1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include <net/inet_connection_sock.h> 23 #include "core.h" 24 #include "nl80211.h" 25 #include "reg.h" 26 #include "rdev-ops.h" 27 28 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 29 struct genl_info *info, 30 struct cfg80211_crypto_settings *settings, 31 int cipher_limit); 32 33 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 34 struct genl_info *info); 35 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 36 struct genl_info *info); 37 38 /* the netlink family */ 39 static struct genl_family nl80211_fam = { 40 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 41 .name = "nl80211", /* have users key off the name instead */ 42 .hdrsize = 0, /* no private header */ 43 .version = 1, /* no particular meaning now */ 44 .maxattr = NL80211_ATTR_MAX, 45 .netnsok = true, 46 .pre_doit = nl80211_pre_doit, 47 .post_doit = nl80211_post_doit, 48 }; 49 50 /* returns ERR_PTR values */ 51 static struct wireless_dev * 52 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs) 53 { 54 struct cfg80211_registered_device *rdev; 55 struct wireless_dev *result = NULL; 56 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX]; 57 bool have_wdev_id = attrs[NL80211_ATTR_WDEV]; 58 u64 wdev_id; 59 int wiphy_idx = -1; 60 int ifidx = -1; 61 62 assert_cfg80211_lock(); 63 64 if (!have_ifidx && !have_wdev_id) 65 return ERR_PTR(-EINVAL); 66 67 if (have_ifidx) 68 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 69 if (have_wdev_id) { 70 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 71 wiphy_idx = wdev_id >> 32; 72 } 73 74 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 75 struct wireless_dev *wdev; 76 77 if (wiphy_net(&rdev->wiphy) != netns) 78 continue; 79 80 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx) 81 continue; 82 83 mutex_lock(&rdev->devlist_mtx); 84 list_for_each_entry(wdev, &rdev->wdev_list, list) { 85 if (have_ifidx && wdev->netdev && 86 wdev->netdev->ifindex == ifidx) { 87 result = wdev; 88 break; 89 } 90 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 91 result = wdev; 92 break; 93 } 94 } 95 mutex_unlock(&rdev->devlist_mtx); 96 97 if (result) 98 break; 99 } 100 101 if (result) 102 return result; 103 return ERR_PTR(-ENODEV); 104 } 105 106 static struct cfg80211_registered_device * 107 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs) 108 { 109 struct cfg80211_registered_device *rdev = NULL, *tmp; 110 struct net_device *netdev; 111 112 assert_cfg80211_lock(); 113 114 if (!attrs[NL80211_ATTR_WIPHY] && 115 !attrs[NL80211_ATTR_IFINDEX] && 116 !attrs[NL80211_ATTR_WDEV]) 117 return ERR_PTR(-EINVAL); 118 119 if (attrs[NL80211_ATTR_WIPHY]) 120 rdev = cfg80211_rdev_by_wiphy_idx( 121 nla_get_u32(attrs[NL80211_ATTR_WIPHY])); 122 123 if (attrs[NL80211_ATTR_WDEV]) { 124 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 125 struct wireless_dev *wdev; 126 bool found = false; 127 128 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32); 129 if (tmp) { 130 /* make sure wdev exists */ 131 mutex_lock(&tmp->devlist_mtx); 132 list_for_each_entry(wdev, &tmp->wdev_list, list) { 133 if (wdev->identifier != (u32)wdev_id) 134 continue; 135 found = true; 136 break; 137 } 138 mutex_unlock(&tmp->devlist_mtx); 139 140 if (!found) 141 tmp = NULL; 142 143 if (rdev && tmp != rdev) 144 return ERR_PTR(-EINVAL); 145 rdev = tmp; 146 } 147 } 148 149 if (attrs[NL80211_ATTR_IFINDEX]) { 150 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 151 netdev = dev_get_by_index(netns, ifindex); 152 if (netdev) { 153 if (netdev->ieee80211_ptr) 154 tmp = wiphy_to_dev( 155 netdev->ieee80211_ptr->wiphy); 156 else 157 tmp = NULL; 158 159 dev_put(netdev); 160 161 /* not wireless device -- return error */ 162 if (!tmp) 163 return ERR_PTR(-EINVAL); 164 165 /* mismatch -- return error */ 166 if (rdev && tmp != rdev) 167 return ERR_PTR(-EINVAL); 168 169 rdev = tmp; 170 } 171 } 172 173 if (!rdev) 174 return ERR_PTR(-ENODEV); 175 176 if (netns != wiphy_net(&rdev->wiphy)) 177 return ERR_PTR(-ENODEV); 178 179 return rdev; 180 } 181 182 /* 183 * This function returns a pointer to the driver 184 * that the genl_info item that is passed refers to. 185 * If successful, it returns non-NULL and also locks 186 * the driver's mutex! 187 * 188 * This means that you need to call cfg80211_unlock_rdev() 189 * before being allowed to acquire &cfg80211_mutex! 190 * 191 * This is necessary because we need to lock the global 192 * mutex to get an item off the list safely, and then 193 * we lock the rdev mutex so it doesn't go away under us. 194 * 195 * We don't want to keep cfg80211_mutex locked 196 * for all the time in order to allow requests on 197 * other interfaces to go through at the same time. 198 * 199 * The result of this can be a PTR_ERR and hence must 200 * be checked with IS_ERR() for errors. 201 */ 202 static struct cfg80211_registered_device * 203 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info) 204 { 205 struct cfg80211_registered_device *rdev; 206 207 mutex_lock(&cfg80211_mutex); 208 rdev = __cfg80211_rdev_from_attrs(netns, info->attrs); 209 210 /* if it is not an error we grab the lock on 211 * it to assure it won't be going away while 212 * we operate on it */ 213 if (!IS_ERR(rdev)) 214 mutex_lock(&rdev->mtx); 215 216 mutex_unlock(&cfg80211_mutex); 217 218 return rdev; 219 } 220 221 /* policy for the attributes */ 222 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 223 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 224 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 225 .len = 20-1 }, 226 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 227 228 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 229 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 230 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 }, 231 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 }, 232 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 }, 233 234 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 235 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 236 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 237 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 238 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 239 240 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 241 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 242 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 243 244 [NL80211_ATTR_MAC] = { .len = ETH_ALEN }, 245 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN }, 246 247 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 248 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 249 .len = WLAN_MAX_KEY_LEN }, 250 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 251 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 252 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 253 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 254 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 }, 255 256 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 257 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 258 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 259 .len = IEEE80211_MAX_DATA_LEN }, 260 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 261 .len = IEEE80211_MAX_DATA_LEN }, 262 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 263 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 264 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 265 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 266 .len = NL80211_MAX_SUPP_RATES }, 267 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 268 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 269 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 270 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 271 .len = IEEE80211_MAX_MESH_ID_LEN }, 272 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 273 274 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 275 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 276 277 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 278 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 279 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 280 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 281 .len = NL80211_MAX_SUPP_RATES }, 282 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 283 284 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 285 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 286 287 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN }, 288 289 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 290 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 291 .len = IEEE80211_MAX_DATA_LEN }, 292 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 293 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 294 295 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 296 .len = IEEE80211_MAX_SSID_LEN }, 297 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 298 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 299 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 300 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 301 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 302 [NL80211_ATTR_STA_FLAGS2] = { 303 .len = sizeof(struct nl80211_sta_flag_update), 304 }, 305 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 306 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 307 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 308 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 309 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 310 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 311 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 312 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 313 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 314 .len = WLAN_PMKID_LEN }, 315 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 316 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 317 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 318 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 319 .len = IEEE80211_MAX_DATA_LEN }, 320 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 321 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 322 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 323 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 324 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 325 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 326 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 327 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 328 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 329 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 330 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 331 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 332 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 333 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 334 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, 335 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 336 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 337 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 338 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 }, 339 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY, 340 .len = IEEE80211_MAX_DATA_LEN }, 341 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY, 342 .len = IEEE80211_MAX_DATA_LEN }, 343 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 344 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 345 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 346 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 347 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 348 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 349 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 350 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 351 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 352 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 353 .len = IEEE80211_MAX_DATA_LEN }, 354 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 355 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 356 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 357 .len = NL80211_HT_CAPABILITY_LEN 358 }, 359 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 360 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 361 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 362 [NL80211_ATTR_WDEV] = { .type = NLA_U64 }, 363 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 }, 364 [NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, }, 365 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN }, 366 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 }, 367 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 }, 368 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 }, 369 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 }, 370 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED }, 371 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 }, 372 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, }, 373 }; 374 375 /* policy for the key attributes */ 376 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 377 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 378 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 379 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 380 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 381 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 382 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 383 [NL80211_KEY_TYPE] = { .type = NLA_U32 }, 384 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 385 }; 386 387 /* policy for the key default flags */ 388 static const struct nla_policy 389 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 390 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 391 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 392 }; 393 394 /* policy for WoWLAN attributes */ 395 static const struct nla_policy 396 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 397 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 398 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 399 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 400 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 401 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 402 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 403 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 404 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 405 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED }, 406 }; 407 408 static const struct nla_policy 409 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = { 410 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 }, 411 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 }, 412 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN }, 413 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 }, 414 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 }, 415 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 }, 416 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = { 417 .len = sizeof(struct nl80211_wowlan_tcp_data_seq) 418 }, 419 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = { 420 .len = sizeof(struct nl80211_wowlan_tcp_data_token) 421 }, 422 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 }, 423 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 }, 424 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 }, 425 }; 426 427 /* policy for GTK rekey offload attributes */ 428 static const struct nla_policy 429 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 430 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN }, 431 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN }, 432 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN }, 433 }; 434 435 static const struct nla_policy 436 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 437 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY, 438 .len = IEEE80211_MAX_SSID_LEN }, 439 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 }, 440 }; 441 442 /* ifidx get helper */ 443 static int nl80211_get_ifidx(struct netlink_callback *cb) 444 { 445 int res; 446 447 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 448 nl80211_fam.attrbuf, nl80211_fam.maxattr, 449 nl80211_policy); 450 if (res) 451 return res; 452 453 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 454 return -EINVAL; 455 456 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 457 if (!res) 458 return -EINVAL; 459 return res; 460 } 461 462 static int nl80211_prepare_netdev_dump(struct sk_buff *skb, 463 struct netlink_callback *cb, 464 struct cfg80211_registered_device **rdev, 465 struct net_device **dev) 466 { 467 int ifidx = cb->args[0]; 468 int err; 469 470 if (!ifidx) 471 ifidx = nl80211_get_ifidx(cb); 472 if (ifidx < 0) 473 return ifidx; 474 475 cb->args[0] = ifidx; 476 477 rtnl_lock(); 478 479 *dev = __dev_get_by_index(sock_net(skb->sk), ifidx); 480 if (!*dev) { 481 err = -ENODEV; 482 goto out_rtnl; 483 } 484 485 *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 486 if (IS_ERR(*rdev)) { 487 err = PTR_ERR(*rdev); 488 goto out_rtnl; 489 } 490 491 return 0; 492 out_rtnl: 493 rtnl_unlock(); 494 return err; 495 } 496 497 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev) 498 { 499 cfg80211_unlock_rdev(rdev); 500 rtnl_unlock(); 501 } 502 503 /* IE validation */ 504 static bool is_valid_ie_attr(const struct nlattr *attr) 505 { 506 const u8 *pos; 507 int len; 508 509 if (!attr) 510 return true; 511 512 pos = nla_data(attr); 513 len = nla_len(attr); 514 515 while (len) { 516 u8 elemlen; 517 518 if (len < 2) 519 return false; 520 len -= 2; 521 522 elemlen = pos[1]; 523 if (elemlen > len) 524 return false; 525 526 len -= elemlen; 527 pos += 2 + elemlen; 528 } 529 530 return true; 531 } 532 533 /* message building helper */ 534 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq, 535 int flags, u8 cmd) 536 { 537 /* since there is no private header just add the generic one */ 538 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd); 539 } 540 541 static int nl80211_msg_put_channel(struct sk_buff *msg, 542 struct ieee80211_channel *chan) 543 { 544 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ, 545 chan->center_freq)) 546 goto nla_put_failure; 547 548 if ((chan->flags & IEEE80211_CHAN_DISABLED) && 549 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) 550 goto nla_put_failure; 551 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) && 552 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN)) 553 goto nla_put_failure; 554 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) && 555 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS)) 556 goto nla_put_failure; 557 if ((chan->flags & IEEE80211_CHAN_RADAR) && 558 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 559 goto nla_put_failure; 560 561 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 562 DBM_TO_MBM(chan->max_power))) 563 goto nla_put_failure; 564 565 return 0; 566 567 nla_put_failure: 568 return -ENOBUFS; 569 } 570 571 /* netlink command implementations */ 572 573 struct key_parse { 574 struct key_params p; 575 int idx; 576 int type; 577 bool def, defmgmt; 578 bool def_uni, def_multi; 579 }; 580 581 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 582 { 583 struct nlattr *tb[NL80211_KEY_MAX + 1]; 584 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 585 nl80211_key_policy); 586 if (err) 587 return err; 588 589 k->def = !!tb[NL80211_KEY_DEFAULT]; 590 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 591 592 if (k->def) { 593 k->def_uni = true; 594 k->def_multi = true; 595 } 596 if (k->defmgmt) 597 k->def_multi = true; 598 599 if (tb[NL80211_KEY_IDX]) 600 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 601 602 if (tb[NL80211_KEY_DATA]) { 603 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 604 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 605 } 606 607 if (tb[NL80211_KEY_SEQ]) { 608 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 609 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 610 } 611 612 if (tb[NL80211_KEY_CIPHER]) 613 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 614 615 if (tb[NL80211_KEY_TYPE]) { 616 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 617 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 618 return -EINVAL; 619 } 620 621 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 622 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 623 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 624 tb[NL80211_KEY_DEFAULT_TYPES], 625 nl80211_key_default_policy); 626 if (err) 627 return err; 628 629 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 630 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 631 } 632 633 return 0; 634 } 635 636 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 637 { 638 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 639 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 640 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 641 } 642 643 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 644 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 645 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 646 } 647 648 if (info->attrs[NL80211_ATTR_KEY_IDX]) 649 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 650 651 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 652 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 653 654 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 655 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 656 657 if (k->def) { 658 k->def_uni = true; 659 k->def_multi = true; 660 } 661 if (k->defmgmt) 662 k->def_multi = true; 663 664 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 665 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 666 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 667 return -EINVAL; 668 } 669 670 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 671 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 672 int err = nla_parse_nested( 673 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 674 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 675 nl80211_key_default_policy); 676 if (err) 677 return err; 678 679 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 680 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 681 } 682 683 return 0; 684 } 685 686 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 687 { 688 int err; 689 690 memset(k, 0, sizeof(*k)); 691 k->idx = -1; 692 k->type = -1; 693 694 if (info->attrs[NL80211_ATTR_KEY]) 695 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 696 else 697 err = nl80211_parse_key_old(info, k); 698 699 if (err) 700 return err; 701 702 if (k->def && k->defmgmt) 703 return -EINVAL; 704 705 if (k->defmgmt) { 706 if (k->def_uni || !k->def_multi) 707 return -EINVAL; 708 } 709 710 if (k->idx != -1) { 711 if (k->defmgmt) { 712 if (k->idx < 4 || k->idx > 5) 713 return -EINVAL; 714 } else if (k->def) { 715 if (k->idx < 0 || k->idx > 3) 716 return -EINVAL; 717 } else { 718 if (k->idx < 0 || k->idx > 5) 719 return -EINVAL; 720 } 721 } 722 723 return 0; 724 } 725 726 static struct cfg80211_cached_keys * 727 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 728 struct nlattr *keys, bool *no_ht) 729 { 730 struct key_parse parse; 731 struct nlattr *key; 732 struct cfg80211_cached_keys *result; 733 int rem, err, def = 0; 734 735 result = kzalloc(sizeof(*result), GFP_KERNEL); 736 if (!result) 737 return ERR_PTR(-ENOMEM); 738 739 result->def = -1; 740 result->defmgmt = -1; 741 742 nla_for_each_nested(key, keys, rem) { 743 memset(&parse, 0, sizeof(parse)); 744 parse.idx = -1; 745 746 err = nl80211_parse_key_new(key, &parse); 747 if (err) 748 goto error; 749 err = -EINVAL; 750 if (!parse.p.key) 751 goto error; 752 if (parse.idx < 0 || parse.idx > 4) 753 goto error; 754 if (parse.def) { 755 if (def) 756 goto error; 757 def = 1; 758 result->def = parse.idx; 759 if (!parse.def_uni || !parse.def_multi) 760 goto error; 761 } else if (parse.defmgmt) 762 goto error; 763 err = cfg80211_validate_key_settings(rdev, &parse.p, 764 parse.idx, false, NULL); 765 if (err) 766 goto error; 767 result->params[parse.idx].cipher = parse.p.cipher; 768 result->params[parse.idx].key_len = parse.p.key_len; 769 result->params[parse.idx].key = result->data[parse.idx]; 770 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 771 772 if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 || 773 parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) { 774 if (no_ht) 775 *no_ht = true; 776 } 777 } 778 779 return result; 780 error: 781 kfree(result); 782 return ERR_PTR(err); 783 } 784 785 static int nl80211_key_allowed(struct wireless_dev *wdev) 786 { 787 ASSERT_WDEV_LOCK(wdev); 788 789 switch (wdev->iftype) { 790 case NL80211_IFTYPE_AP: 791 case NL80211_IFTYPE_AP_VLAN: 792 case NL80211_IFTYPE_P2P_GO: 793 case NL80211_IFTYPE_MESH_POINT: 794 break; 795 case NL80211_IFTYPE_ADHOC: 796 if (!wdev->current_bss) 797 return -ENOLINK; 798 break; 799 case NL80211_IFTYPE_STATION: 800 case NL80211_IFTYPE_P2P_CLIENT: 801 if (wdev->sme_state != CFG80211_SME_CONNECTED) 802 return -ENOLINK; 803 break; 804 default: 805 return -EINVAL; 806 } 807 808 return 0; 809 } 810 811 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 812 { 813 struct nlattr *nl_modes = nla_nest_start(msg, attr); 814 int i; 815 816 if (!nl_modes) 817 goto nla_put_failure; 818 819 i = 0; 820 while (ifmodes) { 821 if ((ifmodes & 1) && nla_put_flag(msg, i)) 822 goto nla_put_failure; 823 ifmodes >>= 1; 824 i++; 825 } 826 827 nla_nest_end(msg, nl_modes); 828 return 0; 829 830 nla_put_failure: 831 return -ENOBUFS; 832 } 833 834 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 835 struct sk_buff *msg) 836 { 837 struct nlattr *nl_combis; 838 int i, j; 839 840 nl_combis = nla_nest_start(msg, 841 NL80211_ATTR_INTERFACE_COMBINATIONS); 842 if (!nl_combis) 843 goto nla_put_failure; 844 845 for (i = 0; i < wiphy->n_iface_combinations; i++) { 846 const struct ieee80211_iface_combination *c; 847 struct nlattr *nl_combi, *nl_limits; 848 849 c = &wiphy->iface_combinations[i]; 850 851 nl_combi = nla_nest_start(msg, i + 1); 852 if (!nl_combi) 853 goto nla_put_failure; 854 855 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS); 856 if (!nl_limits) 857 goto nla_put_failure; 858 859 for (j = 0; j < c->n_limits; j++) { 860 struct nlattr *nl_limit; 861 862 nl_limit = nla_nest_start(msg, j + 1); 863 if (!nl_limit) 864 goto nla_put_failure; 865 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, 866 c->limits[j].max)) 867 goto nla_put_failure; 868 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 869 c->limits[j].types)) 870 goto nla_put_failure; 871 nla_nest_end(msg, nl_limit); 872 } 873 874 nla_nest_end(msg, nl_limits); 875 876 if (c->beacon_int_infra_match && 877 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH)) 878 goto nla_put_failure; 879 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 880 c->num_different_channels) || 881 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM, 882 c->max_interfaces)) 883 goto nla_put_failure; 884 885 nla_nest_end(msg, nl_combi); 886 } 887 888 nla_nest_end(msg, nl_combis); 889 890 return 0; 891 nla_put_failure: 892 return -ENOBUFS; 893 } 894 895 static int nl80211_send_wiphy(struct sk_buff *msg, u32 portid, u32 seq, int flags, 896 struct cfg80211_registered_device *dev) 897 { 898 void *hdr; 899 struct nlattr *nl_bands, *nl_band; 900 struct nlattr *nl_freqs, *nl_freq; 901 struct nlattr *nl_rates, *nl_rate; 902 struct nlattr *nl_cmds; 903 enum ieee80211_band band; 904 struct ieee80211_channel *chan; 905 struct ieee80211_rate *rate; 906 int i; 907 const struct ieee80211_txrx_stypes *mgmt_stypes = 908 dev->wiphy.mgmt_stypes; 909 910 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY); 911 if (!hdr) 912 return -1; 913 914 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) || 915 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) || 916 nla_put_u32(msg, NL80211_ATTR_GENERATION, 917 cfg80211_rdev_list_generation) || 918 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 919 dev->wiphy.retry_short) || 920 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 921 dev->wiphy.retry_long) || 922 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 923 dev->wiphy.frag_threshold) || 924 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 925 dev->wiphy.rts_threshold) || 926 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 927 dev->wiphy.coverage_class) || 928 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 929 dev->wiphy.max_scan_ssids) || 930 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 931 dev->wiphy.max_sched_scan_ssids) || 932 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 933 dev->wiphy.max_scan_ie_len) || 934 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 935 dev->wiphy.max_sched_scan_ie_len) || 936 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS, 937 dev->wiphy.max_match_sets)) 938 goto nla_put_failure; 939 940 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) && 941 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN)) 942 goto nla_put_failure; 943 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) && 944 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH)) 945 goto nla_put_failure; 946 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 947 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD)) 948 goto nla_put_failure; 949 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) && 950 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT)) 951 goto nla_put_failure; 952 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) && 953 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT)) 954 goto nla_put_failure; 955 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) && 956 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) 957 goto nla_put_failure; 958 959 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES, 960 sizeof(u32) * dev->wiphy.n_cipher_suites, 961 dev->wiphy.cipher_suites)) 962 goto nla_put_failure; 963 964 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 965 dev->wiphy.max_num_pmkids)) 966 goto nla_put_failure; 967 968 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 969 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE)) 970 goto nla_put_failure; 971 972 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 973 dev->wiphy.available_antennas_tx) || 974 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 975 dev->wiphy.available_antennas_rx)) 976 goto nla_put_failure; 977 978 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) && 979 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 980 dev->wiphy.probe_resp_offload)) 981 goto nla_put_failure; 982 983 if ((dev->wiphy.available_antennas_tx || 984 dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) { 985 u32 tx_ant = 0, rx_ant = 0; 986 int res; 987 res = rdev_get_antenna(dev, &tx_ant, &rx_ant); 988 if (!res) { 989 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, 990 tx_ant) || 991 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, 992 rx_ant)) 993 goto nla_put_failure; 994 } 995 } 996 997 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 998 dev->wiphy.interface_modes)) 999 goto nla_put_failure; 1000 1001 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 1002 if (!nl_bands) 1003 goto nla_put_failure; 1004 1005 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 1006 if (!dev->wiphy.bands[band]) 1007 continue; 1008 1009 nl_band = nla_nest_start(msg, band); 1010 if (!nl_band) 1011 goto nla_put_failure; 1012 1013 /* add HT info */ 1014 if (dev->wiphy.bands[band]->ht_cap.ht_supported && 1015 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET, 1016 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 1017 &dev->wiphy.bands[band]->ht_cap.mcs) || 1018 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA, 1019 dev->wiphy.bands[band]->ht_cap.cap) || 1020 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 1021 dev->wiphy.bands[band]->ht_cap.ampdu_factor) || 1022 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 1023 dev->wiphy.bands[band]->ht_cap.ampdu_density))) 1024 goto nla_put_failure; 1025 1026 /* add VHT info */ 1027 if (dev->wiphy.bands[band]->vht_cap.vht_supported && 1028 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET, 1029 sizeof(dev->wiphy.bands[band]->vht_cap.vht_mcs), 1030 &dev->wiphy.bands[band]->vht_cap.vht_mcs) || 1031 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA, 1032 dev->wiphy.bands[band]->vht_cap.cap))) 1033 goto nla_put_failure; 1034 1035 /* add frequencies */ 1036 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 1037 if (!nl_freqs) 1038 goto nla_put_failure; 1039 1040 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 1041 nl_freq = nla_nest_start(msg, i); 1042 if (!nl_freq) 1043 goto nla_put_failure; 1044 1045 chan = &dev->wiphy.bands[band]->channels[i]; 1046 1047 if (nl80211_msg_put_channel(msg, chan)) 1048 goto nla_put_failure; 1049 1050 nla_nest_end(msg, nl_freq); 1051 } 1052 1053 nla_nest_end(msg, nl_freqs); 1054 1055 /* add bitrates */ 1056 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 1057 if (!nl_rates) 1058 goto nla_put_failure; 1059 1060 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 1061 nl_rate = nla_nest_start(msg, i); 1062 if (!nl_rate) 1063 goto nla_put_failure; 1064 1065 rate = &dev->wiphy.bands[band]->bitrates[i]; 1066 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE, 1067 rate->bitrate)) 1068 goto nla_put_failure; 1069 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) && 1070 nla_put_flag(msg, 1071 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE)) 1072 goto nla_put_failure; 1073 1074 nla_nest_end(msg, nl_rate); 1075 } 1076 1077 nla_nest_end(msg, nl_rates); 1078 1079 nla_nest_end(msg, nl_band); 1080 } 1081 nla_nest_end(msg, nl_bands); 1082 1083 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 1084 if (!nl_cmds) 1085 goto nla_put_failure; 1086 1087 i = 0; 1088 #define CMD(op, n) \ 1089 do { \ 1090 if (dev->ops->op) { \ 1091 i++; \ 1092 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \ 1093 goto nla_put_failure; \ 1094 } \ 1095 } while (0) 1096 1097 CMD(add_virtual_intf, NEW_INTERFACE); 1098 CMD(change_virtual_intf, SET_INTERFACE); 1099 CMD(add_key, NEW_KEY); 1100 CMD(start_ap, START_AP); 1101 CMD(add_station, NEW_STATION); 1102 CMD(add_mpath, NEW_MPATH); 1103 CMD(update_mesh_config, SET_MESH_CONFIG); 1104 CMD(change_bss, SET_BSS); 1105 CMD(auth, AUTHENTICATE); 1106 CMD(assoc, ASSOCIATE); 1107 CMD(deauth, DEAUTHENTICATE); 1108 CMD(disassoc, DISASSOCIATE); 1109 CMD(join_ibss, JOIN_IBSS); 1110 CMD(join_mesh, JOIN_MESH); 1111 CMD(set_pmksa, SET_PMKSA); 1112 CMD(del_pmksa, DEL_PMKSA); 1113 CMD(flush_pmksa, FLUSH_PMKSA); 1114 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 1115 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 1116 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 1117 CMD(mgmt_tx, FRAME); 1118 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 1119 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 1120 i++; 1121 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS)) 1122 goto nla_put_failure; 1123 } 1124 if (dev->ops->set_monitor_channel || dev->ops->start_ap || 1125 dev->ops->join_mesh) { 1126 i++; 1127 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL)) 1128 goto nla_put_failure; 1129 } 1130 CMD(set_wds_peer, SET_WDS_PEER); 1131 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 1132 CMD(tdls_mgmt, TDLS_MGMT); 1133 CMD(tdls_oper, TDLS_OPER); 1134 } 1135 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) 1136 CMD(sched_scan_start, START_SCHED_SCAN); 1137 CMD(probe_client, PROBE_CLIENT); 1138 CMD(set_noack_map, SET_NOACK_MAP); 1139 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 1140 i++; 1141 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 1142 goto nla_put_failure; 1143 } 1144 CMD(start_p2p_device, START_P2P_DEVICE); 1145 CMD(set_mcast_rate, SET_MCAST_RATE); 1146 1147 #ifdef CONFIG_NL80211_TESTMODE 1148 CMD(testmode_cmd, TESTMODE); 1149 #endif 1150 1151 #undef CMD 1152 1153 if (dev->ops->connect || dev->ops->auth) { 1154 i++; 1155 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT)) 1156 goto nla_put_failure; 1157 } 1158 1159 if (dev->ops->disconnect || dev->ops->deauth) { 1160 i++; 1161 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT)) 1162 goto nla_put_failure; 1163 } 1164 1165 nla_nest_end(msg, nl_cmds); 1166 1167 if (dev->ops->remain_on_channel && 1168 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) && 1169 nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 1170 dev->wiphy.max_remain_on_channel_duration)) 1171 goto nla_put_failure; 1172 1173 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) && 1174 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) 1175 goto nla_put_failure; 1176 1177 if (mgmt_stypes) { 1178 u16 stypes; 1179 struct nlattr *nl_ftypes, *nl_ifs; 1180 enum nl80211_iftype ift; 1181 1182 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES); 1183 if (!nl_ifs) 1184 goto nla_put_failure; 1185 1186 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1187 nl_ftypes = nla_nest_start(msg, ift); 1188 if (!nl_ftypes) 1189 goto nla_put_failure; 1190 i = 0; 1191 stypes = mgmt_stypes[ift].tx; 1192 while (stypes) { 1193 if ((stypes & 1) && 1194 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1195 (i << 4) | IEEE80211_FTYPE_MGMT)) 1196 goto nla_put_failure; 1197 stypes >>= 1; 1198 i++; 1199 } 1200 nla_nest_end(msg, nl_ftypes); 1201 } 1202 1203 nla_nest_end(msg, nl_ifs); 1204 1205 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES); 1206 if (!nl_ifs) 1207 goto nla_put_failure; 1208 1209 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1210 nl_ftypes = nla_nest_start(msg, ift); 1211 if (!nl_ftypes) 1212 goto nla_put_failure; 1213 i = 0; 1214 stypes = mgmt_stypes[ift].rx; 1215 while (stypes) { 1216 if ((stypes & 1) && 1217 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1218 (i << 4) | IEEE80211_FTYPE_MGMT)) 1219 goto nla_put_failure; 1220 stypes >>= 1; 1221 i++; 1222 } 1223 nla_nest_end(msg, nl_ftypes); 1224 } 1225 nla_nest_end(msg, nl_ifs); 1226 } 1227 1228 #ifdef CONFIG_PM 1229 if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) { 1230 struct nlattr *nl_wowlan; 1231 1232 nl_wowlan = nla_nest_start(msg, 1233 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 1234 if (!nl_wowlan) 1235 goto nla_put_failure; 1236 1237 if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) && 1238 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 1239 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) && 1240 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 1241 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) && 1242 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 1243 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) && 1244 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) || 1245 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) && 1246 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 1247 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) && 1248 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 1249 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) && 1250 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 1251 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) && 1252 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 1253 goto nla_put_failure; 1254 if (dev->wiphy.wowlan.n_patterns) { 1255 struct nl80211_wowlan_pattern_support pat = { 1256 .max_patterns = dev->wiphy.wowlan.n_patterns, 1257 .min_pattern_len = 1258 dev->wiphy.wowlan.pattern_min_len, 1259 .max_pattern_len = 1260 dev->wiphy.wowlan.pattern_max_len, 1261 .max_pkt_offset = 1262 dev->wiphy.wowlan.max_pkt_offset, 1263 }; 1264 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1265 sizeof(pat), &pat)) 1266 goto nla_put_failure; 1267 } 1268 1269 nla_nest_end(msg, nl_wowlan); 1270 } 1271 #endif 1272 1273 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 1274 dev->wiphy.software_iftypes)) 1275 goto nla_put_failure; 1276 1277 if (nl80211_put_iface_combinations(&dev->wiphy, msg)) 1278 goto nla_put_failure; 1279 1280 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) && 1281 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME, 1282 dev->wiphy.ap_sme_capa)) 1283 goto nla_put_failure; 1284 1285 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, 1286 dev->wiphy.features)) 1287 goto nla_put_failure; 1288 1289 if (dev->wiphy.ht_capa_mod_mask && 1290 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 1291 sizeof(*dev->wiphy.ht_capa_mod_mask), 1292 dev->wiphy.ht_capa_mod_mask)) 1293 goto nla_put_failure; 1294 1295 if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME && 1296 dev->wiphy.max_acl_mac_addrs && 1297 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX, 1298 dev->wiphy.max_acl_mac_addrs)) 1299 goto nla_put_failure; 1300 1301 return genlmsg_end(msg, hdr); 1302 1303 nla_put_failure: 1304 genlmsg_cancel(msg, hdr); 1305 return -EMSGSIZE; 1306 } 1307 1308 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 1309 { 1310 int idx = 0, ret; 1311 int start = cb->args[0]; 1312 struct cfg80211_registered_device *dev; 1313 1314 mutex_lock(&cfg80211_mutex); 1315 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 1316 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 1317 continue; 1318 if (++idx <= start) 1319 continue; 1320 ret = nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).portid, 1321 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1322 dev); 1323 if (ret < 0) { 1324 /* 1325 * If sending the wiphy data didn't fit (ENOBUFS or 1326 * EMSGSIZE returned), this SKB is still empty (so 1327 * it's not too big because another wiphy dataset is 1328 * already in the skb) and we've not tried to adjust 1329 * the dump allocation yet ... then adjust the alloc 1330 * size to be bigger, and return 1 but with the empty 1331 * skb. This results in an empty message being RX'ed 1332 * in userspace, but that is ignored. 1333 * 1334 * We can then retry with the larger buffer. 1335 */ 1336 if ((ret == -ENOBUFS || ret == -EMSGSIZE) && 1337 !skb->len && 1338 cb->min_dump_alloc < 4096) { 1339 cb->min_dump_alloc = 4096; 1340 mutex_unlock(&cfg80211_mutex); 1341 return 1; 1342 } 1343 idx--; 1344 break; 1345 } 1346 } 1347 mutex_unlock(&cfg80211_mutex); 1348 1349 cb->args[0] = idx; 1350 1351 return skb->len; 1352 } 1353 1354 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 1355 { 1356 struct sk_buff *msg; 1357 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1358 1359 msg = nlmsg_new(4096, GFP_KERNEL); 1360 if (!msg) 1361 return -ENOMEM; 1362 1363 if (nl80211_send_wiphy(msg, info->snd_portid, info->snd_seq, 0, dev) < 0) { 1364 nlmsg_free(msg); 1365 return -ENOBUFS; 1366 } 1367 1368 return genlmsg_reply(msg, info); 1369 } 1370 1371 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 1372 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 1373 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 1374 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 1375 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 1376 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 1377 }; 1378 1379 static int parse_txq_params(struct nlattr *tb[], 1380 struct ieee80211_txq_params *txq_params) 1381 { 1382 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || 1383 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 1384 !tb[NL80211_TXQ_ATTR_AIFS]) 1385 return -EINVAL; 1386 1387 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); 1388 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 1389 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 1390 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 1391 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 1392 1393 if (txq_params->ac >= NL80211_NUM_ACS) 1394 return -EINVAL; 1395 1396 return 0; 1397 } 1398 1399 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 1400 { 1401 /* 1402 * You can only set the channel explicitly for WDS interfaces, 1403 * all others have their channel managed via their respective 1404 * "establish a connection" command (connect, join, ...) 1405 * 1406 * For AP/GO and mesh mode, the channel can be set with the 1407 * channel userspace API, but is only stored and passed to the 1408 * low-level driver when the AP starts or the mesh is joined. 1409 * This is for backward compatibility, userspace can also give 1410 * the channel in the start-ap or join-mesh commands instead. 1411 * 1412 * Monitors are special as they are normally slaved to 1413 * whatever else is going on, so they have their own special 1414 * operation to set the monitor channel if possible. 1415 */ 1416 return !wdev || 1417 wdev->iftype == NL80211_IFTYPE_AP || 1418 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 1419 wdev->iftype == NL80211_IFTYPE_MONITOR || 1420 wdev->iftype == NL80211_IFTYPE_P2P_GO; 1421 } 1422 1423 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev, 1424 struct genl_info *info, 1425 struct cfg80211_chan_def *chandef) 1426 { 1427 u32 control_freq; 1428 1429 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 1430 return -EINVAL; 1431 1432 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 1433 1434 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq); 1435 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 1436 chandef->center_freq1 = control_freq; 1437 chandef->center_freq2 = 0; 1438 1439 /* Primary channel not allowed */ 1440 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) 1441 return -EINVAL; 1442 1443 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 1444 enum nl80211_channel_type chantype; 1445 1446 chantype = nla_get_u32( 1447 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1448 1449 switch (chantype) { 1450 case NL80211_CHAN_NO_HT: 1451 case NL80211_CHAN_HT20: 1452 case NL80211_CHAN_HT40PLUS: 1453 case NL80211_CHAN_HT40MINUS: 1454 cfg80211_chandef_create(chandef, chandef->chan, 1455 chantype); 1456 break; 1457 default: 1458 return -EINVAL; 1459 } 1460 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) { 1461 chandef->width = 1462 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]); 1463 if (info->attrs[NL80211_ATTR_CENTER_FREQ1]) 1464 chandef->center_freq1 = 1465 nla_get_u32( 1466 info->attrs[NL80211_ATTR_CENTER_FREQ1]); 1467 if (info->attrs[NL80211_ATTR_CENTER_FREQ2]) 1468 chandef->center_freq2 = 1469 nla_get_u32( 1470 info->attrs[NL80211_ATTR_CENTER_FREQ2]); 1471 } 1472 1473 if (!cfg80211_chandef_valid(chandef)) 1474 return -EINVAL; 1475 1476 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef, 1477 IEEE80211_CHAN_DISABLED)) 1478 return -EINVAL; 1479 1480 return 0; 1481 } 1482 1483 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 1484 struct wireless_dev *wdev, 1485 struct genl_info *info) 1486 { 1487 struct cfg80211_chan_def chandef; 1488 int result; 1489 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR; 1490 1491 if (wdev) 1492 iftype = wdev->iftype; 1493 1494 if (!nl80211_can_set_dev_channel(wdev)) 1495 return -EOPNOTSUPP; 1496 1497 result = nl80211_parse_chandef(rdev, info, &chandef); 1498 if (result) 1499 return result; 1500 1501 mutex_lock(&rdev->devlist_mtx); 1502 switch (iftype) { 1503 case NL80211_IFTYPE_AP: 1504 case NL80211_IFTYPE_P2P_GO: 1505 if (wdev->beacon_interval) { 1506 result = -EBUSY; 1507 break; 1508 } 1509 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef)) { 1510 result = -EINVAL; 1511 break; 1512 } 1513 wdev->preset_chandef = chandef; 1514 result = 0; 1515 break; 1516 case NL80211_IFTYPE_MESH_POINT: 1517 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef); 1518 break; 1519 case NL80211_IFTYPE_MONITOR: 1520 result = cfg80211_set_monitor_channel(rdev, &chandef); 1521 break; 1522 default: 1523 result = -EINVAL; 1524 } 1525 mutex_unlock(&rdev->devlist_mtx); 1526 1527 return result; 1528 } 1529 1530 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 1531 { 1532 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1533 struct net_device *netdev = info->user_ptr[1]; 1534 1535 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 1536 } 1537 1538 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info) 1539 { 1540 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1541 struct net_device *dev = info->user_ptr[1]; 1542 struct wireless_dev *wdev = dev->ieee80211_ptr; 1543 const u8 *bssid; 1544 1545 if (!info->attrs[NL80211_ATTR_MAC]) 1546 return -EINVAL; 1547 1548 if (netif_running(dev)) 1549 return -EBUSY; 1550 1551 if (!rdev->ops->set_wds_peer) 1552 return -EOPNOTSUPP; 1553 1554 if (wdev->iftype != NL80211_IFTYPE_WDS) 1555 return -EOPNOTSUPP; 1556 1557 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 1558 return rdev_set_wds_peer(rdev, dev, bssid); 1559 } 1560 1561 1562 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 1563 { 1564 struct cfg80211_registered_device *rdev; 1565 struct net_device *netdev = NULL; 1566 struct wireless_dev *wdev; 1567 int result = 0, rem_txq_params = 0; 1568 struct nlattr *nl_txq_params; 1569 u32 changed; 1570 u8 retry_short = 0, retry_long = 0; 1571 u32 frag_threshold = 0, rts_threshold = 0; 1572 u8 coverage_class = 0; 1573 1574 /* 1575 * Try to find the wiphy and netdev. Normally this 1576 * function shouldn't need the netdev, but this is 1577 * done for backward compatibility -- previously 1578 * setting the channel was done per wiphy, but now 1579 * it is per netdev. Previous userland like hostapd 1580 * also passed a netdev to set_wiphy, so that it is 1581 * possible to let that go to the right netdev! 1582 */ 1583 mutex_lock(&cfg80211_mutex); 1584 1585 if (info->attrs[NL80211_ATTR_IFINDEX]) { 1586 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 1587 1588 netdev = dev_get_by_index(genl_info_net(info), ifindex); 1589 if (netdev && netdev->ieee80211_ptr) { 1590 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 1591 mutex_lock(&rdev->mtx); 1592 } else 1593 netdev = NULL; 1594 } 1595 1596 if (!netdev) { 1597 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info), 1598 info->attrs); 1599 if (IS_ERR(rdev)) { 1600 mutex_unlock(&cfg80211_mutex); 1601 return PTR_ERR(rdev); 1602 } 1603 wdev = NULL; 1604 netdev = NULL; 1605 result = 0; 1606 1607 mutex_lock(&rdev->mtx); 1608 } else 1609 wdev = netdev->ieee80211_ptr; 1610 1611 /* 1612 * end workaround code, by now the rdev is available 1613 * and locked, and wdev may or may not be NULL. 1614 */ 1615 1616 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 1617 result = cfg80211_dev_rename( 1618 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 1619 1620 mutex_unlock(&cfg80211_mutex); 1621 1622 if (result) 1623 goto bad_res; 1624 1625 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 1626 struct ieee80211_txq_params txq_params; 1627 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 1628 1629 if (!rdev->ops->set_txq_params) { 1630 result = -EOPNOTSUPP; 1631 goto bad_res; 1632 } 1633 1634 if (!netdev) { 1635 result = -EINVAL; 1636 goto bad_res; 1637 } 1638 1639 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 1640 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 1641 result = -EINVAL; 1642 goto bad_res; 1643 } 1644 1645 if (!netif_running(netdev)) { 1646 result = -ENETDOWN; 1647 goto bad_res; 1648 } 1649 1650 nla_for_each_nested(nl_txq_params, 1651 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 1652 rem_txq_params) { 1653 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 1654 nla_data(nl_txq_params), 1655 nla_len(nl_txq_params), 1656 txq_params_policy); 1657 result = parse_txq_params(tb, &txq_params); 1658 if (result) 1659 goto bad_res; 1660 1661 result = rdev_set_txq_params(rdev, netdev, 1662 &txq_params); 1663 if (result) 1664 goto bad_res; 1665 } 1666 } 1667 1668 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 1669 result = __nl80211_set_channel(rdev, 1670 nl80211_can_set_dev_channel(wdev) ? wdev : NULL, 1671 info); 1672 if (result) 1673 goto bad_res; 1674 } 1675 1676 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 1677 struct wireless_dev *txp_wdev = wdev; 1678 enum nl80211_tx_power_setting type; 1679 int idx, mbm = 0; 1680 1681 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER)) 1682 txp_wdev = NULL; 1683 1684 if (!rdev->ops->set_tx_power) { 1685 result = -EOPNOTSUPP; 1686 goto bad_res; 1687 } 1688 1689 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 1690 type = nla_get_u32(info->attrs[idx]); 1691 1692 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 1693 (type != NL80211_TX_POWER_AUTOMATIC)) { 1694 result = -EINVAL; 1695 goto bad_res; 1696 } 1697 1698 if (type != NL80211_TX_POWER_AUTOMATIC) { 1699 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 1700 mbm = nla_get_u32(info->attrs[idx]); 1701 } 1702 1703 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm); 1704 if (result) 1705 goto bad_res; 1706 } 1707 1708 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 1709 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 1710 u32 tx_ant, rx_ant; 1711 if ((!rdev->wiphy.available_antennas_tx && 1712 !rdev->wiphy.available_antennas_rx) || 1713 !rdev->ops->set_antenna) { 1714 result = -EOPNOTSUPP; 1715 goto bad_res; 1716 } 1717 1718 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 1719 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 1720 1721 /* reject antenna configurations which don't match the 1722 * available antenna masks, except for the "all" mask */ 1723 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 1724 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) { 1725 result = -EINVAL; 1726 goto bad_res; 1727 } 1728 1729 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 1730 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 1731 1732 result = rdev_set_antenna(rdev, tx_ant, rx_ant); 1733 if (result) 1734 goto bad_res; 1735 } 1736 1737 changed = 0; 1738 1739 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 1740 retry_short = nla_get_u8( 1741 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 1742 if (retry_short == 0) { 1743 result = -EINVAL; 1744 goto bad_res; 1745 } 1746 changed |= WIPHY_PARAM_RETRY_SHORT; 1747 } 1748 1749 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 1750 retry_long = nla_get_u8( 1751 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 1752 if (retry_long == 0) { 1753 result = -EINVAL; 1754 goto bad_res; 1755 } 1756 changed |= WIPHY_PARAM_RETRY_LONG; 1757 } 1758 1759 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 1760 frag_threshold = nla_get_u32( 1761 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 1762 if (frag_threshold < 256) { 1763 result = -EINVAL; 1764 goto bad_res; 1765 } 1766 if (frag_threshold != (u32) -1) { 1767 /* 1768 * Fragments (apart from the last one) are required to 1769 * have even length. Make the fragmentation code 1770 * simpler by stripping LSB should someone try to use 1771 * odd threshold value. 1772 */ 1773 frag_threshold &= ~0x1; 1774 } 1775 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 1776 } 1777 1778 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 1779 rts_threshold = nla_get_u32( 1780 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 1781 changed |= WIPHY_PARAM_RTS_THRESHOLD; 1782 } 1783 1784 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 1785 coverage_class = nla_get_u8( 1786 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 1787 changed |= WIPHY_PARAM_COVERAGE_CLASS; 1788 } 1789 1790 if (changed) { 1791 u8 old_retry_short, old_retry_long; 1792 u32 old_frag_threshold, old_rts_threshold; 1793 u8 old_coverage_class; 1794 1795 if (!rdev->ops->set_wiphy_params) { 1796 result = -EOPNOTSUPP; 1797 goto bad_res; 1798 } 1799 1800 old_retry_short = rdev->wiphy.retry_short; 1801 old_retry_long = rdev->wiphy.retry_long; 1802 old_frag_threshold = rdev->wiphy.frag_threshold; 1803 old_rts_threshold = rdev->wiphy.rts_threshold; 1804 old_coverage_class = rdev->wiphy.coverage_class; 1805 1806 if (changed & WIPHY_PARAM_RETRY_SHORT) 1807 rdev->wiphy.retry_short = retry_short; 1808 if (changed & WIPHY_PARAM_RETRY_LONG) 1809 rdev->wiphy.retry_long = retry_long; 1810 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 1811 rdev->wiphy.frag_threshold = frag_threshold; 1812 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 1813 rdev->wiphy.rts_threshold = rts_threshold; 1814 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 1815 rdev->wiphy.coverage_class = coverage_class; 1816 1817 result = rdev_set_wiphy_params(rdev, changed); 1818 if (result) { 1819 rdev->wiphy.retry_short = old_retry_short; 1820 rdev->wiphy.retry_long = old_retry_long; 1821 rdev->wiphy.frag_threshold = old_frag_threshold; 1822 rdev->wiphy.rts_threshold = old_rts_threshold; 1823 rdev->wiphy.coverage_class = old_coverage_class; 1824 } 1825 } 1826 1827 bad_res: 1828 mutex_unlock(&rdev->mtx); 1829 if (netdev) 1830 dev_put(netdev); 1831 return result; 1832 } 1833 1834 static inline u64 wdev_id(struct wireless_dev *wdev) 1835 { 1836 return (u64)wdev->identifier | 1837 ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32); 1838 } 1839 1840 static int nl80211_send_chandef(struct sk_buff *msg, 1841 struct cfg80211_chan_def *chandef) 1842 { 1843 WARN_ON(!cfg80211_chandef_valid(chandef)); 1844 1845 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 1846 chandef->chan->center_freq)) 1847 return -ENOBUFS; 1848 switch (chandef->width) { 1849 case NL80211_CHAN_WIDTH_20_NOHT: 1850 case NL80211_CHAN_WIDTH_20: 1851 case NL80211_CHAN_WIDTH_40: 1852 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 1853 cfg80211_get_chandef_type(chandef))) 1854 return -ENOBUFS; 1855 break; 1856 default: 1857 break; 1858 } 1859 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width)) 1860 return -ENOBUFS; 1861 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1)) 1862 return -ENOBUFS; 1863 if (chandef->center_freq2 && 1864 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2)) 1865 return -ENOBUFS; 1866 return 0; 1867 } 1868 1869 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags, 1870 struct cfg80211_registered_device *rdev, 1871 struct wireless_dev *wdev) 1872 { 1873 struct net_device *dev = wdev->netdev; 1874 void *hdr; 1875 1876 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE); 1877 if (!hdr) 1878 return -1; 1879 1880 if (dev && 1881 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 1882 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name))) 1883 goto nla_put_failure; 1884 1885 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 1886 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) || 1887 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 1888 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) || 1889 nla_put_u32(msg, NL80211_ATTR_GENERATION, 1890 rdev->devlist_generation ^ 1891 (cfg80211_rdev_list_generation << 2))) 1892 goto nla_put_failure; 1893 1894 if (rdev->ops->get_channel) { 1895 int ret; 1896 struct cfg80211_chan_def chandef; 1897 1898 ret = rdev_get_channel(rdev, wdev, &chandef); 1899 if (ret == 0) { 1900 if (nl80211_send_chandef(msg, &chandef)) 1901 goto nla_put_failure; 1902 } 1903 } 1904 1905 if (wdev->ssid_len) { 1906 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid)) 1907 goto nla_put_failure; 1908 } 1909 1910 return genlmsg_end(msg, hdr); 1911 1912 nla_put_failure: 1913 genlmsg_cancel(msg, hdr); 1914 return -EMSGSIZE; 1915 } 1916 1917 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 1918 { 1919 int wp_idx = 0; 1920 int if_idx = 0; 1921 int wp_start = cb->args[0]; 1922 int if_start = cb->args[1]; 1923 struct cfg80211_registered_device *rdev; 1924 struct wireless_dev *wdev; 1925 1926 mutex_lock(&cfg80211_mutex); 1927 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1928 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1929 continue; 1930 if (wp_idx < wp_start) { 1931 wp_idx++; 1932 continue; 1933 } 1934 if_idx = 0; 1935 1936 mutex_lock(&rdev->devlist_mtx); 1937 list_for_each_entry(wdev, &rdev->wdev_list, list) { 1938 if (if_idx < if_start) { 1939 if_idx++; 1940 continue; 1941 } 1942 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid, 1943 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1944 rdev, wdev) < 0) { 1945 mutex_unlock(&rdev->devlist_mtx); 1946 goto out; 1947 } 1948 if_idx++; 1949 } 1950 mutex_unlock(&rdev->devlist_mtx); 1951 1952 wp_idx++; 1953 } 1954 out: 1955 mutex_unlock(&cfg80211_mutex); 1956 1957 cb->args[0] = wp_idx; 1958 cb->args[1] = if_idx; 1959 1960 return skb->len; 1961 } 1962 1963 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 1964 { 1965 struct sk_buff *msg; 1966 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1967 struct wireless_dev *wdev = info->user_ptr[1]; 1968 1969 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1970 if (!msg) 1971 return -ENOMEM; 1972 1973 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 1974 dev, wdev) < 0) { 1975 nlmsg_free(msg); 1976 return -ENOBUFS; 1977 } 1978 1979 return genlmsg_reply(msg, info); 1980 } 1981 1982 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 1983 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 1984 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 1985 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 1986 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 1987 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 1988 }; 1989 1990 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 1991 { 1992 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 1993 int flag; 1994 1995 *mntrflags = 0; 1996 1997 if (!nla) 1998 return -EINVAL; 1999 2000 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 2001 nla, mntr_flags_policy)) 2002 return -EINVAL; 2003 2004 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 2005 if (flags[flag]) 2006 *mntrflags |= (1<<flag); 2007 2008 return 0; 2009 } 2010 2011 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 2012 struct net_device *netdev, u8 use_4addr, 2013 enum nl80211_iftype iftype) 2014 { 2015 if (!use_4addr) { 2016 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 2017 return -EBUSY; 2018 return 0; 2019 } 2020 2021 switch (iftype) { 2022 case NL80211_IFTYPE_AP_VLAN: 2023 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 2024 return 0; 2025 break; 2026 case NL80211_IFTYPE_STATION: 2027 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 2028 return 0; 2029 break; 2030 default: 2031 break; 2032 } 2033 2034 return -EOPNOTSUPP; 2035 } 2036 2037 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 2038 { 2039 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2040 struct vif_params params; 2041 int err; 2042 enum nl80211_iftype otype, ntype; 2043 struct net_device *dev = info->user_ptr[1]; 2044 u32 _flags, *flags = NULL; 2045 bool change = false; 2046 2047 memset(¶ms, 0, sizeof(params)); 2048 2049 otype = ntype = dev->ieee80211_ptr->iftype; 2050 2051 if (info->attrs[NL80211_ATTR_IFTYPE]) { 2052 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 2053 if (otype != ntype) 2054 change = true; 2055 if (ntype > NL80211_IFTYPE_MAX) 2056 return -EINVAL; 2057 } 2058 2059 if (info->attrs[NL80211_ATTR_MESH_ID]) { 2060 struct wireless_dev *wdev = dev->ieee80211_ptr; 2061 2062 if (ntype != NL80211_IFTYPE_MESH_POINT) 2063 return -EINVAL; 2064 if (netif_running(dev)) 2065 return -EBUSY; 2066 2067 wdev_lock(wdev); 2068 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2069 IEEE80211_MAX_MESH_ID_LEN); 2070 wdev->mesh_id_up_len = 2071 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 2072 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 2073 wdev->mesh_id_up_len); 2074 wdev_unlock(wdev); 2075 } 2076 2077 if (info->attrs[NL80211_ATTR_4ADDR]) { 2078 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 2079 change = true; 2080 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 2081 if (err) 2082 return err; 2083 } else { 2084 params.use_4addr = -1; 2085 } 2086 2087 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 2088 if (ntype != NL80211_IFTYPE_MONITOR) 2089 return -EINVAL; 2090 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 2091 &_flags); 2092 if (err) 2093 return err; 2094 2095 flags = &_flags; 2096 change = true; 2097 } 2098 2099 if (change) 2100 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 2101 else 2102 err = 0; 2103 2104 if (!err && params.use_4addr != -1) 2105 dev->ieee80211_ptr->use_4addr = params.use_4addr; 2106 2107 return err; 2108 } 2109 2110 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 2111 { 2112 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2113 struct vif_params params; 2114 struct wireless_dev *wdev; 2115 struct sk_buff *msg; 2116 int err; 2117 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 2118 u32 flags; 2119 2120 memset(¶ms, 0, sizeof(params)); 2121 2122 if (!info->attrs[NL80211_ATTR_IFNAME]) 2123 return -EINVAL; 2124 2125 if (info->attrs[NL80211_ATTR_IFTYPE]) { 2126 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 2127 if (type > NL80211_IFTYPE_MAX) 2128 return -EINVAL; 2129 } 2130 2131 if (!rdev->ops->add_virtual_intf || 2132 !(rdev->wiphy.interface_modes & (1 << type))) 2133 return -EOPNOTSUPP; 2134 2135 if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) { 2136 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC], 2137 ETH_ALEN); 2138 if (!is_valid_ether_addr(params.macaddr)) 2139 return -EADDRNOTAVAIL; 2140 } 2141 2142 if (info->attrs[NL80211_ATTR_4ADDR]) { 2143 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 2144 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 2145 if (err) 2146 return err; 2147 } 2148 2149 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2150 if (!msg) 2151 return -ENOMEM; 2152 2153 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 2154 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 2155 &flags); 2156 wdev = rdev_add_virtual_intf(rdev, 2157 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 2158 type, err ? NULL : &flags, ¶ms); 2159 if (IS_ERR(wdev)) { 2160 nlmsg_free(msg); 2161 return PTR_ERR(wdev); 2162 } 2163 2164 switch (type) { 2165 case NL80211_IFTYPE_MESH_POINT: 2166 if (!info->attrs[NL80211_ATTR_MESH_ID]) 2167 break; 2168 wdev_lock(wdev); 2169 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2170 IEEE80211_MAX_MESH_ID_LEN); 2171 wdev->mesh_id_up_len = 2172 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 2173 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 2174 wdev->mesh_id_up_len); 2175 wdev_unlock(wdev); 2176 break; 2177 case NL80211_IFTYPE_P2P_DEVICE: 2178 /* 2179 * P2P Device doesn't have a netdev, so doesn't go 2180 * through the netdev notifier and must be added here 2181 */ 2182 mutex_init(&wdev->mtx); 2183 INIT_LIST_HEAD(&wdev->event_list); 2184 spin_lock_init(&wdev->event_lock); 2185 INIT_LIST_HEAD(&wdev->mgmt_registrations); 2186 spin_lock_init(&wdev->mgmt_registrations_lock); 2187 2188 mutex_lock(&rdev->devlist_mtx); 2189 wdev->identifier = ++rdev->wdev_id; 2190 list_add_rcu(&wdev->list, &rdev->wdev_list); 2191 rdev->devlist_generation++; 2192 mutex_unlock(&rdev->devlist_mtx); 2193 break; 2194 default: 2195 break; 2196 } 2197 2198 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 2199 rdev, wdev) < 0) { 2200 nlmsg_free(msg); 2201 return -ENOBUFS; 2202 } 2203 2204 return genlmsg_reply(msg, info); 2205 } 2206 2207 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 2208 { 2209 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2210 struct wireless_dev *wdev = info->user_ptr[1]; 2211 2212 if (!rdev->ops->del_virtual_intf) 2213 return -EOPNOTSUPP; 2214 2215 /* 2216 * If we remove a wireless device without a netdev then clear 2217 * user_ptr[1] so that nl80211_post_doit won't dereference it 2218 * to check if it needs to do dev_put(). Otherwise it crashes 2219 * since the wdev has been freed, unlike with a netdev where 2220 * we need the dev_put() for the netdev to really be freed. 2221 */ 2222 if (!wdev->netdev) 2223 info->user_ptr[1] = NULL; 2224 2225 return rdev_del_virtual_intf(rdev, wdev); 2226 } 2227 2228 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 2229 { 2230 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2231 struct net_device *dev = info->user_ptr[1]; 2232 u16 noack_map; 2233 2234 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 2235 return -EINVAL; 2236 2237 if (!rdev->ops->set_noack_map) 2238 return -EOPNOTSUPP; 2239 2240 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 2241 2242 return rdev_set_noack_map(rdev, dev, noack_map); 2243 } 2244 2245 struct get_key_cookie { 2246 struct sk_buff *msg; 2247 int error; 2248 int idx; 2249 }; 2250 2251 static void get_key_callback(void *c, struct key_params *params) 2252 { 2253 struct nlattr *key; 2254 struct get_key_cookie *cookie = c; 2255 2256 if ((params->key && 2257 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA, 2258 params->key_len, params->key)) || 2259 (params->seq && 2260 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ, 2261 params->seq_len, params->seq)) || 2262 (params->cipher && 2263 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 2264 params->cipher))) 2265 goto nla_put_failure; 2266 2267 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 2268 if (!key) 2269 goto nla_put_failure; 2270 2271 if ((params->key && 2272 nla_put(cookie->msg, NL80211_KEY_DATA, 2273 params->key_len, params->key)) || 2274 (params->seq && 2275 nla_put(cookie->msg, NL80211_KEY_SEQ, 2276 params->seq_len, params->seq)) || 2277 (params->cipher && 2278 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER, 2279 params->cipher))) 2280 goto nla_put_failure; 2281 2282 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx)) 2283 goto nla_put_failure; 2284 2285 nla_nest_end(cookie->msg, key); 2286 2287 return; 2288 nla_put_failure: 2289 cookie->error = 1; 2290 } 2291 2292 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 2293 { 2294 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2295 int err; 2296 struct net_device *dev = info->user_ptr[1]; 2297 u8 key_idx = 0; 2298 const u8 *mac_addr = NULL; 2299 bool pairwise; 2300 struct get_key_cookie cookie = { 2301 .error = 0, 2302 }; 2303 void *hdr; 2304 struct sk_buff *msg; 2305 2306 if (info->attrs[NL80211_ATTR_KEY_IDX]) 2307 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 2308 2309 if (key_idx > 5) 2310 return -EINVAL; 2311 2312 if (info->attrs[NL80211_ATTR_MAC]) 2313 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2314 2315 pairwise = !!mac_addr; 2316 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 2317 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 2318 if (kt >= NUM_NL80211_KEYTYPES) 2319 return -EINVAL; 2320 if (kt != NL80211_KEYTYPE_GROUP && 2321 kt != NL80211_KEYTYPE_PAIRWISE) 2322 return -EINVAL; 2323 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 2324 } 2325 2326 if (!rdev->ops->get_key) 2327 return -EOPNOTSUPP; 2328 2329 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2330 if (!msg) 2331 return -ENOMEM; 2332 2333 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 2334 NL80211_CMD_NEW_KEY); 2335 if (IS_ERR(hdr)) 2336 return PTR_ERR(hdr); 2337 2338 cookie.msg = msg; 2339 cookie.idx = key_idx; 2340 2341 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2342 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx)) 2343 goto nla_put_failure; 2344 if (mac_addr && 2345 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 2346 goto nla_put_failure; 2347 2348 if (pairwise && mac_addr && 2349 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2350 return -ENOENT; 2351 2352 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie, 2353 get_key_callback); 2354 2355 if (err) 2356 goto free_msg; 2357 2358 if (cookie.error) 2359 goto nla_put_failure; 2360 2361 genlmsg_end(msg, hdr); 2362 return genlmsg_reply(msg, info); 2363 2364 nla_put_failure: 2365 err = -ENOBUFS; 2366 free_msg: 2367 nlmsg_free(msg); 2368 return err; 2369 } 2370 2371 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 2372 { 2373 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2374 struct key_parse key; 2375 int err; 2376 struct net_device *dev = info->user_ptr[1]; 2377 2378 err = nl80211_parse_key(info, &key); 2379 if (err) 2380 return err; 2381 2382 if (key.idx < 0) 2383 return -EINVAL; 2384 2385 /* only support setting default key */ 2386 if (!key.def && !key.defmgmt) 2387 return -EINVAL; 2388 2389 wdev_lock(dev->ieee80211_ptr); 2390 2391 if (key.def) { 2392 if (!rdev->ops->set_default_key) { 2393 err = -EOPNOTSUPP; 2394 goto out; 2395 } 2396 2397 err = nl80211_key_allowed(dev->ieee80211_ptr); 2398 if (err) 2399 goto out; 2400 2401 err = rdev_set_default_key(rdev, dev, key.idx, 2402 key.def_uni, key.def_multi); 2403 2404 if (err) 2405 goto out; 2406 2407 #ifdef CONFIG_CFG80211_WEXT 2408 dev->ieee80211_ptr->wext.default_key = key.idx; 2409 #endif 2410 } else { 2411 if (key.def_uni || !key.def_multi) { 2412 err = -EINVAL; 2413 goto out; 2414 } 2415 2416 if (!rdev->ops->set_default_mgmt_key) { 2417 err = -EOPNOTSUPP; 2418 goto out; 2419 } 2420 2421 err = nl80211_key_allowed(dev->ieee80211_ptr); 2422 if (err) 2423 goto out; 2424 2425 err = rdev_set_default_mgmt_key(rdev, dev, key.idx); 2426 if (err) 2427 goto out; 2428 2429 #ifdef CONFIG_CFG80211_WEXT 2430 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 2431 #endif 2432 } 2433 2434 out: 2435 wdev_unlock(dev->ieee80211_ptr); 2436 2437 return err; 2438 } 2439 2440 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 2441 { 2442 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2443 int err; 2444 struct net_device *dev = info->user_ptr[1]; 2445 struct key_parse key; 2446 const u8 *mac_addr = NULL; 2447 2448 err = nl80211_parse_key(info, &key); 2449 if (err) 2450 return err; 2451 2452 if (!key.p.key) 2453 return -EINVAL; 2454 2455 if (info->attrs[NL80211_ATTR_MAC]) 2456 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2457 2458 if (key.type == -1) { 2459 if (mac_addr) 2460 key.type = NL80211_KEYTYPE_PAIRWISE; 2461 else 2462 key.type = NL80211_KEYTYPE_GROUP; 2463 } 2464 2465 /* for now */ 2466 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2467 key.type != NL80211_KEYTYPE_GROUP) 2468 return -EINVAL; 2469 2470 if (!rdev->ops->add_key) 2471 return -EOPNOTSUPP; 2472 2473 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 2474 key.type == NL80211_KEYTYPE_PAIRWISE, 2475 mac_addr)) 2476 return -EINVAL; 2477 2478 wdev_lock(dev->ieee80211_ptr); 2479 err = nl80211_key_allowed(dev->ieee80211_ptr); 2480 if (!err) 2481 err = rdev_add_key(rdev, dev, key.idx, 2482 key.type == NL80211_KEYTYPE_PAIRWISE, 2483 mac_addr, &key.p); 2484 wdev_unlock(dev->ieee80211_ptr); 2485 2486 return err; 2487 } 2488 2489 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 2490 { 2491 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2492 int err; 2493 struct net_device *dev = info->user_ptr[1]; 2494 u8 *mac_addr = NULL; 2495 struct key_parse key; 2496 2497 err = nl80211_parse_key(info, &key); 2498 if (err) 2499 return err; 2500 2501 if (info->attrs[NL80211_ATTR_MAC]) 2502 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2503 2504 if (key.type == -1) { 2505 if (mac_addr) 2506 key.type = NL80211_KEYTYPE_PAIRWISE; 2507 else 2508 key.type = NL80211_KEYTYPE_GROUP; 2509 } 2510 2511 /* for now */ 2512 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2513 key.type != NL80211_KEYTYPE_GROUP) 2514 return -EINVAL; 2515 2516 if (!rdev->ops->del_key) 2517 return -EOPNOTSUPP; 2518 2519 wdev_lock(dev->ieee80211_ptr); 2520 err = nl80211_key_allowed(dev->ieee80211_ptr); 2521 2522 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr && 2523 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2524 err = -ENOENT; 2525 2526 if (!err) 2527 err = rdev_del_key(rdev, dev, key.idx, 2528 key.type == NL80211_KEYTYPE_PAIRWISE, 2529 mac_addr); 2530 2531 #ifdef CONFIG_CFG80211_WEXT 2532 if (!err) { 2533 if (key.idx == dev->ieee80211_ptr->wext.default_key) 2534 dev->ieee80211_ptr->wext.default_key = -1; 2535 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 2536 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 2537 } 2538 #endif 2539 wdev_unlock(dev->ieee80211_ptr); 2540 2541 return err; 2542 } 2543 2544 /* This function returns an error or the number of nested attributes */ 2545 static int validate_acl_mac_addrs(struct nlattr *nl_attr) 2546 { 2547 struct nlattr *attr; 2548 int n_entries = 0, tmp; 2549 2550 nla_for_each_nested(attr, nl_attr, tmp) { 2551 if (nla_len(attr) != ETH_ALEN) 2552 return -EINVAL; 2553 2554 n_entries++; 2555 } 2556 2557 return n_entries; 2558 } 2559 2560 /* 2561 * This function parses ACL information and allocates memory for ACL data. 2562 * On successful return, the calling function is responsible to free the 2563 * ACL buffer returned by this function. 2564 */ 2565 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy, 2566 struct genl_info *info) 2567 { 2568 enum nl80211_acl_policy acl_policy; 2569 struct nlattr *attr; 2570 struct cfg80211_acl_data *acl; 2571 int i = 0, n_entries, tmp; 2572 2573 if (!wiphy->max_acl_mac_addrs) 2574 return ERR_PTR(-EOPNOTSUPP); 2575 2576 if (!info->attrs[NL80211_ATTR_ACL_POLICY]) 2577 return ERR_PTR(-EINVAL); 2578 2579 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]); 2580 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED && 2581 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED) 2582 return ERR_PTR(-EINVAL); 2583 2584 if (!info->attrs[NL80211_ATTR_MAC_ADDRS]) 2585 return ERR_PTR(-EINVAL); 2586 2587 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]); 2588 if (n_entries < 0) 2589 return ERR_PTR(n_entries); 2590 2591 if (n_entries > wiphy->max_acl_mac_addrs) 2592 return ERR_PTR(-ENOTSUPP); 2593 2594 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries), 2595 GFP_KERNEL); 2596 if (!acl) 2597 return ERR_PTR(-ENOMEM); 2598 2599 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) { 2600 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN); 2601 i++; 2602 } 2603 2604 acl->n_acl_entries = n_entries; 2605 acl->acl_policy = acl_policy; 2606 2607 return acl; 2608 } 2609 2610 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info) 2611 { 2612 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2613 struct net_device *dev = info->user_ptr[1]; 2614 struct cfg80211_acl_data *acl; 2615 int err; 2616 2617 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2618 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2619 return -EOPNOTSUPP; 2620 2621 if (!dev->ieee80211_ptr->beacon_interval) 2622 return -EINVAL; 2623 2624 acl = parse_acl_data(&rdev->wiphy, info); 2625 if (IS_ERR(acl)) 2626 return PTR_ERR(acl); 2627 2628 err = rdev_set_mac_acl(rdev, dev, acl); 2629 2630 kfree(acl); 2631 2632 return err; 2633 } 2634 2635 static int nl80211_parse_beacon(struct genl_info *info, 2636 struct cfg80211_beacon_data *bcn) 2637 { 2638 bool haveinfo = false; 2639 2640 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) || 2641 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) || 2642 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) || 2643 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP])) 2644 return -EINVAL; 2645 2646 memset(bcn, 0, sizeof(*bcn)); 2647 2648 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 2649 bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2650 bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2651 if (!bcn->head_len) 2652 return -EINVAL; 2653 haveinfo = true; 2654 } 2655 2656 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 2657 bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2658 bcn->tail_len = 2659 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2660 haveinfo = true; 2661 } 2662 2663 if (!haveinfo) 2664 return -EINVAL; 2665 2666 if (info->attrs[NL80211_ATTR_IE]) { 2667 bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]); 2668 bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]); 2669 } 2670 2671 if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) { 2672 bcn->proberesp_ies = 2673 nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2674 bcn->proberesp_ies_len = 2675 nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2676 } 2677 2678 if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 2679 bcn->assocresp_ies = 2680 nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2681 bcn->assocresp_ies_len = 2682 nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2683 } 2684 2685 if (info->attrs[NL80211_ATTR_PROBE_RESP]) { 2686 bcn->probe_resp = 2687 nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]); 2688 bcn->probe_resp_len = 2689 nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]); 2690 } 2691 2692 return 0; 2693 } 2694 2695 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev, 2696 struct cfg80211_ap_settings *params) 2697 { 2698 struct wireless_dev *wdev; 2699 bool ret = false; 2700 2701 mutex_lock(&rdev->devlist_mtx); 2702 2703 list_for_each_entry(wdev, &rdev->wdev_list, list) { 2704 if (wdev->iftype != NL80211_IFTYPE_AP && 2705 wdev->iftype != NL80211_IFTYPE_P2P_GO) 2706 continue; 2707 2708 if (!wdev->preset_chandef.chan) 2709 continue; 2710 2711 params->chandef = wdev->preset_chandef; 2712 ret = true; 2713 break; 2714 } 2715 2716 mutex_unlock(&rdev->devlist_mtx); 2717 2718 return ret; 2719 } 2720 2721 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev, 2722 enum nl80211_auth_type auth_type, 2723 enum nl80211_commands cmd) 2724 { 2725 if (auth_type > NL80211_AUTHTYPE_MAX) 2726 return false; 2727 2728 switch (cmd) { 2729 case NL80211_CMD_AUTHENTICATE: 2730 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && 2731 auth_type == NL80211_AUTHTYPE_SAE) 2732 return false; 2733 return true; 2734 case NL80211_CMD_CONNECT: 2735 case NL80211_CMD_START_AP: 2736 /* SAE not supported yet */ 2737 if (auth_type == NL80211_AUTHTYPE_SAE) 2738 return false; 2739 return true; 2740 default: 2741 return false; 2742 } 2743 } 2744 2745 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 2746 { 2747 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2748 struct net_device *dev = info->user_ptr[1]; 2749 struct wireless_dev *wdev = dev->ieee80211_ptr; 2750 struct cfg80211_ap_settings params; 2751 int err; 2752 u8 radar_detect_width = 0; 2753 2754 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2755 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2756 return -EOPNOTSUPP; 2757 2758 if (!rdev->ops->start_ap) 2759 return -EOPNOTSUPP; 2760 2761 if (wdev->beacon_interval) 2762 return -EALREADY; 2763 2764 memset(¶ms, 0, sizeof(params)); 2765 2766 /* these are required for START_AP */ 2767 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 2768 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 2769 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 2770 return -EINVAL; 2771 2772 err = nl80211_parse_beacon(info, ¶ms.beacon); 2773 if (err) 2774 return err; 2775 2776 params.beacon_interval = 2777 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 2778 params.dtim_period = 2779 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 2780 2781 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval); 2782 if (err) 2783 return err; 2784 2785 /* 2786 * In theory, some of these attributes should be required here 2787 * but since they were not used when the command was originally 2788 * added, keep them optional for old user space programs to let 2789 * them continue to work with drivers that do not need the 2790 * additional information -- drivers must check! 2791 */ 2792 if (info->attrs[NL80211_ATTR_SSID]) { 2793 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 2794 params.ssid_len = 2795 nla_len(info->attrs[NL80211_ATTR_SSID]); 2796 if (params.ssid_len == 0 || 2797 params.ssid_len > IEEE80211_MAX_SSID_LEN) 2798 return -EINVAL; 2799 } 2800 2801 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) { 2802 params.hidden_ssid = nla_get_u32( 2803 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 2804 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE && 2805 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN && 2806 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS) 2807 return -EINVAL; 2808 } 2809 2810 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 2811 2812 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 2813 params.auth_type = nla_get_u32( 2814 info->attrs[NL80211_ATTR_AUTH_TYPE]); 2815 if (!nl80211_valid_auth_type(rdev, params.auth_type, 2816 NL80211_CMD_START_AP)) 2817 return -EINVAL; 2818 } else 2819 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 2820 2821 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto, 2822 NL80211_MAX_NR_CIPHER_SUITES); 2823 if (err) 2824 return err; 2825 2826 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 2827 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) 2828 return -EOPNOTSUPP; 2829 params.inactivity_timeout = nla_get_u16( 2830 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 2831 } 2832 2833 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 2834 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2835 return -EINVAL; 2836 params.p2p_ctwindow = 2837 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 2838 if (params.p2p_ctwindow > 127) 2839 return -EINVAL; 2840 if (params.p2p_ctwindow != 0 && 2841 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 2842 return -EINVAL; 2843 } 2844 2845 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 2846 u8 tmp; 2847 2848 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2849 return -EINVAL; 2850 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 2851 if (tmp > 1) 2852 return -EINVAL; 2853 params.p2p_opp_ps = tmp; 2854 if (params.p2p_opp_ps != 0 && 2855 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 2856 return -EINVAL; 2857 } 2858 2859 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 2860 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef); 2861 if (err) 2862 return err; 2863 } else if (wdev->preset_chandef.chan) { 2864 params.chandef = wdev->preset_chandef; 2865 } else if (!nl80211_get_ap_channel(rdev, ¶ms)) 2866 return -EINVAL; 2867 2868 if (!cfg80211_reg_can_beacon(&rdev->wiphy, ¶ms.chandef)) 2869 return -EINVAL; 2870 2871 err = cfg80211_chandef_dfs_required(wdev->wiphy, ¶ms.chandef); 2872 if (err < 0) 2873 return err; 2874 if (err) { 2875 radar_detect_width = BIT(params.chandef.width); 2876 params.radar_required = true; 2877 } 2878 2879 mutex_lock(&rdev->devlist_mtx); 2880 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype, 2881 params.chandef.chan, 2882 CHAN_MODE_SHARED, 2883 radar_detect_width); 2884 mutex_unlock(&rdev->devlist_mtx); 2885 2886 if (err) 2887 return err; 2888 2889 if (info->attrs[NL80211_ATTR_ACL_POLICY]) { 2890 params.acl = parse_acl_data(&rdev->wiphy, info); 2891 if (IS_ERR(params.acl)) 2892 return PTR_ERR(params.acl); 2893 } 2894 2895 err = rdev_start_ap(rdev, dev, ¶ms); 2896 if (!err) { 2897 wdev->preset_chandef = params.chandef; 2898 wdev->beacon_interval = params.beacon_interval; 2899 wdev->channel = params.chandef.chan; 2900 wdev->ssid_len = params.ssid_len; 2901 memcpy(wdev->ssid, params.ssid, wdev->ssid_len); 2902 } 2903 2904 kfree(params.acl); 2905 2906 return err; 2907 } 2908 2909 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 2910 { 2911 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2912 struct net_device *dev = info->user_ptr[1]; 2913 struct wireless_dev *wdev = dev->ieee80211_ptr; 2914 struct cfg80211_beacon_data params; 2915 int err; 2916 2917 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2918 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2919 return -EOPNOTSUPP; 2920 2921 if (!rdev->ops->change_beacon) 2922 return -EOPNOTSUPP; 2923 2924 if (!wdev->beacon_interval) 2925 return -EINVAL; 2926 2927 err = nl80211_parse_beacon(info, ¶ms); 2928 if (err) 2929 return err; 2930 2931 return rdev_change_beacon(rdev, dev, ¶ms); 2932 } 2933 2934 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 2935 { 2936 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2937 struct net_device *dev = info->user_ptr[1]; 2938 2939 return cfg80211_stop_ap(rdev, dev); 2940 } 2941 2942 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 2943 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 2944 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 2945 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 2946 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 2947 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 2948 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 2949 }; 2950 2951 static int parse_station_flags(struct genl_info *info, 2952 enum nl80211_iftype iftype, 2953 struct station_parameters *params) 2954 { 2955 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 2956 struct nlattr *nla; 2957 int flag; 2958 2959 /* 2960 * Try parsing the new attribute first so userspace 2961 * can specify both for older kernels. 2962 */ 2963 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 2964 if (nla) { 2965 struct nl80211_sta_flag_update *sta_flags; 2966 2967 sta_flags = nla_data(nla); 2968 params->sta_flags_mask = sta_flags->mask; 2969 params->sta_flags_set = sta_flags->set; 2970 if ((params->sta_flags_mask | 2971 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 2972 return -EINVAL; 2973 return 0; 2974 } 2975 2976 /* if present, parse the old attribute */ 2977 2978 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 2979 if (!nla) 2980 return 0; 2981 2982 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 2983 nla, sta_flags_policy)) 2984 return -EINVAL; 2985 2986 /* 2987 * Only allow certain flags for interface types so that 2988 * other attributes are silently ignored. Remember that 2989 * this is backward compatibility code with old userspace 2990 * and shouldn't be hit in other cases anyway. 2991 */ 2992 switch (iftype) { 2993 case NL80211_IFTYPE_AP: 2994 case NL80211_IFTYPE_AP_VLAN: 2995 case NL80211_IFTYPE_P2P_GO: 2996 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2997 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 2998 BIT(NL80211_STA_FLAG_WME) | 2999 BIT(NL80211_STA_FLAG_MFP); 3000 break; 3001 case NL80211_IFTYPE_P2P_CLIENT: 3002 case NL80211_IFTYPE_STATION: 3003 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 3004 BIT(NL80211_STA_FLAG_TDLS_PEER); 3005 break; 3006 case NL80211_IFTYPE_MESH_POINT: 3007 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3008 BIT(NL80211_STA_FLAG_MFP) | 3009 BIT(NL80211_STA_FLAG_AUTHORIZED); 3010 default: 3011 return -EINVAL; 3012 } 3013 3014 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) { 3015 if (flags[flag]) { 3016 params->sta_flags_set |= (1<<flag); 3017 3018 /* no longer support new API additions in old API */ 3019 if (flag > NL80211_STA_FLAG_MAX_OLD_API) 3020 return -EINVAL; 3021 } 3022 } 3023 3024 return 0; 3025 } 3026 3027 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, 3028 int attr) 3029 { 3030 struct nlattr *rate; 3031 u32 bitrate; 3032 u16 bitrate_compat; 3033 3034 rate = nla_nest_start(msg, attr); 3035 if (!rate) 3036 return false; 3037 3038 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 3039 bitrate = cfg80211_calculate_bitrate(info); 3040 /* report 16-bit bitrate only if we can */ 3041 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0; 3042 if (bitrate > 0 && 3043 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) 3044 return false; 3045 if (bitrate_compat > 0 && 3046 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) 3047 return false; 3048 3049 if (info->flags & RATE_INFO_FLAGS_MCS) { 3050 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) 3051 return false; 3052 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH && 3053 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) 3054 return false; 3055 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 3056 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 3057 return false; 3058 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) { 3059 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs)) 3060 return false; 3061 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss)) 3062 return false; 3063 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH && 3064 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) 3065 return false; 3066 if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH && 3067 nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH)) 3068 return false; 3069 if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH && 3070 nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH)) 3071 return false; 3072 if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH && 3073 nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH)) 3074 return false; 3075 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 3076 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 3077 return false; 3078 } 3079 3080 nla_nest_end(msg, rate); 3081 return true; 3082 } 3083 3084 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq, 3085 int flags, 3086 struct cfg80211_registered_device *rdev, 3087 struct net_device *dev, 3088 const u8 *mac_addr, struct station_info *sinfo) 3089 { 3090 void *hdr; 3091 struct nlattr *sinfoattr, *bss_param; 3092 3093 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION); 3094 if (!hdr) 3095 return -1; 3096 3097 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3098 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 3099 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation)) 3100 goto nla_put_failure; 3101 3102 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 3103 if (!sinfoattr) 3104 goto nla_put_failure; 3105 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) && 3106 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME, 3107 sinfo->connected_time)) 3108 goto nla_put_failure; 3109 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) && 3110 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME, 3111 sinfo->inactive_time)) 3112 goto nla_put_failure; 3113 if ((sinfo->filled & (STATION_INFO_RX_BYTES | 3114 STATION_INFO_RX_BYTES64)) && 3115 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES, 3116 (u32)sinfo->rx_bytes)) 3117 goto nla_put_failure; 3118 if ((sinfo->filled & (STATION_INFO_TX_BYTES | 3119 NL80211_STA_INFO_TX_BYTES64)) && 3120 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 3121 (u32)sinfo->tx_bytes)) 3122 goto nla_put_failure; 3123 if ((sinfo->filled & STATION_INFO_RX_BYTES64) && 3124 nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64, 3125 sinfo->rx_bytes)) 3126 goto nla_put_failure; 3127 if ((sinfo->filled & STATION_INFO_TX_BYTES64) && 3128 nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64, 3129 sinfo->tx_bytes)) 3130 goto nla_put_failure; 3131 if ((sinfo->filled & STATION_INFO_LLID) && 3132 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid)) 3133 goto nla_put_failure; 3134 if ((sinfo->filled & STATION_INFO_PLID) && 3135 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid)) 3136 goto nla_put_failure; 3137 if ((sinfo->filled & STATION_INFO_PLINK_STATE) && 3138 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE, 3139 sinfo->plink_state)) 3140 goto nla_put_failure; 3141 switch (rdev->wiphy.signal_type) { 3142 case CFG80211_SIGNAL_TYPE_MBM: 3143 if ((sinfo->filled & STATION_INFO_SIGNAL) && 3144 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL, 3145 sinfo->signal)) 3146 goto nla_put_failure; 3147 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) && 3148 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG, 3149 sinfo->signal_avg)) 3150 goto nla_put_failure; 3151 break; 3152 default: 3153 break; 3154 } 3155 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 3156 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 3157 NL80211_STA_INFO_TX_BITRATE)) 3158 goto nla_put_failure; 3159 } 3160 if (sinfo->filled & STATION_INFO_RX_BITRATE) { 3161 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 3162 NL80211_STA_INFO_RX_BITRATE)) 3163 goto nla_put_failure; 3164 } 3165 if ((sinfo->filled & STATION_INFO_RX_PACKETS) && 3166 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS, 3167 sinfo->rx_packets)) 3168 goto nla_put_failure; 3169 if ((sinfo->filled & STATION_INFO_TX_PACKETS) && 3170 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS, 3171 sinfo->tx_packets)) 3172 goto nla_put_failure; 3173 if ((sinfo->filled & STATION_INFO_TX_RETRIES) && 3174 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES, 3175 sinfo->tx_retries)) 3176 goto nla_put_failure; 3177 if ((sinfo->filled & STATION_INFO_TX_FAILED) && 3178 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED, 3179 sinfo->tx_failed)) 3180 goto nla_put_failure; 3181 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) && 3182 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS, 3183 sinfo->beacon_loss_count)) 3184 goto nla_put_failure; 3185 if ((sinfo->filled & STATION_INFO_LOCAL_PM) && 3186 nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM, 3187 sinfo->local_pm)) 3188 goto nla_put_failure; 3189 if ((sinfo->filled & STATION_INFO_PEER_PM) && 3190 nla_put_u32(msg, NL80211_STA_INFO_PEER_PM, 3191 sinfo->peer_pm)) 3192 goto nla_put_failure; 3193 if ((sinfo->filled & STATION_INFO_NONPEER_PM) && 3194 nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM, 3195 sinfo->nonpeer_pm)) 3196 goto nla_put_failure; 3197 if (sinfo->filled & STATION_INFO_BSS_PARAM) { 3198 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM); 3199 if (!bss_param) 3200 goto nla_put_failure; 3201 3202 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) && 3203 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) || 3204 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) && 3205 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) || 3206 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) && 3207 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) || 3208 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 3209 sinfo->bss_param.dtim_period) || 3210 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 3211 sinfo->bss_param.beacon_interval)) 3212 goto nla_put_failure; 3213 3214 nla_nest_end(msg, bss_param); 3215 } 3216 if ((sinfo->filled & STATION_INFO_STA_FLAGS) && 3217 nla_put(msg, NL80211_STA_INFO_STA_FLAGS, 3218 sizeof(struct nl80211_sta_flag_update), 3219 &sinfo->sta_flags)) 3220 goto nla_put_failure; 3221 if ((sinfo->filled & STATION_INFO_T_OFFSET) && 3222 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET, 3223 sinfo->t_offset)) 3224 goto nla_put_failure; 3225 nla_nest_end(msg, sinfoattr); 3226 3227 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) && 3228 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 3229 sinfo->assoc_req_ies)) 3230 goto nla_put_failure; 3231 3232 return genlmsg_end(msg, hdr); 3233 3234 nla_put_failure: 3235 genlmsg_cancel(msg, hdr); 3236 return -EMSGSIZE; 3237 } 3238 3239 static int nl80211_dump_station(struct sk_buff *skb, 3240 struct netlink_callback *cb) 3241 { 3242 struct station_info sinfo; 3243 struct cfg80211_registered_device *dev; 3244 struct net_device *netdev; 3245 u8 mac_addr[ETH_ALEN]; 3246 int sta_idx = cb->args[1]; 3247 int err; 3248 3249 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 3250 if (err) 3251 return err; 3252 3253 if (!dev->ops->dump_station) { 3254 err = -EOPNOTSUPP; 3255 goto out_err; 3256 } 3257 3258 while (1) { 3259 memset(&sinfo, 0, sizeof(sinfo)); 3260 err = rdev_dump_station(dev, netdev, sta_idx, 3261 mac_addr, &sinfo); 3262 if (err == -ENOENT) 3263 break; 3264 if (err) 3265 goto out_err; 3266 3267 if (nl80211_send_station(skb, 3268 NETLINK_CB(cb->skb).portid, 3269 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3270 dev, netdev, mac_addr, 3271 &sinfo) < 0) 3272 goto out; 3273 3274 sta_idx++; 3275 } 3276 3277 3278 out: 3279 cb->args[1] = sta_idx; 3280 err = skb->len; 3281 out_err: 3282 nl80211_finish_netdev_dump(dev); 3283 3284 return err; 3285 } 3286 3287 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 3288 { 3289 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3290 struct net_device *dev = info->user_ptr[1]; 3291 struct station_info sinfo; 3292 struct sk_buff *msg; 3293 u8 *mac_addr = NULL; 3294 int err; 3295 3296 memset(&sinfo, 0, sizeof(sinfo)); 3297 3298 if (!info->attrs[NL80211_ATTR_MAC]) 3299 return -EINVAL; 3300 3301 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3302 3303 if (!rdev->ops->get_station) 3304 return -EOPNOTSUPP; 3305 3306 err = rdev_get_station(rdev, dev, mac_addr, &sinfo); 3307 if (err) 3308 return err; 3309 3310 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3311 if (!msg) 3312 return -ENOMEM; 3313 3314 if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0, 3315 rdev, dev, mac_addr, &sinfo) < 0) { 3316 nlmsg_free(msg); 3317 return -ENOBUFS; 3318 } 3319 3320 return genlmsg_reply(msg, info); 3321 } 3322 3323 /* 3324 * Get vlan interface making sure it is running and on the right wiphy. 3325 */ 3326 static struct net_device *get_vlan(struct genl_info *info, 3327 struct cfg80211_registered_device *rdev) 3328 { 3329 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 3330 struct net_device *v; 3331 int ret; 3332 3333 if (!vlanattr) 3334 return NULL; 3335 3336 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 3337 if (!v) 3338 return ERR_PTR(-ENODEV); 3339 3340 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 3341 ret = -EINVAL; 3342 goto error; 3343 } 3344 3345 if (!netif_running(v)) { 3346 ret = -ENETDOWN; 3347 goto error; 3348 } 3349 3350 return v; 3351 error: 3352 dev_put(v); 3353 return ERR_PTR(ret); 3354 } 3355 3356 static struct nla_policy 3357 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = { 3358 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 3359 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 3360 }; 3361 3362 static int nl80211_set_station_tdls(struct genl_info *info, 3363 struct station_parameters *params) 3364 { 3365 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 3366 struct nlattr *nla; 3367 int err; 3368 3369 /* Dummy STA entry gets updated once the peer capabilities are known */ 3370 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 3371 params->ht_capa = 3372 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 3373 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 3374 params->vht_capa = 3375 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 3376 3377 /* parse WME attributes if present */ 3378 if (!info->attrs[NL80211_ATTR_STA_WME]) 3379 return 0; 3380 3381 nla = info->attrs[NL80211_ATTR_STA_WME]; 3382 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 3383 nl80211_sta_wme_policy); 3384 if (err) 3385 return err; 3386 3387 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 3388 params->uapsd_queues = nla_get_u8( 3389 tb[NL80211_STA_WME_UAPSD_QUEUES]); 3390 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 3391 return -EINVAL; 3392 3393 if (tb[NL80211_STA_WME_MAX_SP]) 3394 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 3395 3396 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 3397 return -EINVAL; 3398 3399 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 3400 3401 return 0; 3402 } 3403 3404 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 3405 { 3406 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3407 int err; 3408 struct net_device *dev = info->user_ptr[1]; 3409 struct station_parameters params; 3410 u8 *mac_addr = NULL; 3411 3412 memset(¶ms, 0, sizeof(params)); 3413 3414 params.listen_interval = -1; 3415 params.plink_state = -1; 3416 3417 if (info->attrs[NL80211_ATTR_STA_AID]) 3418 return -EINVAL; 3419 3420 if (!info->attrs[NL80211_ATTR_MAC]) 3421 return -EINVAL; 3422 3423 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3424 3425 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 3426 params.supported_rates = 3427 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3428 params.supported_rates_len = 3429 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3430 } 3431 3432 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 3433 params.capability = 3434 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 3435 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 3436 } 3437 3438 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 3439 params.ext_capab = 3440 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 3441 params.ext_capab_len = 3442 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 3443 } 3444 3445 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 3446 return -EINVAL; 3447 3448 if (!rdev->ops->change_station) 3449 return -EOPNOTSUPP; 3450 3451 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 3452 return -EINVAL; 3453 3454 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 3455 params.plink_action = 3456 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 3457 3458 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) 3459 params.plink_state = 3460 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 3461 3462 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) { 3463 enum nl80211_mesh_power_mode pm = nla_get_u32( 3464 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]); 3465 3466 if (pm <= NL80211_MESH_POWER_UNKNOWN || 3467 pm > NL80211_MESH_POWER_MAX) 3468 return -EINVAL; 3469 3470 params.local_pm = pm; 3471 } 3472 3473 switch (dev->ieee80211_ptr->iftype) { 3474 case NL80211_IFTYPE_AP: 3475 case NL80211_IFTYPE_AP_VLAN: 3476 case NL80211_IFTYPE_P2P_GO: 3477 /* disallow mesh-specific things */ 3478 if (params.plink_action) 3479 return -EINVAL; 3480 if (params.local_pm) 3481 return -EINVAL; 3482 3483 /* TDLS can't be set, ... */ 3484 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3485 return -EINVAL; 3486 /* 3487 * ... but don't bother the driver with it. This works around 3488 * a hostapd/wpa_supplicant issue -- it always includes the 3489 * TLDS_PEER flag in the mask even for AP mode. 3490 */ 3491 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3492 3493 /* accept only the listed bits */ 3494 if (params.sta_flags_mask & 3495 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 3496 BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3497 BIT(NL80211_STA_FLAG_ASSOCIATED) | 3498 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 3499 BIT(NL80211_STA_FLAG_WME) | 3500 BIT(NL80211_STA_FLAG_MFP))) 3501 return -EINVAL; 3502 3503 /* but authenticated/associated only if driver handles it */ 3504 if (!(rdev->wiphy.features & 3505 NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 3506 params.sta_flags_mask & 3507 (BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3508 BIT(NL80211_STA_FLAG_ASSOCIATED))) 3509 return -EINVAL; 3510 3511 /* reject other things that can't change */ 3512 if (params.supported_rates) 3513 return -EINVAL; 3514 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) 3515 return -EINVAL; 3516 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) 3517 return -EINVAL; 3518 if (info->attrs[NL80211_ATTR_HT_CAPABILITY] || 3519 info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 3520 return -EINVAL; 3521 3522 /* must be last in here for error handling */ 3523 params.vlan = get_vlan(info, rdev); 3524 if (IS_ERR(params.vlan)) 3525 return PTR_ERR(params.vlan); 3526 break; 3527 case NL80211_IFTYPE_P2P_CLIENT: 3528 case NL80211_IFTYPE_STATION: 3529 /* 3530 * Don't allow userspace to change the TDLS_PEER flag, 3531 * but silently ignore attempts to change it since we 3532 * don't have state here to verify that it doesn't try 3533 * to change the flag. 3534 */ 3535 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3536 /* Include parameters for TDLS peer (driver will check) */ 3537 err = nl80211_set_station_tdls(info, ¶ms); 3538 if (err) 3539 return err; 3540 /* disallow things sta doesn't support */ 3541 if (params.plink_action) 3542 return -EINVAL; 3543 if (params.local_pm) 3544 return -EINVAL; 3545 /* reject any changes other than AUTHORIZED or WME (for TDLS) */ 3546 if (params.sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 3547 BIT(NL80211_STA_FLAG_WME))) 3548 return -EINVAL; 3549 break; 3550 case NL80211_IFTYPE_ADHOC: 3551 /* disallow things sta doesn't support */ 3552 if (params.plink_action) 3553 return -EINVAL; 3554 if (params.local_pm) 3555 return -EINVAL; 3556 if (info->attrs[NL80211_ATTR_HT_CAPABILITY] || 3557 info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 3558 return -EINVAL; 3559 /* reject any changes other than AUTHORIZED */ 3560 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 3561 return -EINVAL; 3562 break; 3563 case NL80211_IFTYPE_MESH_POINT: 3564 /* disallow things mesh doesn't support */ 3565 if (params.vlan) 3566 return -EINVAL; 3567 if (params.supported_rates) 3568 return -EINVAL; 3569 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) 3570 return -EINVAL; 3571 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) 3572 return -EINVAL; 3573 if (info->attrs[NL80211_ATTR_HT_CAPABILITY] || 3574 info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 3575 return -EINVAL; 3576 /* 3577 * No special handling for TDLS here -- the userspace 3578 * mesh code doesn't have this bug. 3579 */ 3580 if (params.sta_flags_mask & 3581 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3582 BIT(NL80211_STA_FLAG_MFP) | 3583 BIT(NL80211_STA_FLAG_AUTHORIZED))) 3584 return -EINVAL; 3585 break; 3586 default: 3587 return -EOPNOTSUPP; 3588 } 3589 3590 /* be aware of params.vlan when changing code here */ 3591 3592 err = rdev_change_station(rdev, dev, mac_addr, ¶ms); 3593 3594 if (params.vlan) 3595 dev_put(params.vlan); 3596 3597 return err; 3598 } 3599 3600 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 3601 { 3602 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3603 int err; 3604 struct net_device *dev = info->user_ptr[1]; 3605 struct station_parameters params; 3606 u8 *mac_addr = NULL; 3607 3608 memset(¶ms, 0, sizeof(params)); 3609 3610 if (!info->attrs[NL80211_ATTR_MAC]) 3611 return -EINVAL; 3612 3613 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 3614 return -EINVAL; 3615 3616 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 3617 return -EINVAL; 3618 3619 if (!info->attrs[NL80211_ATTR_STA_AID]) 3620 return -EINVAL; 3621 3622 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3623 params.supported_rates = 3624 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3625 params.supported_rates_len = 3626 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3627 params.listen_interval = 3628 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 3629 3630 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 3631 if (!params.aid || params.aid > IEEE80211_MAX_AID) 3632 return -EINVAL; 3633 3634 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 3635 params.capability = 3636 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 3637 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 3638 } 3639 3640 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 3641 params.ext_capab = 3642 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 3643 params.ext_capab_len = 3644 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 3645 } 3646 3647 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 3648 params.ht_capa = 3649 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 3650 3651 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 3652 params.vht_capa = 3653 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 3654 3655 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 3656 params.plink_action = 3657 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 3658 3659 if (!rdev->ops->add_station) 3660 return -EOPNOTSUPP; 3661 3662 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 3663 return -EINVAL; 3664 3665 switch (dev->ieee80211_ptr->iftype) { 3666 case NL80211_IFTYPE_AP: 3667 case NL80211_IFTYPE_AP_VLAN: 3668 case NL80211_IFTYPE_P2P_GO: 3669 /* parse WME attributes if sta is WME capable */ 3670 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 3671 (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) && 3672 info->attrs[NL80211_ATTR_STA_WME]) { 3673 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 3674 struct nlattr *nla; 3675 3676 nla = info->attrs[NL80211_ATTR_STA_WME]; 3677 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 3678 nl80211_sta_wme_policy); 3679 if (err) 3680 return err; 3681 3682 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 3683 params.uapsd_queues = 3684 nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]); 3685 if (params.uapsd_queues & 3686 ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 3687 return -EINVAL; 3688 3689 if (tb[NL80211_STA_WME_MAX_SP]) 3690 params.max_sp = 3691 nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 3692 3693 if (params.max_sp & 3694 ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 3695 return -EINVAL; 3696 3697 params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 3698 } 3699 /* TDLS peers cannot be added */ 3700 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3701 return -EINVAL; 3702 /* but don't bother the driver with it */ 3703 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3704 3705 /* allow authenticated/associated only if driver handles it */ 3706 if (!(rdev->wiphy.features & 3707 NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 3708 params.sta_flags_mask & 3709 (BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3710 BIT(NL80211_STA_FLAG_ASSOCIATED))) 3711 return -EINVAL; 3712 3713 /* must be last in here for error handling */ 3714 params.vlan = get_vlan(info, rdev); 3715 if (IS_ERR(params.vlan)) 3716 return PTR_ERR(params.vlan); 3717 break; 3718 case NL80211_IFTYPE_MESH_POINT: 3719 /* associated is disallowed */ 3720 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED)) 3721 return -EINVAL; 3722 /* TDLS peers cannot be added */ 3723 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3724 return -EINVAL; 3725 break; 3726 case NL80211_IFTYPE_STATION: 3727 /* associated is disallowed */ 3728 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED)) 3729 return -EINVAL; 3730 /* Only TDLS peers can be added */ 3731 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 3732 return -EINVAL; 3733 /* Can only add if TDLS ... */ 3734 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 3735 return -EOPNOTSUPP; 3736 /* ... with external setup is supported */ 3737 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 3738 return -EOPNOTSUPP; 3739 break; 3740 default: 3741 return -EOPNOTSUPP; 3742 } 3743 3744 /* be aware of params.vlan when changing code here */ 3745 3746 err = rdev_add_station(rdev, dev, mac_addr, ¶ms); 3747 3748 if (params.vlan) 3749 dev_put(params.vlan); 3750 return err; 3751 } 3752 3753 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 3754 { 3755 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3756 struct net_device *dev = info->user_ptr[1]; 3757 u8 *mac_addr = NULL; 3758 3759 if (info->attrs[NL80211_ATTR_MAC]) 3760 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3761 3762 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3763 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 3764 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 3765 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3766 return -EINVAL; 3767 3768 if (!rdev->ops->del_station) 3769 return -EOPNOTSUPP; 3770 3771 return rdev_del_station(rdev, dev, mac_addr); 3772 } 3773 3774 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq, 3775 int flags, struct net_device *dev, 3776 u8 *dst, u8 *next_hop, 3777 struct mpath_info *pinfo) 3778 { 3779 void *hdr; 3780 struct nlattr *pinfoattr; 3781 3782 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION); 3783 if (!hdr) 3784 return -1; 3785 3786 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3787 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || 3788 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) || 3789 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation)) 3790 goto nla_put_failure; 3791 3792 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 3793 if (!pinfoattr) 3794 goto nla_put_failure; 3795 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) && 3796 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 3797 pinfo->frame_qlen)) 3798 goto nla_put_failure; 3799 if (((pinfo->filled & MPATH_INFO_SN) && 3800 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) || 3801 ((pinfo->filled & MPATH_INFO_METRIC) && 3802 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC, 3803 pinfo->metric)) || 3804 ((pinfo->filled & MPATH_INFO_EXPTIME) && 3805 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME, 3806 pinfo->exptime)) || 3807 ((pinfo->filled & MPATH_INFO_FLAGS) && 3808 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS, 3809 pinfo->flags)) || 3810 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) && 3811 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 3812 pinfo->discovery_timeout)) || 3813 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) && 3814 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 3815 pinfo->discovery_retries))) 3816 goto nla_put_failure; 3817 3818 nla_nest_end(msg, pinfoattr); 3819 3820 return genlmsg_end(msg, hdr); 3821 3822 nla_put_failure: 3823 genlmsg_cancel(msg, hdr); 3824 return -EMSGSIZE; 3825 } 3826 3827 static int nl80211_dump_mpath(struct sk_buff *skb, 3828 struct netlink_callback *cb) 3829 { 3830 struct mpath_info pinfo; 3831 struct cfg80211_registered_device *dev; 3832 struct net_device *netdev; 3833 u8 dst[ETH_ALEN]; 3834 u8 next_hop[ETH_ALEN]; 3835 int path_idx = cb->args[1]; 3836 int err; 3837 3838 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 3839 if (err) 3840 return err; 3841 3842 if (!dev->ops->dump_mpath) { 3843 err = -EOPNOTSUPP; 3844 goto out_err; 3845 } 3846 3847 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 3848 err = -EOPNOTSUPP; 3849 goto out_err; 3850 } 3851 3852 while (1) { 3853 err = rdev_dump_mpath(dev, netdev, path_idx, dst, next_hop, 3854 &pinfo); 3855 if (err == -ENOENT) 3856 break; 3857 if (err) 3858 goto out_err; 3859 3860 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 3861 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3862 netdev, dst, next_hop, 3863 &pinfo) < 0) 3864 goto out; 3865 3866 path_idx++; 3867 } 3868 3869 3870 out: 3871 cb->args[1] = path_idx; 3872 err = skb->len; 3873 out_err: 3874 nl80211_finish_netdev_dump(dev); 3875 return err; 3876 } 3877 3878 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 3879 { 3880 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3881 int err; 3882 struct net_device *dev = info->user_ptr[1]; 3883 struct mpath_info pinfo; 3884 struct sk_buff *msg; 3885 u8 *dst = NULL; 3886 u8 next_hop[ETH_ALEN]; 3887 3888 memset(&pinfo, 0, sizeof(pinfo)); 3889 3890 if (!info->attrs[NL80211_ATTR_MAC]) 3891 return -EINVAL; 3892 3893 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3894 3895 if (!rdev->ops->get_mpath) 3896 return -EOPNOTSUPP; 3897 3898 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3899 return -EOPNOTSUPP; 3900 3901 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo); 3902 if (err) 3903 return err; 3904 3905 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3906 if (!msg) 3907 return -ENOMEM; 3908 3909 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 3910 dev, dst, next_hop, &pinfo) < 0) { 3911 nlmsg_free(msg); 3912 return -ENOBUFS; 3913 } 3914 3915 return genlmsg_reply(msg, info); 3916 } 3917 3918 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 3919 { 3920 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3921 struct net_device *dev = info->user_ptr[1]; 3922 u8 *dst = NULL; 3923 u8 *next_hop = NULL; 3924 3925 if (!info->attrs[NL80211_ATTR_MAC]) 3926 return -EINVAL; 3927 3928 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3929 return -EINVAL; 3930 3931 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3932 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3933 3934 if (!rdev->ops->change_mpath) 3935 return -EOPNOTSUPP; 3936 3937 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3938 return -EOPNOTSUPP; 3939 3940 return rdev_change_mpath(rdev, dev, dst, next_hop); 3941 } 3942 3943 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 3944 { 3945 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3946 struct net_device *dev = info->user_ptr[1]; 3947 u8 *dst = NULL; 3948 u8 *next_hop = NULL; 3949 3950 if (!info->attrs[NL80211_ATTR_MAC]) 3951 return -EINVAL; 3952 3953 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3954 return -EINVAL; 3955 3956 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3957 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3958 3959 if (!rdev->ops->add_mpath) 3960 return -EOPNOTSUPP; 3961 3962 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3963 return -EOPNOTSUPP; 3964 3965 return rdev_add_mpath(rdev, dev, dst, next_hop); 3966 } 3967 3968 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 3969 { 3970 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3971 struct net_device *dev = info->user_ptr[1]; 3972 u8 *dst = NULL; 3973 3974 if (info->attrs[NL80211_ATTR_MAC]) 3975 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3976 3977 if (!rdev->ops->del_mpath) 3978 return -EOPNOTSUPP; 3979 3980 return rdev_del_mpath(rdev, dev, dst); 3981 } 3982 3983 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 3984 { 3985 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3986 struct net_device *dev = info->user_ptr[1]; 3987 struct bss_parameters params; 3988 3989 memset(¶ms, 0, sizeof(params)); 3990 /* default to not changing parameters */ 3991 params.use_cts_prot = -1; 3992 params.use_short_preamble = -1; 3993 params.use_short_slot_time = -1; 3994 params.ap_isolate = -1; 3995 params.ht_opmode = -1; 3996 params.p2p_ctwindow = -1; 3997 params.p2p_opp_ps = -1; 3998 3999 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 4000 params.use_cts_prot = 4001 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 4002 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 4003 params.use_short_preamble = 4004 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 4005 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 4006 params.use_short_slot_time = 4007 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 4008 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 4009 params.basic_rates = 4010 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4011 params.basic_rates_len = 4012 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4013 } 4014 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 4015 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 4016 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 4017 params.ht_opmode = 4018 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 4019 4020 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 4021 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4022 return -EINVAL; 4023 params.p2p_ctwindow = 4024 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 4025 if (params.p2p_ctwindow < 0) 4026 return -EINVAL; 4027 if (params.p2p_ctwindow != 0 && 4028 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 4029 return -EINVAL; 4030 } 4031 4032 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 4033 u8 tmp; 4034 4035 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4036 return -EINVAL; 4037 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 4038 if (tmp > 1) 4039 return -EINVAL; 4040 params.p2p_opp_ps = tmp; 4041 if (params.p2p_opp_ps && 4042 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 4043 return -EINVAL; 4044 } 4045 4046 if (!rdev->ops->change_bss) 4047 return -EOPNOTSUPP; 4048 4049 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 4050 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4051 return -EOPNOTSUPP; 4052 4053 return rdev_change_bss(rdev, dev, ¶ms); 4054 } 4055 4056 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 4057 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 4058 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 4059 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 4060 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 4061 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 4062 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 4063 }; 4064 4065 static int parse_reg_rule(struct nlattr *tb[], 4066 struct ieee80211_reg_rule *reg_rule) 4067 { 4068 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 4069 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 4070 4071 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 4072 return -EINVAL; 4073 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 4074 return -EINVAL; 4075 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 4076 return -EINVAL; 4077 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 4078 return -EINVAL; 4079 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 4080 return -EINVAL; 4081 4082 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 4083 4084 freq_range->start_freq_khz = 4085 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 4086 freq_range->end_freq_khz = 4087 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 4088 freq_range->max_bandwidth_khz = 4089 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 4090 4091 power_rule->max_eirp = 4092 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 4093 4094 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 4095 power_rule->max_antenna_gain = 4096 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 4097 4098 return 0; 4099 } 4100 4101 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 4102 { 4103 int r; 4104 char *data = NULL; 4105 enum nl80211_user_reg_hint_type user_reg_hint_type; 4106 4107 /* 4108 * You should only get this when cfg80211 hasn't yet initialized 4109 * completely when built-in to the kernel right between the time 4110 * window between nl80211_init() and regulatory_init(), if that is 4111 * even possible. 4112 */ 4113 if (unlikely(!rcu_access_pointer(cfg80211_regdomain))) 4114 return -EINPROGRESS; 4115 4116 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 4117 return -EINVAL; 4118 4119 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 4120 4121 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]) 4122 user_reg_hint_type = 4123 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]); 4124 else 4125 user_reg_hint_type = NL80211_USER_REG_HINT_USER; 4126 4127 switch (user_reg_hint_type) { 4128 case NL80211_USER_REG_HINT_USER: 4129 case NL80211_USER_REG_HINT_CELL_BASE: 4130 break; 4131 default: 4132 return -EINVAL; 4133 } 4134 4135 r = regulatory_hint_user(data, user_reg_hint_type); 4136 4137 return r; 4138 } 4139 4140 static int nl80211_get_mesh_config(struct sk_buff *skb, 4141 struct genl_info *info) 4142 { 4143 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4144 struct net_device *dev = info->user_ptr[1]; 4145 struct wireless_dev *wdev = dev->ieee80211_ptr; 4146 struct mesh_config cur_params; 4147 int err = 0; 4148 void *hdr; 4149 struct nlattr *pinfoattr; 4150 struct sk_buff *msg; 4151 4152 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 4153 return -EOPNOTSUPP; 4154 4155 if (!rdev->ops->get_mesh_config) 4156 return -EOPNOTSUPP; 4157 4158 wdev_lock(wdev); 4159 /* If not connected, get default parameters */ 4160 if (!wdev->mesh_id_len) 4161 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 4162 else 4163 err = rdev_get_mesh_config(rdev, dev, &cur_params); 4164 wdev_unlock(wdev); 4165 4166 if (err) 4167 return err; 4168 4169 /* Draw up a netlink message to send back */ 4170 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4171 if (!msg) 4172 return -ENOMEM; 4173 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 4174 NL80211_CMD_GET_MESH_CONFIG); 4175 if (!hdr) 4176 goto out; 4177 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); 4178 if (!pinfoattr) 4179 goto nla_put_failure; 4180 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 4181 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 4182 cur_params.dot11MeshRetryTimeout) || 4183 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 4184 cur_params.dot11MeshConfirmTimeout) || 4185 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 4186 cur_params.dot11MeshHoldingTimeout) || 4187 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 4188 cur_params.dot11MeshMaxPeerLinks) || 4189 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES, 4190 cur_params.dot11MeshMaxRetries) || 4191 nla_put_u8(msg, NL80211_MESHCONF_TTL, 4192 cur_params.dot11MeshTTL) || 4193 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL, 4194 cur_params.element_ttl) || 4195 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 4196 cur_params.auto_open_plinks) || 4197 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 4198 cur_params.dot11MeshNbrOffsetMaxNeighbor) || 4199 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 4200 cur_params.dot11MeshHWMPmaxPREQretries) || 4201 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 4202 cur_params.path_refresh_time) || 4203 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 4204 cur_params.min_discovery_timeout) || 4205 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 4206 cur_params.dot11MeshHWMPactivePathTimeout) || 4207 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 4208 cur_params.dot11MeshHWMPpreqMinInterval) || 4209 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 4210 cur_params.dot11MeshHWMPperrMinInterval) || 4211 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 4212 cur_params.dot11MeshHWMPnetDiameterTraversalTime) || 4213 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 4214 cur_params.dot11MeshHWMPRootMode) || 4215 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 4216 cur_params.dot11MeshHWMPRannInterval) || 4217 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 4218 cur_params.dot11MeshGateAnnouncementProtocol) || 4219 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING, 4220 cur_params.dot11MeshForwarding) || 4221 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 4222 cur_params.rssi_threshold) || 4223 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE, 4224 cur_params.ht_opmode) || 4225 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 4226 cur_params.dot11MeshHWMPactivePathToRootTimeout) || 4227 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 4228 cur_params.dot11MeshHWMProotInterval) || 4229 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 4230 cur_params.dot11MeshHWMPconfirmationInterval) || 4231 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE, 4232 cur_params.power_mode) || 4233 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW, 4234 cur_params.dot11MeshAwakeWindowDuration)) 4235 goto nla_put_failure; 4236 nla_nest_end(msg, pinfoattr); 4237 genlmsg_end(msg, hdr); 4238 return genlmsg_reply(msg, info); 4239 4240 nla_put_failure: 4241 genlmsg_cancel(msg, hdr); 4242 out: 4243 nlmsg_free(msg); 4244 return -ENOBUFS; 4245 } 4246 4247 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 4248 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 4249 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 4250 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 4251 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 4252 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 4253 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 4254 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 }, 4255 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 4256 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 }, 4257 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 4258 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 4259 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 4260 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 4261 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 4262 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 }, 4263 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 4264 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 }, 4265 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 }, 4266 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 }, 4267 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 }, 4268 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 }, 4269 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 }, 4270 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 }, 4271 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 }, 4272 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 }, 4273 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 }, 4274 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 }, 4275 }; 4276 4277 static const struct nla_policy 4278 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 4279 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 }, 4280 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 4281 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 4282 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 4283 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY, 4284 .len = IEEE80211_MAX_DATA_LEN }, 4285 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 4286 }; 4287 4288 static int nl80211_parse_mesh_config(struct genl_info *info, 4289 struct mesh_config *cfg, 4290 u32 *mask_out) 4291 { 4292 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 4293 u32 mask = 0; 4294 4295 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \ 4296 do { \ 4297 if (tb[attr]) { \ 4298 if (fn(tb[attr]) < min || fn(tb[attr]) > max) \ 4299 return -EINVAL; \ 4300 cfg->param = fn(tb[attr]); \ 4301 mask |= (1 << (attr - 1)); \ 4302 } \ 4303 } while (0) 4304 4305 4306 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 4307 return -EINVAL; 4308 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 4309 info->attrs[NL80211_ATTR_MESH_CONFIG], 4310 nl80211_meshconf_params_policy)) 4311 return -EINVAL; 4312 4313 /* This makes sure that there aren't more than 32 mesh config 4314 * parameters (otherwise our bitfield scheme would not work.) */ 4315 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 4316 4317 /* Fill in the params struct */ 4318 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255, 4319 mask, NL80211_MESHCONF_RETRY_TIMEOUT, 4320 nla_get_u16); 4321 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255, 4322 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, 4323 nla_get_u16); 4324 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255, 4325 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, 4326 nla_get_u16); 4327 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255, 4328 mask, NL80211_MESHCONF_MAX_PEER_LINKS, 4329 nla_get_u16); 4330 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16, 4331 mask, NL80211_MESHCONF_MAX_RETRIES, 4332 nla_get_u8); 4333 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255, 4334 mask, NL80211_MESHCONF_TTL, nla_get_u8); 4335 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255, 4336 mask, NL80211_MESHCONF_ELEMENT_TTL, 4337 nla_get_u8); 4338 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1, 4339 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 4340 nla_get_u8); 4341 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, 4342 1, 255, mask, 4343 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 4344 nla_get_u32); 4345 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255, 4346 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 4347 nla_get_u8); 4348 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535, 4349 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, 4350 nla_get_u32); 4351 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535, 4352 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 4353 nla_get_u16); 4354 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 4355 1, 65535, mask, 4356 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 4357 nla_get_u32); 4358 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 4359 1, 65535, mask, 4360 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 4361 nla_get_u16); 4362 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, 4363 1, 65535, mask, 4364 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 4365 nla_get_u16); 4366 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 4367 dot11MeshHWMPnetDiameterTraversalTime, 4368 1, 65535, mask, 4369 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 4370 nla_get_u16); 4371 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4, 4372 mask, NL80211_MESHCONF_HWMP_ROOTMODE, 4373 nla_get_u8); 4374 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535, 4375 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 4376 nla_get_u16); 4377 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 4378 dot11MeshGateAnnouncementProtocol, 0, 1, 4379 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 4380 nla_get_u8); 4381 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1, 4382 mask, NL80211_MESHCONF_FORWARDING, 4383 nla_get_u8); 4384 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 1, 255, 4385 mask, NL80211_MESHCONF_RSSI_THRESHOLD, 4386 nla_get_u32); 4387 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16, 4388 mask, NL80211_MESHCONF_HT_OPMODE, 4389 nla_get_u16); 4390 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout, 4391 1, 65535, mask, 4392 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 4393 nla_get_u32); 4394 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535, 4395 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 4396 nla_get_u16); 4397 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 4398 dot11MeshHWMPconfirmationInterval, 4399 1, 65535, mask, 4400 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 4401 nla_get_u16); 4402 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, 4403 NL80211_MESH_POWER_ACTIVE, 4404 NL80211_MESH_POWER_MAX, 4405 mask, NL80211_MESHCONF_POWER_MODE, 4406 nla_get_u32); 4407 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, 4408 0, 65535, mask, 4409 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16); 4410 if (mask_out) 4411 *mask_out = mask; 4412 4413 return 0; 4414 4415 #undef FILL_IN_MESH_PARAM_IF_SET 4416 } 4417 4418 static int nl80211_parse_mesh_setup(struct genl_info *info, 4419 struct mesh_setup *setup) 4420 { 4421 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 4422 4423 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 4424 return -EINVAL; 4425 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX, 4426 info->attrs[NL80211_ATTR_MESH_SETUP], 4427 nl80211_mesh_setup_params_policy)) 4428 return -EINVAL; 4429 4430 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC]) 4431 setup->sync_method = 4432 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ? 4433 IEEE80211_SYNC_METHOD_VENDOR : 4434 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET; 4435 4436 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 4437 setup->path_sel_proto = 4438 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 4439 IEEE80211_PATH_PROTOCOL_VENDOR : 4440 IEEE80211_PATH_PROTOCOL_HWMP; 4441 4442 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 4443 setup->path_metric = 4444 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 4445 IEEE80211_PATH_METRIC_VENDOR : 4446 IEEE80211_PATH_METRIC_AIRTIME; 4447 4448 4449 if (tb[NL80211_MESH_SETUP_IE]) { 4450 struct nlattr *ieattr = 4451 tb[NL80211_MESH_SETUP_IE]; 4452 if (!is_valid_ie_attr(ieattr)) 4453 return -EINVAL; 4454 setup->ie = nla_data(ieattr); 4455 setup->ie_len = nla_len(ieattr); 4456 } 4457 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 4458 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 4459 4460 return 0; 4461 } 4462 4463 static int nl80211_update_mesh_config(struct sk_buff *skb, 4464 struct genl_info *info) 4465 { 4466 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4467 struct net_device *dev = info->user_ptr[1]; 4468 struct wireless_dev *wdev = dev->ieee80211_ptr; 4469 struct mesh_config cfg; 4470 u32 mask; 4471 int err; 4472 4473 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 4474 return -EOPNOTSUPP; 4475 4476 if (!rdev->ops->update_mesh_config) 4477 return -EOPNOTSUPP; 4478 4479 err = nl80211_parse_mesh_config(info, &cfg, &mask); 4480 if (err) 4481 return err; 4482 4483 wdev_lock(wdev); 4484 if (!wdev->mesh_id_len) 4485 err = -ENOLINK; 4486 4487 if (!err) 4488 err = rdev_update_mesh_config(rdev, dev, mask, &cfg); 4489 4490 wdev_unlock(wdev); 4491 4492 return err; 4493 } 4494 4495 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 4496 { 4497 const struct ieee80211_regdomain *regdom; 4498 struct sk_buff *msg; 4499 void *hdr = NULL; 4500 struct nlattr *nl_reg_rules; 4501 unsigned int i; 4502 int err = -EINVAL; 4503 4504 mutex_lock(&cfg80211_mutex); 4505 4506 if (!cfg80211_regdomain) 4507 goto out; 4508 4509 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4510 if (!msg) { 4511 err = -ENOBUFS; 4512 goto out; 4513 } 4514 4515 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 4516 NL80211_CMD_GET_REG); 4517 if (!hdr) 4518 goto put_failure; 4519 4520 if (reg_last_request_cell_base() && 4521 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 4522 NL80211_USER_REG_HINT_CELL_BASE)) 4523 goto nla_put_failure; 4524 4525 rcu_read_lock(); 4526 regdom = rcu_dereference(cfg80211_regdomain); 4527 4528 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) || 4529 (regdom->dfs_region && 4530 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region))) 4531 goto nla_put_failure_rcu; 4532 4533 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 4534 if (!nl_reg_rules) 4535 goto nla_put_failure_rcu; 4536 4537 for (i = 0; i < regdom->n_reg_rules; i++) { 4538 struct nlattr *nl_reg_rule; 4539 const struct ieee80211_reg_rule *reg_rule; 4540 const struct ieee80211_freq_range *freq_range; 4541 const struct ieee80211_power_rule *power_rule; 4542 4543 reg_rule = ®dom->reg_rules[i]; 4544 freq_range = ®_rule->freq_range; 4545 power_rule = ®_rule->power_rule; 4546 4547 nl_reg_rule = nla_nest_start(msg, i); 4548 if (!nl_reg_rule) 4549 goto nla_put_failure_rcu; 4550 4551 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS, 4552 reg_rule->flags) || 4553 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START, 4554 freq_range->start_freq_khz) || 4555 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END, 4556 freq_range->end_freq_khz) || 4557 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 4558 freq_range->max_bandwidth_khz) || 4559 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 4560 power_rule->max_antenna_gain) || 4561 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 4562 power_rule->max_eirp)) 4563 goto nla_put_failure_rcu; 4564 4565 nla_nest_end(msg, nl_reg_rule); 4566 } 4567 rcu_read_unlock(); 4568 4569 nla_nest_end(msg, nl_reg_rules); 4570 4571 genlmsg_end(msg, hdr); 4572 err = genlmsg_reply(msg, info); 4573 goto out; 4574 4575 nla_put_failure_rcu: 4576 rcu_read_unlock(); 4577 nla_put_failure: 4578 genlmsg_cancel(msg, hdr); 4579 put_failure: 4580 nlmsg_free(msg); 4581 err = -EMSGSIZE; 4582 out: 4583 mutex_unlock(&cfg80211_mutex); 4584 return err; 4585 } 4586 4587 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 4588 { 4589 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 4590 struct nlattr *nl_reg_rule; 4591 char *alpha2 = NULL; 4592 int rem_reg_rules = 0, r = 0; 4593 u32 num_rules = 0, rule_idx = 0, size_of_regd; 4594 u8 dfs_region = 0; 4595 struct ieee80211_regdomain *rd = NULL; 4596 4597 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 4598 return -EINVAL; 4599 4600 if (!info->attrs[NL80211_ATTR_REG_RULES]) 4601 return -EINVAL; 4602 4603 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 4604 4605 if (info->attrs[NL80211_ATTR_DFS_REGION]) 4606 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 4607 4608 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 4609 rem_reg_rules) { 4610 num_rules++; 4611 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 4612 return -EINVAL; 4613 } 4614 4615 size_of_regd = sizeof(struct ieee80211_regdomain) + 4616 num_rules * sizeof(struct ieee80211_reg_rule); 4617 4618 rd = kzalloc(size_of_regd, GFP_KERNEL); 4619 if (!rd) 4620 return -ENOMEM; 4621 4622 rd->n_reg_rules = num_rules; 4623 rd->alpha2[0] = alpha2[0]; 4624 rd->alpha2[1] = alpha2[1]; 4625 4626 /* 4627 * Disable DFS master mode if the DFS region was 4628 * not supported or known on this kernel. 4629 */ 4630 if (reg_supported_dfs_region(dfs_region)) 4631 rd->dfs_region = dfs_region; 4632 4633 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 4634 rem_reg_rules) { 4635 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 4636 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 4637 reg_rule_policy); 4638 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 4639 if (r) 4640 goto bad_reg; 4641 4642 rule_idx++; 4643 4644 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 4645 r = -EINVAL; 4646 goto bad_reg; 4647 } 4648 } 4649 4650 mutex_lock(&cfg80211_mutex); 4651 4652 r = set_regdom(rd); 4653 /* set_regdom took ownership */ 4654 rd = NULL; 4655 mutex_unlock(&cfg80211_mutex); 4656 4657 bad_reg: 4658 kfree(rd); 4659 return r; 4660 } 4661 4662 static int validate_scan_freqs(struct nlattr *freqs) 4663 { 4664 struct nlattr *attr1, *attr2; 4665 int n_channels = 0, tmp1, tmp2; 4666 4667 nla_for_each_nested(attr1, freqs, tmp1) { 4668 n_channels++; 4669 /* 4670 * Some hardware has a limited channel list for 4671 * scanning, and it is pretty much nonsensical 4672 * to scan for a channel twice, so disallow that 4673 * and don't require drivers to check that the 4674 * channel list they get isn't longer than what 4675 * they can scan, as long as they can scan all 4676 * the channels they registered at once. 4677 */ 4678 nla_for_each_nested(attr2, freqs, tmp2) 4679 if (attr1 != attr2 && 4680 nla_get_u32(attr1) == nla_get_u32(attr2)) 4681 return 0; 4682 } 4683 4684 return n_channels; 4685 } 4686 4687 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 4688 { 4689 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4690 struct wireless_dev *wdev = info->user_ptr[1]; 4691 struct cfg80211_scan_request *request; 4692 struct nlattr *attr; 4693 struct wiphy *wiphy; 4694 int err, tmp, n_ssids = 0, n_channels, i; 4695 size_t ie_len; 4696 4697 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4698 return -EINVAL; 4699 4700 wiphy = &rdev->wiphy; 4701 4702 if (!rdev->ops->scan) 4703 return -EOPNOTSUPP; 4704 4705 if (rdev->scan_req) 4706 return -EBUSY; 4707 4708 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4709 n_channels = validate_scan_freqs( 4710 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 4711 if (!n_channels) 4712 return -EINVAL; 4713 } else { 4714 enum ieee80211_band band; 4715 n_channels = 0; 4716 4717 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 4718 if (wiphy->bands[band]) 4719 n_channels += wiphy->bands[band]->n_channels; 4720 } 4721 4722 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 4723 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 4724 n_ssids++; 4725 4726 if (n_ssids > wiphy->max_scan_ssids) 4727 return -EINVAL; 4728 4729 if (info->attrs[NL80211_ATTR_IE]) 4730 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4731 else 4732 ie_len = 0; 4733 4734 if (ie_len > wiphy->max_scan_ie_len) 4735 return -EINVAL; 4736 4737 request = kzalloc(sizeof(*request) 4738 + sizeof(*request->ssids) * n_ssids 4739 + sizeof(*request->channels) * n_channels 4740 + ie_len, GFP_KERNEL); 4741 if (!request) 4742 return -ENOMEM; 4743 4744 if (n_ssids) 4745 request->ssids = (void *)&request->channels[n_channels]; 4746 request->n_ssids = n_ssids; 4747 if (ie_len) { 4748 if (request->ssids) 4749 request->ie = (void *)(request->ssids + n_ssids); 4750 else 4751 request->ie = (void *)(request->channels + n_channels); 4752 } 4753 4754 i = 0; 4755 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4756 /* user specified, bail out if channel not found */ 4757 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 4758 struct ieee80211_channel *chan; 4759 4760 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4761 4762 if (!chan) { 4763 err = -EINVAL; 4764 goto out_free; 4765 } 4766 4767 /* ignore disabled channels */ 4768 if (chan->flags & IEEE80211_CHAN_DISABLED) 4769 continue; 4770 4771 request->channels[i] = chan; 4772 i++; 4773 } 4774 } else { 4775 enum ieee80211_band band; 4776 4777 /* all channels */ 4778 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4779 int j; 4780 if (!wiphy->bands[band]) 4781 continue; 4782 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 4783 struct ieee80211_channel *chan; 4784 4785 chan = &wiphy->bands[band]->channels[j]; 4786 4787 if (chan->flags & IEEE80211_CHAN_DISABLED) 4788 continue; 4789 4790 request->channels[i] = chan; 4791 i++; 4792 } 4793 } 4794 } 4795 4796 if (!i) { 4797 err = -EINVAL; 4798 goto out_free; 4799 } 4800 4801 request->n_channels = i; 4802 4803 i = 0; 4804 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 4805 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 4806 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 4807 err = -EINVAL; 4808 goto out_free; 4809 } 4810 request->ssids[i].ssid_len = nla_len(attr); 4811 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 4812 i++; 4813 } 4814 } 4815 4816 if (info->attrs[NL80211_ATTR_IE]) { 4817 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4818 memcpy((void *)request->ie, 4819 nla_data(info->attrs[NL80211_ATTR_IE]), 4820 request->ie_len); 4821 } 4822 4823 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 4824 if (wiphy->bands[i]) 4825 request->rates[i] = 4826 (1 << wiphy->bands[i]->n_bitrates) - 1; 4827 4828 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 4829 nla_for_each_nested(attr, 4830 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 4831 tmp) { 4832 enum ieee80211_band band = nla_type(attr); 4833 4834 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 4835 err = -EINVAL; 4836 goto out_free; 4837 } 4838 err = ieee80211_get_ratemask(wiphy->bands[band], 4839 nla_data(attr), 4840 nla_len(attr), 4841 &request->rates[band]); 4842 if (err) 4843 goto out_free; 4844 } 4845 } 4846 4847 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) { 4848 request->flags = nla_get_u32( 4849 info->attrs[NL80211_ATTR_SCAN_FLAGS]); 4850 if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 4851 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) || 4852 ((request->flags & NL80211_SCAN_FLAG_FLUSH) && 4853 !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) { 4854 err = -EOPNOTSUPP; 4855 goto out_free; 4856 } 4857 } 4858 4859 request->no_cck = 4860 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 4861 4862 request->wdev = wdev; 4863 request->wiphy = &rdev->wiphy; 4864 request->scan_start = jiffies; 4865 4866 rdev->scan_req = request; 4867 err = rdev_scan(rdev, request); 4868 4869 if (!err) { 4870 nl80211_send_scan_start(rdev, wdev); 4871 if (wdev->netdev) 4872 dev_hold(wdev->netdev); 4873 } else { 4874 out_free: 4875 rdev->scan_req = NULL; 4876 kfree(request); 4877 } 4878 4879 return err; 4880 } 4881 4882 static int nl80211_start_sched_scan(struct sk_buff *skb, 4883 struct genl_info *info) 4884 { 4885 struct cfg80211_sched_scan_request *request; 4886 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4887 struct net_device *dev = info->user_ptr[1]; 4888 struct nlattr *attr; 4889 struct wiphy *wiphy; 4890 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i; 4891 u32 interval; 4892 enum ieee80211_band band; 4893 size_t ie_len; 4894 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 4895 4896 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4897 !rdev->ops->sched_scan_start) 4898 return -EOPNOTSUPP; 4899 4900 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4901 return -EINVAL; 4902 4903 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 4904 return -EINVAL; 4905 4906 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 4907 if (interval == 0) 4908 return -EINVAL; 4909 4910 wiphy = &rdev->wiphy; 4911 4912 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4913 n_channels = validate_scan_freqs( 4914 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 4915 if (!n_channels) 4916 return -EINVAL; 4917 } else { 4918 n_channels = 0; 4919 4920 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 4921 if (wiphy->bands[band]) 4922 n_channels += wiphy->bands[band]->n_channels; 4923 } 4924 4925 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 4926 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4927 tmp) 4928 n_ssids++; 4929 4930 if (n_ssids > wiphy->max_sched_scan_ssids) 4931 return -EINVAL; 4932 4933 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) 4934 nla_for_each_nested(attr, 4935 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4936 tmp) 4937 n_match_sets++; 4938 4939 if (n_match_sets > wiphy->max_match_sets) 4940 return -EINVAL; 4941 4942 if (info->attrs[NL80211_ATTR_IE]) 4943 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4944 else 4945 ie_len = 0; 4946 4947 if (ie_len > wiphy->max_sched_scan_ie_len) 4948 return -EINVAL; 4949 4950 mutex_lock(&rdev->sched_scan_mtx); 4951 4952 if (rdev->sched_scan_req) { 4953 err = -EINPROGRESS; 4954 goto out; 4955 } 4956 4957 request = kzalloc(sizeof(*request) 4958 + sizeof(*request->ssids) * n_ssids 4959 + sizeof(*request->match_sets) * n_match_sets 4960 + sizeof(*request->channels) * n_channels 4961 + ie_len, GFP_KERNEL); 4962 if (!request) { 4963 err = -ENOMEM; 4964 goto out; 4965 } 4966 4967 if (n_ssids) 4968 request->ssids = (void *)&request->channels[n_channels]; 4969 request->n_ssids = n_ssids; 4970 if (ie_len) { 4971 if (request->ssids) 4972 request->ie = (void *)(request->ssids + n_ssids); 4973 else 4974 request->ie = (void *)(request->channels + n_channels); 4975 } 4976 4977 if (n_match_sets) { 4978 if (request->ie) 4979 request->match_sets = (void *)(request->ie + ie_len); 4980 else if (request->ssids) 4981 request->match_sets = 4982 (void *)(request->ssids + n_ssids); 4983 else 4984 request->match_sets = 4985 (void *)(request->channels + n_channels); 4986 } 4987 request->n_match_sets = n_match_sets; 4988 4989 i = 0; 4990 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4991 /* user specified, bail out if channel not found */ 4992 nla_for_each_nested(attr, 4993 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], 4994 tmp) { 4995 struct ieee80211_channel *chan; 4996 4997 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4998 4999 if (!chan) { 5000 err = -EINVAL; 5001 goto out_free; 5002 } 5003 5004 /* ignore disabled channels */ 5005 if (chan->flags & IEEE80211_CHAN_DISABLED) 5006 continue; 5007 5008 request->channels[i] = chan; 5009 i++; 5010 } 5011 } else { 5012 /* all channels */ 5013 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 5014 int j; 5015 if (!wiphy->bands[band]) 5016 continue; 5017 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 5018 struct ieee80211_channel *chan; 5019 5020 chan = &wiphy->bands[band]->channels[j]; 5021 5022 if (chan->flags & IEEE80211_CHAN_DISABLED) 5023 continue; 5024 5025 request->channels[i] = chan; 5026 i++; 5027 } 5028 } 5029 } 5030 5031 if (!i) { 5032 err = -EINVAL; 5033 goto out_free; 5034 } 5035 5036 request->n_channels = i; 5037 5038 i = 0; 5039 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 5040 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 5041 tmp) { 5042 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 5043 err = -EINVAL; 5044 goto out_free; 5045 } 5046 request->ssids[i].ssid_len = nla_len(attr); 5047 memcpy(request->ssids[i].ssid, nla_data(attr), 5048 nla_len(attr)); 5049 i++; 5050 } 5051 } 5052 5053 i = 0; 5054 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 5055 nla_for_each_nested(attr, 5056 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 5057 tmp) { 5058 struct nlattr *ssid, *rssi; 5059 5060 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 5061 nla_data(attr), nla_len(attr), 5062 nl80211_match_policy); 5063 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]; 5064 if (ssid) { 5065 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { 5066 err = -EINVAL; 5067 goto out_free; 5068 } 5069 memcpy(request->match_sets[i].ssid.ssid, 5070 nla_data(ssid), nla_len(ssid)); 5071 request->match_sets[i].ssid.ssid_len = 5072 nla_len(ssid); 5073 } 5074 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 5075 if (rssi) 5076 request->rssi_thold = nla_get_u32(rssi); 5077 else 5078 request->rssi_thold = 5079 NL80211_SCAN_RSSI_THOLD_OFF; 5080 i++; 5081 } 5082 } 5083 5084 if (info->attrs[NL80211_ATTR_IE]) { 5085 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5086 memcpy((void *)request->ie, 5087 nla_data(info->attrs[NL80211_ATTR_IE]), 5088 request->ie_len); 5089 } 5090 5091 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) { 5092 request->flags = nla_get_u32( 5093 info->attrs[NL80211_ATTR_SCAN_FLAGS]); 5094 if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 5095 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) || 5096 ((request->flags & NL80211_SCAN_FLAG_FLUSH) && 5097 !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) { 5098 err = -EOPNOTSUPP; 5099 goto out_free; 5100 } 5101 } 5102 5103 request->dev = dev; 5104 request->wiphy = &rdev->wiphy; 5105 request->interval = interval; 5106 request->scan_start = jiffies; 5107 5108 err = rdev_sched_scan_start(rdev, dev, request); 5109 if (!err) { 5110 rdev->sched_scan_req = request; 5111 nl80211_send_sched_scan(rdev, dev, 5112 NL80211_CMD_START_SCHED_SCAN); 5113 goto out; 5114 } 5115 5116 out_free: 5117 kfree(request); 5118 out: 5119 mutex_unlock(&rdev->sched_scan_mtx); 5120 return err; 5121 } 5122 5123 static int nl80211_stop_sched_scan(struct sk_buff *skb, 5124 struct genl_info *info) 5125 { 5126 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5127 int err; 5128 5129 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 5130 !rdev->ops->sched_scan_stop) 5131 return -EOPNOTSUPP; 5132 5133 mutex_lock(&rdev->sched_scan_mtx); 5134 err = __cfg80211_stop_sched_scan(rdev, false); 5135 mutex_unlock(&rdev->sched_scan_mtx); 5136 5137 return err; 5138 } 5139 5140 static int nl80211_start_radar_detection(struct sk_buff *skb, 5141 struct genl_info *info) 5142 { 5143 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5144 struct net_device *dev = info->user_ptr[1]; 5145 struct wireless_dev *wdev = dev->ieee80211_ptr; 5146 struct cfg80211_chan_def chandef; 5147 int err; 5148 5149 err = nl80211_parse_chandef(rdev, info, &chandef); 5150 if (err) 5151 return err; 5152 5153 if (wdev->cac_started) 5154 return -EBUSY; 5155 5156 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef); 5157 if (err < 0) 5158 return err; 5159 5160 if (err == 0) 5161 return -EINVAL; 5162 5163 if (chandef.chan->dfs_state != NL80211_DFS_USABLE) 5164 return -EINVAL; 5165 5166 if (!rdev->ops->start_radar_detection) 5167 return -EOPNOTSUPP; 5168 5169 mutex_lock(&rdev->devlist_mtx); 5170 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype, 5171 chandef.chan, CHAN_MODE_SHARED, 5172 BIT(chandef.width)); 5173 if (err) 5174 goto err_locked; 5175 5176 err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef); 5177 if (!err) { 5178 wdev->channel = chandef.chan; 5179 wdev->cac_started = true; 5180 wdev->cac_start_time = jiffies; 5181 } 5182 err_locked: 5183 mutex_unlock(&rdev->devlist_mtx); 5184 5185 return err; 5186 } 5187 5188 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 5189 u32 seq, int flags, 5190 struct cfg80211_registered_device *rdev, 5191 struct wireless_dev *wdev, 5192 struct cfg80211_internal_bss *intbss) 5193 { 5194 struct cfg80211_bss *res = &intbss->pub; 5195 const struct cfg80211_bss_ies *ies; 5196 void *hdr; 5197 struct nlattr *bss; 5198 bool tsf = false; 5199 5200 ASSERT_WDEV_LOCK(wdev); 5201 5202 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 5203 NL80211_CMD_NEW_SCAN_RESULTS); 5204 if (!hdr) 5205 return -1; 5206 5207 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 5208 5209 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) || 5210 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 5211 goto nla_put_failure; 5212 5213 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 5214 if (!bss) 5215 goto nla_put_failure; 5216 if ((!is_zero_ether_addr(res->bssid) && 5217 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid))) 5218 goto nla_put_failure; 5219 5220 rcu_read_lock(); 5221 ies = rcu_dereference(res->ies); 5222 if (ies) { 5223 if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf)) 5224 goto fail_unlock_rcu; 5225 tsf = true; 5226 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS, 5227 ies->len, ies->data)) 5228 goto fail_unlock_rcu; 5229 } 5230 ies = rcu_dereference(res->beacon_ies); 5231 if (ies) { 5232 if (!tsf && nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf)) 5233 goto fail_unlock_rcu; 5234 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES, 5235 ies->len, ies->data)) 5236 goto fail_unlock_rcu; 5237 } 5238 rcu_read_unlock(); 5239 5240 if (res->beacon_interval && 5241 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval)) 5242 goto nla_put_failure; 5243 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) || 5244 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) || 5245 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO, 5246 jiffies_to_msecs(jiffies - intbss->ts))) 5247 goto nla_put_failure; 5248 5249 switch (rdev->wiphy.signal_type) { 5250 case CFG80211_SIGNAL_TYPE_MBM: 5251 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal)) 5252 goto nla_put_failure; 5253 break; 5254 case CFG80211_SIGNAL_TYPE_UNSPEC: 5255 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal)) 5256 goto nla_put_failure; 5257 break; 5258 default: 5259 break; 5260 } 5261 5262 switch (wdev->iftype) { 5263 case NL80211_IFTYPE_P2P_CLIENT: 5264 case NL80211_IFTYPE_STATION: 5265 if (intbss == wdev->current_bss && 5266 nla_put_u32(msg, NL80211_BSS_STATUS, 5267 NL80211_BSS_STATUS_ASSOCIATED)) 5268 goto nla_put_failure; 5269 break; 5270 case NL80211_IFTYPE_ADHOC: 5271 if (intbss == wdev->current_bss && 5272 nla_put_u32(msg, NL80211_BSS_STATUS, 5273 NL80211_BSS_STATUS_IBSS_JOINED)) 5274 goto nla_put_failure; 5275 break; 5276 default: 5277 break; 5278 } 5279 5280 nla_nest_end(msg, bss); 5281 5282 return genlmsg_end(msg, hdr); 5283 5284 fail_unlock_rcu: 5285 rcu_read_unlock(); 5286 nla_put_failure: 5287 genlmsg_cancel(msg, hdr); 5288 return -EMSGSIZE; 5289 } 5290 5291 static int nl80211_dump_scan(struct sk_buff *skb, 5292 struct netlink_callback *cb) 5293 { 5294 struct cfg80211_registered_device *rdev; 5295 struct net_device *dev; 5296 struct cfg80211_internal_bss *scan; 5297 struct wireless_dev *wdev; 5298 int start = cb->args[1], idx = 0; 5299 int err; 5300 5301 err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev); 5302 if (err) 5303 return err; 5304 5305 wdev = dev->ieee80211_ptr; 5306 5307 wdev_lock(wdev); 5308 spin_lock_bh(&rdev->bss_lock); 5309 cfg80211_bss_expire(rdev); 5310 5311 cb->seq = rdev->bss_generation; 5312 5313 list_for_each_entry(scan, &rdev->bss_list, list) { 5314 if (++idx <= start) 5315 continue; 5316 if (nl80211_send_bss(skb, cb, 5317 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5318 rdev, wdev, scan) < 0) { 5319 idx--; 5320 break; 5321 } 5322 } 5323 5324 spin_unlock_bh(&rdev->bss_lock); 5325 wdev_unlock(wdev); 5326 5327 cb->args[1] = idx; 5328 nl80211_finish_netdev_dump(rdev); 5329 5330 return skb->len; 5331 } 5332 5333 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq, 5334 int flags, struct net_device *dev, 5335 struct survey_info *survey) 5336 { 5337 void *hdr; 5338 struct nlattr *infoattr; 5339 5340 hdr = nl80211hdr_put(msg, portid, seq, flags, 5341 NL80211_CMD_NEW_SURVEY_RESULTS); 5342 if (!hdr) 5343 return -ENOMEM; 5344 5345 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 5346 goto nla_put_failure; 5347 5348 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 5349 if (!infoattr) 5350 goto nla_put_failure; 5351 5352 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY, 5353 survey->channel->center_freq)) 5354 goto nla_put_failure; 5355 5356 if ((survey->filled & SURVEY_INFO_NOISE_DBM) && 5357 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise)) 5358 goto nla_put_failure; 5359 if ((survey->filled & SURVEY_INFO_IN_USE) && 5360 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE)) 5361 goto nla_put_failure; 5362 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) && 5363 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME, 5364 survey->channel_time)) 5365 goto nla_put_failure; 5366 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) && 5367 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY, 5368 survey->channel_time_busy)) 5369 goto nla_put_failure; 5370 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) && 5371 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY, 5372 survey->channel_time_ext_busy)) 5373 goto nla_put_failure; 5374 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) && 5375 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX, 5376 survey->channel_time_rx)) 5377 goto nla_put_failure; 5378 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) && 5379 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX, 5380 survey->channel_time_tx)) 5381 goto nla_put_failure; 5382 5383 nla_nest_end(msg, infoattr); 5384 5385 return genlmsg_end(msg, hdr); 5386 5387 nla_put_failure: 5388 genlmsg_cancel(msg, hdr); 5389 return -EMSGSIZE; 5390 } 5391 5392 static int nl80211_dump_survey(struct sk_buff *skb, 5393 struct netlink_callback *cb) 5394 { 5395 struct survey_info survey; 5396 struct cfg80211_registered_device *dev; 5397 struct net_device *netdev; 5398 int survey_idx = cb->args[1]; 5399 int res; 5400 5401 res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 5402 if (res) 5403 return res; 5404 5405 if (!dev->ops->dump_survey) { 5406 res = -EOPNOTSUPP; 5407 goto out_err; 5408 } 5409 5410 while (1) { 5411 struct ieee80211_channel *chan; 5412 5413 res = rdev_dump_survey(dev, netdev, survey_idx, &survey); 5414 if (res == -ENOENT) 5415 break; 5416 if (res) 5417 goto out_err; 5418 5419 /* Survey without a channel doesn't make sense */ 5420 if (!survey.channel) { 5421 res = -EINVAL; 5422 goto out; 5423 } 5424 5425 chan = ieee80211_get_channel(&dev->wiphy, 5426 survey.channel->center_freq); 5427 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) { 5428 survey_idx++; 5429 continue; 5430 } 5431 5432 if (nl80211_send_survey(skb, 5433 NETLINK_CB(cb->skb).portid, 5434 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5435 netdev, 5436 &survey) < 0) 5437 goto out; 5438 survey_idx++; 5439 } 5440 5441 out: 5442 cb->args[1] = survey_idx; 5443 res = skb->len; 5444 out_err: 5445 nl80211_finish_netdev_dump(dev); 5446 return res; 5447 } 5448 5449 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 5450 { 5451 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 5452 NL80211_WPA_VERSION_2)); 5453 } 5454 5455 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 5456 { 5457 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5458 struct net_device *dev = info->user_ptr[1]; 5459 struct ieee80211_channel *chan; 5460 const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL; 5461 int err, ssid_len, ie_len = 0, sae_data_len = 0; 5462 enum nl80211_auth_type auth_type; 5463 struct key_parse key; 5464 bool local_state_change; 5465 5466 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5467 return -EINVAL; 5468 5469 if (!info->attrs[NL80211_ATTR_MAC]) 5470 return -EINVAL; 5471 5472 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 5473 return -EINVAL; 5474 5475 if (!info->attrs[NL80211_ATTR_SSID]) 5476 return -EINVAL; 5477 5478 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5479 return -EINVAL; 5480 5481 err = nl80211_parse_key(info, &key); 5482 if (err) 5483 return err; 5484 5485 if (key.idx >= 0) { 5486 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 5487 return -EINVAL; 5488 if (!key.p.key || !key.p.key_len) 5489 return -EINVAL; 5490 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 5491 key.p.key_len != WLAN_KEY_LEN_WEP40) && 5492 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 5493 key.p.key_len != WLAN_KEY_LEN_WEP104)) 5494 return -EINVAL; 5495 if (key.idx > 4) 5496 return -EINVAL; 5497 } else { 5498 key.p.key_len = 0; 5499 key.p.key = NULL; 5500 } 5501 5502 if (key.idx >= 0) { 5503 int i; 5504 bool ok = false; 5505 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 5506 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 5507 ok = true; 5508 break; 5509 } 5510 } 5511 if (!ok) 5512 return -EINVAL; 5513 } 5514 5515 if (!rdev->ops->auth) 5516 return -EOPNOTSUPP; 5517 5518 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5519 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5520 return -EOPNOTSUPP; 5521 5522 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5523 chan = ieee80211_get_channel(&rdev->wiphy, 5524 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5525 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 5526 return -EINVAL; 5527 5528 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5529 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5530 5531 if (info->attrs[NL80211_ATTR_IE]) { 5532 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5533 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5534 } 5535 5536 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 5537 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE)) 5538 return -EINVAL; 5539 5540 if (auth_type == NL80211_AUTHTYPE_SAE && 5541 !info->attrs[NL80211_ATTR_SAE_DATA]) 5542 return -EINVAL; 5543 5544 if (info->attrs[NL80211_ATTR_SAE_DATA]) { 5545 if (auth_type != NL80211_AUTHTYPE_SAE) 5546 return -EINVAL; 5547 sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]); 5548 sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]); 5549 /* need to include at least Auth Transaction and Status Code */ 5550 if (sae_data_len < 4) 5551 return -EINVAL; 5552 } 5553 5554 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5555 5556 /* 5557 * Since we no longer track auth state, ignore 5558 * requests to only change local state. 5559 */ 5560 if (local_state_change) 5561 return 0; 5562 5563 return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 5564 ssid, ssid_len, ie, ie_len, 5565 key.p.key, key.p.key_len, key.idx, 5566 sae_data, sae_data_len); 5567 } 5568 5569 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 5570 struct genl_info *info, 5571 struct cfg80211_crypto_settings *settings, 5572 int cipher_limit) 5573 { 5574 memset(settings, 0, sizeof(*settings)); 5575 5576 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 5577 5578 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 5579 u16 proto; 5580 proto = nla_get_u16( 5581 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 5582 settings->control_port_ethertype = cpu_to_be16(proto); 5583 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 5584 proto != ETH_P_PAE) 5585 return -EINVAL; 5586 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 5587 settings->control_port_no_encrypt = true; 5588 } else 5589 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 5590 5591 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 5592 void *data; 5593 int len, i; 5594 5595 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 5596 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 5597 settings->n_ciphers_pairwise = len / sizeof(u32); 5598 5599 if (len % sizeof(u32)) 5600 return -EINVAL; 5601 5602 if (settings->n_ciphers_pairwise > cipher_limit) 5603 return -EINVAL; 5604 5605 memcpy(settings->ciphers_pairwise, data, len); 5606 5607 for (i = 0; i < settings->n_ciphers_pairwise; i++) 5608 if (!cfg80211_supported_cipher_suite( 5609 &rdev->wiphy, 5610 settings->ciphers_pairwise[i])) 5611 return -EINVAL; 5612 } 5613 5614 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 5615 settings->cipher_group = 5616 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 5617 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 5618 settings->cipher_group)) 5619 return -EINVAL; 5620 } 5621 5622 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 5623 settings->wpa_versions = 5624 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 5625 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 5626 return -EINVAL; 5627 } 5628 5629 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 5630 void *data; 5631 int len; 5632 5633 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 5634 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 5635 settings->n_akm_suites = len / sizeof(u32); 5636 5637 if (len % sizeof(u32)) 5638 return -EINVAL; 5639 5640 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) 5641 return -EINVAL; 5642 5643 memcpy(settings->akm_suites, data, len); 5644 } 5645 5646 return 0; 5647 } 5648 5649 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 5650 { 5651 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5652 struct net_device *dev = info->user_ptr[1]; 5653 struct cfg80211_crypto_settings crypto; 5654 struct ieee80211_channel *chan; 5655 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 5656 int err, ssid_len, ie_len = 0; 5657 bool use_mfp = false; 5658 u32 flags = 0; 5659 struct ieee80211_ht_cap *ht_capa = NULL; 5660 struct ieee80211_ht_cap *ht_capa_mask = NULL; 5661 5662 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5663 return -EINVAL; 5664 5665 if (!info->attrs[NL80211_ATTR_MAC] || 5666 !info->attrs[NL80211_ATTR_SSID] || 5667 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5668 return -EINVAL; 5669 5670 if (!rdev->ops->assoc) 5671 return -EOPNOTSUPP; 5672 5673 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5674 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5675 return -EOPNOTSUPP; 5676 5677 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5678 5679 chan = ieee80211_get_channel(&rdev->wiphy, 5680 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5681 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 5682 return -EINVAL; 5683 5684 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5685 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5686 5687 if (info->attrs[NL80211_ATTR_IE]) { 5688 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5689 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5690 } 5691 5692 if (info->attrs[NL80211_ATTR_USE_MFP]) { 5693 enum nl80211_mfp mfp = 5694 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 5695 if (mfp == NL80211_MFP_REQUIRED) 5696 use_mfp = true; 5697 else if (mfp != NL80211_MFP_NO) 5698 return -EINVAL; 5699 } 5700 5701 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 5702 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 5703 5704 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 5705 flags |= ASSOC_REQ_DISABLE_HT; 5706 5707 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5708 ht_capa_mask = 5709 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]); 5710 5711 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 5712 if (!ht_capa_mask) 5713 return -EINVAL; 5714 ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 5715 } 5716 5717 err = nl80211_crypto_settings(rdev, info, &crypto, 1); 5718 if (!err) 5719 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 5720 ssid, ssid_len, ie, ie_len, use_mfp, 5721 &crypto, flags, ht_capa, 5722 ht_capa_mask); 5723 5724 return err; 5725 } 5726 5727 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 5728 { 5729 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5730 struct net_device *dev = info->user_ptr[1]; 5731 const u8 *ie = NULL, *bssid; 5732 int ie_len = 0; 5733 u16 reason_code; 5734 bool local_state_change; 5735 5736 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5737 return -EINVAL; 5738 5739 if (!info->attrs[NL80211_ATTR_MAC]) 5740 return -EINVAL; 5741 5742 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5743 return -EINVAL; 5744 5745 if (!rdev->ops->deauth) 5746 return -EOPNOTSUPP; 5747 5748 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5749 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5750 return -EOPNOTSUPP; 5751 5752 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5753 5754 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5755 if (reason_code == 0) { 5756 /* Reason Code 0 is reserved */ 5757 return -EINVAL; 5758 } 5759 5760 if (info->attrs[NL80211_ATTR_IE]) { 5761 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5762 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5763 } 5764 5765 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5766 5767 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 5768 local_state_change); 5769 } 5770 5771 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 5772 { 5773 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5774 struct net_device *dev = info->user_ptr[1]; 5775 const u8 *ie = NULL, *bssid; 5776 int ie_len = 0; 5777 u16 reason_code; 5778 bool local_state_change; 5779 5780 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5781 return -EINVAL; 5782 5783 if (!info->attrs[NL80211_ATTR_MAC]) 5784 return -EINVAL; 5785 5786 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5787 return -EINVAL; 5788 5789 if (!rdev->ops->disassoc) 5790 return -EOPNOTSUPP; 5791 5792 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5793 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5794 return -EOPNOTSUPP; 5795 5796 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5797 5798 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5799 if (reason_code == 0) { 5800 /* Reason Code 0 is reserved */ 5801 return -EINVAL; 5802 } 5803 5804 if (info->attrs[NL80211_ATTR_IE]) { 5805 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5806 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5807 } 5808 5809 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5810 5811 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 5812 local_state_change); 5813 } 5814 5815 static bool 5816 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 5817 int mcast_rate[IEEE80211_NUM_BANDS], 5818 int rateval) 5819 { 5820 struct wiphy *wiphy = &rdev->wiphy; 5821 bool found = false; 5822 int band, i; 5823 5824 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 5825 struct ieee80211_supported_band *sband; 5826 5827 sband = wiphy->bands[band]; 5828 if (!sband) 5829 continue; 5830 5831 for (i = 0; i < sband->n_bitrates; i++) { 5832 if (sband->bitrates[i].bitrate == rateval) { 5833 mcast_rate[band] = i + 1; 5834 found = true; 5835 break; 5836 } 5837 } 5838 } 5839 5840 return found; 5841 } 5842 5843 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 5844 { 5845 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5846 struct net_device *dev = info->user_ptr[1]; 5847 struct cfg80211_ibss_params ibss; 5848 struct wiphy *wiphy; 5849 struct cfg80211_cached_keys *connkeys = NULL; 5850 int err; 5851 5852 memset(&ibss, 0, sizeof(ibss)); 5853 5854 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5855 return -EINVAL; 5856 5857 if (!info->attrs[NL80211_ATTR_SSID] || 5858 !nla_len(info->attrs[NL80211_ATTR_SSID])) 5859 return -EINVAL; 5860 5861 ibss.beacon_interval = 100; 5862 5863 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 5864 ibss.beacon_interval = 5865 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 5866 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 5867 return -EINVAL; 5868 } 5869 5870 if (!rdev->ops->join_ibss) 5871 return -EOPNOTSUPP; 5872 5873 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 5874 return -EOPNOTSUPP; 5875 5876 wiphy = &rdev->wiphy; 5877 5878 if (info->attrs[NL80211_ATTR_MAC]) { 5879 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5880 5881 if (!is_valid_ether_addr(ibss.bssid)) 5882 return -EINVAL; 5883 } 5884 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5885 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5886 5887 if (info->attrs[NL80211_ATTR_IE]) { 5888 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5889 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5890 } 5891 5892 err = nl80211_parse_chandef(rdev, info, &ibss.chandef); 5893 if (err) 5894 return err; 5895 5896 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef)) 5897 return -EINVAL; 5898 5899 if (ibss.chandef.width > NL80211_CHAN_WIDTH_40) 5900 return -EINVAL; 5901 if (ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT && 5902 !(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)) 5903 return -EINVAL; 5904 5905 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 5906 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 5907 5908 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 5909 u8 *rates = 5910 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5911 int n_rates = 5912 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5913 struct ieee80211_supported_band *sband = 5914 wiphy->bands[ibss.chandef.chan->band]; 5915 5916 err = ieee80211_get_ratemask(sband, rates, n_rates, 5917 &ibss.basic_rates); 5918 if (err) 5919 return err; 5920 } 5921 5922 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 5923 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 5924 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 5925 return -EINVAL; 5926 5927 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 5928 bool no_ht = false; 5929 5930 connkeys = nl80211_parse_connkeys(rdev, 5931 info->attrs[NL80211_ATTR_KEYS], 5932 &no_ht); 5933 if (IS_ERR(connkeys)) 5934 return PTR_ERR(connkeys); 5935 5936 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) && 5937 no_ht) { 5938 kfree(connkeys); 5939 return -EINVAL; 5940 } 5941 } 5942 5943 ibss.control_port = 5944 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 5945 5946 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 5947 if (err) 5948 kfree(connkeys); 5949 return err; 5950 } 5951 5952 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 5953 { 5954 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5955 struct net_device *dev = info->user_ptr[1]; 5956 5957 if (!rdev->ops->leave_ibss) 5958 return -EOPNOTSUPP; 5959 5960 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 5961 return -EOPNOTSUPP; 5962 5963 return cfg80211_leave_ibss(rdev, dev, false); 5964 } 5965 5966 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info) 5967 { 5968 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5969 struct net_device *dev = info->user_ptr[1]; 5970 int mcast_rate[IEEE80211_NUM_BANDS]; 5971 u32 nla_rate; 5972 int err; 5973 5974 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5975 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 5976 return -EOPNOTSUPP; 5977 5978 if (!rdev->ops->set_mcast_rate) 5979 return -EOPNOTSUPP; 5980 5981 memset(mcast_rate, 0, sizeof(mcast_rate)); 5982 5983 if (!info->attrs[NL80211_ATTR_MCAST_RATE]) 5984 return -EINVAL; 5985 5986 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]); 5987 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate)) 5988 return -EINVAL; 5989 5990 err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate); 5991 5992 return err; 5993 } 5994 5995 5996 #ifdef CONFIG_NL80211_TESTMODE 5997 static struct genl_multicast_group nl80211_testmode_mcgrp = { 5998 .name = "testmode", 5999 }; 6000 6001 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 6002 { 6003 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6004 int err; 6005 6006 if (!info->attrs[NL80211_ATTR_TESTDATA]) 6007 return -EINVAL; 6008 6009 err = -EOPNOTSUPP; 6010 if (rdev->ops->testmode_cmd) { 6011 rdev->testmode_info = info; 6012 err = rdev_testmode_cmd(rdev, 6013 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 6014 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 6015 rdev->testmode_info = NULL; 6016 } 6017 6018 return err; 6019 } 6020 6021 static int nl80211_testmode_dump(struct sk_buff *skb, 6022 struct netlink_callback *cb) 6023 { 6024 struct cfg80211_registered_device *rdev; 6025 int err; 6026 long phy_idx; 6027 void *data = NULL; 6028 int data_len = 0; 6029 6030 if (cb->args[0]) { 6031 /* 6032 * 0 is a valid index, but not valid for args[0], 6033 * so we need to offset by 1. 6034 */ 6035 phy_idx = cb->args[0] - 1; 6036 } else { 6037 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 6038 nl80211_fam.attrbuf, nl80211_fam.maxattr, 6039 nl80211_policy); 6040 if (err) 6041 return err; 6042 6043 mutex_lock(&cfg80211_mutex); 6044 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), 6045 nl80211_fam.attrbuf); 6046 if (IS_ERR(rdev)) { 6047 mutex_unlock(&cfg80211_mutex); 6048 return PTR_ERR(rdev); 6049 } 6050 phy_idx = rdev->wiphy_idx; 6051 rdev = NULL; 6052 mutex_unlock(&cfg80211_mutex); 6053 6054 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]) 6055 cb->args[1] = 6056 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]; 6057 } 6058 6059 if (cb->args[1]) { 6060 data = nla_data((void *)cb->args[1]); 6061 data_len = nla_len((void *)cb->args[1]); 6062 } 6063 6064 mutex_lock(&cfg80211_mutex); 6065 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 6066 if (!rdev) { 6067 mutex_unlock(&cfg80211_mutex); 6068 return -ENOENT; 6069 } 6070 cfg80211_lock_rdev(rdev); 6071 mutex_unlock(&cfg80211_mutex); 6072 6073 if (!rdev->ops->testmode_dump) { 6074 err = -EOPNOTSUPP; 6075 goto out_err; 6076 } 6077 6078 while (1) { 6079 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 6080 cb->nlh->nlmsg_seq, NLM_F_MULTI, 6081 NL80211_CMD_TESTMODE); 6082 struct nlattr *tmdata; 6083 6084 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 6085 genlmsg_cancel(skb, hdr); 6086 break; 6087 } 6088 6089 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 6090 if (!tmdata) { 6091 genlmsg_cancel(skb, hdr); 6092 break; 6093 } 6094 err = rdev_testmode_dump(rdev, skb, cb, data, data_len); 6095 nla_nest_end(skb, tmdata); 6096 6097 if (err == -ENOBUFS || err == -ENOENT) { 6098 genlmsg_cancel(skb, hdr); 6099 break; 6100 } else if (err) { 6101 genlmsg_cancel(skb, hdr); 6102 goto out_err; 6103 } 6104 6105 genlmsg_end(skb, hdr); 6106 } 6107 6108 err = skb->len; 6109 /* see above */ 6110 cb->args[0] = phy_idx + 1; 6111 out_err: 6112 cfg80211_unlock_rdev(rdev); 6113 return err; 6114 } 6115 6116 static struct sk_buff * 6117 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 6118 int approxlen, u32 portid, u32 seq, gfp_t gfp) 6119 { 6120 struct sk_buff *skb; 6121 void *hdr; 6122 struct nlattr *data; 6123 6124 skb = nlmsg_new(approxlen + 100, gfp); 6125 if (!skb) 6126 return NULL; 6127 6128 hdr = nl80211hdr_put(skb, portid, seq, 0, NL80211_CMD_TESTMODE); 6129 if (!hdr) { 6130 kfree_skb(skb); 6131 return NULL; 6132 } 6133 6134 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 6135 goto nla_put_failure; 6136 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 6137 6138 ((void **)skb->cb)[0] = rdev; 6139 ((void **)skb->cb)[1] = hdr; 6140 ((void **)skb->cb)[2] = data; 6141 6142 return skb; 6143 6144 nla_put_failure: 6145 kfree_skb(skb); 6146 return NULL; 6147 } 6148 6149 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 6150 int approxlen) 6151 { 6152 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 6153 6154 if (WARN_ON(!rdev->testmode_info)) 6155 return NULL; 6156 6157 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 6158 rdev->testmode_info->snd_portid, 6159 rdev->testmode_info->snd_seq, 6160 GFP_KERNEL); 6161 } 6162 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 6163 6164 int cfg80211_testmode_reply(struct sk_buff *skb) 6165 { 6166 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 6167 void *hdr = ((void **)skb->cb)[1]; 6168 struct nlattr *data = ((void **)skb->cb)[2]; 6169 6170 if (WARN_ON(!rdev->testmode_info)) { 6171 kfree_skb(skb); 6172 return -EINVAL; 6173 } 6174 6175 nla_nest_end(skb, data); 6176 genlmsg_end(skb, hdr); 6177 return genlmsg_reply(skb, rdev->testmode_info); 6178 } 6179 EXPORT_SYMBOL(cfg80211_testmode_reply); 6180 6181 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 6182 int approxlen, gfp_t gfp) 6183 { 6184 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 6185 6186 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 6187 } 6188 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 6189 6190 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 6191 { 6192 void *hdr = ((void **)skb->cb)[1]; 6193 struct nlattr *data = ((void **)skb->cb)[2]; 6194 6195 nla_nest_end(skb, data); 6196 genlmsg_end(skb, hdr); 6197 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 6198 } 6199 EXPORT_SYMBOL(cfg80211_testmode_event); 6200 #endif 6201 6202 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 6203 { 6204 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6205 struct net_device *dev = info->user_ptr[1]; 6206 struct cfg80211_connect_params connect; 6207 struct wiphy *wiphy; 6208 struct cfg80211_cached_keys *connkeys = NULL; 6209 int err; 6210 6211 memset(&connect, 0, sizeof(connect)); 6212 6213 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 6214 return -EINVAL; 6215 6216 if (!info->attrs[NL80211_ATTR_SSID] || 6217 !nla_len(info->attrs[NL80211_ATTR_SSID])) 6218 return -EINVAL; 6219 6220 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 6221 connect.auth_type = 6222 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 6223 if (!nl80211_valid_auth_type(rdev, connect.auth_type, 6224 NL80211_CMD_CONNECT)) 6225 return -EINVAL; 6226 } else 6227 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 6228 6229 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 6230 6231 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 6232 NL80211_MAX_NR_CIPHER_SUITES); 6233 if (err) 6234 return err; 6235 6236 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6237 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6238 return -EOPNOTSUPP; 6239 6240 wiphy = &rdev->wiphy; 6241 6242 connect.bg_scan_period = -1; 6243 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 6244 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 6245 connect.bg_scan_period = 6246 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 6247 } 6248 6249 if (info->attrs[NL80211_ATTR_MAC]) 6250 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 6251 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 6252 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 6253 6254 if (info->attrs[NL80211_ATTR_IE]) { 6255 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 6256 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 6257 } 6258 6259 if (info->attrs[NL80211_ATTR_USE_MFP]) { 6260 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 6261 if (connect.mfp != NL80211_MFP_REQUIRED && 6262 connect.mfp != NL80211_MFP_NO) 6263 return -EINVAL; 6264 } else { 6265 connect.mfp = NL80211_MFP_NO; 6266 } 6267 6268 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 6269 connect.channel = 6270 ieee80211_get_channel(wiphy, 6271 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 6272 if (!connect.channel || 6273 connect.channel->flags & IEEE80211_CHAN_DISABLED) 6274 return -EINVAL; 6275 } 6276 6277 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 6278 connkeys = nl80211_parse_connkeys(rdev, 6279 info->attrs[NL80211_ATTR_KEYS], NULL); 6280 if (IS_ERR(connkeys)) 6281 return PTR_ERR(connkeys); 6282 } 6283 6284 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 6285 connect.flags |= ASSOC_REQ_DISABLE_HT; 6286 6287 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 6288 memcpy(&connect.ht_capa_mask, 6289 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 6290 sizeof(connect.ht_capa_mask)); 6291 6292 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 6293 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) { 6294 kfree(connkeys); 6295 return -EINVAL; 6296 } 6297 memcpy(&connect.ht_capa, 6298 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 6299 sizeof(connect.ht_capa)); 6300 } 6301 6302 err = cfg80211_connect(rdev, dev, &connect, connkeys); 6303 if (err) 6304 kfree(connkeys); 6305 return err; 6306 } 6307 6308 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 6309 { 6310 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6311 struct net_device *dev = info->user_ptr[1]; 6312 u16 reason; 6313 6314 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 6315 reason = WLAN_REASON_DEAUTH_LEAVING; 6316 else 6317 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 6318 6319 if (reason == 0) 6320 return -EINVAL; 6321 6322 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6323 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6324 return -EOPNOTSUPP; 6325 6326 return cfg80211_disconnect(rdev, dev, reason, true); 6327 } 6328 6329 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 6330 { 6331 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6332 struct net *net; 6333 int err; 6334 u32 pid; 6335 6336 if (!info->attrs[NL80211_ATTR_PID]) 6337 return -EINVAL; 6338 6339 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 6340 6341 net = get_net_ns_by_pid(pid); 6342 if (IS_ERR(net)) 6343 return PTR_ERR(net); 6344 6345 err = 0; 6346 6347 /* check if anything to do */ 6348 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 6349 err = cfg80211_switch_netns(rdev, net); 6350 6351 put_net(net); 6352 return err; 6353 } 6354 6355 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 6356 { 6357 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6358 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 6359 struct cfg80211_pmksa *pmksa) = NULL; 6360 struct net_device *dev = info->user_ptr[1]; 6361 struct cfg80211_pmksa pmksa; 6362 6363 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 6364 6365 if (!info->attrs[NL80211_ATTR_MAC]) 6366 return -EINVAL; 6367 6368 if (!info->attrs[NL80211_ATTR_PMKID]) 6369 return -EINVAL; 6370 6371 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 6372 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 6373 6374 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6375 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6376 return -EOPNOTSUPP; 6377 6378 switch (info->genlhdr->cmd) { 6379 case NL80211_CMD_SET_PMKSA: 6380 rdev_ops = rdev->ops->set_pmksa; 6381 break; 6382 case NL80211_CMD_DEL_PMKSA: 6383 rdev_ops = rdev->ops->del_pmksa; 6384 break; 6385 default: 6386 WARN_ON(1); 6387 break; 6388 } 6389 6390 if (!rdev_ops) 6391 return -EOPNOTSUPP; 6392 6393 return rdev_ops(&rdev->wiphy, dev, &pmksa); 6394 } 6395 6396 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 6397 { 6398 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6399 struct net_device *dev = info->user_ptr[1]; 6400 6401 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6402 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6403 return -EOPNOTSUPP; 6404 6405 if (!rdev->ops->flush_pmksa) 6406 return -EOPNOTSUPP; 6407 6408 return rdev_flush_pmksa(rdev, dev); 6409 } 6410 6411 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 6412 { 6413 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6414 struct net_device *dev = info->user_ptr[1]; 6415 u8 action_code, dialog_token; 6416 u16 status_code; 6417 u8 *peer; 6418 6419 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 6420 !rdev->ops->tdls_mgmt) 6421 return -EOPNOTSUPP; 6422 6423 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 6424 !info->attrs[NL80211_ATTR_STATUS_CODE] || 6425 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 6426 !info->attrs[NL80211_ATTR_IE] || 6427 !info->attrs[NL80211_ATTR_MAC]) 6428 return -EINVAL; 6429 6430 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 6431 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 6432 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 6433 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 6434 6435 return rdev_tdls_mgmt(rdev, dev, peer, action_code, 6436 dialog_token, status_code, 6437 nla_data(info->attrs[NL80211_ATTR_IE]), 6438 nla_len(info->attrs[NL80211_ATTR_IE])); 6439 } 6440 6441 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 6442 { 6443 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6444 struct net_device *dev = info->user_ptr[1]; 6445 enum nl80211_tdls_operation operation; 6446 u8 *peer; 6447 6448 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 6449 !rdev->ops->tdls_oper) 6450 return -EOPNOTSUPP; 6451 6452 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 6453 !info->attrs[NL80211_ATTR_MAC]) 6454 return -EINVAL; 6455 6456 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 6457 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 6458 6459 return rdev_tdls_oper(rdev, dev, peer, operation); 6460 } 6461 6462 static int nl80211_remain_on_channel(struct sk_buff *skb, 6463 struct genl_info *info) 6464 { 6465 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6466 struct wireless_dev *wdev = info->user_ptr[1]; 6467 struct cfg80211_chan_def chandef; 6468 struct sk_buff *msg; 6469 void *hdr; 6470 u64 cookie; 6471 u32 duration; 6472 int err; 6473 6474 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 6475 !info->attrs[NL80211_ATTR_DURATION]) 6476 return -EINVAL; 6477 6478 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 6479 6480 if (!rdev->ops->remain_on_channel || 6481 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 6482 return -EOPNOTSUPP; 6483 6484 /* 6485 * We should be on that channel for at least a minimum amount of 6486 * time (10ms) but no longer than the driver supports. 6487 */ 6488 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 6489 duration > rdev->wiphy.max_remain_on_channel_duration) 6490 return -EINVAL; 6491 6492 err = nl80211_parse_chandef(rdev, info, &chandef); 6493 if (err) 6494 return err; 6495 6496 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6497 if (!msg) 6498 return -ENOMEM; 6499 6500 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6501 NL80211_CMD_REMAIN_ON_CHANNEL); 6502 6503 if (IS_ERR(hdr)) { 6504 err = PTR_ERR(hdr); 6505 goto free_msg; 6506 } 6507 6508 err = rdev_remain_on_channel(rdev, wdev, chandef.chan, 6509 duration, &cookie); 6510 6511 if (err) 6512 goto free_msg; 6513 6514 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 6515 goto nla_put_failure; 6516 6517 genlmsg_end(msg, hdr); 6518 6519 return genlmsg_reply(msg, info); 6520 6521 nla_put_failure: 6522 err = -ENOBUFS; 6523 free_msg: 6524 nlmsg_free(msg); 6525 return err; 6526 } 6527 6528 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 6529 struct genl_info *info) 6530 { 6531 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6532 struct wireless_dev *wdev = info->user_ptr[1]; 6533 u64 cookie; 6534 6535 if (!info->attrs[NL80211_ATTR_COOKIE]) 6536 return -EINVAL; 6537 6538 if (!rdev->ops->cancel_remain_on_channel) 6539 return -EOPNOTSUPP; 6540 6541 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 6542 6543 return rdev_cancel_remain_on_channel(rdev, wdev, cookie); 6544 } 6545 6546 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 6547 u8 *rates, u8 rates_len) 6548 { 6549 u8 i; 6550 u32 mask = 0; 6551 6552 for (i = 0; i < rates_len; i++) { 6553 int rate = (rates[i] & 0x7f) * 5; 6554 int ridx; 6555 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 6556 struct ieee80211_rate *srate = 6557 &sband->bitrates[ridx]; 6558 if (rate == srate->bitrate) { 6559 mask |= 1 << ridx; 6560 break; 6561 } 6562 } 6563 if (ridx == sband->n_bitrates) 6564 return 0; /* rate not found */ 6565 } 6566 6567 return mask; 6568 } 6569 6570 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 6571 u8 *rates, u8 rates_len, 6572 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 6573 { 6574 u8 i; 6575 6576 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 6577 6578 for (i = 0; i < rates_len; i++) { 6579 int ridx, rbit; 6580 6581 ridx = rates[i] / 8; 6582 rbit = BIT(rates[i] % 8); 6583 6584 /* check validity */ 6585 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 6586 return false; 6587 6588 /* check availability */ 6589 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 6590 mcs[ridx] |= rbit; 6591 else 6592 return false; 6593 } 6594 6595 return true; 6596 } 6597 6598 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 6599 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 6600 .len = NL80211_MAX_SUPP_RATES }, 6601 [NL80211_TXRATE_MCS] = { .type = NLA_BINARY, 6602 .len = NL80211_MAX_SUPP_HT_RATES }, 6603 }; 6604 6605 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 6606 struct genl_info *info) 6607 { 6608 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 6609 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6610 struct cfg80211_bitrate_mask mask; 6611 int rem, i; 6612 struct net_device *dev = info->user_ptr[1]; 6613 struct nlattr *tx_rates; 6614 struct ieee80211_supported_band *sband; 6615 6616 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 6617 return -EINVAL; 6618 6619 if (!rdev->ops->set_bitrate_mask) 6620 return -EOPNOTSUPP; 6621 6622 memset(&mask, 0, sizeof(mask)); 6623 /* Default to all rates enabled */ 6624 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 6625 sband = rdev->wiphy.bands[i]; 6626 mask.control[i].legacy = 6627 sband ? (1 << sband->n_bitrates) - 1 : 0; 6628 if (sband) 6629 memcpy(mask.control[i].mcs, 6630 sband->ht_cap.mcs.rx_mask, 6631 sizeof(mask.control[i].mcs)); 6632 else 6633 memset(mask.control[i].mcs, 0, 6634 sizeof(mask.control[i].mcs)); 6635 } 6636 6637 /* 6638 * The nested attribute uses enum nl80211_band as the index. This maps 6639 * directly to the enum ieee80211_band values used in cfg80211. 6640 */ 6641 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 6642 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 6643 { 6644 enum ieee80211_band band = nla_type(tx_rates); 6645 if (band < 0 || band >= IEEE80211_NUM_BANDS) 6646 return -EINVAL; 6647 sband = rdev->wiphy.bands[band]; 6648 if (sband == NULL) 6649 return -EINVAL; 6650 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 6651 nla_len(tx_rates), nl80211_txattr_policy); 6652 if (tb[NL80211_TXRATE_LEGACY]) { 6653 mask.control[band].legacy = rateset_to_mask( 6654 sband, 6655 nla_data(tb[NL80211_TXRATE_LEGACY]), 6656 nla_len(tb[NL80211_TXRATE_LEGACY])); 6657 if ((mask.control[band].legacy == 0) && 6658 nla_len(tb[NL80211_TXRATE_LEGACY])) 6659 return -EINVAL; 6660 } 6661 if (tb[NL80211_TXRATE_MCS]) { 6662 if (!ht_rateset_to_mask( 6663 sband, 6664 nla_data(tb[NL80211_TXRATE_MCS]), 6665 nla_len(tb[NL80211_TXRATE_MCS]), 6666 mask.control[band].mcs)) 6667 return -EINVAL; 6668 } 6669 6670 if (mask.control[band].legacy == 0) { 6671 /* don't allow empty legacy rates if HT 6672 * is not even supported. */ 6673 if (!rdev->wiphy.bands[band]->ht_cap.ht_supported) 6674 return -EINVAL; 6675 6676 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 6677 if (mask.control[band].mcs[i]) 6678 break; 6679 6680 /* legacy and mcs rates may not be both empty */ 6681 if (i == IEEE80211_HT_MCS_MASK_LEN) 6682 return -EINVAL; 6683 } 6684 } 6685 6686 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask); 6687 } 6688 6689 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 6690 { 6691 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6692 struct wireless_dev *wdev = info->user_ptr[1]; 6693 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 6694 6695 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 6696 return -EINVAL; 6697 6698 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 6699 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 6700 6701 switch (wdev->iftype) { 6702 case NL80211_IFTYPE_STATION: 6703 case NL80211_IFTYPE_ADHOC: 6704 case NL80211_IFTYPE_P2P_CLIENT: 6705 case NL80211_IFTYPE_AP: 6706 case NL80211_IFTYPE_AP_VLAN: 6707 case NL80211_IFTYPE_MESH_POINT: 6708 case NL80211_IFTYPE_P2P_GO: 6709 case NL80211_IFTYPE_P2P_DEVICE: 6710 break; 6711 default: 6712 return -EOPNOTSUPP; 6713 } 6714 6715 /* not much point in registering if we can't reply */ 6716 if (!rdev->ops->mgmt_tx) 6717 return -EOPNOTSUPP; 6718 6719 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type, 6720 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 6721 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 6722 } 6723 6724 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 6725 { 6726 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6727 struct wireless_dev *wdev = info->user_ptr[1]; 6728 struct cfg80211_chan_def chandef; 6729 int err; 6730 void *hdr = NULL; 6731 u64 cookie; 6732 struct sk_buff *msg = NULL; 6733 unsigned int wait = 0; 6734 bool offchan, no_cck, dont_wait_for_ack; 6735 6736 dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK]; 6737 6738 if (!info->attrs[NL80211_ATTR_FRAME]) 6739 return -EINVAL; 6740 6741 if (!rdev->ops->mgmt_tx) 6742 return -EOPNOTSUPP; 6743 6744 switch (wdev->iftype) { 6745 case NL80211_IFTYPE_STATION: 6746 case NL80211_IFTYPE_ADHOC: 6747 case NL80211_IFTYPE_P2P_CLIENT: 6748 case NL80211_IFTYPE_AP: 6749 case NL80211_IFTYPE_AP_VLAN: 6750 case NL80211_IFTYPE_MESH_POINT: 6751 case NL80211_IFTYPE_P2P_GO: 6752 case NL80211_IFTYPE_P2P_DEVICE: 6753 break; 6754 default: 6755 return -EOPNOTSUPP; 6756 } 6757 6758 if (info->attrs[NL80211_ATTR_DURATION]) { 6759 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 6760 return -EINVAL; 6761 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 6762 6763 /* 6764 * We should wait on the channel for at least a minimum amount 6765 * of time (10ms) but no longer than the driver supports. 6766 */ 6767 if (wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 6768 wait > rdev->wiphy.max_remain_on_channel_duration) 6769 return -EINVAL; 6770 6771 } 6772 6773 offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 6774 6775 if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 6776 return -EINVAL; 6777 6778 no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 6779 6780 err = nl80211_parse_chandef(rdev, info, &chandef); 6781 if (err) 6782 return err; 6783 6784 if (!dont_wait_for_ack) { 6785 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6786 if (!msg) 6787 return -ENOMEM; 6788 6789 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6790 NL80211_CMD_FRAME); 6791 6792 if (IS_ERR(hdr)) { 6793 err = PTR_ERR(hdr); 6794 goto free_msg; 6795 } 6796 } 6797 6798 err = cfg80211_mlme_mgmt_tx(rdev, wdev, chandef.chan, offchan, wait, 6799 nla_data(info->attrs[NL80211_ATTR_FRAME]), 6800 nla_len(info->attrs[NL80211_ATTR_FRAME]), 6801 no_cck, dont_wait_for_ack, &cookie); 6802 if (err) 6803 goto free_msg; 6804 6805 if (msg) { 6806 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 6807 goto nla_put_failure; 6808 6809 genlmsg_end(msg, hdr); 6810 return genlmsg_reply(msg, info); 6811 } 6812 6813 return 0; 6814 6815 nla_put_failure: 6816 err = -ENOBUFS; 6817 free_msg: 6818 nlmsg_free(msg); 6819 return err; 6820 } 6821 6822 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 6823 { 6824 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6825 struct wireless_dev *wdev = info->user_ptr[1]; 6826 u64 cookie; 6827 6828 if (!info->attrs[NL80211_ATTR_COOKIE]) 6829 return -EINVAL; 6830 6831 if (!rdev->ops->mgmt_tx_cancel_wait) 6832 return -EOPNOTSUPP; 6833 6834 switch (wdev->iftype) { 6835 case NL80211_IFTYPE_STATION: 6836 case NL80211_IFTYPE_ADHOC: 6837 case NL80211_IFTYPE_P2P_CLIENT: 6838 case NL80211_IFTYPE_AP: 6839 case NL80211_IFTYPE_AP_VLAN: 6840 case NL80211_IFTYPE_P2P_GO: 6841 case NL80211_IFTYPE_P2P_DEVICE: 6842 break; 6843 default: 6844 return -EOPNOTSUPP; 6845 } 6846 6847 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 6848 6849 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie); 6850 } 6851 6852 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 6853 { 6854 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6855 struct wireless_dev *wdev; 6856 struct net_device *dev = info->user_ptr[1]; 6857 u8 ps_state; 6858 bool state; 6859 int err; 6860 6861 if (!info->attrs[NL80211_ATTR_PS_STATE]) 6862 return -EINVAL; 6863 6864 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 6865 6866 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) 6867 return -EINVAL; 6868 6869 wdev = dev->ieee80211_ptr; 6870 6871 if (!rdev->ops->set_power_mgmt) 6872 return -EOPNOTSUPP; 6873 6874 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 6875 6876 if (state == wdev->ps) 6877 return 0; 6878 6879 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout); 6880 if (!err) 6881 wdev->ps = state; 6882 return err; 6883 } 6884 6885 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 6886 { 6887 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6888 enum nl80211_ps_state ps_state; 6889 struct wireless_dev *wdev; 6890 struct net_device *dev = info->user_ptr[1]; 6891 struct sk_buff *msg; 6892 void *hdr; 6893 int err; 6894 6895 wdev = dev->ieee80211_ptr; 6896 6897 if (!rdev->ops->set_power_mgmt) 6898 return -EOPNOTSUPP; 6899 6900 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6901 if (!msg) 6902 return -ENOMEM; 6903 6904 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6905 NL80211_CMD_GET_POWER_SAVE); 6906 if (!hdr) { 6907 err = -ENOBUFS; 6908 goto free_msg; 6909 } 6910 6911 if (wdev->ps) 6912 ps_state = NL80211_PS_ENABLED; 6913 else 6914 ps_state = NL80211_PS_DISABLED; 6915 6916 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state)) 6917 goto nla_put_failure; 6918 6919 genlmsg_end(msg, hdr); 6920 return genlmsg_reply(msg, info); 6921 6922 nla_put_failure: 6923 err = -ENOBUFS; 6924 free_msg: 6925 nlmsg_free(msg); 6926 return err; 6927 } 6928 6929 static struct nla_policy 6930 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 6931 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 6932 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 6933 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 6934 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 }, 6935 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 }, 6936 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 }, 6937 }; 6938 6939 static int nl80211_set_cqm_txe(struct genl_info *info, 6940 u32 rate, u32 pkts, u32 intvl) 6941 { 6942 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6943 struct wireless_dev *wdev; 6944 struct net_device *dev = info->user_ptr[1]; 6945 6946 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL) 6947 return -EINVAL; 6948 6949 wdev = dev->ieee80211_ptr; 6950 6951 if (!rdev->ops->set_cqm_txe_config) 6952 return -EOPNOTSUPP; 6953 6954 if (wdev->iftype != NL80211_IFTYPE_STATION && 6955 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 6956 return -EOPNOTSUPP; 6957 6958 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl); 6959 } 6960 6961 static int nl80211_set_cqm_rssi(struct genl_info *info, 6962 s32 threshold, u32 hysteresis) 6963 { 6964 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6965 struct wireless_dev *wdev; 6966 struct net_device *dev = info->user_ptr[1]; 6967 6968 if (threshold > 0) 6969 return -EINVAL; 6970 6971 wdev = dev->ieee80211_ptr; 6972 6973 if (!rdev->ops->set_cqm_rssi_config) 6974 return -EOPNOTSUPP; 6975 6976 if (wdev->iftype != NL80211_IFTYPE_STATION && 6977 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 6978 return -EOPNOTSUPP; 6979 6980 return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis); 6981 } 6982 6983 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 6984 { 6985 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 6986 struct nlattr *cqm; 6987 int err; 6988 6989 cqm = info->attrs[NL80211_ATTR_CQM]; 6990 if (!cqm) { 6991 err = -EINVAL; 6992 goto out; 6993 } 6994 6995 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 6996 nl80211_attr_cqm_policy); 6997 if (err) 6998 goto out; 6999 7000 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 7001 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 7002 s32 threshold; 7003 u32 hysteresis; 7004 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 7005 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 7006 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 7007 } else if (attrs[NL80211_ATTR_CQM_TXE_RATE] && 7008 attrs[NL80211_ATTR_CQM_TXE_PKTS] && 7009 attrs[NL80211_ATTR_CQM_TXE_INTVL]) { 7010 u32 rate, pkts, intvl; 7011 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]); 7012 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]); 7013 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]); 7014 err = nl80211_set_cqm_txe(info, rate, pkts, intvl); 7015 } else 7016 err = -EINVAL; 7017 7018 out: 7019 return err; 7020 } 7021 7022 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 7023 { 7024 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7025 struct net_device *dev = info->user_ptr[1]; 7026 struct mesh_config cfg; 7027 struct mesh_setup setup; 7028 int err; 7029 7030 /* start with default */ 7031 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 7032 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 7033 7034 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 7035 /* and parse parameters if given */ 7036 err = nl80211_parse_mesh_config(info, &cfg, NULL); 7037 if (err) 7038 return err; 7039 } 7040 7041 if (!info->attrs[NL80211_ATTR_MESH_ID] || 7042 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 7043 return -EINVAL; 7044 7045 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 7046 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 7047 7048 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 7049 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 7050 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 7051 return -EINVAL; 7052 7053 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 7054 setup.beacon_interval = 7055 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 7056 if (setup.beacon_interval < 10 || 7057 setup.beacon_interval > 10000) 7058 return -EINVAL; 7059 } 7060 7061 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) { 7062 setup.dtim_period = 7063 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 7064 if (setup.dtim_period < 1 || setup.dtim_period > 100) 7065 return -EINVAL; 7066 } 7067 7068 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 7069 /* parse additional setup parameters if given */ 7070 err = nl80211_parse_mesh_setup(info, &setup); 7071 if (err) 7072 return err; 7073 } 7074 7075 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 7076 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 7077 if (err) 7078 return err; 7079 } else { 7080 /* cfg80211_join_mesh() will sort it out */ 7081 setup.chandef.chan = NULL; 7082 } 7083 7084 return cfg80211_join_mesh(rdev, dev, &setup, &cfg); 7085 } 7086 7087 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 7088 { 7089 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7090 struct net_device *dev = info->user_ptr[1]; 7091 7092 return cfg80211_leave_mesh(rdev, dev); 7093 } 7094 7095 #ifdef CONFIG_PM 7096 static int nl80211_send_wowlan_patterns(struct sk_buff *msg, 7097 struct cfg80211_registered_device *rdev) 7098 { 7099 struct nlattr *nl_pats, *nl_pat; 7100 int i, pat_len; 7101 7102 if (!rdev->wowlan->n_patterns) 7103 return 0; 7104 7105 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN); 7106 if (!nl_pats) 7107 return -ENOBUFS; 7108 7109 for (i = 0; i < rdev->wowlan->n_patterns; i++) { 7110 nl_pat = nla_nest_start(msg, i + 1); 7111 if (!nl_pat) 7112 return -ENOBUFS; 7113 pat_len = rdev->wowlan->patterns[i].pattern_len; 7114 if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK, 7115 DIV_ROUND_UP(pat_len, 8), 7116 rdev->wowlan->patterns[i].mask) || 7117 nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN, 7118 pat_len, rdev->wowlan->patterns[i].pattern) || 7119 nla_put_u32(msg, NL80211_WOWLAN_PKTPAT_OFFSET, 7120 rdev->wowlan->patterns[i].pkt_offset)) 7121 return -ENOBUFS; 7122 nla_nest_end(msg, nl_pat); 7123 } 7124 nla_nest_end(msg, nl_pats); 7125 7126 return 0; 7127 } 7128 7129 static int nl80211_send_wowlan_tcp(struct sk_buff *msg, 7130 struct cfg80211_wowlan_tcp *tcp) 7131 { 7132 struct nlattr *nl_tcp; 7133 7134 if (!tcp) 7135 return 0; 7136 7137 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION); 7138 if (!nl_tcp) 7139 return -ENOBUFS; 7140 7141 if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) || 7142 nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) || 7143 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) || 7144 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) || 7145 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) || 7146 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 7147 tcp->payload_len, tcp->payload) || 7148 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 7149 tcp->data_interval) || 7150 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 7151 tcp->wake_len, tcp->wake_data) || 7152 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK, 7153 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask)) 7154 return -ENOBUFS; 7155 7156 if (tcp->payload_seq.len && 7157 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ, 7158 sizeof(tcp->payload_seq), &tcp->payload_seq)) 7159 return -ENOBUFS; 7160 7161 if (tcp->payload_tok.len && 7162 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 7163 sizeof(tcp->payload_tok) + tcp->tokens_size, 7164 &tcp->payload_tok)) 7165 return -ENOBUFS; 7166 7167 return 0; 7168 } 7169 7170 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 7171 { 7172 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7173 struct sk_buff *msg; 7174 void *hdr; 7175 u32 size = NLMSG_DEFAULT_SIZE; 7176 7177 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns && 7178 !rdev->wiphy.wowlan.tcp) 7179 return -EOPNOTSUPP; 7180 7181 if (rdev->wowlan && rdev->wowlan->tcp) { 7182 /* adjust size to have room for all the data */ 7183 size += rdev->wowlan->tcp->tokens_size + 7184 rdev->wowlan->tcp->payload_len + 7185 rdev->wowlan->tcp->wake_len + 7186 rdev->wowlan->tcp->wake_len / 8; 7187 } 7188 7189 msg = nlmsg_new(size, GFP_KERNEL); 7190 if (!msg) 7191 return -ENOMEM; 7192 7193 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 7194 NL80211_CMD_GET_WOWLAN); 7195 if (!hdr) 7196 goto nla_put_failure; 7197 7198 if (rdev->wowlan) { 7199 struct nlattr *nl_wowlan; 7200 7201 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 7202 if (!nl_wowlan) 7203 goto nla_put_failure; 7204 7205 if ((rdev->wowlan->any && 7206 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 7207 (rdev->wowlan->disconnect && 7208 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 7209 (rdev->wowlan->magic_pkt && 7210 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 7211 (rdev->wowlan->gtk_rekey_failure && 7212 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 7213 (rdev->wowlan->eap_identity_req && 7214 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 7215 (rdev->wowlan->four_way_handshake && 7216 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 7217 (rdev->wowlan->rfkill_release && 7218 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 7219 goto nla_put_failure; 7220 7221 if (nl80211_send_wowlan_patterns(msg, rdev)) 7222 goto nla_put_failure; 7223 7224 if (nl80211_send_wowlan_tcp(msg, rdev->wowlan->tcp)) 7225 goto nla_put_failure; 7226 7227 nla_nest_end(msg, nl_wowlan); 7228 } 7229 7230 genlmsg_end(msg, hdr); 7231 return genlmsg_reply(msg, info); 7232 7233 nla_put_failure: 7234 nlmsg_free(msg); 7235 return -ENOBUFS; 7236 } 7237 7238 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev, 7239 struct nlattr *attr, 7240 struct cfg80211_wowlan *trig) 7241 { 7242 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP]; 7243 struct cfg80211_wowlan_tcp *cfg; 7244 struct nl80211_wowlan_tcp_data_token *tok = NULL; 7245 struct nl80211_wowlan_tcp_data_seq *seq = NULL; 7246 u32 size; 7247 u32 data_size, wake_size, tokens_size = 0, wake_mask_size; 7248 int err, port; 7249 7250 if (!rdev->wiphy.wowlan.tcp) 7251 return -EINVAL; 7252 7253 err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP, 7254 nla_data(attr), nla_len(attr), 7255 nl80211_wowlan_tcp_policy); 7256 if (err) 7257 return err; 7258 7259 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] || 7260 !tb[NL80211_WOWLAN_TCP_DST_IPV4] || 7261 !tb[NL80211_WOWLAN_TCP_DST_MAC] || 7262 !tb[NL80211_WOWLAN_TCP_DST_PORT] || 7263 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] || 7264 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] || 7265 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] || 7266 !tb[NL80211_WOWLAN_TCP_WAKE_MASK]) 7267 return -EINVAL; 7268 7269 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]); 7270 if (data_size > rdev->wiphy.wowlan.tcp->data_payload_max) 7271 return -EINVAL; 7272 7273 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) > 7274 rdev->wiphy.wowlan.tcp->data_interval_max) 7275 return -EINVAL; 7276 7277 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]); 7278 if (wake_size > rdev->wiphy.wowlan.tcp->wake_payload_max) 7279 return -EINVAL; 7280 7281 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]); 7282 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8)) 7283 return -EINVAL; 7284 7285 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) { 7286 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 7287 7288 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 7289 tokens_size = tokln - sizeof(*tok); 7290 7291 if (!tok->len || tokens_size % tok->len) 7292 return -EINVAL; 7293 if (!rdev->wiphy.wowlan.tcp->tok) 7294 return -EINVAL; 7295 if (tok->len > rdev->wiphy.wowlan.tcp->tok->max_len) 7296 return -EINVAL; 7297 if (tok->len < rdev->wiphy.wowlan.tcp->tok->min_len) 7298 return -EINVAL; 7299 if (tokens_size > rdev->wiphy.wowlan.tcp->tok->bufsize) 7300 return -EINVAL; 7301 if (tok->offset + tok->len > data_size) 7302 return -EINVAL; 7303 } 7304 7305 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) { 7306 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]); 7307 if (!rdev->wiphy.wowlan.tcp->seq) 7308 return -EINVAL; 7309 if (seq->len == 0 || seq->len > 4) 7310 return -EINVAL; 7311 if (seq->len + seq->offset > data_size) 7312 return -EINVAL; 7313 } 7314 7315 size = sizeof(*cfg); 7316 size += data_size; 7317 size += wake_size + wake_mask_size; 7318 size += tokens_size; 7319 7320 cfg = kzalloc(size, GFP_KERNEL); 7321 if (!cfg) 7322 return -ENOMEM; 7323 cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]); 7324 cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]); 7325 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]), 7326 ETH_ALEN); 7327 if (tb[NL80211_WOWLAN_TCP_SRC_PORT]) 7328 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]); 7329 else 7330 port = 0; 7331 #ifdef CONFIG_INET 7332 /* allocate a socket and port for it and use it */ 7333 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM, 7334 IPPROTO_TCP, &cfg->sock, 1); 7335 if (err) { 7336 kfree(cfg); 7337 return err; 7338 } 7339 if (inet_csk_get_port(cfg->sock->sk, port)) { 7340 sock_release(cfg->sock); 7341 kfree(cfg); 7342 return -EADDRINUSE; 7343 } 7344 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num; 7345 #else 7346 if (!port) { 7347 kfree(cfg); 7348 return -EINVAL; 7349 } 7350 cfg->src_port = port; 7351 #endif 7352 7353 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]); 7354 cfg->payload_len = data_size; 7355 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size; 7356 memcpy((void *)cfg->payload, 7357 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]), 7358 data_size); 7359 if (seq) 7360 cfg->payload_seq = *seq; 7361 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]); 7362 cfg->wake_len = wake_size; 7363 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size; 7364 memcpy((void *)cfg->wake_data, 7365 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]), 7366 wake_size); 7367 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size + 7368 data_size + wake_size; 7369 memcpy((void *)cfg->wake_mask, 7370 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]), 7371 wake_mask_size); 7372 if (tok) { 7373 cfg->tokens_size = tokens_size; 7374 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size); 7375 } 7376 7377 trig->tcp = cfg; 7378 7379 return 0; 7380 } 7381 7382 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 7383 { 7384 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7385 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 7386 struct cfg80211_wowlan new_triggers = {}; 7387 struct cfg80211_wowlan *ntrig; 7388 struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan; 7389 int err, i; 7390 bool prev_enabled = rdev->wowlan; 7391 7392 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns && 7393 !rdev->wiphy.wowlan.tcp) 7394 return -EOPNOTSUPP; 7395 7396 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) { 7397 cfg80211_rdev_free_wowlan(rdev); 7398 rdev->wowlan = NULL; 7399 goto set_wakeup; 7400 } 7401 7402 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG, 7403 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 7404 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 7405 nl80211_wowlan_policy); 7406 if (err) 7407 return err; 7408 7409 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 7410 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 7411 return -EINVAL; 7412 new_triggers.any = true; 7413 } 7414 7415 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 7416 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 7417 return -EINVAL; 7418 new_triggers.disconnect = true; 7419 } 7420 7421 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 7422 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 7423 return -EINVAL; 7424 new_triggers.magic_pkt = true; 7425 } 7426 7427 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 7428 return -EINVAL; 7429 7430 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 7431 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 7432 return -EINVAL; 7433 new_triggers.gtk_rekey_failure = true; 7434 } 7435 7436 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 7437 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 7438 return -EINVAL; 7439 new_triggers.eap_identity_req = true; 7440 } 7441 7442 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 7443 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 7444 return -EINVAL; 7445 new_triggers.four_way_handshake = true; 7446 } 7447 7448 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 7449 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 7450 return -EINVAL; 7451 new_triggers.rfkill_release = true; 7452 } 7453 7454 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 7455 struct nlattr *pat; 7456 int n_patterns = 0; 7457 int rem, pat_len, mask_len, pkt_offset; 7458 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT]; 7459 7460 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 7461 rem) 7462 n_patterns++; 7463 if (n_patterns > wowlan->n_patterns) 7464 return -EINVAL; 7465 7466 new_triggers.patterns = kcalloc(n_patterns, 7467 sizeof(new_triggers.patterns[0]), 7468 GFP_KERNEL); 7469 if (!new_triggers.patterns) 7470 return -ENOMEM; 7471 7472 new_triggers.n_patterns = n_patterns; 7473 i = 0; 7474 7475 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 7476 rem) { 7477 nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT, 7478 nla_data(pat), nla_len(pat), NULL); 7479 err = -EINVAL; 7480 if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] || 7481 !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]) 7482 goto error; 7483 pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]); 7484 mask_len = DIV_ROUND_UP(pat_len, 8); 7485 if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) != 7486 mask_len) 7487 goto error; 7488 if (pat_len > wowlan->pattern_max_len || 7489 pat_len < wowlan->pattern_min_len) 7490 goto error; 7491 7492 if (!pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]) 7493 pkt_offset = 0; 7494 else 7495 pkt_offset = nla_get_u32( 7496 pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]); 7497 if (pkt_offset > wowlan->max_pkt_offset) 7498 goto error; 7499 new_triggers.patterns[i].pkt_offset = pkt_offset; 7500 7501 new_triggers.patterns[i].mask = 7502 kmalloc(mask_len + pat_len, GFP_KERNEL); 7503 if (!new_triggers.patterns[i].mask) { 7504 err = -ENOMEM; 7505 goto error; 7506 } 7507 new_triggers.patterns[i].pattern = 7508 new_triggers.patterns[i].mask + mask_len; 7509 memcpy(new_triggers.patterns[i].mask, 7510 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]), 7511 mask_len); 7512 new_triggers.patterns[i].pattern_len = pat_len; 7513 memcpy(new_triggers.patterns[i].pattern, 7514 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]), 7515 pat_len); 7516 i++; 7517 } 7518 } 7519 7520 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) { 7521 err = nl80211_parse_wowlan_tcp( 7522 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION], 7523 &new_triggers); 7524 if (err) 7525 goto error; 7526 } 7527 7528 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL); 7529 if (!ntrig) { 7530 err = -ENOMEM; 7531 goto error; 7532 } 7533 cfg80211_rdev_free_wowlan(rdev); 7534 rdev->wowlan = ntrig; 7535 7536 set_wakeup: 7537 if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan) 7538 rdev_set_wakeup(rdev, rdev->wowlan); 7539 7540 return 0; 7541 error: 7542 for (i = 0; i < new_triggers.n_patterns; i++) 7543 kfree(new_triggers.patterns[i].mask); 7544 kfree(new_triggers.patterns); 7545 if (new_triggers.tcp && new_triggers.tcp->sock) 7546 sock_release(new_triggers.tcp->sock); 7547 kfree(new_triggers.tcp); 7548 return err; 7549 } 7550 #endif 7551 7552 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 7553 { 7554 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7555 struct net_device *dev = info->user_ptr[1]; 7556 struct wireless_dev *wdev = dev->ieee80211_ptr; 7557 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 7558 struct cfg80211_gtk_rekey_data rekey_data; 7559 int err; 7560 7561 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 7562 return -EINVAL; 7563 7564 err = nla_parse(tb, MAX_NL80211_REKEY_DATA, 7565 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]), 7566 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]), 7567 nl80211_rekey_policy); 7568 if (err) 7569 return err; 7570 7571 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) 7572 return -ERANGE; 7573 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) 7574 return -ERANGE; 7575 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN) 7576 return -ERANGE; 7577 7578 memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]), 7579 NL80211_KEK_LEN); 7580 memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]), 7581 NL80211_KCK_LEN); 7582 memcpy(rekey_data.replay_ctr, 7583 nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]), 7584 NL80211_REPLAY_CTR_LEN); 7585 7586 wdev_lock(wdev); 7587 if (!wdev->current_bss) { 7588 err = -ENOTCONN; 7589 goto out; 7590 } 7591 7592 if (!rdev->ops->set_rekey_data) { 7593 err = -EOPNOTSUPP; 7594 goto out; 7595 } 7596 7597 err = rdev_set_rekey_data(rdev, dev, &rekey_data); 7598 out: 7599 wdev_unlock(wdev); 7600 return err; 7601 } 7602 7603 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 7604 struct genl_info *info) 7605 { 7606 struct net_device *dev = info->user_ptr[1]; 7607 struct wireless_dev *wdev = dev->ieee80211_ptr; 7608 7609 if (wdev->iftype != NL80211_IFTYPE_AP && 7610 wdev->iftype != NL80211_IFTYPE_P2P_GO) 7611 return -EINVAL; 7612 7613 if (wdev->ap_unexpected_nlportid) 7614 return -EBUSY; 7615 7616 wdev->ap_unexpected_nlportid = info->snd_portid; 7617 return 0; 7618 } 7619 7620 static int nl80211_probe_client(struct sk_buff *skb, 7621 struct genl_info *info) 7622 { 7623 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7624 struct net_device *dev = info->user_ptr[1]; 7625 struct wireless_dev *wdev = dev->ieee80211_ptr; 7626 struct sk_buff *msg; 7627 void *hdr; 7628 const u8 *addr; 7629 u64 cookie; 7630 int err; 7631 7632 if (wdev->iftype != NL80211_IFTYPE_AP && 7633 wdev->iftype != NL80211_IFTYPE_P2P_GO) 7634 return -EOPNOTSUPP; 7635 7636 if (!info->attrs[NL80211_ATTR_MAC]) 7637 return -EINVAL; 7638 7639 if (!rdev->ops->probe_client) 7640 return -EOPNOTSUPP; 7641 7642 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7643 if (!msg) 7644 return -ENOMEM; 7645 7646 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 7647 NL80211_CMD_PROBE_CLIENT); 7648 7649 if (IS_ERR(hdr)) { 7650 err = PTR_ERR(hdr); 7651 goto free_msg; 7652 } 7653 7654 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 7655 7656 err = rdev_probe_client(rdev, dev, addr, &cookie); 7657 if (err) 7658 goto free_msg; 7659 7660 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 7661 goto nla_put_failure; 7662 7663 genlmsg_end(msg, hdr); 7664 7665 return genlmsg_reply(msg, info); 7666 7667 nla_put_failure: 7668 err = -ENOBUFS; 7669 free_msg: 7670 nlmsg_free(msg); 7671 return err; 7672 } 7673 7674 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 7675 { 7676 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7677 struct cfg80211_beacon_registration *reg, *nreg; 7678 int rv; 7679 7680 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 7681 return -EOPNOTSUPP; 7682 7683 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL); 7684 if (!nreg) 7685 return -ENOMEM; 7686 7687 /* First, check if already registered. */ 7688 spin_lock_bh(&rdev->beacon_registrations_lock); 7689 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 7690 if (reg->nlportid == info->snd_portid) { 7691 rv = -EALREADY; 7692 goto out_err; 7693 } 7694 } 7695 /* Add it to the list */ 7696 nreg->nlportid = info->snd_portid; 7697 list_add(&nreg->list, &rdev->beacon_registrations); 7698 7699 spin_unlock_bh(&rdev->beacon_registrations_lock); 7700 7701 return 0; 7702 out_err: 7703 spin_unlock_bh(&rdev->beacon_registrations_lock); 7704 kfree(nreg); 7705 return rv; 7706 } 7707 7708 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info) 7709 { 7710 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7711 struct wireless_dev *wdev = info->user_ptr[1]; 7712 int err; 7713 7714 if (!rdev->ops->start_p2p_device) 7715 return -EOPNOTSUPP; 7716 7717 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 7718 return -EOPNOTSUPP; 7719 7720 if (wdev->p2p_started) 7721 return 0; 7722 7723 mutex_lock(&rdev->devlist_mtx); 7724 err = cfg80211_can_add_interface(rdev, wdev->iftype); 7725 mutex_unlock(&rdev->devlist_mtx); 7726 if (err) 7727 return err; 7728 7729 err = rdev_start_p2p_device(rdev, wdev); 7730 if (err) 7731 return err; 7732 7733 wdev->p2p_started = true; 7734 mutex_lock(&rdev->devlist_mtx); 7735 rdev->opencount++; 7736 mutex_unlock(&rdev->devlist_mtx); 7737 7738 return 0; 7739 } 7740 7741 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info) 7742 { 7743 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7744 struct wireless_dev *wdev = info->user_ptr[1]; 7745 7746 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 7747 return -EOPNOTSUPP; 7748 7749 if (!rdev->ops->stop_p2p_device) 7750 return -EOPNOTSUPP; 7751 7752 if (!wdev->p2p_started) 7753 return 0; 7754 7755 rdev_stop_p2p_device(rdev, wdev); 7756 wdev->p2p_started = false; 7757 7758 mutex_lock(&rdev->devlist_mtx); 7759 rdev->opencount--; 7760 mutex_unlock(&rdev->devlist_mtx); 7761 7762 if (WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev)) { 7763 rdev->scan_req->aborted = true; 7764 ___cfg80211_scan_done(rdev, true); 7765 } 7766 7767 return 0; 7768 } 7769 7770 #define NL80211_FLAG_NEED_WIPHY 0x01 7771 #define NL80211_FLAG_NEED_NETDEV 0x02 7772 #define NL80211_FLAG_NEED_RTNL 0x04 7773 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 7774 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 7775 NL80211_FLAG_CHECK_NETDEV_UP) 7776 #define NL80211_FLAG_NEED_WDEV 0x10 7777 /* If a netdev is associated, it must be UP, P2P must be started */ 7778 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ 7779 NL80211_FLAG_CHECK_NETDEV_UP) 7780 7781 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 7782 struct genl_info *info) 7783 { 7784 struct cfg80211_registered_device *rdev; 7785 struct wireless_dev *wdev; 7786 struct net_device *dev; 7787 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL; 7788 7789 if (rtnl) 7790 rtnl_lock(); 7791 7792 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) { 7793 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 7794 if (IS_ERR(rdev)) { 7795 if (rtnl) 7796 rtnl_unlock(); 7797 return PTR_ERR(rdev); 7798 } 7799 info->user_ptr[0] = rdev; 7800 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV || 7801 ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 7802 mutex_lock(&cfg80211_mutex); 7803 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info), 7804 info->attrs); 7805 if (IS_ERR(wdev)) { 7806 mutex_unlock(&cfg80211_mutex); 7807 if (rtnl) 7808 rtnl_unlock(); 7809 return PTR_ERR(wdev); 7810 } 7811 7812 dev = wdev->netdev; 7813 rdev = wiphy_to_dev(wdev->wiphy); 7814 7815 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) { 7816 if (!dev) { 7817 mutex_unlock(&cfg80211_mutex); 7818 if (rtnl) 7819 rtnl_unlock(); 7820 return -EINVAL; 7821 } 7822 7823 info->user_ptr[1] = dev; 7824 } else { 7825 info->user_ptr[1] = wdev; 7826 } 7827 7828 if (dev) { 7829 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 7830 !netif_running(dev)) { 7831 mutex_unlock(&cfg80211_mutex); 7832 if (rtnl) 7833 rtnl_unlock(); 7834 return -ENETDOWN; 7835 } 7836 7837 dev_hold(dev); 7838 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) { 7839 if (!wdev->p2p_started) { 7840 mutex_unlock(&cfg80211_mutex); 7841 if (rtnl) 7842 rtnl_unlock(); 7843 return -ENETDOWN; 7844 } 7845 } 7846 7847 cfg80211_lock_rdev(rdev); 7848 7849 mutex_unlock(&cfg80211_mutex); 7850 7851 info->user_ptr[0] = rdev; 7852 } 7853 7854 return 0; 7855 } 7856 7857 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 7858 struct genl_info *info) 7859 { 7860 if (info->user_ptr[0]) 7861 cfg80211_unlock_rdev(info->user_ptr[0]); 7862 if (info->user_ptr[1]) { 7863 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 7864 struct wireless_dev *wdev = info->user_ptr[1]; 7865 7866 if (wdev->netdev) 7867 dev_put(wdev->netdev); 7868 } else { 7869 dev_put(info->user_ptr[1]); 7870 } 7871 } 7872 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) 7873 rtnl_unlock(); 7874 } 7875 7876 static struct genl_ops nl80211_ops[] = { 7877 { 7878 .cmd = NL80211_CMD_GET_WIPHY, 7879 .doit = nl80211_get_wiphy, 7880 .dumpit = nl80211_dump_wiphy, 7881 .policy = nl80211_policy, 7882 /* can be retrieved by unprivileged users */ 7883 .internal_flags = NL80211_FLAG_NEED_WIPHY, 7884 }, 7885 { 7886 .cmd = NL80211_CMD_SET_WIPHY, 7887 .doit = nl80211_set_wiphy, 7888 .policy = nl80211_policy, 7889 .flags = GENL_ADMIN_PERM, 7890 .internal_flags = NL80211_FLAG_NEED_RTNL, 7891 }, 7892 { 7893 .cmd = NL80211_CMD_GET_INTERFACE, 7894 .doit = nl80211_get_interface, 7895 .dumpit = nl80211_dump_interface, 7896 .policy = nl80211_policy, 7897 /* can be retrieved by unprivileged users */ 7898 .internal_flags = NL80211_FLAG_NEED_WDEV, 7899 }, 7900 { 7901 .cmd = NL80211_CMD_SET_INTERFACE, 7902 .doit = nl80211_set_interface, 7903 .policy = nl80211_policy, 7904 .flags = GENL_ADMIN_PERM, 7905 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7906 NL80211_FLAG_NEED_RTNL, 7907 }, 7908 { 7909 .cmd = NL80211_CMD_NEW_INTERFACE, 7910 .doit = nl80211_new_interface, 7911 .policy = nl80211_policy, 7912 .flags = GENL_ADMIN_PERM, 7913 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7914 NL80211_FLAG_NEED_RTNL, 7915 }, 7916 { 7917 .cmd = NL80211_CMD_DEL_INTERFACE, 7918 .doit = nl80211_del_interface, 7919 .policy = nl80211_policy, 7920 .flags = GENL_ADMIN_PERM, 7921 .internal_flags = NL80211_FLAG_NEED_WDEV | 7922 NL80211_FLAG_NEED_RTNL, 7923 }, 7924 { 7925 .cmd = NL80211_CMD_GET_KEY, 7926 .doit = nl80211_get_key, 7927 .policy = nl80211_policy, 7928 .flags = GENL_ADMIN_PERM, 7929 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7930 NL80211_FLAG_NEED_RTNL, 7931 }, 7932 { 7933 .cmd = NL80211_CMD_SET_KEY, 7934 .doit = nl80211_set_key, 7935 .policy = nl80211_policy, 7936 .flags = GENL_ADMIN_PERM, 7937 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7938 NL80211_FLAG_NEED_RTNL, 7939 }, 7940 { 7941 .cmd = NL80211_CMD_NEW_KEY, 7942 .doit = nl80211_new_key, 7943 .policy = nl80211_policy, 7944 .flags = GENL_ADMIN_PERM, 7945 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7946 NL80211_FLAG_NEED_RTNL, 7947 }, 7948 { 7949 .cmd = NL80211_CMD_DEL_KEY, 7950 .doit = nl80211_del_key, 7951 .policy = nl80211_policy, 7952 .flags = GENL_ADMIN_PERM, 7953 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7954 NL80211_FLAG_NEED_RTNL, 7955 }, 7956 { 7957 .cmd = NL80211_CMD_SET_BEACON, 7958 .policy = nl80211_policy, 7959 .flags = GENL_ADMIN_PERM, 7960 .doit = nl80211_set_beacon, 7961 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7962 NL80211_FLAG_NEED_RTNL, 7963 }, 7964 { 7965 .cmd = NL80211_CMD_START_AP, 7966 .policy = nl80211_policy, 7967 .flags = GENL_ADMIN_PERM, 7968 .doit = nl80211_start_ap, 7969 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7970 NL80211_FLAG_NEED_RTNL, 7971 }, 7972 { 7973 .cmd = NL80211_CMD_STOP_AP, 7974 .policy = nl80211_policy, 7975 .flags = GENL_ADMIN_PERM, 7976 .doit = nl80211_stop_ap, 7977 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7978 NL80211_FLAG_NEED_RTNL, 7979 }, 7980 { 7981 .cmd = NL80211_CMD_GET_STATION, 7982 .doit = nl80211_get_station, 7983 .dumpit = nl80211_dump_station, 7984 .policy = nl80211_policy, 7985 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7986 NL80211_FLAG_NEED_RTNL, 7987 }, 7988 { 7989 .cmd = NL80211_CMD_SET_STATION, 7990 .doit = nl80211_set_station, 7991 .policy = nl80211_policy, 7992 .flags = GENL_ADMIN_PERM, 7993 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7994 NL80211_FLAG_NEED_RTNL, 7995 }, 7996 { 7997 .cmd = NL80211_CMD_NEW_STATION, 7998 .doit = nl80211_new_station, 7999 .policy = nl80211_policy, 8000 .flags = GENL_ADMIN_PERM, 8001 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8002 NL80211_FLAG_NEED_RTNL, 8003 }, 8004 { 8005 .cmd = NL80211_CMD_DEL_STATION, 8006 .doit = nl80211_del_station, 8007 .policy = nl80211_policy, 8008 .flags = GENL_ADMIN_PERM, 8009 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8010 NL80211_FLAG_NEED_RTNL, 8011 }, 8012 { 8013 .cmd = NL80211_CMD_GET_MPATH, 8014 .doit = nl80211_get_mpath, 8015 .dumpit = nl80211_dump_mpath, 8016 .policy = nl80211_policy, 8017 .flags = GENL_ADMIN_PERM, 8018 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8019 NL80211_FLAG_NEED_RTNL, 8020 }, 8021 { 8022 .cmd = NL80211_CMD_SET_MPATH, 8023 .doit = nl80211_set_mpath, 8024 .policy = nl80211_policy, 8025 .flags = GENL_ADMIN_PERM, 8026 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8027 NL80211_FLAG_NEED_RTNL, 8028 }, 8029 { 8030 .cmd = NL80211_CMD_NEW_MPATH, 8031 .doit = nl80211_new_mpath, 8032 .policy = nl80211_policy, 8033 .flags = GENL_ADMIN_PERM, 8034 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8035 NL80211_FLAG_NEED_RTNL, 8036 }, 8037 { 8038 .cmd = NL80211_CMD_DEL_MPATH, 8039 .doit = nl80211_del_mpath, 8040 .policy = nl80211_policy, 8041 .flags = GENL_ADMIN_PERM, 8042 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8043 NL80211_FLAG_NEED_RTNL, 8044 }, 8045 { 8046 .cmd = NL80211_CMD_SET_BSS, 8047 .doit = nl80211_set_bss, 8048 .policy = nl80211_policy, 8049 .flags = GENL_ADMIN_PERM, 8050 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8051 NL80211_FLAG_NEED_RTNL, 8052 }, 8053 { 8054 .cmd = NL80211_CMD_GET_REG, 8055 .doit = nl80211_get_reg, 8056 .policy = nl80211_policy, 8057 /* can be retrieved by unprivileged users */ 8058 }, 8059 { 8060 .cmd = NL80211_CMD_SET_REG, 8061 .doit = nl80211_set_reg, 8062 .policy = nl80211_policy, 8063 .flags = GENL_ADMIN_PERM, 8064 }, 8065 { 8066 .cmd = NL80211_CMD_REQ_SET_REG, 8067 .doit = nl80211_req_set_reg, 8068 .policy = nl80211_policy, 8069 .flags = GENL_ADMIN_PERM, 8070 }, 8071 { 8072 .cmd = NL80211_CMD_GET_MESH_CONFIG, 8073 .doit = nl80211_get_mesh_config, 8074 .policy = nl80211_policy, 8075 /* can be retrieved by unprivileged users */ 8076 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8077 NL80211_FLAG_NEED_RTNL, 8078 }, 8079 { 8080 .cmd = NL80211_CMD_SET_MESH_CONFIG, 8081 .doit = nl80211_update_mesh_config, 8082 .policy = nl80211_policy, 8083 .flags = GENL_ADMIN_PERM, 8084 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8085 NL80211_FLAG_NEED_RTNL, 8086 }, 8087 { 8088 .cmd = NL80211_CMD_TRIGGER_SCAN, 8089 .doit = nl80211_trigger_scan, 8090 .policy = nl80211_policy, 8091 .flags = GENL_ADMIN_PERM, 8092 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8093 NL80211_FLAG_NEED_RTNL, 8094 }, 8095 { 8096 .cmd = NL80211_CMD_GET_SCAN, 8097 .policy = nl80211_policy, 8098 .dumpit = nl80211_dump_scan, 8099 }, 8100 { 8101 .cmd = NL80211_CMD_START_SCHED_SCAN, 8102 .doit = nl80211_start_sched_scan, 8103 .policy = nl80211_policy, 8104 .flags = GENL_ADMIN_PERM, 8105 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8106 NL80211_FLAG_NEED_RTNL, 8107 }, 8108 { 8109 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 8110 .doit = nl80211_stop_sched_scan, 8111 .policy = nl80211_policy, 8112 .flags = GENL_ADMIN_PERM, 8113 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8114 NL80211_FLAG_NEED_RTNL, 8115 }, 8116 { 8117 .cmd = NL80211_CMD_AUTHENTICATE, 8118 .doit = nl80211_authenticate, 8119 .policy = nl80211_policy, 8120 .flags = GENL_ADMIN_PERM, 8121 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8122 NL80211_FLAG_NEED_RTNL, 8123 }, 8124 { 8125 .cmd = NL80211_CMD_ASSOCIATE, 8126 .doit = nl80211_associate, 8127 .policy = nl80211_policy, 8128 .flags = GENL_ADMIN_PERM, 8129 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8130 NL80211_FLAG_NEED_RTNL, 8131 }, 8132 { 8133 .cmd = NL80211_CMD_DEAUTHENTICATE, 8134 .doit = nl80211_deauthenticate, 8135 .policy = nl80211_policy, 8136 .flags = GENL_ADMIN_PERM, 8137 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8138 NL80211_FLAG_NEED_RTNL, 8139 }, 8140 { 8141 .cmd = NL80211_CMD_DISASSOCIATE, 8142 .doit = nl80211_disassociate, 8143 .policy = nl80211_policy, 8144 .flags = GENL_ADMIN_PERM, 8145 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8146 NL80211_FLAG_NEED_RTNL, 8147 }, 8148 { 8149 .cmd = NL80211_CMD_JOIN_IBSS, 8150 .doit = nl80211_join_ibss, 8151 .policy = nl80211_policy, 8152 .flags = GENL_ADMIN_PERM, 8153 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8154 NL80211_FLAG_NEED_RTNL, 8155 }, 8156 { 8157 .cmd = NL80211_CMD_LEAVE_IBSS, 8158 .doit = nl80211_leave_ibss, 8159 .policy = nl80211_policy, 8160 .flags = GENL_ADMIN_PERM, 8161 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8162 NL80211_FLAG_NEED_RTNL, 8163 }, 8164 #ifdef CONFIG_NL80211_TESTMODE 8165 { 8166 .cmd = NL80211_CMD_TESTMODE, 8167 .doit = nl80211_testmode_do, 8168 .dumpit = nl80211_testmode_dump, 8169 .policy = nl80211_policy, 8170 .flags = GENL_ADMIN_PERM, 8171 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8172 NL80211_FLAG_NEED_RTNL, 8173 }, 8174 #endif 8175 { 8176 .cmd = NL80211_CMD_CONNECT, 8177 .doit = nl80211_connect, 8178 .policy = nl80211_policy, 8179 .flags = GENL_ADMIN_PERM, 8180 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8181 NL80211_FLAG_NEED_RTNL, 8182 }, 8183 { 8184 .cmd = NL80211_CMD_DISCONNECT, 8185 .doit = nl80211_disconnect, 8186 .policy = nl80211_policy, 8187 .flags = GENL_ADMIN_PERM, 8188 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8189 NL80211_FLAG_NEED_RTNL, 8190 }, 8191 { 8192 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 8193 .doit = nl80211_wiphy_netns, 8194 .policy = nl80211_policy, 8195 .flags = GENL_ADMIN_PERM, 8196 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8197 NL80211_FLAG_NEED_RTNL, 8198 }, 8199 { 8200 .cmd = NL80211_CMD_GET_SURVEY, 8201 .policy = nl80211_policy, 8202 .dumpit = nl80211_dump_survey, 8203 }, 8204 { 8205 .cmd = NL80211_CMD_SET_PMKSA, 8206 .doit = nl80211_setdel_pmksa, 8207 .policy = nl80211_policy, 8208 .flags = GENL_ADMIN_PERM, 8209 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8210 NL80211_FLAG_NEED_RTNL, 8211 }, 8212 { 8213 .cmd = NL80211_CMD_DEL_PMKSA, 8214 .doit = nl80211_setdel_pmksa, 8215 .policy = nl80211_policy, 8216 .flags = GENL_ADMIN_PERM, 8217 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8218 NL80211_FLAG_NEED_RTNL, 8219 }, 8220 { 8221 .cmd = NL80211_CMD_FLUSH_PMKSA, 8222 .doit = nl80211_flush_pmksa, 8223 .policy = nl80211_policy, 8224 .flags = GENL_ADMIN_PERM, 8225 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8226 NL80211_FLAG_NEED_RTNL, 8227 }, 8228 { 8229 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 8230 .doit = nl80211_remain_on_channel, 8231 .policy = nl80211_policy, 8232 .flags = GENL_ADMIN_PERM, 8233 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8234 NL80211_FLAG_NEED_RTNL, 8235 }, 8236 { 8237 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 8238 .doit = nl80211_cancel_remain_on_channel, 8239 .policy = nl80211_policy, 8240 .flags = GENL_ADMIN_PERM, 8241 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8242 NL80211_FLAG_NEED_RTNL, 8243 }, 8244 { 8245 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 8246 .doit = nl80211_set_tx_bitrate_mask, 8247 .policy = nl80211_policy, 8248 .flags = GENL_ADMIN_PERM, 8249 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8250 NL80211_FLAG_NEED_RTNL, 8251 }, 8252 { 8253 .cmd = NL80211_CMD_REGISTER_FRAME, 8254 .doit = nl80211_register_mgmt, 8255 .policy = nl80211_policy, 8256 .flags = GENL_ADMIN_PERM, 8257 .internal_flags = NL80211_FLAG_NEED_WDEV | 8258 NL80211_FLAG_NEED_RTNL, 8259 }, 8260 { 8261 .cmd = NL80211_CMD_FRAME, 8262 .doit = nl80211_tx_mgmt, 8263 .policy = nl80211_policy, 8264 .flags = GENL_ADMIN_PERM, 8265 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8266 NL80211_FLAG_NEED_RTNL, 8267 }, 8268 { 8269 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 8270 .doit = nl80211_tx_mgmt_cancel_wait, 8271 .policy = nl80211_policy, 8272 .flags = GENL_ADMIN_PERM, 8273 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8274 NL80211_FLAG_NEED_RTNL, 8275 }, 8276 { 8277 .cmd = NL80211_CMD_SET_POWER_SAVE, 8278 .doit = nl80211_set_power_save, 8279 .policy = nl80211_policy, 8280 .flags = GENL_ADMIN_PERM, 8281 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8282 NL80211_FLAG_NEED_RTNL, 8283 }, 8284 { 8285 .cmd = NL80211_CMD_GET_POWER_SAVE, 8286 .doit = nl80211_get_power_save, 8287 .policy = nl80211_policy, 8288 /* can be retrieved by unprivileged users */ 8289 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8290 NL80211_FLAG_NEED_RTNL, 8291 }, 8292 { 8293 .cmd = NL80211_CMD_SET_CQM, 8294 .doit = nl80211_set_cqm, 8295 .policy = nl80211_policy, 8296 .flags = GENL_ADMIN_PERM, 8297 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8298 NL80211_FLAG_NEED_RTNL, 8299 }, 8300 { 8301 .cmd = NL80211_CMD_SET_CHANNEL, 8302 .doit = nl80211_set_channel, 8303 .policy = nl80211_policy, 8304 .flags = GENL_ADMIN_PERM, 8305 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8306 NL80211_FLAG_NEED_RTNL, 8307 }, 8308 { 8309 .cmd = NL80211_CMD_SET_WDS_PEER, 8310 .doit = nl80211_set_wds_peer, 8311 .policy = nl80211_policy, 8312 .flags = GENL_ADMIN_PERM, 8313 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8314 NL80211_FLAG_NEED_RTNL, 8315 }, 8316 { 8317 .cmd = NL80211_CMD_JOIN_MESH, 8318 .doit = nl80211_join_mesh, 8319 .policy = nl80211_policy, 8320 .flags = GENL_ADMIN_PERM, 8321 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8322 NL80211_FLAG_NEED_RTNL, 8323 }, 8324 { 8325 .cmd = NL80211_CMD_LEAVE_MESH, 8326 .doit = nl80211_leave_mesh, 8327 .policy = nl80211_policy, 8328 .flags = GENL_ADMIN_PERM, 8329 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8330 NL80211_FLAG_NEED_RTNL, 8331 }, 8332 #ifdef CONFIG_PM 8333 { 8334 .cmd = NL80211_CMD_GET_WOWLAN, 8335 .doit = nl80211_get_wowlan, 8336 .policy = nl80211_policy, 8337 /* can be retrieved by unprivileged users */ 8338 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8339 NL80211_FLAG_NEED_RTNL, 8340 }, 8341 { 8342 .cmd = NL80211_CMD_SET_WOWLAN, 8343 .doit = nl80211_set_wowlan, 8344 .policy = nl80211_policy, 8345 .flags = GENL_ADMIN_PERM, 8346 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8347 NL80211_FLAG_NEED_RTNL, 8348 }, 8349 #endif 8350 { 8351 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 8352 .doit = nl80211_set_rekey_data, 8353 .policy = nl80211_policy, 8354 .flags = GENL_ADMIN_PERM, 8355 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8356 NL80211_FLAG_NEED_RTNL, 8357 }, 8358 { 8359 .cmd = NL80211_CMD_TDLS_MGMT, 8360 .doit = nl80211_tdls_mgmt, 8361 .policy = nl80211_policy, 8362 .flags = GENL_ADMIN_PERM, 8363 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8364 NL80211_FLAG_NEED_RTNL, 8365 }, 8366 { 8367 .cmd = NL80211_CMD_TDLS_OPER, 8368 .doit = nl80211_tdls_oper, 8369 .policy = nl80211_policy, 8370 .flags = GENL_ADMIN_PERM, 8371 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8372 NL80211_FLAG_NEED_RTNL, 8373 }, 8374 { 8375 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 8376 .doit = nl80211_register_unexpected_frame, 8377 .policy = nl80211_policy, 8378 .flags = GENL_ADMIN_PERM, 8379 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8380 NL80211_FLAG_NEED_RTNL, 8381 }, 8382 { 8383 .cmd = NL80211_CMD_PROBE_CLIENT, 8384 .doit = nl80211_probe_client, 8385 .policy = nl80211_policy, 8386 .flags = GENL_ADMIN_PERM, 8387 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8388 NL80211_FLAG_NEED_RTNL, 8389 }, 8390 { 8391 .cmd = NL80211_CMD_REGISTER_BEACONS, 8392 .doit = nl80211_register_beacons, 8393 .policy = nl80211_policy, 8394 .flags = GENL_ADMIN_PERM, 8395 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8396 NL80211_FLAG_NEED_RTNL, 8397 }, 8398 { 8399 .cmd = NL80211_CMD_SET_NOACK_MAP, 8400 .doit = nl80211_set_noack_map, 8401 .policy = nl80211_policy, 8402 .flags = GENL_ADMIN_PERM, 8403 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8404 NL80211_FLAG_NEED_RTNL, 8405 }, 8406 { 8407 .cmd = NL80211_CMD_START_P2P_DEVICE, 8408 .doit = nl80211_start_p2p_device, 8409 .policy = nl80211_policy, 8410 .flags = GENL_ADMIN_PERM, 8411 .internal_flags = NL80211_FLAG_NEED_WDEV | 8412 NL80211_FLAG_NEED_RTNL, 8413 }, 8414 { 8415 .cmd = NL80211_CMD_STOP_P2P_DEVICE, 8416 .doit = nl80211_stop_p2p_device, 8417 .policy = nl80211_policy, 8418 .flags = GENL_ADMIN_PERM, 8419 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8420 NL80211_FLAG_NEED_RTNL, 8421 }, 8422 { 8423 .cmd = NL80211_CMD_SET_MCAST_RATE, 8424 .doit = nl80211_set_mcast_rate, 8425 .policy = nl80211_policy, 8426 .flags = GENL_ADMIN_PERM, 8427 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8428 NL80211_FLAG_NEED_RTNL, 8429 }, 8430 { 8431 .cmd = NL80211_CMD_SET_MAC_ACL, 8432 .doit = nl80211_set_mac_acl, 8433 .policy = nl80211_policy, 8434 .flags = GENL_ADMIN_PERM, 8435 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8436 NL80211_FLAG_NEED_RTNL, 8437 }, 8438 { 8439 .cmd = NL80211_CMD_RADAR_DETECT, 8440 .doit = nl80211_start_radar_detection, 8441 .policy = nl80211_policy, 8442 .flags = GENL_ADMIN_PERM, 8443 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8444 NL80211_FLAG_NEED_RTNL, 8445 }, 8446 }; 8447 8448 static struct genl_multicast_group nl80211_mlme_mcgrp = { 8449 .name = "mlme", 8450 }; 8451 8452 /* multicast groups */ 8453 static struct genl_multicast_group nl80211_config_mcgrp = { 8454 .name = "config", 8455 }; 8456 static struct genl_multicast_group nl80211_scan_mcgrp = { 8457 .name = "scan", 8458 }; 8459 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 8460 .name = "regulatory", 8461 }; 8462 8463 /* notification functions */ 8464 8465 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 8466 { 8467 struct sk_buff *msg; 8468 8469 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8470 if (!msg) 8471 return; 8472 8473 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 8474 nlmsg_free(msg); 8475 return; 8476 } 8477 8478 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8479 nl80211_config_mcgrp.id, GFP_KERNEL); 8480 } 8481 8482 static int nl80211_add_scan_req(struct sk_buff *msg, 8483 struct cfg80211_registered_device *rdev) 8484 { 8485 struct cfg80211_scan_request *req = rdev->scan_req; 8486 struct nlattr *nest; 8487 int i; 8488 8489 ASSERT_RDEV_LOCK(rdev); 8490 8491 if (WARN_ON(!req)) 8492 return 0; 8493 8494 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 8495 if (!nest) 8496 goto nla_put_failure; 8497 for (i = 0; i < req->n_ssids; i++) { 8498 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid)) 8499 goto nla_put_failure; 8500 } 8501 nla_nest_end(msg, nest); 8502 8503 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 8504 if (!nest) 8505 goto nla_put_failure; 8506 for (i = 0; i < req->n_channels; i++) { 8507 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 8508 goto nla_put_failure; 8509 } 8510 nla_nest_end(msg, nest); 8511 8512 if (req->ie && 8513 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie)) 8514 goto nla_put_failure; 8515 8516 if (req->flags) 8517 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags); 8518 8519 return 0; 8520 nla_put_failure: 8521 return -ENOBUFS; 8522 } 8523 8524 static int nl80211_send_scan_msg(struct sk_buff *msg, 8525 struct cfg80211_registered_device *rdev, 8526 struct wireless_dev *wdev, 8527 u32 portid, u32 seq, int flags, 8528 u32 cmd) 8529 { 8530 void *hdr; 8531 8532 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 8533 if (!hdr) 8534 return -1; 8535 8536 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8537 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 8538 wdev->netdev->ifindex)) || 8539 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 8540 goto nla_put_failure; 8541 8542 /* ignore errors and send incomplete event anyway */ 8543 nl80211_add_scan_req(msg, rdev); 8544 8545 return genlmsg_end(msg, hdr); 8546 8547 nla_put_failure: 8548 genlmsg_cancel(msg, hdr); 8549 return -EMSGSIZE; 8550 } 8551 8552 static int 8553 nl80211_send_sched_scan_msg(struct sk_buff *msg, 8554 struct cfg80211_registered_device *rdev, 8555 struct net_device *netdev, 8556 u32 portid, u32 seq, int flags, u32 cmd) 8557 { 8558 void *hdr; 8559 8560 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 8561 if (!hdr) 8562 return -1; 8563 8564 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8565 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 8566 goto nla_put_failure; 8567 8568 return genlmsg_end(msg, hdr); 8569 8570 nla_put_failure: 8571 genlmsg_cancel(msg, hdr); 8572 return -EMSGSIZE; 8573 } 8574 8575 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 8576 struct wireless_dev *wdev) 8577 { 8578 struct sk_buff *msg; 8579 8580 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8581 if (!msg) 8582 return; 8583 8584 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 8585 NL80211_CMD_TRIGGER_SCAN) < 0) { 8586 nlmsg_free(msg); 8587 return; 8588 } 8589 8590 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8591 nl80211_scan_mcgrp.id, GFP_KERNEL); 8592 } 8593 8594 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 8595 struct wireless_dev *wdev) 8596 { 8597 struct sk_buff *msg; 8598 8599 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8600 if (!msg) 8601 return; 8602 8603 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 8604 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 8605 nlmsg_free(msg); 8606 return; 8607 } 8608 8609 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8610 nl80211_scan_mcgrp.id, GFP_KERNEL); 8611 } 8612 8613 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 8614 struct wireless_dev *wdev) 8615 { 8616 struct sk_buff *msg; 8617 8618 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8619 if (!msg) 8620 return; 8621 8622 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 8623 NL80211_CMD_SCAN_ABORTED) < 0) { 8624 nlmsg_free(msg); 8625 return; 8626 } 8627 8628 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8629 nl80211_scan_mcgrp.id, GFP_KERNEL); 8630 } 8631 8632 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, 8633 struct net_device *netdev) 8634 { 8635 struct sk_buff *msg; 8636 8637 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8638 if (!msg) 8639 return; 8640 8641 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, 8642 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) { 8643 nlmsg_free(msg); 8644 return; 8645 } 8646 8647 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8648 nl80211_scan_mcgrp.id, GFP_KERNEL); 8649 } 8650 8651 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, 8652 struct net_device *netdev, u32 cmd) 8653 { 8654 struct sk_buff *msg; 8655 8656 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8657 if (!msg) 8658 return; 8659 8660 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) { 8661 nlmsg_free(msg); 8662 return; 8663 } 8664 8665 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8666 nl80211_scan_mcgrp.id, GFP_KERNEL); 8667 } 8668 8669 /* 8670 * This can happen on global regulatory changes or device specific settings 8671 * based on custom world regulatory domains. 8672 */ 8673 void nl80211_send_reg_change_event(struct regulatory_request *request) 8674 { 8675 struct sk_buff *msg; 8676 void *hdr; 8677 8678 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8679 if (!msg) 8680 return; 8681 8682 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 8683 if (!hdr) { 8684 nlmsg_free(msg); 8685 return; 8686 } 8687 8688 /* Userspace can always count this one always being set */ 8689 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator)) 8690 goto nla_put_failure; 8691 8692 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') { 8693 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 8694 NL80211_REGDOM_TYPE_WORLD)) 8695 goto nla_put_failure; 8696 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') { 8697 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 8698 NL80211_REGDOM_TYPE_CUSTOM_WORLD)) 8699 goto nla_put_failure; 8700 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 8701 request->intersect) { 8702 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 8703 NL80211_REGDOM_TYPE_INTERSECTION)) 8704 goto nla_put_failure; 8705 } else { 8706 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 8707 NL80211_REGDOM_TYPE_COUNTRY) || 8708 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 8709 request->alpha2)) 8710 goto nla_put_failure; 8711 } 8712 8713 if (request->wiphy_idx != WIPHY_IDX_INVALID && 8714 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx)) 8715 goto nla_put_failure; 8716 8717 genlmsg_end(msg, hdr); 8718 8719 rcu_read_lock(); 8720 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 8721 GFP_ATOMIC); 8722 rcu_read_unlock(); 8723 8724 return; 8725 8726 nla_put_failure: 8727 genlmsg_cancel(msg, hdr); 8728 nlmsg_free(msg); 8729 } 8730 8731 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 8732 struct net_device *netdev, 8733 const u8 *buf, size_t len, 8734 enum nl80211_commands cmd, gfp_t gfp) 8735 { 8736 struct sk_buff *msg; 8737 void *hdr; 8738 8739 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8740 if (!msg) 8741 return; 8742 8743 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 8744 if (!hdr) { 8745 nlmsg_free(msg); 8746 return; 8747 } 8748 8749 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8750 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8751 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 8752 goto nla_put_failure; 8753 8754 genlmsg_end(msg, hdr); 8755 8756 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8757 nl80211_mlme_mcgrp.id, gfp); 8758 return; 8759 8760 nla_put_failure: 8761 genlmsg_cancel(msg, hdr); 8762 nlmsg_free(msg); 8763 } 8764 8765 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 8766 struct net_device *netdev, const u8 *buf, 8767 size_t len, gfp_t gfp) 8768 { 8769 nl80211_send_mlme_event(rdev, netdev, buf, len, 8770 NL80211_CMD_AUTHENTICATE, gfp); 8771 } 8772 8773 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 8774 struct net_device *netdev, const u8 *buf, 8775 size_t len, gfp_t gfp) 8776 { 8777 nl80211_send_mlme_event(rdev, netdev, buf, len, 8778 NL80211_CMD_ASSOCIATE, gfp); 8779 } 8780 8781 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 8782 struct net_device *netdev, const u8 *buf, 8783 size_t len, gfp_t gfp) 8784 { 8785 nl80211_send_mlme_event(rdev, netdev, buf, len, 8786 NL80211_CMD_DEAUTHENTICATE, gfp); 8787 } 8788 8789 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 8790 struct net_device *netdev, const u8 *buf, 8791 size_t len, gfp_t gfp) 8792 { 8793 nl80211_send_mlme_event(rdev, netdev, buf, len, 8794 NL80211_CMD_DISASSOCIATE, gfp); 8795 } 8796 8797 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev, 8798 struct net_device *netdev, const u8 *buf, 8799 size_t len, gfp_t gfp) 8800 { 8801 nl80211_send_mlme_event(rdev, netdev, buf, len, 8802 NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp); 8803 } 8804 8805 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev, 8806 struct net_device *netdev, const u8 *buf, 8807 size_t len, gfp_t gfp) 8808 { 8809 nl80211_send_mlme_event(rdev, netdev, buf, len, 8810 NL80211_CMD_UNPROT_DISASSOCIATE, gfp); 8811 } 8812 8813 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 8814 struct net_device *netdev, int cmd, 8815 const u8 *addr, gfp_t gfp) 8816 { 8817 struct sk_buff *msg; 8818 void *hdr; 8819 8820 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8821 if (!msg) 8822 return; 8823 8824 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 8825 if (!hdr) { 8826 nlmsg_free(msg); 8827 return; 8828 } 8829 8830 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8831 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8832 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 8833 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 8834 goto nla_put_failure; 8835 8836 genlmsg_end(msg, hdr); 8837 8838 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8839 nl80211_mlme_mcgrp.id, gfp); 8840 return; 8841 8842 nla_put_failure: 8843 genlmsg_cancel(msg, hdr); 8844 nlmsg_free(msg); 8845 } 8846 8847 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 8848 struct net_device *netdev, const u8 *addr, 8849 gfp_t gfp) 8850 { 8851 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 8852 addr, gfp); 8853 } 8854 8855 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 8856 struct net_device *netdev, const u8 *addr, 8857 gfp_t gfp) 8858 { 8859 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 8860 addr, gfp); 8861 } 8862 8863 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 8864 struct net_device *netdev, const u8 *bssid, 8865 const u8 *req_ie, size_t req_ie_len, 8866 const u8 *resp_ie, size_t resp_ie_len, 8867 u16 status, gfp_t gfp) 8868 { 8869 struct sk_buff *msg; 8870 void *hdr; 8871 8872 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8873 if (!msg) 8874 return; 8875 8876 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 8877 if (!hdr) { 8878 nlmsg_free(msg); 8879 return; 8880 } 8881 8882 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8883 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8884 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) || 8885 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) || 8886 (req_ie && 8887 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 8888 (resp_ie && 8889 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 8890 goto nla_put_failure; 8891 8892 genlmsg_end(msg, hdr); 8893 8894 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8895 nl80211_mlme_mcgrp.id, gfp); 8896 return; 8897 8898 nla_put_failure: 8899 genlmsg_cancel(msg, hdr); 8900 nlmsg_free(msg); 8901 8902 } 8903 8904 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 8905 struct net_device *netdev, const u8 *bssid, 8906 const u8 *req_ie, size_t req_ie_len, 8907 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 8908 { 8909 struct sk_buff *msg; 8910 void *hdr; 8911 8912 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8913 if (!msg) 8914 return; 8915 8916 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 8917 if (!hdr) { 8918 nlmsg_free(msg); 8919 return; 8920 } 8921 8922 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8923 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8924 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) || 8925 (req_ie && 8926 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 8927 (resp_ie && 8928 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 8929 goto nla_put_failure; 8930 8931 genlmsg_end(msg, hdr); 8932 8933 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8934 nl80211_mlme_mcgrp.id, gfp); 8935 return; 8936 8937 nla_put_failure: 8938 genlmsg_cancel(msg, hdr); 8939 nlmsg_free(msg); 8940 8941 } 8942 8943 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 8944 struct net_device *netdev, u16 reason, 8945 const u8 *ie, size_t ie_len, bool from_ap) 8946 { 8947 struct sk_buff *msg; 8948 void *hdr; 8949 8950 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8951 if (!msg) 8952 return; 8953 8954 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 8955 if (!hdr) { 8956 nlmsg_free(msg); 8957 return; 8958 } 8959 8960 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8961 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8962 (from_ap && reason && 8963 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) || 8964 (from_ap && 8965 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) || 8966 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) 8967 goto nla_put_failure; 8968 8969 genlmsg_end(msg, hdr); 8970 8971 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8972 nl80211_mlme_mcgrp.id, GFP_KERNEL); 8973 return; 8974 8975 nla_put_failure: 8976 genlmsg_cancel(msg, hdr); 8977 nlmsg_free(msg); 8978 8979 } 8980 8981 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 8982 struct net_device *netdev, const u8 *bssid, 8983 gfp_t gfp) 8984 { 8985 struct sk_buff *msg; 8986 void *hdr; 8987 8988 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8989 if (!msg) 8990 return; 8991 8992 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 8993 if (!hdr) { 8994 nlmsg_free(msg); 8995 return; 8996 } 8997 8998 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8999 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9000 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 9001 goto nla_put_failure; 9002 9003 genlmsg_end(msg, hdr); 9004 9005 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9006 nl80211_mlme_mcgrp.id, gfp); 9007 return; 9008 9009 nla_put_failure: 9010 genlmsg_cancel(msg, hdr); 9011 nlmsg_free(msg); 9012 } 9013 9014 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev, 9015 struct net_device *netdev, 9016 const u8 *macaddr, const u8* ie, u8 ie_len, 9017 gfp_t gfp) 9018 { 9019 struct sk_buff *msg; 9020 void *hdr; 9021 9022 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9023 if (!msg) 9024 return; 9025 9026 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 9027 if (!hdr) { 9028 nlmsg_free(msg); 9029 return; 9030 } 9031 9032 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9033 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9034 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr) || 9035 (ie_len && ie && 9036 nla_put(msg, NL80211_ATTR_IE, ie_len , ie))) 9037 goto nla_put_failure; 9038 9039 genlmsg_end(msg, hdr); 9040 9041 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9042 nl80211_mlme_mcgrp.id, gfp); 9043 return; 9044 9045 nla_put_failure: 9046 genlmsg_cancel(msg, hdr); 9047 nlmsg_free(msg); 9048 } 9049 9050 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 9051 struct net_device *netdev, const u8 *addr, 9052 enum nl80211_key_type key_type, int key_id, 9053 const u8 *tsc, gfp_t gfp) 9054 { 9055 struct sk_buff *msg; 9056 void *hdr; 9057 9058 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9059 if (!msg) 9060 return; 9061 9062 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 9063 if (!hdr) { 9064 nlmsg_free(msg); 9065 return; 9066 } 9067 9068 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9069 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9070 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) || 9071 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) || 9072 (key_id != -1 && 9073 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) || 9074 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc))) 9075 goto nla_put_failure; 9076 9077 genlmsg_end(msg, hdr); 9078 9079 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9080 nl80211_mlme_mcgrp.id, gfp); 9081 return; 9082 9083 nla_put_failure: 9084 genlmsg_cancel(msg, hdr); 9085 nlmsg_free(msg); 9086 } 9087 9088 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 9089 struct ieee80211_channel *channel_before, 9090 struct ieee80211_channel *channel_after) 9091 { 9092 struct sk_buff *msg; 9093 void *hdr; 9094 struct nlattr *nl_freq; 9095 9096 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 9097 if (!msg) 9098 return; 9099 9100 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 9101 if (!hdr) { 9102 nlmsg_free(msg); 9103 return; 9104 } 9105 9106 /* 9107 * Since we are applying the beacon hint to a wiphy we know its 9108 * wiphy_idx is valid 9109 */ 9110 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 9111 goto nla_put_failure; 9112 9113 /* Before */ 9114 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 9115 if (!nl_freq) 9116 goto nla_put_failure; 9117 if (nl80211_msg_put_channel(msg, channel_before)) 9118 goto nla_put_failure; 9119 nla_nest_end(msg, nl_freq); 9120 9121 /* After */ 9122 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 9123 if (!nl_freq) 9124 goto nla_put_failure; 9125 if (nl80211_msg_put_channel(msg, channel_after)) 9126 goto nla_put_failure; 9127 nla_nest_end(msg, nl_freq); 9128 9129 genlmsg_end(msg, hdr); 9130 9131 rcu_read_lock(); 9132 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 9133 GFP_ATOMIC); 9134 rcu_read_unlock(); 9135 9136 return; 9137 9138 nla_put_failure: 9139 genlmsg_cancel(msg, hdr); 9140 nlmsg_free(msg); 9141 } 9142 9143 static void nl80211_send_remain_on_chan_event( 9144 int cmd, struct cfg80211_registered_device *rdev, 9145 struct wireless_dev *wdev, u64 cookie, 9146 struct ieee80211_channel *chan, 9147 unsigned int duration, gfp_t gfp) 9148 { 9149 struct sk_buff *msg; 9150 void *hdr; 9151 9152 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9153 if (!msg) 9154 return; 9155 9156 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 9157 if (!hdr) { 9158 nlmsg_free(msg); 9159 return; 9160 } 9161 9162 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9163 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 9164 wdev->netdev->ifindex)) || 9165 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 9166 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 9167 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 9168 NL80211_CHAN_NO_HT) || 9169 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 9170 goto nla_put_failure; 9171 9172 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL && 9173 nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) 9174 goto nla_put_failure; 9175 9176 genlmsg_end(msg, hdr); 9177 9178 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9179 nl80211_mlme_mcgrp.id, gfp); 9180 return; 9181 9182 nla_put_failure: 9183 genlmsg_cancel(msg, hdr); 9184 nlmsg_free(msg); 9185 } 9186 9187 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 9188 struct wireless_dev *wdev, u64 cookie, 9189 struct ieee80211_channel *chan, 9190 unsigned int duration, gfp_t gfp) 9191 { 9192 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 9193 rdev, wdev, cookie, chan, 9194 duration, gfp); 9195 } 9196 9197 void nl80211_send_remain_on_channel_cancel( 9198 struct cfg80211_registered_device *rdev, 9199 struct wireless_dev *wdev, 9200 u64 cookie, struct ieee80211_channel *chan, gfp_t gfp) 9201 { 9202 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 9203 rdev, wdev, cookie, chan, 0, gfp); 9204 } 9205 9206 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 9207 struct net_device *dev, const u8 *mac_addr, 9208 struct station_info *sinfo, gfp_t gfp) 9209 { 9210 struct sk_buff *msg; 9211 9212 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9213 if (!msg) 9214 return; 9215 9216 if (nl80211_send_station(msg, 0, 0, 0, 9217 rdev, dev, mac_addr, sinfo) < 0) { 9218 nlmsg_free(msg); 9219 return; 9220 } 9221 9222 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9223 nl80211_mlme_mcgrp.id, gfp); 9224 } 9225 9226 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev, 9227 struct net_device *dev, const u8 *mac_addr, 9228 gfp_t gfp) 9229 { 9230 struct sk_buff *msg; 9231 void *hdr; 9232 9233 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9234 if (!msg) 9235 return; 9236 9237 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION); 9238 if (!hdr) { 9239 nlmsg_free(msg); 9240 return; 9241 } 9242 9243 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9244 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 9245 goto nla_put_failure; 9246 9247 genlmsg_end(msg, hdr); 9248 9249 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9250 nl80211_mlme_mcgrp.id, gfp); 9251 return; 9252 9253 nla_put_failure: 9254 genlmsg_cancel(msg, hdr); 9255 nlmsg_free(msg); 9256 } 9257 9258 void nl80211_send_conn_failed_event(struct cfg80211_registered_device *rdev, 9259 struct net_device *dev, const u8 *mac_addr, 9260 enum nl80211_connect_failed_reason reason, 9261 gfp_t gfp) 9262 { 9263 struct sk_buff *msg; 9264 void *hdr; 9265 9266 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 9267 if (!msg) 9268 return; 9269 9270 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED); 9271 if (!hdr) { 9272 nlmsg_free(msg); 9273 return; 9274 } 9275 9276 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9277 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 9278 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason)) 9279 goto nla_put_failure; 9280 9281 genlmsg_end(msg, hdr); 9282 9283 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9284 nl80211_mlme_mcgrp.id, gfp); 9285 return; 9286 9287 nla_put_failure: 9288 genlmsg_cancel(msg, hdr); 9289 nlmsg_free(msg); 9290 } 9291 9292 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 9293 const u8 *addr, gfp_t gfp) 9294 { 9295 struct wireless_dev *wdev = dev->ieee80211_ptr; 9296 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 9297 struct sk_buff *msg; 9298 void *hdr; 9299 int err; 9300 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid); 9301 9302 if (!nlportid) 9303 return false; 9304 9305 msg = nlmsg_new(100, gfp); 9306 if (!msg) 9307 return true; 9308 9309 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 9310 if (!hdr) { 9311 nlmsg_free(msg); 9312 return true; 9313 } 9314 9315 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9316 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9317 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 9318 goto nla_put_failure; 9319 9320 err = genlmsg_end(msg, hdr); 9321 if (err < 0) { 9322 nlmsg_free(msg); 9323 return true; 9324 } 9325 9326 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 9327 return true; 9328 9329 nla_put_failure: 9330 genlmsg_cancel(msg, hdr); 9331 nlmsg_free(msg); 9332 return true; 9333 } 9334 9335 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp) 9336 { 9337 return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 9338 addr, gfp); 9339 } 9340 9341 bool nl80211_unexpected_4addr_frame(struct net_device *dev, 9342 const u8 *addr, gfp_t gfp) 9343 { 9344 return __nl80211_unexpected_frame(dev, 9345 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 9346 addr, gfp); 9347 } 9348 9349 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 9350 struct wireless_dev *wdev, u32 nlportid, 9351 int freq, int sig_dbm, 9352 const u8 *buf, size_t len, gfp_t gfp) 9353 { 9354 struct net_device *netdev = wdev->netdev; 9355 struct sk_buff *msg; 9356 void *hdr; 9357 9358 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9359 if (!msg) 9360 return -ENOMEM; 9361 9362 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 9363 if (!hdr) { 9364 nlmsg_free(msg); 9365 return -ENOMEM; 9366 } 9367 9368 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9369 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 9370 netdev->ifindex)) || 9371 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 9372 (sig_dbm && 9373 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 9374 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 9375 goto nla_put_failure; 9376 9377 genlmsg_end(msg, hdr); 9378 9379 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 9380 9381 nla_put_failure: 9382 genlmsg_cancel(msg, hdr); 9383 nlmsg_free(msg); 9384 return -ENOBUFS; 9385 } 9386 9387 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev, 9388 struct wireless_dev *wdev, u64 cookie, 9389 const u8 *buf, size_t len, bool ack, 9390 gfp_t gfp) 9391 { 9392 struct net_device *netdev = wdev->netdev; 9393 struct sk_buff *msg; 9394 void *hdr; 9395 9396 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9397 if (!msg) 9398 return; 9399 9400 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS); 9401 if (!hdr) { 9402 nlmsg_free(msg); 9403 return; 9404 } 9405 9406 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9407 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 9408 netdev->ifindex)) || 9409 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 9410 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 9411 (ack && nla_put_flag(msg, NL80211_ATTR_ACK))) 9412 goto nla_put_failure; 9413 9414 genlmsg_end(msg, hdr); 9415 9416 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 9417 return; 9418 9419 nla_put_failure: 9420 genlmsg_cancel(msg, hdr); 9421 nlmsg_free(msg); 9422 } 9423 9424 void 9425 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, 9426 struct net_device *netdev, 9427 enum nl80211_cqm_rssi_threshold_event rssi_event, 9428 gfp_t gfp) 9429 { 9430 struct sk_buff *msg; 9431 struct nlattr *pinfoattr; 9432 void *hdr; 9433 9434 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9435 if (!msg) 9436 return; 9437 9438 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 9439 if (!hdr) { 9440 nlmsg_free(msg); 9441 return; 9442 } 9443 9444 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9445 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 9446 goto nla_put_failure; 9447 9448 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 9449 if (!pinfoattr) 9450 goto nla_put_failure; 9451 9452 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 9453 rssi_event)) 9454 goto nla_put_failure; 9455 9456 nla_nest_end(msg, pinfoattr); 9457 9458 genlmsg_end(msg, hdr); 9459 9460 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9461 nl80211_mlme_mcgrp.id, gfp); 9462 return; 9463 9464 nla_put_failure: 9465 genlmsg_cancel(msg, hdr); 9466 nlmsg_free(msg); 9467 } 9468 9469 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 9470 struct net_device *netdev, const u8 *bssid, 9471 const u8 *replay_ctr, gfp_t gfp) 9472 { 9473 struct sk_buff *msg; 9474 struct nlattr *rekey_attr; 9475 void *hdr; 9476 9477 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9478 if (!msg) 9479 return; 9480 9481 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 9482 if (!hdr) { 9483 nlmsg_free(msg); 9484 return; 9485 } 9486 9487 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9488 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9489 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 9490 goto nla_put_failure; 9491 9492 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 9493 if (!rekey_attr) 9494 goto nla_put_failure; 9495 9496 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, 9497 NL80211_REPLAY_CTR_LEN, replay_ctr)) 9498 goto nla_put_failure; 9499 9500 nla_nest_end(msg, rekey_attr); 9501 9502 genlmsg_end(msg, hdr); 9503 9504 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9505 nl80211_mlme_mcgrp.id, gfp); 9506 return; 9507 9508 nla_put_failure: 9509 genlmsg_cancel(msg, hdr); 9510 nlmsg_free(msg); 9511 } 9512 9513 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 9514 struct net_device *netdev, int index, 9515 const u8 *bssid, bool preauth, gfp_t gfp) 9516 { 9517 struct sk_buff *msg; 9518 struct nlattr *attr; 9519 void *hdr; 9520 9521 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9522 if (!msg) 9523 return; 9524 9525 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 9526 if (!hdr) { 9527 nlmsg_free(msg); 9528 return; 9529 } 9530 9531 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9532 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 9533 goto nla_put_failure; 9534 9535 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE); 9536 if (!attr) 9537 goto nla_put_failure; 9538 9539 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) || 9540 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) || 9541 (preauth && 9542 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH))) 9543 goto nla_put_failure; 9544 9545 nla_nest_end(msg, attr); 9546 9547 genlmsg_end(msg, hdr); 9548 9549 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9550 nl80211_mlme_mcgrp.id, gfp); 9551 return; 9552 9553 nla_put_failure: 9554 genlmsg_cancel(msg, hdr); 9555 nlmsg_free(msg); 9556 } 9557 9558 void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev, 9559 struct net_device *netdev, 9560 struct cfg80211_chan_def *chandef, gfp_t gfp) 9561 { 9562 struct sk_buff *msg; 9563 void *hdr; 9564 9565 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9566 if (!msg) 9567 return; 9568 9569 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY); 9570 if (!hdr) { 9571 nlmsg_free(msg); 9572 return; 9573 } 9574 9575 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 9576 goto nla_put_failure; 9577 9578 if (nl80211_send_chandef(msg, chandef)) 9579 goto nla_put_failure; 9580 9581 genlmsg_end(msg, hdr); 9582 9583 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9584 nl80211_mlme_mcgrp.id, gfp); 9585 return; 9586 9587 nla_put_failure: 9588 genlmsg_cancel(msg, hdr); 9589 nlmsg_free(msg); 9590 } 9591 9592 void 9593 nl80211_send_cqm_txe_notify(struct cfg80211_registered_device *rdev, 9594 struct net_device *netdev, const u8 *peer, 9595 u32 num_packets, u32 rate, u32 intvl, gfp_t gfp) 9596 { 9597 struct sk_buff *msg; 9598 struct nlattr *pinfoattr; 9599 void *hdr; 9600 9601 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 9602 if (!msg) 9603 return; 9604 9605 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 9606 if (!hdr) { 9607 nlmsg_free(msg); 9608 return; 9609 } 9610 9611 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9612 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9613 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 9614 goto nla_put_failure; 9615 9616 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 9617 if (!pinfoattr) 9618 goto nla_put_failure; 9619 9620 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets)) 9621 goto nla_put_failure; 9622 9623 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate)) 9624 goto nla_put_failure; 9625 9626 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl)) 9627 goto nla_put_failure; 9628 9629 nla_nest_end(msg, pinfoattr); 9630 9631 genlmsg_end(msg, hdr); 9632 9633 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9634 nl80211_mlme_mcgrp.id, gfp); 9635 return; 9636 9637 nla_put_failure: 9638 genlmsg_cancel(msg, hdr); 9639 nlmsg_free(msg); 9640 } 9641 9642 void 9643 nl80211_radar_notify(struct cfg80211_registered_device *rdev, 9644 struct cfg80211_chan_def *chandef, 9645 enum nl80211_radar_event event, 9646 struct net_device *netdev, gfp_t gfp) 9647 { 9648 struct sk_buff *msg; 9649 void *hdr; 9650 9651 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9652 if (!msg) 9653 return; 9654 9655 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT); 9656 if (!hdr) { 9657 nlmsg_free(msg); 9658 return; 9659 } 9660 9661 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 9662 goto nla_put_failure; 9663 9664 /* NOP and radar events don't need a netdev parameter */ 9665 if (netdev) { 9666 struct wireless_dev *wdev = netdev->ieee80211_ptr; 9667 9668 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9669 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 9670 goto nla_put_failure; 9671 } 9672 9673 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event)) 9674 goto nla_put_failure; 9675 9676 if (nl80211_send_chandef(msg, chandef)) 9677 goto nla_put_failure; 9678 9679 if (genlmsg_end(msg, hdr) < 0) { 9680 nlmsg_free(msg); 9681 return; 9682 } 9683 9684 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9685 nl80211_mlme_mcgrp.id, gfp); 9686 return; 9687 9688 nla_put_failure: 9689 genlmsg_cancel(msg, hdr); 9690 nlmsg_free(msg); 9691 } 9692 9693 void 9694 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev, 9695 struct net_device *netdev, const u8 *peer, 9696 u32 num_packets, gfp_t gfp) 9697 { 9698 struct sk_buff *msg; 9699 struct nlattr *pinfoattr; 9700 void *hdr; 9701 9702 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9703 if (!msg) 9704 return; 9705 9706 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 9707 if (!hdr) { 9708 nlmsg_free(msg); 9709 return; 9710 } 9711 9712 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9713 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9714 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 9715 goto nla_put_failure; 9716 9717 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 9718 if (!pinfoattr) 9719 goto nla_put_failure; 9720 9721 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets)) 9722 goto nla_put_failure; 9723 9724 nla_nest_end(msg, pinfoattr); 9725 9726 genlmsg_end(msg, hdr); 9727 9728 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9729 nl80211_mlme_mcgrp.id, gfp); 9730 return; 9731 9732 nla_put_failure: 9733 genlmsg_cancel(msg, hdr); 9734 nlmsg_free(msg); 9735 } 9736 9737 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 9738 u64 cookie, bool acked, gfp_t gfp) 9739 { 9740 struct wireless_dev *wdev = dev->ieee80211_ptr; 9741 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 9742 struct sk_buff *msg; 9743 void *hdr; 9744 int err; 9745 9746 trace_cfg80211_probe_status(dev, addr, cookie, acked); 9747 9748 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9749 9750 if (!msg) 9751 return; 9752 9753 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 9754 if (!hdr) { 9755 nlmsg_free(msg); 9756 return; 9757 } 9758 9759 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9760 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9761 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 9762 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 9763 (acked && nla_put_flag(msg, NL80211_ATTR_ACK))) 9764 goto nla_put_failure; 9765 9766 err = genlmsg_end(msg, hdr); 9767 if (err < 0) { 9768 nlmsg_free(msg); 9769 return; 9770 } 9771 9772 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9773 nl80211_mlme_mcgrp.id, gfp); 9774 return; 9775 9776 nla_put_failure: 9777 genlmsg_cancel(msg, hdr); 9778 nlmsg_free(msg); 9779 } 9780 EXPORT_SYMBOL(cfg80211_probe_status); 9781 9782 void cfg80211_report_obss_beacon(struct wiphy *wiphy, 9783 const u8 *frame, size_t len, 9784 int freq, int sig_dbm) 9785 { 9786 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 9787 struct sk_buff *msg; 9788 void *hdr; 9789 struct cfg80211_beacon_registration *reg; 9790 9791 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm); 9792 9793 spin_lock_bh(&rdev->beacon_registrations_lock); 9794 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 9795 msg = nlmsg_new(len + 100, GFP_ATOMIC); 9796 if (!msg) { 9797 spin_unlock_bh(&rdev->beacon_registrations_lock); 9798 return; 9799 } 9800 9801 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 9802 if (!hdr) 9803 goto nla_put_failure; 9804 9805 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9806 (freq && 9807 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) || 9808 (sig_dbm && 9809 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 9810 nla_put(msg, NL80211_ATTR_FRAME, len, frame)) 9811 goto nla_put_failure; 9812 9813 genlmsg_end(msg, hdr); 9814 9815 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid); 9816 } 9817 spin_unlock_bh(&rdev->beacon_registrations_lock); 9818 return; 9819 9820 nla_put_failure: 9821 spin_unlock_bh(&rdev->beacon_registrations_lock); 9822 if (hdr) 9823 genlmsg_cancel(msg, hdr); 9824 nlmsg_free(msg); 9825 } 9826 EXPORT_SYMBOL(cfg80211_report_obss_beacon); 9827 9828 #ifdef CONFIG_PM 9829 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev, 9830 struct cfg80211_wowlan_wakeup *wakeup, 9831 gfp_t gfp) 9832 { 9833 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 9834 struct sk_buff *msg; 9835 void *hdr; 9836 int err, size = 200; 9837 9838 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup); 9839 9840 if (wakeup) 9841 size += wakeup->packet_present_len; 9842 9843 msg = nlmsg_new(size, gfp); 9844 if (!msg) 9845 return; 9846 9847 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN); 9848 if (!hdr) 9849 goto free_msg; 9850 9851 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9852 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 9853 goto free_msg; 9854 9855 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 9856 wdev->netdev->ifindex)) 9857 goto free_msg; 9858 9859 if (wakeup) { 9860 struct nlattr *reasons; 9861 9862 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 9863 9864 if (wakeup->disconnect && 9865 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) 9866 goto free_msg; 9867 if (wakeup->magic_pkt && 9868 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) 9869 goto free_msg; 9870 if (wakeup->gtk_rekey_failure && 9871 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) 9872 goto free_msg; 9873 if (wakeup->eap_identity_req && 9874 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) 9875 goto free_msg; 9876 if (wakeup->four_way_handshake && 9877 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) 9878 goto free_msg; 9879 if (wakeup->rfkill_release && 9880 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)) 9881 goto free_msg; 9882 9883 if (wakeup->pattern_idx >= 0 && 9884 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 9885 wakeup->pattern_idx)) 9886 goto free_msg; 9887 9888 if (wakeup->tcp_match) 9889 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH); 9890 9891 if (wakeup->tcp_connlost) 9892 nla_put_flag(msg, 9893 NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST); 9894 9895 if (wakeup->tcp_nomoretokens) 9896 nla_put_flag(msg, 9897 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS); 9898 9899 if (wakeup->packet) { 9900 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211; 9901 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN; 9902 9903 if (!wakeup->packet_80211) { 9904 pkt_attr = 9905 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023; 9906 len_attr = 9907 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN; 9908 } 9909 9910 if (wakeup->packet_len && 9911 nla_put_u32(msg, len_attr, wakeup->packet_len)) 9912 goto free_msg; 9913 9914 if (nla_put(msg, pkt_attr, wakeup->packet_present_len, 9915 wakeup->packet)) 9916 goto free_msg; 9917 } 9918 9919 nla_nest_end(msg, reasons); 9920 } 9921 9922 err = genlmsg_end(msg, hdr); 9923 if (err < 0) 9924 goto free_msg; 9925 9926 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9927 nl80211_mlme_mcgrp.id, gfp); 9928 return; 9929 9930 free_msg: 9931 nlmsg_free(msg); 9932 } 9933 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup); 9934 #endif 9935 9936 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer, 9937 enum nl80211_tdls_operation oper, 9938 u16 reason_code, gfp_t gfp) 9939 { 9940 struct wireless_dev *wdev = dev->ieee80211_ptr; 9941 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 9942 struct sk_buff *msg; 9943 void *hdr; 9944 int err; 9945 9946 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper, 9947 reason_code); 9948 9949 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9950 if (!msg) 9951 return; 9952 9953 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER); 9954 if (!hdr) { 9955 nlmsg_free(msg); 9956 return; 9957 } 9958 9959 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9960 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9961 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) || 9962 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) || 9963 (reason_code > 0 && 9964 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code))) 9965 goto nla_put_failure; 9966 9967 err = genlmsg_end(msg, hdr); 9968 if (err < 0) { 9969 nlmsg_free(msg); 9970 return; 9971 } 9972 9973 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9974 nl80211_mlme_mcgrp.id, gfp); 9975 return; 9976 9977 nla_put_failure: 9978 genlmsg_cancel(msg, hdr); 9979 nlmsg_free(msg); 9980 } 9981 EXPORT_SYMBOL(cfg80211_tdls_oper_request); 9982 9983 static int nl80211_netlink_notify(struct notifier_block * nb, 9984 unsigned long state, 9985 void *_notify) 9986 { 9987 struct netlink_notify *notify = _notify; 9988 struct cfg80211_registered_device *rdev; 9989 struct wireless_dev *wdev; 9990 struct cfg80211_beacon_registration *reg, *tmp; 9991 9992 if (state != NETLINK_URELEASE) 9993 return NOTIFY_DONE; 9994 9995 rcu_read_lock(); 9996 9997 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 9998 list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) 9999 cfg80211_mlme_unregister_socket(wdev, notify->portid); 10000 10001 spin_lock_bh(&rdev->beacon_registrations_lock); 10002 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations, 10003 list) { 10004 if (reg->nlportid == notify->portid) { 10005 list_del(®->list); 10006 kfree(reg); 10007 break; 10008 } 10009 } 10010 spin_unlock_bh(&rdev->beacon_registrations_lock); 10011 } 10012 10013 rcu_read_unlock(); 10014 10015 return NOTIFY_DONE; 10016 } 10017 10018 static struct notifier_block nl80211_netlink_notifier = { 10019 .notifier_call = nl80211_netlink_notify, 10020 }; 10021 10022 /* initialisation/exit functions */ 10023 10024 int nl80211_init(void) 10025 { 10026 int err; 10027 10028 err = genl_register_family_with_ops(&nl80211_fam, 10029 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 10030 if (err) 10031 return err; 10032 10033 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 10034 if (err) 10035 goto err_out; 10036 10037 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 10038 if (err) 10039 goto err_out; 10040 10041 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 10042 if (err) 10043 goto err_out; 10044 10045 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 10046 if (err) 10047 goto err_out; 10048 10049 #ifdef CONFIG_NL80211_TESTMODE 10050 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 10051 if (err) 10052 goto err_out; 10053 #endif 10054 10055 err = netlink_register_notifier(&nl80211_netlink_notifier); 10056 if (err) 10057 goto err_out; 10058 10059 return 0; 10060 err_out: 10061 genl_unregister_family(&nl80211_fam); 10062 return err; 10063 } 10064 10065 void nl80211_exit(void) 10066 { 10067 netlink_unregister_notifier(&nl80211_netlink_notifier); 10068 genl_unregister_family(&nl80211_fam); 10069 } 10070