1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include <net/inet_connection_sock.h> 23 #include "core.h" 24 #include "nl80211.h" 25 #include "reg.h" 26 #include "rdev-ops.h" 27 28 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 29 struct genl_info *info, 30 struct cfg80211_crypto_settings *settings, 31 int cipher_limit); 32 33 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 34 struct genl_info *info); 35 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 36 struct genl_info *info); 37 38 /* the netlink family */ 39 static struct genl_family nl80211_fam = { 40 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 41 .name = NL80211_GENL_NAME, /* have users key off the name instead */ 42 .hdrsize = 0, /* no private header */ 43 .version = 1, /* no particular meaning now */ 44 .maxattr = NL80211_ATTR_MAX, 45 .netnsok = true, 46 .pre_doit = nl80211_pre_doit, 47 .post_doit = nl80211_post_doit, 48 }; 49 50 /* returns ERR_PTR values */ 51 static struct wireless_dev * 52 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs) 53 { 54 struct cfg80211_registered_device *rdev; 55 struct wireless_dev *result = NULL; 56 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX]; 57 bool have_wdev_id = attrs[NL80211_ATTR_WDEV]; 58 u64 wdev_id; 59 int wiphy_idx = -1; 60 int ifidx = -1; 61 62 ASSERT_RTNL(); 63 64 if (!have_ifidx && !have_wdev_id) 65 return ERR_PTR(-EINVAL); 66 67 if (have_ifidx) 68 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 69 if (have_wdev_id) { 70 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 71 wiphy_idx = wdev_id >> 32; 72 } 73 74 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 75 struct wireless_dev *wdev; 76 77 if (wiphy_net(&rdev->wiphy) != netns) 78 continue; 79 80 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx) 81 continue; 82 83 list_for_each_entry(wdev, &rdev->wdev_list, list) { 84 if (have_ifidx && wdev->netdev && 85 wdev->netdev->ifindex == ifidx) { 86 result = wdev; 87 break; 88 } 89 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 90 result = wdev; 91 break; 92 } 93 } 94 95 if (result) 96 break; 97 } 98 99 if (result) 100 return result; 101 return ERR_PTR(-ENODEV); 102 } 103 104 static struct cfg80211_registered_device * 105 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs) 106 { 107 struct cfg80211_registered_device *rdev = NULL, *tmp; 108 struct net_device *netdev; 109 110 ASSERT_RTNL(); 111 112 if (!attrs[NL80211_ATTR_WIPHY] && 113 !attrs[NL80211_ATTR_IFINDEX] && 114 !attrs[NL80211_ATTR_WDEV]) 115 return ERR_PTR(-EINVAL); 116 117 if (attrs[NL80211_ATTR_WIPHY]) 118 rdev = cfg80211_rdev_by_wiphy_idx( 119 nla_get_u32(attrs[NL80211_ATTR_WIPHY])); 120 121 if (attrs[NL80211_ATTR_WDEV]) { 122 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 123 struct wireless_dev *wdev; 124 bool found = false; 125 126 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32); 127 if (tmp) { 128 /* make sure wdev exists */ 129 list_for_each_entry(wdev, &tmp->wdev_list, list) { 130 if (wdev->identifier != (u32)wdev_id) 131 continue; 132 found = true; 133 break; 134 } 135 136 if (!found) 137 tmp = NULL; 138 139 if (rdev && tmp != rdev) 140 return ERR_PTR(-EINVAL); 141 rdev = tmp; 142 } 143 } 144 145 if (attrs[NL80211_ATTR_IFINDEX]) { 146 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 147 netdev = dev_get_by_index(netns, ifindex); 148 if (netdev) { 149 if (netdev->ieee80211_ptr) 150 tmp = wiphy_to_dev( 151 netdev->ieee80211_ptr->wiphy); 152 else 153 tmp = NULL; 154 155 dev_put(netdev); 156 157 /* not wireless device -- return error */ 158 if (!tmp) 159 return ERR_PTR(-EINVAL); 160 161 /* mismatch -- return error */ 162 if (rdev && tmp != rdev) 163 return ERR_PTR(-EINVAL); 164 165 rdev = tmp; 166 } 167 } 168 169 if (!rdev) 170 return ERR_PTR(-ENODEV); 171 172 if (netns != wiphy_net(&rdev->wiphy)) 173 return ERR_PTR(-ENODEV); 174 175 return rdev; 176 } 177 178 /* 179 * This function returns a pointer to the driver 180 * that the genl_info item that is passed refers to. 181 * 182 * The result of this can be a PTR_ERR and hence must 183 * be checked with IS_ERR() for errors. 184 */ 185 static struct cfg80211_registered_device * 186 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info) 187 { 188 return __cfg80211_rdev_from_attrs(netns, info->attrs); 189 } 190 191 /* policy for the attributes */ 192 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 193 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 194 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 195 .len = 20-1 }, 196 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 197 198 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 199 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 200 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 }, 201 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 }, 202 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 }, 203 204 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 205 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 206 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 207 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 208 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 209 210 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 211 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 212 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 213 214 [NL80211_ATTR_MAC] = { .len = ETH_ALEN }, 215 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN }, 216 217 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 218 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 219 .len = WLAN_MAX_KEY_LEN }, 220 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 221 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 222 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 223 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 224 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 }, 225 226 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 227 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 228 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 229 .len = IEEE80211_MAX_DATA_LEN }, 230 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 231 .len = IEEE80211_MAX_DATA_LEN }, 232 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 233 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 234 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 235 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 236 .len = NL80211_MAX_SUPP_RATES }, 237 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 238 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 239 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 240 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 241 .len = IEEE80211_MAX_MESH_ID_LEN }, 242 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 243 244 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 245 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 246 247 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 248 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 249 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 250 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 251 .len = NL80211_MAX_SUPP_RATES }, 252 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 253 254 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 255 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 256 257 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN }, 258 259 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 260 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 261 .len = IEEE80211_MAX_DATA_LEN }, 262 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 263 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 264 265 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 266 .len = IEEE80211_MAX_SSID_LEN }, 267 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 268 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 269 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 270 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 271 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 272 [NL80211_ATTR_STA_FLAGS2] = { 273 .len = sizeof(struct nl80211_sta_flag_update), 274 }, 275 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 276 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 277 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 278 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 279 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 280 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 281 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 282 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 283 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 284 .len = WLAN_PMKID_LEN }, 285 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 286 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 287 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 288 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 289 .len = IEEE80211_MAX_DATA_LEN }, 290 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 291 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 292 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 293 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 294 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 295 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 296 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 297 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 298 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 299 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 300 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 301 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 302 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 303 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 304 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, 305 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 306 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 307 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 308 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 }, 309 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY, 310 .len = IEEE80211_MAX_DATA_LEN }, 311 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY, 312 .len = IEEE80211_MAX_DATA_LEN }, 313 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 314 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 315 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 316 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 317 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 318 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 319 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 320 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 321 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 322 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 323 .len = IEEE80211_MAX_DATA_LEN }, 324 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 325 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 326 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 327 .len = NL80211_HT_CAPABILITY_LEN 328 }, 329 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 330 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 331 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 332 [NL80211_ATTR_WDEV] = { .type = NLA_U64 }, 333 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 }, 334 [NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, }, 335 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN }, 336 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 }, 337 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 }, 338 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 }, 339 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 }, 340 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED }, 341 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 }, 342 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, }, 343 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, }, 344 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG }, 345 [NL80211_ATTR_VHT_CAPABILITY_MASK] = { 346 .len = NL80211_VHT_CAPABILITY_LEN, 347 }, 348 [NL80211_ATTR_MDID] = { .type = NLA_U16 }, 349 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY, 350 .len = IEEE80211_MAX_DATA_LEN }, 351 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 }, 352 }; 353 354 /* policy for the key attributes */ 355 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 356 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 357 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 358 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 359 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 360 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 361 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 362 [NL80211_KEY_TYPE] = { .type = NLA_U32 }, 363 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 364 }; 365 366 /* policy for the key default flags */ 367 static const struct nla_policy 368 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 369 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 370 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 371 }; 372 373 /* policy for WoWLAN attributes */ 374 static const struct nla_policy 375 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 376 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 377 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 378 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 379 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 380 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 381 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 382 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 383 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 384 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED }, 385 }; 386 387 static const struct nla_policy 388 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = { 389 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 }, 390 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 }, 391 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN }, 392 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 }, 393 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 }, 394 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 }, 395 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = { 396 .len = sizeof(struct nl80211_wowlan_tcp_data_seq) 397 }, 398 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = { 399 .len = sizeof(struct nl80211_wowlan_tcp_data_token) 400 }, 401 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 }, 402 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 }, 403 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 }, 404 }; 405 406 /* policy for GTK rekey offload attributes */ 407 static const struct nla_policy 408 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 409 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN }, 410 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN }, 411 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN }, 412 }; 413 414 static const struct nla_policy 415 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 416 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY, 417 .len = IEEE80211_MAX_SSID_LEN }, 418 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 }, 419 }; 420 421 static int nl80211_prepare_wdev_dump(struct sk_buff *skb, 422 struct netlink_callback *cb, 423 struct cfg80211_registered_device **rdev, 424 struct wireless_dev **wdev) 425 { 426 int err; 427 428 rtnl_lock(); 429 430 if (!cb->args[0]) { 431 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 432 nl80211_fam.attrbuf, nl80211_fam.maxattr, 433 nl80211_policy); 434 if (err) 435 goto out_unlock; 436 437 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), 438 nl80211_fam.attrbuf); 439 if (IS_ERR(*wdev)) { 440 err = PTR_ERR(*wdev); 441 goto out_unlock; 442 } 443 *rdev = wiphy_to_dev((*wdev)->wiphy); 444 /* 0 is the first index - add 1 to parse only once */ 445 cb->args[0] = (*rdev)->wiphy_idx + 1; 446 cb->args[1] = (*wdev)->identifier; 447 } else { 448 /* subtract the 1 again here */ 449 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1); 450 struct wireless_dev *tmp; 451 452 if (!wiphy) { 453 err = -ENODEV; 454 goto out_unlock; 455 } 456 *rdev = wiphy_to_dev(wiphy); 457 *wdev = NULL; 458 459 list_for_each_entry(tmp, &(*rdev)->wdev_list, list) { 460 if (tmp->identifier == cb->args[1]) { 461 *wdev = tmp; 462 break; 463 } 464 } 465 466 if (!*wdev) { 467 err = -ENODEV; 468 goto out_unlock; 469 } 470 } 471 472 return 0; 473 out_unlock: 474 rtnl_unlock(); 475 return err; 476 } 477 478 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev) 479 { 480 rtnl_unlock(); 481 } 482 483 /* IE validation */ 484 static bool is_valid_ie_attr(const struct nlattr *attr) 485 { 486 const u8 *pos; 487 int len; 488 489 if (!attr) 490 return true; 491 492 pos = nla_data(attr); 493 len = nla_len(attr); 494 495 while (len) { 496 u8 elemlen; 497 498 if (len < 2) 499 return false; 500 len -= 2; 501 502 elemlen = pos[1]; 503 if (elemlen > len) 504 return false; 505 506 len -= elemlen; 507 pos += 2 + elemlen; 508 } 509 510 return true; 511 } 512 513 /* message building helper */ 514 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq, 515 int flags, u8 cmd) 516 { 517 /* since there is no private header just add the generic one */ 518 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd); 519 } 520 521 static int nl80211_msg_put_channel(struct sk_buff *msg, 522 struct ieee80211_channel *chan, 523 bool large) 524 { 525 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ, 526 chan->center_freq)) 527 goto nla_put_failure; 528 529 if ((chan->flags & IEEE80211_CHAN_DISABLED) && 530 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) 531 goto nla_put_failure; 532 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) && 533 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN)) 534 goto nla_put_failure; 535 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) && 536 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS)) 537 goto nla_put_failure; 538 if (chan->flags & IEEE80211_CHAN_RADAR) { 539 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 540 goto nla_put_failure; 541 if (large) { 542 u32 time; 543 544 time = elapsed_jiffies_msecs(chan->dfs_state_entered); 545 546 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE, 547 chan->dfs_state)) 548 goto nla_put_failure; 549 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME, 550 time)) 551 goto nla_put_failure; 552 } 553 } 554 555 if (large) { 556 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) && 557 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS)) 558 goto nla_put_failure; 559 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) && 560 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS)) 561 goto nla_put_failure; 562 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) && 563 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ)) 564 goto nla_put_failure; 565 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) && 566 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ)) 567 goto nla_put_failure; 568 } 569 570 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 571 DBM_TO_MBM(chan->max_power))) 572 goto nla_put_failure; 573 574 return 0; 575 576 nla_put_failure: 577 return -ENOBUFS; 578 } 579 580 /* netlink command implementations */ 581 582 struct key_parse { 583 struct key_params p; 584 int idx; 585 int type; 586 bool def, defmgmt; 587 bool def_uni, def_multi; 588 }; 589 590 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 591 { 592 struct nlattr *tb[NL80211_KEY_MAX + 1]; 593 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 594 nl80211_key_policy); 595 if (err) 596 return err; 597 598 k->def = !!tb[NL80211_KEY_DEFAULT]; 599 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 600 601 if (k->def) { 602 k->def_uni = true; 603 k->def_multi = true; 604 } 605 if (k->defmgmt) 606 k->def_multi = true; 607 608 if (tb[NL80211_KEY_IDX]) 609 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 610 611 if (tb[NL80211_KEY_DATA]) { 612 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 613 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 614 } 615 616 if (tb[NL80211_KEY_SEQ]) { 617 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 618 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 619 } 620 621 if (tb[NL80211_KEY_CIPHER]) 622 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 623 624 if (tb[NL80211_KEY_TYPE]) { 625 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 626 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 627 return -EINVAL; 628 } 629 630 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 631 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 632 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 633 tb[NL80211_KEY_DEFAULT_TYPES], 634 nl80211_key_default_policy); 635 if (err) 636 return err; 637 638 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 639 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 640 } 641 642 return 0; 643 } 644 645 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 646 { 647 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 648 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 649 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 650 } 651 652 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 653 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 654 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 655 } 656 657 if (info->attrs[NL80211_ATTR_KEY_IDX]) 658 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 659 660 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 661 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 662 663 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 664 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 665 666 if (k->def) { 667 k->def_uni = true; 668 k->def_multi = true; 669 } 670 if (k->defmgmt) 671 k->def_multi = true; 672 673 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 674 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 675 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 676 return -EINVAL; 677 } 678 679 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 680 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 681 int err = nla_parse_nested( 682 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 683 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 684 nl80211_key_default_policy); 685 if (err) 686 return err; 687 688 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 689 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 690 } 691 692 return 0; 693 } 694 695 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 696 { 697 int err; 698 699 memset(k, 0, sizeof(*k)); 700 k->idx = -1; 701 k->type = -1; 702 703 if (info->attrs[NL80211_ATTR_KEY]) 704 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 705 else 706 err = nl80211_parse_key_old(info, k); 707 708 if (err) 709 return err; 710 711 if (k->def && k->defmgmt) 712 return -EINVAL; 713 714 if (k->defmgmt) { 715 if (k->def_uni || !k->def_multi) 716 return -EINVAL; 717 } 718 719 if (k->idx != -1) { 720 if (k->defmgmt) { 721 if (k->idx < 4 || k->idx > 5) 722 return -EINVAL; 723 } else if (k->def) { 724 if (k->idx < 0 || k->idx > 3) 725 return -EINVAL; 726 } else { 727 if (k->idx < 0 || k->idx > 5) 728 return -EINVAL; 729 } 730 } 731 732 return 0; 733 } 734 735 static struct cfg80211_cached_keys * 736 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 737 struct nlattr *keys, bool *no_ht) 738 { 739 struct key_parse parse; 740 struct nlattr *key; 741 struct cfg80211_cached_keys *result; 742 int rem, err, def = 0; 743 744 result = kzalloc(sizeof(*result), GFP_KERNEL); 745 if (!result) 746 return ERR_PTR(-ENOMEM); 747 748 result->def = -1; 749 result->defmgmt = -1; 750 751 nla_for_each_nested(key, keys, rem) { 752 memset(&parse, 0, sizeof(parse)); 753 parse.idx = -1; 754 755 err = nl80211_parse_key_new(key, &parse); 756 if (err) 757 goto error; 758 err = -EINVAL; 759 if (!parse.p.key) 760 goto error; 761 if (parse.idx < 0 || parse.idx > 4) 762 goto error; 763 if (parse.def) { 764 if (def) 765 goto error; 766 def = 1; 767 result->def = parse.idx; 768 if (!parse.def_uni || !parse.def_multi) 769 goto error; 770 } else if (parse.defmgmt) 771 goto error; 772 err = cfg80211_validate_key_settings(rdev, &parse.p, 773 parse.idx, false, NULL); 774 if (err) 775 goto error; 776 result->params[parse.idx].cipher = parse.p.cipher; 777 result->params[parse.idx].key_len = parse.p.key_len; 778 result->params[parse.idx].key = result->data[parse.idx]; 779 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 780 781 if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 || 782 parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) { 783 if (no_ht) 784 *no_ht = true; 785 } 786 } 787 788 return result; 789 error: 790 kfree(result); 791 return ERR_PTR(err); 792 } 793 794 static int nl80211_key_allowed(struct wireless_dev *wdev) 795 { 796 ASSERT_WDEV_LOCK(wdev); 797 798 switch (wdev->iftype) { 799 case NL80211_IFTYPE_AP: 800 case NL80211_IFTYPE_AP_VLAN: 801 case NL80211_IFTYPE_P2P_GO: 802 case NL80211_IFTYPE_MESH_POINT: 803 break; 804 case NL80211_IFTYPE_ADHOC: 805 case NL80211_IFTYPE_STATION: 806 case NL80211_IFTYPE_P2P_CLIENT: 807 if (!wdev->current_bss) 808 return -ENOLINK; 809 break; 810 default: 811 return -EINVAL; 812 } 813 814 return 0; 815 } 816 817 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 818 { 819 struct nlattr *nl_modes = nla_nest_start(msg, attr); 820 int i; 821 822 if (!nl_modes) 823 goto nla_put_failure; 824 825 i = 0; 826 while (ifmodes) { 827 if ((ifmodes & 1) && nla_put_flag(msg, i)) 828 goto nla_put_failure; 829 ifmodes >>= 1; 830 i++; 831 } 832 833 nla_nest_end(msg, nl_modes); 834 return 0; 835 836 nla_put_failure: 837 return -ENOBUFS; 838 } 839 840 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 841 struct sk_buff *msg, 842 bool large) 843 { 844 struct nlattr *nl_combis; 845 int i, j; 846 847 nl_combis = nla_nest_start(msg, 848 NL80211_ATTR_INTERFACE_COMBINATIONS); 849 if (!nl_combis) 850 goto nla_put_failure; 851 852 for (i = 0; i < wiphy->n_iface_combinations; i++) { 853 const struct ieee80211_iface_combination *c; 854 struct nlattr *nl_combi, *nl_limits; 855 856 c = &wiphy->iface_combinations[i]; 857 858 nl_combi = nla_nest_start(msg, i + 1); 859 if (!nl_combi) 860 goto nla_put_failure; 861 862 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS); 863 if (!nl_limits) 864 goto nla_put_failure; 865 866 for (j = 0; j < c->n_limits; j++) { 867 struct nlattr *nl_limit; 868 869 nl_limit = nla_nest_start(msg, j + 1); 870 if (!nl_limit) 871 goto nla_put_failure; 872 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, 873 c->limits[j].max)) 874 goto nla_put_failure; 875 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 876 c->limits[j].types)) 877 goto nla_put_failure; 878 nla_nest_end(msg, nl_limit); 879 } 880 881 nla_nest_end(msg, nl_limits); 882 883 if (c->beacon_int_infra_match && 884 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH)) 885 goto nla_put_failure; 886 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 887 c->num_different_channels) || 888 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM, 889 c->max_interfaces)) 890 goto nla_put_failure; 891 if (large && 892 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS, 893 c->radar_detect_widths)) 894 goto nla_put_failure; 895 896 nla_nest_end(msg, nl_combi); 897 } 898 899 nla_nest_end(msg, nl_combis); 900 901 return 0; 902 nla_put_failure: 903 return -ENOBUFS; 904 } 905 906 #ifdef CONFIG_PM 907 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev, 908 struct sk_buff *msg) 909 { 910 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp; 911 struct nlattr *nl_tcp; 912 913 if (!tcp) 914 return 0; 915 916 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION); 917 if (!nl_tcp) 918 return -ENOBUFS; 919 920 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 921 tcp->data_payload_max)) 922 return -ENOBUFS; 923 924 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 925 tcp->data_payload_max)) 926 return -ENOBUFS; 927 928 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ)) 929 return -ENOBUFS; 930 931 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 932 sizeof(*tcp->tok), tcp->tok)) 933 return -ENOBUFS; 934 935 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 936 tcp->data_interval_max)) 937 return -ENOBUFS; 938 939 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 940 tcp->wake_payload_max)) 941 return -ENOBUFS; 942 943 nla_nest_end(msg, nl_tcp); 944 return 0; 945 } 946 947 static int nl80211_send_wowlan(struct sk_buff *msg, 948 struct cfg80211_registered_device *dev, 949 bool large) 950 { 951 struct nlattr *nl_wowlan; 952 953 if (!dev->wiphy.wowlan) 954 return 0; 955 956 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 957 if (!nl_wowlan) 958 return -ENOBUFS; 959 960 if (((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) && 961 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 962 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) && 963 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 964 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) && 965 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 966 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) && 967 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) || 968 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) && 969 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 970 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) && 971 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 972 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) && 973 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 974 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) && 975 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 976 return -ENOBUFS; 977 978 if (dev->wiphy.wowlan->n_patterns) { 979 struct nl80211_wowlan_pattern_support pat = { 980 .max_patterns = dev->wiphy.wowlan->n_patterns, 981 .min_pattern_len = dev->wiphy.wowlan->pattern_min_len, 982 .max_pattern_len = dev->wiphy.wowlan->pattern_max_len, 983 .max_pkt_offset = dev->wiphy.wowlan->max_pkt_offset, 984 }; 985 986 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 987 sizeof(pat), &pat)) 988 return -ENOBUFS; 989 } 990 991 if (large && nl80211_send_wowlan_tcp_caps(dev, msg)) 992 return -ENOBUFS; 993 994 nla_nest_end(msg, nl_wowlan); 995 996 return 0; 997 } 998 #endif 999 1000 static int nl80211_send_band_rateinfo(struct sk_buff *msg, 1001 struct ieee80211_supported_band *sband) 1002 { 1003 struct nlattr *nl_rates, *nl_rate; 1004 struct ieee80211_rate *rate; 1005 int i; 1006 1007 /* add HT info */ 1008 if (sband->ht_cap.ht_supported && 1009 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET, 1010 sizeof(sband->ht_cap.mcs), 1011 &sband->ht_cap.mcs) || 1012 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA, 1013 sband->ht_cap.cap) || 1014 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 1015 sband->ht_cap.ampdu_factor) || 1016 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 1017 sband->ht_cap.ampdu_density))) 1018 return -ENOBUFS; 1019 1020 /* add VHT info */ 1021 if (sband->vht_cap.vht_supported && 1022 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET, 1023 sizeof(sband->vht_cap.vht_mcs), 1024 &sband->vht_cap.vht_mcs) || 1025 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA, 1026 sband->vht_cap.cap))) 1027 return -ENOBUFS; 1028 1029 /* add bitrates */ 1030 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 1031 if (!nl_rates) 1032 return -ENOBUFS; 1033 1034 for (i = 0; i < sband->n_bitrates; i++) { 1035 nl_rate = nla_nest_start(msg, i); 1036 if (!nl_rate) 1037 return -ENOBUFS; 1038 1039 rate = &sband->bitrates[i]; 1040 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE, 1041 rate->bitrate)) 1042 return -ENOBUFS; 1043 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) && 1044 nla_put_flag(msg, 1045 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE)) 1046 return -ENOBUFS; 1047 1048 nla_nest_end(msg, nl_rate); 1049 } 1050 1051 nla_nest_end(msg, nl_rates); 1052 1053 return 0; 1054 } 1055 1056 static int 1057 nl80211_send_mgmt_stypes(struct sk_buff *msg, 1058 const struct ieee80211_txrx_stypes *mgmt_stypes) 1059 { 1060 u16 stypes; 1061 struct nlattr *nl_ftypes, *nl_ifs; 1062 enum nl80211_iftype ift; 1063 int i; 1064 1065 if (!mgmt_stypes) 1066 return 0; 1067 1068 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES); 1069 if (!nl_ifs) 1070 return -ENOBUFS; 1071 1072 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1073 nl_ftypes = nla_nest_start(msg, ift); 1074 if (!nl_ftypes) 1075 return -ENOBUFS; 1076 i = 0; 1077 stypes = mgmt_stypes[ift].tx; 1078 while (stypes) { 1079 if ((stypes & 1) && 1080 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1081 (i << 4) | IEEE80211_FTYPE_MGMT)) 1082 return -ENOBUFS; 1083 stypes >>= 1; 1084 i++; 1085 } 1086 nla_nest_end(msg, nl_ftypes); 1087 } 1088 1089 nla_nest_end(msg, nl_ifs); 1090 1091 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES); 1092 if (!nl_ifs) 1093 return -ENOBUFS; 1094 1095 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1096 nl_ftypes = nla_nest_start(msg, ift); 1097 if (!nl_ftypes) 1098 return -ENOBUFS; 1099 i = 0; 1100 stypes = mgmt_stypes[ift].rx; 1101 while (stypes) { 1102 if ((stypes & 1) && 1103 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1104 (i << 4) | IEEE80211_FTYPE_MGMT)) 1105 return -ENOBUFS; 1106 stypes >>= 1; 1107 i++; 1108 } 1109 nla_nest_end(msg, nl_ftypes); 1110 } 1111 nla_nest_end(msg, nl_ifs); 1112 1113 return 0; 1114 } 1115 1116 struct nl80211_dump_wiphy_state { 1117 s64 filter_wiphy; 1118 long start; 1119 long split_start, band_start, chan_start; 1120 bool split; 1121 }; 1122 1123 static int nl80211_send_wiphy(struct cfg80211_registered_device *dev, 1124 struct sk_buff *msg, u32 portid, u32 seq, 1125 int flags, struct nl80211_dump_wiphy_state *state) 1126 { 1127 void *hdr; 1128 struct nlattr *nl_bands, *nl_band; 1129 struct nlattr *nl_freqs, *nl_freq; 1130 struct nlattr *nl_cmds; 1131 enum ieee80211_band band; 1132 struct ieee80211_channel *chan; 1133 int i; 1134 const struct ieee80211_txrx_stypes *mgmt_stypes = 1135 dev->wiphy.mgmt_stypes; 1136 u32 features; 1137 1138 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY); 1139 if (!hdr) 1140 return -ENOBUFS; 1141 1142 if (WARN_ON(!state)) 1143 return -EINVAL; 1144 1145 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) || 1146 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, 1147 wiphy_name(&dev->wiphy)) || 1148 nla_put_u32(msg, NL80211_ATTR_GENERATION, 1149 cfg80211_rdev_list_generation)) 1150 goto nla_put_failure; 1151 1152 switch (state->split_start) { 1153 case 0: 1154 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 1155 dev->wiphy.retry_short) || 1156 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 1157 dev->wiphy.retry_long) || 1158 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 1159 dev->wiphy.frag_threshold) || 1160 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 1161 dev->wiphy.rts_threshold) || 1162 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 1163 dev->wiphy.coverage_class) || 1164 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 1165 dev->wiphy.max_scan_ssids) || 1166 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 1167 dev->wiphy.max_sched_scan_ssids) || 1168 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 1169 dev->wiphy.max_scan_ie_len) || 1170 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 1171 dev->wiphy.max_sched_scan_ie_len) || 1172 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS, 1173 dev->wiphy.max_match_sets)) 1174 goto nla_put_failure; 1175 1176 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) && 1177 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN)) 1178 goto nla_put_failure; 1179 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) && 1180 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH)) 1181 goto nla_put_failure; 1182 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 1183 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD)) 1184 goto nla_put_failure; 1185 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) && 1186 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT)) 1187 goto nla_put_failure; 1188 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) && 1189 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT)) 1190 goto nla_put_failure; 1191 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) && 1192 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) 1193 goto nla_put_failure; 1194 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) && 1195 nla_put_flag(msg, WIPHY_FLAG_SUPPORTS_5_10_MHZ)) 1196 goto nla_put_failure; 1197 1198 state->split_start++; 1199 if (state->split) 1200 break; 1201 case 1: 1202 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES, 1203 sizeof(u32) * dev->wiphy.n_cipher_suites, 1204 dev->wiphy.cipher_suites)) 1205 goto nla_put_failure; 1206 1207 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 1208 dev->wiphy.max_num_pmkids)) 1209 goto nla_put_failure; 1210 1211 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 1212 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE)) 1213 goto nla_put_failure; 1214 1215 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 1216 dev->wiphy.available_antennas_tx) || 1217 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 1218 dev->wiphy.available_antennas_rx)) 1219 goto nla_put_failure; 1220 1221 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) && 1222 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 1223 dev->wiphy.probe_resp_offload)) 1224 goto nla_put_failure; 1225 1226 if ((dev->wiphy.available_antennas_tx || 1227 dev->wiphy.available_antennas_rx) && 1228 dev->ops->get_antenna) { 1229 u32 tx_ant = 0, rx_ant = 0; 1230 int res; 1231 res = rdev_get_antenna(dev, &tx_ant, &rx_ant); 1232 if (!res) { 1233 if (nla_put_u32(msg, 1234 NL80211_ATTR_WIPHY_ANTENNA_TX, 1235 tx_ant) || 1236 nla_put_u32(msg, 1237 NL80211_ATTR_WIPHY_ANTENNA_RX, 1238 rx_ant)) 1239 goto nla_put_failure; 1240 } 1241 } 1242 1243 state->split_start++; 1244 if (state->split) 1245 break; 1246 case 2: 1247 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 1248 dev->wiphy.interface_modes)) 1249 goto nla_put_failure; 1250 state->split_start++; 1251 if (state->split) 1252 break; 1253 case 3: 1254 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 1255 if (!nl_bands) 1256 goto nla_put_failure; 1257 1258 for (band = state->band_start; 1259 band < IEEE80211_NUM_BANDS; band++) { 1260 struct ieee80211_supported_band *sband; 1261 1262 sband = dev->wiphy.bands[band]; 1263 1264 if (!sband) 1265 continue; 1266 1267 nl_band = nla_nest_start(msg, band); 1268 if (!nl_band) 1269 goto nla_put_failure; 1270 1271 switch (state->chan_start) { 1272 case 0: 1273 if (nl80211_send_band_rateinfo(msg, sband)) 1274 goto nla_put_failure; 1275 state->chan_start++; 1276 if (state->split) 1277 break; 1278 default: 1279 /* add frequencies */ 1280 nl_freqs = nla_nest_start( 1281 msg, NL80211_BAND_ATTR_FREQS); 1282 if (!nl_freqs) 1283 goto nla_put_failure; 1284 1285 for (i = state->chan_start - 1; 1286 i < sband->n_channels; 1287 i++) { 1288 nl_freq = nla_nest_start(msg, i); 1289 if (!nl_freq) 1290 goto nla_put_failure; 1291 1292 chan = &sband->channels[i]; 1293 1294 if (nl80211_msg_put_channel( 1295 msg, chan, 1296 state->split)) 1297 goto nla_put_failure; 1298 1299 nla_nest_end(msg, nl_freq); 1300 if (state->split) 1301 break; 1302 } 1303 if (i < sband->n_channels) 1304 state->chan_start = i + 2; 1305 else 1306 state->chan_start = 0; 1307 nla_nest_end(msg, nl_freqs); 1308 } 1309 1310 nla_nest_end(msg, nl_band); 1311 1312 if (state->split) { 1313 /* start again here */ 1314 if (state->chan_start) 1315 band--; 1316 break; 1317 } 1318 } 1319 nla_nest_end(msg, nl_bands); 1320 1321 if (band < IEEE80211_NUM_BANDS) 1322 state->band_start = band + 1; 1323 else 1324 state->band_start = 0; 1325 1326 /* if bands & channels are done, continue outside */ 1327 if (state->band_start == 0 && state->chan_start == 0) 1328 state->split_start++; 1329 if (state->split) 1330 break; 1331 case 4: 1332 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 1333 if (!nl_cmds) 1334 goto nla_put_failure; 1335 1336 i = 0; 1337 #define CMD(op, n) \ 1338 do { \ 1339 if (dev->ops->op) { \ 1340 i++; \ 1341 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \ 1342 goto nla_put_failure; \ 1343 } \ 1344 } while (0) 1345 1346 CMD(add_virtual_intf, NEW_INTERFACE); 1347 CMD(change_virtual_intf, SET_INTERFACE); 1348 CMD(add_key, NEW_KEY); 1349 CMD(start_ap, START_AP); 1350 CMD(add_station, NEW_STATION); 1351 CMD(add_mpath, NEW_MPATH); 1352 CMD(update_mesh_config, SET_MESH_CONFIG); 1353 CMD(change_bss, SET_BSS); 1354 CMD(auth, AUTHENTICATE); 1355 CMD(assoc, ASSOCIATE); 1356 CMD(deauth, DEAUTHENTICATE); 1357 CMD(disassoc, DISASSOCIATE); 1358 CMD(join_ibss, JOIN_IBSS); 1359 CMD(join_mesh, JOIN_MESH); 1360 CMD(set_pmksa, SET_PMKSA); 1361 CMD(del_pmksa, DEL_PMKSA); 1362 CMD(flush_pmksa, FLUSH_PMKSA); 1363 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 1364 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 1365 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 1366 CMD(mgmt_tx, FRAME); 1367 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 1368 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 1369 i++; 1370 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS)) 1371 goto nla_put_failure; 1372 } 1373 if (dev->ops->set_monitor_channel || dev->ops->start_ap || 1374 dev->ops->join_mesh) { 1375 i++; 1376 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL)) 1377 goto nla_put_failure; 1378 } 1379 CMD(set_wds_peer, SET_WDS_PEER); 1380 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 1381 CMD(tdls_mgmt, TDLS_MGMT); 1382 CMD(tdls_oper, TDLS_OPER); 1383 } 1384 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) 1385 CMD(sched_scan_start, START_SCHED_SCAN); 1386 CMD(probe_client, PROBE_CLIENT); 1387 CMD(set_noack_map, SET_NOACK_MAP); 1388 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 1389 i++; 1390 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 1391 goto nla_put_failure; 1392 } 1393 CMD(start_p2p_device, START_P2P_DEVICE); 1394 CMD(set_mcast_rate, SET_MCAST_RATE); 1395 if (state->split) { 1396 CMD(crit_proto_start, CRIT_PROTOCOL_START); 1397 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP); 1398 } 1399 1400 #ifdef CONFIG_NL80211_TESTMODE 1401 CMD(testmode_cmd, TESTMODE); 1402 #endif 1403 1404 #undef CMD 1405 1406 if (dev->ops->connect || dev->ops->auth) { 1407 i++; 1408 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT)) 1409 goto nla_put_failure; 1410 } 1411 1412 if (dev->ops->disconnect || dev->ops->deauth) { 1413 i++; 1414 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT)) 1415 goto nla_put_failure; 1416 } 1417 1418 nla_nest_end(msg, nl_cmds); 1419 state->split_start++; 1420 if (state->split) 1421 break; 1422 case 5: 1423 if (dev->ops->remain_on_channel && 1424 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) && 1425 nla_put_u32(msg, 1426 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 1427 dev->wiphy.max_remain_on_channel_duration)) 1428 goto nla_put_failure; 1429 1430 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) && 1431 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) 1432 goto nla_put_failure; 1433 1434 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes)) 1435 goto nla_put_failure; 1436 state->split_start++; 1437 if (state->split) 1438 break; 1439 case 6: 1440 #ifdef CONFIG_PM 1441 if (nl80211_send_wowlan(msg, dev, state->split)) 1442 goto nla_put_failure; 1443 state->split_start++; 1444 if (state->split) 1445 break; 1446 #else 1447 state->split_start++; 1448 #endif 1449 case 7: 1450 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 1451 dev->wiphy.software_iftypes)) 1452 goto nla_put_failure; 1453 1454 if (nl80211_put_iface_combinations(&dev->wiphy, msg, 1455 state->split)) 1456 goto nla_put_failure; 1457 1458 state->split_start++; 1459 if (state->split) 1460 break; 1461 case 8: 1462 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) && 1463 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME, 1464 dev->wiphy.ap_sme_capa)) 1465 goto nla_put_failure; 1466 1467 features = dev->wiphy.features; 1468 /* 1469 * We can only add the per-channel limit information if the 1470 * dump is split, otherwise it makes it too big. Therefore 1471 * only advertise it in that case. 1472 */ 1473 if (state->split) 1474 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS; 1475 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features)) 1476 goto nla_put_failure; 1477 1478 if (dev->wiphy.ht_capa_mod_mask && 1479 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 1480 sizeof(*dev->wiphy.ht_capa_mod_mask), 1481 dev->wiphy.ht_capa_mod_mask)) 1482 goto nla_put_failure; 1483 1484 if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME && 1485 dev->wiphy.max_acl_mac_addrs && 1486 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX, 1487 dev->wiphy.max_acl_mac_addrs)) 1488 goto nla_put_failure; 1489 1490 /* 1491 * Any information below this point is only available to 1492 * applications that can deal with it being split. This 1493 * helps ensure that newly added capabilities don't break 1494 * older tools by overrunning their buffers. 1495 * 1496 * We still increment split_start so that in the split 1497 * case we'll continue with more data in the next round, 1498 * but break unconditionally so unsplit data stops here. 1499 */ 1500 state->split_start++; 1501 break; 1502 case 9: 1503 if (dev->wiphy.extended_capabilities && 1504 (nla_put(msg, NL80211_ATTR_EXT_CAPA, 1505 dev->wiphy.extended_capabilities_len, 1506 dev->wiphy.extended_capabilities) || 1507 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK, 1508 dev->wiphy.extended_capabilities_len, 1509 dev->wiphy.extended_capabilities_mask))) 1510 goto nla_put_failure; 1511 1512 if (dev->wiphy.vht_capa_mod_mask && 1513 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, 1514 sizeof(*dev->wiphy.vht_capa_mod_mask), 1515 dev->wiphy.vht_capa_mod_mask)) 1516 goto nla_put_failure; 1517 1518 /* done */ 1519 state->split_start = 0; 1520 break; 1521 } 1522 return genlmsg_end(msg, hdr); 1523 1524 nla_put_failure: 1525 genlmsg_cancel(msg, hdr); 1526 return -EMSGSIZE; 1527 } 1528 1529 static int nl80211_dump_wiphy_parse(struct sk_buff *skb, 1530 struct netlink_callback *cb, 1531 struct nl80211_dump_wiphy_state *state) 1532 { 1533 struct nlattr **tb = nl80211_fam.attrbuf; 1534 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 1535 tb, nl80211_fam.maxattr, nl80211_policy); 1536 /* ignore parse errors for backward compatibility */ 1537 if (ret) 1538 return 0; 1539 1540 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP]; 1541 if (tb[NL80211_ATTR_WIPHY]) 1542 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 1543 if (tb[NL80211_ATTR_WDEV]) 1544 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32; 1545 if (tb[NL80211_ATTR_IFINDEX]) { 1546 struct net_device *netdev; 1547 struct cfg80211_registered_device *rdev; 1548 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 1549 1550 netdev = dev_get_by_index(sock_net(skb->sk), ifidx); 1551 if (!netdev) 1552 return -ENODEV; 1553 if (netdev->ieee80211_ptr) { 1554 rdev = wiphy_to_dev( 1555 netdev->ieee80211_ptr->wiphy); 1556 state->filter_wiphy = rdev->wiphy_idx; 1557 } 1558 dev_put(netdev); 1559 } 1560 1561 return 0; 1562 } 1563 1564 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 1565 { 1566 int idx = 0, ret; 1567 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0]; 1568 struct cfg80211_registered_device *dev; 1569 1570 rtnl_lock(); 1571 if (!state) { 1572 state = kzalloc(sizeof(*state), GFP_KERNEL); 1573 if (!state) { 1574 rtnl_unlock(); 1575 return -ENOMEM; 1576 } 1577 state->filter_wiphy = -1; 1578 ret = nl80211_dump_wiphy_parse(skb, cb, state); 1579 if (ret) { 1580 kfree(state); 1581 rtnl_unlock(); 1582 return ret; 1583 } 1584 cb->args[0] = (long)state; 1585 } 1586 1587 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 1588 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 1589 continue; 1590 if (++idx <= state->start) 1591 continue; 1592 if (state->filter_wiphy != -1 && 1593 state->filter_wiphy != dev->wiphy_idx) 1594 continue; 1595 /* attempt to fit multiple wiphy data chunks into the skb */ 1596 do { 1597 ret = nl80211_send_wiphy(dev, skb, 1598 NETLINK_CB(cb->skb).portid, 1599 cb->nlh->nlmsg_seq, 1600 NLM_F_MULTI, state); 1601 if (ret < 0) { 1602 /* 1603 * If sending the wiphy data didn't fit (ENOBUFS 1604 * or EMSGSIZE returned), this SKB is still 1605 * empty (so it's not too big because another 1606 * wiphy dataset is already in the skb) and 1607 * we've not tried to adjust the dump allocation 1608 * yet ... then adjust the alloc size to be 1609 * bigger, and return 1 but with the empty skb. 1610 * This results in an empty message being RX'ed 1611 * in userspace, but that is ignored. 1612 * 1613 * We can then retry with the larger buffer. 1614 */ 1615 if ((ret == -ENOBUFS || ret == -EMSGSIZE) && 1616 !skb->len && 1617 cb->min_dump_alloc < 4096) { 1618 cb->min_dump_alloc = 4096; 1619 rtnl_unlock(); 1620 return 1; 1621 } 1622 idx--; 1623 break; 1624 } 1625 } while (state->split_start > 0); 1626 break; 1627 } 1628 rtnl_unlock(); 1629 1630 state->start = idx; 1631 1632 return skb->len; 1633 } 1634 1635 static int nl80211_dump_wiphy_done(struct netlink_callback *cb) 1636 { 1637 kfree((void *)cb->args[0]); 1638 return 0; 1639 } 1640 1641 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 1642 { 1643 struct sk_buff *msg; 1644 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1645 struct nl80211_dump_wiphy_state state = {}; 1646 1647 msg = nlmsg_new(4096, GFP_KERNEL); 1648 if (!msg) 1649 return -ENOMEM; 1650 1651 if (nl80211_send_wiphy(dev, msg, info->snd_portid, info->snd_seq, 0, 1652 &state) < 0) { 1653 nlmsg_free(msg); 1654 return -ENOBUFS; 1655 } 1656 1657 return genlmsg_reply(msg, info); 1658 } 1659 1660 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 1661 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 1662 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 1663 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 1664 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 1665 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 1666 }; 1667 1668 static int parse_txq_params(struct nlattr *tb[], 1669 struct ieee80211_txq_params *txq_params) 1670 { 1671 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || 1672 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 1673 !tb[NL80211_TXQ_ATTR_AIFS]) 1674 return -EINVAL; 1675 1676 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); 1677 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 1678 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 1679 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 1680 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 1681 1682 if (txq_params->ac >= NL80211_NUM_ACS) 1683 return -EINVAL; 1684 1685 return 0; 1686 } 1687 1688 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 1689 { 1690 /* 1691 * You can only set the channel explicitly for WDS interfaces, 1692 * all others have their channel managed via their respective 1693 * "establish a connection" command (connect, join, ...) 1694 * 1695 * For AP/GO and mesh mode, the channel can be set with the 1696 * channel userspace API, but is only stored and passed to the 1697 * low-level driver when the AP starts or the mesh is joined. 1698 * This is for backward compatibility, userspace can also give 1699 * the channel in the start-ap or join-mesh commands instead. 1700 * 1701 * Monitors are special as they are normally slaved to 1702 * whatever else is going on, so they have their own special 1703 * operation to set the monitor channel if possible. 1704 */ 1705 return !wdev || 1706 wdev->iftype == NL80211_IFTYPE_AP || 1707 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 1708 wdev->iftype == NL80211_IFTYPE_MONITOR || 1709 wdev->iftype == NL80211_IFTYPE_P2P_GO; 1710 } 1711 1712 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev, 1713 struct genl_info *info, 1714 struct cfg80211_chan_def *chandef) 1715 { 1716 u32 control_freq; 1717 1718 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 1719 return -EINVAL; 1720 1721 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 1722 1723 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq); 1724 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 1725 chandef->center_freq1 = control_freq; 1726 chandef->center_freq2 = 0; 1727 1728 /* Primary channel not allowed */ 1729 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) 1730 return -EINVAL; 1731 1732 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 1733 enum nl80211_channel_type chantype; 1734 1735 chantype = nla_get_u32( 1736 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1737 1738 switch (chantype) { 1739 case NL80211_CHAN_NO_HT: 1740 case NL80211_CHAN_HT20: 1741 case NL80211_CHAN_HT40PLUS: 1742 case NL80211_CHAN_HT40MINUS: 1743 cfg80211_chandef_create(chandef, chandef->chan, 1744 chantype); 1745 break; 1746 default: 1747 return -EINVAL; 1748 } 1749 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) { 1750 chandef->width = 1751 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]); 1752 if (info->attrs[NL80211_ATTR_CENTER_FREQ1]) 1753 chandef->center_freq1 = 1754 nla_get_u32( 1755 info->attrs[NL80211_ATTR_CENTER_FREQ1]); 1756 if (info->attrs[NL80211_ATTR_CENTER_FREQ2]) 1757 chandef->center_freq2 = 1758 nla_get_u32( 1759 info->attrs[NL80211_ATTR_CENTER_FREQ2]); 1760 } 1761 1762 if (!cfg80211_chandef_valid(chandef)) 1763 return -EINVAL; 1764 1765 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef, 1766 IEEE80211_CHAN_DISABLED)) 1767 return -EINVAL; 1768 1769 if ((chandef->width == NL80211_CHAN_WIDTH_5 || 1770 chandef->width == NL80211_CHAN_WIDTH_10) && 1771 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) 1772 return -EINVAL; 1773 1774 return 0; 1775 } 1776 1777 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 1778 struct wireless_dev *wdev, 1779 struct genl_info *info) 1780 { 1781 struct cfg80211_chan_def chandef; 1782 int result; 1783 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR; 1784 1785 if (wdev) 1786 iftype = wdev->iftype; 1787 1788 if (!nl80211_can_set_dev_channel(wdev)) 1789 return -EOPNOTSUPP; 1790 1791 result = nl80211_parse_chandef(rdev, info, &chandef); 1792 if (result) 1793 return result; 1794 1795 switch (iftype) { 1796 case NL80211_IFTYPE_AP: 1797 case NL80211_IFTYPE_P2P_GO: 1798 if (wdev->beacon_interval) { 1799 result = -EBUSY; 1800 break; 1801 } 1802 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef)) { 1803 result = -EINVAL; 1804 break; 1805 } 1806 wdev->preset_chandef = chandef; 1807 result = 0; 1808 break; 1809 case NL80211_IFTYPE_MESH_POINT: 1810 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef); 1811 break; 1812 case NL80211_IFTYPE_MONITOR: 1813 result = cfg80211_set_monitor_channel(rdev, &chandef); 1814 break; 1815 default: 1816 result = -EINVAL; 1817 } 1818 1819 return result; 1820 } 1821 1822 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 1823 { 1824 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1825 struct net_device *netdev = info->user_ptr[1]; 1826 1827 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 1828 } 1829 1830 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info) 1831 { 1832 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1833 struct net_device *dev = info->user_ptr[1]; 1834 struct wireless_dev *wdev = dev->ieee80211_ptr; 1835 const u8 *bssid; 1836 1837 if (!info->attrs[NL80211_ATTR_MAC]) 1838 return -EINVAL; 1839 1840 if (netif_running(dev)) 1841 return -EBUSY; 1842 1843 if (!rdev->ops->set_wds_peer) 1844 return -EOPNOTSUPP; 1845 1846 if (wdev->iftype != NL80211_IFTYPE_WDS) 1847 return -EOPNOTSUPP; 1848 1849 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 1850 return rdev_set_wds_peer(rdev, dev, bssid); 1851 } 1852 1853 1854 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 1855 { 1856 struct cfg80211_registered_device *rdev; 1857 struct net_device *netdev = NULL; 1858 struct wireless_dev *wdev; 1859 int result = 0, rem_txq_params = 0; 1860 struct nlattr *nl_txq_params; 1861 u32 changed; 1862 u8 retry_short = 0, retry_long = 0; 1863 u32 frag_threshold = 0, rts_threshold = 0; 1864 u8 coverage_class = 0; 1865 1866 ASSERT_RTNL(); 1867 1868 /* 1869 * Try to find the wiphy and netdev. Normally this 1870 * function shouldn't need the netdev, but this is 1871 * done for backward compatibility -- previously 1872 * setting the channel was done per wiphy, but now 1873 * it is per netdev. Previous userland like hostapd 1874 * also passed a netdev to set_wiphy, so that it is 1875 * possible to let that go to the right netdev! 1876 */ 1877 1878 if (info->attrs[NL80211_ATTR_IFINDEX]) { 1879 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 1880 1881 netdev = dev_get_by_index(genl_info_net(info), ifindex); 1882 if (netdev && netdev->ieee80211_ptr) 1883 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 1884 else 1885 netdev = NULL; 1886 } 1887 1888 if (!netdev) { 1889 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info), 1890 info->attrs); 1891 if (IS_ERR(rdev)) 1892 return PTR_ERR(rdev); 1893 wdev = NULL; 1894 netdev = NULL; 1895 result = 0; 1896 } else 1897 wdev = netdev->ieee80211_ptr; 1898 1899 /* 1900 * end workaround code, by now the rdev is available 1901 * and locked, and wdev may or may not be NULL. 1902 */ 1903 1904 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 1905 result = cfg80211_dev_rename( 1906 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 1907 1908 if (result) 1909 goto bad_res; 1910 1911 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 1912 struct ieee80211_txq_params txq_params; 1913 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 1914 1915 if (!rdev->ops->set_txq_params) { 1916 result = -EOPNOTSUPP; 1917 goto bad_res; 1918 } 1919 1920 if (!netdev) { 1921 result = -EINVAL; 1922 goto bad_res; 1923 } 1924 1925 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 1926 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 1927 result = -EINVAL; 1928 goto bad_res; 1929 } 1930 1931 if (!netif_running(netdev)) { 1932 result = -ENETDOWN; 1933 goto bad_res; 1934 } 1935 1936 nla_for_each_nested(nl_txq_params, 1937 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 1938 rem_txq_params) { 1939 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 1940 nla_data(nl_txq_params), 1941 nla_len(nl_txq_params), 1942 txq_params_policy); 1943 result = parse_txq_params(tb, &txq_params); 1944 if (result) 1945 goto bad_res; 1946 1947 result = rdev_set_txq_params(rdev, netdev, 1948 &txq_params); 1949 if (result) 1950 goto bad_res; 1951 } 1952 } 1953 1954 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 1955 result = __nl80211_set_channel(rdev, 1956 nl80211_can_set_dev_channel(wdev) ? wdev : NULL, 1957 info); 1958 if (result) 1959 goto bad_res; 1960 } 1961 1962 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 1963 struct wireless_dev *txp_wdev = wdev; 1964 enum nl80211_tx_power_setting type; 1965 int idx, mbm = 0; 1966 1967 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER)) 1968 txp_wdev = NULL; 1969 1970 if (!rdev->ops->set_tx_power) { 1971 result = -EOPNOTSUPP; 1972 goto bad_res; 1973 } 1974 1975 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 1976 type = nla_get_u32(info->attrs[idx]); 1977 1978 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 1979 (type != NL80211_TX_POWER_AUTOMATIC)) { 1980 result = -EINVAL; 1981 goto bad_res; 1982 } 1983 1984 if (type != NL80211_TX_POWER_AUTOMATIC) { 1985 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 1986 mbm = nla_get_u32(info->attrs[idx]); 1987 } 1988 1989 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm); 1990 if (result) 1991 goto bad_res; 1992 } 1993 1994 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 1995 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 1996 u32 tx_ant, rx_ant; 1997 if ((!rdev->wiphy.available_antennas_tx && 1998 !rdev->wiphy.available_antennas_rx) || 1999 !rdev->ops->set_antenna) { 2000 result = -EOPNOTSUPP; 2001 goto bad_res; 2002 } 2003 2004 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 2005 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 2006 2007 /* reject antenna configurations which don't match the 2008 * available antenna masks, except for the "all" mask */ 2009 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 2010 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) { 2011 result = -EINVAL; 2012 goto bad_res; 2013 } 2014 2015 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 2016 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 2017 2018 result = rdev_set_antenna(rdev, tx_ant, rx_ant); 2019 if (result) 2020 goto bad_res; 2021 } 2022 2023 changed = 0; 2024 2025 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 2026 retry_short = nla_get_u8( 2027 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 2028 if (retry_short == 0) { 2029 result = -EINVAL; 2030 goto bad_res; 2031 } 2032 changed |= WIPHY_PARAM_RETRY_SHORT; 2033 } 2034 2035 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 2036 retry_long = nla_get_u8( 2037 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 2038 if (retry_long == 0) { 2039 result = -EINVAL; 2040 goto bad_res; 2041 } 2042 changed |= WIPHY_PARAM_RETRY_LONG; 2043 } 2044 2045 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 2046 frag_threshold = nla_get_u32( 2047 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 2048 if (frag_threshold < 256) { 2049 result = -EINVAL; 2050 goto bad_res; 2051 } 2052 if (frag_threshold != (u32) -1) { 2053 /* 2054 * Fragments (apart from the last one) are required to 2055 * have even length. Make the fragmentation code 2056 * simpler by stripping LSB should someone try to use 2057 * odd threshold value. 2058 */ 2059 frag_threshold &= ~0x1; 2060 } 2061 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 2062 } 2063 2064 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 2065 rts_threshold = nla_get_u32( 2066 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 2067 changed |= WIPHY_PARAM_RTS_THRESHOLD; 2068 } 2069 2070 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 2071 coverage_class = nla_get_u8( 2072 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 2073 changed |= WIPHY_PARAM_COVERAGE_CLASS; 2074 } 2075 2076 if (changed) { 2077 u8 old_retry_short, old_retry_long; 2078 u32 old_frag_threshold, old_rts_threshold; 2079 u8 old_coverage_class; 2080 2081 if (!rdev->ops->set_wiphy_params) { 2082 result = -EOPNOTSUPP; 2083 goto bad_res; 2084 } 2085 2086 old_retry_short = rdev->wiphy.retry_short; 2087 old_retry_long = rdev->wiphy.retry_long; 2088 old_frag_threshold = rdev->wiphy.frag_threshold; 2089 old_rts_threshold = rdev->wiphy.rts_threshold; 2090 old_coverage_class = rdev->wiphy.coverage_class; 2091 2092 if (changed & WIPHY_PARAM_RETRY_SHORT) 2093 rdev->wiphy.retry_short = retry_short; 2094 if (changed & WIPHY_PARAM_RETRY_LONG) 2095 rdev->wiphy.retry_long = retry_long; 2096 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 2097 rdev->wiphy.frag_threshold = frag_threshold; 2098 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 2099 rdev->wiphy.rts_threshold = rts_threshold; 2100 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 2101 rdev->wiphy.coverage_class = coverage_class; 2102 2103 result = rdev_set_wiphy_params(rdev, changed); 2104 if (result) { 2105 rdev->wiphy.retry_short = old_retry_short; 2106 rdev->wiphy.retry_long = old_retry_long; 2107 rdev->wiphy.frag_threshold = old_frag_threshold; 2108 rdev->wiphy.rts_threshold = old_rts_threshold; 2109 rdev->wiphy.coverage_class = old_coverage_class; 2110 } 2111 } 2112 2113 bad_res: 2114 if (netdev) 2115 dev_put(netdev); 2116 return result; 2117 } 2118 2119 static inline u64 wdev_id(struct wireless_dev *wdev) 2120 { 2121 return (u64)wdev->identifier | 2122 ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32); 2123 } 2124 2125 static int nl80211_send_chandef(struct sk_buff *msg, 2126 struct cfg80211_chan_def *chandef) 2127 { 2128 WARN_ON(!cfg80211_chandef_valid(chandef)); 2129 2130 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 2131 chandef->chan->center_freq)) 2132 return -ENOBUFS; 2133 switch (chandef->width) { 2134 case NL80211_CHAN_WIDTH_20_NOHT: 2135 case NL80211_CHAN_WIDTH_20: 2136 case NL80211_CHAN_WIDTH_40: 2137 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 2138 cfg80211_get_chandef_type(chandef))) 2139 return -ENOBUFS; 2140 break; 2141 default: 2142 break; 2143 } 2144 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width)) 2145 return -ENOBUFS; 2146 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1)) 2147 return -ENOBUFS; 2148 if (chandef->center_freq2 && 2149 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2)) 2150 return -ENOBUFS; 2151 return 0; 2152 } 2153 2154 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags, 2155 struct cfg80211_registered_device *rdev, 2156 struct wireless_dev *wdev) 2157 { 2158 struct net_device *dev = wdev->netdev; 2159 void *hdr; 2160 2161 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE); 2162 if (!hdr) 2163 return -1; 2164 2165 if (dev && 2166 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2167 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name))) 2168 goto nla_put_failure; 2169 2170 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 2171 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) || 2172 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 2173 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) || 2174 nla_put_u32(msg, NL80211_ATTR_GENERATION, 2175 rdev->devlist_generation ^ 2176 (cfg80211_rdev_list_generation << 2))) 2177 goto nla_put_failure; 2178 2179 if (rdev->ops->get_channel) { 2180 int ret; 2181 struct cfg80211_chan_def chandef; 2182 2183 ret = rdev_get_channel(rdev, wdev, &chandef); 2184 if (ret == 0) { 2185 if (nl80211_send_chandef(msg, &chandef)) 2186 goto nla_put_failure; 2187 } 2188 } 2189 2190 if (wdev->ssid_len) { 2191 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid)) 2192 goto nla_put_failure; 2193 } 2194 2195 return genlmsg_end(msg, hdr); 2196 2197 nla_put_failure: 2198 genlmsg_cancel(msg, hdr); 2199 return -EMSGSIZE; 2200 } 2201 2202 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 2203 { 2204 int wp_idx = 0; 2205 int if_idx = 0; 2206 int wp_start = cb->args[0]; 2207 int if_start = cb->args[1]; 2208 struct cfg80211_registered_device *rdev; 2209 struct wireless_dev *wdev; 2210 2211 rtnl_lock(); 2212 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 2213 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 2214 continue; 2215 if (wp_idx < wp_start) { 2216 wp_idx++; 2217 continue; 2218 } 2219 if_idx = 0; 2220 2221 list_for_each_entry(wdev, &rdev->wdev_list, list) { 2222 if (if_idx < if_start) { 2223 if_idx++; 2224 continue; 2225 } 2226 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid, 2227 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2228 rdev, wdev) < 0) { 2229 goto out; 2230 } 2231 if_idx++; 2232 } 2233 2234 wp_idx++; 2235 } 2236 out: 2237 rtnl_unlock(); 2238 2239 cb->args[0] = wp_idx; 2240 cb->args[1] = if_idx; 2241 2242 return skb->len; 2243 } 2244 2245 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 2246 { 2247 struct sk_buff *msg; 2248 struct cfg80211_registered_device *dev = info->user_ptr[0]; 2249 struct wireless_dev *wdev = info->user_ptr[1]; 2250 2251 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2252 if (!msg) 2253 return -ENOMEM; 2254 2255 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 2256 dev, wdev) < 0) { 2257 nlmsg_free(msg); 2258 return -ENOBUFS; 2259 } 2260 2261 return genlmsg_reply(msg, info); 2262 } 2263 2264 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 2265 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 2266 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 2267 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 2268 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 2269 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 2270 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG }, 2271 }; 2272 2273 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 2274 { 2275 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 2276 int flag; 2277 2278 *mntrflags = 0; 2279 2280 if (!nla) 2281 return -EINVAL; 2282 2283 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 2284 nla, mntr_flags_policy)) 2285 return -EINVAL; 2286 2287 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 2288 if (flags[flag]) 2289 *mntrflags |= (1<<flag); 2290 2291 return 0; 2292 } 2293 2294 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 2295 struct net_device *netdev, u8 use_4addr, 2296 enum nl80211_iftype iftype) 2297 { 2298 if (!use_4addr) { 2299 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 2300 return -EBUSY; 2301 return 0; 2302 } 2303 2304 switch (iftype) { 2305 case NL80211_IFTYPE_AP_VLAN: 2306 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 2307 return 0; 2308 break; 2309 case NL80211_IFTYPE_STATION: 2310 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 2311 return 0; 2312 break; 2313 default: 2314 break; 2315 } 2316 2317 return -EOPNOTSUPP; 2318 } 2319 2320 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 2321 { 2322 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2323 struct vif_params params; 2324 int err; 2325 enum nl80211_iftype otype, ntype; 2326 struct net_device *dev = info->user_ptr[1]; 2327 u32 _flags, *flags = NULL; 2328 bool change = false; 2329 2330 memset(¶ms, 0, sizeof(params)); 2331 2332 otype = ntype = dev->ieee80211_ptr->iftype; 2333 2334 if (info->attrs[NL80211_ATTR_IFTYPE]) { 2335 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 2336 if (otype != ntype) 2337 change = true; 2338 if (ntype > NL80211_IFTYPE_MAX) 2339 return -EINVAL; 2340 } 2341 2342 if (info->attrs[NL80211_ATTR_MESH_ID]) { 2343 struct wireless_dev *wdev = dev->ieee80211_ptr; 2344 2345 if (ntype != NL80211_IFTYPE_MESH_POINT) 2346 return -EINVAL; 2347 if (netif_running(dev)) 2348 return -EBUSY; 2349 2350 wdev_lock(wdev); 2351 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2352 IEEE80211_MAX_MESH_ID_LEN); 2353 wdev->mesh_id_up_len = 2354 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 2355 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 2356 wdev->mesh_id_up_len); 2357 wdev_unlock(wdev); 2358 } 2359 2360 if (info->attrs[NL80211_ATTR_4ADDR]) { 2361 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 2362 change = true; 2363 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 2364 if (err) 2365 return err; 2366 } else { 2367 params.use_4addr = -1; 2368 } 2369 2370 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 2371 if (ntype != NL80211_IFTYPE_MONITOR) 2372 return -EINVAL; 2373 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 2374 &_flags); 2375 if (err) 2376 return err; 2377 2378 flags = &_flags; 2379 change = true; 2380 } 2381 2382 if (flags && (*flags & NL80211_MNTR_FLAG_ACTIVE) && 2383 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR)) 2384 return -EOPNOTSUPP; 2385 2386 if (change) 2387 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 2388 else 2389 err = 0; 2390 2391 if (!err && params.use_4addr != -1) 2392 dev->ieee80211_ptr->use_4addr = params.use_4addr; 2393 2394 return err; 2395 } 2396 2397 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 2398 { 2399 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2400 struct vif_params params; 2401 struct wireless_dev *wdev; 2402 struct sk_buff *msg; 2403 int err; 2404 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 2405 u32 flags; 2406 2407 memset(¶ms, 0, sizeof(params)); 2408 2409 if (!info->attrs[NL80211_ATTR_IFNAME]) 2410 return -EINVAL; 2411 2412 if (info->attrs[NL80211_ATTR_IFTYPE]) { 2413 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 2414 if (type > NL80211_IFTYPE_MAX) 2415 return -EINVAL; 2416 } 2417 2418 if (!rdev->ops->add_virtual_intf || 2419 !(rdev->wiphy.interface_modes & (1 << type))) 2420 return -EOPNOTSUPP; 2421 2422 if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) { 2423 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC], 2424 ETH_ALEN); 2425 if (!is_valid_ether_addr(params.macaddr)) 2426 return -EADDRNOTAVAIL; 2427 } 2428 2429 if (info->attrs[NL80211_ATTR_4ADDR]) { 2430 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 2431 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 2432 if (err) 2433 return err; 2434 } 2435 2436 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2437 if (!msg) 2438 return -ENOMEM; 2439 2440 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 2441 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 2442 &flags); 2443 2444 if (!err && (flags & NL80211_MNTR_FLAG_ACTIVE) && 2445 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR)) 2446 return -EOPNOTSUPP; 2447 2448 wdev = rdev_add_virtual_intf(rdev, 2449 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 2450 type, err ? NULL : &flags, ¶ms); 2451 if (IS_ERR(wdev)) { 2452 nlmsg_free(msg); 2453 return PTR_ERR(wdev); 2454 } 2455 2456 switch (type) { 2457 case NL80211_IFTYPE_MESH_POINT: 2458 if (!info->attrs[NL80211_ATTR_MESH_ID]) 2459 break; 2460 wdev_lock(wdev); 2461 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2462 IEEE80211_MAX_MESH_ID_LEN); 2463 wdev->mesh_id_up_len = 2464 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 2465 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 2466 wdev->mesh_id_up_len); 2467 wdev_unlock(wdev); 2468 break; 2469 case NL80211_IFTYPE_P2P_DEVICE: 2470 /* 2471 * P2P Device doesn't have a netdev, so doesn't go 2472 * through the netdev notifier and must be added here 2473 */ 2474 mutex_init(&wdev->mtx); 2475 INIT_LIST_HEAD(&wdev->event_list); 2476 spin_lock_init(&wdev->event_lock); 2477 INIT_LIST_HEAD(&wdev->mgmt_registrations); 2478 spin_lock_init(&wdev->mgmt_registrations_lock); 2479 2480 wdev->identifier = ++rdev->wdev_id; 2481 list_add_rcu(&wdev->list, &rdev->wdev_list); 2482 rdev->devlist_generation++; 2483 break; 2484 default: 2485 break; 2486 } 2487 2488 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 2489 rdev, wdev) < 0) { 2490 nlmsg_free(msg); 2491 return -ENOBUFS; 2492 } 2493 2494 return genlmsg_reply(msg, info); 2495 } 2496 2497 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 2498 { 2499 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2500 struct wireless_dev *wdev = info->user_ptr[1]; 2501 2502 if (!rdev->ops->del_virtual_intf) 2503 return -EOPNOTSUPP; 2504 2505 /* 2506 * If we remove a wireless device without a netdev then clear 2507 * user_ptr[1] so that nl80211_post_doit won't dereference it 2508 * to check if it needs to do dev_put(). Otherwise it crashes 2509 * since the wdev has been freed, unlike with a netdev where 2510 * we need the dev_put() for the netdev to really be freed. 2511 */ 2512 if (!wdev->netdev) 2513 info->user_ptr[1] = NULL; 2514 2515 return rdev_del_virtual_intf(rdev, wdev); 2516 } 2517 2518 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 2519 { 2520 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2521 struct net_device *dev = info->user_ptr[1]; 2522 u16 noack_map; 2523 2524 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 2525 return -EINVAL; 2526 2527 if (!rdev->ops->set_noack_map) 2528 return -EOPNOTSUPP; 2529 2530 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 2531 2532 return rdev_set_noack_map(rdev, dev, noack_map); 2533 } 2534 2535 struct get_key_cookie { 2536 struct sk_buff *msg; 2537 int error; 2538 int idx; 2539 }; 2540 2541 static void get_key_callback(void *c, struct key_params *params) 2542 { 2543 struct nlattr *key; 2544 struct get_key_cookie *cookie = c; 2545 2546 if ((params->key && 2547 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA, 2548 params->key_len, params->key)) || 2549 (params->seq && 2550 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ, 2551 params->seq_len, params->seq)) || 2552 (params->cipher && 2553 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 2554 params->cipher))) 2555 goto nla_put_failure; 2556 2557 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 2558 if (!key) 2559 goto nla_put_failure; 2560 2561 if ((params->key && 2562 nla_put(cookie->msg, NL80211_KEY_DATA, 2563 params->key_len, params->key)) || 2564 (params->seq && 2565 nla_put(cookie->msg, NL80211_KEY_SEQ, 2566 params->seq_len, params->seq)) || 2567 (params->cipher && 2568 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER, 2569 params->cipher))) 2570 goto nla_put_failure; 2571 2572 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx)) 2573 goto nla_put_failure; 2574 2575 nla_nest_end(cookie->msg, key); 2576 2577 return; 2578 nla_put_failure: 2579 cookie->error = 1; 2580 } 2581 2582 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 2583 { 2584 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2585 int err; 2586 struct net_device *dev = info->user_ptr[1]; 2587 u8 key_idx = 0; 2588 const u8 *mac_addr = NULL; 2589 bool pairwise; 2590 struct get_key_cookie cookie = { 2591 .error = 0, 2592 }; 2593 void *hdr; 2594 struct sk_buff *msg; 2595 2596 if (info->attrs[NL80211_ATTR_KEY_IDX]) 2597 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 2598 2599 if (key_idx > 5) 2600 return -EINVAL; 2601 2602 if (info->attrs[NL80211_ATTR_MAC]) 2603 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2604 2605 pairwise = !!mac_addr; 2606 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 2607 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 2608 if (kt >= NUM_NL80211_KEYTYPES) 2609 return -EINVAL; 2610 if (kt != NL80211_KEYTYPE_GROUP && 2611 kt != NL80211_KEYTYPE_PAIRWISE) 2612 return -EINVAL; 2613 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 2614 } 2615 2616 if (!rdev->ops->get_key) 2617 return -EOPNOTSUPP; 2618 2619 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2620 if (!msg) 2621 return -ENOMEM; 2622 2623 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 2624 NL80211_CMD_NEW_KEY); 2625 if (!hdr) 2626 return -ENOBUFS; 2627 2628 cookie.msg = msg; 2629 cookie.idx = key_idx; 2630 2631 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2632 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx)) 2633 goto nla_put_failure; 2634 if (mac_addr && 2635 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 2636 goto nla_put_failure; 2637 2638 if (pairwise && mac_addr && 2639 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2640 return -ENOENT; 2641 2642 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie, 2643 get_key_callback); 2644 2645 if (err) 2646 goto free_msg; 2647 2648 if (cookie.error) 2649 goto nla_put_failure; 2650 2651 genlmsg_end(msg, hdr); 2652 return genlmsg_reply(msg, info); 2653 2654 nla_put_failure: 2655 err = -ENOBUFS; 2656 free_msg: 2657 nlmsg_free(msg); 2658 return err; 2659 } 2660 2661 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 2662 { 2663 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2664 struct key_parse key; 2665 int err; 2666 struct net_device *dev = info->user_ptr[1]; 2667 2668 err = nl80211_parse_key(info, &key); 2669 if (err) 2670 return err; 2671 2672 if (key.idx < 0) 2673 return -EINVAL; 2674 2675 /* only support setting default key */ 2676 if (!key.def && !key.defmgmt) 2677 return -EINVAL; 2678 2679 wdev_lock(dev->ieee80211_ptr); 2680 2681 if (key.def) { 2682 if (!rdev->ops->set_default_key) { 2683 err = -EOPNOTSUPP; 2684 goto out; 2685 } 2686 2687 err = nl80211_key_allowed(dev->ieee80211_ptr); 2688 if (err) 2689 goto out; 2690 2691 err = rdev_set_default_key(rdev, dev, key.idx, 2692 key.def_uni, key.def_multi); 2693 2694 if (err) 2695 goto out; 2696 2697 #ifdef CONFIG_CFG80211_WEXT 2698 dev->ieee80211_ptr->wext.default_key = key.idx; 2699 #endif 2700 } else { 2701 if (key.def_uni || !key.def_multi) { 2702 err = -EINVAL; 2703 goto out; 2704 } 2705 2706 if (!rdev->ops->set_default_mgmt_key) { 2707 err = -EOPNOTSUPP; 2708 goto out; 2709 } 2710 2711 err = nl80211_key_allowed(dev->ieee80211_ptr); 2712 if (err) 2713 goto out; 2714 2715 err = rdev_set_default_mgmt_key(rdev, dev, key.idx); 2716 if (err) 2717 goto out; 2718 2719 #ifdef CONFIG_CFG80211_WEXT 2720 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 2721 #endif 2722 } 2723 2724 out: 2725 wdev_unlock(dev->ieee80211_ptr); 2726 2727 return err; 2728 } 2729 2730 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 2731 { 2732 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2733 int err; 2734 struct net_device *dev = info->user_ptr[1]; 2735 struct key_parse key; 2736 const u8 *mac_addr = NULL; 2737 2738 err = nl80211_parse_key(info, &key); 2739 if (err) 2740 return err; 2741 2742 if (!key.p.key) 2743 return -EINVAL; 2744 2745 if (info->attrs[NL80211_ATTR_MAC]) 2746 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2747 2748 if (key.type == -1) { 2749 if (mac_addr) 2750 key.type = NL80211_KEYTYPE_PAIRWISE; 2751 else 2752 key.type = NL80211_KEYTYPE_GROUP; 2753 } 2754 2755 /* for now */ 2756 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2757 key.type != NL80211_KEYTYPE_GROUP) 2758 return -EINVAL; 2759 2760 if (!rdev->ops->add_key) 2761 return -EOPNOTSUPP; 2762 2763 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 2764 key.type == NL80211_KEYTYPE_PAIRWISE, 2765 mac_addr)) 2766 return -EINVAL; 2767 2768 wdev_lock(dev->ieee80211_ptr); 2769 err = nl80211_key_allowed(dev->ieee80211_ptr); 2770 if (!err) 2771 err = rdev_add_key(rdev, dev, key.idx, 2772 key.type == NL80211_KEYTYPE_PAIRWISE, 2773 mac_addr, &key.p); 2774 wdev_unlock(dev->ieee80211_ptr); 2775 2776 return err; 2777 } 2778 2779 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 2780 { 2781 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2782 int err; 2783 struct net_device *dev = info->user_ptr[1]; 2784 u8 *mac_addr = NULL; 2785 struct key_parse key; 2786 2787 err = nl80211_parse_key(info, &key); 2788 if (err) 2789 return err; 2790 2791 if (info->attrs[NL80211_ATTR_MAC]) 2792 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2793 2794 if (key.type == -1) { 2795 if (mac_addr) 2796 key.type = NL80211_KEYTYPE_PAIRWISE; 2797 else 2798 key.type = NL80211_KEYTYPE_GROUP; 2799 } 2800 2801 /* for now */ 2802 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2803 key.type != NL80211_KEYTYPE_GROUP) 2804 return -EINVAL; 2805 2806 if (!rdev->ops->del_key) 2807 return -EOPNOTSUPP; 2808 2809 wdev_lock(dev->ieee80211_ptr); 2810 err = nl80211_key_allowed(dev->ieee80211_ptr); 2811 2812 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr && 2813 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2814 err = -ENOENT; 2815 2816 if (!err) 2817 err = rdev_del_key(rdev, dev, key.idx, 2818 key.type == NL80211_KEYTYPE_PAIRWISE, 2819 mac_addr); 2820 2821 #ifdef CONFIG_CFG80211_WEXT 2822 if (!err) { 2823 if (key.idx == dev->ieee80211_ptr->wext.default_key) 2824 dev->ieee80211_ptr->wext.default_key = -1; 2825 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 2826 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 2827 } 2828 #endif 2829 wdev_unlock(dev->ieee80211_ptr); 2830 2831 return err; 2832 } 2833 2834 /* This function returns an error or the number of nested attributes */ 2835 static int validate_acl_mac_addrs(struct nlattr *nl_attr) 2836 { 2837 struct nlattr *attr; 2838 int n_entries = 0, tmp; 2839 2840 nla_for_each_nested(attr, nl_attr, tmp) { 2841 if (nla_len(attr) != ETH_ALEN) 2842 return -EINVAL; 2843 2844 n_entries++; 2845 } 2846 2847 return n_entries; 2848 } 2849 2850 /* 2851 * This function parses ACL information and allocates memory for ACL data. 2852 * On successful return, the calling function is responsible to free the 2853 * ACL buffer returned by this function. 2854 */ 2855 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy, 2856 struct genl_info *info) 2857 { 2858 enum nl80211_acl_policy acl_policy; 2859 struct nlattr *attr; 2860 struct cfg80211_acl_data *acl; 2861 int i = 0, n_entries, tmp; 2862 2863 if (!wiphy->max_acl_mac_addrs) 2864 return ERR_PTR(-EOPNOTSUPP); 2865 2866 if (!info->attrs[NL80211_ATTR_ACL_POLICY]) 2867 return ERR_PTR(-EINVAL); 2868 2869 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]); 2870 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED && 2871 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED) 2872 return ERR_PTR(-EINVAL); 2873 2874 if (!info->attrs[NL80211_ATTR_MAC_ADDRS]) 2875 return ERR_PTR(-EINVAL); 2876 2877 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]); 2878 if (n_entries < 0) 2879 return ERR_PTR(n_entries); 2880 2881 if (n_entries > wiphy->max_acl_mac_addrs) 2882 return ERR_PTR(-ENOTSUPP); 2883 2884 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries), 2885 GFP_KERNEL); 2886 if (!acl) 2887 return ERR_PTR(-ENOMEM); 2888 2889 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) { 2890 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN); 2891 i++; 2892 } 2893 2894 acl->n_acl_entries = n_entries; 2895 acl->acl_policy = acl_policy; 2896 2897 return acl; 2898 } 2899 2900 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info) 2901 { 2902 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2903 struct net_device *dev = info->user_ptr[1]; 2904 struct cfg80211_acl_data *acl; 2905 int err; 2906 2907 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2908 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2909 return -EOPNOTSUPP; 2910 2911 if (!dev->ieee80211_ptr->beacon_interval) 2912 return -EINVAL; 2913 2914 acl = parse_acl_data(&rdev->wiphy, info); 2915 if (IS_ERR(acl)) 2916 return PTR_ERR(acl); 2917 2918 err = rdev_set_mac_acl(rdev, dev, acl); 2919 2920 kfree(acl); 2921 2922 return err; 2923 } 2924 2925 static int nl80211_parse_beacon(struct nlattr *attrs[], 2926 struct cfg80211_beacon_data *bcn) 2927 { 2928 bool haveinfo = false; 2929 2930 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) || 2931 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) || 2932 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) || 2933 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP])) 2934 return -EINVAL; 2935 2936 memset(bcn, 0, sizeof(*bcn)); 2937 2938 if (attrs[NL80211_ATTR_BEACON_HEAD]) { 2939 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]); 2940 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]); 2941 if (!bcn->head_len) 2942 return -EINVAL; 2943 haveinfo = true; 2944 } 2945 2946 if (attrs[NL80211_ATTR_BEACON_TAIL]) { 2947 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]); 2948 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]); 2949 haveinfo = true; 2950 } 2951 2952 if (!haveinfo) 2953 return -EINVAL; 2954 2955 if (attrs[NL80211_ATTR_IE]) { 2956 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]); 2957 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]); 2958 } 2959 2960 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) { 2961 bcn->proberesp_ies = 2962 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]); 2963 bcn->proberesp_ies_len = 2964 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]); 2965 } 2966 2967 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 2968 bcn->assocresp_ies = 2969 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2970 bcn->assocresp_ies_len = 2971 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2972 } 2973 2974 if (attrs[NL80211_ATTR_PROBE_RESP]) { 2975 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]); 2976 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]); 2977 } 2978 2979 return 0; 2980 } 2981 2982 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev, 2983 struct cfg80211_ap_settings *params) 2984 { 2985 struct wireless_dev *wdev; 2986 bool ret = false; 2987 2988 list_for_each_entry(wdev, &rdev->wdev_list, list) { 2989 if (wdev->iftype != NL80211_IFTYPE_AP && 2990 wdev->iftype != NL80211_IFTYPE_P2P_GO) 2991 continue; 2992 2993 if (!wdev->preset_chandef.chan) 2994 continue; 2995 2996 params->chandef = wdev->preset_chandef; 2997 ret = true; 2998 break; 2999 } 3000 3001 return ret; 3002 } 3003 3004 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev, 3005 enum nl80211_auth_type auth_type, 3006 enum nl80211_commands cmd) 3007 { 3008 if (auth_type > NL80211_AUTHTYPE_MAX) 3009 return false; 3010 3011 switch (cmd) { 3012 case NL80211_CMD_AUTHENTICATE: 3013 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && 3014 auth_type == NL80211_AUTHTYPE_SAE) 3015 return false; 3016 return true; 3017 case NL80211_CMD_CONNECT: 3018 case NL80211_CMD_START_AP: 3019 /* SAE not supported yet */ 3020 if (auth_type == NL80211_AUTHTYPE_SAE) 3021 return false; 3022 return true; 3023 default: 3024 return false; 3025 } 3026 } 3027 3028 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 3029 { 3030 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3031 struct net_device *dev = info->user_ptr[1]; 3032 struct wireless_dev *wdev = dev->ieee80211_ptr; 3033 struct cfg80211_ap_settings params; 3034 int err; 3035 u8 radar_detect_width = 0; 3036 3037 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3038 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3039 return -EOPNOTSUPP; 3040 3041 if (!rdev->ops->start_ap) 3042 return -EOPNOTSUPP; 3043 3044 if (wdev->beacon_interval) 3045 return -EALREADY; 3046 3047 memset(¶ms, 0, sizeof(params)); 3048 3049 /* these are required for START_AP */ 3050 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 3051 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 3052 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 3053 return -EINVAL; 3054 3055 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon); 3056 if (err) 3057 return err; 3058 3059 params.beacon_interval = 3060 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 3061 params.dtim_period = 3062 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 3063 3064 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval); 3065 if (err) 3066 return err; 3067 3068 /* 3069 * In theory, some of these attributes should be required here 3070 * but since they were not used when the command was originally 3071 * added, keep them optional for old user space programs to let 3072 * them continue to work with drivers that do not need the 3073 * additional information -- drivers must check! 3074 */ 3075 if (info->attrs[NL80211_ATTR_SSID]) { 3076 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3077 params.ssid_len = 3078 nla_len(info->attrs[NL80211_ATTR_SSID]); 3079 if (params.ssid_len == 0 || 3080 params.ssid_len > IEEE80211_MAX_SSID_LEN) 3081 return -EINVAL; 3082 } 3083 3084 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) { 3085 params.hidden_ssid = nla_get_u32( 3086 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 3087 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE && 3088 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN && 3089 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS) 3090 return -EINVAL; 3091 } 3092 3093 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 3094 3095 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 3096 params.auth_type = nla_get_u32( 3097 info->attrs[NL80211_ATTR_AUTH_TYPE]); 3098 if (!nl80211_valid_auth_type(rdev, params.auth_type, 3099 NL80211_CMD_START_AP)) 3100 return -EINVAL; 3101 } else 3102 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 3103 3104 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto, 3105 NL80211_MAX_NR_CIPHER_SUITES); 3106 if (err) 3107 return err; 3108 3109 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 3110 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) 3111 return -EOPNOTSUPP; 3112 params.inactivity_timeout = nla_get_u16( 3113 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 3114 } 3115 3116 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 3117 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3118 return -EINVAL; 3119 params.p2p_ctwindow = 3120 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 3121 if (params.p2p_ctwindow > 127) 3122 return -EINVAL; 3123 if (params.p2p_ctwindow != 0 && 3124 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 3125 return -EINVAL; 3126 } 3127 3128 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 3129 u8 tmp; 3130 3131 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3132 return -EINVAL; 3133 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 3134 if (tmp > 1) 3135 return -EINVAL; 3136 params.p2p_opp_ps = tmp; 3137 if (params.p2p_opp_ps != 0 && 3138 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 3139 return -EINVAL; 3140 } 3141 3142 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 3143 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef); 3144 if (err) 3145 return err; 3146 } else if (wdev->preset_chandef.chan) { 3147 params.chandef = wdev->preset_chandef; 3148 } else if (!nl80211_get_ap_channel(rdev, ¶ms)) 3149 return -EINVAL; 3150 3151 if (!cfg80211_reg_can_beacon(&rdev->wiphy, ¶ms.chandef)) 3152 return -EINVAL; 3153 3154 err = cfg80211_chandef_dfs_required(wdev->wiphy, ¶ms.chandef); 3155 if (err < 0) 3156 return err; 3157 if (err) { 3158 radar_detect_width = BIT(params.chandef.width); 3159 params.radar_required = true; 3160 } 3161 3162 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype, 3163 params.chandef.chan, 3164 CHAN_MODE_SHARED, 3165 radar_detect_width); 3166 if (err) 3167 return err; 3168 3169 if (info->attrs[NL80211_ATTR_ACL_POLICY]) { 3170 params.acl = parse_acl_data(&rdev->wiphy, info); 3171 if (IS_ERR(params.acl)) 3172 return PTR_ERR(params.acl); 3173 } 3174 3175 err = rdev_start_ap(rdev, dev, ¶ms); 3176 if (!err) { 3177 wdev->preset_chandef = params.chandef; 3178 wdev->beacon_interval = params.beacon_interval; 3179 wdev->channel = params.chandef.chan; 3180 wdev->ssid_len = params.ssid_len; 3181 memcpy(wdev->ssid, params.ssid, wdev->ssid_len); 3182 } 3183 3184 kfree(params.acl); 3185 3186 return err; 3187 } 3188 3189 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 3190 { 3191 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3192 struct net_device *dev = info->user_ptr[1]; 3193 struct wireless_dev *wdev = dev->ieee80211_ptr; 3194 struct cfg80211_beacon_data params; 3195 int err; 3196 3197 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3198 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3199 return -EOPNOTSUPP; 3200 3201 if (!rdev->ops->change_beacon) 3202 return -EOPNOTSUPP; 3203 3204 if (!wdev->beacon_interval) 3205 return -EINVAL; 3206 3207 err = nl80211_parse_beacon(info->attrs, ¶ms); 3208 if (err) 3209 return err; 3210 3211 return rdev_change_beacon(rdev, dev, ¶ms); 3212 } 3213 3214 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 3215 { 3216 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3217 struct net_device *dev = info->user_ptr[1]; 3218 3219 return cfg80211_stop_ap(rdev, dev); 3220 } 3221 3222 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 3223 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 3224 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 3225 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 3226 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 3227 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 3228 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 3229 }; 3230 3231 static int parse_station_flags(struct genl_info *info, 3232 enum nl80211_iftype iftype, 3233 struct station_parameters *params) 3234 { 3235 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 3236 struct nlattr *nla; 3237 int flag; 3238 3239 /* 3240 * Try parsing the new attribute first so userspace 3241 * can specify both for older kernels. 3242 */ 3243 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 3244 if (nla) { 3245 struct nl80211_sta_flag_update *sta_flags; 3246 3247 sta_flags = nla_data(nla); 3248 params->sta_flags_mask = sta_flags->mask; 3249 params->sta_flags_set = sta_flags->set; 3250 params->sta_flags_set &= params->sta_flags_mask; 3251 if ((params->sta_flags_mask | 3252 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 3253 return -EINVAL; 3254 return 0; 3255 } 3256 3257 /* if present, parse the old attribute */ 3258 3259 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 3260 if (!nla) 3261 return 0; 3262 3263 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 3264 nla, sta_flags_policy)) 3265 return -EINVAL; 3266 3267 /* 3268 * Only allow certain flags for interface types so that 3269 * other attributes are silently ignored. Remember that 3270 * this is backward compatibility code with old userspace 3271 * and shouldn't be hit in other cases anyway. 3272 */ 3273 switch (iftype) { 3274 case NL80211_IFTYPE_AP: 3275 case NL80211_IFTYPE_AP_VLAN: 3276 case NL80211_IFTYPE_P2P_GO: 3277 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 3278 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 3279 BIT(NL80211_STA_FLAG_WME) | 3280 BIT(NL80211_STA_FLAG_MFP); 3281 break; 3282 case NL80211_IFTYPE_P2P_CLIENT: 3283 case NL80211_IFTYPE_STATION: 3284 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 3285 BIT(NL80211_STA_FLAG_TDLS_PEER); 3286 break; 3287 case NL80211_IFTYPE_MESH_POINT: 3288 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3289 BIT(NL80211_STA_FLAG_MFP) | 3290 BIT(NL80211_STA_FLAG_AUTHORIZED); 3291 default: 3292 return -EINVAL; 3293 } 3294 3295 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) { 3296 if (flags[flag]) { 3297 params->sta_flags_set |= (1<<flag); 3298 3299 /* no longer support new API additions in old API */ 3300 if (flag > NL80211_STA_FLAG_MAX_OLD_API) 3301 return -EINVAL; 3302 } 3303 } 3304 3305 return 0; 3306 } 3307 3308 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, 3309 int attr) 3310 { 3311 struct nlattr *rate; 3312 u32 bitrate; 3313 u16 bitrate_compat; 3314 3315 rate = nla_nest_start(msg, attr); 3316 if (!rate) 3317 return false; 3318 3319 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 3320 bitrate = cfg80211_calculate_bitrate(info); 3321 /* report 16-bit bitrate only if we can */ 3322 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0; 3323 if (bitrate > 0 && 3324 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) 3325 return false; 3326 if (bitrate_compat > 0 && 3327 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) 3328 return false; 3329 3330 if (info->flags & RATE_INFO_FLAGS_MCS) { 3331 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) 3332 return false; 3333 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH && 3334 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) 3335 return false; 3336 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 3337 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 3338 return false; 3339 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) { 3340 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs)) 3341 return false; 3342 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss)) 3343 return false; 3344 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH && 3345 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) 3346 return false; 3347 if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH && 3348 nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH)) 3349 return false; 3350 if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH && 3351 nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH)) 3352 return false; 3353 if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH && 3354 nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH)) 3355 return false; 3356 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 3357 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 3358 return false; 3359 } 3360 3361 nla_nest_end(msg, rate); 3362 return true; 3363 } 3364 3365 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal, 3366 int id) 3367 { 3368 void *attr; 3369 int i = 0; 3370 3371 if (!mask) 3372 return true; 3373 3374 attr = nla_nest_start(msg, id); 3375 if (!attr) 3376 return false; 3377 3378 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) { 3379 if (!(mask & BIT(i))) 3380 continue; 3381 3382 if (nla_put_u8(msg, i, signal[i])) 3383 return false; 3384 } 3385 3386 nla_nest_end(msg, attr); 3387 3388 return true; 3389 } 3390 3391 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq, 3392 int flags, 3393 struct cfg80211_registered_device *rdev, 3394 struct net_device *dev, 3395 const u8 *mac_addr, struct station_info *sinfo) 3396 { 3397 void *hdr; 3398 struct nlattr *sinfoattr, *bss_param; 3399 3400 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION); 3401 if (!hdr) 3402 return -1; 3403 3404 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3405 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 3406 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation)) 3407 goto nla_put_failure; 3408 3409 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 3410 if (!sinfoattr) 3411 goto nla_put_failure; 3412 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) && 3413 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME, 3414 sinfo->connected_time)) 3415 goto nla_put_failure; 3416 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) && 3417 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME, 3418 sinfo->inactive_time)) 3419 goto nla_put_failure; 3420 if ((sinfo->filled & (STATION_INFO_RX_BYTES | 3421 STATION_INFO_RX_BYTES64)) && 3422 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES, 3423 (u32)sinfo->rx_bytes)) 3424 goto nla_put_failure; 3425 if ((sinfo->filled & (STATION_INFO_TX_BYTES | 3426 STATION_INFO_TX_BYTES64)) && 3427 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 3428 (u32)sinfo->tx_bytes)) 3429 goto nla_put_failure; 3430 if ((sinfo->filled & STATION_INFO_RX_BYTES64) && 3431 nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64, 3432 sinfo->rx_bytes)) 3433 goto nla_put_failure; 3434 if ((sinfo->filled & STATION_INFO_TX_BYTES64) && 3435 nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64, 3436 sinfo->tx_bytes)) 3437 goto nla_put_failure; 3438 if ((sinfo->filled & STATION_INFO_LLID) && 3439 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid)) 3440 goto nla_put_failure; 3441 if ((sinfo->filled & STATION_INFO_PLID) && 3442 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid)) 3443 goto nla_put_failure; 3444 if ((sinfo->filled & STATION_INFO_PLINK_STATE) && 3445 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE, 3446 sinfo->plink_state)) 3447 goto nla_put_failure; 3448 switch (rdev->wiphy.signal_type) { 3449 case CFG80211_SIGNAL_TYPE_MBM: 3450 if ((sinfo->filled & STATION_INFO_SIGNAL) && 3451 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL, 3452 sinfo->signal)) 3453 goto nla_put_failure; 3454 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) && 3455 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG, 3456 sinfo->signal_avg)) 3457 goto nla_put_failure; 3458 break; 3459 default: 3460 break; 3461 } 3462 if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL) { 3463 if (!nl80211_put_signal(msg, sinfo->chains, 3464 sinfo->chain_signal, 3465 NL80211_STA_INFO_CHAIN_SIGNAL)) 3466 goto nla_put_failure; 3467 } 3468 if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL_AVG) { 3469 if (!nl80211_put_signal(msg, sinfo->chains, 3470 sinfo->chain_signal_avg, 3471 NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) 3472 goto nla_put_failure; 3473 } 3474 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 3475 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 3476 NL80211_STA_INFO_TX_BITRATE)) 3477 goto nla_put_failure; 3478 } 3479 if (sinfo->filled & STATION_INFO_RX_BITRATE) { 3480 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 3481 NL80211_STA_INFO_RX_BITRATE)) 3482 goto nla_put_failure; 3483 } 3484 if ((sinfo->filled & STATION_INFO_RX_PACKETS) && 3485 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS, 3486 sinfo->rx_packets)) 3487 goto nla_put_failure; 3488 if ((sinfo->filled & STATION_INFO_TX_PACKETS) && 3489 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS, 3490 sinfo->tx_packets)) 3491 goto nla_put_failure; 3492 if ((sinfo->filled & STATION_INFO_TX_RETRIES) && 3493 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES, 3494 sinfo->tx_retries)) 3495 goto nla_put_failure; 3496 if ((sinfo->filled & STATION_INFO_TX_FAILED) && 3497 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED, 3498 sinfo->tx_failed)) 3499 goto nla_put_failure; 3500 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) && 3501 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS, 3502 sinfo->beacon_loss_count)) 3503 goto nla_put_failure; 3504 if ((sinfo->filled & STATION_INFO_LOCAL_PM) && 3505 nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM, 3506 sinfo->local_pm)) 3507 goto nla_put_failure; 3508 if ((sinfo->filled & STATION_INFO_PEER_PM) && 3509 nla_put_u32(msg, NL80211_STA_INFO_PEER_PM, 3510 sinfo->peer_pm)) 3511 goto nla_put_failure; 3512 if ((sinfo->filled & STATION_INFO_NONPEER_PM) && 3513 nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM, 3514 sinfo->nonpeer_pm)) 3515 goto nla_put_failure; 3516 if (sinfo->filled & STATION_INFO_BSS_PARAM) { 3517 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM); 3518 if (!bss_param) 3519 goto nla_put_failure; 3520 3521 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) && 3522 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) || 3523 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) && 3524 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) || 3525 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) && 3526 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) || 3527 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 3528 sinfo->bss_param.dtim_period) || 3529 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 3530 sinfo->bss_param.beacon_interval)) 3531 goto nla_put_failure; 3532 3533 nla_nest_end(msg, bss_param); 3534 } 3535 if ((sinfo->filled & STATION_INFO_STA_FLAGS) && 3536 nla_put(msg, NL80211_STA_INFO_STA_FLAGS, 3537 sizeof(struct nl80211_sta_flag_update), 3538 &sinfo->sta_flags)) 3539 goto nla_put_failure; 3540 if ((sinfo->filled & STATION_INFO_T_OFFSET) && 3541 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET, 3542 sinfo->t_offset)) 3543 goto nla_put_failure; 3544 nla_nest_end(msg, sinfoattr); 3545 3546 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) && 3547 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 3548 sinfo->assoc_req_ies)) 3549 goto nla_put_failure; 3550 3551 return genlmsg_end(msg, hdr); 3552 3553 nla_put_failure: 3554 genlmsg_cancel(msg, hdr); 3555 return -EMSGSIZE; 3556 } 3557 3558 static int nl80211_dump_station(struct sk_buff *skb, 3559 struct netlink_callback *cb) 3560 { 3561 struct station_info sinfo; 3562 struct cfg80211_registered_device *dev; 3563 struct wireless_dev *wdev; 3564 u8 mac_addr[ETH_ALEN]; 3565 int sta_idx = cb->args[2]; 3566 int err; 3567 3568 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev); 3569 if (err) 3570 return err; 3571 3572 if (!wdev->netdev) { 3573 err = -EINVAL; 3574 goto out_err; 3575 } 3576 3577 if (!dev->ops->dump_station) { 3578 err = -EOPNOTSUPP; 3579 goto out_err; 3580 } 3581 3582 while (1) { 3583 memset(&sinfo, 0, sizeof(sinfo)); 3584 err = rdev_dump_station(dev, wdev->netdev, sta_idx, 3585 mac_addr, &sinfo); 3586 if (err == -ENOENT) 3587 break; 3588 if (err) 3589 goto out_err; 3590 3591 if (nl80211_send_station(skb, 3592 NETLINK_CB(cb->skb).portid, 3593 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3594 dev, wdev->netdev, mac_addr, 3595 &sinfo) < 0) 3596 goto out; 3597 3598 sta_idx++; 3599 } 3600 3601 3602 out: 3603 cb->args[2] = sta_idx; 3604 err = skb->len; 3605 out_err: 3606 nl80211_finish_wdev_dump(dev); 3607 3608 return err; 3609 } 3610 3611 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 3612 { 3613 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3614 struct net_device *dev = info->user_ptr[1]; 3615 struct station_info sinfo; 3616 struct sk_buff *msg; 3617 u8 *mac_addr = NULL; 3618 int err; 3619 3620 memset(&sinfo, 0, sizeof(sinfo)); 3621 3622 if (!info->attrs[NL80211_ATTR_MAC]) 3623 return -EINVAL; 3624 3625 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3626 3627 if (!rdev->ops->get_station) 3628 return -EOPNOTSUPP; 3629 3630 err = rdev_get_station(rdev, dev, mac_addr, &sinfo); 3631 if (err) 3632 return err; 3633 3634 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3635 if (!msg) 3636 return -ENOMEM; 3637 3638 if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0, 3639 rdev, dev, mac_addr, &sinfo) < 0) { 3640 nlmsg_free(msg); 3641 return -ENOBUFS; 3642 } 3643 3644 return genlmsg_reply(msg, info); 3645 } 3646 3647 int cfg80211_check_station_change(struct wiphy *wiphy, 3648 struct station_parameters *params, 3649 enum cfg80211_station_type statype) 3650 { 3651 if (params->listen_interval != -1) 3652 return -EINVAL; 3653 if (params->aid) 3654 return -EINVAL; 3655 3656 /* When you run into this, adjust the code below for the new flag */ 3657 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7); 3658 3659 switch (statype) { 3660 case CFG80211_STA_MESH_PEER_KERNEL: 3661 case CFG80211_STA_MESH_PEER_USER: 3662 /* 3663 * No ignoring the TDLS flag here -- the userspace mesh 3664 * code doesn't have the bug of including TDLS in the 3665 * mask everywhere. 3666 */ 3667 if (params->sta_flags_mask & 3668 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3669 BIT(NL80211_STA_FLAG_MFP) | 3670 BIT(NL80211_STA_FLAG_AUTHORIZED))) 3671 return -EINVAL; 3672 break; 3673 case CFG80211_STA_TDLS_PEER_SETUP: 3674 case CFG80211_STA_TDLS_PEER_ACTIVE: 3675 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 3676 return -EINVAL; 3677 /* ignore since it can't change */ 3678 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3679 break; 3680 default: 3681 /* disallow mesh-specific things */ 3682 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION) 3683 return -EINVAL; 3684 if (params->local_pm) 3685 return -EINVAL; 3686 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) 3687 return -EINVAL; 3688 } 3689 3690 if (statype != CFG80211_STA_TDLS_PEER_SETUP && 3691 statype != CFG80211_STA_TDLS_PEER_ACTIVE) { 3692 /* TDLS can't be set, ... */ 3693 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3694 return -EINVAL; 3695 /* 3696 * ... but don't bother the driver with it. This works around 3697 * a hostapd/wpa_supplicant issue -- it always includes the 3698 * TLDS_PEER flag in the mask even for AP mode. 3699 */ 3700 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3701 } 3702 3703 if (statype != CFG80211_STA_TDLS_PEER_SETUP) { 3704 /* reject other things that can't change */ 3705 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD) 3706 return -EINVAL; 3707 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY) 3708 return -EINVAL; 3709 if (params->supported_rates) 3710 return -EINVAL; 3711 if (params->ext_capab || params->ht_capa || params->vht_capa) 3712 return -EINVAL; 3713 } 3714 3715 if (statype != CFG80211_STA_AP_CLIENT) { 3716 if (params->vlan) 3717 return -EINVAL; 3718 } 3719 3720 switch (statype) { 3721 case CFG80211_STA_AP_MLME_CLIENT: 3722 /* Use this only for authorizing/unauthorizing a station */ 3723 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED))) 3724 return -EOPNOTSUPP; 3725 break; 3726 case CFG80211_STA_AP_CLIENT: 3727 /* accept only the listed bits */ 3728 if (params->sta_flags_mask & 3729 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 3730 BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3731 BIT(NL80211_STA_FLAG_ASSOCIATED) | 3732 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 3733 BIT(NL80211_STA_FLAG_WME) | 3734 BIT(NL80211_STA_FLAG_MFP))) 3735 return -EINVAL; 3736 3737 /* but authenticated/associated only if driver handles it */ 3738 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 3739 params->sta_flags_mask & 3740 (BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3741 BIT(NL80211_STA_FLAG_ASSOCIATED))) 3742 return -EINVAL; 3743 break; 3744 case CFG80211_STA_IBSS: 3745 case CFG80211_STA_AP_STA: 3746 /* reject any changes other than AUTHORIZED */ 3747 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 3748 return -EINVAL; 3749 break; 3750 case CFG80211_STA_TDLS_PEER_SETUP: 3751 /* reject any changes other than AUTHORIZED or WME */ 3752 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 3753 BIT(NL80211_STA_FLAG_WME))) 3754 return -EINVAL; 3755 /* force (at least) rates when authorizing */ 3756 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) && 3757 !params->supported_rates) 3758 return -EINVAL; 3759 break; 3760 case CFG80211_STA_TDLS_PEER_ACTIVE: 3761 /* reject any changes */ 3762 return -EINVAL; 3763 case CFG80211_STA_MESH_PEER_KERNEL: 3764 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) 3765 return -EINVAL; 3766 break; 3767 case CFG80211_STA_MESH_PEER_USER: 3768 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION) 3769 return -EINVAL; 3770 break; 3771 } 3772 3773 return 0; 3774 } 3775 EXPORT_SYMBOL(cfg80211_check_station_change); 3776 3777 /* 3778 * Get vlan interface making sure it is running and on the right wiphy. 3779 */ 3780 static struct net_device *get_vlan(struct genl_info *info, 3781 struct cfg80211_registered_device *rdev) 3782 { 3783 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 3784 struct net_device *v; 3785 int ret; 3786 3787 if (!vlanattr) 3788 return NULL; 3789 3790 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 3791 if (!v) 3792 return ERR_PTR(-ENODEV); 3793 3794 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 3795 ret = -EINVAL; 3796 goto error; 3797 } 3798 3799 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 3800 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3801 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 3802 ret = -EINVAL; 3803 goto error; 3804 } 3805 3806 if (!netif_running(v)) { 3807 ret = -ENETDOWN; 3808 goto error; 3809 } 3810 3811 return v; 3812 error: 3813 dev_put(v); 3814 return ERR_PTR(ret); 3815 } 3816 3817 static struct nla_policy 3818 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = { 3819 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 3820 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 3821 }; 3822 3823 static int nl80211_parse_sta_wme(struct genl_info *info, 3824 struct station_parameters *params) 3825 { 3826 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 3827 struct nlattr *nla; 3828 int err; 3829 3830 /* parse WME attributes if present */ 3831 if (!info->attrs[NL80211_ATTR_STA_WME]) 3832 return 0; 3833 3834 nla = info->attrs[NL80211_ATTR_STA_WME]; 3835 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 3836 nl80211_sta_wme_policy); 3837 if (err) 3838 return err; 3839 3840 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 3841 params->uapsd_queues = nla_get_u8( 3842 tb[NL80211_STA_WME_UAPSD_QUEUES]); 3843 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 3844 return -EINVAL; 3845 3846 if (tb[NL80211_STA_WME_MAX_SP]) 3847 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 3848 3849 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 3850 return -EINVAL; 3851 3852 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 3853 3854 return 0; 3855 } 3856 3857 static int nl80211_set_station_tdls(struct genl_info *info, 3858 struct station_parameters *params) 3859 { 3860 /* Dummy STA entry gets updated once the peer capabilities are known */ 3861 if (info->attrs[NL80211_ATTR_PEER_AID]) 3862 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]); 3863 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 3864 params->ht_capa = 3865 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 3866 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 3867 params->vht_capa = 3868 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 3869 3870 return nl80211_parse_sta_wme(info, params); 3871 } 3872 3873 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 3874 { 3875 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3876 struct net_device *dev = info->user_ptr[1]; 3877 struct station_parameters params; 3878 u8 *mac_addr; 3879 int err; 3880 3881 memset(¶ms, 0, sizeof(params)); 3882 3883 params.listen_interval = -1; 3884 3885 if (!rdev->ops->change_station) 3886 return -EOPNOTSUPP; 3887 3888 if (info->attrs[NL80211_ATTR_STA_AID]) 3889 return -EINVAL; 3890 3891 if (!info->attrs[NL80211_ATTR_MAC]) 3892 return -EINVAL; 3893 3894 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3895 3896 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 3897 params.supported_rates = 3898 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3899 params.supported_rates_len = 3900 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3901 } 3902 3903 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 3904 params.capability = 3905 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 3906 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 3907 } 3908 3909 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 3910 params.ext_capab = 3911 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 3912 params.ext_capab_len = 3913 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 3914 } 3915 3916 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 3917 return -EINVAL; 3918 3919 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 3920 return -EINVAL; 3921 3922 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) { 3923 params.plink_action = 3924 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 3925 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS) 3926 return -EINVAL; 3927 } 3928 3929 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) { 3930 params.plink_state = 3931 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 3932 if (params.plink_state >= NUM_NL80211_PLINK_STATES) 3933 return -EINVAL; 3934 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE; 3935 } 3936 3937 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) { 3938 enum nl80211_mesh_power_mode pm = nla_get_u32( 3939 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]); 3940 3941 if (pm <= NL80211_MESH_POWER_UNKNOWN || 3942 pm > NL80211_MESH_POWER_MAX) 3943 return -EINVAL; 3944 3945 params.local_pm = pm; 3946 } 3947 3948 /* Include parameters for TDLS peer (will check later) */ 3949 err = nl80211_set_station_tdls(info, ¶ms); 3950 if (err) 3951 return err; 3952 3953 params.vlan = get_vlan(info, rdev); 3954 if (IS_ERR(params.vlan)) 3955 return PTR_ERR(params.vlan); 3956 3957 switch (dev->ieee80211_ptr->iftype) { 3958 case NL80211_IFTYPE_AP: 3959 case NL80211_IFTYPE_AP_VLAN: 3960 case NL80211_IFTYPE_P2P_GO: 3961 case NL80211_IFTYPE_P2P_CLIENT: 3962 case NL80211_IFTYPE_STATION: 3963 case NL80211_IFTYPE_ADHOC: 3964 case NL80211_IFTYPE_MESH_POINT: 3965 break; 3966 default: 3967 err = -EOPNOTSUPP; 3968 goto out_put_vlan; 3969 } 3970 3971 /* driver will call cfg80211_check_station_change() */ 3972 err = rdev_change_station(rdev, dev, mac_addr, ¶ms); 3973 3974 out_put_vlan: 3975 if (params.vlan) 3976 dev_put(params.vlan); 3977 3978 return err; 3979 } 3980 3981 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 3982 { 3983 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3984 int err; 3985 struct net_device *dev = info->user_ptr[1]; 3986 struct station_parameters params; 3987 u8 *mac_addr = NULL; 3988 3989 memset(¶ms, 0, sizeof(params)); 3990 3991 if (!rdev->ops->add_station) 3992 return -EOPNOTSUPP; 3993 3994 if (!info->attrs[NL80211_ATTR_MAC]) 3995 return -EINVAL; 3996 3997 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 3998 return -EINVAL; 3999 4000 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 4001 return -EINVAL; 4002 4003 if (!info->attrs[NL80211_ATTR_STA_AID] && 4004 !info->attrs[NL80211_ATTR_PEER_AID]) 4005 return -EINVAL; 4006 4007 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4008 params.supported_rates = 4009 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 4010 params.supported_rates_len = 4011 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 4012 params.listen_interval = 4013 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 4014 4015 if (info->attrs[NL80211_ATTR_PEER_AID]) 4016 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]); 4017 else 4018 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 4019 if (!params.aid || params.aid > IEEE80211_MAX_AID) 4020 return -EINVAL; 4021 4022 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 4023 params.capability = 4024 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 4025 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 4026 } 4027 4028 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 4029 params.ext_capab = 4030 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 4031 params.ext_capab_len = 4032 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 4033 } 4034 4035 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 4036 params.ht_capa = 4037 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 4038 4039 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 4040 params.vht_capa = 4041 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 4042 4043 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) { 4044 params.plink_action = 4045 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 4046 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS) 4047 return -EINVAL; 4048 } 4049 4050 err = nl80211_parse_sta_wme(info, ¶ms); 4051 if (err) 4052 return err; 4053 4054 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 4055 return -EINVAL; 4056 4057 /* When you run into this, adjust the code below for the new flag */ 4058 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7); 4059 4060 switch (dev->ieee80211_ptr->iftype) { 4061 case NL80211_IFTYPE_AP: 4062 case NL80211_IFTYPE_AP_VLAN: 4063 case NL80211_IFTYPE_P2P_GO: 4064 /* ignore WME attributes if iface/sta is not capable */ 4065 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) || 4066 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) 4067 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 4068 4069 /* TDLS peers cannot be added */ 4070 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) || 4071 info->attrs[NL80211_ATTR_PEER_AID]) 4072 return -EINVAL; 4073 /* but don't bother the driver with it */ 4074 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 4075 4076 /* allow authenticated/associated only if driver handles it */ 4077 if (!(rdev->wiphy.features & 4078 NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 4079 params.sta_flags_mask & 4080 (BIT(NL80211_STA_FLAG_AUTHENTICATED) | 4081 BIT(NL80211_STA_FLAG_ASSOCIATED))) 4082 return -EINVAL; 4083 4084 /* must be last in here for error handling */ 4085 params.vlan = get_vlan(info, rdev); 4086 if (IS_ERR(params.vlan)) 4087 return PTR_ERR(params.vlan); 4088 break; 4089 case NL80211_IFTYPE_MESH_POINT: 4090 /* ignore uAPSD data */ 4091 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 4092 4093 /* associated is disallowed */ 4094 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED)) 4095 return -EINVAL; 4096 /* TDLS peers cannot be added */ 4097 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) || 4098 info->attrs[NL80211_ATTR_PEER_AID]) 4099 return -EINVAL; 4100 break; 4101 case NL80211_IFTYPE_STATION: 4102 case NL80211_IFTYPE_P2P_CLIENT: 4103 /* ignore uAPSD data */ 4104 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 4105 4106 /* these are disallowed */ 4107 if (params.sta_flags_mask & 4108 (BIT(NL80211_STA_FLAG_ASSOCIATED) | 4109 BIT(NL80211_STA_FLAG_AUTHENTICATED))) 4110 return -EINVAL; 4111 /* Only TDLS peers can be added */ 4112 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 4113 return -EINVAL; 4114 /* Can only add if TDLS ... */ 4115 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 4116 return -EOPNOTSUPP; 4117 /* ... with external setup is supported */ 4118 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 4119 return -EOPNOTSUPP; 4120 /* 4121 * Older wpa_supplicant versions always mark the TDLS peer 4122 * as authorized, but it shouldn't yet be. 4123 */ 4124 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED); 4125 break; 4126 default: 4127 return -EOPNOTSUPP; 4128 } 4129 4130 /* be aware of params.vlan when changing code here */ 4131 4132 err = rdev_add_station(rdev, dev, mac_addr, ¶ms); 4133 4134 if (params.vlan) 4135 dev_put(params.vlan); 4136 return err; 4137 } 4138 4139 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 4140 { 4141 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4142 struct net_device *dev = info->user_ptr[1]; 4143 u8 *mac_addr = NULL; 4144 4145 if (info->attrs[NL80211_ATTR_MAC]) 4146 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4147 4148 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 4149 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 4150 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 4151 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4152 return -EINVAL; 4153 4154 if (!rdev->ops->del_station) 4155 return -EOPNOTSUPP; 4156 4157 return rdev_del_station(rdev, dev, mac_addr); 4158 } 4159 4160 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq, 4161 int flags, struct net_device *dev, 4162 u8 *dst, u8 *next_hop, 4163 struct mpath_info *pinfo) 4164 { 4165 void *hdr; 4166 struct nlattr *pinfoattr; 4167 4168 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION); 4169 if (!hdr) 4170 return -1; 4171 4172 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 4173 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || 4174 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) || 4175 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation)) 4176 goto nla_put_failure; 4177 4178 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 4179 if (!pinfoattr) 4180 goto nla_put_failure; 4181 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) && 4182 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 4183 pinfo->frame_qlen)) 4184 goto nla_put_failure; 4185 if (((pinfo->filled & MPATH_INFO_SN) && 4186 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) || 4187 ((pinfo->filled & MPATH_INFO_METRIC) && 4188 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC, 4189 pinfo->metric)) || 4190 ((pinfo->filled & MPATH_INFO_EXPTIME) && 4191 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME, 4192 pinfo->exptime)) || 4193 ((pinfo->filled & MPATH_INFO_FLAGS) && 4194 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS, 4195 pinfo->flags)) || 4196 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) && 4197 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 4198 pinfo->discovery_timeout)) || 4199 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) && 4200 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 4201 pinfo->discovery_retries))) 4202 goto nla_put_failure; 4203 4204 nla_nest_end(msg, pinfoattr); 4205 4206 return genlmsg_end(msg, hdr); 4207 4208 nla_put_failure: 4209 genlmsg_cancel(msg, hdr); 4210 return -EMSGSIZE; 4211 } 4212 4213 static int nl80211_dump_mpath(struct sk_buff *skb, 4214 struct netlink_callback *cb) 4215 { 4216 struct mpath_info pinfo; 4217 struct cfg80211_registered_device *dev; 4218 struct wireless_dev *wdev; 4219 u8 dst[ETH_ALEN]; 4220 u8 next_hop[ETH_ALEN]; 4221 int path_idx = cb->args[2]; 4222 int err; 4223 4224 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev); 4225 if (err) 4226 return err; 4227 4228 if (!dev->ops->dump_mpath) { 4229 err = -EOPNOTSUPP; 4230 goto out_err; 4231 } 4232 4233 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) { 4234 err = -EOPNOTSUPP; 4235 goto out_err; 4236 } 4237 4238 while (1) { 4239 err = rdev_dump_mpath(dev, wdev->netdev, path_idx, dst, 4240 next_hop, &pinfo); 4241 if (err == -ENOENT) 4242 break; 4243 if (err) 4244 goto out_err; 4245 4246 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 4247 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4248 wdev->netdev, dst, next_hop, 4249 &pinfo) < 0) 4250 goto out; 4251 4252 path_idx++; 4253 } 4254 4255 4256 out: 4257 cb->args[2] = path_idx; 4258 err = skb->len; 4259 out_err: 4260 nl80211_finish_wdev_dump(dev); 4261 return err; 4262 } 4263 4264 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 4265 { 4266 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4267 int err; 4268 struct net_device *dev = info->user_ptr[1]; 4269 struct mpath_info pinfo; 4270 struct sk_buff *msg; 4271 u8 *dst = NULL; 4272 u8 next_hop[ETH_ALEN]; 4273 4274 memset(&pinfo, 0, sizeof(pinfo)); 4275 4276 if (!info->attrs[NL80211_ATTR_MAC]) 4277 return -EINVAL; 4278 4279 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 4280 4281 if (!rdev->ops->get_mpath) 4282 return -EOPNOTSUPP; 4283 4284 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 4285 return -EOPNOTSUPP; 4286 4287 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo); 4288 if (err) 4289 return err; 4290 4291 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4292 if (!msg) 4293 return -ENOMEM; 4294 4295 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 4296 dev, dst, next_hop, &pinfo) < 0) { 4297 nlmsg_free(msg); 4298 return -ENOBUFS; 4299 } 4300 4301 return genlmsg_reply(msg, info); 4302 } 4303 4304 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 4305 { 4306 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4307 struct net_device *dev = info->user_ptr[1]; 4308 u8 *dst = NULL; 4309 u8 *next_hop = NULL; 4310 4311 if (!info->attrs[NL80211_ATTR_MAC]) 4312 return -EINVAL; 4313 4314 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 4315 return -EINVAL; 4316 4317 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 4318 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 4319 4320 if (!rdev->ops->change_mpath) 4321 return -EOPNOTSUPP; 4322 4323 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 4324 return -EOPNOTSUPP; 4325 4326 return rdev_change_mpath(rdev, dev, dst, next_hop); 4327 } 4328 4329 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 4330 { 4331 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4332 struct net_device *dev = info->user_ptr[1]; 4333 u8 *dst = NULL; 4334 u8 *next_hop = NULL; 4335 4336 if (!info->attrs[NL80211_ATTR_MAC]) 4337 return -EINVAL; 4338 4339 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 4340 return -EINVAL; 4341 4342 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 4343 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 4344 4345 if (!rdev->ops->add_mpath) 4346 return -EOPNOTSUPP; 4347 4348 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 4349 return -EOPNOTSUPP; 4350 4351 return rdev_add_mpath(rdev, dev, dst, next_hop); 4352 } 4353 4354 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 4355 { 4356 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4357 struct net_device *dev = info->user_ptr[1]; 4358 u8 *dst = NULL; 4359 4360 if (info->attrs[NL80211_ATTR_MAC]) 4361 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 4362 4363 if (!rdev->ops->del_mpath) 4364 return -EOPNOTSUPP; 4365 4366 return rdev_del_mpath(rdev, dev, dst); 4367 } 4368 4369 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 4370 { 4371 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4372 struct net_device *dev = info->user_ptr[1]; 4373 struct bss_parameters params; 4374 4375 memset(¶ms, 0, sizeof(params)); 4376 /* default to not changing parameters */ 4377 params.use_cts_prot = -1; 4378 params.use_short_preamble = -1; 4379 params.use_short_slot_time = -1; 4380 params.ap_isolate = -1; 4381 params.ht_opmode = -1; 4382 params.p2p_ctwindow = -1; 4383 params.p2p_opp_ps = -1; 4384 4385 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 4386 params.use_cts_prot = 4387 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 4388 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 4389 params.use_short_preamble = 4390 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 4391 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 4392 params.use_short_slot_time = 4393 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 4394 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 4395 params.basic_rates = 4396 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4397 params.basic_rates_len = 4398 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4399 } 4400 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 4401 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 4402 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 4403 params.ht_opmode = 4404 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 4405 4406 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 4407 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4408 return -EINVAL; 4409 params.p2p_ctwindow = 4410 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 4411 if (params.p2p_ctwindow < 0) 4412 return -EINVAL; 4413 if (params.p2p_ctwindow != 0 && 4414 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 4415 return -EINVAL; 4416 } 4417 4418 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 4419 u8 tmp; 4420 4421 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4422 return -EINVAL; 4423 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 4424 if (tmp > 1) 4425 return -EINVAL; 4426 params.p2p_opp_ps = tmp; 4427 if (params.p2p_opp_ps && 4428 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 4429 return -EINVAL; 4430 } 4431 4432 if (!rdev->ops->change_bss) 4433 return -EOPNOTSUPP; 4434 4435 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 4436 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4437 return -EOPNOTSUPP; 4438 4439 return rdev_change_bss(rdev, dev, ¶ms); 4440 } 4441 4442 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 4443 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 4444 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 4445 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 4446 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 4447 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 4448 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 4449 }; 4450 4451 static int parse_reg_rule(struct nlattr *tb[], 4452 struct ieee80211_reg_rule *reg_rule) 4453 { 4454 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 4455 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 4456 4457 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 4458 return -EINVAL; 4459 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 4460 return -EINVAL; 4461 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 4462 return -EINVAL; 4463 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 4464 return -EINVAL; 4465 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 4466 return -EINVAL; 4467 4468 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 4469 4470 freq_range->start_freq_khz = 4471 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 4472 freq_range->end_freq_khz = 4473 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 4474 freq_range->max_bandwidth_khz = 4475 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 4476 4477 power_rule->max_eirp = 4478 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 4479 4480 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 4481 power_rule->max_antenna_gain = 4482 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 4483 4484 return 0; 4485 } 4486 4487 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 4488 { 4489 int r; 4490 char *data = NULL; 4491 enum nl80211_user_reg_hint_type user_reg_hint_type; 4492 4493 /* 4494 * You should only get this when cfg80211 hasn't yet initialized 4495 * completely when built-in to the kernel right between the time 4496 * window between nl80211_init() and regulatory_init(), if that is 4497 * even possible. 4498 */ 4499 if (unlikely(!rcu_access_pointer(cfg80211_regdomain))) 4500 return -EINPROGRESS; 4501 4502 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 4503 return -EINVAL; 4504 4505 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 4506 4507 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]) 4508 user_reg_hint_type = 4509 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]); 4510 else 4511 user_reg_hint_type = NL80211_USER_REG_HINT_USER; 4512 4513 switch (user_reg_hint_type) { 4514 case NL80211_USER_REG_HINT_USER: 4515 case NL80211_USER_REG_HINT_CELL_BASE: 4516 break; 4517 default: 4518 return -EINVAL; 4519 } 4520 4521 r = regulatory_hint_user(data, user_reg_hint_type); 4522 4523 return r; 4524 } 4525 4526 static int nl80211_get_mesh_config(struct sk_buff *skb, 4527 struct genl_info *info) 4528 { 4529 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4530 struct net_device *dev = info->user_ptr[1]; 4531 struct wireless_dev *wdev = dev->ieee80211_ptr; 4532 struct mesh_config cur_params; 4533 int err = 0; 4534 void *hdr; 4535 struct nlattr *pinfoattr; 4536 struct sk_buff *msg; 4537 4538 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 4539 return -EOPNOTSUPP; 4540 4541 if (!rdev->ops->get_mesh_config) 4542 return -EOPNOTSUPP; 4543 4544 wdev_lock(wdev); 4545 /* If not connected, get default parameters */ 4546 if (!wdev->mesh_id_len) 4547 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 4548 else 4549 err = rdev_get_mesh_config(rdev, dev, &cur_params); 4550 wdev_unlock(wdev); 4551 4552 if (err) 4553 return err; 4554 4555 /* Draw up a netlink message to send back */ 4556 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4557 if (!msg) 4558 return -ENOMEM; 4559 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 4560 NL80211_CMD_GET_MESH_CONFIG); 4561 if (!hdr) 4562 goto out; 4563 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); 4564 if (!pinfoattr) 4565 goto nla_put_failure; 4566 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 4567 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 4568 cur_params.dot11MeshRetryTimeout) || 4569 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 4570 cur_params.dot11MeshConfirmTimeout) || 4571 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 4572 cur_params.dot11MeshHoldingTimeout) || 4573 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 4574 cur_params.dot11MeshMaxPeerLinks) || 4575 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES, 4576 cur_params.dot11MeshMaxRetries) || 4577 nla_put_u8(msg, NL80211_MESHCONF_TTL, 4578 cur_params.dot11MeshTTL) || 4579 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL, 4580 cur_params.element_ttl) || 4581 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 4582 cur_params.auto_open_plinks) || 4583 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 4584 cur_params.dot11MeshNbrOffsetMaxNeighbor) || 4585 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 4586 cur_params.dot11MeshHWMPmaxPREQretries) || 4587 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 4588 cur_params.path_refresh_time) || 4589 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 4590 cur_params.min_discovery_timeout) || 4591 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 4592 cur_params.dot11MeshHWMPactivePathTimeout) || 4593 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 4594 cur_params.dot11MeshHWMPpreqMinInterval) || 4595 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 4596 cur_params.dot11MeshHWMPperrMinInterval) || 4597 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 4598 cur_params.dot11MeshHWMPnetDiameterTraversalTime) || 4599 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 4600 cur_params.dot11MeshHWMPRootMode) || 4601 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 4602 cur_params.dot11MeshHWMPRannInterval) || 4603 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 4604 cur_params.dot11MeshGateAnnouncementProtocol) || 4605 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING, 4606 cur_params.dot11MeshForwarding) || 4607 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 4608 cur_params.rssi_threshold) || 4609 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE, 4610 cur_params.ht_opmode) || 4611 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 4612 cur_params.dot11MeshHWMPactivePathToRootTimeout) || 4613 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 4614 cur_params.dot11MeshHWMProotInterval) || 4615 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 4616 cur_params.dot11MeshHWMPconfirmationInterval) || 4617 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE, 4618 cur_params.power_mode) || 4619 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW, 4620 cur_params.dot11MeshAwakeWindowDuration) || 4621 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT, 4622 cur_params.plink_timeout)) 4623 goto nla_put_failure; 4624 nla_nest_end(msg, pinfoattr); 4625 genlmsg_end(msg, hdr); 4626 return genlmsg_reply(msg, info); 4627 4628 nla_put_failure: 4629 genlmsg_cancel(msg, hdr); 4630 out: 4631 nlmsg_free(msg); 4632 return -ENOBUFS; 4633 } 4634 4635 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 4636 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 4637 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 4638 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 4639 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 4640 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 4641 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 4642 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 }, 4643 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 4644 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 }, 4645 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 4646 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 4647 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 4648 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 4649 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 4650 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 }, 4651 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 4652 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 }, 4653 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 }, 4654 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 }, 4655 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 }, 4656 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 }, 4657 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 }, 4658 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 }, 4659 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 }, 4660 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 }, 4661 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 }, 4662 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 }, 4663 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 }, 4664 }; 4665 4666 static const struct nla_policy 4667 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 4668 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 }, 4669 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 4670 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 4671 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 4672 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 }, 4673 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG }, 4674 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY, 4675 .len = IEEE80211_MAX_DATA_LEN }, 4676 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 4677 }; 4678 4679 static int nl80211_parse_mesh_config(struct genl_info *info, 4680 struct mesh_config *cfg, 4681 u32 *mask_out) 4682 { 4683 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 4684 u32 mask = 0; 4685 4686 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \ 4687 do { \ 4688 if (tb[attr]) { \ 4689 if (fn(tb[attr]) < min || fn(tb[attr]) > max) \ 4690 return -EINVAL; \ 4691 cfg->param = fn(tb[attr]); \ 4692 mask |= (1 << (attr - 1)); \ 4693 } \ 4694 } while (0) 4695 4696 4697 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 4698 return -EINVAL; 4699 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 4700 info->attrs[NL80211_ATTR_MESH_CONFIG], 4701 nl80211_meshconf_params_policy)) 4702 return -EINVAL; 4703 4704 /* This makes sure that there aren't more than 32 mesh config 4705 * parameters (otherwise our bitfield scheme would not work.) */ 4706 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 4707 4708 /* Fill in the params struct */ 4709 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255, 4710 mask, NL80211_MESHCONF_RETRY_TIMEOUT, 4711 nla_get_u16); 4712 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255, 4713 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, 4714 nla_get_u16); 4715 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255, 4716 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, 4717 nla_get_u16); 4718 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255, 4719 mask, NL80211_MESHCONF_MAX_PEER_LINKS, 4720 nla_get_u16); 4721 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16, 4722 mask, NL80211_MESHCONF_MAX_RETRIES, 4723 nla_get_u8); 4724 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255, 4725 mask, NL80211_MESHCONF_TTL, nla_get_u8); 4726 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255, 4727 mask, NL80211_MESHCONF_ELEMENT_TTL, 4728 nla_get_u8); 4729 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1, 4730 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 4731 nla_get_u8); 4732 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, 4733 1, 255, mask, 4734 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 4735 nla_get_u32); 4736 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255, 4737 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 4738 nla_get_u8); 4739 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535, 4740 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, 4741 nla_get_u32); 4742 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535, 4743 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 4744 nla_get_u16); 4745 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 4746 1, 65535, mask, 4747 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 4748 nla_get_u32); 4749 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 4750 1, 65535, mask, 4751 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 4752 nla_get_u16); 4753 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, 4754 1, 65535, mask, 4755 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 4756 nla_get_u16); 4757 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 4758 dot11MeshHWMPnetDiameterTraversalTime, 4759 1, 65535, mask, 4760 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 4761 nla_get_u16); 4762 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4, 4763 mask, NL80211_MESHCONF_HWMP_ROOTMODE, 4764 nla_get_u8); 4765 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535, 4766 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 4767 nla_get_u16); 4768 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 4769 dot11MeshGateAnnouncementProtocol, 0, 1, 4770 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 4771 nla_get_u8); 4772 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1, 4773 mask, NL80211_MESHCONF_FORWARDING, 4774 nla_get_u8); 4775 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0, 4776 mask, NL80211_MESHCONF_RSSI_THRESHOLD, 4777 nla_get_s32); 4778 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16, 4779 mask, NL80211_MESHCONF_HT_OPMODE, 4780 nla_get_u16); 4781 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout, 4782 1, 65535, mask, 4783 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 4784 nla_get_u32); 4785 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535, 4786 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 4787 nla_get_u16); 4788 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 4789 dot11MeshHWMPconfirmationInterval, 4790 1, 65535, mask, 4791 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 4792 nla_get_u16); 4793 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, 4794 NL80211_MESH_POWER_ACTIVE, 4795 NL80211_MESH_POWER_MAX, 4796 mask, NL80211_MESHCONF_POWER_MODE, 4797 nla_get_u32); 4798 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, 4799 0, 65535, mask, 4800 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16); 4801 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 1, 0xffffffff, 4802 mask, NL80211_MESHCONF_PLINK_TIMEOUT, 4803 nla_get_u32); 4804 if (mask_out) 4805 *mask_out = mask; 4806 4807 return 0; 4808 4809 #undef FILL_IN_MESH_PARAM_IF_SET 4810 } 4811 4812 static int nl80211_parse_mesh_setup(struct genl_info *info, 4813 struct mesh_setup *setup) 4814 { 4815 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4816 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 4817 4818 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 4819 return -EINVAL; 4820 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX, 4821 info->attrs[NL80211_ATTR_MESH_SETUP], 4822 nl80211_mesh_setup_params_policy)) 4823 return -EINVAL; 4824 4825 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC]) 4826 setup->sync_method = 4827 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ? 4828 IEEE80211_SYNC_METHOD_VENDOR : 4829 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET; 4830 4831 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 4832 setup->path_sel_proto = 4833 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 4834 IEEE80211_PATH_PROTOCOL_VENDOR : 4835 IEEE80211_PATH_PROTOCOL_HWMP; 4836 4837 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 4838 setup->path_metric = 4839 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 4840 IEEE80211_PATH_METRIC_VENDOR : 4841 IEEE80211_PATH_METRIC_AIRTIME; 4842 4843 4844 if (tb[NL80211_MESH_SETUP_IE]) { 4845 struct nlattr *ieattr = 4846 tb[NL80211_MESH_SETUP_IE]; 4847 if (!is_valid_ie_attr(ieattr)) 4848 return -EINVAL; 4849 setup->ie = nla_data(ieattr); 4850 setup->ie_len = nla_len(ieattr); 4851 } 4852 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] && 4853 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM)) 4854 return -EINVAL; 4855 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]); 4856 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 4857 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 4858 if (setup->is_secure) 4859 setup->user_mpm = true; 4860 4861 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) { 4862 if (!setup->user_mpm) 4863 return -EINVAL; 4864 setup->auth_id = 4865 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]); 4866 } 4867 4868 return 0; 4869 } 4870 4871 static int nl80211_update_mesh_config(struct sk_buff *skb, 4872 struct genl_info *info) 4873 { 4874 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4875 struct net_device *dev = info->user_ptr[1]; 4876 struct wireless_dev *wdev = dev->ieee80211_ptr; 4877 struct mesh_config cfg; 4878 u32 mask; 4879 int err; 4880 4881 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 4882 return -EOPNOTSUPP; 4883 4884 if (!rdev->ops->update_mesh_config) 4885 return -EOPNOTSUPP; 4886 4887 err = nl80211_parse_mesh_config(info, &cfg, &mask); 4888 if (err) 4889 return err; 4890 4891 wdev_lock(wdev); 4892 if (!wdev->mesh_id_len) 4893 err = -ENOLINK; 4894 4895 if (!err) 4896 err = rdev_update_mesh_config(rdev, dev, mask, &cfg); 4897 4898 wdev_unlock(wdev); 4899 4900 return err; 4901 } 4902 4903 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 4904 { 4905 const struct ieee80211_regdomain *regdom; 4906 struct sk_buff *msg; 4907 void *hdr = NULL; 4908 struct nlattr *nl_reg_rules; 4909 unsigned int i; 4910 4911 if (!cfg80211_regdomain) 4912 return -EINVAL; 4913 4914 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4915 if (!msg) 4916 return -ENOBUFS; 4917 4918 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 4919 NL80211_CMD_GET_REG); 4920 if (!hdr) 4921 goto put_failure; 4922 4923 if (reg_last_request_cell_base() && 4924 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 4925 NL80211_USER_REG_HINT_CELL_BASE)) 4926 goto nla_put_failure; 4927 4928 rcu_read_lock(); 4929 regdom = rcu_dereference(cfg80211_regdomain); 4930 4931 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) || 4932 (regdom->dfs_region && 4933 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region))) 4934 goto nla_put_failure_rcu; 4935 4936 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 4937 if (!nl_reg_rules) 4938 goto nla_put_failure_rcu; 4939 4940 for (i = 0; i < regdom->n_reg_rules; i++) { 4941 struct nlattr *nl_reg_rule; 4942 const struct ieee80211_reg_rule *reg_rule; 4943 const struct ieee80211_freq_range *freq_range; 4944 const struct ieee80211_power_rule *power_rule; 4945 4946 reg_rule = ®dom->reg_rules[i]; 4947 freq_range = ®_rule->freq_range; 4948 power_rule = ®_rule->power_rule; 4949 4950 nl_reg_rule = nla_nest_start(msg, i); 4951 if (!nl_reg_rule) 4952 goto nla_put_failure_rcu; 4953 4954 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS, 4955 reg_rule->flags) || 4956 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START, 4957 freq_range->start_freq_khz) || 4958 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END, 4959 freq_range->end_freq_khz) || 4960 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 4961 freq_range->max_bandwidth_khz) || 4962 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 4963 power_rule->max_antenna_gain) || 4964 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 4965 power_rule->max_eirp)) 4966 goto nla_put_failure_rcu; 4967 4968 nla_nest_end(msg, nl_reg_rule); 4969 } 4970 rcu_read_unlock(); 4971 4972 nla_nest_end(msg, nl_reg_rules); 4973 4974 genlmsg_end(msg, hdr); 4975 return genlmsg_reply(msg, info); 4976 4977 nla_put_failure_rcu: 4978 rcu_read_unlock(); 4979 nla_put_failure: 4980 genlmsg_cancel(msg, hdr); 4981 put_failure: 4982 nlmsg_free(msg); 4983 return -EMSGSIZE; 4984 } 4985 4986 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 4987 { 4988 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 4989 struct nlattr *nl_reg_rule; 4990 char *alpha2 = NULL; 4991 int rem_reg_rules = 0, r = 0; 4992 u32 num_rules = 0, rule_idx = 0, size_of_regd; 4993 u8 dfs_region = 0; 4994 struct ieee80211_regdomain *rd = NULL; 4995 4996 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 4997 return -EINVAL; 4998 4999 if (!info->attrs[NL80211_ATTR_REG_RULES]) 5000 return -EINVAL; 5001 5002 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 5003 5004 if (info->attrs[NL80211_ATTR_DFS_REGION]) 5005 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 5006 5007 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 5008 rem_reg_rules) { 5009 num_rules++; 5010 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 5011 return -EINVAL; 5012 } 5013 5014 size_of_regd = sizeof(struct ieee80211_regdomain) + 5015 num_rules * sizeof(struct ieee80211_reg_rule); 5016 5017 rd = kzalloc(size_of_regd, GFP_KERNEL); 5018 if (!rd) 5019 return -ENOMEM; 5020 5021 rd->n_reg_rules = num_rules; 5022 rd->alpha2[0] = alpha2[0]; 5023 rd->alpha2[1] = alpha2[1]; 5024 5025 /* 5026 * Disable DFS master mode if the DFS region was 5027 * not supported or known on this kernel. 5028 */ 5029 if (reg_supported_dfs_region(dfs_region)) 5030 rd->dfs_region = dfs_region; 5031 5032 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 5033 rem_reg_rules) { 5034 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 5035 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 5036 reg_rule_policy); 5037 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 5038 if (r) 5039 goto bad_reg; 5040 5041 rule_idx++; 5042 5043 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 5044 r = -EINVAL; 5045 goto bad_reg; 5046 } 5047 } 5048 5049 r = set_regdom(rd); 5050 /* set_regdom took ownership */ 5051 rd = NULL; 5052 5053 bad_reg: 5054 kfree(rd); 5055 return r; 5056 } 5057 5058 static int validate_scan_freqs(struct nlattr *freqs) 5059 { 5060 struct nlattr *attr1, *attr2; 5061 int n_channels = 0, tmp1, tmp2; 5062 5063 nla_for_each_nested(attr1, freqs, tmp1) { 5064 n_channels++; 5065 /* 5066 * Some hardware has a limited channel list for 5067 * scanning, and it is pretty much nonsensical 5068 * to scan for a channel twice, so disallow that 5069 * and don't require drivers to check that the 5070 * channel list they get isn't longer than what 5071 * they can scan, as long as they can scan all 5072 * the channels they registered at once. 5073 */ 5074 nla_for_each_nested(attr2, freqs, tmp2) 5075 if (attr1 != attr2 && 5076 nla_get_u32(attr1) == nla_get_u32(attr2)) 5077 return 0; 5078 } 5079 5080 return n_channels; 5081 } 5082 5083 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 5084 { 5085 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5086 struct wireless_dev *wdev = info->user_ptr[1]; 5087 struct cfg80211_scan_request *request; 5088 struct nlattr *attr; 5089 struct wiphy *wiphy; 5090 int err, tmp, n_ssids = 0, n_channels, i; 5091 size_t ie_len; 5092 5093 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5094 return -EINVAL; 5095 5096 wiphy = &rdev->wiphy; 5097 5098 if (!rdev->ops->scan) 5099 return -EOPNOTSUPP; 5100 5101 if (rdev->scan_req) { 5102 err = -EBUSY; 5103 goto unlock; 5104 } 5105 5106 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 5107 n_channels = validate_scan_freqs( 5108 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 5109 if (!n_channels) { 5110 err = -EINVAL; 5111 goto unlock; 5112 } 5113 } else { 5114 enum ieee80211_band band; 5115 n_channels = 0; 5116 5117 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 5118 if (wiphy->bands[band]) 5119 n_channels += wiphy->bands[band]->n_channels; 5120 } 5121 5122 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 5123 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 5124 n_ssids++; 5125 5126 if (n_ssids > wiphy->max_scan_ssids) { 5127 err = -EINVAL; 5128 goto unlock; 5129 } 5130 5131 if (info->attrs[NL80211_ATTR_IE]) 5132 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5133 else 5134 ie_len = 0; 5135 5136 if (ie_len > wiphy->max_scan_ie_len) { 5137 err = -EINVAL; 5138 goto unlock; 5139 } 5140 5141 request = kzalloc(sizeof(*request) 5142 + sizeof(*request->ssids) * n_ssids 5143 + sizeof(*request->channels) * n_channels 5144 + ie_len, GFP_KERNEL); 5145 if (!request) { 5146 err = -ENOMEM; 5147 goto unlock; 5148 } 5149 5150 if (n_ssids) 5151 request->ssids = (void *)&request->channels[n_channels]; 5152 request->n_ssids = n_ssids; 5153 if (ie_len) { 5154 if (request->ssids) 5155 request->ie = (void *)(request->ssids + n_ssids); 5156 else 5157 request->ie = (void *)(request->channels + n_channels); 5158 } 5159 5160 i = 0; 5161 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 5162 /* user specified, bail out if channel not found */ 5163 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 5164 struct ieee80211_channel *chan; 5165 5166 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 5167 5168 if (!chan) { 5169 err = -EINVAL; 5170 goto out_free; 5171 } 5172 5173 /* ignore disabled channels */ 5174 if (chan->flags & IEEE80211_CHAN_DISABLED) 5175 continue; 5176 5177 request->channels[i] = chan; 5178 i++; 5179 } 5180 } else { 5181 enum ieee80211_band band; 5182 5183 /* all channels */ 5184 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 5185 int j; 5186 if (!wiphy->bands[band]) 5187 continue; 5188 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 5189 struct ieee80211_channel *chan; 5190 5191 chan = &wiphy->bands[band]->channels[j]; 5192 5193 if (chan->flags & IEEE80211_CHAN_DISABLED) 5194 continue; 5195 5196 request->channels[i] = chan; 5197 i++; 5198 } 5199 } 5200 } 5201 5202 if (!i) { 5203 err = -EINVAL; 5204 goto out_free; 5205 } 5206 5207 request->n_channels = i; 5208 5209 i = 0; 5210 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 5211 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 5212 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 5213 err = -EINVAL; 5214 goto out_free; 5215 } 5216 request->ssids[i].ssid_len = nla_len(attr); 5217 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 5218 i++; 5219 } 5220 } 5221 5222 if (info->attrs[NL80211_ATTR_IE]) { 5223 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5224 memcpy((void *)request->ie, 5225 nla_data(info->attrs[NL80211_ATTR_IE]), 5226 request->ie_len); 5227 } 5228 5229 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 5230 if (wiphy->bands[i]) 5231 request->rates[i] = 5232 (1 << wiphy->bands[i]->n_bitrates) - 1; 5233 5234 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 5235 nla_for_each_nested(attr, 5236 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 5237 tmp) { 5238 enum ieee80211_band band = nla_type(attr); 5239 5240 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 5241 err = -EINVAL; 5242 goto out_free; 5243 } 5244 err = ieee80211_get_ratemask(wiphy->bands[band], 5245 nla_data(attr), 5246 nla_len(attr), 5247 &request->rates[band]); 5248 if (err) 5249 goto out_free; 5250 } 5251 } 5252 5253 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) { 5254 request->flags = nla_get_u32( 5255 info->attrs[NL80211_ATTR_SCAN_FLAGS]); 5256 if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 5257 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) || 5258 ((request->flags & NL80211_SCAN_FLAG_FLUSH) && 5259 !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) { 5260 err = -EOPNOTSUPP; 5261 goto out_free; 5262 } 5263 } 5264 5265 request->no_cck = 5266 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 5267 5268 request->wdev = wdev; 5269 request->wiphy = &rdev->wiphy; 5270 request->scan_start = jiffies; 5271 5272 rdev->scan_req = request; 5273 err = rdev_scan(rdev, request); 5274 5275 if (!err) { 5276 nl80211_send_scan_start(rdev, wdev); 5277 if (wdev->netdev) 5278 dev_hold(wdev->netdev); 5279 } else { 5280 out_free: 5281 rdev->scan_req = NULL; 5282 kfree(request); 5283 } 5284 5285 unlock: 5286 return err; 5287 } 5288 5289 static int nl80211_start_sched_scan(struct sk_buff *skb, 5290 struct genl_info *info) 5291 { 5292 struct cfg80211_sched_scan_request *request; 5293 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5294 struct net_device *dev = info->user_ptr[1]; 5295 struct nlattr *attr; 5296 struct wiphy *wiphy; 5297 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i; 5298 u32 interval; 5299 enum ieee80211_band band; 5300 size_t ie_len; 5301 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 5302 5303 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 5304 !rdev->ops->sched_scan_start) 5305 return -EOPNOTSUPP; 5306 5307 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5308 return -EINVAL; 5309 5310 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 5311 return -EINVAL; 5312 5313 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 5314 if (interval == 0) 5315 return -EINVAL; 5316 5317 wiphy = &rdev->wiphy; 5318 5319 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 5320 n_channels = validate_scan_freqs( 5321 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 5322 if (!n_channels) 5323 return -EINVAL; 5324 } else { 5325 n_channels = 0; 5326 5327 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 5328 if (wiphy->bands[band]) 5329 n_channels += wiphy->bands[band]->n_channels; 5330 } 5331 5332 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 5333 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 5334 tmp) 5335 n_ssids++; 5336 5337 if (n_ssids > wiphy->max_sched_scan_ssids) 5338 return -EINVAL; 5339 5340 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) 5341 nla_for_each_nested(attr, 5342 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 5343 tmp) 5344 n_match_sets++; 5345 5346 if (n_match_sets > wiphy->max_match_sets) 5347 return -EINVAL; 5348 5349 if (info->attrs[NL80211_ATTR_IE]) 5350 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5351 else 5352 ie_len = 0; 5353 5354 if (ie_len > wiphy->max_sched_scan_ie_len) 5355 return -EINVAL; 5356 5357 if (rdev->sched_scan_req) { 5358 err = -EINPROGRESS; 5359 goto out; 5360 } 5361 5362 request = kzalloc(sizeof(*request) 5363 + sizeof(*request->ssids) * n_ssids 5364 + sizeof(*request->match_sets) * n_match_sets 5365 + sizeof(*request->channels) * n_channels 5366 + ie_len, GFP_KERNEL); 5367 if (!request) { 5368 err = -ENOMEM; 5369 goto out; 5370 } 5371 5372 if (n_ssids) 5373 request->ssids = (void *)&request->channels[n_channels]; 5374 request->n_ssids = n_ssids; 5375 if (ie_len) { 5376 if (request->ssids) 5377 request->ie = (void *)(request->ssids + n_ssids); 5378 else 5379 request->ie = (void *)(request->channels + n_channels); 5380 } 5381 5382 if (n_match_sets) { 5383 if (request->ie) 5384 request->match_sets = (void *)(request->ie + ie_len); 5385 else if (request->ssids) 5386 request->match_sets = 5387 (void *)(request->ssids + n_ssids); 5388 else 5389 request->match_sets = 5390 (void *)(request->channels + n_channels); 5391 } 5392 request->n_match_sets = n_match_sets; 5393 5394 i = 0; 5395 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 5396 /* user specified, bail out if channel not found */ 5397 nla_for_each_nested(attr, 5398 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], 5399 tmp) { 5400 struct ieee80211_channel *chan; 5401 5402 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 5403 5404 if (!chan) { 5405 err = -EINVAL; 5406 goto out_free; 5407 } 5408 5409 /* ignore disabled channels */ 5410 if (chan->flags & IEEE80211_CHAN_DISABLED) 5411 continue; 5412 5413 request->channels[i] = chan; 5414 i++; 5415 } 5416 } else { 5417 /* all channels */ 5418 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 5419 int j; 5420 if (!wiphy->bands[band]) 5421 continue; 5422 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 5423 struct ieee80211_channel *chan; 5424 5425 chan = &wiphy->bands[band]->channels[j]; 5426 5427 if (chan->flags & IEEE80211_CHAN_DISABLED) 5428 continue; 5429 5430 request->channels[i] = chan; 5431 i++; 5432 } 5433 } 5434 } 5435 5436 if (!i) { 5437 err = -EINVAL; 5438 goto out_free; 5439 } 5440 5441 request->n_channels = i; 5442 5443 i = 0; 5444 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 5445 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 5446 tmp) { 5447 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 5448 err = -EINVAL; 5449 goto out_free; 5450 } 5451 request->ssids[i].ssid_len = nla_len(attr); 5452 memcpy(request->ssids[i].ssid, nla_data(attr), 5453 nla_len(attr)); 5454 i++; 5455 } 5456 } 5457 5458 i = 0; 5459 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 5460 nla_for_each_nested(attr, 5461 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 5462 tmp) { 5463 struct nlattr *ssid, *rssi; 5464 5465 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 5466 nla_data(attr), nla_len(attr), 5467 nl80211_match_policy); 5468 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]; 5469 if (ssid) { 5470 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { 5471 err = -EINVAL; 5472 goto out_free; 5473 } 5474 memcpy(request->match_sets[i].ssid.ssid, 5475 nla_data(ssid), nla_len(ssid)); 5476 request->match_sets[i].ssid.ssid_len = 5477 nla_len(ssid); 5478 } 5479 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 5480 if (rssi) 5481 request->rssi_thold = nla_get_u32(rssi); 5482 else 5483 request->rssi_thold = 5484 NL80211_SCAN_RSSI_THOLD_OFF; 5485 i++; 5486 } 5487 } 5488 5489 if (info->attrs[NL80211_ATTR_IE]) { 5490 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5491 memcpy((void *)request->ie, 5492 nla_data(info->attrs[NL80211_ATTR_IE]), 5493 request->ie_len); 5494 } 5495 5496 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) { 5497 request->flags = nla_get_u32( 5498 info->attrs[NL80211_ATTR_SCAN_FLAGS]); 5499 if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 5500 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) || 5501 ((request->flags & NL80211_SCAN_FLAG_FLUSH) && 5502 !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) { 5503 err = -EOPNOTSUPP; 5504 goto out_free; 5505 } 5506 } 5507 5508 request->dev = dev; 5509 request->wiphy = &rdev->wiphy; 5510 request->interval = interval; 5511 request->scan_start = jiffies; 5512 5513 err = rdev_sched_scan_start(rdev, dev, request); 5514 if (!err) { 5515 rdev->sched_scan_req = request; 5516 nl80211_send_sched_scan(rdev, dev, 5517 NL80211_CMD_START_SCHED_SCAN); 5518 goto out; 5519 } 5520 5521 out_free: 5522 kfree(request); 5523 out: 5524 return err; 5525 } 5526 5527 static int nl80211_stop_sched_scan(struct sk_buff *skb, 5528 struct genl_info *info) 5529 { 5530 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5531 5532 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 5533 !rdev->ops->sched_scan_stop) 5534 return -EOPNOTSUPP; 5535 5536 return __cfg80211_stop_sched_scan(rdev, false); 5537 } 5538 5539 static int nl80211_start_radar_detection(struct sk_buff *skb, 5540 struct genl_info *info) 5541 { 5542 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5543 struct net_device *dev = info->user_ptr[1]; 5544 struct wireless_dev *wdev = dev->ieee80211_ptr; 5545 struct cfg80211_chan_def chandef; 5546 int err; 5547 5548 err = nl80211_parse_chandef(rdev, info, &chandef); 5549 if (err) 5550 return err; 5551 5552 if (wdev->cac_started) 5553 return -EBUSY; 5554 5555 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef); 5556 if (err < 0) 5557 return err; 5558 5559 if (err == 0) 5560 return -EINVAL; 5561 5562 if (chandef.chan->dfs_state != NL80211_DFS_USABLE) 5563 return -EINVAL; 5564 5565 if (!rdev->ops->start_radar_detection) 5566 return -EOPNOTSUPP; 5567 5568 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype, 5569 chandef.chan, CHAN_MODE_SHARED, 5570 BIT(chandef.width)); 5571 if (err) 5572 return err; 5573 5574 err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef); 5575 if (!err) { 5576 wdev->channel = chandef.chan; 5577 wdev->cac_started = true; 5578 wdev->cac_start_time = jiffies; 5579 } 5580 return err; 5581 } 5582 5583 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 5584 u32 seq, int flags, 5585 struct cfg80211_registered_device *rdev, 5586 struct wireless_dev *wdev, 5587 struct cfg80211_internal_bss *intbss) 5588 { 5589 struct cfg80211_bss *res = &intbss->pub; 5590 const struct cfg80211_bss_ies *ies; 5591 void *hdr; 5592 struct nlattr *bss; 5593 bool tsf = false; 5594 5595 ASSERT_WDEV_LOCK(wdev); 5596 5597 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 5598 NL80211_CMD_NEW_SCAN_RESULTS); 5599 if (!hdr) 5600 return -1; 5601 5602 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 5603 5604 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation)) 5605 goto nla_put_failure; 5606 if (wdev->netdev && 5607 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 5608 goto nla_put_failure; 5609 if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 5610 goto nla_put_failure; 5611 5612 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 5613 if (!bss) 5614 goto nla_put_failure; 5615 if ((!is_zero_ether_addr(res->bssid) && 5616 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid))) 5617 goto nla_put_failure; 5618 5619 rcu_read_lock(); 5620 ies = rcu_dereference(res->ies); 5621 if (ies) { 5622 if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf)) 5623 goto fail_unlock_rcu; 5624 tsf = true; 5625 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS, 5626 ies->len, ies->data)) 5627 goto fail_unlock_rcu; 5628 } 5629 ies = rcu_dereference(res->beacon_ies); 5630 if (ies) { 5631 if (!tsf && nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf)) 5632 goto fail_unlock_rcu; 5633 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES, 5634 ies->len, ies->data)) 5635 goto fail_unlock_rcu; 5636 } 5637 rcu_read_unlock(); 5638 5639 if (res->beacon_interval && 5640 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval)) 5641 goto nla_put_failure; 5642 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) || 5643 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) || 5644 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO, 5645 jiffies_to_msecs(jiffies - intbss->ts))) 5646 goto nla_put_failure; 5647 5648 switch (rdev->wiphy.signal_type) { 5649 case CFG80211_SIGNAL_TYPE_MBM: 5650 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal)) 5651 goto nla_put_failure; 5652 break; 5653 case CFG80211_SIGNAL_TYPE_UNSPEC: 5654 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal)) 5655 goto nla_put_failure; 5656 break; 5657 default: 5658 break; 5659 } 5660 5661 switch (wdev->iftype) { 5662 case NL80211_IFTYPE_P2P_CLIENT: 5663 case NL80211_IFTYPE_STATION: 5664 if (intbss == wdev->current_bss && 5665 nla_put_u32(msg, NL80211_BSS_STATUS, 5666 NL80211_BSS_STATUS_ASSOCIATED)) 5667 goto nla_put_failure; 5668 break; 5669 case NL80211_IFTYPE_ADHOC: 5670 if (intbss == wdev->current_bss && 5671 nla_put_u32(msg, NL80211_BSS_STATUS, 5672 NL80211_BSS_STATUS_IBSS_JOINED)) 5673 goto nla_put_failure; 5674 break; 5675 default: 5676 break; 5677 } 5678 5679 nla_nest_end(msg, bss); 5680 5681 return genlmsg_end(msg, hdr); 5682 5683 fail_unlock_rcu: 5684 rcu_read_unlock(); 5685 nla_put_failure: 5686 genlmsg_cancel(msg, hdr); 5687 return -EMSGSIZE; 5688 } 5689 5690 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb) 5691 { 5692 struct cfg80211_registered_device *rdev; 5693 struct cfg80211_internal_bss *scan; 5694 struct wireless_dev *wdev; 5695 int start = cb->args[2], idx = 0; 5696 int err; 5697 5698 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev); 5699 if (err) 5700 return err; 5701 5702 wdev_lock(wdev); 5703 spin_lock_bh(&rdev->bss_lock); 5704 cfg80211_bss_expire(rdev); 5705 5706 cb->seq = rdev->bss_generation; 5707 5708 list_for_each_entry(scan, &rdev->bss_list, list) { 5709 if (++idx <= start) 5710 continue; 5711 if (nl80211_send_bss(skb, cb, 5712 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5713 rdev, wdev, scan) < 0) { 5714 idx--; 5715 break; 5716 } 5717 } 5718 5719 spin_unlock_bh(&rdev->bss_lock); 5720 wdev_unlock(wdev); 5721 5722 cb->args[2] = idx; 5723 nl80211_finish_wdev_dump(rdev); 5724 5725 return skb->len; 5726 } 5727 5728 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq, 5729 int flags, struct net_device *dev, 5730 struct survey_info *survey) 5731 { 5732 void *hdr; 5733 struct nlattr *infoattr; 5734 5735 hdr = nl80211hdr_put(msg, portid, seq, flags, 5736 NL80211_CMD_NEW_SURVEY_RESULTS); 5737 if (!hdr) 5738 return -ENOMEM; 5739 5740 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 5741 goto nla_put_failure; 5742 5743 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 5744 if (!infoattr) 5745 goto nla_put_failure; 5746 5747 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY, 5748 survey->channel->center_freq)) 5749 goto nla_put_failure; 5750 5751 if ((survey->filled & SURVEY_INFO_NOISE_DBM) && 5752 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise)) 5753 goto nla_put_failure; 5754 if ((survey->filled & SURVEY_INFO_IN_USE) && 5755 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE)) 5756 goto nla_put_failure; 5757 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) && 5758 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME, 5759 survey->channel_time)) 5760 goto nla_put_failure; 5761 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) && 5762 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY, 5763 survey->channel_time_busy)) 5764 goto nla_put_failure; 5765 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) && 5766 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY, 5767 survey->channel_time_ext_busy)) 5768 goto nla_put_failure; 5769 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) && 5770 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX, 5771 survey->channel_time_rx)) 5772 goto nla_put_failure; 5773 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) && 5774 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX, 5775 survey->channel_time_tx)) 5776 goto nla_put_failure; 5777 5778 nla_nest_end(msg, infoattr); 5779 5780 return genlmsg_end(msg, hdr); 5781 5782 nla_put_failure: 5783 genlmsg_cancel(msg, hdr); 5784 return -EMSGSIZE; 5785 } 5786 5787 static int nl80211_dump_survey(struct sk_buff *skb, 5788 struct netlink_callback *cb) 5789 { 5790 struct survey_info survey; 5791 struct cfg80211_registered_device *dev; 5792 struct wireless_dev *wdev; 5793 int survey_idx = cb->args[2]; 5794 int res; 5795 5796 res = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev); 5797 if (res) 5798 return res; 5799 5800 if (!wdev->netdev) { 5801 res = -EINVAL; 5802 goto out_err; 5803 } 5804 5805 if (!dev->ops->dump_survey) { 5806 res = -EOPNOTSUPP; 5807 goto out_err; 5808 } 5809 5810 while (1) { 5811 struct ieee80211_channel *chan; 5812 5813 res = rdev_dump_survey(dev, wdev->netdev, survey_idx, &survey); 5814 if (res == -ENOENT) 5815 break; 5816 if (res) 5817 goto out_err; 5818 5819 /* Survey without a channel doesn't make sense */ 5820 if (!survey.channel) { 5821 res = -EINVAL; 5822 goto out; 5823 } 5824 5825 chan = ieee80211_get_channel(&dev->wiphy, 5826 survey.channel->center_freq); 5827 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) { 5828 survey_idx++; 5829 continue; 5830 } 5831 5832 if (nl80211_send_survey(skb, 5833 NETLINK_CB(cb->skb).portid, 5834 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5835 wdev->netdev, &survey) < 0) 5836 goto out; 5837 survey_idx++; 5838 } 5839 5840 out: 5841 cb->args[2] = survey_idx; 5842 res = skb->len; 5843 out_err: 5844 nl80211_finish_wdev_dump(dev); 5845 return res; 5846 } 5847 5848 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 5849 { 5850 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 5851 NL80211_WPA_VERSION_2)); 5852 } 5853 5854 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 5855 { 5856 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5857 struct net_device *dev = info->user_ptr[1]; 5858 struct ieee80211_channel *chan; 5859 const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL; 5860 int err, ssid_len, ie_len = 0, sae_data_len = 0; 5861 enum nl80211_auth_type auth_type; 5862 struct key_parse key; 5863 bool local_state_change; 5864 5865 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5866 return -EINVAL; 5867 5868 if (!info->attrs[NL80211_ATTR_MAC]) 5869 return -EINVAL; 5870 5871 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 5872 return -EINVAL; 5873 5874 if (!info->attrs[NL80211_ATTR_SSID]) 5875 return -EINVAL; 5876 5877 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5878 return -EINVAL; 5879 5880 err = nl80211_parse_key(info, &key); 5881 if (err) 5882 return err; 5883 5884 if (key.idx >= 0) { 5885 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 5886 return -EINVAL; 5887 if (!key.p.key || !key.p.key_len) 5888 return -EINVAL; 5889 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 5890 key.p.key_len != WLAN_KEY_LEN_WEP40) && 5891 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 5892 key.p.key_len != WLAN_KEY_LEN_WEP104)) 5893 return -EINVAL; 5894 if (key.idx > 4) 5895 return -EINVAL; 5896 } else { 5897 key.p.key_len = 0; 5898 key.p.key = NULL; 5899 } 5900 5901 if (key.idx >= 0) { 5902 int i; 5903 bool ok = false; 5904 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 5905 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 5906 ok = true; 5907 break; 5908 } 5909 } 5910 if (!ok) 5911 return -EINVAL; 5912 } 5913 5914 if (!rdev->ops->auth) 5915 return -EOPNOTSUPP; 5916 5917 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5918 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5919 return -EOPNOTSUPP; 5920 5921 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5922 chan = ieee80211_get_channel(&rdev->wiphy, 5923 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5924 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 5925 return -EINVAL; 5926 5927 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5928 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5929 5930 if (info->attrs[NL80211_ATTR_IE]) { 5931 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5932 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5933 } 5934 5935 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 5936 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE)) 5937 return -EINVAL; 5938 5939 if (auth_type == NL80211_AUTHTYPE_SAE && 5940 !info->attrs[NL80211_ATTR_SAE_DATA]) 5941 return -EINVAL; 5942 5943 if (info->attrs[NL80211_ATTR_SAE_DATA]) { 5944 if (auth_type != NL80211_AUTHTYPE_SAE) 5945 return -EINVAL; 5946 sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]); 5947 sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]); 5948 /* need to include at least Auth Transaction and Status Code */ 5949 if (sae_data_len < 4) 5950 return -EINVAL; 5951 } 5952 5953 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5954 5955 /* 5956 * Since we no longer track auth state, ignore 5957 * requests to only change local state. 5958 */ 5959 if (local_state_change) 5960 return 0; 5961 5962 wdev_lock(dev->ieee80211_ptr); 5963 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 5964 ssid, ssid_len, ie, ie_len, 5965 key.p.key, key.p.key_len, key.idx, 5966 sae_data, sae_data_len); 5967 wdev_unlock(dev->ieee80211_ptr); 5968 return err; 5969 } 5970 5971 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 5972 struct genl_info *info, 5973 struct cfg80211_crypto_settings *settings, 5974 int cipher_limit) 5975 { 5976 memset(settings, 0, sizeof(*settings)); 5977 5978 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 5979 5980 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 5981 u16 proto; 5982 proto = nla_get_u16( 5983 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 5984 settings->control_port_ethertype = cpu_to_be16(proto); 5985 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 5986 proto != ETH_P_PAE) 5987 return -EINVAL; 5988 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 5989 settings->control_port_no_encrypt = true; 5990 } else 5991 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 5992 5993 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 5994 void *data; 5995 int len, i; 5996 5997 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 5998 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 5999 settings->n_ciphers_pairwise = len / sizeof(u32); 6000 6001 if (len % sizeof(u32)) 6002 return -EINVAL; 6003 6004 if (settings->n_ciphers_pairwise > cipher_limit) 6005 return -EINVAL; 6006 6007 memcpy(settings->ciphers_pairwise, data, len); 6008 6009 for (i = 0; i < settings->n_ciphers_pairwise; i++) 6010 if (!cfg80211_supported_cipher_suite( 6011 &rdev->wiphy, 6012 settings->ciphers_pairwise[i])) 6013 return -EINVAL; 6014 } 6015 6016 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 6017 settings->cipher_group = 6018 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 6019 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 6020 settings->cipher_group)) 6021 return -EINVAL; 6022 } 6023 6024 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 6025 settings->wpa_versions = 6026 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 6027 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 6028 return -EINVAL; 6029 } 6030 6031 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 6032 void *data; 6033 int len; 6034 6035 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 6036 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 6037 settings->n_akm_suites = len / sizeof(u32); 6038 6039 if (len % sizeof(u32)) 6040 return -EINVAL; 6041 6042 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) 6043 return -EINVAL; 6044 6045 memcpy(settings->akm_suites, data, len); 6046 } 6047 6048 return 0; 6049 } 6050 6051 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 6052 { 6053 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6054 struct net_device *dev = info->user_ptr[1]; 6055 struct ieee80211_channel *chan; 6056 struct cfg80211_assoc_request req = {}; 6057 const u8 *bssid, *ssid; 6058 int err, ssid_len = 0; 6059 6060 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 6061 return -EINVAL; 6062 6063 if (!info->attrs[NL80211_ATTR_MAC] || 6064 !info->attrs[NL80211_ATTR_SSID] || 6065 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 6066 return -EINVAL; 6067 6068 if (!rdev->ops->assoc) 6069 return -EOPNOTSUPP; 6070 6071 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6072 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6073 return -EOPNOTSUPP; 6074 6075 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 6076 6077 chan = ieee80211_get_channel(&rdev->wiphy, 6078 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 6079 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 6080 return -EINVAL; 6081 6082 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 6083 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 6084 6085 if (info->attrs[NL80211_ATTR_IE]) { 6086 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 6087 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 6088 } 6089 6090 if (info->attrs[NL80211_ATTR_USE_MFP]) { 6091 enum nl80211_mfp mfp = 6092 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 6093 if (mfp == NL80211_MFP_REQUIRED) 6094 req.use_mfp = true; 6095 else if (mfp != NL80211_MFP_NO) 6096 return -EINVAL; 6097 } 6098 6099 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 6100 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 6101 6102 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 6103 req.flags |= ASSOC_REQ_DISABLE_HT; 6104 6105 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 6106 memcpy(&req.ht_capa_mask, 6107 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 6108 sizeof(req.ht_capa_mask)); 6109 6110 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 6111 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 6112 return -EINVAL; 6113 memcpy(&req.ht_capa, 6114 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 6115 sizeof(req.ht_capa)); 6116 } 6117 6118 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT])) 6119 req.flags |= ASSOC_REQ_DISABLE_VHT; 6120 6121 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 6122 memcpy(&req.vht_capa_mask, 6123 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]), 6124 sizeof(req.vht_capa_mask)); 6125 6126 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) { 6127 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 6128 return -EINVAL; 6129 memcpy(&req.vht_capa, 6130 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]), 6131 sizeof(req.vht_capa)); 6132 } 6133 6134 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1); 6135 if (!err) { 6136 wdev_lock(dev->ieee80211_ptr); 6137 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, 6138 ssid, ssid_len, &req); 6139 wdev_unlock(dev->ieee80211_ptr); 6140 } 6141 6142 return err; 6143 } 6144 6145 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 6146 { 6147 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6148 struct net_device *dev = info->user_ptr[1]; 6149 const u8 *ie = NULL, *bssid; 6150 int ie_len = 0, err; 6151 u16 reason_code; 6152 bool local_state_change; 6153 6154 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 6155 return -EINVAL; 6156 6157 if (!info->attrs[NL80211_ATTR_MAC]) 6158 return -EINVAL; 6159 6160 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 6161 return -EINVAL; 6162 6163 if (!rdev->ops->deauth) 6164 return -EOPNOTSUPP; 6165 6166 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6167 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6168 return -EOPNOTSUPP; 6169 6170 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 6171 6172 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 6173 if (reason_code == 0) { 6174 /* Reason Code 0 is reserved */ 6175 return -EINVAL; 6176 } 6177 6178 if (info->attrs[NL80211_ATTR_IE]) { 6179 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 6180 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 6181 } 6182 6183 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 6184 6185 wdev_lock(dev->ieee80211_ptr); 6186 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 6187 local_state_change); 6188 wdev_unlock(dev->ieee80211_ptr); 6189 return err; 6190 } 6191 6192 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 6193 { 6194 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6195 struct net_device *dev = info->user_ptr[1]; 6196 const u8 *ie = NULL, *bssid; 6197 int ie_len = 0, err; 6198 u16 reason_code; 6199 bool local_state_change; 6200 6201 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 6202 return -EINVAL; 6203 6204 if (!info->attrs[NL80211_ATTR_MAC]) 6205 return -EINVAL; 6206 6207 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 6208 return -EINVAL; 6209 6210 if (!rdev->ops->disassoc) 6211 return -EOPNOTSUPP; 6212 6213 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6214 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6215 return -EOPNOTSUPP; 6216 6217 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 6218 6219 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 6220 if (reason_code == 0) { 6221 /* Reason Code 0 is reserved */ 6222 return -EINVAL; 6223 } 6224 6225 if (info->attrs[NL80211_ATTR_IE]) { 6226 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 6227 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 6228 } 6229 6230 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 6231 6232 wdev_lock(dev->ieee80211_ptr); 6233 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 6234 local_state_change); 6235 wdev_unlock(dev->ieee80211_ptr); 6236 return err; 6237 } 6238 6239 static bool 6240 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 6241 int mcast_rate[IEEE80211_NUM_BANDS], 6242 int rateval) 6243 { 6244 struct wiphy *wiphy = &rdev->wiphy; 6245 bool found = false; 6246 int band, i; 6247 6248 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 6249 struct ieee80211_supported_band *sband; 6250 6251 sband = wiphy->bands[band]; 6252 if (!sband) 6253 continue; 6254 6255 for (i = 0; i < sband->n_bitrates; i++) { 6256 if (sband->bitrates[i].bitrate == rateval) { 6257 mcast_rate[band] = i + 1; 6258 found = true; 6259 break; 6260 } 6261 } 6262 } 6263 6264 return found; 6265 } 6266 6267 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 6268 { 6269 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6270 struct net_device *dev = info->user_ptr[1]; 6271 struct cfg80211_ibss_params ibss; 6272 struct wiphy *wiphy; 6273 struct cfg80211_cached_keys *connkeys = NULL; 6274 int err; 6275 6276 memset(&ibss, 0, sizeof(ibss)); 6277 6278 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 6279 return -EINVAL; 6280 6281 if (!info->attrs[NL80211_ATTR_SSID] || 6282 !nla_len(info->attrs[NL80211_ATTR_SSID])) 6283 return -EINVAL; 6284 6285 ibss.beacon_interval = 100; 6286 6287 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 6288 ibss.beacon_interval = 6289 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 6290 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 6291 return -EINVAL; 6292 } 6293 6294 if (!rdev->ops->join_ibss) 6295 return -EOPNOTSUPP; 6296 6297 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 6298 return -EOPNOTSUPP; 6299 6300 wiphy = &rdev->wiphy; 6301 6302 if (info->attrs[NL80211_ATTR_MAC]) { 6303 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 6304 6305 if (!is_valid_ether_addr(ibss.bssid)) 6306 return -EINVAL; 6307 } 6308 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 6309 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 6310 6311 if (info->attrs[NL80211_ATTR_IE]) { 6312 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 6313 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 6314 } 6315 6316 err = nl80211_parse_chandef(rdev, info, &ibss.chandef); 6317 if (err) 6318 return err; 6319 6320 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef)) 6321 return -EINVAL; 6322 6323 switch (ibss.chandef.width) { 6324 case NL80211_CHAN_WIDTH_20_NOHT: 6325 break; 6326 case NL80211_CHAN_WIDTH_20: 6327 case NL80211_CHAN_WIDTH_40: 6328 if (rdev->wiphy.features & NL80211_FEATURE_HT_IBSS) 6329 break; 6330 default: 6331 return -EINVAL; 6332 } 6333 6334 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 6335 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 6336 6337 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 6338 u8 *rates = 6339 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 6340 int n_rates = 6341 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 6342 struct ieee80211_supported_band *sband = 6343 wiphy->bands[ibss.chandef.chan->band]; 6344 6345 err = ieee80211_get_ratemask(sband, rates, n_rates, 6346 &ibss.basic_rates); 6347 if (err) 6348 return err; 6349 } 6350 6351 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 6352 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 6353 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 6354 return -EINVAL; 6355 6356 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 6357 bool no_ht = false; 6358 6359 connkeys = nl80211_parse_connkeys(rdev, 6360 info->attrs[NL80211_ATTR_KEYS], 6361 &no_ht); 6362 if (IS_ERR(connkeys)) 6363 return PTR_ERR(connkeys); 6364 6365 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) && 6366 no_ht) { 6367 kfree(connkeys); 6368 return -EINVAL; 6369 } 6370 } 6371 6372 ibss.control_port = 6373 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 6374 6375 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 6376 if (err) 6377 kfree(connkeys); 6378 return err; 6379 } 6380 6381 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 6382 { 6383 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6384 struct net_device *dev = info->user_ptr[1]; 6385 6386 if (!rdev->ops->leave_ibss) 6387 return -EOPNOTSUPP; 6388 6389 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 6390 return -EOPNOTSUPP; 6391 6392 return cfg80211_leave_ibss(rdev, dev, false); 6393 } 6394 6395 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info) 6396 { 6397 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6398 struct net_device *dev = info->user_ptr[1]; 6399 int mcast_rate[IEEE80211_NUM_BANDS]; 6400 u32 nla_rate; 6401 int err; 6402 6403 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 6404 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 6405 return -EOPNOTSUPP; 6406 6407 if (!rdev->ops->set_mcast_rate) 6408 return -EOPNOTSUPP; 6409 6410 memset(mcast_rate, 0, sizeof(mcast_rate)); 6411 6412 if (!info->attrs[NL80211_ATTR_MCAST_RATE]) 6413 return -EINVAL; 6414 6415 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]); 6416 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate)) 6417 return -EINVAL; 6418 6419 err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate); 6420 6421 return err; 6422 } 6423 6424 6425 #ifdef CONFIG_NL80211_TESTMODE 6426 static struct genl_multicast_group nl80211_testmode_mcgrp = { 6427 .name = "testmode", 6428 }; 6429 6430 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 6431 { 6432 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6433 int err; 6434 6435 if (!info->attrs[NL80211_ATTR_TESTDATA]) 6436 return -EINVAL; 6437 6438 err = -EOPNOTSUPP; 6439 if (rdev->ops->testmode_cmd) { 6440 rdev->testmode_info = info; 6441 err = rdev_testmode_cmd(rdev, 6442 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 6443 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 6444 rdev->testmode_info = NULL; 6445 } 6446 6447 return err; 6448 } 6449 6450 static int nl80211_testmode_dump(struct sk_buff *skb, 6451 struct netlink_callback *cb) 6452 { 6453 struct cfg80211_registered_device *rdev; 6454 int err; 6455 long phy_idx; 6456 void *data = NULL; 6457 int data_len = 0; 6458 6459 rtnl_lock(); 6460 6461 if (cb->args[0]) { 6462 /* 6463 * 0 is a valid index, but not valid for args[0], 6464 * so we need to offset by 1. 6465 */ 6466 phy_idx = cb->args[0] - 1; 6467 } else { 6468 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 6469 nl80211_fam.attrbuf, nl80211_fam.maxattr, 6470 nl80211_policy); 6471 if (err) 6472 goto out_err; 6473 6474 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), 6475 nl80211_fam.attrbuf); 6476 if (IS_ERR(rdev)) { 6477 err = PTR_ERR(rdev); 6478 goto out_err; 6479 } 6480 phy_idx = rdev->wiphy_idx; 6481 rdev = NULL; 6482 6483 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]) 6484 cb->args[1] = 6485 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]; 6486 } 6487 6488 if (cb->args[1]) { 6489 data = nla_data((void *)cb->args[1]); 6490 data_len = nla_len((void *)cb->args[1]); 6491 } 6492 6493 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 6494 if (!rdev) { 6495 err = -ENOENT; 6496 goto out_err; 6497 } 6498 6499 if (!rdev->ops->testmode_dump) { 6500 err = -EOPNOTSUPP; 6501 goto out_err; 6502 } 6503 6504 while (1) { 6505 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 6506 cb->nlh->nlmsg_seq, NLM_F_MULTI, 6507 NL80211_CMD_TESTMODE); 6508 struct nlattr *tmdata; 6509 6510 if (!hdr) 6511 break; 6512 6513 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 6514 genlmsg_cancel(skb, hdr); 6515 break; 6516 } 6517 6518 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 6519 if (!tmdata) { 6520 genlmsg_cancel(skb, hdr); 6521 break; 6522 } 6523 err = rdev_testmode_dump(rdev, skb, cb, data, data_len); 6524 nla_nest_end(skb, tmdata); 6525 6526 if (err == -ENOBUFS || err == -ENOENT) { 6527 genlmsg_cancel(skb, hdr); 6528 break; 6529 } else if (err) { 6530 genlmsg_cancel(skb, hdr); 6531 goto out_err; 6532 } 6533 6534 genlmsg_end(skb, hdr); 6535 } 6536 6537 err = skb->len; 6538 /* see above */ 6539 cb->args[0] = phy_idx + 1; 6540 out_err: 6541 rtnl_unlock(); 6542 return err; 6543 } 6544 6545 static struct sk_buff * 6546 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 6547 int approxlen, u32 portid, u32 seq, gfp_t gfp) 6548 { 6549 struct sk_buff *skb; 6550 void *hdr; 6551 struct nlattr *data; 6552 6553 skb = nlmsg_new(approxlen + 100, gfp); 6554 if (!skb) 6555 return NULL; 6556 6557 hdr = nl80211hdr_put(skb, portid, seq, 0, NL80211_CMD_TESTMODE); 6558 if (!hdr) { 6559 kfree_skb(skb); 6560 return NULL; 6561 } 6562 6563 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 6564 goto nla_put_failure; 6565 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 6566 6567 ((void **)skb->cb)[0] = rdev; 6568 ((void **)skb->cb)[1] = hdr; 6569 ((void **)skb->cb)[2] = data; 6570 6571 return skb; 6572 6573 nla_put_failure: 6574 kfree_skb(skb); 6575 return NULL; 6576 } 6577 6578 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 6579 int approxlen) 6580 { 6581 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 6582 6583 if (WARN_ON(!rdev->testmode_info)) 6584 return NULL; 6585 6586 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 6587 rdev->testmode_info->snd_portid, 6588 rdev->testmode_info->snd_seq, 6589 GFP_KERNEL); 6590 } 6591 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 6592 6593 int cfg80211_testmode_reply(struct sk_buff *skb) 6594 { 6595 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 6596 void *hdr = ((void **)skb->cb)[1]; 6597 struct nlattr *data = ((void **)skb->cb)[2]; 6598 6599 if (WARN_ON(!rdev->testmode_info)) { 6600 kfree_skb(skb); 6601 return -EINVAL; 6602 } 6603 6604 nla_nest_end(skb, data); 6605 genlmsg_end(skb, hdr); 6606 return genlmsg_reply(skb, rdev->testmode_info); 6607 } 6608 EXPORT_SYMBOL(cfg80211_testmode_reply); 6609 6610 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 6611 int approxlen, gfp_t gfp) 6612 { 6613 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 6614 6615 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 6616 } 6617 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 6618 6619 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 6620 { 6621 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 6622 void *hdr = ((void **)skb->cb)[1]; 6623 struct nlattr *data = ((void **)skb->cb)[2]; 6624 6625 nla_nest_end(skb, data); 6626 genlmsg_end(skb, hdr); 6627 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), skb, 0, 6628 nl80211_testmode_mcgrp.id, gfp); 6629 } 6630 EXPORT_SYMBOL(cfg80211_testmode_event); 6631 #endif 6632 6633 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 6634 { 6635 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6636 struct net_device *dev = info->user_ptr[1]; 6637 struct cfg80211_connect_params connect; 6638 struct wiphy *wiphy; 6639 struct cfg80211_cached_keys *connkeys = NULL; 6640 int err; 6641 6642 memset(&connect, 0, sizeof(connect)); 6643 6644 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 6645 return -EINVAL; 6646 6647 if (!info->attrs[NL80211_ATTR_SSID] || 6648 !nla_len(info->attrs[NL80211_ATTR_SSID])) 6649 return -EINVAL; 6650 6651 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 6652 connect.auth_type = 6653 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 6654 if (!nl80211_valid_auth_type(rdev, connect.auth_type, 6655 NL80211_CMD_CONNECT)) 6656 return -EINVAL; 6657 } else 6658 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 6659 6660 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 6661 6662 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 6663 NL80211_MAX_NR_CIPHER_SUITES); 6664 if (err) 6665 return err; 6666 6667 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6668 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6669 return -EOPNOTSUPP; 6670 6671 wiphy = &rdev->wiphy; 6672 6673 connect.bg_scan_period = -1; 6674 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 6675 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 6676 connect.bg_scan_period = 6677 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 6678 } 6679 6680 if (info->attrs[NL80211_ATTR_MAC]) 6681 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 6682 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 6683 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 6684 6685 if (info->attrs[NL80211_ATTR_IE]) { 6686 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 6687 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 6688 } 6689 6690 if (info->attrs[NL80211_ATTR_USE_MFP]) { 6691 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 6692 if (connect.mfp != NL80211_MFP_REQUIRED && 6693 connect.mfp != NL80211_MFP_NO) 6694 return -EINVAL; 6695 } else { 6696 connect.mfp = NL80211_MFP_NO; 6697 } 6698 6699 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 6700 connect.channel = 6701 ieee80211_get_channel(wiphy, 6702 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 6703 if (!connect.channel || 6704 connect.channel->flags & IEEE80211_CHAN_DISABLED) 6705 return -EINVAL; 6706 } 6707 6708 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 6709 connkeys = nl80211_parse_connkeys(rdev, 6710 info->attrs[NL80211_ATTR_KEYS], NULL); 6711 if (IS_ERR(connkeys)) 6712 return PTR_ERR(connkeys); 6713 } 6714 6715 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 6716 connect.flags |= ASSOC_REQ_DISABLE_HT; 6717 6718 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 6719 memcpy(&connect.ht_capa_mask, 6720 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 6721 sizeof(connect.ht_capa_mask)); 6722 6723 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 6724 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) { 6725 kfree(connkeys); 6726 return -EINVAL; 6727 } 6728 memcpy(&connect.ht_capa, 6729 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 6730 sizeof(connect.ht_capa)); 6731 } 6732 6733 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT])) 6734 connect.flags |= ASSOC_REQ_DISABLE_VHT; 6735 6736 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 6737 memcpy(&connect.vht_capa_mask, 6738 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]), 6739 sizeof(connect.vht_capa_mask)); 6740 6741 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) { 6742 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) { 6743 kfree(connkeys); 6744 return -EINVAL; 6745 } 6746 memcpy(&connect.vht_capa, 6747 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]), 6748 sizeof(connect.vht_capa)); 6749 } 6750 6751 wdev_lock(dev->ieee80211_ptr); 6752 err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL); 6753 wdev_unlock(dev->ieee80211_ptr); 6754 if (err) 6755 kfree(connkeys); 6756 return err; 6757 } 6758 6759 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 6760 { 6761 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6762 struct net_device *dev = info->user_ptr[1]; 6763 u16 reason; 6764 int ret; 6765 6766 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 6767 reason = WLAN_REASON_DEAUTH_LEAVING; 6768 else 6769 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 6770 6771 if (reason == 0) 6772 return -EINVAL; 6773 6774 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6775 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6776 return -EOPNOTSUPP; 6777 6778 wdev_lock(dev->ieee80211_ptr); 6779 ret = cfg80211_disconnect(rdev, dev, reason, true); 6780 wdev_unlock(dev->ieee80211_ptr); 6781 return ret; 6782 } 6783 6784 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 6785 { 6786 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6787 struct net *net; 6788 int err; 6789 u32 pid; 6790 6791 if (!info->attrs[NL80211_ATTR_PID]) 6792 return -EINVAL; 6793 6794 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 6795 6796 net = get_net_ns_by_pid(pid); 6797 if (IS_ERR(net)) 6798 return PTR_ERR(net); 6799 6800 err = 0; 6801 6802 /* check if anything to do */ 6803 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 6804 err = cfg80211_switch_netns(rdev, net); 6805 6806 put_net(net); 6807 return err; 6808 } 6809 6810 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 6811 { 6812 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6813 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 6814 struct cfg80211_pmksa *pmksa) = NULL; 6815 struct net_device *dev = info->user_ptr[1]; 6816 struct cfg80211_pmksa pmksa; 6817 6818 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 6819 6820 if (!info->attrs[NL80211_ATTR_MAC]) 6821 return -EINVAL; 6822 6823 if (!info->attrs[NL80211_ATTR_PMKID]) 6824 return -EINVAL; 6825 6826 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 6827 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 6828 6829 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6830 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6831 return -EOPNOTSUPP; 6832 6833 switch (info->genlhdr->cmd) { 6834 case NL80211_CMD_SET_PMKSA: 6835 rdev_ops = rdev->ops->set_pmksa; 6836 break; 6837 case NL80211_CMD_DEL_PMKSA: 6838 rdev_ops = rdev->ops->del_pmksa; 6839 break; 6840 default: 6841 WARN_ON(1); 6842 break; 6843 } 6844 6845 if (!rdev_ops) 6846 return -EOPNOTSUPP; 6847 6848 return rdev_ops(&rdev->wiphy, dev, &pmksa); 6849 } 6850 6851 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 6852 { 6853 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6854 struct net_device *dev = info->user_ptr[1]; 6855 6856 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6857 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6858 return -EOPNOTSUPP; 6859 6860 if (!rdev->ops->flush_pmksa) 6861 return -EOPNOTSUPP; 6862 6863 return rdev_flush_pmksa(rdev, dev); 6864 } 6865 6866 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 6867 { 6868 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6869 struct net_device *dev = info->user_ptr[1]; 6870 u8 action_code, dialog_token; 6871 u16 status_code; 6872 u8 *peer; 6873 6874 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 6875 !rdev->ops->tdls_mgmt) 6876 return -EOPNOTSUPP; 6877 6878 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 6879 !info->attrs[NL80211_ATTR_STATUS_CODE] || 6880 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 6881 !info->attrs[NL80211_ATTR_IE] || 6882 !info->attrs[NL80211_ATTR_MAC]) 6883 return -EINVAL; 6884 6885 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 6886 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 6887 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 6888 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 6889 6890 return rdev_tdls_mgmt(rdev, dev, peer, action_code, 6891 dialog_token, status_code, 6892 nla_data(info->attrs[NL80211_ATTR_IE]), 6893 nla_len(info->attrs[NL80211_ATTR_IE])); 6894 } 6895 6896 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 6897 { 6898 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6899 struct net_device *dev = info->user_ptr[1]; 6900 enum nl80211_tdls_operation operation; 6901 u8 *peer; 6902 6903 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 6904 !rdev->ops->tdls_oper) 6905 return -EOPNOTSUPP; 6906 6907 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 6908 !info->attrs[NL80211_ATTR_MAC]) 6909 return -EINVAL; 6910 6911 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 6912 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 6913 6914 return rdev_tdls_oper(rdev, dev, peer, operation); 6915 } 6916 6917 static int nl80211_remain_on_channel(struct sk_buff *skb, 6918 struct genl_info *info) 6919 { 6920 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6921 struct wireless_dev *wdev = info->user_ptr[1]; 6922 struct cfg80211_chan_def chandef; 6923 struct sk_buff *msg; 6924 void *hdr; 6925 u64 cookie; 6926 u32 duration; 6927 int err; 6928 6929 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 6930 !info->attrs[NL80211_ATTR_DURATION]) 6931 return -EINVAL; 6932 6933 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 6934 6935 if (!rdev->ops->remain_on_channel || 6936 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 6937 return -EOPNOTSUPP; 6938 6939 /* 6940 * We should be on that channel for at least a minimum amount of 6941 * time (10ms) but no longer than the driver supports. 6942 */ 6943 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 6944 duration > rdev->wiphy.max_remain_on_channel_duration) 6945 return -EINVAL; 6946 6947 err = nl80211_parse_chandef(rdev, info, &chandef); 6948 if (err) 6949 return err; 6950 6951 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6952 if (!msg) 6953 return -ENOMEM; 6954 6955 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6956 NL80211_CMD_REMAIN_ON_CHANNEL); 6957 if (!hdr) { 6958 err = -ENOBUFS; 6959 goto free_msg; 6960 } 6961 6962 err = rdev_remain_on_channel(rdev, wdev, chandef.chan, 6963 duration, &cookie); 6964 6965 if (err) 6966 goto free_msg; 6967 6968 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 6969 goto nla_put_failure; 6970 6971 genlmsg_end(msg, hdr); 6972 6973 return genlmsg_reply(msg, info); 6974 6975 nla_put_failure: 6976 err = -ENOBUFS; 6977 free_msg: 6978 nlmsg_free(msg); 6979 return err; 6980 } 6981 6982 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 6983 struct genl_info *info) 6984 { 6985 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6986 struct wireless_dev *wdev = info->user_ptr[1]; 6987 u64 cookie; 6988 6989 if (!info->attrs[NL80211_ATTR_COOKIE]) 6990 return -EINVAL; 6991 6992 if (!rdev->ops->cancel_remain_on_channel) 6993 return -EOPNOTSUPP; 6994 6995 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 6996 6997 return rdev_cancel_remain_on_channel(rdev, wdev, cookie); 6998 } 6999 7000 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 7001 u8 *rates, u8 rates_len) 7002 { 7003 u8 i; 7004 u32 mask = 0; 7005 7006 for (i = 0; i < rates_len; i++) { 7007 int rate = (rates[i] & 0x7f) * 5; 7008 int ridx; 7009 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 7010 struct ieee80211_rate *srate = 7011 &sband->bitrates[ridx]; 7012 if (rate == srate->bitrate) { 7013 mask |= 1 << ridx; 7014 break; 7015 } 7016 } 7017 if (ridx == sband->n_bitrates) 7018 return 0; /* rate not found */ 7019 } 7020 7021 return mask; 7022 } 7023 7024 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 7025 u8 *rates, u8 rates_len, 7026 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 7027 { 7028 u8 i; 7029 7030 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 7031 7032 for (i = 0; i < rates_len; i++) { 7033 int ridx, rbit; 7034 7035 ridx = rates[i] / 8; 7036 rbit = BIT(rates[i] % 8); 7037 7038 /* check validity */ 7039 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 7040 return false; 7041 7042 /* check availability */ 7043 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 7044 mcs[ridx] |= rbit; 7045 else 7046 return false; 7047 } 7048 7049 return true; 7050 } 7051 7052 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 7053 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 7054 .len = NL80211_MAX_SUPP_RATES }, 7055 [NL80211_TXRATE_MCS] = { .type = NLA_BINARY, 7056 .len = NL80211_MAX_SUPP_HT_RATES }, 7057 }; 7058 7059 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 7060 struct genl_info *info) 7061 { 7062 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 7063 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7064 struct cfg80211_bitrate_mask mask; 7065 int rem, i; 7066 struct net_device *dev = info->user_ptr[1]; 7067 struct nlattr *tx_rates; 7068 struct ieee80211_supported_band *sband; 7069 7070 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 7071 return -EINVAL; 7072 7073 if (!rdev->ops->set_bitrate_mask) 7074 return -EOPNOTSUPP; 7075 7076 memset(&mask, 0, sizeof(mask)); 7077 /* Default to all rates enabled */ 7078 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 7079 sband = rdev->wiphy.bands[i]; 7080 mask.control[i].legacy = 7081 sband ? (1 << sband->n_bitrates) - 1 : 0; 7082 if (sband) 7083 memcpy(mask.control[i].mcs, 7084 sband->ht_cap.mcs.rx_mask, 7085 sizeof(mask.control[i].mcs)); 7086 else 7087 memset(mask.control[i].mcs, 0, 7088 sizeof(mask.control[i].mcs)); 7089 } 7090 7091 /* 7092 * The nested attribute uses enum nl80211_band as the index. This maps 7093 * directly to the enum ieee80211_band values used in cfg80211. 7094 */ 7095 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 7096 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 7097 { 7098 enum ieee80211_band band = nla_type(tx_rates); 7099 if (band < 0 || band >= IEEE80211_NUM_BANDS) 7100 return -EINVAL; 7101 sband = rdev->wiphy.bands[band]; 7102 if (sband == NULL) 7103 return -EINVAL; 7104 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 7105 nla_len(tx_rates), nl80211_txattr_policy); 7106 if (tb[NL80211_TXRATE_LEGACY]) { 7107 mask.control[band].legacy = rateset_to_mask( 7108 sband, 7109 nla_data(tb[NL80211_TXRATE_LEGACY]), 7110 nla_len(tb[NL80211_TXRATE_LEGACY])); 7111 if ((mask.control[band].legacy == 0) && 7112 nla_len(tb[NL80211_TXRATE_LEGACY])) 7113 return -EINVAL; 7114 } 7115 if (tb[NL80211_TXRATE_MCS]) { 7116 if (!ht_rateset_to_mask( 7117 sband, 7118 nla_data(tb[NL80211_TXRATE_MCS]), 7119 nla_len(tb[NL80211_TXRATE_MCS]), 7120 mask.control[band].mcs)) 7121 return -EINVAL; 7122 } 7123 7124 if (mask.control[band].legacy == 0) { 7125 /* don't allow empty legacy rates if HT 7126 * is not even supported. */ 7127 if (!rdev->wiphy.bands[band]->ht_cap.ht_supported) 7128 return -EINVAL; 7129 7130 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 7131 if (mask.control[band].mcs[i]) 7132 break; 7133 7134 /* legacy and mcs rates may not be both empty */ 7135 if (i == IEEE80211_HT_MCS_MASK_LEN) 7136 return -EINVAL; 7137 } 7138 } 7139 7140 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask); 7141 } 7142 7143 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 7144 { 7145 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7146 struct wireless_dev *wdev = info->user_ptr[1]; 7147 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 7148 7149 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 7150 return -EINVAL; 7151 7152 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 7153 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 7154 7155 switch (wdev->iftype) { 7156 case NL80211_IFTYPE_STATION: 7157 case NL80211_IFTYPE_ADHOC: 7158 case NL80211_IFTYPE_P2P_CLIENT: 7159 case NL80211_IFTYPE_AP: 7160 case NL80211_IFTYPE_AP_VLAN: 7161 case NL80211_IFTYPE_MESH_POINT: 7162 case NL80211_IFTYPE_P2P_GO: 7163 case NL80211_IFTYPE_P2P_DEVICE: 7164 break; 7165 default: 7166 return -EOPNOTSUPP; 7167 } 7168 7169 /* not much point in registering if we can't reply */ 7170 if (!rdev->ops->mgmt_tx) 7171 return -EOPNOTSUPP; 7172 7173 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type, 7174 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 7175 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 7176 } 7177 7178 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 7179 { 7180 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7181 struct wireless_dev *wdev = info->user_ptr[1]; 7182 struct cfg80211_chan_def chandef; 7183 int err; 7184 void *hdr = NULL; 7185 u64 cookie; 7186 struct sk_buff *msg = NULL; 7187 unsigned int wait = 0; 7188 bool offchan, no_cck, dont_wait_for_ack; 7189 7190 dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK]; 7191 7192 if (!info->attrs[NL80211_ATTR_FRAME]) 7193 return -EINVAL; 7194 7195 if (!rdev->ops->mgmt_tx) 7196 return -EOPNOTSUPP; 7197 7198 switch (wdev->iftype) { 7199 case NL80211_IFTYPE_P2P_DEVICE: 7200 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 7201 return -EINVAL; 7202 case NL80211_IFTYPE_STATION: 7203 case NL80211_IFTYPE_ADHOC: 7204 case NL80211_IFTYPE_P2P_CLIENT: 7205 case NL80211_IFTYPE_AP: 7206 case NL80211_IFTYPE_AP_VLAN: 7207 case NL80211_IFTYPE_MESH_POINT: 7208 case NL80211_IFTYPE_P2P_GO: 7209 break; 7210 default: 7211 return -EOPNOTSUPP; 7212 } 7213 7214 if (info->attrs[NL80211_ATTR_DURATION]) { 7215 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 7216 return -EINVAL; 7217 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 7218 7219 /* 7220 * We should wait on the channel for at least a minimum amount 7221 * of time (10ms) but no longer than the driver supports. 7222 */ 7223 if (wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 7224 wait > rdev->wiphy.max_remain_on_channel_duration) 7225 return -EINVAL; 7226 7227 } 7228 7229 offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 7230 7231 if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 7232 return -EINVAL; 7233 7234 no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 7235 7236 /* get the channel if any has been specified, otherwise pass NULL to 7237 * the driver. The latter will use the current one 7238 */ 7239 chandef.chan = NULL; 7240 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 7241 err = nl80211_parse_chandef(rdev, info, &chandef); 7242 if (err) 7243 return err; 7244 } 7245 7246 if (!chandef.chan && offchan) 7247 return -EINVAL; 7248 7249 if (!dont_wait_for_ack) { 7250 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7251 if (!msg) 7252 return -ENOMEM; 7253 7254 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 7255 NL80211_CMD_FRAME); 7256 if (!hdr) { 7257 err = -ENOBUFS; 7258 goto free_msg; 7259 } 7260 } 7261 7262 err = cfg80211_mlme_mgmt_tx(rdev, wdev, chandef.chan, offchan, wait, 7263 nla_data(info->attrs[NL80211_ATTR_FRAME]), 7264 nla_len(info->attrs[NL80211_ATTR_FRAME]), 7265 no_cck, dont_wait_for_ack, &cookie); 7266 if (err) 7267 goto free_msg; 7268 7269 if (msg) { 7270 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 7271 goto nla_put_failure; 7272 7273 genlmsg_end(msg, hdr); 7274 return genlmsg_reply(msg, info); 7275 } 7276 7277 return 0; 7278 7279 nla_put_failure: 7280 err = -ENOBUFS; 7281 free_msg: 7282 nlmsg_free(msg); 7283 return err; 7284 } 7285 7286 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 7287 { 7288 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7289 struct wireless_dev *wdev = info->user_ptr[1]; 7290 u64 cookie; 7291 7292 if (!info->attrs[NL80211_ATTR_COOKIE]) 7293 return -EINVAL; 7294 7295 if (!rdev->ops->mgmt_tx_cancel_wait) 7296 return -EOPNOTSUPP; 7297 7298 switch (wdev->iftype) { 7299 case NL80211_IFTYPE_STATION: 7300 case NL80211_IFTYPE_ADHOC: 7301 case NL80211_IFTYPE_P2P_CLIENT: 7302 case NL80211_IFTYPE_AP: 7303 case NL80211_IFTYPE_AP_VLAN: 7304 case NL80211_IFTYPE_P2P_GO: 7305 case NL80211_IFTYPE_P2P_DEVICE: 7306 break; 7307 default: 7308 return -EOPNOTSUPP; 7309 } 7310 7311 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 7312 7313 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie); 7314 } 7315 7316 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 7317 { 7318 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7319 struct wireless_dev *wdev; 7320 struct net_device *dev = info->user_ptr[1]; 7321 u8 ps_state; 7322 bool state; 7323 int err; 7324 7325 if (!info->attrs[NL80211_ATTR_PS_STATE]) 7326 return -EINVAL; 7327 7328 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 7329 7330 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) 7331 return -EINVAL; 7332 7333 wdev = dev->ieee80211_ptr; 7334 7335 if (!rdev->ops->set_power_mgmt) 7336 return -EOPNOTSUPP; 7337 7338 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 7339 7340 if (state == wdev->ps) 7341 return 0; 7342 7343 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout); 7344 if (!err) 7345 wdev->ps = state; 7346 return err; 7347 } 7348 7349 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 7350 { 7351 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7352 enum nl80211_ps_state ps_state; 7353 struct wireless_dev *wdev; 7354 struct net_device *dev = info->user_ptr[1]; 7355 struct sk_buff *msg; 7356 void *hdr; 7357 int err; 7358 7359 wdev = dev->ieee80211_ptr; 7360 7361 if (!rdev->ops->set_power_mgmt) 7362 return -EOPNOTSUPP; 7363 7364 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7365 if (!msg) 7366 return -ENOMEM; 7367 7368 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 7369 NL80211_CMD_GET_POWER_SAVE); 7370 if (!hdr) { 7371 err = -ENOBUFS; 7372 goto free_msg; 7373 } 7374 7375 if (wdev->ps) 7376 ps_state = NL80211_PS_ENABLED; 7377 else 7378 ps_state = NL80211_PS_DISABLED; 7379 7380 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state)) 7381 goto nla_put_failure; 7382 7383 genlmsg_end(msg, hdr); 7384 return genlmsg_reply(msg, info); 7385 7386 nla_put_failure: 7387 err = -ENOBUFS; 7388 free_msg: 7389 nlmsg_free(msg); 7390 return err; 7391 } 7392 7393 static struct nla_policy 7394 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 7395 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 7396 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 7397 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 7398 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 }, 7399 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 }, 7400 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 }, 7401 }; 7402 7403 static int nl80211_set_cqm_txe(struct genl_info *info, 7404 u32 rate, u32 pkts, u32 intvl) 7405 { 7406 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7407 struct wireless_dev *wdev; 7408 struct net_device *dev = info->user_ptr[1]; 7409 7410 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL) 7411 return -EINVAL; 7412 7413 wdev = dev->ieee80211_ptr; 7414 7415 if (!rdev->ops->set_cqm_txe_config) 7416 return -EOPNOTSUPP; 7417 7418 if (wdev->iftype != NL80211_IFTYPE_STATION && 7419 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 7420 return -EOPNOTSUPP; 7421 7422 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl); 7423 } 7424 7425 static int nl80211_set_cqm_rssi(struct genl_info *info, 7426 s32 threshold, u32 hysteresis) 7427 { 7428 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7429 struct wireless_dev *wdev; 7430 struct net_device *dev = info->user_ptr[1]; 7431 7432 if (threshold > 0) 7433 return -EINVAL; 7434 7435 wdev = dev->ieee80211_ptr; 7436 7437 if (!rdev->ops->set_cqm_rssi_config) 7438 return -EOPNOTSUPP; 7439 7440 if (wdev->iftype != NL80211_IFTYPE_STATION && 7441 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 7442 return -EOPNOTSUPP; 7443 7444 return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis); 7445 } 7446 7447 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 7448 { 7449 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 7450 struct nlattr *cqm; 7451 int err; 7452 7453 cqm = info->attrs[NL80211_ATTR_CQM]; 7454 if (!cqm) { 7455 err = -EINVAL; 7456 goto out; 7457 } 7458 7459 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 7460 nl80211_attr_cqm_policy); 7461 if (err) 7462 goto out; 7463 7464 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 7465 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 7466 s32 threshold; 7467 u32 hysteresis; 7468 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 7469 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 7470 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 7471 } else if (attrs[NL80211_ATTR_CQM_TXE_RATE] && 7472 attrs[NL80211_ATTR_CQM_TXE_PKTS] && 7473 attrs[NL80211_ATTR_CQM_TXE_INTVL]) { 7474 u32 rate, pkts, intvl; 7475 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]); 7476 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]); 7477 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]); 7478 err = nl80211_set_cqm_txe(info, rate, pkts, intvl); 7479 } else 7480 err = -EINVAL; 7481 7482 out: 7483 return err; 7484 } 7485 7486 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 7487 { 7488 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7489 struct net_device *dev = info->user_ptr[1]; 7490 struct mesh_config cfg; 7491 struct mesh_setup setup; 7492 int err; 7493 7494 /* start with default */ 7495 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 7496 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 7497 7498 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 7499 /* and parse parameters if given */ 7500 err = nl80211_parse_mesh_config(info, &cfg, NULL); 7501 if (err) 7502 return err; 7503 } 7504 7505 if (!info->attrs[NL80211_ATTR_MESH_ID] || 7506 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 7507 return -EINVAL; 7508 7509 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 7510 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 7511 7512 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 7513 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 7514 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 7515 return -EINVAL; 7516 7517 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 7518 setup.beacon_interval = 7519 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 7520 if (setup.beacon_interval < 10 || 7521 setup.beacon_interval > 10000) 7522 return -EINVAL; 7523 } 7524 7525 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) { 7526 setup.dtim_period = 7527 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 7528 if (setup.dtim_period < 1 || setup.dtim_period > 100) 7529 return -EINVAL; 7530 } 7531 7532 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 7533 /* parse additional setup parameters if given */ 7534 err = nl80211_parse_mesh_setup(info, &setup); 7535 if (err) 7536 return err; 7537 } 7538 7539 if (setup.user_mpm) 7540 cfg.auto_open_plinks = false; 7541 7542 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 7543 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 7544 if (err) 7545 return err; 7546 } else { 7547 /* cfg80211_join_mesh() will sort it out */ 7548 setup.chandef.chan = NULL; 7549 } 7550 7551 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 7552 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 7553 int n_rates = 7554 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 7555 struct ieee80211_supported_band *sband; 7556 7557 if (!setup.chandef.chan) 7558 return -EINVAL; 7559 7560 sband = rdev->wiphy.bands[setup.chandef.chan->band]; 7561 7562 err = ieee80211_get_ratemask(sband, rates, n_rates, 7563 &setup.basic_rates); 7564 if (err) 7565 return err; 7566 } 7567 7568 return cfg80211_join_mesh(rdev, dev, &setup, &cfg); 7569 } 7570 7571 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 7572 { 7573 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7574 struct net_device *dev = info->user_ptr[1]; 7575 7576 return cfg80211_leave_mesh(rdev, dev); 7577 } 7578 7579 #ifdef CONFIG_PM 7580 static int nl80211_send_wowlan_patterns(struct sk_buff *msg, 7581 struct cfg80211_registered_device *rdev) 7582 { 7583 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config; 7584 struct nlattr *nl_pats, *nl_pat; 7585 int i, pat_len; 7586 7587 if (!wowlan->n_patterns) 7588 return 0; 7589 7590 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN); 7591 if (!nl_pats) 7592 return -ENOBUFS; 7593 7594 for (i = 0; i < wowlan->n_patterns; i++) { 7595 nl_pat = nla_nest_start(msg, i + 1); 7596 if (!nl_pat) 7597 return -ENOBUFS; 7598 pat_len = wowlan->patterns[i].pattern_len; 7599 if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK, 7600 DIV_ROUND_UP(pat_len, 8), 7601 wowlan->patterns[i].mask) || 7602 nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN, 7603 pat_len, wowlan->patterns[i].pattern) || 7604 nla_put_u32(msg, NL80211_WOWLAN_PKTPAT_OFFSET, 7605 wowlan->patterns[i].pkt_offset)) 7606 return -ENOBUFS; 7607 nla_nest_end(msg, nl_pat); 7608 } 7609 nla_nest_end(msg, nl_pats); 7610 7611 return 0; 7612 } 7613 7614 static int nl80211_send_wowlan_tcp(struct sk_buff *msg, 7615 struct cfg80211_wowlan_tcp *tcp) 7616 { 7617 struct nlattr *nl_tcp; 7618 7619 if (!tcp) 7620 return 0; 7621 7622 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION); 7623 if (!nl_tcp) 7624 return -ENOBUFS; 7625 7626 if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) || 7627 nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) || 7628 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) || 7629 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) || 7630 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) || 7631 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 7632 tcp->payload_len, tcp->payload) || 7633 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 7634 tcp->data_interval) || 7635 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 7636 tcp->wake_len, tcp->wake_data) || 7637 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK, 7638 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask)) 7639 return -ENOBUFS; 7640 7641 if (tcp->payload_seq.len && 7642 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ, 7643 sizeof(tcp->payload_seq), &tcp->payload_seq)) 7644 return -ENOBUFS; 7645 7646 if (tcp->payload_tok.len && 7647 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 7648 sizeof(tcp->payload_tok) + tcp->tokens_size, 7649 &tcp->payload_tok)) 7650 return -ENOBUFS; 7651 7652 nla_nest_end(msg, nl_tcp); 7653 7654 return 0; 7655 } 7656 7657 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 7658 { 7659 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7660 struct sk_buff *msg; 7661 void *hdr; 7662 u32 size = NLMSG_DEFAULT_SIZE; 7663 7664 if (!rdev->wiphy.wowlan) 7665 return -EOPNOTSUPP; 7666 7667 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) { 7668 /* adjust size to have room for all the data */ 7669 size += rdev->wiphy.wowlan_config->tcp->tokens_size + 7670 rdev->wiphy.wowlan_config->tcp->payload_len + 7671 rdev->wiphy.wowlan_config->tcp->wake_len + 7672 rdev->wiphy.wowlan_config->tcp->wake_len / 8; 7673 } 7674 7675 msg = nlmsg_new(size, GFP_KERNEL); 7676 if (!msg) 7677 return -ENOMEM; 7678 7679 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 7680 NL80211_CMD_GET_WOWLAN); 7681 if (!hdr) 7682 goto nla_put_failure; 7683 7684 if (rdev->wiphy.wowlan_config) { 7685 struct nlattr *nl_wowlan; 7686 7687 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 7688 if (!nl_wowlan) 7689 goto nla_put_failure; 7690 7691 if ((rdev->wiphy.wowlan_config->any && 7692 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 7693 (rdev->wiphy.wowlan_config->disconnect && 7694 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 7695 (rdev->wiphy.wowlan_config->magic_pkt && 7696 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 7697 (rdev->wiphy.wowlan_config->gtk_rekey_failure && 7698 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 7699 (rdev->wiphy.wowlan_config->eap_identity_req && 7700 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 7701 (rdev->wiphy.wowlan_config->four_way_handshake && 7702 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 7703 (rdev->wiphy.wowlan_config->rfkill_release && 7704 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 7705 goto nla_put_failure; 7706 7707 if (nl80211_send_wowlan_patterns(msg, rdev)) 7708 goto nla_put_failure; 7709 7710 if (nl80211_send_wowlan_tcp(msg, 7711 rdev->wiphy.wowlan_config->tcp)) 7712 goto nla_put_failure; 7713 7714 nla_nest_end(msg, nl_wowlan); 7715 } 7716 7717 genlmsg_end(msg, hdr); 7718 return genlmsg_reply(msg, info); 7719 7720 nla_put_failure: 7721 nlmsg_free(msg); 7722 return -ENOBUFS; 7723 } 7724 7725 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev, 7726 struct nlattr *attr, 7727 struct cfg80211_wowlan *trig) 7728 { 7729 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP]; 7730 struct cfg80211_wowlan_tcp *cfg; 7731 struct nl80211_wowlan_tcp_data_token *tok = NULL; 7732 struct nl80211_wowlan_tcp_data_seq *seq = NULL; 7733 u32 size; 7734 u32 data_size, wake_size, tokens_size = 0, wake_mask_size; 7735 int err, port; 7736 7737 if (!rdev->wiphy.wowlan->tcp) 7738 return -EINVAL; 7739 7740 err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP, 7741 nla_data(attr), nla_len(attr), 7742 nl80211_wowlan_tcp_policy); 7743 if (err) 7744 return err; 7745 7746 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] || 7747 !tb[NL80211_WOWLAN_TCP_DST_IPV4] || 7748 !tb[NL80211_WOWLAN_TCP_DST_MAC] || 7749 !tb[NL80211_WOWLAN_TCP_DST_PORT] || 7750 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] || 7751 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] || 7752 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] || 7753 !tb[NL80211_WOWLAN_TCP_WAKE_MASK]) 7754 return -EINVAL; 7755 7756 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]); 7757 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max) 7758 return -EINVAL; 7759 7760 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) > 7761 rdev->wiphy.wowlan->tcp->data_interval_max || 7762 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0) 7763 return -EINVAL; 7764 7765 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]); 7766 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max) 7767 return -EINVAL; 7768 7769 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]); 7770 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8)) 7771 return -EINVAL; 7772 7773 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) { 7774 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 7775 7776 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 7777 tokens_size = tokln - sizeof(*tok); 7778 7779 if (!tok->len || tokens_size % tok->len) 7780 return -EINVAL; 7781 if (!rdev->wiphy.wowlan->tcp->tok) 7782 return -EINVAL; 7783 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len) 7784 return -EINVAL; 7785 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len) 7786 return -EINVAL; 7787 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize) 7788 return -EINVAL; 7789 if (tok->offset + tok->len > data_size) 7790 return -EINVAL; 7791 } 7792 7793 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) { 7794 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]); 7795 if (!rdev->wiphy.wowlan->tcp->seq) 7796 return -EINVAL; 7797 if (seq->len == 0 || seq->len > 4) 7798 return -EINVAL; 7799 if (seq->len + seq->offset > data_size) 7800 return -EINVAL; 7801 } 7802 7803 size = sizeof(*cfg); 7804 size += data_size; 7805 size += wake_size + wake_mask_size; 7806 size += tokens_size; 7807 7808 cfg = kzalloc(size, GFP_KERNEL); 7809 if (!cfg) 7810 return -ENOMEM; 7811 cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]); 7812 cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]); 7813 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]), 7814 ETH_ALEN); 7815 if (tb[NL80211_WOWLAN_TCP_SRC_PORT]) 7816 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]); 7817 else 7818 port = 0; 7819 #ifdef CONFIG_INET 7820 /* allocate a socket and port for it and use it */ 7821 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM, 7822 IPPROTO_TCP, &cfg->sock, 1); 7823 if (err) { 7824 kfree(cfg); 7825 return err; 7826 } 7827 if (inet_csk_get_port(cfg->sock->sk, port)) { 7828 sock_release(cfg->sock); 7829 kfree(cfg); 7830 return -EADDRINUSE; 7831 } 7832 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num; 7833 #else 7834 if (!port) { 7835 kfree(cfg); 7836 return -EINVAL; 7837 } 7838 cfg->src_port = port; 7839 #endif 7840 7841 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]); 7842 cfg->payload_len = data_size; 7843 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size; 7844 memcpy((void *)cfg->payload, 7845 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]), 7846 data_size); 7847 if (seq) 7848 cfg->payload_seq = *seq; 7849 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]); 7850 cfg->wake_len = wake_size; 7851 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size; 7852 memcpy((void *)cfg->wake_data, 7853 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]), 7854 wake_size); 7855 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size + 7856 data_size + wake_size; 7857 memcpy((void *)cfg->wake_mask, 7858 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]), 7859 wake_mask_size); 7860 if (tok) { 7861 cfg->tokens_size = tokens_size; 7862 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size); 7863 } 7864 7865 trig->tcp = cfg; 7866 7867 return 0; 7868 } 7869 7870 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 7871 { 7872 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7873 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 7874 struct cfg80211_wowlan new_triggers = {}; 7875 struct cfg80211_wowlan *ntrig; 7876 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan; 7877 int err, i; 7878 bool prev_enabled = rdev->wiphy.wowlan_config; 7879 7880 if (!wowlan) 7881 return -EOPNOTSUPP; 7882 7883 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) { 7884 cfg80211_rdev_free_wowlan(rdev); 7885 rdev->wiphy.wowlan_config = NULL; 7886 goto set_wakeup; 7887 } 7888 7889 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG, 7890 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 7891 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 7892 nl80211_wowlan_policy); 7893 if (err) 7894 return err; 7895 7896 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 7897 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 7898 return -EINVAL; 7899 new_triggers.any = true; 7900 } 7901 7902 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 7903 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 7904 return -EINVAL; 7905 new_triggers.disconnect = true; 7906 } 7907 7908 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 7909 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 7910 return -EINVAL; 7911 new_triggers.magic_pkt = true; 7912 } 7913 7914 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 7915 return -EINVAL; 7916 7917 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 7918 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 7919 return -EINVAL; 7920 new_triggers.gtk_rekey_failure = true; 7921 } 7922 7923 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 7924 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 7925 return -EINVAL; 7926 new_triggers.eap_identity_req = true; 7927 } 7928 7929 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 7930 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 7931 return -EINVAL; 7932 new_triggers.four_way_handshake = true; 7933 } 7934 7935 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 7936 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 7937 return -EINVAL; 7938 new_triggers.rfkill_release = true; 7939 } 7940 7941 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 7942 struct nlattr *pat; 7943 int n_patterns = 0; 7944 int rem, pat_len, mask_len, pkt_offset; 7945 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT]; 7946 7947 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 7948 rem) 7949 n_patterns++; 7950 if (n_patterns > wowlan->n_patterns) 7951 return -EINVAL; 7952 7953 new_triggers.patterns = kcalloc(n_patterns, 7954 sizeof(new_triggers.patterns[0]), 7955 GFP_KERNEL); 7956 if (!new_triggers.patterns) 7957 return -ENOMEM; 7958 7959 new_triggers.n_patterns = n_patterns; 7960 i = 0; 7961 7962 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 7963 rem) { 7964 nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT, 7965 nla_data(pat), nla_len(pat), NULL); 7966 err = -EINVAL; 7967 if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] || 7968 !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]) 7969 goto error; 7970 pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]); 7971 mask_len = DIV_ROUND_UP(pat_len, 8); 7972 if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) != 7973 mask_len) 7974 goto error; 7975 if (pat_len > wowlan->pattern_max_len || 7976 pat_len < wowlan->pattern_min_len) 7977 goto error; 7978 7979 if (!pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]) 7980 pkt_offset = 0; 7981 else 7982 pkt_offset = nla_get_u32( 7983 pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]); 7984 if (pkt_offset > wowlan->max_pkt_offset) 7985 goto error; 7986 new_triggers.patterns[i].pkt_offset = pkt_offset; 7987 7988 new_triggers.patterns[i].mask = 7989 kmalloc(mask_len + pat_len, GFP_KERNEL); 7990 if (!new_triggers.patterns[i].mask) { 7991 err = -ENOMEM; 7992 goto error; 7993 } 7994 new_triggers.patterns[i].pattern = 7995 new_triggers.patterns[i].mask + mask_len; 7996 memcpy(new_triggers.patterns[i].mask, 7997 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]), 7998 mask_len); 7999 new_triggers.patterns[i].pattern_len = pat_len; 8000 memcpy(new_triggers.patterns[i].pattern, 8001 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]), 8002 pat_len); 8003 i++; 8004 } 8005 } 8006 8007 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) { 8008 err = nl80211_parse_wowlan_tcp( 8009 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION], 8010 &new_triggers); 8011 if (err) 8012 goto error; 8013 } 8014 8015 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL); 8016 if (!ntrig) { 8017 err = -ENOMEM; 8018 goto error; 8019 } 8020 cfg80211_rdev_free_wowlan(rdev); 8021 rdev->wiphy.wowlan_config = ntrig; 8022 8023 set_wakeup: 8024 if (rdev->ops->set_wakeup && 8025 prev_enabled != !!rdev->wiphy.wowlan_config) 8026 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config); 8027 8028 return 0; 8029 error: 8030 for (i = 0; i < new_triggers.n_patterns; i++) 8031 kfree(new_triggers.patterns[i].mask); 8032 kfree(new_triggers.patterns); 8033 if (new_triggers.tcp && new_triggers.tcp->sock) 8034 sock_release(new_triggers.tcp->sock); 8035 kfree(new_triggers.tcp); 8036 return err; 8037 } 8038 #endif 8039 8040 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 8041 { 8042 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8043 struct net_device *dev = info->user_ptr[1]; 8044 struct wireless_dev *wdev = dev->ieee80211_ptr; 8045 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 8046 struct cfg80211_gtk_rekey_data rekey_data; 8047 int err; 8048 8049 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 8050 return -EINVAL; 8051 8052 err = nla_parse(tb, MAX_NL80211_REKEY_DATA, 8053 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]), 8054 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]), 8055 nl80211_rekey_policy); 8056 if (err) 8057 return err; 8058 8059 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) 8060 return -ERANGE; 8061 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) 8062 return -ERANGE; 8063 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN) 8064 return -ERANGE; 8065 8066 memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]), 8067 NL80211_KEK_LEN); 8068 memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]), 8069 NL80211_KCK_LEN); 8070 memcpy(rekey_data.replay_ctr, 8071 nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]), 8072 NL80211_REPLAY_CTR_LEN); 8073 8074 wdev_lock(wdev); 8075 if (!wdev->current_bss) { 8076 err = -ENOTCONN; 8077 goto out; 8078 } 8079 8080 if (!rdev->ops->set_rekey_data) { 8081 err = -EOPNOTSUPP; 8082 goto out; 8083 } 8084 8085 err = rdev_set_rekey_data(rdev, dev, &rekey_data); 8086 out: 8087 wdev_unlock(wdev); 8088 return err; 8089 } 8090 8091 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 8092 struct genl_info *info) 8093 { 8094 struct net_device *dev = info->user_ptr[1]; 8095 struct wireless_dev *wdev = dev->ieee80211_ptr; 8096 8097 if (wdev->iftype != NL80211_IFTYPE_AP && 8098 wdev->iftype != NL80211_IFTYPE_P2P_GO) 8099 return -EINVAL; 8100 8101 if (wdev->ap_unexpected_nlportid) 8102 return -EBUSY; 8103 8104 wdev->ap_unexpected_nlportid = info->snd_portid; 8105 return 0; 8106 } 8107 8108 static int nl80211_probe_client(struct sk_buff *skb, 8109 struct genl_info *info) 8110 { 8111 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8112 struct net_device *dev = info->user_ptr[1]; 8113 struct wireless_dev *wdev = dev->ieee80211_ptr; 8114 struct sk_buff *msg; 8115 void *hdr; 8116 const u8 *addr; 8117 u64 cookie; 8118 int err; 8119 8120 if (wdev->iftype != NL80211_IFTYPE_AP && 8121 wdev->iftype != NL80211_IFTYPE_P2P_GO) 8122 return -EOPNOTSUPP; 8123 8124 if (!info->attrs[NL80211_ATTR_MAC]) 8125 return -EINVAL; 8126 8127 if (!rdev->ops->probe_client) 8128 return -EOPNOTSUPP; 8129 8130 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8131 if (!msg) 8132 return -ENOMEM; 8133 8134 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 8135 NL80211_CMD_PROBE_CLIENT); 8136 if (!hdr) { 8137 err = -ENOBUFS; 8138 goto free_msg; 8139 } 8140 8141 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 8142 8143 err = rdev_probe_client(rdev, dev, addr, &cookie); 8144 if (err) 8145 goto free_msg; 8146 8147 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 8148 goto nla_put_failure; 8149 8150 genlmsg_end(msg, hdr); 8151 8152 return genlmsg_reply(msg, info); 8153 8154 nla_put_failure: 8155 err = -ENOBUFS; 8156 free_msg: 8157 nlmsg_free(msg); 8158 return err; 8159 } 8160 8161 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 8162 { 8163 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8164 struct cfg80211_beacon_registration *reg, *nreg; 8165 int rv; 8166 8167 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 8168 return -EOPNOTSUPP; 8169 8170 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL); 8171 if (!nreg) 8172 return -ENOMEM; 8173 8174 /* First, check if already registered. */ 8175 spin_lock_bh(&rdev->beacon_registrations_lock); 8176 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 8177 if (reg->nlportid == info->snd_portid) { 8178 rv = -EALREADY; 8179 goto out_err; 8180 } 8181 } 8182 /* Add it to the list */ 8183 nreg->nlportid = info->snd_portid; 8184 list_add(&nreg->list, &rdev->beacon_registrations); 8185 8186 spin_unlock_bh(&rdev->beacon_registrations_lock); 8187 8188 return 0; 8189 out_err: 8190 spin_unlock_bh(&rdev->beacon_registrations_lock); 8191 kfree(nreg); 8192 return rv; 8193 } 8194 8195 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info) 8196 { 8197 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8198 struct wireless_dev *wdev = info->user_ptr[1]; 8199 int err; 8200 8201 if (!rdev->ops->start_p2p_device) 8202 return -EOPNOTSUPP; 8203 8204 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 8205 return -EOPNOTSUPP; 8206 8207 if (wdev->p2p_started) 8208 return 0; 8209 8210 err = cfg80211_can_add_interface(rdev, wdev->iftype); 8211 if (err) 8212 return err; 8213 8214 err = rdev_start_p2p_device(rdev, wdev); 8215 if (err) 8216 return err; 8217 8218 wdev->p2p_started = true; 8219 rdev->opencount++; 8220 8221 return 0; 8222 } 8223 8224 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info) 8225 { 8226 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8227 struct wireless_dev *wdev = info->user_ptr[1]; 8228 8229 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 8230 return -EOPNOTSUPP; 8231 8232 if (!rdev->ops->stop_p2p_device) 8233 return -EOPNOTSUPP; 8234 8235 cfg80211_stop_p2p_device(rdev, wdev); 8236 8237 return 0; 8238 } 8239 8240 static int nl80211_get_protocol_features(struct sk_buff *skb, 8241 struct genl_info *info) 8242 { 8243 void *hdr; 8244 struct sk_buff *msg; 8245 8246 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8247 if (!msg) 8248 return -ENOMEM; 8249 8250 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 8251 NL80211_CMD_GET_PROTOCOL_FEATURES); 8252 if (!hdr) 8253 goto nla_put_failure; 8254 8255 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES, 8256 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP)) 8257 goto nla_put_failure; 8258 8259 genlmsg_end(msg, hdr); 8260 return genlmsg_reply(msg, info); 8261 8262 nla_put_failure: 8263 kfree_skb(msg); 8264 return -ENOBUFS; 8265 } 8266 8267 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info) 8268 { 8269 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8270 struct cfg80211_update_ft_ies_params ft_params; 8271 struct net_device *dev = info->user_ptr[1]; 8272 8273 if (!rdev->ops->update_ft_ies) 8274 return -EOPNOTSUPP; 8275 8276 if (!info->attrs[NL80211_ATTR_MDID] || 8277 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 8278 return -EINVAL; 8279 8280 memset(&ft_params, 0, sizeof(ft_params)); 8281 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]); 8282 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 8283 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 8284 8285 return rdev_update_ft_ies(rdev, dev, &ft_params); 8286 } 8287 8288 static int nl80211_crit_protocol_start(struct sk_buff *skb, 8289 struct genl_info *info) 8290 { 8291 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8292 struct wireless_dev *wdev = info->user_ptr[1]; 8293 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC; 8294 u16 duration; 8295 int ret; 8296 8297 if (!rdev->ops->crit_proto_start) 8298 return -EOPNOTSUPP; 8299 8300 if (WARN_ON(!rdev->ops->crit_proto_stop)) 8301 return -EINVAL; 8302 8303 if (rdev->crit_proto_nlportid) 8304 return -EBUSY; 8305 8306 /* determine protocol if provided */ 8307 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID]) 8308 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]); 8309 8310 if (proto >= NUM_NL80211_CRIT_PROTO) 8311 return -EINVAL; 8312 8313 /* timeout must be provided */ 8314 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]) 8315 return -EINVAL; 8316 8317 duration = 8318 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]); 8319 8320 if (duration > NL80211_CRIT_PROTO_MAX_DURATION) 8321 return -ERANGE; 8322 8323 ret = rdev_crit_proto_start(rdev, wdev, proto, duration); 8324 if (!ret) 8325 rdev->crit_proto_nlportid = info->snd_portid; 8326 8327 return ret; 8328 } 8329 8330 static int nl80211_crit_protocol_stop(struct sk_buff *skb, 8331 struct genl_info *info) 8332 { 8333 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8334 struct wireless_dev *wdev = info->user_ptr[1]; 8335 8336 if (!rdev->ops->crit_proto_stop) 8337 return -EOPNOTSUPP; 8338 8339 if (rdev->crit_proto_nlportid) { 8340 rdev->crit_proto_nlportid = 0; 8341 rdev_crit_proto_stop(rdev, wdev); 8342 } 8343 return 0; 8344 } 8345 8346 #define NL80211_FLAG_NEED_WIPHY 0x01 8347 #define NL80211_FLAG_NEED_NETDEV 0x02 8348 #define NL80211_FLAG_NEED_RTNL 0x04 8349 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 8350 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 8351 NL80211_FLAG_CHECK_NETDEV_UP) 8352 #define NL80211_FLAG_NEED_WDEV 0x10 8353 /* If a netdev is associated, it must be UP, P2P must be started */ 8354 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ 8355 NL80211_FLAG_CHECK_NETDEV_UP) 8356 8357 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 8358 struct genl_info *info) 8359 { 8360 struct cfg80211_registered_device *rdev; 8361 struct wireless_dev *wdev; 8362 struct net_device *dev; 8363 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL; 8364 8365 if (rtnl) 8366 rtnl_lock(); 8367 8368 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) { 8369 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 8370 if (IS_ERR(rdev)) { 8371 if (rtnl) 8372 rtnl_unlock(); 8373 return PTR_ERR(rdev); 8374 } 8375 info->user_ptr[0] = rdev; 8376 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV || 8377 ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 8378 ASSERT_RTNL(); 8379 8380 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info), 8381 info->attrs); 8382 if (IS_ERR(wdev)) { 8383 if (rtnl) 8384 rtnl_unlock(); 8385 return PTR_ERR(wdev); 8386 } 8387 8388 dev = wdev->netdev; 8389 rdev = wiphy_to_dev(wdev->wiphy); 8390 8391 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) { 8392 if (!dev) { 8393 if (rtnl) 8394 rtnl_unlock(); 8395 return -EINVAL; 8396 } 8397 8398 info->user_ptr[1] = dev; 8399 } else { 8400 info->user_ptr[1] = wdev; 8401 } 8402 8403 if (dev) { 8404 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 8405 !netif_running(dev)) { 8406 if (rtnl) 8407 rtnl_unlock(); 8408 return -ENETDOWN; 8409 } 8410 8411 dev_hold(dev); 8412 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) { 8413 if (!wdev->p2p_started) { 8414 if (rtnl) 8415 rtnl_unlock(); 8416 return -ENETDOWN; 8417 } 8418 } 8419 8420 info->user_ptr[0] = rdev; 8421 } 8422 8423 return 0; 8424 } 8425 8426 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 8427 struct genl_info *info) 8428 { 8429 if (info->user_ptr[1]) { 8430 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 8431 struct wireless_dev *wdev = info->user_ptr[1]; 8432 8433 if (wdev->netdev) 8434 dev_put(wdev->netdev); 8435 } else { 8436 dev_put(info->user_ptr[1]); 8437 } 8438 } 8439 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) 8440 rtnl_unlock(); 8441 } 8442 8443 static struct genl_ops nl80211_ops[] = { 8444 { 8445 .cmd = NL80211_CMD_GET_WIPHY, 8446 .doit = nl80211_get_wiphy, 8447 .dumpit = nl80211_dump_wiphy, 8448 .done = nl80211_dump_wiphy_done, 8449 .policy = nl80211_policy, 8450 /* can be retrieved by unprivileged users */ 8451 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8452 NL80211_FLAG_NEED_RTNL, 8453 }, 8454 { 8455 .cmd = NL80211_CMD_SET_WIPHY, 8456 .doit = nl80211_set_wiphy, 8457 .policy = nl80211_policy, 8458 .flags = GENL_ADMIN_PERM, 8459 .internal_flags = NL80211_FLAG_NEED_RTNL, 8460 }, 8461 { 8462 .cmd = NL80211_CMD_GET_INTERFACE, 8463 .doit = nl80211_get_interface, 8464 .dumpit = nl80211_dump_interface, 8465 .policy = nl80211_policy, 8466 /* can be retrieved by unprivileged users */ 8467 .internal_flags = NL80211_FLAG_NEED_WDEV | 8468 NL80211_FLAG_NEED_RTNL, 8469 }, 8470 { 8471 .cmd = NL80211_CMD_SET_INTERFACE, 8472 .doit = nl80211_set_interface, 8473 .policy = nl80211_policy, 8474 .flags = GENL_ADMIN_PERM, 8475 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8476 NL80211_FLAG_NEED_RTNL, 8477 }, 8478 { 8479 .cmd = NL80211_CMD_NEW_INTERFACE, 8480 .doit = nl80211_new_interface, 8481 .policy = nl80211_policy, 8482 .flags = GENL_ADMIN_PERM, 8483 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8484 NL80211_FLAG_NEED_RTNL, 8485 }, 8486 { 8487 .cmd = NL80211_CMD_DEL_INTERFACE, 8488 .doit = nl80211_del_interface, 8489 .policy = nl80211_policy, 8490 .flags = GENL_ADMIN_PERM, 8491 .internal_flags = NL80211_FLAG_NEED_WDEV | 8492 NL80211_FLAG_NEED_RTNL, 8493 }, 8494 { 8495 .cmd = NL80211_CMD_GET_KEY, 8496 .doit = nl80211_get_key, 8497 .policy = nl80211_policy, 8498 .flags = GENL_ADMIN_PERM, 8499 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8500 NL80211_FLAG_NEED_RTNL, 8501 }, 8502 { 8503 .cmd = NL80211_CMD_SET_KEY, 8504 .doit = nl80211_set_key, 8505 .policy = nl80211_policy, 8506 .flags = GENL_ADMIN_PERM, 8507 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8508 NL80211_FLAG_NEED_RTNL, 8509 }, 8510 { 8511 .cmd = NL80211_CMD_NEW_KEY, 8512 .doit = nl80211_new_key, 8513 .policy = nl80211_policy, 8514 .flags = GENL_ADMIN_PERM, 8515 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8516 NL80211_FLAG_NEED_RTNL, 8517 }, 8518 { 8519 .cmd = NL80211_CMD_DEL_KEY, 8520 .doit = nl80211_del_key, 8521 .policy = nl80211_policy, 8522 .flags = GENL_ADMIN_PERM, 8523 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8524 NL80211_FLAG_NEED_RTNL, 8525 }, 8526 { 8527 .cmd = NL80211_CMD_SET_BEACON, 8528 .policy = nl80211_policy, 8529 .flags = GENL_ADMIN_PERM, 8530 .doit = nl80211_set_beacon, 8531 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8532 NL80211_FLAG_NEED_RTNL, 8533 }, 8534 { 8535 .cmd = NL80211_CMD_START_AP, 8536 .policy = nl80211_policy, 8537 .flags = GENL_ADMIN_PERM, 8538 .doit = nl80211_start_ap, 8539 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8540 NL80211_FLAG_NEED_RTNL, 8541 }, 8542 { 8543 .cmd = NL80211_CMD_STOP_AP, 8544 .policy = nl80211_policy, 8545 .flags = GENL_ADMIN_PERM, 8546 .doit = nl80211_stop_ap, 8547 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8548 NL80211_FLAG_NEED_RTNL, 8549 }, 8550 { 8551 .cmd = NL80211_CMD_GET_STATION, 8552 .doit = nl80211_get_station, 8553 .dumpit = nl80211_dump_station, 8554 .policy = nl80211_policy, 8555 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8556 NL80211_FLAG_NEED_RTNL, 8557 }, 8558 { 8559 .cmd = NL80211_CMD_SET_STATION, 8560 .doit = nl80211_set_station, 8561 .policy = nl80211_policy, 8562 .flags = GENL_ADMIN_PERM, 8563 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8564 NL80211_FLAG_NEED_RTNL, 8565 }, 8566 { 8567 .cmd = NL80211_CMD_NEW_STATION, 8568 .doit = nl80211_new_station, 8569 .policy = nl80211_policy, 8570 .flags = GENL_ADMIN_PERM, 8571 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8572 NL80211_FLAG_NEED_RTNL, 8573 }, 8574 { 8575 .cmd = NL80211_CMD_DEL_STATION, 8576 .doit = nl80211_del_station, 8577 .policy = nl80211_policy, 8578 .flags = GENL_ADMIN_PERM, 8579 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8580 NL80211_FLAG_NEED_RTNL, 8581 }, 8582 { 8583 .cmd = NL80211_CMD_GET_MPATH, 8584 .doit = nl80211_get_mpath, 8585 .dumpit = nl80211_dump_mpath, 8586 .policy = nl80211_policy, 8587 .flags = GENL_ADMIN_PERM, 8588 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8589 NL80211_FLAG_NEED_RTNL, 8590 }, 8591 { 8592 .cmd = NL80211_CMD_SET_MPATH, 8593 .doit = nl80211_set_mpath, 8594 .policy = nl80211_policy, 8595 .flags = GENL_ADMIN_PERM, 8596 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8597 NL80211_FLAG_NEED_RTNL, 8598 }, 8599 { 8600 .cmd = NL80211_CMD_NEW_MPATH, 8601 .doit = nl80211_new_mpath, 8602 .policy = nl80211_policy, 8603 .flags = GENL_ADMIN_PERM, 8604 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8605 NL80211_FLAG_NEED_RTNL, 8606 }, 8607 { 8608 .cmd = NL80211_CMD_DEL_MPATH, 8609 .doit = nl80211_del_mpath, 8610 .policy = nl80211_policy, 8611 .flags = GENL_ADMIN_PERM, 8612 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8613 NL80211_FLAG_NEED_RTNL, 8614 }, 8615 { 8616 .cmd = NL80211_CMD_SET_BSS, 8617 .doit = nl80211_set_bss, 8618 .policy = nl80211_policy, 8619 .flags = GENL_ADMIN_PERM, 8620 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8621 NL80211_FLAG_NEED_RTNL, 8622 }, 8623 { 8624 .cmd = NL80211_CMD_GET_REG, 8625 .doit = nl80211_get_reg, 8626 .policy = nl80211_policy, 8627 .internal_flags = NL80211_FLAG_NEED_RTNL, 8628 /* can be retrieved by unprivileged users */ 8629 }, 8630 { 8631 .cmd = NL80211_CMD_SET_REG, 8632 .doit = nl80211_set_reg, 8633 .policy = nl80211_policy, 8634 .flags = GENL_ADMIN_PERM, 8635 .internal_flags = NL80211_FLAG_NEED_RTNL, 8636 }, 8637 { 8638 .cmd = NL80211_CMD_REQ_SET_REG, 8639 .doit = nl80211_req_set_reg, 8640 .policy = nl80211_policy, 8641 .flags = GENL_ADMIN_PERM, 8642 }, 8643 { 8644 .cmd = NL80211_CMD_GET_MESH_CONFIG, 8645 .doit = nl80211_get_mesh_config, 8646 .policy = nl80211_policy, 8647 /* can be retrieved by unprivileged users */ 8648 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8649 NL80211_FLAG_NEED_RTNL, 8650 }, 8651 { 8652 .cmd = NL80211_CMD_SET_MESH_CONFIG, 8653 .doit = nl80211_update_mesh_config, 8654 .policy = nl80211_policy, 8655 .flags = GENL_ADMIN_PERM, 8656 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8657 NL80211_FLAG_NEED_RTNL, 8658 }, 8659 { 8660 .cmd = NL80211_CMD_TRIGGER_SCAN, 8661 .doit = nl80211_trigger_scan, 8662 .policy = nl80211_policy, 8663 .flags = GENL_ADMIN_PERM, 8664 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8665 NL80211_FLAG_NEED_RTNL, 8666 }, 8667 { 8668 .cmd = NL80211_CMD_GET_SCAN, 8669 .policy = nl80211_policy, 8670 .dumpit = nl80211_dump_scan, 8671 }, 8672 { 8673 .cmd = NL80211_CMD_START_SCHED_SCAN, 8674 .doit = nl80211_start_sched_scan, 8675 .policy = nl80211_policy, 8676 .flags = GENL_ADMIN_PERM, 8677 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8678 NL80211_FLAG_NEED_RTNL, 8679 }, 8680 { 8681 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 8682 .doit = nl80211_stop_sched_scan, 8683 .policy = nl80211_policy, 8684 .flags = GENL_ADMIN_PERM, 8685 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8686 NL80211_FLAG_NEED_RTNL, 8687 }, 8688 { 8689 .cmd = NL80211_CMD_AUTHENTICATE, 8690 .doit = nl80211_authenticate, 8691 .policy = nl80211_policy, 8692 .flags = GENL_ADMIN_PERM, 8693 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8694 NL80211_FLAG_NEED_RTNL, 8695 }, 8696 { 8697 .cmd = NL80211_CMD_ASSOCIATE, 8698 .doit = nl80211_associate, 8699 .policy = nl80211_policy, 8700 .flags = GENL_ADMIN_PERM, 8701 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8702 NL80211_FLAG_NEED_RTNL, 8703 }, 8704 { 8705 .cmd = NL80211_CMD_DEAUTHENTICATE, 8706 .doit = nl80211_deauthenticate, 8707 .policy = nl80211_policy, 8708 .flags = GENL_ADMIN_PERM, 8709 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8710 NL80211_FLAG_NEED_RTNL, 8711 }, 8712 { 8713 .cmd = NL80211_CMD_DISASSOCIATE, 8714 .doit = nl80211_disassociate, 8715 .policy = nl80211_policy, 8716 .flags = GENL_ADMIN_PERM, 8717 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8718 NL80211_FLAG_NEED_RTNL, 8719 }, 8720 { 8721 .cmd = NL80211_CMD_JOIN_IBSS, 8722 .doit = nl80211_join_ibss, 8723 .policy = nl80211_policy, 8724 .flags = GENL_ADMIN_PERM, 8725 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8726 NL80211_FLAG_NEED_RTNL, 8727 }, 8728 { 8729 .cmd = NL80211_CMD_LEAVE_IBSS, 8730 .doit = nl80211_leave_ibss, 8731 .policy = nl80211_policy, 8732 .flags = GENL_ADMIN_PERM, 8733 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8734 NL80211_FLAG_NEED_RTNL, 8735 }, 8736 #ifdef CONFIG_NL80211_TESTMODE 8737 { 8738 .cmd = NL80211_CMD_TESTMODE, 8739 .doit = nl80211_testmode_do, 8740 .dumpit = nl80211_testmode_dump, 8741 .policy = nl80211_policy, 8742 .flags = GENL_ADMIN_PERM, 8743 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8744 NL80211_FLAG_NEED_RTNL, 8745 }, 8746 #endif 8747 { 8748 .cmd = NL80211_CMD_CONNECT, 8749 .doit = nl80211_connect, 8750 .policy = nl80211_policy, 8751 .flags = GENL_ADMIN_PERM, 8752 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8753 NL80211_FLAG_NEED_RTNL, 8754 }, 8755 { 8756 .cmd = NL80211_CMD_DISCONNECT, 8757 .doit = nl80211_disconnect, 8758 .policy = nl80211_policy, 8759 .flags = GENL_ADMIN_PERM, 8760 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8761 NL80211_FLAG_NEED_RTNL, 8762 }, 8763 { 8764 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 8765 .doit = nl80211_wiphy_netns, 8766 .policy = nl80211_policy, 8767 .flags = GENL_ADMIN_PERM, 8768 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8769 NL80211_FLAG_NEED_RTNL, 8770 }, 8771 { 8772 .cmd = NL80211_CMD_GET_SURVEY, 8773 .policy = nl80211_policy, 8774 .dumpit = nl80211_dump_survey, 8775 }, 8776 { 8777 .cmd = NL80211_CMD_SET_PMKSA, 8778 .doit = nl80211_setdel_pmksa, 8779 .policy = nl80211_policy, 8780 .flags = GENL_ADMIN_PERM, 8781 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8782 NL80211_FLAG_NEED_RTNL, 8783 }, 8784 { 8785 .cmd = NL80211_CMD_DEL_PMKSA, 8786 .doit = nl80211_setdel_pmksa, 8787 .policy = nl80211_policy, 8788 .flags = GENL_ADMIN_PERM, 8789 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8790 NL80211_FLAG_NEED_RTNL, 8791 }, 8792 { 8793 .cmd = NL80211_CMD_FLUSH_PMKSA, 8794 .doit = nl80211_flush_pmksa, 8795 .policy = nl80211_policy, 8796 .flags = GENL_ADMIN_PERM, 8797 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8798 NL80211_FLAG_NEED_RTNL, 8799 }, 8800 { 8801 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 8802 .doit = nl80211_remain_on_channel, 8803 .policy = nl80211_policy, 8804 .flags = GENL_ADMIN_PERM, 8805 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8806 NL80211_FLAG_NEED_RTNL, 8807 }, 8808 { 8809 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 8810 .doit = nl80211_cancel_remain_on_channel, 8811 .policy = nl80211_policy, 8812 .flags = GENL_ADMIN_PERM, 8813 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8814 NL80211_FLAG_NEED_RTNL, 8815 }, 8816 { 8817 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 8818 .doit = nl80211_set_tx_bitrate_mask, 8819 .policy = nl80211_policy, 8820 .flags = GENL_ADMIN_PERM, 8821 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8822 NL80211_FLAG_NEED_RTNL, 8823 }, 8824 { 8825 .cmd = NL80211_CMD_REGISTER_FRAME, 8826 .doit = nl80211_register_mgmt, 8827 .policy = nl80211_policy, 8828 .flags = GENL_ADMIN_PERM, 8829 .internal_flags = NL80211_FLAG_NEED_WDEV | 8830 NL80211_FLAG_NEED_RTNL, 8831 }, 8832 { 8833 .cmd = NL80211_CMD_FRAME, 8834 .doit = nl80211_tx_mgmt, 8835 .policy = nl80211_policy, 8836 .flags = GENL_ADMIN_PERM, 8837 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8838 NL80211_FLAG_NEED_RTNL, 8839 }, 8840 { 8841 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 8842 .doit = nl80211_tx_mgmt_cancel_wait, 8843 .policy = nl80211_policy, 8844 .flags = GENL_ADMIN_PERM, 8845 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8846 NL80211_FLAG_NEED_RTNL, 8847 }, 8848 { 8849 .cmd = NL80211_CMD_SET_POWER_SAVE, 8850 .doit = nl80211_set_power_save, 8851 .policy = nl80211_policy, 8852 .flags = GENL_ADMIN_PERM, 8853 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8854 NL80211_FLAG_NEED_RTNL, 8855 }, 8856 { 8857 .cmd = NL80211_CMD_GET_POWER_SAVE, 8858 .doit = nl80211_get_power_save, 8859 .policy = nl80211_policy, 8860 /* can be retrieved by unprivileged users */ 8861 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8862 NL80211_FLAG_NEED_RTNL, 8863 }, 8864 { 8865 .cmd = NL80211_CMD_SET_CQM, 8866 .doit = nl80211_set_cqm, 8867 .policy = nl80211_policy, 8868 .flags = GENL_ADMIN_PERM, 8869 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8870 NL80211_FLAG_NEED_RTNL, 8871 }, 8872 { 8873 .cmd = NL80211_CMD_SET_CHANNEL, 8874 .doit = nl80211_set_channel, 8875 .policy = nl80211_policy, 8876 .flags = GENL_ADMIN_PERM, 8877 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8878 NL80211_FLAG_NEED_RTNL, 8879 }, 8880 { 8881 .cmd = NL80211_CMD_SET_WDS_PEER, 8882 .doit = nl80211_set_wds_peer, 8883 .policy = nl80211_policy, 8884 .flags = GENL_ADMIN_PERM, 8885 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8886 NL80211_FLAG_NEED_RTNL, 8887 }, 8888 { 8889 .cmd = NL80211_CMD_JOIN_MESH, 8890 .doit = nl80211_join_mesh, 8891 .policy = nl80211_policy, 8892 .flags = GENL_ADMIN_PERM, 8893 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8894 NL80211_FLAG_NEED_RTNL, 8895 }, 8896 { 8897 .cmd = NL80211_CMD_LEAVE_MESH, 8898 .doit = nl80211_leave_mesh, 8899 .policy = nl80211_policy, 8900 .flags = GENL_ADMIN_PERM, 8901 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8902 NL80211_FLAG_NEED_RTNL, 8903 }, 8904 #ifdef CONFIG_PM 8905 { 8906 .cmd = NL80211_CMD_GET_WOWLAN, 8907 .doit = nl80211_get_wowlan, 8908 .policy = nl80211_policy, 8909 /* can be retrieved by unprivileged users */ 8910 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8911 NL80211_FLAG_NEED_RTNL, 8912 }, 8913 { 8914 .cmd = NL80211_CMD_SET_WOWLAN, 8915 .doit = nl80211_set_wowlan, 8916 .policy = nl80211_policy, 8917 .flags = GENL_ADMIN_PERM, 8918 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8919 NL80211_FLAG_NEED_RTNL, 8920 }, 8921 #endif 8922 { 8923 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 8924 .doit = nl80211_set_rekey_data, 8925 .policy = nl80211_policy, 8926 .flags = GENL_ADMIN_PERM, 8927 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8928 NL80211_FLAG_NEED_RTNL, 8929 }, 8930 { 8931 .cmd = NL80211_CMD_TDLS_MGMT, 8932 .doit = nl80211_tdls_mgmt, 8933 .policy = nl80211_policy, 8934 .flags = GENL_ADMIN_PERM, 8935 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8936 NL80211_FLAG_NEED_RTNL, 8937 }, 8938 { 8939 .cmd = NL80211_CMD_TDLS_OPER, 8940 .doit = nl80211_tdls_oper, 8941 .policy = nl80211_policy, 8942 .flags = GENL_ADMIN_PERM, 8943 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8944 NL80211_FLAG_NEED_RTNL, 8945 }, 8946 { 8947 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 8948 .doit = nl80211_register_unexpected_frame, 8949 .policy = nl80211_policy, 8950 .flags = GENL_ADMIN_PERM, 8951 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8952 NL80211_FLAG_NEED_RTNL, 8953 }, 8954 { 8955 .cmd = NL80211_CMD_PROBE_CLIENT, 8956 .doit = nl80211_probe_client, 8957 .policy = nl80211_policy, 8958 .flags = GENL_ADMIN_PERM, 8959 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8960 NL80211_FLAG_NEED_RTNL, 8961 }, 8962 { 8963 .cmd = NL80211_CMD_REGISTER_BEACONS, 8964 .doit = nl80211_register_beacons, 8965 .policy = nl80211_policy, 8966 .flags = GENL_ADMIN_PERM, 8967 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8968 NL80211_FLAG_NEED_RTNL, 8969 }, 8970 { 8971 .cmd = NL80211_CMD_SET_NOACK_MAP, 8972 .doit = nl80211_set_noack_map, 8973 .policy = nl80211_policy, 8974 .flags = GENL_ADMIN_PERM, 8975 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8976 NL80211_FLAG_NEED_RTNL, 8977 }, 8978 { 8979 .cmd = NL80211_CMD_START_P2P_DEVICE, 8980 .doit = nl80211_start_p2p_device, 8981 .policy = nl80211_policy, 8982 .flags = GENL_ADMIN_PERM, 8983 .internal_flags = NL80211_FLAG_NEED_WDEV | 8984 NL80211_FLAG_NEED_RTNL, 8985 }, 8986 { 8987 .cmd = NL80211_CMD_STOP_P2P_DEVICE, 8988 .doit = nl80211_stop_p2p_device, 8989 .policy = nl80211_policy, 8990 .flags = GENL_ADMIN_PERM, 8991 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8992 NL80211_FLAG_NEED_RTNL, 8993 }, 8994 { 8995 .cmd = NL80211_CMD_SET_MCAST_RATE, 8996 .doit = nl80211_set_mcast_rate, 8997 .policy = nl80211_policy, 8998 .flags = GENL_ADMIN_PERM, 8999 .internal_flags = NL80211_FLAG_NEED_NETDEV | 9000 NL80211_FLAG_NEED_RTNL, 9001 }, 9002 { 9003 .cmd = NL80211_CMD_SET_MAC_ACL, 9004 .doit = nl80211_set_mac_acl, 9005 .policy = nl80211_policy, 9006 .flags = GENL_ADMIN_PERM, 9007 .internal_flags = NL80211_FLAG_NEED_NETDEV | 9008 NL80211_FLAG_NEED_RTNL, 9009 }, 9010 { 9011 .cmd = NL80211_CMD_RADAR_DETECT, 9012 .doit = nl80211_start_radar_detection, 9013 .policy = nl80211_policy, 9014 .flags = GENL_ADMIN_PERM, 9015 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 9016 NL80211_FLAG_NEED_RTNL, 9017 }, 9018 { 9019 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES, 9020 .doit = nl80211_get_protocol_features, 9021 .policy = nl80211_policy, 9022 }, 9023 { 9024 .cmd = NL80211_CMD_UPDATE_FT_IES, 9025 .doit = nl80211_update_ft_ies, 9026 .policy = nl80211_policy, 9027 .flags = GENL_ADMIN_PERM, 9028 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 9029 NL80211_FLAG_NEED_RTNL, 9030 }, 9031 { 9032 .cmd = NL80211_CMD_CRIT_PROTOCOL_START, 9033 .doit = nl80211_crit_protocol_start, 9034 .policy = nl80211_policy, 9035 .flags = GENL_ADMIN_PERM, 9036 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 9037 NL80211_FLAG_NEED_RTNL, 9038 }, 9039 { 9040 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP, 9041 .doit = nl80211_crit_protocol_stop, 9042 .policy = nl80211_policy, 9043 .flags = GENL_ADMIN_PERM, 9044 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 9045 NL80211_FLAG_NEED_RTNL, 9046 } 9047 }; 9048 9049 static struct genl_multicast_group nl80211_mlme_mcgrp = { 9050 .name = "mlme", 9051 }; 9052 9053 /* multicast groups */ 9054 static struct genl_multicast_group nl80211_config_mcgrp = { 9055 .name = "config", 9056 }; 9057 static struct genl_multicast_group nl80211_scan_mcgrp = { 9058 .name = "scan", 9059 }; 9060 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 9061 .name = "regulatory", 9062 }; 9063 9064 /* notification functions */ 9065 9066 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 9067 { 9068 struct sk_buff *msg; 9069 struct nl80211_dump_wiphy_state state = {}; 9070 9071 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 9072 if (!msg) 9073 return; 9074 9075 if (nl80211_send_wiphy(rdev, msg, 0, 0, 0, &state) < 0) { 9076 nlmsg_free(msg); 9077 return; 9078 } 9079 9080 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9081 nl80211_config_mcgrp.id, GFP_KERNEL); 9082 } 9083 9084 static int nl80211_add_scan_req(struct sk_buff *msg, 9085 struct cfg80211_registered_device *rdev) 9086 { 9087 struct cfg80211_scan_request *req = rdev->scan_req; 9088 struct nlattr *nest; 9089 int i; 9090 9091 if (WARN_ON(!req)) 9092 return 0; 9093 9094 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 9095 if (!nest) 9096 goto nla_put_failure; 9097 for (i = 0; i < req->n_ssids; i++) { 9098 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid)) 9099 goto nla_put_failure; 9100 } 9101 nla_nest_end(msg, nest); 9102 9103 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 9104 if (!nest) 9105 goto nla_put_failure; 9106 for (i = 0; i < req->n_channels; i++) { 9107 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 9108 goto nla_put_failure; 9109 } 9110 nla_nest_end(msg, nest); 9111 9112 if (req->ie && 9113 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie)) 9114 goto nla_put_failure; 9115 9116 if (req->flags) 9117 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags); 9118 9119 return 0; 9120 nla_put_failure: 9121 return -ENOBUFS; 9122 } 9123 9124 static int nl80211_send_scan_msg(struct sk_buff *msg, 9125 struct cfg80211_registered_device *rdev, 9126 struct wireless_dev *wdev, 9127 u32 portid, u32 seq, int flags, 9128 u32 cmd) 9129 { 9130 void *hdr; 9131 9132 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 9133 if (!hdr) 9134 return -1; 9135 9136 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9137 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 9138 wdev->netdev->ifindex)) || 9139 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 9140 goto nla_put_failure; 9141 9142 /* ignore errors and send incomplete event anyway */ 9143 nl80211_add_scan_req(msg, rdev); 9144 9145 return genlmsg_end(msg, hdr); 9146 9147 nla_put_failure: 9148 genlmsg_cancel(msg, hdr); 9149 return -EMSGSIZE; 9150 } 9151 9152 static int 9153 nl80211_send_sched_scan_msg(struct sk_buff *msg, 9154 struct cfg80211_registered_device *rdev, 9155 struct net_device *netdev, 9156 u32 portid, u32 seq, int flags, u32 cmd) 9157 { 9158 void *hdr; 9159 9160 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 9161 if (!hdr) 9162 return -1; 9163 9164 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9165 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 9166 goto nla_put_failure; 9167 9168 return genlmsg_end(msg, hdr); 9169 9170 nla_put_failure: 9171 genlmsg_cancel(msg, hdr); 9172 return -EMSGSIZE; 9173 } 9174 9175 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 9176 struct wireless_dev *wdev) 9177 { 9178 struct sk_buff *msg; 9179 9180 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 9181 if (!msg) 9182 return; 9183 9184 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 9185 NL80211_CMD_TRIGGER_SCAN) < 0) { 9186 nlmsg_free(msg); 9187 return; 9188 } 9189 9190 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9191 nl80211_scan_mcgrp.id, GFP_KERNEL); 9192 } 9193 9194 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 9195 struct wireless_dev *wdev) 9196 { 9197 struct sk_buff *msg; 9198 9199 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 9200 if (!msg) 9201 return; 9202 9203 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 9204 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 9205 nlmsg_free(msg); 9206 return; 9207 } 9208 9209 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9210 nl80211_scan_mcgrp.id, GFP_KERNEL); 9211 } 9212 9213 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 9214 struct wireless_dev *wdev) 9215 { 9216 struct sk_buff *msg; 9217 9218 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 9219 if (!msg) 9220 return; 9221 9222 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 9223 NL80211_CMD_SCAN_ABORTED) < 0) { 9224 nlmsg_free(msg); 9225 return; 9226 } 9227 9228 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9229 nl80211_scan_mcgrp.id, GFP_KERNEL); 9230 } 9231 9232 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, 9233 struct net_device *netdev) 9234 { 9235 struct sk_buff *msg; 9236 9237 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 9238 if (!msg) 9239 return; 9240 9241 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, 9242 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) { 9243 nlmsg_free(msg); 9244 return; 9245 } 9246 9247 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9248 nl80211_scan_mcgrp.id, GFP_KERNEL); 9249 } 9250 9251 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, 9252 struct net_device *netdev, u32 cmd) 9253 { 9254 struct sk_buff *msg; 9255 9256 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 9257 if (!msg) 9258 return; 9259 9260 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) { 9261 nlmsg_free(msg); 9262 return; 9263 } 9264 9265 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9266 nl80211_scan_mcgrp.id, GFP_KERNEL); 9267 } 9268 9269 /* 9270 * This can happen on global regulatory changes or device specific settings 9271 * based on custom world regulatory domains. 9272 */ 9273 void nl80211_send_reg_change_event(struct regulatory_request *request) 9274 { 9275 struct sk_buff *msg; 9276 void *hdr; 9277 9278 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 9279 if (!msg) 9280 return; 9281 9282 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 9283 if (!hdr) { 9284 nlmsg_free(msg); 9285 return; 9286 } 9287 9288 /* Userspace can always count this one always being set */ 9289 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator)) 9290 goto nla_put_failure; 9291 9292 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') { 9293 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 9294 NL80211_REGDOM_TYPE_WORLD)) 9295 goto nla_put_failure; 9296 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') { 9297 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 9298 NL80211_REGDOM_TYPE_CUSTOM_WORLD)) 9299 goto nla_put_failure; 9300 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 9301 request->intersect) { 9302 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 9303 NL80211_REGDOM_TYPE_INTERSECTION)) 9304 goto nla_put_failure; 9305 } else { 9306 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 9307 NL80211_REGDOM_TYPE_COUNTRY) || 9308 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 9309 request->alpha2)) 9310 goto nla_put_failure; 9311 } 9312 9313 if (request->wiphy_idx != WIPHY_IDX_INVALID && 9314 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx)) 9315 goto nla_put_failure; 9316 9317 genlmsg_end(msg, hdr); 9318 9319 rcu_read_lock(); 9320 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 9321 GFP_ATOMIC); 9322 rcu_read_unlock(); 9323 9324 return; 9325 9326 nla_put_failure: 9327 genlmsg_cancel(msg, hdr); 9328 nlmsg_free(msg); 9329 } 9330 9331 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 9332 struct net_device *netdev, 9333 const u8 *buf, size_t len, 9334 enum nl80211_commands cmd, gfp_t gfp) 9335 { 9336 struct sk_buff *msg; 9337 void *hdr; 9338 9339 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9340 if (!msg) 9341 return; 9342 9343 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 9344 if (!hdr) { 9345 nlmsg_free(msg); 9346 return; 9347 } 9348 9349 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9350 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9351 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 9352 goto nla_put_failure; 9353 9354 genlmsg_end(msg, hdr); 9355 9356 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9357 nl80211_mlme_mcgrp.id, gfp); 9358 return; 9359 9360 nla_put_failure: 9361 genlmsg_cancel(msg, hdr); 9362 nlmsg_free(msg); 9363 } 9364 9365 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 9366 struct net_device *netdev, const u8 *buf, 9367 size_t len, gfp_t gfp) 9368 { 9369 nl80211_send_mlme_event(rdev, netdev, buf, len, 9370 NL80211_CMD_AUTHENTICATE, gfp); 9371 } 9372 9373 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 9374 struct net_device *netdev, const u8 *buf, 9375 size_t len, gfp_t gfp) 9376 { 9377 nl80211_send_mlme_event(rdev, netdev, buf, len, 9378 NL80211_CMD_ASSOCIATE, gfp); 9379 } 9380 9381 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 9382 struct net_device *netdev, const u8 *buf, 9383 size_t len, gfp_t gfp) 9384 { 9385 nl80211_send_mlme_event(rdev, netdev, buf, len, 9386 NL80211_CMD_DEAUTHENTICATE, gfp); 9387 } 9388 9389 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 9390 struct net_device *netdev, const u8 *buf, 9391 size_t len, gfp_t gfp) 9392 { 9393 nl80211_send_mlme_event(rdev, netdev, buf, len, 9394 NL80211_CMD_DISASSOCIATE, gfp); 9395 } 9396 9397 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf, 9398 size_t len) 9399 { 9400 struct wireless_dev *wdev = dev->ieee80211_ptr; 9401 struct wiphy *wiphy = wdev->wiphy; 9402 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 9403 const struct ieee80211_mgmt *mgmt = (void *)buf; 9404 u32 cmd; 9405 9406 if (WARN_ON(len < 2)) 9407 return; 9408 9409 if (ieee80211_is_deauth(mgmt->frame_control)) 9410 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE; 9411 else 9412 cmd = NL80211_CMD_UNPROT_DISASSOCIATE; 9413 9414 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len); 9415 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC); 9416 } 9417 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt); 9418 9419 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 9420 struct net_device *netdev, int cmd, 9421 const u8 *addr, gfp_t gfp) 9422 { 9423 struct sk_buff *msg; 9424 void *hdr; 9425 9426 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9427 if (!msg) 9428 return; 9429 9430 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 9431 if (!hdr) { 9432 nlmsg_free(msg); 9433 return; 9434 } 9435 9436 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9437 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9438 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 9439 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 9440 goto nla_put_failure; 9441 9442 genlmsg_end(msg, hdr); 9443 9444 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9445 nl80211_mlme_mcgrp.id, gfp); 9446 return; 9447 9448 nla_put_failure: 9449 genlmsg_cancel(msg, hdr); 9450 nlmsg_free(msg); 9451 } 9452 9453 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 9454 struct net_device *netdev, const u8 *addr, 9455 gfp_t gfp) 9456 { 9457 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 9458 addr, gfp); 9459 } 9460 9461 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 9462 struct net_device *netdev, const u8 *addr, 9463 gfp_t gfp) 9464 { 9465 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 9466 addr, gfp); 9467 } 9468 9469 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 9470 struct net_device *netdev, const u8 *bssid, 9471 const u8 *req_ie, size_t req_ie_len, 9472 const u8 *resp_ie, size_t resp_ie_len, 9473 u16 status, gfp_t gfp) 9474 { 9475 struct sk_buff *msg; 9476 void *hdr; 9477 9478 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9479 if (!msg) 9480 return; 9481 9482 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 9483 if (!hdr) { 9484 nlmsg_free(msg); 9485 return; 9486 } 9487 9488 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9489 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9490 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) || 9491 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) || 9492 (req_ie && 9493 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 9494 (resp_ie && 9495 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 9496 goto nla_put_failure; 9497 9498 genlmsg_end(msg, hdr); 9499 9500 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9501 nl80211_mlme_mcgrp.id, gfp); 9502 return; 9503 9504 nla_put_failure: 9505 genlmsg_cancel(msg, hdr); 9506 nlmsg_free(msg); 9507 9508 } 9509 9510 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 9511 struct net_device *netdev, const u8 *bssid, 9512 const u8 *req_ie, size_t req_ie_len, 9513 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 9514 { 9515 struct sk_buff *msg; 9516 void *hdr; 9517 9518 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9519 if (!msg) 9520 return; 9521 9522 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 9523 if (!hdr) { 9524 nlmsg_free(msg); 9525 return; 9526 } 9527 9528 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9529 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9530 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) || 9531 (req_ie && 9532 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 9533 (resp_ie && 9534 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 9535 goto nla_put_failure; 9536 9537 genlmsg_end(msg, hdr); 9538 9539 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9540 nl80211_mlme_mcgrp.id, gfp); 9541 return; 9542 9543 nla_put_failure: 9544 genlmsg_cancel(msg, hdr); 9545 nlmsg_free(msg); 9546 9547 } 9548 9549 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 9550 struct net_device *netdev, u16 reason, 9551 const u8 *ie, size_t ie_len, bool from_ap) 9552 { 9553 struct sk_buff *msg; 9554 void *hdr; 9555 9556 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 9557 if (!msg) 9558 return; 9559 9560 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 9561 if (!hdr) { 9562 nlmsg_free(msg); 9563 return; 9564 } 9565 9566 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9567 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9568 (from_ap && reason && 9569 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) || 9570 (from_ap && 9571 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) || 9572 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) 9573 goto nla_put_failure; 9574 9575 genlmsg_end(msg, hdr); 9576 9577 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9578 nl80211_mlme_mcgrp.id, GFP_KERNEL); 9579 return; 9580 9581 nla_put_failure: 9582 genlmsg_cancel(msg, hdr); 9583 nlmsg_free(msg); 9584 9585 } 9586 9587 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 9588 struct net_device *netdev, const u8 *bssid, 9589 gfp_t gfp) 9590 { 9591 struct sk_buff *msg; 9592 void *hdr; 9593 9594 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9595 if (!msg) 9596 return; 9597 9598 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 9599 if (!hdr) { 9600 nlmsg_free(msg); 9601 return; 9602 } 9603 9604 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9605 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9606 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 9607 goto nla_put_failure; 9608 9609 genlmsg_end(msg, hdr); 9610 9611 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9612 nl80211_mlme_mcgrp.id, gfp); 9613 return; 9614 9615 nla_put_failure: 9616 genlmsg_cancel(msg, hdr); 9617 nlmsg_free(msg); 9618 } 9619 9620 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr, 9621 const u8* ie, u8 ie_len, gfp_t gfp) 9622 { 9623 struct wireless_dev *wdev = dev->ieee80211_ptr; 9624 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 9625 struct sk_buff *msg; 9626 void *hdr; 9627 9628 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT)) 9629 return; 9630 9631 trace_cfg80211_notify_new_peer_candidate(dev, addr); 9632 9633 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9634 if (!msg) 9635 return; 9636 9637 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 9638 if (!hdr) { 9639 nlmsg_free(msg); 9640 return; 9641 } 9642 9643 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9644 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9645 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 9646 (ie_len && ie && 9647 nla_put(msg, NL80211_ATTR_IE, ie_len , ie))) 9648 goto nla_put_failure; 9649 9650 genlmsg_end(msg, hdr); 9651 9652 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9653 nl80211_mlme_mcgrp.id, gfp); 9654 return; 9655 9656 nla_put_failure: 9657 genlmsg_cancel(msg, hdr); 9658 nlmsg_free(msg); 9659 } 9660 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate); 9661 9662 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 9663 struct net_device *netdev, const u8 *addr, 9664 enum nl80211_key_type key_type, int key_id, 9665 const u8 *tsc, gfp_t gfp) 9666 { 9667 struct sk_buff *msg; 9668 void *hdr; 9669 9670 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9671 if (!msg) 9672 return; 9673 9674 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 9675 if (!hdr) { 9676 nlmsg_free(msg); 9677 return; 9678 } 9679 9680 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9681 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9682 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) || 9683 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) || 9684 (key_id != -1 && 9685 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) || 9686 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc))) 9687 goto nla_put_failure; 9688 9689 genlmsg_end(msg, hdr); 9690 9691 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9692 nl80211_mlme_mcgrp.id, gfp); 9693 return; 9694 9695 nla_put_failure: 9696 genlmsg_cancel(msg, hdr); 9697 nlmsg_free(msg); 9698 } 9699 9700 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 9701 struct ieee80211_channel *channel_before, 9702 struct ieee80211_channel *channel_after) 9703 { 9704 struct sk_buff *msg; 9705 void *hdr; 9706 struct nlattr *nl_freq; 9707 9708 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 9709 if (!msg) 9710 return; 9711 9712 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 9713 if (!hdr) { 9714 nlmsg_free(msg); 9715 return; 9716 } 9717 9718 /* 9719 * Since we are applying the beacon hint to a wiphy we know its 9720 * wiphy_idx is valid 9721 */ 9722 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 9723 goto nla_put_failure; 9724 9725 /* Before */ 9726 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 9727 if (!nl_freq) 9728 goto nla_put_failure; 9729 if (nl80211_msg_put_channel(msg, channel_before, false)) 9730 goto nla_put_failure; 9731 nla_nest_end(msg, nl_freq); 9732 9733 /* After */ 9734 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 9735 if (!nl_freq) 9736 goto nla_put_failure; 9737 if (nl80211_msg_put_channel(msg, channel_after, false)) 9738 goto nla_put_failure; 9739 nla_nest_end(msg, nl_freq); 9740 9741 genlmsg_end(msg, hdr); 9742 9743 rcu_read_lock(); 9744 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 9745 GFP_ATOMIC); 9746 rcu_read_unlock(); 9747 9748 return; 9749 9750 nla_put_failure: 9751 genlmsg_cancel(msg, hdr); 9752 nlmsg_free(msg); 9753 } 9754 9755 static void nl80211_send_remain_on_chan_event( 9756 int cmd, struct cfg80211_registered_device *rdev, 9757 struct wireless_dev *wdev, u64 cookie, 9758 struct ieee80211_channel *chan, 9759 unsigned int duration, gfp_t gfp) 9760 { 9761 struct sk_buff *msg; 9762 void *hdr; 9763 9764 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9765 if (!msg) 9766 return; 9767 9768 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 9769 if (!hdr) { 9770 nlmsg_free(msg); 9771 return; 9772 } 9773 9774 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9775 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 9776 wdev->netdev->ifindex)) || 9777 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 9778 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 9779 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 9780 NL80211_CHAN_NO_HT) || 9781 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 9782 goto nla_put_failure; 9783 9784 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL && 9785 nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) 9786 goto nla_put_failure; 9787 9788 genlmsg_end(msg, hdr); 9789 9790 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9791 nl80211_mlme_mcgrp.id, gfp); 9792 return; 9793 9794 nla_put_failure: 9795 genlmsg_cancel(msg, hdr); 9796 nlmsg_free(msg); 9797 } 9798 9799 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie, 9800 struct ieee80211_channel *chan, 9801 unsigned int duration, gfp_t gfp) 9802 { 9803 struct wiphy *wiphy = wdev->wiphy; 9804 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 9805 9806 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration); 9807 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 9808 rdev, wdev, cookie, chan, 9809 duration, gfp); 9810 } 9811 EXPORT_SYMBOL(cfg80211_ready_on_channel); 9812 9813 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie, 9814 struct ieee80211_channel *chan, 9815 gfp_t gfp) 9816 { 9817 struct wiphy *wiphy = wdev->wiphy; 9818 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 9819 9820 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan); 9821 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 9822 rdev, wdev, cookie, chan, 0, gfp); 9823 } 9824 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired); 9825 9826 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr, 9827 struct station_info *sinfo, gfp_t gfp) 9828 { 9829 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 9830 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 9831 struct sk_buff *msg; 9832 9833 trace_cfg80211_new_sta(dev, mac_addr, sinfo); 9834 9835 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9836 if (!msg) 9837 return; 9838 9839 if (nl80211_send_station(msg, 0, 0, 0, 9840 rdev, dev, mac_addr, sinfo) < 0) { 9841 nlmsg_free(msg); 9842 return; 9843 } 9844 9845 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9846 nl80211_mlme_mcgrp.id, gfp); 9847 } 9848 EXPORT_SYMBOL(cfg80211_new_sta); 9849 9850 void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp) 9851 { 9852 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 9853 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 9854 struct sk_buff *msg; 9855 void *hdr; 9856 9857 trace_cfg80211_del_sta(dev, mac_addr); 9858 9859 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9860 if (!msg) 9861 return; 9862 9863 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION); 9864 if (!hdr) { 9865 nlmsg_free(msg); 9866 return; 9867 } 9868 9869 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9870 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 9871 goto nla_put_failure; 9872 9873 genlmsg_end(msg, hdr); 9874 9875 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9876 nl80211_mlme_mcgrp.id, gfp); 9877 return; 9878 9879 nla_put_failure: 9880 genlmsg_cancel(msg, hdr); 9881 nlmsg_free(msg); 9882 } 9883 EXPORT_SYMBOL(cfg80211_del_sta); 9884 9885 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr, 9886 enum nl80211_connect_failed_reason reason, 9887 gfp_t gfp) 9888 { 9889 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 9890 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 9891 struct sk_buff *msg; 9892 void *hdr; 9893 9894 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 9895 if (!msg) 9896 return; 9897 9898 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED); 9899 if (!hdr) { 9900 nlmsg_free(msg); 9901 return; 9902 } 9903 9904 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9905 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 9906 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason)) 9907 goto nla_put_failure; 9908 9909 genlmsg_end(msg, hdr); 9910 9911 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9912 nl80211_mlme_mcgrp.id, gfp); 9913 return; 9914 9915 nla_put_failure: 9916 genlmsg_cancel(msg, hdr); 9917 nlmsg_free(msg); 9918 } 9919 EXPORT_SYMBOL(cfg80211_conn_failed); 9920 9921 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 9922 const u8 *addr, gfp_t gfp) 9923 { 9924 struct wireless_dev *wdev = dev->ieee80211_ptr; 9925 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 9926 struct sk_buff *msg; 9927 void *hdr; 9928 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid); 9929 9930 if (!nlportid) 9931 return false; 9932 9933 msg = nlmsg_new(100, gfp); 9934 if (!msg) 9935 return true; 9936 9937 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 9938 if (!hdr) { 9939 nlmsg_free(msg); 9940 return true; 9941 } 9942 9943 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9944 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9945 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 9946 goto nla_put_failure; 9947 9948 genlmsg_end(msg, hdr); 9949 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 9950 return true; 9951 9952 nla_put_failure: 9953 genlmsg_cancel(msg, hdr); 9954 nlmsg_free(msg); 9955 return true; 9956 } 9957 9958 bool cfg80211_rx_spurious_frame(struct net_device *dev, 9959 const u8 *addr, gfp_t gfp) 9960 { 9961 struct wireless_dev *wdev = dev->ieee80211_ptr; 9962 bool ret; 9963 9964 trace_cfg80211_rx_spurious_frame(dev, addr); 9965 9966 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 9967 wdev->iftype != NL80211_IFTYPE_P2P_GO)) { 9968 trace_cfg80211_return_bool(false); 9969 return false; 9970 } 9971 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 9972 addr, gfp); 9973 trace_cfg80211_return_bool(ret); 9974 return ret; 9975 } 9976 EXPORT_SYMBOL(cfg80211_rx_spurious_frame); 9977 9978 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev, 9979 const u8 *addr, gfp_t gfp) 9980 { 9981 struct wireless_dev *wdev = dev->ieee80211_ptr; 9982 bool ret; 9983 9984 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr); 9985 9986 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 9987 wdev->iftype != NL80211_IFTYPE_P2P_GO && 9988 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) { 9989 trace_cfg80211_return_bool(false); 9990 return false; 9991 } 9992 ret = __nl80211_unexpected_frame(dev, 9993 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 9994 addr, gfp); 9995 trace_cfg80211_return_bool(ret); 9996 return ret; 9997 } 9998 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame); 9999 10000 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 10001 struct wireless_dev *wdev, u32 nlportid, 10002 int freq, int sig_dbm, 10003 const u8 *buf, size_t len, gfp_t gfp) 10004 { 10005 struct net_device *netdev = wdev->netdev; 10006 struct sk_buff *msg; 10007 void *hdr; 10008 10009 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 10010 if (!msg) 10011 return -ENOMEM; 10012 10013 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 10014 if (!hdr) { 10015 nlmsg_free(msg); 10016 return -ENOMEM; 10017 } 10018 10019 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10020 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 10021 netdev->ifindex)) || 10022 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 10023 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 10024 (sig_dbm && 10025 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 10026 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 10027 goto nla_put_failure; 10028 10029 genlmsg_end(msg, hdr); 10030 10031 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 10032 10033 nla_put_failure: 10034 genlmsg_cancel(msg, hdr); 10035 nlmsg_free(msg); 10036 return -ENOBUFS; 10037 } 10038 10039 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie, 10040 const u8 *buf, size_t len, bool ack, gfp_t gfp) 10041 { 10042 struct wiphy *wiphy = wdev->wiphy; 10043 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 10044 struct net_device *netdev = wdev->netdev; 10045 struct sk_buff *msg; 10046 void *hdr; 10047 10048 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack); 10049 10050 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 10051 if (!msg) 10052 return; 10053 10054 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS); 10055 if (!hdr) { 10056 nlmsg_free(msg); 10057 return; 10058 } 10059 10060 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10061 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 10062 netdev->ifindex)) || 10063 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 10064 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 10065 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 10066 (ack && nla_put_flag(msg, NL80211_ATTR_ACK))) 10067 goto nla_put_failure; 10068 10069 genlmsg_end(msg, hdr); 10070 10071 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 10072 nl80211_mlme_mcgrp.id, gfp); 10073 return; 10074 10075 nla_put_failure: 10076 genlmsg_cancel(msg, hdr); 10077 nlmsg_free(msg); 10078 } 10079 EXPORT_SYMBOL(cfg80211_mgmt_tx_status); 10080 10081 void cfg80211_cqm_rssi_notify(struct net_device *dev, 10082 enum nl80211_cqm_rssi_threshold_event rssi_event, 10083 gfp_t gfp) 10084 { 10085 struct wireless_dev *wdev = dev->ieee80211_ptr; 10086 struct wiphy *wiphy = wdev->wiphy; 10087 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 10088 struct sk_buff *msg; 10089 struct nlattr *pinfoattr; 10090 void *hdr; 10091 10092 trace_cfg80211_cqm_rssi_notify(dev, rssi_event); 10093 10094 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 10095 if (!msg) 10096 return; 10097 10098 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 10099 if (!hdr) { 10100 nlmsg_free(msg); 10101 return; 10102 } 10103 10104 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10105 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 10106 goto nla_put_failure; 10107 10108 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 10109 if (!pinfoattr) 10110 goto nla_put_failure; 10111 10112 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 10113 rssi_event)) 10114 goto nla_put_failure; 10115 10116 nla_nest_end(msg, pinfoattr); 10117 10118 genlmsg_end(msg, hdr); 10119 10120 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 10121 nl80211_mlme_mcgrp.id, gfp); 10122 return; 10123 10124 nla_put_failure: 10125 genlmsg_cancel(msg, hdr); 10126 nlmsg_free(msg); 10127 } 10128 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify); 10129 10130 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 10131 struct net_device *netdev, const u8 *bssid, 10132 const u8 *replay_ctr, gfp_t gfp) 10133 { 10134 struct sk_buff *msg; 10135 struct nlattr *rekey_attr; 10136 void *hdr; 10137 10138 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 10139 if (!msg) 10140 return; 10141 10142 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 10143 if (!hdr) { 10144 nlmsg_free(msg); 10145 return; 10146 } 10147 10148 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10149 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 10150 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 10151 goto nla_put_failure; 10152 10153 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 10154 if (!rekey_attr) 10155 goto nla_put_failure; 10156 10157 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, 10158 NL80211_REPLAY_CTR_LEN, replay_ctr)) 10159 goto nla_put_failure; 10160 10161 nla_nest_end(msg, rekey_attr); 10162 10163 genlmsg_end(msg, hdr); 10164 10165 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 10166 nl80211_mlme_mcgrp.id, gfp); 10167 return; 10168 10169 nla_put_failure: 10170 genlmsg_cancel(msg, hdr); 10171 nlmsg_free(msg); 10172 } 10173 10174 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid, 10175 const u8 *replay_ctr, gfp_t gfp) 10176 { 10177 struct wireless_dev *wdev = dev->ieee80211_ptr; 10178 struct wiphy *wiphy = wdev->wiphy; 10179 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 10180 10181 trace_cfg80211_gtk_rekey_notify(dev, bssid); 10182 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp); 10183 } 10184 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify); 10185 10186 static void 10187 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 10188 struct net_device *netdev, int index, 10189 const u8 *bssid, bool preauth, gfp_t gfp) 10190 { 10191 struct sk_buff *msg; 10192 struct nlattr *attr; 10193 void *hdr; 10194 10195 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 10196 if (!msg) 10197 return; 10198 10199 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 10200 if (!hdr) { 10201 nlmsg_free(msg); 10202 return; 10203 } 10204 10205 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10206 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 10207 goto nla_put_failure; 10208 10209 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE); 10210 if (!attr) 10211 goto nla_put_failure; 10212 10213 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) || 10214 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) || 10215 (preauth && 10216 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH))) 10217 goto nla_put_failure; 10218 10219 nla_nest_end(msg, attr); 10220 10221 genlmsg_end(msg, hdr); 10222 10223 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 10224 nl80211_mlme_mcgrp.id, gfp); 10225 return; 10226 10227 nla_put_failure: 10228 genlmsg_cancel(msg, hdr); 10229 nlmsg_free(msg); 10230 } 10231 10232 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index, 10233 const u8 *bssid, bool preauth, gfp_t gfp) 10234 { 10235 struct wireless_dev *wdev = dev->ieee80211_ptr; 10236 struct wiphy *wiphy = wdev->wiphy; 10237 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 10238 10239 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth); 10240 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp); 10241 } 10242 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify); 10243 10244 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev, 10245 struct net_device *netdev, 10246 struct cfg80211_chan_def *chandef, 10247 gfp_t gfp) 10248 { 10249 struct sk_buff *msg; 10250 void *hdr; 10251 10252 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 10253 if (!msg) 10254 return; 10255 10256 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY); 10257 if (!hdr) { 10258 nlmsg_free(msg); 10259 return; 10260 } 10261 10262 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 10263 goto nla_put_failure; 10264 10265 if (nl80211_send_chandef(msg, chandef)) 10266 goto nla_put_failure; 10267 10268 genlmsg_end(msg, hdr); 10269 10270 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 10271 nl80211_mlme_mcgrp.id, gfp); 10272 return; 10273 10274 nla_put_failure: 10275 genlmsg_cancel(msg, hdr); 10276 nlmsg_free(msg); 10277 } 10278 10279 void cfg80211_ch_switch_notify(struct net_device *dev, 10280 struct cfg80211_chan_def *chandef) 10281 { 10282 struct wireless_dev *wdev = dev->ieee80211_ptr; 10283 struct wiphy *wiphy = wdev->wiphy; 10284 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 10285 10286 trace_cfg80211_ch_switch_notify(dev, chandef); 10287 10288 wdev_lock(wdev); 10289 10290 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 10291 wdev->iftype != NL80211_IFTYPE_P2P_GO)) 10292 goto out; 10293 10294 wdev->channel = chandef->chan; 10295 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL); 10296 out: 10297 wdev_unlock(wdev); 10298 return; 10299 } 10300 EXPORT_SYMBOL(cfg80211_ch_switch_notify); 10301 10302 void cfg80211_cqm_txe_notify(struct net_device *dev, 10303 const u8 *peer, u32 num_packets, 10304 u32 rate, u32 intvl, gfp_t gfp) 10305 { 10306 struct wireless_dev *wdev = dev->ieee80211_ptr; 10307 struct wiphy *wiphy = wdev->wiphy; 10308 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 10309 struct sk_buff *msg; 10310 struct nlattr *pinfoattr; 10311 void *hdr; 10312 10313 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 10314 if (!msg) 10315 return; 10316 10317 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 10318 if (!hdr) { 10319 nlmsg_free(msg); 10320 return; 10321 } 10322 10323 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10324 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 10325 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 10326 goto nla_put_failure; 10327 10328 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 10329 if (!pinfoattr) 10330 goto nla_put_failure; 10331 10332 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets)) 10333 goto nla_put_failure; 10334 10335 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate)) 10336 goto nla_put_failure; 10337 10338 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl)) 10339 goto nla_put_failure; 10340 10341 nla_nest_end(msg, pinfoattr); 10342 10343 genlmsg_end(msg, hdr); 10344 10345 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 10346 nl80211_mlme_mcgrp.id, gfp); 10347 return; 10348 10349 nla_put_failure: 10350 genlmsg_cancel(msg, hdr); 10351 nlmsg_free(msg); 10352 } 10353 EXPORT_SYMBOL(cfg80211_cqm_txe_notify); 10354 10355 void 10356 nl80211_radar_notify(struct cfg80211_registered_device *rdev, 10357 struct cfg80211_chan_def *chandef, 10358 enum nl80211_radar_event event, 10359 struct net_device *netdev, gfp_t gfp) 10360 { 10361 struct sk_buff *msg; 10362 void *hdr; 10363 10364 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 10365 if (!msg) 10366 return; 10367 10368 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT); 10369 if (!hdr) { 10370 nlmsg_free(msg); 10371 return; 10372 } 10373 10374 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 10375 goto nla_put_failure; 10376 10377 /* NOP and radar events don't need a netdev parameter */ 10378 if (netdev) { 10379 struct wireless_dev *wdev = netdev->ieee80211_ptr; 10380 10381 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 10382 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 10383 goto nla_put_failure; 10384 } 10385 10386 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event)) 10387 goto nla_put_failure; 10388 10389 if (nl80211_send_chandef(msg, chandef)) 10390 goto nla_put_failure; 10391 10392 genlmsg_end(msg, hdr); 10393 10394 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 10395 nl80211_mlme_mcgrp.id, gfp); 10396 return; 10397 10398 nla_put_failure: 10399 genlmsg_cancel(msg, hdr); 10400 nlmsg_free(msg); 10401 } 10402 10403 void cfg80211_cqm_pktloss_notify(struct net_device *dev, 10404 const u8 *peer, u32 num_packets, gfp_t gfp) 10405 { 10406 struct wireless_dev *wdev = dev->ieee80211_ptr; 10407 struct wiphy *wiphy = wdev->wiphy; 10408 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 10409 struct sk_buff *msg; 10410 struct nlattr *pinfoattr; 10411 void *hdr; 10412 10413 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets); 10414 10415 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 10416 if (!msg) 10417 return; 10418 10419 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 10420 if (!hdr) { 10421 nlmsg_free(msg); 10422 return; 10423 } 10424 10425 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10426 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 10427 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 10428 goto nla_put_failure; 10429 10430 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 10431 if (!pinfoattr) 10432 goto nla_put_failure; 10433 10434 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets)) 10435 goto nla_put_failure; 10436 10437 nla_nest_end(msg, pinfoattr); 10438 10439 genlmsg_end(msg, hdr); 10440 10441 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 10442 nl80211_mlme_mcgrp.id, gfp); 10443 return; 10444 10445 nla_put_failure: 10446 genlmsg_cancel(msg, hdr); 10447 nlmsg_free(msg); 10448 } 10449 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify); 10450 10451 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 10452 u64 cookie, bool acked, gfp_t gfp) 10453 { 10454 struct wireless_dev *wdev = dev->ieee80211_ptr; 10455 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 10456 struct sk_buff *msg; 10457 void *hdr; 10458 10459 trace_cfg80211_probe_status(dev, addr, cookie, acked); 10460 10461 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 10462 10463 if (!msg) 10464 return; 10465 10466 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 10467 if (!hdr) { 10468 nlmsg_free(msg); 10469 return; 10470 } 10471 10472 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10473 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 10474 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 10475 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 10476 (acked && nla_put_flag(msg, NL80211_ATTR_ACK))) 10477 goto nla_put_failure; 10478 10479 genlmsg_end(msg, hdr); 10480 10481 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 10482 nl80211_mlme_mcgrp.id, gfp); 10483 return; 10484 10485 nla_put_failure: 10486 genlmsg_cancel(msg, hdr); 10487 nlmsg_free(msg); 10488 } 10489 EXPORT_SYMBOL(cfg80211_probe_status); 10490 10491 void cfg80211_report_obss_beacon(struct wiphy *wiphy, 10492 const u8 *frame, size_t len, 10493 int freq, int sig_dbm) 10494 { 10495 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 10496 struct sk_buff *msg; 10497 void *hdr; 10498 struct cfg80211_beacon_registration *reg; 10499 10500 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm); 10501 10502 spin_lock_bh(&rdev->beacon_registrations_lock); 10503 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 10504 msg = nlmsg_new(len + 100, GFP_ATOMIC); 10505 if (!msg) { 10506 spin_unlock_bh(&rdev->beacon_registrations_lock); 10507 return; 10508 } 10509 10510 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 10511 if (!hdr) 10512 goto nla_put_failure; 10513 10514 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10515 (freq && 10516 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) || 10517 (sig_dbm && 10518 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 10519 nla_put(msg, NL80211_ATTR_FRAME, len, frame)) 10520 goto nla_put_failure; 10521 10522 genlmsg_end(msg, hdr); 10523 10524 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid); 10525 } 10526 spin_unlock_bh(&rdev->beacon_registrations_lock); 10527 return; 10528 10529 nla_put_failure: 10530 spin_unlock_bh(&rdev->beacon_registrations_lock); 10531 if (hdr) 10532 genlmsg_cancel(msg, hdr); 10533 nlmsg_free(msg); 10534 } 10535 EXPORT_SYMBOL(cfg80211_report_obss_beacon); 10536 10537 #ifdef CONFIG_PM 10538 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev, 10539 struct cfg80211_wowlan_wakeup *wakeup, 10540 gfp_t gfp) 10541 { 10542 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 10543 struct sk_buff *msg; 10544 void *hdr; 10545 int size = 200; 10546 10547 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup); 10548 10549 if (wakeup) 10550 size += wakeup->packet_present_len; 10551 10552 msg = nlmsg_new(size, gfp); 10553 if (!msg) 10554 return; 10555 10556 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN); 10557 if (!hdr) 10558 goto free_msg; 10559 10560 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10561 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 10562 goto free_msg; 10563 10564 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 10565 wdev->netdev->ifindex)) 10566 goto free_msg; 10567 10568 if (wakeup) { 10569 struct nlattr *reasons; 10570 10571 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 10572 10573 if (wakeup->disconnect && 10574 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) 10575 goto free_msg; 10576 if (wakeup->magic_pkt && 10577 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) 10578 goto free_msg; 10579 if (wakeup->gtk_rekey_failure && 10580 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) 10581 goto free_msg; 10582 if (wakeup->eap_identity_req && 10583 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) 10584 goto free_msg; 10585 if (wakeup->four_way_handshake && 10586 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) 10587 goto free_msg; 10588 if (wakeup->rfkill_release && 10589 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)) 10590 goto free_msg; 10591 10592 if (wakeup->pattern_idx >= 0 && 10593 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 10594 wakeup->pattern_idx)) 10595 goto free_msg; 10596 10597 if (wakeup->tcp_match) 10598 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH); 10599 10600 if (wakeup->tcp_connlost) 10601 nla_put_flag(msg, 10602 NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST); 10603 10604 if (wakeup->tcp_nomoretokens) 10605 nla_put_flag(msg, 10606 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS); 10607 10608 if (wakeup->packet) { 10609 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211; 10610 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN; 10611 10612 if (!wakeup->packet_80211) { 10613 pkt_attr = 10614 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023; 10615 len_attr = 10616 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN; 10617 } 10618 10619 if (wakeup->packet_len && 10620 nla_put_u32(msg, len_attr, wakeup->packet_len)) 10621 goto free_msg; 10622 10623 if (nla_put(msg, pkt_attr, wakeup->packet_present_len, 10624 wakeup->packet)) 10625 goto free_msg; 10626 } 10627 10628 nla_nest_end(msg, reasons); 10629 } 10630 10631 genlmsg_end(msg, hdr); 10632 10633 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 10634 nl80211_mlme_mcgrp.id, gfp); 10635 return; 10636 10637 free_msg: 10638 nlmsg_free(msg); 10639 } 10640 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup); 10641 #endif 10642 10643 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer, 10644 enum nl80211_tdls_operation oper, 10645 u16 reason_code, gfp_t gfp) 10646 { 10647 struct wireless_dev *wdev = dev->ieee80211_ptr; 10648 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 10649 struct sk_buff *msg; 10650 void *hdr; 10651 10652 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper, 10653 reason_code); 10654 10655 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 10656 if (!msg) 10657 return; 10658 10659 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER); 10660 if (!hdr) { 10661 nlmsg_free(msg); 10662 return; 10663 } 10664 10665 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10666 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 10667 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) || 10668 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) || 10669 (reason_code > 0 && 10670 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code))) 10671 goto nla_put_failure; 10672 10673 genlmsg_end(msg, hdr); 10674 10675 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 10676 nl80211_mlme_mcgrp.id, gfp); 10677 return; 10678 10679 nla_put_failure: 10680 genlmsg_cancel(msg, hdr); 10681 nlmsg_free(msg); 10682 } 10683 EXPORT_SYMBOL(cfg80211_tdls_oper_request); 10684 10685 static int nl80211_netlink_notify(struct notifier_block * nb, 10686 unsigned long state, 10687 void *_notify) 10688 { 10689 struct netlink_notify *notify = _notify; 10690 struct cfg80211_registered_device *rdev; 10691 struct wireless_dev *wdev; 10692 struct cfg80211_beacon_registration *reg, *tmp; 10693 10694 if (state != NETLINK_URELEASE) 10695 return NOTIFY_DONE; 10696 10697 rcu_read_lock(); 10698 10699 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 10700 list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) 10701 cfg80211_mlme_unregister_socket(wdev, notify->portid); 10702 10703 spin_lock_bh(&rdev->beacon_registrations_lock); 10704 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations, 10705 list) { 10706 if (reg->nlportid == notify->portid) { 10707 list_del(®->list); 10708 kfree(reg); 10709 break; 10710 } 10711 } 10712 spin_unlock_bh(&rdev->beacon_registrations_lock); 10713 } 10714 10715 rcu_read_unlock(); 10716 10717 return NOTIFY_DONE; 10718 } 10719 10720 static struct notifier_block nl80211_netlink_notifier = { 10721 .notifier_call = nl80211_netlink_notify, 10722 }; 10723 10724 void cfg80211_ft_event(struct net_device *netdev, 10725 struct cfg80211_ft_event_params *ft_event) 10726 { 10727 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy; 10728 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 10729 struct sk_buff *msg; 10730 void *hdr; 10731 10732 trace_cfg80211_ft_event(wiphy, netdev, ft_event); 10733 10734 if (!ft_event->target_ap) 10735 return; 10736 10737 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 10738 if (!msg) 10739 return; 10740 10741 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT); 10742 if (!hdr) { 10743 nlmsg_free(msg); 10744 return; 10745 } 10746 10747 nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 10748 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 10749 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap); 10750 if (ft_event->ies) 10751 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies); 10752 if (ft_event->ric_ies) 10753 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len, 10754 ft_event->ric_ies); 10755 10756 genlmsg_end(msg, hdr); 10757 10758 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 10759 nl80211_mlme_mcgrp.id, GFP_KERNEL); 10760 } 10761 EXPORT_SYMBOL(cfg80211_ft_event); 10762 10763 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp) 10764 { 10765 struct cfg80211_registered_device *rdev; 10766 struct sk_buff *msg; 10767 void *hdr; 10768 u32 nlportid; 10769 10770 rdev = wiphy_to_dev(wdev->wiphy); 10771 if (!rdev->crit_proto_nlportid) 10772 return; 10773 10774 nlportid = rdev->crit_proto_nlportid; 10775 rdev->crit_proto_nlportid = 0; 10776 10777 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 10778 if (!msg) 10779 return; 10780 10781 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP); 10782 if (!hdr) 10783 goto nla_put_failure; 10784 10785 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10786 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 10787 goto nla_put_failure; 10788 10789 genlmsg_end(msg, hdr); 10790 10791 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 10792 return; 10793 10794 nla_put_failure: 10795 if (hdr) 10796 genlmsg_cancel(msg, hdr); 10797 nlmsg_free(msg); 10798 10799 } 10800 EXPORT_SYMBOL(cfg80211_crit_proto_stopped); 10801 10802 /* initialisation/exit functions */ 10803 10804 int nl80211_init(void) 10805 { 10806 int err; 10807 10808 err = genl_register_family_with_ops(&nl80211_fam, 10809 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 10810 if (err) 10811 return err; 10812 10813 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 10814 if (err) 10815 goto err_out; 10816 10817 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 10818 if (err) 10819 goto err_out; 10820 10821 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 10822 if (err) 10823 goto err_out; 10824 10825 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 10826 if (err) 10827 goto err_out; 10828 10829 #ifdef CONFIG_NL80211_TESTMODE 10830 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 10831 if (err) 10832 goto err_out; 10833 #endif 10834 10835 err = netlink_register_notifier(&nl80211_netlink_notifier); 10836 if (err) 10837 goto err_out; 10838 10839 return 0; 10840 err_out: 10841 genl_unregister_family(&nl80211_fam); 10842 return err; 10843 } 10844 10845 void nl80211_exit(void) 10846 { 10847 netlink_unregister_notifier(&nl80211_netlink_notifier); 10848 genl_unregister_family(&nl80211_fam); 10849 } 10850