 2978 goto out_err; 2979 } 2980 2981 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2982 err = -EOPNOTSUPP; 2983 goto out_err; 2984 } 2985 2986 while (1) { 2987 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx, 2988 dst, next_hop, &pinfo); 2989 if (err == -ENOENT) 2990 break; 2991 if (err) 2992 goto out_err; 2993 2994 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid, 2995 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2996 netdev, dst, next_hop, 2997 &pinfo) < 0) 2998 goto out; 2999 3000 path_idx++; 3001 } 3002 3003 3004 out: 3005 cb->args[1] = path_idx; 3006 err = skb->len; 3007 out_err: 3008 nl80211_finish_netdev_dump(dev); 3009 return err; 3010 } 3011 3012 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 3013 { 3014 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3015 int err; 3016 struct net_device *dev = info->user_ptr[1]; 3017 struct mpath_info pinfo; 3018 struct sk_buff *msg; 3019 u8 *dst = NULL; 3020 u8 next_hop[ETH_ALEN]; 3021 3022 memset(&pinfo, 0, sizeof(pinfo)); 3023 3024 if (!info->attrs[NL80211_ATTR_MAC]) 3025 return -EINVAL; 3026 3027 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3028 3029 if (!rdev->ops->get_mpath) 3030 return -EOPNOTSUPP; 3031 3032 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3033 return -EOPNOTSUPP; 3034 3035 err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo); 3036 if (err) 3037 return err; 3038 3039 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3040 if (!msg) 3041 return -ENOMEM; 3042 3043 if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0, 3044 dev, dst, next_hop, &pinfo) < 0) { 3045 nlmsg_free(msg); 3046 return -ENOBUFS; 3047 } 3048 3049 return genlmsg_reply(msg, info); 3050 } 3051 3052 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 3053 { 3054 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3055 struct net_device *dev = info->user_ptr[1]; 3056 u8 *dst = NULL; 3057 u8 *next_hop = NULL; 3058 3059 if (!info->attrs[NL80211_ATTR_MAC]) 3060 return -EINVAL; 3061 3062 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3063 return -EINVAL; 3064 3065 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3066 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3067 3068 if (!rdev->ops->change_mpath) 3069 return -EOPNOTSUPP; 3070 3071 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3072 return -EOPNOTSUPP; 3073 3074 return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop); 3075 } 3076 3077 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 3078 { 3079 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3080 struct net_device *dev = info->user_ptr[1]; 3081 u8 *dst = NULL; 3082 u8 *next_hop = NULL; 3083 3084 if (!info->attrs[NL80211_ATTR_MAC]) 3085 return -EINVAL; 3086 3087 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3088 return -EINVAL; 3089 3090 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3091 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3092 3093 if (!rdev->ops->add_mpath) 3094 return -EOPNOTSUPP; 3095 3096 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3097 return -EOPNOTSUPP; 3098 3099 return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop); 3100 } 3101 3102 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 3103 { 3104 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3105 struct net_device *dev = info->user_ptr[1]; 3106 u8 *dst = NULL; 3107 3108 if (info->attrs[NL80211_ATTR_MAC]) 3109 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3110 3111 if (!rdev->ops->del_mpath) 3112 return -EOPNOTSUPP; 3113 3114 return rdev->ops->del_mpath(&rdev->wiphy, dev, dst); 3115 } 3116 3117 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 3118 { 3119 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3120 struct net_device *dev = info->user_ptr[1]; 3121 struct bss_parameters params; 3122 3123 memset(¶ms, 0, sizeof(params)); 3124 /* default to not changing parameters */ 3125 params.use_cts_prot = -1; 3126 params.use_short_preamble = -1; 3127 params.use_short_slot_time = -1; 3128 params.ap_isolate = -1; 3129 params.ht_opmode = -1; 3130 3131 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 3132 params.use_cts_prot = 3133 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 3134 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 3135 params.use_short_preamble = 3136 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 3137 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 3138 params.use_short_slot_time = 3139 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 3140 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 3141 params.basic_rates = 3142 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3143 params.basic_rates_len = 3144 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3145 } 3146 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 3147 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 3148 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 3149 params.ht_opmode = 3150 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 3151 3152 if (!rdev->ops->change_bss) 3153 return -EOPNOTSUPP; 3154 3155 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3156 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3157 return -EOPNOTSUPP; 3158 3159 return rdev->ops->change_bss(&rdev->wiphy, dev, ¶ms); 3160 } 3161 3162 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 3163 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 3164 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 3165 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 3166 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 3167 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 3168 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 3169 }; 3170 3171 static int parse_reg_rule(struct nlattr *tb[], 3172 struct ieee80211_reg_rule *reg_rule) 3173 { 3174 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 3175 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 3176 3177 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 3178 return -EINVAL; 3179 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 3180 return -EINVAL; 3181 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 3182 return -EINVAL; 3183 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 3184 return -EINVAL; 3185 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 3186 return -EINVAL; 3187 3188 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 3189 3190 freq_range->start_freq_khz = 3191 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 3192 freq_range->end_freq_khz = 3193 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 3194 freq_range->max_bandwidth_khz = 3195 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 3196 3197 power_rule->max_eirp = 3198 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 3199 3200 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 3201 power_rule->max_antenna_gain = 3202 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 3203 3204 return 0; 3205 } 3206 3207 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 3208 { 3209 int r; 3210 char *data = NULL; 3211 3212 /* 3213 * You should only get this when cfg80211 hasn't yet initialized 3214 * completely when built-in to the kernel right between the time 3215 * window between nl80211_init() and regulatory_init(), if that is 3216 * even possible. 3217 */ 3218 mutex_lock(&cfg80211_mutex); 3219 if (unlikely(!cfg80211_regdomain)) { 3220 mutex_unlock(&cfg80211_mutex); 3221 return -EINPROGRESS; 3222 } 3223 mutex_unlock(&cfg80211_mutex); 3224 3225 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 3226 return -EINVAL; 3227 3228 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 3229 3230 r = regulatory_hint_user(data); 3231 3232 return r; 3233 } 3234 3235 static int nl80211_get_mesh_config(struct sk_buff *skb, 3236 struct genl_info *info) 3237 { 3238 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3239 struct net_device *dev = info->user_ptr[1]; 3240 struct wireless_dev *wdev = dev->ieee80211_ptr; 3241 struct mesh_config cur_params; 3242 int err = 0; 3243 void *hdr; 3244 struct nlattr *pinfoattr; 3245 struct sk_buff *msg; 3246 3247 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 3248 return -EOPNOTSUPP; 3249 3250 if (!rdev->ops->get_mesh_config) 3251 return -EOPNOTSUPP; 3252 3253 wdev_lock(wdev); 3254 /* If not connected, get default parameters */ 3255 if (!wdev->mesh_id_len) 3256 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 3257 else 3258 err = rdev->ops->get_mesh_config(&rdev->wiphy, dev, 3259 &cur_params); 3260 wdev_unlock(wdev); 3261 3262 if (err) 3263 return err; 3264 3265 /* Draw up a netlink message to send back */ 3266 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3267 if (!msg) 3268 return -ENOMEM; 3269 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 3270 NL80211_CMD_GET_MESH_CONFIG); 3271 if (!hdr) 3272 goto out; 3273 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); 3274 if (!pinfoattr) 3275 goto nla_put_failure; 3276 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 3277 NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 3278 cur_params.dot11MeshRetryTimeout); 3279 NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 3280 cur_params.dot11MeshConfirmTimeout); 3281 NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 3282 cur_params.dot11MeshHoldingTimeout); 3283 NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 3284 cur_params.dot11MeshMaxPeerLinks); 3285 NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES, 3286 cur_params.dot11MeshMaxRetries); 3287 NLA_PUT_U8(msg, NL80211_MESHCONF_TTL, 3288 cur_params.dot11MeshTTL); 3289 NLA_PUT_U8(msg, NL80211_MESHCONF_ELEMENT_TTL, 3290 cur_params.element_ttl); 3291 NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 3292 cur_params.auto_open_plinks); 3293 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3294 cur_params.dot11MeshHWMPmaxPREQretries); 3295 NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 3296 cur_params.path_refresh_time); 3297 NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3298 cur_params.min_discovery_timeout); 3299 NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3300 cur_params.dot11MeshHWMPactivePathTimeout); 3301 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3302 cur_params.dot11MeshHWMPpreqMinInterval); 3303 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3304 cur_params.dot11MeshHWMPperrMinInterval); 3305 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3306 cur_params.dot11MeshHWMPnetDiameterTraversalTime); 3307 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 3308 cur_params.dot11MeshHWMPRootMode); 3309 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3310 cur_params.dot11MeshHWMPRannInterval); 3311 NLA_PUT_U8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3312 cur_params.dot11MeshGateAnnouncementProtocol); 3313 NLA_PUT_U8(msg, NL80211_MESHCONF_FORWARDING, 3314 cur_params.dot11MeshForwarding); 3315 NLA_PUT_U32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 3316 cur_params.rssi_threshold); 3317 nla_nest_end(msg, pinfoattr); 3318 genlmsg_end(msg, hdr); 3319 return genlmsg_reply(msg, info); 3320 3321 nla_put_failure: 3322 genlmsg_cancel(msg, hdr); 3323 out: 3324 nlmsg_free(msg); 3325 return -ENOBUFS; 3326 } 3327 3328 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 3329 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 3330 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 3331 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 3332 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 3333 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 3334 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 3335 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 }, 3336 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 3337 3338 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 3339 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 3340 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 3341 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 3342 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 3343 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 }, 3344 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 3345 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 }, 3346 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 }, 3347 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 }, 3348 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 }, 3349 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32}, 3350 }; 3351 3352 static const struct nla_policy 3353 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 3354 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 3355 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 3356 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 3357 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY, 3358 .len = IEEE80211_MAX_DATA_LEN }, 3359 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 3360 }; 3361 3362 static int nl80211_parse_mesh_config(struct genl_info *info, 3363 struct mesh_config *cfg, 3364 u32 *mask_out) 3365 { 3366 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 3367 u32 mask = 0; 3368 3369 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \ 3370 do {\ 3371 if (table[attr_num]) {\ 3372 cfg->param = nla_fn(table[attr_num]); \ 3373 mask |= (1 << (attr_num - 1)); \ 3374 } \ 3375 } while (0);\ 3376 3377 3378 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 3379 return -EINVAL; 3380 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 3381 info->attrs[NL80211_ATTR_MESH_CONFIG], 3382 nl80211_meshconf_params_policy)) 3383 return -EINVAL; 3384 3385 /* This makes sure that there aren't more than 32 mesh config 3386 * parameters (otherwise our bitfield scheme would not work.) */ 3387 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 3388 3389 /* Fill in the params struct */ 3390 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 3391 mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16); 3392 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 3393 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16); 3394 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 3395 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16); 3396 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 3397 mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16); 3398 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 3399 mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8); 3400 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 3401 mask, NL80211_MESHCONF_TTL, nla_get_u8); 3402 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 3403 mask, NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8); 3404 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 3405 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8); 3406 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 3407 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3408 nla_get_u8); 3409 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 3410 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32); 3411 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 3412 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3413 nla_get_u16); 3414 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 3415 mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3416 nla_get_u32); 3417 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 3418 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3419 nla_get_u16); 3420 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, 3421 mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3422 nla_get_u16); 3423 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3424 dot11MeshHWMPnetDiameterTraversalTime, 3425 mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3426 nla_get_u16); 3427 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3428 dot11MeshHWMPRootMode, mask, 3429 NL80211_MESHCONF_HWMP_ROOTMODE, 3430 nla_get_u8); 3431 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3432 dot11MeshHWMPRannInterval, mask, 3433 NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3434 nla_get_u16); 3435 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3436 dot11MeshGateAnnouncementProtocol, mask, 3437 NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3438 nla_get_u8); 3439 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 3440 mask, NL80211_MESHCONF_FORWARDING, nla_get_u8); 3441 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 3442 mask, NL80211_MESHCONF_RSSI_THRESHOLD, nla_get_u32); 3443 if (mask_out) 3444 *mask_out = mask; 3445 3446 return 0; 3447 3448 #undef FILL_IN_MESH_PARAM_IF_SET 3449 } 3450 3451 static int nl80211_parse_mesh_setup(struct genl_info *info, 3452 struct mesh_setup *setup) 3453 { 3454 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 3455 3456 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 3457 return -EINVAL; 3458 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX, 3459 info->attrs[NL80211_ATTR_MESH_SETUP], 3460 nl80211_mesh_setup_params_policy)) 3461 return -EINVAL; 3462 3463 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 3464 setup->path_sel_proto = 3465 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 3466 IEEE80211_PATH_PROTOCOL_VENDOR : 3467 IEEE80211_PATH_PROTOCOL_HWMP; 3468 3469 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 3470 setup->path_metric = 3471 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 3472 IEEE80211_PATH_METRIC_VENDOR : 3473 IEEE80211_PATH_METRIC_AIRTIME; 3474 3475 3476 if (tb[NL80211_MESH_SETUP_IE]) { 3477 struct nlattr *ieattr = 3478 tb[NL80211_MESH_SETUP_IE]; 3479 if (!is_valid_ie_attr(ieattr)) 3480 return -EINVAL; 3481 setup->ie = nla_data(ieattr); 3482 setup->ie_len = nla_len(ieattr); 3483 } 3484 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 3485 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 3486 3487 return 0; 3488 } 3489 3490 static int nl80211_update_mesh_config(struct sk_buff *skb, 3491 struct genl_info *info) 3492 { 3493 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3494 struct net_device *dev = info->user_ptr[1]; 3495 struct wireless_dev *wdev = dev->ieee80211_ptr; 3496 struct mesh_config cfg; 3497 u32 mask; 3498 int err; 3499 3500 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 3501 return -EOPNOTSUPP; 3502 3503 if (!rdev->ops->update_mesh_config) 3504 return -EOPNOTSUPP; 3505 3506 err = nl80211_parse_mesh_config(info, &cfg, &mask); 3507 if (err) 3508 return err; 3509 3510 wdev_lock(wdev); 3511 if (!wdev->mesh_id_len) 3512 err = -ENOLINK; 3513 3514 if (!err) 3515 err = rdev->ops->update_mesh_config(&rdev->wiphy, dev, 3516 mask, &cfg); 3517 3518 wdev_unlock(wdev); 3519 3520 return err; 3521 } 3522 3523 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 3524 { 3525 struct sk_buff *msg; 3526 void *hdr = NULL; 3527 struct nlattr *nl_reg_rules; 3528 unsigned int i; 3529 int err = -EINVAL; 3530 3531 mutex_lock(&cfg80211_mutex); 3532 3533 if (!cfg80211_regdomain) 3534 goto out; 3535 3536 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3537 if (!msg) { 3538 err = -ENOBUFS; 3539 goto out; 3540 } 3541 3542 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 3543 NL80211_CMD_GET_REG); 3544 if (!hdr) 3545 goto put_failure; 3546 3547 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, 3548 cfg80211_regdomain->alpha2); 3549 if (cfg80211_regdomain->dfs_region) 3550 NLA_PUT_U8(msg, NL80211_ATTR_DFS_REGION, 3551 cfg80211_regdomain->dfs_region); 3552 3553 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 3554 if (!nl_reg_rules) 3555 goto nla_put_failure; 3556 3557 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) { 3558 struct nlattr *nl_reg_rule; 3559 const struct ieee80211_reg_rule *reg_rule; 3560 const struct ieee80211_freq_range *freq_range; 3561 const struct ieee80211_power_rule *power_rule; 3562 3563 reg_rule = &cfg80211_regdomain->reg_rules[i]; 3564 freq_range = ®_rule->freq_range; 3565 power_rule = ®_rule->power_rule; 3566 3567 nl_reg_rule = nla_nest_start(msg, i); 3568 if (!nl_reg_rule) 3569 goto nla_put_failure; 3570 3571 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS, 3572 reg_rule->flags); 3573 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START, 3574 freq_range->start_freq_khz); 3575 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END, 3576 freq_range->end_freq_khz); 3577 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 3578 freq_range->max_bandwidth_khz); 3579 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 3580 power_rule->max_antenna_gain); 3581 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 3582 power_rule->max_eirp); 3583 3584 nla_nest_end(msg, nl_reg_rule); 3585 } 3586 3587 nla_nest_end(msg, nl_reg_rules); 3588 3589 genlmsg_end(msg, hdr); 3590 err = genlmsg_reply(msg, info); 3591 goto out; 3592 3593 nla_put_failure: 3594 genlmsg_cancel(msg, hdr); 3595 put_failure: 3596 nlmsg_free(msg); 3597 err = -EMSGSIZE; 3598 out: 3599 mutex_unlock(&cfg80211_mutex); 3600 return err; 3601 } 3602 3603 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 3604 { 3605 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 3606 struct nlattr *nl_reg_rule; 3607 char *alpha2 = NULL; 3608 int rem_reg_rules = 0, r = 0; 3609 u32 num_rules = 0, rule_idx = 0, size_of_regd; 3610 u8 dfs_region = 0; 3611 struct ieee80211_regdomain *rd = NULL; 3612 3613 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 3614 return -EINVAL; 3615 3616 if (!info->attrs[NL80211_ATTR_REG_RULES]) 3617 return -EINVAL; 3618 3619 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 3620 3621 if (info->attrs[NL80211_ATTR_DFS_REGION]) 3622 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 3623 3624 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 3625 rem_reg_rules) { 3626 num_rules++; 3627 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 3628 return -EINVAL; 3629 } 3630 3631 mutex_lock(&cfg80211_mutex); 3632 3633 if (!reg_is_valid_request(alpha2)) { 3634 r = -EINVAL; 3635 goto bad_reg; 3636 } 3637 3638 size_of_regd = sizeof(struct ieee80211_regdomain) + 3639 (num_rules * sizeof(struct ieee80211_reg_rule)); 3640 3641 rd = kzalloc(size_of_regd, GFP_KERNEL); 3642 if (!rd) { 3643 r = -ENOMEM; 3644 goto bad_reg; 3645 } 3646 3647 rd->n_reg_rules = num_rules; 3648 rd->alpha2[0] = alpha2[0]; 3649 rd->alpha2[1] = alpha2[1]; 3650 3651 /* 3652 * Disable DFS master mode if the DFS region was 3653 * not supported or known on this kernel. 3654 */ 3655 if (reg_supported_dfs_region(dfs_region)) 3656 rd->dfs_region = dfs_region; 3657 3658 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 3659 rem_reg_rules) { 3660 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 3661 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 3662 reg_rule_policy); 3663 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 3664 if (r) 3665 goto bad_reg; 3666 3667 rule_idx++; 3668 3669 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 3670 r = -EINVAL; 3671 goto bad_reg; 3672 } 3673 } 3674 3675 BUG_ON(rule_idx != num_rules); 3676 3677 r = set_regdom(rd); 3678 3679 mutex_unlock(&cfg80211_mutex); 3680 3681 return r; 3682 3683 bad_reg: 3684 mutex_unlock(&cfg80211_mutex); 3685 kfree(rd); 3686 return r; 3687 } 3688 3689 static int validate_scan_freqs(struct nlattr *freqs) 3690 { 3691 struct nlattr *attr1, *attr2; 3692 int n_channels = 0, tmp1, tmp2; 3693 3694 nla_for_each_nested(attr1, freqs, tmp1) { 3695 n_channels++; 3696 /* 3697 * Some hardware has a limited channel list for 3698 * scanning, and it is pretty much nonsensical 3699 * to scan for a channel twice, so disallow that 3700 * and don't require drivers to check that the 3701 * channel list they get isn't longer than what 3702 * they can scan, as long as they can scan all 3703 * the channels they registered at once. 3704 */ 3705 nla_for_each_nested(attr2, freqs, tmp2) 3706 if (attr1 != attr2 && 3707 nla_get_u32(attr1) == nla_get_u32(attr2)) 3708 return 0; 3709 } 3710 3711 return n_channels; 3712 } 3713 3714 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 3715 { 3716 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3717 struct net_device *dev = info->user_ptr[1]; 3718 struct cfg80211_scan_request *request; 3719 struct nlattr *attr; 3720 struct wiphy *wiphy; 3721 int err, tmp, n_ssids = 0, n_channels, i; 3722 size_t ie_len; 3723 3724 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3725 return -EINVAL; 3726 3727 wiphy = &rdev->wiphy; 3728 3729 if (!rdev->ops->scan) 3730 return -EOPNOTSUPP; 3731 3732 if (rdev->scan_req) 3733 return -EBUSY; 3734 3735 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3736 n_channels = validate_scan_freqs( 3737 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 3738 if (!n_channels) 3739 return -EINVAL; 3740 } else { 3741 enum ieee80211_band band; 3742 n_channels = 0; 3743 3744 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 3745 if (wiphy->bands[band]) 3746 n_channels += wiphy->bands[band]->n_channels; 3747 } 3748 3749 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 3750 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 3751 n_ssids++; 3752 3753 if (n_ssids > wiphy->max_scan_ssids) 3754 return -EINVAL; 3755 3756 if (info->attrs[NL80211_ATTR_IE]) 3757 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3758 else 3759 ie_len = 0; 3760 3761 if (ie_len > wiphy->max_scan_ie_len) 3762 return -EINVAL; 3763 3764 request = kzalloc(sizeof(*request) 3765 + sizeof(*request->ssids) * n_ssids 3766 + sizeof(*request->channels) * n_channels 3767 + ie_len, GFP_KERNEL); 3768 if (!request) 3769 return -ENOMEM; 3770 3771 if (n_ssids) 3772 request->ssids = (void *)&request->channels[n_channels]; 3773 request->n_ssids = n_ssids; 3774 if (ie_len) { 3775 if (request->ssids) 3776 request->ie = (void *)(request->ssids + n_ssids); 3777 else 3778 request->ie = (void *)(request->channels + n_channels); 3779 } 3780 3781 i = 0; 3782 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3783 /* user specified, bail out if channel not found */ 3784 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 3785 struct ieee80211_channel *chan; 3786 3787 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 3788 3789 if (!chan) { 3790 err = -EINVAL; 3791 goto out_free; 3792 } 3793 3794 /* ignore disabled channels */ 3795 if (chan->flags & IEEE80211_CHAN_DISABLED) 3796 continue; 3797 3798 request->channels[i] = chan; 3799 i++; 3800 } 3801 } else { 3802 enum ieee80211_band band; 3803 3804 /* all channels */ 3805 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 3806 int j; 3807 if (!wiphy->bands[band]) 3808 continue; 3809 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 3810 struct ieee80211_channel *chan; 3811 3812 chan = &wiphy->bands[band]->channels[j]; 3813 3814 if (chan->flags & IEEE80211_CHAN_DISABLED) 3815 continue; 3816 3817 request->channels[i] = chan; 3818 i++; 3819 } 3820 } 3821 } 3822 3823 if (!i) { 3824 err = -EINVAL; 3825 goto out_free; 3826 } 3827 3828 request->n_channels = i; 3829 3830 i = 0; 3831 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 3832 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 3833 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 3834 err = -EINVAL; 3835 goto out_free; 3836 } 3837 request->ssids[i].ssid_len = nla_len(attr); 3838 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 3839 i++; 3840 } 3841 } 3842 3843 if (info->attrs[NL80211_ATTR_IE]) { 3844 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3845 memcpy((void *)request->ie, 3846 nla_data(info->attrs[NL80211_ATTR_IE]), 3847 request->ie_len); 3848 } 3849 3850 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 3851 if (wiphy->bands[i]) 3852 request->rates[i] = 3853 (1 << wiphy->bands[i]->n_bitrates) - 1; 3854 3855 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 3856 nla_for_each_nested(attr, 3857 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 3858 tmp) { 3859 enum ieee80211_band band = nla_type(attr); 3860 3861 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 3862 err = -EINVAL; 3863 goto out_free; 3864 } 3865 err = ieee80211_get_ratemask(wiphy->bands[band], 3866 nla_data(attr), 3867 nla_len(attr), 3868 &request->rates[band]); 3869 if (err) 3870 goto out_free; 3871 } 3872 } 3873 3874 request->no_cck = 3875 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 3876 3877 request->dev = dev; 3878 request->wiphy = &rdev->wiphy; 3879 3880 rdev->scan_req = request; 3881 err = rdev->ops->scan(&rdev->wiphy, dev, request); 3882 3883 if (!err) { 3884 nl80211_send_scan_start(rdev, dev); 3885 dev_hold(dev); 3886 } else { 3887 out_free: 3888 rdev->scan_req = NULL; 3889 kfree(request); 3890 } 3891 3892 return err; 3893 } 3894 3895 static int nl80211_start_sched_scan(struct sk_buff *skb, 3896 struct genl_info *info) 3897 { 3898 struct cfg80211_sched_scan_request *request; 3899 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3900 struct net_device *dev = info->user_ptr[1]; 3901 struct nlattr *attr; 3902 struct wiphy *wiphy; 3903 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i; 3904 u32 interval; 3905 enum ieee80211_band band; 3906 size_t ie_len; 3907 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 3908 3909 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 3910 !rdev->ops->sched_scan_start) 3911 return -EOPNOTSUPP; 3912 3913 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3914 return -EINVAL; 3915 3916 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 3917 return -EINVAL; 3918 3919 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 3920 if (interval == 0) 3921 return -EINVAL; 3922 3923 wiphy = &rdev->wiphy; 3924 3925 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3926 n_channels = validate_scan_freqs( 3927 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 3928 if (!n_channels) 3929 return -EINVAL; 3930 } else { 3931 n_channels = 0; 3932 3933 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 3934 if (wiphy->bands[band]) 3935 n_channels += wiphy->bands[band]->n_channels; 3936 } 3937 3938 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 3939 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 3940 tmp) 3941 n_ssids++; 3942 3943 if (n_ssids > wiphy->max_sched_scan_ssids) 3944 return -EINVAL; 3945 3946 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) 3947 nla_for_each_nested(attr, 3948 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 3949 tmp) 3950 n_match_sets++; 3951 3952 if (n_match_sets > wiphy->max_match_sets) 3953 return -EINVAL; 3954 3955 if (info->attrs[NL80211_ATTR_IE]) 3956 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3957 else 3958 ie_len = 0; 3959 3960 if (ie_len > wiphy->max_sched_scan_ie_len) 3961 return -EINVAL; 3962 3963 mutex_lock(&rdev->sched_scan_mtx); 3964 3965 if (rdev->sched_scan_req) { 3966 err = -EINPROGRESS; 3967 goto out; 3968 } 3969 3970 request = kzalloc(sizeof(*request) 3971 + sizeof(*request->ssids) * n_ssids 3972 + sizeof(*request->match_sets) * n_match_sets 3973 + sizeof(*request->channels) * n_channels 3974 + ie_len, GFP_KERNEL); 3975 if (!request) { 3976 err = -ENOMEM; 3977 goto out; 3978 } 3979 3980 if (n_ssids) 3981 request->ssids = (void *)&request->channels[n_channels]; 3982 request->n_ssids = n_ssids; 3983 if (ie_len) { 3984 if (request->ssids) 3985 request->ie = (void *)(request->ssids + n_ssids); 3986 else 3987 request->ie = (void *)(request->channels + n_channels); 3988 } 3989 3990 if (n_match_sets) { 3991 if (request->ie) 3992 request->match_sets = (void *)(request->ie + ie_len); 3993 else if (request->ssids) 3994 request->match_sets = 3995 (void *)(request->ssids + n_ssids); 3996 else 3997 request->match_sets = 3998 (void *)(request->channels + n_channels); 3999 } 4000 request->n_match_sets = n_match_sets; 4001 4002 i = 0; 4003 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4004 /* user specified, bail out if channel not found */ 4005 nla_for_each_nested(attr, 4006 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], 4007 tmp) { 4008 struct ieee80211_channel *chan; 4009 4010 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4011 4012 if (!chan) { 4013 err = -EINVAL; 4014 goto out_free; 4015 } 4016 4017 /* ignore disabled channels */ 4018 if (chan->flags & IEEE80211_CHAN_DISABLED) 4019 continue; 4020 4021 request->channels[i] = chan; 4022 i++; 4023 } 4024 } else { 4025 /* all channels */ 4026 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4027 int j; 4028 if (!wiphy->bands[band]) 4029 continue; 4030 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 4031 struct ieee80211_channel *chan; 4032 4033 chan = &wiphy->bands[band]->channels[j]; 4034 4035 if (chan->flags & IEEE80211_CHAN_DISABLED) 4036 continue; 4037 4038 request->channels[i] = chan; 4039 i++; 4040 } 4041 } 4042 } 4043 4044 if (!i) { 4045 err = -EINVAL; 4046 goto out_free; 4047 } 4048 4049 request->n_channels = i; 4050 4051 i = 0; 4052 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 4053 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4054 tmp) { 4055 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 4056 err = -EINVAL; 4057 goto out_free; 4058 } 4059 request->ssids[i].ssid_len = nla_len(attr); 4060 memcpy(request->ssids[i].ssid, nla_data(attr), 4061 nla_len(attr)); 4062 i++; 4063 } 4064 } 4065 4066 i = 0; 4067 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 4068 nla_for_each_nested(attr, 4069 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4070 tmp) { 4071 struct nlattr *ssid; 4072 4073 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 4074 nla_data(attr), nla_len(attr), 4075 nl80211_match_policy); 4076 ssid = tb[NL80211_ATTR_SCHED_SCAN_MATCH_SSID]; 4077 if (ssid) { 4078 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { 4079 err = -EINVAL; 4080 goto out_free; 4081 } 4082 memcpy(request->match_sets[i].ssid.ssid, 4083 nla_data(ssid), nla_len(ssid)); 4084 request->match_sets[i].ssid.ssid_len = 4085 nla_len(ssid); 4086 } 4087 i++; 4088 } 4089 } 4090 4091 if (info->attrs[NL80211_ATTR_IE]) { 4092 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4093 memcpy((void *)request->ie, 4094 nla_data(info->attrs[NL80211_ATTR_IE]), 4095 request->ie_len); 4096 } 4097 4098 request->dev = dev; 4099 request->wiphy = &rdev->wiphy; 4100 request->interval = interval; 4101 4102 err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request); 4103 if (!err) { 4104 rdev->sched_scan_req = request; 4105 nl80211_send_sched_scan(rdev, dev, 4106 NL80211_CMD_START_SCHED_SCAN); 4107 goto out; 4108 } 4109 4110 out_free: 4111 kfree(request); 4112 out: 4113 mutex_unlock(&rdev->sched_scan_mtx); 4114 return err; 4115 } 4116 4117 static int nl80211_stop_sched_scan(struct sk_buff *skb, 4118 struct genl_info *info) 4119 { 4120 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4121 int err; 4122 4123 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4124 !rdev->ops->sched_scan_stop) 4125 return -EOPNOTSUPP; 4126 4127 mutex_lock(&rdev->sched_scan_mtx); 4128 err = __cfg80211_stop_sched_scan(rdev, false); 4129 mutex_unlock(&rdev->sched_scan_mtx); 4130 4131 return err; 4132 } 4133 4134 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 4135 u32 seq, int flags, 4136 struct cfg80211_registered_device *rdev, 4137 struct wireless_dev *wdev, 4138 struct cfg80211_internal_bss *intbss) 4139 { 4140 struct cfg80211_bss *res = &intbss->pub; 4141 void *hdr; 4142 struct nlattr *bss; 4143 4144 ASSERT_WDEV_LOCK(wdev); 4145 4146 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags, 4147 NL80211_CMD_NEW_SCAN_RESULTS); 4148 if (!hdr) 4149 return -1; 4150 4151 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 4152 4153 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation); 4154 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex); 4155 4156 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 4157 if (!bss) 4158 goto nla_put_failure; 4159 if (!is_zero_ether_addr(res->bssid)) 4160 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid); 4161 if (res->information_elements && res->len_information_elements) 4162 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS, 4163 res->len_information_elements, 4164 res->information_elements); 4165 if (res->beacon_ies && res->len_beacon_ies && 4166 res->beacon_ies != res->information_elements) 4167 NLA_PUT(msg, NL80211_BSS_BEACON_IES, 4168 res->len_beacon_ies, res->beacon_ies); 4169 if (res->tsf) 4170 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf); 4171 if (res->beacon_interval) 4172 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval); 4173 NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability); 4174 NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq); 4175 NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO, 4176 jiffies_to_msecs(jiffies - intbss->ts)); 4177 4178 switch (rdev->wiphy.signal_type) { 4179 case CFG80211_SIGNAL_TYPE_MBM: 4180 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal); 4181 break; 4182 case CFG80211_SIGNAL_TYPE_UNSPEC: 4183 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal); 4184 break; 4185 default: 4186 break; 4187 } 4188 4189 switch (wdev->iftype) { 4190 case NL80211_IFTYPE_P2P_CLIENT: 4191 case NL80211_IFTYPE_STATION: 4192 if (intbss == wdev->current_bss) 4193 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 4194 NL80211_BSS_STATUS_ASSOCIATED); 4195 break; 4196 case NL80211_IFTYPE_ADHOC: 4197 if (intbss == wdev->current_bss) 4198 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 4199 NL80211_BSS_STATUS_IBSS_JOINED); 4200 break; 4201 default: 4202 break; 4203 } 4204 4205 nla_nest_end(msg, bss); 4206 4207 return genlmsg_end(msg, hdr); 4208 4209 nla_put_failure: 4210 genlmsg_cancel(msg, hdr); 4211 return -EMSGSIZE; 4212 } 4213 4214 static int nl80211_dump_scan(struct sk_buff *skb, 4215 struct netlink_callback *cb) 4216 { 4217 struct cfg80211_registered_device *rdev; 4218 struct net_device *dev; 4219 struct cfg80211_internal_bss *scan; 4220 struct wireless_dev *wdev; 4221 int start = cb->args[1], idx = 0; 4222 int err; 4223 4224 err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev); 4225 if (err) 4226 return err; 4227 4228 wdev = dev->ieee80211_ptr; 4229 4230 wdev_lock(wdev); 4231 spin_lock_bh(&rdev->bss_lock); 4232 cfg80211_bss_expire(rdev); 4233 4234 cb->seq = rdev->bss_generation; 4235 4236 list_for_each_entry(scan, &rdev->bss_list, list) { 4237 if (++idx <= start) 4238 continue; 4239 if (nl80211_send_bss(skb, cb, 4240 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4241 rdev, wdev, scan) < 0) { 4242 idx--; 4243 break; 4244 } 4245 } 4246 4247 spin_unlock_bh(&rdev->bss_lock); 4248 wdev_unlock(wdev); 4249 4250 cb->args[1] = idx; 4251 nl80211_finish_netdev_dump(rdev); 4252 4253 return skb->len; 4254 } 4255 4256 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq, 4257 int flags, struct net_device *dev, 4258 struct survey_info *survey) 4259 { 4260 void *hdr; 4261 struct nlattr *infoattr; 4262 4263 hdr = nl80211hdr_put(msg, pid, seq, flags, 4264 NL80211_CMD_NEW_SURVEY_RESULTS); 4265 if (!hdr) 4266 return -ENOMEM; 4267 4268 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 4269 4270 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 4271 if (!infoattr) 4272 goto nla_put_failure; 4273 4274 NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY, 4275 survey->channel->center_freq); 4276 if (survey->filled & SURVEY_INFO_NOISE_DBM) 4277 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE, 4278 survey->noise); 4279 if (survey->filled & SURVEY_INFO_IN_USE) 4280 NLA_PUT_FLAG(msg, NL80211_SURVEY_INFO_IN_USE); 4281 if (survey->filled & SURVEY_INFO_CHANNEL_TIME) 4282 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME, 4283 survey->channel_time); 4284 if (survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) 4285 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY, 4286 survey->channel_time_busy); 4287 if (survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) 4288 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY, 4289 survey->channel_time_ext_busy); 4290 if (survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) 4291 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX, 4292 survey->channel_time_rx); 4293 if (survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) 4294 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX, 4295 survey->channel_time_tx); 4296 4297 nla_nest_end(msg, infoattr); 4298 4299 return genlmsg_end(msg, hdr); 4300 4301 nla_put_failure: 4302 genlmsg_cancel(msg, hdr); 4303 return -EMSGSIZE; 4304 } 4305 4306 static int nl80211_dump_survey(struct sk_buff *skb, 4307 struct netlink_callback *cb) 4308 { 4309 struct survey_info survey; 4310 struct cfg80211_registered_device *dev; 4311 struct net_device *netdev; 4312 int survey_idx = cb->args[1]; 4313 int res; 4314 4315 res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 4316 if (res) 4317 return res; 4318 4319 if (!dev->ops->dump_survey) { 4320 res = -EOPNOTSUPP; 4321 goto out_err; 4322 } 4323 4324 while (1) { 4325 struct ieee80211_channel *chan; 4326 4327 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx, 4328 &survey); 4329 if (res == -ENOENT) 4330 break; 4331 if (res) 4332 goto out_err; 4333 4334 /* Survey without a channel doesn't make sense */ 4335 if (!survey.channel) { 4336 res = -EINVAL; 4337 goto out; 4338 } 4339 4340 chan = ieee80211_get_channel(&dev->wiphy, 4341 survey.channel->center_freq); 4342 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) { 4343 survey_idx++; 4344 continue; 4345 } 4346 4347 if (nl80211_send_survey(skb, 4348 NETLINK_CB(cb->skb).pid, 4349 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4350 netdev, 4351 &survey) < 0) 4352 goto out; 4353 survey_idx++; 4354 } 4355 4356 out: 4357 cb->args[1] = survey_idx; 4358 res = skb->len; 4359 out_err: 4360 nl80211_finish_netdev_dump(dev); 4361 return res; 4362 } 4363 4364 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type) 4365 { 4366 return auth_type <= NL80211_AUTHTYPE_MAX; 4367 } 4368 4369 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 4370 { 4371 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 4372 NL80211_WPA_VERSION_2)); 4373 } 4374 4375 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 4376 { 4377 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4378 struct net_device *dev = info->user_ptr[1]; 4379 struct ieee80211_channel *chan; 4380 const u8 *bssid, *ssid, *ie = NULL; 4381 int err, ssid_len, ie_len = 0; 4382 enum nl80211_auth_type auth_type; 4383 struct key_parse key; 4384 bool local_state_change; 4385 4386 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4387 return -EINVAL; 4388 4389 if (!info->attrs[NL80211_ATTR_MAC]) 4390 return -EINVAL; 4391 4392 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 4393 return -EINVAL; 4394 4395 if (!info->attrs[NL80211_ATTR_SSID]) 4396 return -EINVAL; 4397 4398 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4399 return -EINVAL; 4400 4401 err = nl80211_parse_key(info, &key); 4402 if (err) 4403 return err; 4404 4405 if (key.idx >= 0) { 4406 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 4407 return -EINVAL; 4408 if (!key.p.key || !key.p.key_len) 4409 return -EINVAL; 4410 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 4411 key.p.key_len != WLAN_KEY_LEN_WEP40) && 4412 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 4413 key.p.key_len != WLAN_KEY_LEN_WEP104)) 4414 return -EINVAL; 4415 if (key.idx > 4) 4416 return -EINVAL; 4417 } else { 4418 key.p.key_len = 0; 4419 key.p.key = NULL; 4420 } 4421 4422 if (key.idx >= 0) { 4423 int i; 4424 bool ok = false; 4425 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 4426 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 4427 ok = true; 4428 break; 4429 } 4430 } 4431 if (!ok) 4432 return -EINVAL; 4433 } 4434 4435 if (!rdev->ops->auth) 4436 return -EOPNOTSUPP; 4437 4438 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4439 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4440 return -EOPNOTSUPP; 4441 4442 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4443 chan = ieee80211_get_channel(&rdev->wiphy, 4444 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4445 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 4446 return -EINVAL; 4447 4448 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4449 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4450 4451 if (info->attrs[NL80211_ATTR_IE]) { 4452 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4453 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4454 } 4455 4456 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 4457 if (!nl80211_valid_auth_type(auth_type)) 4458 return -EINVAL; 4459 4460 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4461 4462 /* 4463 * Since we no longer track auth state, ignore 4464 * requests to only change local state. 4465 */ 4466 if (local_state_change) 4467 return 0; 4468 4469 return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 4470 ssid, ssid_len, ie, ie_len, 4471 key.p.key, key.p.key_len, key.idx); 4472 } 4473 4474 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 4475 struct genl_info *info, 4476 struct cfg80211_crypto_settings *settings, 4477 int cipher_limit) 4478 { 4479 memset(settings, 0, sizeof(*settings)); 4480 4481 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 4482 4483 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 4484 u16 proto; 4485 proto = nla_get_u16( 4486 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 4487 settings->control_port_ethertype = cpu_to_be16(proto); 4488 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 4489 proto != ETH_P_PAE) 4490 return -EINVAL; 4491 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 4492 settings->control_port_no_encrypt = true; 4493 } else 4494 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 4495 4496 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 4497 void *data; 4498 int len, i; 4499 4500 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 4501 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 4502 settings->n_ciphers_pairwise = len / sizeof(u32); 4503 4504 if (len % sizeof(u32)) 4505 return -EINVAL; 4506 4507 if (settings->n_ciphers_pairwise > cipher_limit) 4508 return -EINVAL; 4509 4510 memcpy(settings->ciphers_pairwise, data, len); 4511 4512 for (i = 0; i < settings->n_ciphers_pairwise; i++) 4513 if (!cfg80211_supported_cipher_suite( 4514 &rdev->wiphy, 4515 settings->ciphers_pairwise[i])) 4516 return -EINVAL; 4517 } 4518 4519 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 4520 settings->cipher_group = 4521 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 4522 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 4523 settings->cipher_group)) 4524 return -EINVAL; 4525 } 4526 4527 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 4528 settings->wpa_versions = 4529 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 4530 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 4531 return -EINVAL; 4532 } 4533 4534 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 4535 void *data; 4536 int len; 4537 4538 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 4539 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 4540 settings->n_akm_suites = len / sizeof(u32); 4541 4542 if (len % sizeof(u32)) 4543 return -EINVAL; 4544 4545 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) 4546 return -EINVAL; 4547 4548 memcpy(settings->akm_suites, data, len); 4549 } 4550 4551 return 0; 4552 } 4553 4554 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 4555 { 4556 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4557 struct net_device *dev = info->user_ptr[1]; 4558 struct cfg80211_crypto_settings crypto; 4559 struct ieee80211_channel *chan; 4560 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 4561 int err, ssid_len, ie_len = 0; 4562 bool use_mfp = false; 4563 u32 flags = 0; 4564 struct ieee80211_ht_cap *ht_capa = NULL; 4565 struct ieee80211_ht_cap *ht_capa_mask = NULL; 4566 4567 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4568 return -EINVAL; 4569 4570 if (!info->attrs[NL80211_ATTR_MAC] || 4571 !info->attrs[NL80211_ATTR_SSID] || 4572 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4573 return -EINVAL; 4574 4575 if (!rdev->ops->assoc) 4576 return -EOPNOTSUPP; 4577 4578 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4579 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4580 return -EOPNOTSUPP; 4581 4582 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4583 4584 chan = ieee80211_get_channel(&rdev->wiphy, 4585 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4586 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 4587 return -EINVAL; 4588 4589 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4590 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4591 4592 if (info->attrs[NL80211_ATTR_IE]) { 4593 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4594 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4595 } 4596 4597 if (info->attrs[NL80211_ATTR_USE_MFP]) { 4598 enum nl80211_mfp mfp = 4599 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 4600 if (mfp == NL80211_MFP_REQUIRED) 4601 use_mfp = true; 4602 else if (mfp != NL80211_MFP_NO) 4603 return -EINVAL; 4604 } 4605 4606 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 4607 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 4608 4609 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 4610 flags |= ASSOC_REQ_DISABLE_HT; 4611 4612 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 4613 ht_capa_mask = 4614 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]); 4615 4616 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 4617 if (!ht_capa_mask) 4618 return -EINVAL; 4619 ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 4620 } 4621 4622 err = nl80211_crypto_settings(rdev, info, &crypto, 1); 4623 if (!err) 4624 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 4625 ssid, ssid_len, ie, ie_len, use_mfp, 4626 &crypto, flags, ht_capa, 4627 ht_capa_mask); 4628 4629 return err; 4630 } 4631 4632 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 4633 { 4634 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4635 struct net_device *dev = info->user_ptr[1]; 4636 const u8 *ie = NULL, *bssid; 4637 int ie_len = 0; 4638 u16 reason_code; 4639 bool local_state_change; 4640 4641 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4642 return -EINVAL; 4643 4644 if (!info->attrs[NL80211_ATTR_MAC]) 4645 return -EINVAL; 4646 4647 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 4648 return -EINVAL; 4649 4650 if (!rdev->ops->deauth) 4651 return -EOPNOTSUPP; 4652 4653 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4654 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4655 return -EOPNOTSUPP; 4656 4657 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4658 4659 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 4660 if (reason_code == 0) { 4661 /* Reason Code 0 is reserved */ 4662 return -EINVAL; 4663 } 4664 4665 if (info->attrs[NL80211_ATTR_IE]) { 4666 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4667 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4668 } 4669 4670 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4671 4672 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 4673 local_state_change); 4674 } 4675 4676 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 4677 { 4678 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4679 struct net_device *dev = info->user_ptr[1]; 4680 const u8 *ie = NULL, *bssid; 4681 int ie_len = 0; 4682 u16 reason_code; 4683 bool local_state_change; 4684 4685 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4686 return -EINVAL; 4687 4688 if (!info->attrs[NL80211_ATTR_MAC]) 4689 return -EINVAL; 4690 4691 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 4692 return -EINVAL; 4693 4694 if (!rdev->ops->disassoc) 4695 return -EOPNOTSUPP; 4696 4697 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4698 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4699 return -EOPNOTSUPP; 4700 4701 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4702 4703 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 4704 if (reason_code == 0) { 4705 /* Reason Code 0 is reserved */ 4706 return -EINVAL; 4707 } 4708 4709 if (info->attrs[NL80211_ATTR_IE]) { 4710 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4711 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4712 } 4713 4714 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4715 4716 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 4717 local_state_change); 4718 } 4719 4720 static bool 4721 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 4722 int mcast_rate[IEEE80211_NUM_BANDS], 4723 int rateval) 4724 { 4725 struct wiphy *wiphy = &rdev->wiphy; 4726 bool found = false; 4727 int band, i; 4728 4729 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4730 struct ieee80211_supported_band *sband; 4731 4732 sband = wiphy->bands[band]; 4733 if (!sband) 4734 continue; 4735 4736 for (i = 0; i < sband->n_bitrates; i++) { 4737 if (sband->bitrates[i].bitrate == rateval) { 4738 mcast_rate[band] = i + 1; 4739 found = true; 4740 break; 4741 } 4742 } 4743 } 4744 4745 return found; 4746 } 4747 4748 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 4749 { 4750 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4751 struct net_device *dev = info->user_ptr[1]; 4752 struct cfg80211_ibss_params ibss; 4753 struct wiphy *wiphy; 4754 struct cfg80211_cached_keys *connkeys = NULL; 4755 int err; 4756 4757 memset(&ibss, 0, sizeof(ibss)); 4758 4759 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4760 return -EINVAL; 4761 4762 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 4763 !info->attrs[NL80211_ATTR_SSID] || 4764 !nla_len(info->attrs[NL80211_ATTR_SSID])) 4765 return -EINVAL; 4766 4767 ibss.beacon_interval = 100; 4768 4769 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 4770 ibss.beacon_interval = 4771 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 4772 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 4773 return -EINVAL; 4774 } 4775 4776 if (!rdev->ops->join_ibss) 4777 return -EOPNOTSUPP; 4778 4779 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 4780 return -EOPNOTSUPP; 4781 4782 wiphy = &rdev->wiphy; 4783 4784 if (info->attrs[NL80211_ATTR_MAC]) { 4785 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4786 4787 if (!is_valid_ether_addr(ibss.bssid)) 4788 return -EINVAL; 4789 } 4790 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4791 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4792 4793 if (info->attrs[NL80211_ATTR_IE]) { 4794 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4795 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4796 } 4797 4798 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4799 enum nl80211_channel_type channel_type; 4800 4801 channel_type = nla_get_u32( 4802 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 4803 if (channel_type != NL80211_CHAN_NO_HT && 4804 channel_type != NL80211_CHAN_HT20 && 4805 channel_type != NL80211_CHAN_HT40MINUS && 4806 channel_type != NL80211_CHAN_HT40PLUS) 4807 return -EINVAL; 4808 4809 if (channel_type != NL80211_CHAN_NO_HT && 4810 !(wiphy->features & NL80211_FEATURE_HT_IBSS)) 4811 return -EINVAL; 4812 4813 ibss.channel_type = channel_type; 4814 } else { 4815 ibss.channel_type = NL80211_CHAN_NO_HT; 4816 } 4817 4818 ibss.channel = rdev_freq_to_chan(rdev, 4819 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]), 4820 ibss.channel_type); 4821 if (!ibss.channel || 4822 ibss.channel->flags & IEEE80211_CHAN_NO_IBSS || 4823 ibss.channel->flags & IEEE80211_CHAN_DISABLED) 4824 return -EINVAL; 4825 4826 /* Both channels should be able to initiate communication */ 4827 if ((ibss.channel_type == NL80211_CHAN_HT40PLUS || 4828 ibss.channel_type == NL80211_CHAN_HT40MINUS) && 4829 !cfg80211_can_beacon_sec_chan(&rdev->wiphy, ibss.channel, 4830 ibss.channel_type)) 4831 return -EINVAL; 4832 4833 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 4834 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 4835 4836 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 4837 u8 *rates = 4838 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4839 int n_rates = 4840 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4841 struct ieee80211_supported_band *sband = 4842 wiphy->bands[ibss.channel->band]; 4843 4844 err = ieee80211_get_ratemask(sband, rates, n_rates, 4845 &ibss.basic_rates); 4846 if (err) 4847 return err; 4848 } 4849 4850 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 4851 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 4852 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 4853 return -EINVAL; 4854 4855 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 4856 connkeys = nl80211_parse_connkeys(rdev, 4857 info->attrs[NL80211_ATTR_KEYS]); 4858 if (IS_ERR(connkeys)) 4859 return PTR_ERR(connkeys); 4860 } 4861 4862 ibss.control_port = 4863 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 4864 4865 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 4866 if (err) 4867 kfree(connkeys); 4868 return err; 4869 } 4870 4871 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 4872 { 4873 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4874 struct net_device *dev = info->user_ptr[1]; 4875 4876 if (!rdev->ops->leave_ibss) 4877 return -EOPNOTSUPP; 4878 4879 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 4880 return -EOPNOTSUPP; 4881 4882 return cfg80211_leave_ibss(rdev, dev, false); 4883 } 4884 4885 #ifdef CONFIG_NL80211_TESTMODE 4886 static struct genl_multicast_group nl80211_testmode_mcgrp = { 4887 .name = "testmode", 4888 }; 4889 4890 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 4891 { 4892 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4893 int err; 4894 4895 if (!info->attrs[NL80211_ATTR_TESTDATA]) 4896 return -EINVAL; 4897 4898 err = -EOPNOTSUPP; 4899 if (rdev->ops->testmode_cmd) { 4900 rdev->testmode_info = info; 4901 err = rdev->ops->testmode_cmd(&rdev->wiphy, 4902 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 4903 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 4904 rdev->testmode_info = NULL; 4905 } 4906 4907 return err; 4908 } 4909 4910 static int nl80211_testmode_dump(struct sk_buff *skb, 4911 struct netlink_callback *cb) 4912 { 4913 struct cfg80211_registered_device *rdev; 4914 int err; 4915 long phy_idx; 4916 void *data = NULL; 4917 int data_len = 0; 4918 4919 if (cb->args[0]) { 4920 /* 4921 * 0 is a valid index, but not valid for args[0], 4922 * so we need to offset by 1. 4923 */ 4924 phy_idx = cb->args[0] - 1; 4925 } else { 4926 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 4927 nl80211_fam.attrbuf, nl80211_fam.maxattr, 4928 nl80211_policy); 4929 if (err) 4930 return err; 4931 if (nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]) { 4932 phy_idx = nla_get_u32( 4933 nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]); 4934 } else { 4935 struct net_device *netdev; 4936 4937 err = get_rdev_dev_by_ifindex(sock_net(skb->sk), 4938 nl80211_fam.attrbuf, 4939 &rdev, &netdev); 4940 if (err) 4941 return err; 4942 dev_put(netdev); 4943 phy_idx = rdev->wiphy_idx; 4944 cfg80211_unlock_rdev(rdev); 4945 } 4946 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]) 4947 cb->args[1] = 4948 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]; 4949 } 4950 4951 if (cb->args[1]) { 4952 data = nla_data((void *)cb->args[1]); 4953 data_len = nla_len((void *)cb->args[1]); 4954 } 4955 4956 mutex_lock(&cfg80211_mutex); 4957 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 4958 if (!rdev) { 4959 mutex_unlock(&cfg80211_mutex); 4960 return -ENOENT; 4961 } 4962 cfg80211_lock_rdev(rdev); 4963 mutex_unlock(&cfg80211_mutex); 4964 4965 if (!rdev->ops->testmode_dump) { 4966 err = -EOPNOTSUPP; 4967 goto out_err; 4968 } 4969 4970 while (1) { 4971 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid, 4972 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4973 NL80211_CMD_TESTMODE); 4974 struct nlattr *tmdata; 4975 4976 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx) < 0) { 4977 genlmsg_cancel(skb, hdr); 4978 break; 4979 } 4980 4981 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 4982 if (!tmdata) { 4983 genlmsg_cancel(skb, hdr); 4984 break; 4985 } 4986 err = rdev->ops->testmode_dump(&rdev->wiphy, skb, cb, 4987 data, data_len); 4988 nla_nest_end(skb, tmdata); 4989 4990 if (err == -ENOBUFS || err == -ENOENT) { 4991 genlmsg_cancel(skb, hdr); 4992 break; 4993 } else if (err) { 4994 genlmsg_cancel(skb, hdr); 4995 goto out_err; 4996 } 4997 4998 genlmsg_end(skb, hdr); 4999 } 5000 5001 err = skb->len; 5002 /* see above */ 5003 cb->args[0] = phy_idx + 1; 5004 out_err: 5005 cfg80211_unlock_rdev(rdev); 5006 return err; 5007 } 5008 5009 static struct sk_buff * 5010 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 5011 int approxlen, u32 pid, u32 seq, gfp_t gfp) 5012 { 5013 struct sk_buff *skb; 5014 void *hdr; 5015 struct nlattr *data; 5016 5017 skb = nlmsg_new(approxlen + 100, gfp); 5018 if (!skb) 5019 return NULL; 5020 5021 hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE); 5022 if (!hdr) { 5023 kfree_skb(skb); 5024 return NULL; 5025 } 5026 5027 NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5028 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 5029 5030 ((void **)skb->cb)[0] = rdev; 5031 ((void **)skb->cb)[1] = hdr; 5032 ((void **)skb->cb)[2] = data; 5033 5034 return skb; 5035 5036 nla_put_failure: 5037 kfree_skb(skb); 5038 return NULL; 5039 } 5040 5041 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 5042 int approxlen) 5043 { 5044 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5045 5046 if (WARN_ON(!rdev->testmode_info)) 5047 return NULL; 5048 5049 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 5050 rdev->testmode_info->snd_pid, 5051 rdev->testmode_info->snd_seq, 5052 GFP_KERNEL); 5053 } 5054 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 5055 5056 int cfg80211_testmode_reply(struct sk_buff *skb) 5057 { 5058 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 5059 void *hdr = ((void **)skb->cb)[1]; 5060 struct nlattr *data = ((void **)skb->cb)[2]; 5061 5062 if (WARN_ON(!rdev->testmode_info)) { 5063 kfree_skb(skb); 5064 return -EINVAL; 5065 } 5066 5067 nla_nest_end(skb, data); 5068 genlmsg_end(skb, hdr); 5069 return genlmsg_reply(skb, rdev->testmode_info); 5070 } 5071 EXPORT_SYMBOL(cfg80211_testmode_reply); 5072 5073 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 5074 int approxlen, gfp_t gfp) 5075 { 5076 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5077 5078 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 5079 } 5080 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 5081 5082 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 5083 { 5084 void *hdr = ((void **)skb->cb)[1]; 5085 struct nlattr *data = ((void **)skb->cb)[2]; 5086 5087 nla_nest_end(skb, data); 5088 genlmsg_end(skb, hdr); 5089 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 5090 } 5091 EXPORT_SYMBOL(cfg80211_testmode_event); 5092 #endif 5093 5094 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 5095 { 5096 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5097 struct net_device *dev = info->user_ptr[1]; 5098 struct cfg80211_connect_params connect; 5099 struct wiphy *wiphy; 5100 struct cfg80211_cached_keys *connkeys = NULL; 5101 int err; 5102 5103 memset(&connect, 0, sizeof(connect)); 5104 5105 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5106 return -EINVAL; 5107 5108 if (!info->attrs[NL80211_ATTR_SSID] || 5109 !nla_len(info->attrs[NL80211_ATTR_SSID])) 5110 return -EINVAL; 5111 5112 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 5113 connect.auth_type = 5114 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 5115 if (!nl80211_valid_auth_type(connect.auth_type)) 5116 return -EINVAL; 5117 } else 5118 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 5119 5120 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 5121 5122 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 5123 NL80211_MAX_NR_CIPHER_SUITES); 5124 if (err) 5125 return err; 5126 5127 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5128 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5129 return -EOPNOTSUPP; 5130 5131 wiphy = &rdev->wiphy; 5132 5133 connect.bg_scan_period = -1; 5134 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 5135 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 5136 connect.bg_scan_period = 5137 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 5138 } 5139 5140 if (info->attrs[NL80211_ATTR_MAC]) 5141 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5142 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5143 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5144 5145 if (info->attrs[NL80211_ATTR_IE]) { 5146 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5147 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5148 } 5149 5150 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 5151 connect.channel = 5152 ieee80211_get_channel(wiphy, 5153 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5154 if (!connect.channel || 5155 connect.channel->flags & IEEE80211_CHAN_DISABLED) 5156 return -EINVAL; 5157 } 5158 5159 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 5160 connkeys = nl80211_parse_connkeys(rdev, 5161 info->attrs[NL80211_ATTR_KEYS]); 5162 if (IS_ERR(connkeys)) 5163 return PTR_ERR(connkeys); 5164 } 5165 5166 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 5167 connect.flags |= ASSOC_REQ_DISABLE_HT; 5168 5169 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5170 memcpy(&connect.ht_capa_mask, 5171 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 5172 sizeof(connect.ht_capa_mask)); 5173 5174 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 5175 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5176 return -EINVAL; 5177 memcpy(&connect.ht_capa, 5178 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 5179 sizeof(connect.ht_capa)); 5180 } 5181 5182 err = cfg80211_connect(rdev, dev, &connect, connkeys); 5183 if (err) 5184 kfree(connkeys); 5185 return err; 5186 } 5187 5188 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 5189 { 5190 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5191 struct net_device *dev = info->user_ptr[1]; 5192 u16 reason; 5193 5194 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5195 reason = WLAN_REASON_DEAUTH_LEAVING; 5196 else 5197 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5198 5199 if (reason == 0) 5200 return -EINVAL; 5201 5202 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5203 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5204 return -EOPNOTSUPP; 5205 5206 return cfg80211_disconnect(rdev, dev, reason, true); 5207 } 5208 5209 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 5210 { 5211 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5212 struct net *net; 5213 int err; 5214 u32 pid; 5215 5216 if (!info->attrs[NL80211_ATTR_PID]) 5217 return -EINVAL; 5218 5219 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 5220 5221 net = get_net_ns_by_pid(pid); 5222 if (IS_ERR(net)) 5223 return PTR_ERR(net); 5224 5225 err = 0; 5226 5227 /* check if anything to do */ 5228 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 5229 err = cfg80211_switch_netns(rdev, net); 5230 5231 put_net(net); 5232 return err; 5233 } 5234 5235 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 5236 { 5237 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5238 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 5239 struct cfg80211_pmksa *pmksa) = NULL; 5240 struct net_device *dev = info->user_ptr[1]; 5241 struct cfg80211_pmksa pmksa; 5242 5243 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 5244 5245 if (!info->attrs[NL80211_ATTR_MAC]) 5246 return -EINVAL; 5247 5248 if (!info->attrs[NL80211_ATTR_PMKID]) 5249 return -EINVAL; 5250 5251 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 5252 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5253 5254 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5255 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5256 return -EOPNOTSUPP; 5257 5258 switch (info->genlhdr->cmd) { 5259 case NL80211_CMD_SET_PMKSA: 5260 rdev_ops = rdev->ops->set_pmksa; 5261 break; 5262 case NL80211_CMD_DEL_PMKSA: 5263 rdev_ops = rdev->ops->del_pmksa; 5264 break; 5265 default: 5266 WARN_ON(1); 5267 break; 5268 } 5269 5270 if (!rdev_ops) 5271 return -EOPNOTSUPP; 5272 5273 return rdev_ops(&rdev->wiphy, dev, &pmksa); 5274 } 5275 5276 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 5277 { 5278 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5279 struct net_device *dev = info->user_ptr[1]; 5280 5281 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5282 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5283 return -EOPNOTSUPP; 5284 5285 if (!rdev->ops->flush_pmksa) 5286 return -EOPNOTSUPP; 5287 5288 return rdev->ops->flush_pmksa(&rdev->wiphy, dev); 5289 } 5290 5291 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 5292 { 5293 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5294 struct net_device *dev = info->user_ptr[1]; 5295 u8 action_code, dialog_token; 5296 u16 status_code; 5297 u8 *peer; 5298 5299 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 5300 !rdev->ops->tdls_mgmt) 5301 return -EOPNOTSUPP; 5302 5303 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 5304 !info->attrs[NL80211_ATTR_STATUS_CODE] || 5305 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 5306 !info->attrs[NL80211_ATTR_IE] || 5307 !info->attrs[NL80211_ATTR_MAC]) 5308 return -EINVAL; 5309 5310 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 5311 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 5312 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 5313 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 5314 5315 return rdev->ops->tdls_mgmt(&rdev->wiphy, dev, peer, action_code, 5316 dialog_token, status_code, 5317 nla_data(info->attrs[NL80211_ATTR_IE]), 5318 nla_len(info->attrs[NL80211_ATTR_IE])); 5319 } 5320 5321 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 5322 { 5323 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5324 struct net_device *dev = info->user_ptr[1]; 5325 enum nl80211_tdls_operation operation; 5326 u8 *peer; 5327 5328 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 5329 !rdev->ops->tdls_oper) 5330 return -EOPNOTSUPP; 5331 5332 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 5333 !info->attrs[NL80211_ATTR_MAC]) 5334 return -EINVAL; 5335 5336 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 5337 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 5338 5339 return rdev->ops->tdls_oper(&rdev->wiphy, dev, peer, operation); 5340 } 5341 5342 static int nl80211_remain_on_channel(struct sk_buff *skb, 5343 struct genl_info *info) 5344 { 5345 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5346 struct net_device *dev = info->user_ptr[1]; 5347 struct ieee80211_channel *chan; 5348 struct sk_buff *msg; 5349 void *hdr; 5350 u64 cookie; 5351 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 5352 u32 freq, duration; 5353 int err; 5354 5355 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 5356 !info->attrs[NL80211_ATTR_DURATION]) 5357 return -EINVAL; 5358 5359 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 5360 5361 /* 5362 * We should be on that channel for at least one jiffie, 5363 * and more than 5 seconds seems excessive. 5364 */ 5365 if (!duration || !msecs_to_jiffies(duration) || 5366 duration > rdev->wiphy.max_remain_on_channel_duration) 5367 return -EINVAL; 5368 5369 if (!rdev->ops->remain_on_channel || 5370 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 5371 return -EOPNOTSUPP; 5372 5373 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 5374 channel_type = nla_get_u32( 5375 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 5376 if (channel_type != NL80211_CHAN_NO_HT && 5377 channel_type != NL80211_CHAN_HT20 && 5378 channel_type != NL80211_CHAN_HT40PLUS && 5379 channel_type != NL80211_CHAN_HT40MINUS) 5380 return -EINVAL; 5381 } 5382 5383 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 5384 chan = rdev_freq_to_chan(rdev, freq, channel_type); 5385 if (chan == NULL) 5386 return -EINVAL; 5387 5388 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5389 if (!msg) 5390 return -ENOMEM; 5391 5392 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5393 NL80211_CMD_REMAIN_ON_CHANNEL); 5394 5395 if (IS_ERR(hdr)) { 5396 err = PTR_ERR(hdr); 5397 goto free_msg; 5398 } 5399 5400 err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan, 5401 channel_type, duration, &cookie); 5402 5403 if (err) 5404 goto free_msg; 5405 5406 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 5407 5408 genlmsg_end(msg, hdr); 5409 5410 return genlmsg_reply(msg, info); 5411 5412 nla_put_failure: 5413 err = -ENOBUFS; 5414 free_msg: 5415 nlmsg_free(msg); 5416 return err; 5417 } 5418 5419 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 5420 struct genl_info *info) 5421 { 5422 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5423 struct net_device *dev = info->user_ptr[1]; 5424 u64 cookie; 5425 5426 if (!info->attrs[NL80211_ATTR_COOKIE]) 5427 return -EINVAL; 5428 5429 if (!rdev->ops->cancel_remain_on_channel) 5430 return -EOPNOTSUPP; 5431 5432 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 5433 5434 return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie); 5435 } 5436 5437 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 5438 u8 *rates, u8 rates_len) 5439 { 5440 u8 i; 5441 u32 mask = 0; 5442 5443 for (i = 0; i < rates_len; i++) { 5444 int rate = (rates[i] & 0x7f) * 5; 5445 int ridx; 5446 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 5447 struct ieee80211_rate *srate = 5448 &sband->bitrates[ridx]; 5449 if (rate == srate->bitrate) { 5450 mask |= 1 << ridx; 5451 break; 5452 } 5453 } 5454 if (ridx == sband->n_bitrates) 5455 return 0; /* rate not found */ 5456 } 5457 5458 return mask; 5459 } 5460 5461 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 5462 u8 *rates, u8 rates_len, 5463 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 5464 { 5465 u8 i; 5466 5467 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 5468 5469 for (i = 0; i < rates_len; i++) { 5470 int ridx, rbit; 5471 5472 ridx = rates[i] / 8; 5473 rbit = BIT(rates[i] % 8); 5474 5475 /* check validity */ 5476 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 5477 return false; 5478 5479 /* check availability */ 5480 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 5481 mcs[ridx] |= rbit; 5482 else 5483 return false; 5484 } 5485 5486 return true; 5487 } 5488 5489 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 5490 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 5491 .len = NL80211_MAX_SUPP_RATES }, 5492 [NL80211_TXRATE_MCS] = { .type = NLA_BINARY, 5493 .len = NL80211_MAX_SUPP_HT_RATES }, 5494 }; 5495 5496 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 5497 struct genl_info *info) 5498 { 5499 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 5500 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5501 struct cfg80211_bitrate_mask mask; 5502 int rem, i; 5503 struct net_device *dev = info->user_ptr[1]; 5504 struct nlattr *tx_rates; 5505 struct ieee80211_supported_band *sband; 5506 5507 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 5508 return -EINVAL; 5509 5510 if (!rdev->ops->set_bitrate_mask) 5511 return -EOPNOTSUPP; 5512 5513 memset(&mask, 0, sizeof(mask)); 5514 /* Default to all rates enabled */ 5515 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 5516 sband = rdev->wiphy.bands[i]; 5517 mask.control[i].legacy = 5518 sband ? (1 << sband->n_bitrates) - 1 : 0; 5519 if (sband) 5520 memcpy(mask.control[i].mcs, 5521 sband->ht_cap.mcs.rx_mask, 5522 sizeof(mask.control[i].mcs)); 5523 else 5524 memset(mask.control[i].mcs, 0, 5525 sizeof(mask.control[i].mcs)); 5526 } 5527 5528 /* 5529 * The nested attribute uses enum nl80211_band as the index. This maps 5530 * directly to the enum ieee80211_band values used in cfg80211. 5531 */ 5532 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 5533 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 5534 { 5535 enum ieee80211_band band = nla_type(tx_rates); 5536 if (band < 0 || band >= IEEE80211_NUM_BANDS) 5537 return -EINVAL; 5538 sband = rdev->wiphy.bands[band]; 5539 if (sband == NULL) 5540 return -EINVAL; 5541 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 5542 nla_len(tx_rates), nl80211_txattr_policy); 5543 if (tb[NL80211_TXRATE_LEGACY]) { 5544 mask.control[band].legacy = rateset_to_mask( 5545 sband, 5546 nla_data(tb[NL80211_TXRATE_LEGACY]), 5547 nla_len(tb[NL80211_TXRATE_LEGACY])); 5548 } 5549 if (tb[NL80211_TXRATE_MCS]) { 5550 if (!ht_rateset_to_mask( 5551 sband, 5552 nla_data(tb[NL80211_TXRATE_MCS]), 5553 nla_len(tb[NL80211_TXRATE_MCS]), 5554 mask.control[band].mcs)) 5555 return -EINVAL; 5556 } 5557 5558 if (mask.control[band].legacy == 0) { 5559 /* don't allow empty legacy rates if HT 5560 * is not even supported. */ 5561 if (!rdev->wiphy.bands[band]->ht_cap.ht_supported) 5562 return -EINVAL; 5563 5564 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 5565 if (mask.control[band].mcs[i]) 5566 break; 5567 5568 /* legacy and mcs rates may not be both empty */ 5569 if (i == IEEE80211_HT_MCS_MASK_LEN) 5570 return -EINVAL; 5571 } 5572 } 5573 5574 return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask); 5575 } 5576 5577 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 5578 { 5579 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5580 struct net_device *dev = info->user_ptr[1]; 5581 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 5582 5583 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 5584 return -EINVAL; 5585 5586 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 5587 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 5588 5589 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5590 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5591 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 5592 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5593 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5594 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 5595 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5596 return -EOPNOTSUPP; 5597 5598 /* not much point in registering if we can't reply */ 5599 if (!rdev->ops->mgmt_tx) 5600 return -EOPNOTSUPP; 5601 5602 return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid, 5603 frame_type, 5604 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 5605 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 5606 } 5607 5608 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 5609 { 5610 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5611 struct net_device *dev = info->user_ptr[1]; 5612 struct ieee80211_channel *chan; 5613 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 5614 bool channel_type_valid = false; 5615 u32 freq; 5616 int err; 5617 void *hdr = NULL; 5618 u64 cookie; 5619 struct sk_buff *msg = NULL; 5620 unsigned int wait = 0; 5621 bool offchan, no_cck, dont_wait_for_ack; 5622 5623 dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK]; 5624 5625 if (!info->attrs[NL80211_ATTR_FRAME] || 5626 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5627 return -EINVAL; 5628 5629 if (!rdev->ops->mgmt_tx) 5630 return -EOPNOTSUPP; 5631 5632 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5633 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5634 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 5635 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5636 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5637 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 5638 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5639 return -EOPNOTSUPP; 5640 5641 if (info->attrs[NL80211_ATTR_DURATION]) { 5642 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 5643 return -EINVAL; 5644 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 5645 } 5646 5647 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 5648 channel_type = nla_get_u32( 5649 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 5650 if (channel_type != NL80211_CHAN_NO_HT && 5651 channel_type != NL80211_CHAN_HT20 && 5652 channel_type != NL80211_CHAN_HT40PLUS && 5653 channel_type != NL80211_CHAN_HT40MINUS) 5654 return -EINVAL; 5655 channel_type_valid = true; 5656 } 5657 5658 offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 5659 5660 if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 5661 return -EINVAL; 5662 5663 no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 5664 5665 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 5666 chan = rdev_freq_to_chan(rdev, freq, channel_type); 5667 if (chan == NULL) 5668 return -EINVAL; 5669 5670 if (!dont_wait_for_ack) { 5671 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5672 if (!msg) 5673 return -ENOMEM; 5674 5675 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5676 NL80211_CMD_FRAME); 5677 5678 if (IS_ERR(hdr)) { 5679 err = PTR_ERR(hdr); 5680 goto free_msg; 5681 } 5682 } 5683 5684 err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type, 5685 channel_type_valid, wait, 5686 nla_data(info->attrs[NL80211_ATTR_FRAME]), 5687 nla_len(info->attrs[NL80211_ATTR_FRAME]), 5688 no_cck, dont_wait_for_ack, &cookie); 5689 if (err) 5690 goto free_msg; 5691 5692 if (msg) { 5693 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 5694 5695 genlmsg_end(msg, hdr); 5696 return genlmsg_reply(msg, info); 5697 } 5698 5699 return 0; 5700 5701 nla_put_failure: 5702 err = -ENOBUFS; 5703 free_msg: 5704 nlmsg_free(msg); 5705 return err; 5706 } 5707 5708 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 5709 { 5710 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5711 struct net_device *dev = info->user_ptr[1]; 5712 u64 cookie; 5713 5714 if (!info->attrs[NL80211_ATTR_COOKIE]) 5715 return -EINVAL; 5716 5717 if (!rdev->ops->mgmt_tx_cancel_wait) 5718 return -EOPNOTSUPP; 5719 5720 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5721 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5722 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 5723 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5724 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5725 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5726 return -EOPNOTSUPP; 5727 5728 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 5729 5730 return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie); 5731 } 5732 5733 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 5734 { 5735 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5736 struct wireless_dev *wdev; 5737 struct net_device *dev = info->user_ptr[1]; 5738 u8 ps_state; 5739 bool state; 5740 int err; 5741 5742 if (!info->attrs[NL80211_ATTR_PS_STATE]) 5743 return -EINVAL; 5744 5745 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 5746 5747 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) 5748 return -EINVAL; 5749 5750 wdev = dev->ieee80211_ptr; 5751 5752 if (!rdev->ops->set_power_mgmt) 5753 return -EOPNOTSUPP; 5754 5755 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 5756 5757 if (state == wdev->ps) 5758 return 0; 5759 5760 err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state, 5761 wdev->ps_timeout); 5762 if (!err) 5763 wdev->ps = state; 5764 return err; 5765 } 5766 5767 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 5768 { 5769 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5770 enum nl80211_ps_state ps_state; 5771 struct wireless_dev *wdev; 5772 struct net_device *dev = info->user_ptr[1]; 5773 struct sk_buff *msg; 5774 void *hdr; 5775 int err; 5776 5777 wdev = dev->ieee80211_ptr; 5778 5779 if (!rdev->ops->set_power_mgmt) 5780 return -EOPNOTSUPP; 5781 5782 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5783 if (!msg) 5784 return -ENOMEM; 5785 5786 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5787 NL80211_CMD_GET_POWER_SAVE); 5788 if (!hdr) { 5789 err = -ENOBUFS; 5790 goto free_msg; 5791 } 5792 5793 if (wdev->ps) 5794 ps_state = NL80211_PS_ENABLED; 5795 else 5796 ps_state = NL80211_PS_DISABLED; 5797 5798 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state); 5799 5800 genlmsg_end(msg, hdr); 5801 return genlmsg_reply(msg, info); 5802 5803 nla_put_failure: 5804 err = -ENOBUFS; 5805 free_msg: 5806 nlmsg_free(msg); 5807 return err; 5808 } 5809 5810 static struct nla_policy 5811 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 5812 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 5813 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 5814 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 5815 }; 5816 5817 static int nl80211_set_cqm_rssi(struct genl_info *info, 5818 s32 threshold, u32 hysteresis) 5819 { 5820 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5821 struct wireless_dev *wdev; 5822 struct net_device *dev = info->user_ptr[1]; 5823 5824 if (threshold > 0) 5825 return -EINVAL; 5826 5827 wdev = dev->ieee80211_ptr; 5828 5829 if (!rdev->ops->set_cqm_rssi_config) 5830 return -EOPNOTSUPP; 5831 5832 if (wdev->iftype != NL80211_IFTYPE_STATION && 5833 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 5834 return -EOPNOTSUPP; 5835 5836 return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev, 5837 threshold, hysteresis); 5838 } 5839 5840 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 5841 { 5842 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 5843 struct nlattr *cqm; 5844 int err; 5845 5846 cqm = info->attrs[NL80211_ATTR_CQM]; 5847 if (!cqm) { 5848 err = -EINVAL; 5849 goto out; 5850 } 5851 5852 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 5853 nl80211_attr_cqm_policy); 5854 if (err) 5855 goto out; 5856 5857 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 5858 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 5859 s32 threshold; 5860 u32 hysteresis; 5861 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 5862 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 5863 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 5864 } else 5865 err = -EINVAL; 5866 5867 out: 5868 return err; 5869 } 5870 5871 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 5872 { 5873 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5874 struct net_device *dev = info->user_ptr[1]; 5875 struct mesh_config cfg; 5876 struct mesh_setup setup; 5877 int err; 5878 5879 /* start with default */ 5880 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 5881 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 5882 5883 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 5884 /* and parse parameters if given */ 5885 err = nl80211_parse_mesh_config(info, &cfg, NULL); 5886 if (err) 5887 return err; 5888 } 5889 5890 if (!info->attrs[NL80211_ATTR_MESH_ID] || 5891 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 5892 return -EINVAL; 5893 5894 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 5895 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 5896 5897 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 5898 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 5899 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 5900 return -EINVAL; 5901 5902 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 5903 /* parse additional setup parameters if given */ 5904 err = nl80211_parse_mesh_setup(info, &setup); 5905 if (err) 5906 return err; 5907 } 5908 5909 return cfg80211_join_mesh(rdev, dev, &setup, &cfg); 5910 } 5911 5912 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 5913 { 5914 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5915 struct net_device *dev = info->user_ptr[1]; 5916 5917 return cfg80211_leave_mesh(rdev, dev); 5918 } 5919 5920 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 5921 { 5922 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5923 struct sk_buff *msg; 5924 void *hdr; 5925 5926 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 5927 return -EOPNOTSUPP; 5928 5929 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5930 if (!msg) 5931 return -ENOMEM; 5932 5933 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5934 NL80211_CMD_GET_WOWLAN); 5935 if (!hdr) 5936 goto nla_put_failure; 5937 5938 if (rdev->wowlan) { 5939 struct nlattr *nl_wowlan; 5940 5941 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 5942 if (!nl_wowlan) 5943 goto nla_put_failure; 5944 5945 if (rdev->wowlan->any) 5946 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY); 5947 if (rdev->wowlan->disconnect) 5948 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT); 5949 if (rdev->wowlan->magic_pkt) 5950 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT); 5951 if (rdev->wowlan->gtk_rekey_failure) 5952 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE); 5953 if (rdev->wowlan->eap_identity_req) 5954 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST); 5955 if (rdev->wowlan->four_way_handshake) 5956 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE); 5957 if (rdev->wowlan->rfkill_release) 5958 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE); 5959 if (rdev->wowlan->n_patterns) { 5960 struct nlattr *nl_pats, *nl_pat; 5961 int i, pat_len; 5962 5963 nl_pats = nla_nest_start(msg, 5964 NL80211_WOWLAN_TRIG_PKT_PATTERN); 5965 if (!nl_pats) 5966 goto nla_put_failure; 5967 5968 for (i = 0; i < rdev->wowlan->n_patterns; i++) { 5969 nl_pat = nla_nest_start(msg, i + 1); 5970 if (!nl_pat) 5971 goto nla_put_failure; 5972 pat_len = rdev->wowlan->patterns[i].pattern_len; 5973 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_MASK, 5974 DIV_ROUND_UP(pat_len, 8), 5975 rdev->wowlan->patterns[i].mask); 5976 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_PATTERN, 5977 pat_len, 5978 rdev->wowlan->patterns[i].pattern); 5979 nla_nest_end(msg, nl_pat); 5980 } 5981 nla_nest_end(msg, nl_pats); 5982 } 5983 5984 nla_nest_end(msg, nl_wowlan); 5985 } 5986 5987 genlmsg_end(msg, hdr); 5988 return genlmsg_reply(msg, info); 5989 5990 nla_put_failure: 5991 nlmsg_free(msg); 5992 return -ENOBUFS; 5993 } 5994 5995 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 5996 { 5997 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5998 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 5999 struct cfg80211_wowlan no_triggers = {}; 6000 struct cfg80211_wowlan new_triggers = {}; 6001 struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan; 6002 int err, i; 6003 6004 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 6005 return -EOPNOTSUPP; 6006 6007 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) 6008 goto no_triggers; 6009 6010 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG, 6011 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6012 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6013 nl80211_wowlan_policy); 6014 if (err) 6015 return err; 6016 6017 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 6018 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 6019 return -EINVAL; 6020 new_triggers.any = true; 6021 } 6022 6023 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 6024 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 6025 return -EINVAL; 6026 new_triggers.disconnect = true; 6027 } 6028 6029 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 6030 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 6031 return -EINVAL; 6032 new_triggers.magic_pkt = true; 6033 } 6034 6035 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 6036 return -EINVAL; 6037 6038 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 6039 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 6040 return -EINVAL; 6041 new_triggers.gtk_rekey_failure = true; 6042 } 6043 6044 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 6045 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 6046 return -EINVAL; 6047 new_triggers.eap_identity_req = true; 6048 } 6049 6050 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 6051 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 6052 return -EINVAL; 6053 new_triggers.four_way_handshake = true; 6054 } 6055 6056 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 6057 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 6058 return -EINVAL; 6059 new_triggers.rfkill_release = true; 6060 } 6061 6062 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 6063 struct nlattr *pat; 6064 int n_patterns = 0; 6065 int rem, pat_len, mask_len; 6066 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT]; 6067 6068 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6069 rem) 6070 n_patterns++; 6071 if (n_patterns > wowlan->n_patterns) 6072 return -EINVAL; 6073 6074 new_triggers.patterns = kcalloc(n_patterns, 6075 sizeof(new_triggers.patterns[0]), 6076 GFP_KERNEL); 6077 if (!new_triggers.patterns) 6078 return -ENOMEM; 6079 6080 new_triggers.n_patterns = n_patterns; 6081 i = 0; 6082 6083 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6084 rem) { 6085 nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT, 6086 nla_data(pat), nla_len(pat), NULL); 6087 err = -EINVAL; 6088 if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] || 6089 !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]) 6090 goto error; 6091 pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]); 6092 mask_len = DIV_ROUND_UP(pat_len, 8); 6093 if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) != 6094 mask_len) 6095 goto error; 6096 if (pat_len > wowlan->pattern_max_len || 6097 pat_len < wowlan->pattern_min_len) 6098 goto error; 6099 6100 new_triggers.patterns[i].mask = 6101 kmalloc(mask_len + pat_len, GFP_KERNEL); 6102 if (!new_triggers.patterns[i].mask) { 6103 err = -ENOMEM; 6104 goto error; 6105 } 6106 new_triggers.patterns[i].pattern = 6107 new_triggers.patterns[i].mask + mask_len; 6108 memcpy(new_triggers.patterns[i].mask, 6109 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]), 6110 mask_len); 6111 new_triggers.patterns[i].pattern_len = pat_len; 6112 memcpy(new_triggers.patterns[i].pattern, 6113 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]), 6114 pat_len); 6115 i++; 6116 } 6117 } 6118 6119 if (memcmp(&new_triggers, &no_triggers, sizeof(new_triggers))) { 6120 struct cfg80211_wowlan *ntrig; 6121 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), 6122 GFP_KERNEL); 6123 if (!ntrig) { 6124 err = -ENOMEM; 6125 goto error; 6126 } 6127 cfg80211_rdev_free_wowlan(rdev); 6128 rdev->wowlan = ntrig; 6129 } else { 6130 no_triggers: 6131 cfg80211_rdev_free_wowlan(rdev); 6132 rdev->wowlan = NULL; 6133 } 6134 6135 return 0; 6136 error: 6137 for (i = 0; i < new_triggers.n_patterns; i++) 6138 kfree(new_triggers.patterns[i].mask); 6139 kfree(new_triggers.patterns); 6140 return err; 6141 } 6142 6143 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 6144 { 6145 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6146 struct net_device *dev = info->user_ptr[1]; 6147 struct wireless_dev *wdev = dev->ieee80211_ptr; 6148 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 6149 struct cfg80211_gtk_rekey_data rekey_data; 6150 int err; 6151 6152 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 6153 return -EINVAL; 6154 6155 err = nla_parse(tb, MAX_NL80211_REKEY_DATA, 6156 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]), 6157 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]), 6158 nl80211_rekey_policy); 6159 if (err) 6160 return err; 6161 6162 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) 6163 return -ERANGE; 6164 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) 6165 return -ERANGE; 6166 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN) 6167 return -ERANGE; 6168 6169 memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]), 6170 NL80211_KEK_LEN); 6171 memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]), 6172 NL80211_KCK_LEN); 6173 memcpy(rekey_data.replay_ctr, 6174 nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]), 6175 NL80211_REPLAY_CTR_LEN); 6176 6177 wdev_lock(wdev); 6178 if (!wdev->current_bss) { 6179 err = -ENOTCONN; 6180 goto out; 6181 } 6182 6183 if (!rdev->ops->set_rekey_data) { 6184 err = -EOPNOTSUPP; 6185 goto out; 6186 } 6187 6188 err = rdev->ops->set_rekey_data(&rdev->wiphy, dev, &rekey_data); 6189 out: 6190 wdev_unlock(wdev); 6191 return err; 6192 } 6193 6194 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 6195 struct genl_info *info) 6196 { 6197 struct net_device *dev = info->user_ptr[1]; 6198 struct wireless_dev *wdev = dev->ieee80211_ptr; 6199 6200 if (wdev->iftype != NL80211_IFTYPE_AP && 6201 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6202 return -EINVAL; 6203 6204 if (wdev->ap_unexpected_nlpid) 6205 return -EBUSY; 6206 6207 wdev->ap_unexpected_nlpid = info->snd_pid; 6208 return 0; 6209 } 6210 6211 static int nl80211_probe_client(struct sk_buff *skb, 6212 struct genl_info *info) 6213 { 6214 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6215 struct net_device *dev = info->user_ptr[1]; 6216 struct wireless_dev *wdev = dev->ieee80211_ptr; 6217 struct sk_buff *msg; 6218 void *hdr; 6219 const u8 *addr; 6220 u64 cookie; 6221 int err; 6222 6223 if (wdev->iftype != NL80211_IFTYPE_AP && 6224 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6225 return -EOPNOTSUPP; 6226 6227 if (!info->attrs[NL80211_ATTR_MAC]) 6228 return -EINVAL; 6229 6230 if (!rdev->ops->probe_client) 6231 return -EOPNOTSUPP; 6232 6233 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6234 if (!msg) 6235 return -ENOMEM; 6236 6237 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 6238 NL80211_CMD_PROBE_CLIENT); 6239 6240 if (IS_ERR(hdr)) { 6241 err = PTR_ERR(hdr); 6242 goto free_msg; 6243 } 6244 6245 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 6246 6247 err = rdev->ops->probe_client(&rdev->wiphy, dev, addr, &cookie); 6248 if (err) 6249 goto free_msg; 6250 6251 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 6252 6253 genlmsg_end(msg, hdr); 6254 6255 return genlmsg_reply(msg, info); 6256 6257 nla_put_failure: 6258 err = -ENOBUFS; 6259 free_msg: 6260 nlmsg_free(msg); 6261 return err; 6262 } 6263 6264 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 6265 { 6266 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6267 6268 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 6269 return -EOPNOTSUPP; 6270 6271 if (rdev->ap_beacons_nlpid) 6272 return -EBUSY; 6273 6274 rdev->ap_beacons_nlpid = info->snd_pid; 6275 6276 return 0; 6277 } 6278 6279 #define NL80211_FLAG_NEED_WIPHY 0x01 6280 #define NL80211_FLAG_NEED_NETDEV 0x02 6281 #define NL80211_FLAG_NEED_RTNL 0x04 6282 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 6283 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 6284 NL80211_FLAG_CHECK_NETDEV_UP) 6285 6286 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 6287 struct genl_info *info) 6288 { 6289 struct cfg80211_registered_device *rdev; 6290 struct net_device *dev; 6291 int err; 6292 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL; 6293 6294 if (rtnl) 6295 rtnl_lock(); 6296 6297 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) { 6298 rdev = cfg80211_get_dev_from_info(info); 6299 if (IS_ERR(rdev)) { 6300 if (rtnl) 6301 rtnl_unlock(); 6302 return PTR_ERR(rdev); 6303 } 6304 info->user_ptr[0] = rdev; 6305 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) { 6306 err = get_rdev_dev_by_ifindex(genl_info_net(info), info->attrs, 6307 &rdev, &dev); 6308 if (err) { 6309 if (rtnl) 6310 rtnl_unlock(); 6311 return err; 6312 } 6313 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 6314 !netif_running(dev)) { 6315 cfg80211_unlock_rdev(rdev); 6316 dev_put(dev); 6317 if (rtnl) 6318 rtnl_unlock(); 6319 return -ENETDOWN; 6320 } 6321 info->user_ptr[0] = rdev; 6322 info->user_ptr[1] = dev; 6323 } 6324 6325 return 0; 6326 } 6327 6328 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 6329 struct genl_info *info) 6330 { 6331 if (info->user_ptr[0]) 6332 cfg80211_unlock_rdev(info->user_ptr[0]); 6333 if (info->user_ptr[1]) 6334 dev_put(info->user_ptr[1]); 6335 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) 6336 rtnl_unlock(); 6337 } 6338 6339 static struct genl_ops nl80211_ops[] = { 6340 { 6341 .cmd = NL80211_CMD_GET_WIPHY, 6342 .doit = nl80211_get_wiphy, 6343 .dumpit = nl80211_dump_wiphy, 6344 .policy = nl80211_policy, 6345 /* can be retrieved by unprivileged users */ 6346 .internal_flags = NL80211_FLAG_NEED_WIPHY, 6347 }, 6348 { 6349 .cmd = NL80211_CMD_SET_WIPHY, 6350 .doit = nl80211_set_wiphy, 6351 .policy = nl80211_policy, 6352 .flags = GENL_ADMIN_PERM, 6353 .internal_flags = NL80211_FLAG_NEED_RTNL, 6354 }, 6355 { 6356 .cmd = NL80211_CMD_GET_INTERFACE, 6357 .doit = nl80211_get_interface, 6358 .dumpit = nl80211_dump_interface, 6359 .policy = nl80211_policy, 6360 /* can be retrieved by unprivileged users */ 6361 .internal_flags = NL80211_FLAG_NEED_NETDEV, 6362 }, 6363 { 6364 .cmd = NL80211_CMD_SET_INTERFACE, 6365 .doit = nl80211_set_interface, 6366 .policy = nl80211_policy, 6367 .flags = GENL_ADMIN_PERM, 6368 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6369 NL80211_FLAG_NEED_RTNL, 6370 }, 6371 { 6372 .cmd = NL80211_CMD_NEW_INTERFACE, 6373 .doit = nl80211_new_interface, 6374 .policy = nl80211_policy, 6375 .flags = GENL_ADMIN_PERM, 6376 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6377 NL80211_FLAG_NEED_RTNL, 6378 }, 6379 { 6380 .cmd = NL80211_CMD_DEL_INTERFACE, 6381 .doit = nl80211_del_interface, 6382 .policy = nl80211_policy, 6383 .flags = GENL_ADMIN_PERM, 6384 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6385 NL80211_FLAG_NEED_RTNL, 6386 }, 6387 { 6388 .cmd = NL80211_CMD_GET_KEY, 6389 .doit = nl80211_get_key, 6390 .policy = nl80211_policy, 6391 .flags = GENL_ADMIN_PERM, 6392 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6393 NL80211_FLAG_NEED_RTNL, 6394 }, 6395 { 6396 .cmd = NL80211_CMD_SET_KEY, 6397 .doit = nl80211_set_key, 6398 .policy = nl80211_policy, 6399 .flags = GENL_ADMIN_PERM, 6400 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6401 NL80211_FLAG_NEED_RTNL, 6402 }, 6403 { 6404 .cmd = NL80211_CMD_NEW_KEY, 6405 .doit = nl80211_new_key, 6406 .policy = nl80211_policy, 6407 .flags = GENL_ADMIN_PERM, 6408 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6409 NL80211_FLAG_NEED_RTNL, 6410 }, 6411 { 6412 .cmd = NL80211_CMD_DEL_KEY, 6413 .doit = nl80211_del_key, 6414 .policy = nl80211_policy, 6415 .flags = GENL_ADMIN_PERM, 6416 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6417 NL80211_FLAG_NEED_RTNL, 6418 }, 6419 { 6420 .cmd = NL80211_CMD_SET_BEACON, 6421 .policy = nl80211_policy, 6422 .flags = GENL_ADMIN_PERM, 6423 .doit = nl80211_set_beacon, 6424 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6425 NL80211_FLAG_NEED_RTNL, 6426 }, 6427 { 6428 .cmd = NL80211_CMD_START_AP, 6429 .policy = nl80211_policy, 6430 .flags = GENL_ADMIN_PERM, 6431 .doit = nl80211_start_ap, 6432 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6433 NL80211_FLAG_NEED_RTNL, 6434 }, 6435 { 6436 .cmd = NL80211_CMD_STOP_AP, 6437 .policy = nl80211_policy, 6438 .flags = GENL_ADMIN_PERM, 6439 .doit = nl80211_stop_ap, 6440 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6441 NL80211_FLAG_NEED_RTNL, 6442 }, 6443 { 6444 .cmd = NL80211_CMD_GET_STATION, 6445 .doit = nl80211_get_station, 6446 .dumpit = nl80211_dump_station, 6447 .policy = nl80211_policy, 6448 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6449 NL80211_FLAG_NEED_RTNL, 6450 }, 6451 { 6452 .cmd = NL80211_CMD_SET_STATION, 6453 .doit = nl80211_set_station, 6454 .policy = nl80211_policy, 6455 .flags = GENL_ADMIN_PERM, 6456 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6457 NL80211_FLAG_NEED_RTNL, 6458 }, 6459 { 6460 .cmd = NL80211_CMD_NEW_STATION, 6461 .doit = nl80211_new_station, 6462 .policy = nl80211_policy, 6463 .flags = GENL_ADMIN_PERM, 6464 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6465 NL80211_FLAG_NEED_RTNL, 6466 }, 6467 { 6468 .cmd = NL80211_CMD_DEL_STATION, 6469 .doit = nl80211_del_station, 6470 .policy = nl80211_policy, 6471 .flags = GENL_ADMIN_PERM, 6472 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6473 NL80211_FLAG_NEED_RTNL, 6474 }, 6475 { 6476 .cmd = NL80211_CMD_GET_MPATH, 6477 .doit = nl80211_get_mpath, 6478 .dumpit = nl80211_dump_mpath, 6479 .policy = nl80211_policy, 6480 .flags = GENL_ADMIN_PERM, 6481 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6482 NL80211_FLAG_NEED_RTNL, 6483 }, 6484 { 6485 .cmd = NL80211_CMD_SET_MPATH, 6486 .doit = nl80211_set_mpath, 6487 .policy = nl80211_policy, 6488 .flags = GENL_ADMIN_PERM, 6489 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6490 NL80211_FLAG_NEED_RTNL, 6491 }, 6492 { 6493 .cmd = NL80211_CMD_NEW_MPATH, 6494 .doit = nl80211_new_mpath, 6495 .policy = nl80211_policy, 6496 .flags = GENL_ADMIN_PERM, 6497 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6498 NL80211_FLAG_NEED_RTNL, 6499 }, 6500 { 6501 .cmd = NL80211_CMD_DEL_MPATH, 6502 .doit = nl80211_del_mpath, 6503 .policy = nl80211_policy, 6504 .flags = GENL_ADMIN_PERM, 6505 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6506 NL80211_FLAG_NEED_RTNL, 6507 }, 6508 { 6509 .cmd = NL80211_CMD_SET_BSS, 6510 .doit = nl80211_set_bss, 6511 .policy = nl80211_policy, 6512 .flags = GENL_ADMIN_PERM, 6513 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6514 NL80211_FLAG_NEED_RTNL, 6515 }, 6516 { 6517 .cmd = NL80211_CMD_GET_REG, 6518 .doit = nl80211_get_reg, 6519 .policy = nl80211_policy, 6520 /* can be retrieved by unprivileged users */ 6521 }, 6522 { 6523 .cmd = NL80211_CMD_SET_REG, 6524 .doit = nl80211_set_reg, 6525 .policy = nl80211_policy, 6526 .flags = GENL_ADMIN_PERM, 6527 }, 6528 { 6529 .cmd = NL80211_CMD_REQ_SET_REG, 6530 .doit = nl80211_req_set_reg, 6531 .policy = nl80211_policy, 6532 .flags = GENL_ADMIN_PERM, 6533 }, 6534 { 6535 .cmd = NL80211_CMD_GET_MESH_CONFIG, 6536 .doit = nl80211_get_mesh_config, 6537 .policy = nl80211_policy, 6538 /* can be retrieved by unprivileged users */ 6539 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6540 NL80211_FLAG_NEED_RTNL, 6541 }, 6542 { 6543 .cmd = NL80211_CMD_SET_MESH_CONFIG, 6544 .doit = nl80211_update_mesh_config, 6545 .policy = nl80211_policy, 6546 .flags = GENL_ADMIN_PERM, 6547 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6548 NL80211_FLAG_NEED_RTNL, 6549 }, 6550 { 6551 .cmd = NL80211_CMD_TRIGGER_SCAN, 6552 .doit = nl80211_trigger_scan, 6553 .policy = nl80211_policy, 6554 .flags = GENL_ADMIN_PERM, 6555 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6556 NL80211_FLAG_NEED_RTNL, 6557 }, 6558 { 6559 .cmd = NL80211_CMD_GET_SCAN, 6560 .policy = nl80211_policy, 6561 .dumpit = nl80211_dump_scan, 6562 }, 6563 { 6564 .cmd = NL80211_CMD_START_SCHED_SCAN, 6565 .doit = nl80211_start_sched_scan, 6566 .policy = nl80211_policy, 6567 .flags = GENL_ADMIN_PERM, 6568 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6569 NL80211_FLAG_NEED_RTNL, 6570 }, 6571 { 6572 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 6573 .doit = nl80211_stop_sched_scan, 6574 .policy = nl80211_policy, 6575 .flags = GENL_ADMIN_PERM, 6576 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6577 NL80211_FLAG_NEED_RTNL, 6578 }, 6579 { 6580 .cmd = NL80211_CMD_AUTHENTICATE, 6581 .doit = nl80211_authenticate, 6582 .policy = nl80211_policy, 6583 .flags = GENL_ADMIN_PERM, 6584 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6585 NL80211_FLAG_NEED_RTNL, 6586 }, 6587 { 6588 .cmd = NL80211_CMD_ASSOCIATE, 6589 .doit = nl80211_associate, 6590 .policy = nl80211_policy, 6591 .flags = GENL_ADMIN_PERM, 6592 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6593 NL80211_FLAG_NEED_RTNL, 6594 }, 6595 { 6596 .cmd = NL80211_CMD_DEAUTHENTICATE, 6597 .doit = nl80211_deauthenticate, 6598 .policy = nl80211_policy, 6599 .flags = GENL_ADMIN_PERM, 6600 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6601 NL80211_FLAG_NEED_RTNL, 6602 }, 6603 { 6604 .cmd = NL80211_CMD_DISASSOCIATE, 6605 .doit = nl80211_disassociate, 6606 .policy = nl80211_policy, 6607 .flags = GENL_ADMIN_PERM, 6608 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6609 NL80211_FLAG_NEED_RTNL, 6610 }, 6611 { 6612 .cmd = NL80211_CMD_JOIN_IBSS, 6613 .doit = nl80211_join_ibss, 6614 .policy = nl80211_policy, 6615 .flags = GENL_ADMIN_PERM, 6616 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6617 NL80211_FLAG_NEED_RTNL, 6618 }, 6619 { 6620 .cmd = NL80211_CMD_LEAVE_IBSS, 6621 .doit = nl80211_leave_ibss, 6622 .policy = nl80211_policy, 6623 .flags = GENL_ADMIN_PERM, 6624 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6625 NL80211_FLAG_NEED_RTNL, 6626 }, 6627 #ifdef CONFIG_NL80211_TESTMODE 6628 { 6629 .cmd = NL80211_CMD_TESTMODE, 6630 .doit = nl80211_testmode_do, 6631 .dumpit = nl80211_testmode_dump, 6632 .policy = nl80211_policy, 6633 .flags = GENL_ADMIN_PERM, 6634 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6635 NL80211_FLAG_NEED_RTNL, 6636 }, 6637 #endif 6638 { 6639 .cmd = NL80211_CMD_CONNECT, 6640 .doit = nl80211_connect, 6641 .policy = nl80211_policy, 6642 .flags = GENL_ADMIN_PERM, 6643 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6644 NL80211_FLAG_NEED_RTNL, 6645 }, 6646 { 6647 .cmd = NL80211_CMD_DISCONNECT, 6648 .doit = nl80211_disconnect, 6649 .policy = nl80211_policy, 6650 .flags = GENL_ADMIN_PERM, 6651 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6652 NL80211_FLAG_NEED_RTNL, 6653 }, 6654 { 6655 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 6656 .doit = nl80211_wiphy_netns, 6657 .policy = nl80211_policy, 6658 .flags = GENL_ADMIN_PERM, 6659 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6660 NL80211_FLAG_NEED_RTNL, 6661 }, 6662 { 6663 .cmd = NL80211_CMD_GET_SURVEY, 6664 .policy = nl80211_policy, 6665 .dumpit = nl80211_dump_survey, 6666 }, 6667 { 6668 .cmd = NL80211_CMD_SET_PMKSA, 6669 .doit = nl80211_setdel_pmksa, 6670 .policy = nl80211_policy, 6671 .flags = GENL_ADMIN_PERM, 6672 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6673 NL80211_FLAG_NEED_RTNL, 6674 }, 6675 { 6676 .cmd = NL80211_CMD_DEL_PMKSA, 6677 .doit = nl80211_setdel_pmksa, 6678 .policy = nl80211_policy, 6679 .flags = GENL_ADMIN_PERM, 6680 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6681 NL80211_FLAG_NEED_RTNL, 6682 }, 6683 { 6684 .cmd = NL80211_CMD_FLUSH_PMKSA, 6685 .doit = nl80211_flush_pmksa, 6686 .policy = nl80211_policy, 6687 .flags = GENL_ADMIN_PERM, 6688 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6689 NL80211_FLAG_NEED_RTNL, 6690 }, 6691 { 6692 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 6693 .doit = nl80211_remain_on_channel, 6694 .policy = nl80211_policy, 6695 .flags = GENL_ADMIN_PERM, 6696 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6697 NL80211_FLAG_NEED_RTNL, 6698 }, 6699 { 6700 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 6701 .doit = nl80211_cancel_remain_on_channel, 6702 .policy = nl80211_policy, 6703 .flags = GENL_ADMIN_PERM, 6704 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6705 NL80211_FLAG_NEED_RTNL, 6706 }, 6707 { 6708 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 6709 .doit = nl80211_set_tx_bitrate_mask, 6710 .policy = nl80211_policy, 6711 .flags = GENL_ADMIN_PERM, 6712 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6713 NL80211_FLAG_NEED_RTNL, 6714 }, 6715 { 6716 .cmd = NL80211_CMD_REGISTER_FRAME, 6717 .doit = nl80211_register_mgmt, 6718 .policy = nl80211_policy, 6719 .flags = GENL_ADMIN_PERM, 6720 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6721 NL80211_FLAG_NEED_RTNL, 6722 }, 6723 { 6724 .cmd = NL80211_CMD_FRAME, 6725 .doit = nl80211_tx_mgmt, 6726 .policy = nl80211_policy, 6727 .flags = GENL_ADMIN_PERM, 6728 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6729 NL80211_FLAG_NEED_RTNL, 6730 }, 6731 { 6732 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 6733 .doit = nl80211_tx_mgmt_cancel_wait, 6734 .policy = nl80211_policy, 6735 .flags = GENL_ADMIN_PERM, 6736 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6737 NL80211_FLAG_NEED_RTNL, 6738 }, 6739 { 6740 .cmd = NL80211_CMD_SET_POWER_SAVE, 6741 .doit = nl80211_set_power_save, 6742 .policy = nl80211_policy, 6743 .flags = GENL_ADMIN_PERM, 6744 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6745 NL80211_FLAG_NEED_RTNL, 6746 }, 6747 { 6748 .cmd = NL80211_CMD_GET_POWER_SAVE, 6749 .doit = nl80211_get_power_save, 6750 .policy = nl80211_policy, 6751 /* can be retrieved by unprivileged users */ 6752 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6753 NL80211_FLAG_NEED_RTNL, 6754 }, 6755 { 6756 .cmd = NL80211_CMD_SET_CQM, 6757 .doit = nl80211_set_cqm, 6758 .policy = nl80211_policy, 6759 .flags = GENL_ADMIN_PERM, 6760 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6761 NL80211_FLAG_NEED_RTNL, 6762 }, 6763 { 6764 .cmd = NL80211_CMD_SET_CHANNEL, 6765 .doit = nl80211_set_channel, 6766 .policy = nl80211_policy, 6767 .flags = GENL_ADMIN_PERM, 6768 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6769 NL80211_FLAG_NEED_RTNL, 6770 }, 6771 { 6772 .cmd = NL80211_CMD_SET_WDS_PEER, 6773 .doit = nl80211_set_wds_peer, 6774 .policy = nl80211_policy, 6775 .flags = GENL_ADMIN_PERM, 6776 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6777 NL80211_FLAG_NEED_RTNL, 6778 }, 6779 { 6780 .cmd = NL80211_CMD_JOIN_MESH, 6781 .doit = nl80211_join_mesh, 6782 .policy = nl80211_policy, 6783 .flags = GENL_ADMIN_PERM, 6784 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6785 NL80211_FLAG_NEED_RTNL, 6786 }, 6787 { 6788 .cmd = NL80211_CMD_LEAVE_MESH, 6789 .doit = nl80211_leave_mesh, 6790 .policy = nl80211_policy, 6791 .flags = GENL_ADMIN_PERM, 6792 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6793 NL80211_FLAG_NEED_RTNL, 6794 }, 6795 { 6796 .cmd = NL80211_CMD_GET_WOWLAN, 6797 .doit = nl80211_get_wowlan, 6798 .policy = nl80211_policy, 6799 /* can be retrieved by unprivileged users */ 6800 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6801 NL80211_FLAG_NEED_RTNL, 6802 }, 6803 { 6804 .cmd = NL80211_CMD_SET_WOWLAN, 6805 .doit = nl80211_set_wowlan, 6806 .policy = nl80211_policy, 6807 .flags = GENL_ADMIN_PERM, 6808 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6809 NL80211_FLAG_NEED_RTNL, 6810 }, 6811 { 6812 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 6813 .doit = nl80211_set_rekey_data, 6814 .policy = nl80211_policy, 6815 .flags = GENL_ADMIN_PERM, 6816 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6817 NL80211_FLAG_NEED_RTNL, 6818 }, 6819 { 6820 .cmd = NL80211_CMD_TDLS_MGMT, 6821 .doit = nl80211_tdls_mgmt, 6822 .policy = nl80211_policy, 6823 .flags = GENL_ADMIN_PERM, 6824 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6825 NL80211_FLAG_NEED_RTNL, 6826 }, 6827 { 6828 .cmd = NL80211_CMD_TDLS_OPER, 6829 .doit = nl80211_tdls_oper, 6830 .policy = nl80211_policy, 6831 .flags = GENL_ADMIN_PERM, 6832 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6833 NL80211_FLAG_NEED_RTNL, 6834 }, 6835 { 6836 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 6837 .doit = nl80211_register_unexpected_frame, 6838 .policy = nl80211_policy, 6839 .flags = GENL_ADMIN_PERM, 6840 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6841 NL80211_FLAG_NEED_RTNL, 6842 }, 6843 { 6844 .cmd = NL80211_CMD_PROBE_CLIENT, 6845 .doit = nl80211_probe_client, 6846 .policy = nl80211_policy, 6847 .flags = GENL_ADMIN_PERM, 6848 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6849 NL80211_FLAG_NEED_RTNL, 6850 }, 6851 { 6852 .cmd = NL80211_CMD_REGISTER_BEACONS, 6853 .doit = nl80211_register_beacons, 6854 .policy = nl80211_policy, 6855 .flags = GENL_ADMIN_PERM, 6856 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6857 NL80211_FLAG_NEED_RTNL, 6858 }, 6859 { 6860 .cmd = NL80211_CMD_SET_NOACK_MAP, 6861 .doit = nl80211_set_noack_map, 6862 .policy = nl80211_policy, 6863 .flags = GENL_ADMIN_PERM, 6864 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6865 NL80211_FLAG_NEED_RTNL, 6866 }, 6867 6868 }; 6869 6870 static struct genl_multicast_group nl80211_mlme_mcgrp = { 6871 .name = "mlme", 6872 }; 6873 6874 /* multicast groups */ 6875 static struct genl_multicast_group nl80211_config_mcgrp = { 6876 .name = "config", 6877 }; 6878 static struct genl_multicast_group nl80211_scan_mcgrp = { 6879 .name = "scan", 6880 }; 6881 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 6882 .name = "regulatory", 6883 }; 6884 6885 /* notification functions */ 6886 6887 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 6888 { 6889 struct sk_buff *msg; 6890 6891 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6892 if (!msg) 6893 return; 6894 6895 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 6896 nlmsg_free(msg); 6897 return; 6898 } 6899 6900 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6901 nl80211_config_mcgrp.id, GFP_KERNEL); 6902 } 6903 6904 static int nl80211_add_scan_req(struct sk_buff *msg, 6905 struct cfg80211_registered_device *rdev) 6906 { 6907 struct cfg80211_scan_request *req = rdev->scan_req; 6908 struct nlattr *nest; 6909 int i; 6910 6911 ASSERT_RDEV_LOCK(rdev); 6912 6913 if (WARN_ON(!req)) 6914 return 0; 6915 6916 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 6917 if (!nest) 6918 goto nla_put_failure; 6919 for (i = 0; i < req->n_ssids; i++) 6920 NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid); 6921 nla_nest_end(msg, nest); 6922 6923 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 6924 if (!nest) 6925 goto nla_put_failure; 6926 for (i = 0; i < req->n_channels; i++) 6927 NLA_PUT_U32(msg, i, req->channels[i]->center_freq); 6928 nla_nest_end(msg, nest); 6929 6930 if (req->ie) 6931 NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie); 6932 6933 return 0; 6934 nla_put_failure: 6935 return -ENOBUFS; 6936 } 6937 6938 static int nl80211_send_scan_msg(struct sk_buff *msg, 6939 struct cfg80211_registered_device *rdev, 6940 struct net_device *netdev, 6941 u32 pid, u32 seq, int flags, 6942 u32 cmd) 6943 { 6944 void *hdr; 6945 6946 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 6947 if (!hdr) 6948 return -1; 6949 6950 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6951 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6952 6953 /* ignore errors and send incomplete event anyway */ 6954 nl80211_add_scan_req(msg, rdev); 6955 6956 return genlmsg_end(msg, hdr); 6957 6958 nla_put_failure: 6959 genlmsg_cancel(msg, hdr); 6960 return -EMSGSIZE; 6961 } 6962 6963 static int 6964 nl80211_send_sched_scan_msg(struct sk_buff *msg, 6965 struct cfg80211_registered_device *rdev, 6966 struct net_device *netdev, 6967 u32 pid, u32 seq, int flags, u32 cmd) 6968 { 6969 void *hdr; 6970 6971 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 6972 if (!hdr) 6973 return -1; 6974 6975 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6976 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6977 6978 return genlmsg_end(msg, hdr); 6979 6980 nla_put_failure: 6981 genlmsg_cancel(msg, hdr); 6982 return -EMSGSIZE; 6983 } 6984 6985 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 6986 struct net_device *netdev) 6987 { 6988 struct sk_buff *msg; 6989 6990 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 6991 if (!msg) 6992 return; 6993 6994 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 6995 NL80211_CMD_TRIGGER_SCAN) < 0) { 6996 nlmsg_free(msg); 6997 return; 6998 } 6999 7000 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7001 nl80211_scan_mcgrp.id, GFP_KERNEL); 7002 } 7003 7004 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 7005 struct net_device *netdev) 7006 { 7007 struct sk_buff *msg; 7008 7009 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7010 if (!msg) 7011 return; 7012 7013 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 7014 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 7015 nlmsg_free(msg); 7016 return; 7017 } 7018 7019 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7020 nl80211_scan_mcgrp.id, GFP_KERNEL); 7021 } 7022 7023 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 7024 struct net_device *netdev) 7025 { 7026 struct sk_buff *msg; 7027 7028 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7029 if (!msg) 7030 return; 7031 7032 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 7033 NL80211_CMD_SCAN_ABORTED) < 0) { 7034 nlmsg_free(msg); 7035 return; 7036 } 7037 7038 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7039 nl80211_scan_mcgrp.id, GFP_KERNEL); 7040 } 7041 7042 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, 7043 struct net_device *netdev) 7044 { 7045 struct sk_buff *msg; 7046 7047 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7048 if (!msg) 7049 return; 7050 7051 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, 7052 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) { 7053 nlmsg_free(msg); 7054 return; 7055 } 7056 7057 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7058 nl80211_scan_mcgrp.id, GFP_KERNEL); 7059 } 7060 7061 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, 7062 struct net_device *netdev, u32 cmd) 7063 { 7064 struct sk_buff *msg; 7065 7066 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 7067 if (!msg) 7068 return; 7069 7070 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) { 7071 nlmsg_free(msg); 7072 return; 7073 } 7074 7075 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7076 nl80211_scan_mcgrp.id, GFP_KERNEL); 7077 } 7078 7079 /* 7080 * This can happen on global regulatory changes or device specific settings 7081 * based on custom world regulatory domains. 7082 */ 7083 void nl80211_send_reg_change_event(struct regulatory_request *request) 7084 { 7085 struct sk_buff *msg; 7086 void *hdr; 7087 7088 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7089 if (!msg) 7090 return; 7091 7092 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 7093 if (!hdr) { 7094 nlmsg_free(msg); 7095 return; 7096 } 7097 7098 /* Userspace can always count this one always being set */ 7099 NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator); 7100 7101 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') 7102 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 7103 NL80211_REGDOM_TYPE_WORLD); 7104 else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') 7105 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 7106 NL80211_REGDOM_TYPE_CUSTOM_WORLD); 7107 else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 7108 request->intersect) 7109 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 7110 NL80211_REGDOM_TYPE_INTERSECTION); 7111 else { 7112 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 7113 NL80211_REGDOM_TYPE_COUNTRY); 7114 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2); 7115 } 7116 7117 if (wiphy_idx_valid(request->wiphy_idx)) 7118 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx); 7119 7120 genlmsg_end(msg, hdr); 7121 7122 rcu_read_lock(); 7123 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 7124 GFP_ATOMIC); 7125 rcu_read_unlock(); 7126 7127 return; 7128 7129 nla_put_failure: 7130 genlmsg_cancel(msg, hdr); 7131 nlmsg_free(msg); 7132 } 7133 7134 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 7135 struct net_device *netdev, 7136 const u8 *buf, size_t len, 7137 enum nl80211_commands cmd, gfp_t gfp) 7138 { 7139 struct sk_buff *msg; 7140 void *hdr; 7141 7142 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7143 if (!msg) 7144 return; 7145 7146 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7147 if (!hdr) { 7148 nlmsg_free(msg); 7149 return; 7150 } 7151 7152 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7153 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7154 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 7155 7156 genlmsg_end(msg, hdr); 7157 7158 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7159 nl80211_mlme_mcgrp.id, gfp); 7160 return; 7161 7162 nla_put_failure: 7163 genlmsg_cancel(msg, hdr); 7164 nlmsg_free(msg); 7165 } 7166 7167 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 7168 struct net_device *netdev, const u8 *buf, 7169 size_t len, gfp_t gfp) 7170 { 7171 nl80211_send_mlme_event(rdev, netdev, buf, len, 7172 NL80211_CMD_AUTHENTICATE, gfp); 7173 } 7174 7175 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 7176 struct net_device *netdev, const u8 *buf, 7177 size_t len, gfp_t gfp) 7178 { 7179 nl80211_send_mlme_event(rdev, netdev, buf, len, 7180 NL80211_CMD_ASSOCIATE, gfp); 7181 } 7182 7183 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 7184 struct net_device *netdev, const u8 *buf, 7185 size_t len, gfp_t gfp) 7186 { 7187 nl80211_send_mlme_event(rdev, netdev, buf, len, 7188 NL80211_CMD_DEAUTHENTICATE, gfp); 7189 } 7190 7191 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 7192 struct net_device *netdev, const u8 *buf, 7193 size_t len, gfp_t gfp) 7194 { 7195 nl80211_send_mlme_event(rdev, netdev, buf, len, 7196 NL80211_CMD_DISASSOCIATE, gfp); 7197 } 7198 7199 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev, 7200 struct net_device *netdev, const u8 *buf, 7201 size_t len, gfp_t gfp) 7202 { 7203 nl80211_send_mlme_event(rdev, netdev, buf, len, 7204 NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp); 7205 } 7206 7207 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev, 7208 struct net_device *netdev, const u8 *buf, 7209 size_t len, gfp_t gfp) 7210 { 7211 nl80211_send_mlme_event(rdev, netdev, buf, len, 7212 NL80211_CMD_UNPROT_DISASSOCIATE, gfp); 7213 } 7214 7215 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 7216 struct net_device *netdev, int cmd, 7217 const u8 *addr, gfp_t gfp) 7218 { 7219 struct sk_buff *msg; 7220 void *hdr; 7221 7222 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7223 if (!msg) 7224 return; 7225 7226 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7227 if (!hdr) { 7228 nlmsg_free(msg); 7229 return; 7230 } 7231 7232 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7233 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7234 NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT); 7235 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7236 7237 genlmsg_end(msg, hdr); 7238 7239 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7240 nl80211_mlme_mcgrp.id, gfp); 7241 return; 7242 7243 nla_put_failure: 7244 genlmsg_cancel(msg, hdr); 7245 nlmsg_free(msg); 7246 } 7247 7248 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 7249 struct net_device *netdev, const u8 *addr, 7250 gfp_t gfp) 7251 { 7252 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 7253 addr, gfp); 7254 } 7255 7256 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 7257 struct net_device *netdev, const u8 *addr, 7258 gfp_t gfp) 7259 { 7260 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 7261 addr, gfp); 7262 } 7263 7264 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 7265 struct net_device *netdev, const u8 *bssid, 7266 const u8 *req_ie, size_t req_ie_len, 7267 const u8 *resp_ie, size_t resp_ie_len, 7268 u16 status, gfp_t gfp) 7269 { 7270 struct sk_buff *msg; 7271 void *hdr; 7272 7273 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7274 if (!msg) 7275 return; 7276 7277 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 7278 if (!hdr) { 7279 nlmsg_free(msg); 7280 return; 7281 } 7282 7283 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7284 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7285 if (bssid) 7286 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 7287 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status); 7288 if (req_ie) 7289 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 7290 if (resp_ie) 7291 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 7292 7293 genlmsg_end(msg, hdr); 7294 7295 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7296 nl80211_mlme_mcgrp.id, gfp); 7297 return; 7298 7299 nla_put_failure: 7300 genlmsg_cancel(msg, hdr); 7301 nlmsg_free(msg); 7302 7303 } 7304 7305 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 7306 struct net_device *netdev, const u8 *bssid, 7307 const u8 *req_ie, size_t req_ie_len, 7308 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 7309 { 7310 struct sk_buff *msg; 7311 void *hdr; 7312 7313 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7314 if (!msg) 7315 return; 7316 7317 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 7318 if (!hdr) { 7319 nlmsg_free(msg); 7320 return; 7321 } 7322 7323 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7324 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7325 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 7326 if (req_ie) 7327 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 7328 if (resp_ie) 7329 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 7330 7331 genlmsg_end(msg, hdr); 7332 7333 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7334 nl80211_mlme_mcgrp.id, gfp); 7335 return; 7336 7337 nla_put_failure: 7338 genlmsg_cancel(msg, hdr); 7339 nlmsg_free(msg); 7340 7341 } 7342 7343 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 7344 struct net_device *netdev, u16 reason, 7345 const u8 *ie, size_t ie_len, bool from_ap) 7346 { 7347 struct sk_buff *msg; 7348 void *hdr; 7349 7350 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 7351 if (!msg) 7352 return; 7353 7354 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 7355 if (!hdr) { 7356 nlmsg_free(msg); 7357 return; 7358 } 7359 7360 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7361 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7362 if (from_ap && reason) 7363 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason); 7364 if (from_ap) 7365 NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP); 7366 if (ie) 7367 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie); 7368 7369 genlmsg_end(msg, hdr); 7370 7371 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7372 nl80211_mlme_mcgrp.id, GFP_KERNEL); 7373 return; 7374 7375 nla_put_failure: 7376 genlmsg_cancel(msg, hdr); 7377 nlmsg_free(msg); 7378 7379 } 7380 7381 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 7382 struct net_device *netdev, const u8 *bssid, 7383 gfp_t gfp) 7384 { 7385 struct sk_buff *msg; 7386 void *hdr; 7387 7388 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7389 if (!msg) 7390 return; 7391 7392 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 7393 if (!hdr) { 7394 nlmsg_free(msg); 7395 return; 7396 } 7397 7398 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7399 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7400 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 7401 7402 genlmsg_end(msg, hdr); 7403 7404 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7405 nl80211_mlme_mcgrp.id, gfp); 7406 return; 7407 7408 nla_put_failure: 7409 genlmsg_cancel(msg, hdr); 7410 nlmsg_free(msg); 7411 } 7412 7413 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev, 7414 struct net_device *netdev, 7415 const u8 *macaddr, const u8* ie, u8 ie_len, 7416 gfp_t gfp) 7417 { 7418 struct sk_buff *msg; 7419 void *hdr; 7420 7421 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7422 if (!msg) 7423 return; 7424 7425 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 7426 if (!hdr) { 7427 nlmsg_free(msg); 7428 return; 7429 } 7430 7431 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7432 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7433 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr); 7434 if (ie_len && ie) 7435 NLA_PUT(msg, NL80211_ATTR_IE, ie_len , ie); 7436 7437 genlmsg_end(msg, hdr); 7438 7439 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7440 nl80211_mlme_mcgrp.id, gfp); 7441 return; 7442 7443 nla_put_failure: 7444 genlmsg_cancel(msg, hdr); 7445 nlmsg_free(msg); 7446 } 7447 7448 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 7449 struct net_device *netdev, const u8 *addr, 7450 enum nl80211_key_type key_type, int key_id, 7451 const u8 *tsc, gfp_t gfp) 7452 { 7453 struct sk_buff *msg; 7454 void *hdr; 7455 7456 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7457 if (!msg) 7458 return; 7459 7460 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 7461 if (!hdr) { 7462 nlmsg_free(msg); 7463 return; 7464 } 7465 7466 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7467 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7468 if (addr) 7469 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7470 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type); 7471 if (key_id != -1) 7472 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id); 7473 if (tsc) 7474 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc); 7475 7476 genlmsg_end(msg, hdr); 7477 7478 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7479 nl80211_mlme_mcgrp.id, gfp); 7480 return; 7481 7482 nla_put_failure: 7483 genlmsg_cancel(msg, hdr); 7484 nlmsg_free(msg); 7485 } 7486 7487 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 7488 struct ieee80211_channel *channel_before, 7489 struct ieee80211_channel *channel_after) 7490 { 7491 struct sk_buff *msg; 7492 void *hdr; 7493 struct nlattr *nl_freq; 7494 7495 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 7496 if (!msg) 7497 return; 7498 7499 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 7500 if (!hdr) { 7501 nlmsg_free(msg); 7502 return; 7503 } 7504 7505 /* 7506 * Since we are applying the beacon hint to a wiphy we know its 7507 * wiphy_idx is valid 7508 */ 7509 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)); 7510 7511 /* Before */ 7512 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 7513 if (!nl_freq) 7514 goto nla_put_failure; 7515 if (nl80211_msg_put_channel(msg, channel_before)) 7516 goto nla_put_failure; 7517 nla_nest_end(msg, nl_freq); 7518 7519 /* After */ 7520 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 7521 if (!nl_freq) 7522 goto nla_put_failure; 7523 if (nl80211_msg_put_channel(msg, channel_after)) 7524 goto nla_put_failure; 7525 nla_nest_end(msg, nl_freq); 7526 7527 genlmsg_end(msg, hdr); 7528 7529 rcu_read_lock(); 7530 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 7531 GFP_ATOMIC); 7532 rcu_read_unlock(); 7533 7534 return; 7535 7536 nla_put_failure: 7537 genlmsg_cancel(msg, hdr); 7538 nlmsg_free(msg); 7539 } 7540 7541 static void nl80211_send_remain_on_chan_event( 7542 int cmd, struct cfg80211_registered_device *rdev, 7543 struct net_device *netdev, u64 cookie, 7544 struct ieee80211_channel *chan, 7545 enum nl80211_channel_type channel_type, 7546 unsigned int duration, gfp_t gfp) 7547 { 7548 struct sk_buff *msg; 7549 void *hdr; 7550 7551 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7552 if (!msg) 7553 return; 7554 7555 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7556 if (!hdr) { 7557 nlmsg_free(msg); 7558 return; 7559 } 7560 7561 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7562 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7563 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq); 7564 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type); 7565 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 7566 7567 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL) 7568 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 7569 7570 genlmsg_end(msg, hdr); 7571 7572 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7573 nl80211_mlme_mcgrp.id, gfp); 7574 return; 7575 7576 nla_put_failure: 7577 genlmsg_cancel(msg, hdr); 7578 nlmsg_free(msg); 7579 } 7580 7581 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 7582 struct net_device *netdev, u64 cookie, 7583 struct ieee80211_channel *chan, 7584 enum nl80211_channel_type channel_type, 7585 unsigned int duration, gfp_t gfp) 7586 { 7587 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 7588 rdev, netdev, cookie, chan, 7589 channel_type, duration, gfp); 7590 } 7591 7592 void nl80211_send_remain_on_channel_cancel( 7593 struct cfg80211_registered_device *rdev, struct net_device *netdev, 7594 u64 cookie, struct ieee80211_channel *chan, 7595 enum nl80211_channel_type channel_type, gfp_t gfp) 7596 { 7597 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 7598 rdev, netdev, cookie, chan, 7599 channel_type, 0, gfp); 7600 } 7601 7602 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 7603 struct net_device *dev, const u8 *mac_addr, 7604 struct station_info *sinfo, gfp_t gfp) 7605 { 7606 struct sk_buff *msg; 7607 7608 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7609 if (!msg) 7610 return; 7611 7612 if (nl80211_send_station(msg, 0, 0, 0, 7613 rdev, dev, mac_addr, sinfo) < 0) { 7614 nlmsg_free(msg); 7615 return; 7616 } 7617 7618 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7619 nl80211_mlme_mcgrp.id, gfp); 7620 } 7621 7622 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev, 7623 struct net_device *dev, const u8 *mac_addr, 7624 gfp_t gfp) 7625 { 7626 struct sk_buff *msg; 7627 void *hdr; 7628 7629 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7630 if (!msg) 7631 return; 7632 7633 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION); 7634 if (!hdr) { 7635 nlmsg_free(msg); 7636 return; 7637 } 7638 7639 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 7640 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 7641 7642 genlmsg_end(msg, hdr); 7643 7644 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7645 nl80211_mlme_mcgrp.id, gfp); 7646 return; 7647 7648 nla_put_failure: 7649 genlmsg_cancel(msg, hdr); 7650 nlmsg_free(msg); 7651 } 7652 7653 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 7654 const u8 *addr, gfp_t gfp) 7655 { 7656 struct wireless_dev *wdev = dev->ieee80211_ptr; 7657 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 7658 struct sk_buff *msg; 7659 void *hdr; 7660 int err; 7661 u32 nlpid = ACCESS_ONCE(wdev->ap_unexpected_nlpid); 7662 7663 if (!nlpid) 7664 return false; 7665 7666 msg = nlmsg_new(100, gfp); 7667 if (!msg) 7668 return true; 7669 7670 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7671 if (!hdr) { 7672 nlmsg_free(msg); 7673 return true; 7674 } 7675 7676 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7677 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 7678 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7679 7680 err = genlmsg_end(msg, hdr); 7681 if (err < 0) { 7682 nlmsg_free(msg); 7683 return true; 7684 } 7685 7686 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 7687 return true; 7688 7689 nla_put_failure: 7690 genlmsg_cancel(msg, hdr); 7691 nlmsg_free(msg); 7692 return true; 7693 } 7694 7695 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp) 7696 { 7697 return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 7698 addr, gfp); 7699 } 7700 7701 bool nl80211_unexpected_4addr_frame(struct net_device *dev, 7702 const u8 *addr, gfp_t gfp) 7703 { 7704 return __nl80211_unexpected_frame(dev, 7705 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 7706 addr, gfp); 7707 } 7708 7709 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 7710 struct net_device *netdev, u32 nlpid, 7711 int freq, int sig_dbm, 7712 const u8 *buf, size_t len, gfp_t gfp) 7713 { 7714 struct sk_buff *msg; 7715 void *hdr; 7716 7717 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7718 if (!msg) 7719 return -ENOMEM; 7720 7721 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 7722 if (!hdr) { 7723 nlmsg_free(msg); 7724 return -ENOMEM; 7725 } 7726 7727 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7728 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7729 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 7730 if (sig_dbm) 7731 NLA_PUT_U32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm); 7732 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 7733 7734 genlmsg_end(msg, hdr); 7735 7736 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 7737 7738 nla_put_failure: 7739 genlmsg_cancel(msg, hdr); 7740 nlmsg_free(msg); 7741 return -ENOBUFS; 7742 } 7743 7744 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev, 7745 struct net_device *netdev, u64 cookie, 7746 const u8 *buf, size_t len, bool ack, 7747 gfp_t gfp) 7748 { 7749 struct sk_buff *msg; 7750 void *hdr; 7751 7752 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7753 if (!msg) 7754 return; 7755 7756 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS); 7757 if (!hdr) { 7758 nlmsg_free(msg); 7759 return; 7760 } 7761 7762 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7763 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7764 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 7765 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 7766 if (ack) 7767 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK); 7768 7769 genlmsg_end(msg, hdr); 7770 7771 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 7772 return; 7773 7774 nla_put_failure: 7775 genlmsg_cancel(msg, hdr); 7776 nlmsg_free(msg); 7777 } 7778 7779 void 7780 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, 7781 struct net_device *netdev, 7782 enum nl80211_cqm_rssi_threshold_event rssi_event, 7783 gfp_t gfp) 7784 { 7785 struct sk_buff *msg; 7786 struct nlattr *pinfoattr; 7787 void *hdr; 7788 7789 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7790 if (!msg) 7791 return; 7792 7793 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 7794 if (!hdr) { 7795 nlmsg_free(msg); 7796 return; 7797 } 7798 7799 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7800 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7801 7802 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 7803 if (!pinfoattr) 7804 goto nla_put_failure; 7805 7806 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 7807 rssi_event); 7808 7809 nla_nest_end(msg, pinfoattr); 7810 7811 genlmsg_end(msg, hdr); 7812 7813 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7814 nl80211_mlme_mcgrp.id, gfp); 7815 return; 7816 7817 nla_put_failure: 7818 genlmsg_cancel(msg, hdr); 7819 nlmsg_free(msg); 7820 } 7821 7822 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 7823 struct net_device *netdev, const u8 *bssid, 7824 const u8 *replay_ctr, gfp_t gfp) 7825 { 7826 struct sk_buff *msg; 7827 struct nlattr *rekey_attr; 7828 void *hdr; 7829 7830 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7831 if (!msg) 7832 return; 7833 7834 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 7835 if (!hdr) { 7836 nlmsg_free(msg); 7837 return; 7838 } 7839 7840 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7841 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7842 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 7843 7844 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 7845 if (!rekey_attr) 7846 goto nla_put_failure; 7847 7848 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, 7849 NL80211_REPLAY_CTR_LEN, replay_ctr); 7850 7851 nla_nest_end(msg, rekey_attr); 7852 7853 genlmsg_end(msg, hdr); 7854 7855 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7856 nl80211_mlme_mcgrp.id, gfp); 7857 return; 7858 7859 nla_put_failure: 7860 genlmsg_cancel(msg, hdr); 7861 nlmsg_free(msg); 7862 } 7863 7864 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 7865 struct net_device *netdev, int index, 7866 const u8 *bssid, bool preauth, gfp_t gfp) 7867 { 7868 struct sk_buff *msg; 7869 struct nlattr *attr; 7870 void *hdr; 7871 7872 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7873 if (!msg) 7874 return; 7875 7876 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 7877 if (!hdr) { 7878 nlmsg_free(msg); 7879 return; 7880 } 7881 7882 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7883 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7884 7885 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE); 7886 if (!attr) 7887 goto nla_put_failure; 7888 7889 NLA_PUT_U32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index); 7890 NLA_PUT(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid); 7891 if (preauth) 7892 NLA_PUT_FLAG(msg, NL80211_PMKSA_CANDIDATE_PREAUTH); 7893 7894 nla_nest_end(msg, attr); 7895 7896 genlmsg_end(msg, hdr); 7897 7898 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7899 nl80211_mlme_mcgrp.id, gfp); 7900 return; 7901 7902 nla_put_failure: 7903 genlmsg_cancel(msg, hdr); 7904 nlmsg_free(msg); 7905 } 7906 7907 void 7908 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev, 7909 struct net_device *netdev, const u8 *peer, 7910 u32 num_packets, gfp_t gfp) 7911 { 7912 struct sk_buff *msg; 7913 struct nlattr *pinfoattr; 7914 void *hdr; 7915 7916 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7917 if (!msg) 7918 return; 7919 7920 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 7921 if (!hdr) { 7922 nlmsg_free(msg); 7923 return; 7924 } 7925 7926 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7927 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7928 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer); 7929 7930 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 7931 if (!pinfoattr) 7932 goto nla_put_failure; 7933 7934 NLA_PUT_U32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets); 7935 7936 nla_nest_end(msg, pinfoattr); 7937 7938 genlmsg_end(msg, hdr); 7939 7940 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7941 nl80211_mlme_mcgrp.id, gfp); 7942 return; 7943 7944 nla_put_failure: 7945 genlmsg_cancel(msg, hdr); 7946 nlmsg_free(msg); 7947 } 7948 7949 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 7950 u64 cookie, bool acked, gfp_t gfp) 7951 { 7952 struct wireless_dev *wdev = dev->ieee80211_ptr; 7953 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 7954 struct sk_buff *msg; 7955 void *hdr; 7956 int err; 7957 7958 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7959 if (!msg) 7960 return; 7961 7962 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 7963 if (!hdr) { 7964 nlmsg_free(msg); 7965 return; 7966 } 7967 7968 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7969 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 7970 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7971 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 7972 if (acked) 7973 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK); 7974 7975 err = genlmsg_end(msg, hdr); 7976 if (err < 0) { 7977 nlmsg_free(msg); 7978 return; 7979 } 7980 7981 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7982 nl80211_mlme_mcgrp.id, gfp); 7983 return; 7984 7985 nla_put_failure: 7986 genlmsg_cancel(msg, hdr); 7987 nlmsg_free(msg); 7988 } 7989 EXPORT_SYMBOL(cfg80211_probe_status); 7990 7991 void cfg80211_report_obss_beacon(struct wiphy *wiphy, 7992 const u8 *frame, size_t len, 7993 int freq, int sig_dbm, gfp_t gfp) 7994 { 7995 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 7996 struct sk_buff *msg; 7997 void *hdr; 7998 u32 nlpid = ACCESS_ONCE(rdev->ap_beacons_nlpid); 7999 8000 if (!nlpid) 8001 return; 8002 8003 msg = nlmsg_new(len + 100, gfp); 8004 if (!msg) 8005 return; 8006 8007 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 8008 if (!hdr) { 8009 nlmsg_free(msg); 8010 return; 8011 } 8012 8013 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 8014 if (freq) 8015 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 8016 if (sig_dbm) 8017 NLA_PUT_U32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm); 8018 NLA_PUT(msg, NL80211_ATTR_FRAME, len, frame); 8019 8020 genlmsg_end(msg, hdr); 8021 8022 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 8023 return; 8024 8025 nla_put_failure: 8026 genlmsg_cancel(msg, hdr); 8027 nlmsg_free(msg); 8028 } 8029 EXPORT_SYMBOL(cfg80211_report_obss_beacon); 8030 8031 static int nl80211_netlink_notify(struct notifier_block * nb, 8032 unsigned long state, 8033 void *_notify) 8034 { 8035 struct netlink_notify *notify = _notify; 8036 struct cfg80211_registered_device *rdev; 8037 struct wireless_dev *wdev; 8038 8039 if (state != NETLINK_URELEASE) 8040 return NOTIFY_DONE; 8041 8042 rcu_read_lock(); 8043 8044 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 8045 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list) 8046 cfg80211_mlme_unregister_socket(wdev, notify->pid); 8047 if (rdev->ap_beacons_nlpid == notify->pid) 8048 rdev->ap_beacons_nlpid = 0; 8049 } 8050 8051 rcu_read_unlock(); 8052 8053 return NOTIFY_DONE; 8054 } 8055 8056 static struct notifier_block nl80211_netlink_notifier = { 8057 .notifier_call = nl80211_netlink_notify, 8058 }; 8059 8060 /* initialisation/exit functions */ 8061 8062 int nl80211_init(void) 8063 { 8064 int err; 8065 8066 err = genl_register_family_with_ops(&nl80211_fam, 8067 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 8068 if (err) 8069 return err; 8070 8071 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 8072 if (err) 8073 goto err_out; 8074 8075 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 8076 if (err) 8077 goto err_out; 8078 8079 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 8080 if (err) 8081 goto err_out; 8082 8083 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 8084 if (err) 8085 goto err_out; 8086 8087 #ifdef CONFIG_NL80211_TESTMODE 8088 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 8089 if (err) 8090 goto err_out; 8091 #endif 8092 8093 err = netlink_register_notifier(&nl80211_netlink_notifier); 8094 if (err) 8095 goto err_out; 8096 8097 return 0; 8098 err_out: 8099 genl_unregister_family(&nl80211_fam); 8100 return err; 8101 } 8102 8103 void nl80211_exit(void) 8104 { 8105 netlink_unregister_notifier(&nl80211_netlink_notifier); 8106 genl_unregister_family(&nl80211_fam); 8107 } 8108