1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include "core.h" 23 #include "nl80211.h" 24 #include "reg.h" 25 #include "rdev-ops.h" 26 27 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 28 struct genl_info *info, 29 struct cfg80211_crypto_settings *settings, 30 int cipher_limit); 31 32 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 33 struct genl_info *info); 34 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 35 struct genl_info *info); 36 37 /* the netlink family */ 38 static struct genl_family nl80211_fam = { 39 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 40 .name = "nl80211", /* have users key off the name instead */ 41 .hdrsize = 0, /* no private header */ 42 .version = 1, /* no particular meaning now */ 43 .maxattr = NL80211_ATTR_MAX, 44 .netnsok = true, 45 .pre_doit = nl80211_pre_doit, 46 .post_doit = nl80211_post_doit, 47 }; 48 49 /* returns ERR_PTR values */ 50 static struct wireless_dev * 51 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs) 52 { 53 struct cfg80211_registered_device *rdev; 54 struct wireless_dev *result = NULL; 55 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX]; 56 bool have_wdev_id = attrs[NL80211_ATTR_WDEV]; 57 u64 wdev_id; 58 int wiphy_idx = -1; 59 int ifidx = -1; 60 61 assert_cfg80211_lock(); 62 63 if (!have_ifidx && !have_wdev_id) 64 return ERR_PTR(-EINVAL); 65 66 if (have_ifidx) 67 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 68 if (have_wdev_id) { 69 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 70 wiphy_idx = wdev_id >> 32; 71 } 72 73 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 74 struct wireless_dev *wdev; 75 76 if (wiphy_net(&rdev->wiphy) != netns) 77 continue; 78 79 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx) 80 continue; 81 82 mutex_lock(&rdev->devlist_mtx); 83 list_for_each_entry(wdev, &rdev->wdev_list, list) { 84 if (have_ifidx && wdev->netdev && 85 wdev->netdev->ifindex == ifidx) { 86 result = wdev; 87 break; 88 } 89 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 90 result = wdev; 91 break; 92 } 93 } 94 mutex_unlock(&rdev->devlist_mtx); 95 96 if (result) 97 break; 98 } 99 100 if (result) 101 return result; 102 return ERR_PTR(-ENODEV); 103 } 104 105 static struct cfg80211_registered_device * 106 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs) 107 { 108 struct cfg80211_registered_device *rdev = NULL, *tmp; 109 struct net_device *netdev; 110 111 assert_cfg80211_lock(); 112 113 if (!attrs[NL80211_ATTR_WIPHY] && 114 !attrs[NL80211_ATTR_IFINDEX] && 115 !attrs[NL80211_ATTR_WDEV]) 116 return ERR_PTR(-EINVAL); 117 118 if (attrs[NL80211_ATTR_WIPHY]) 119 rdev = cfg80211_rdev_by_wiphy_idx( 120 nla_get_u32(attrs[NL80211_ATTR_WIPHY])); 121 122 if (attrs[NL80211_ATTR_WDEV]) { 123 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 124 struct wireless_dev *wdev; 125 bool found = false; 126 127 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32); 128 if (tmp) { 129 /* make sure wdev exists */ 130 mutex_lock(&tmp->devlist_mtx); 131 list_for_each_entry(wdev, &tmp->wdev_list, list) { 132 if (wdev->identifier != (u32)wdev_id) 133 continue; 134 found = true; 135 break; 136 } 137 mutex_unlock(&tmp->devlist_mtx); 138 139 if (!found) 140 tmp = NULL; 141 142 if (rdev && tmp != rdev) 143 return ERR_PTR(-EINVAL); 144 rdev = tmp; 145 } 146 } 147 148 if (attrs[NL80211_ATTR_IFINDEX]) { 149 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 150 netdev = dev_get_by_index(netns, ifindex); 151 if (netdev) { 152 if (netdev->ieee80211_ptr) 153 tmp = wiphy_to_dev( 154 netdev->ieee80211_ptr->wiphy); 155 else 156 tmp = NULL; 157 158 dev_put(netdev); 159 160 /* not wireless device -- return error */ 161 if (!tmp) 162 return ERR_PTR(-EINVAL); 163 164 /* mismatch -- return error */ 165 if (rdev && tmp != rdev) 166 return ERR_PTR(-EINVAL); 167 168 rdev = tmp; 169 } 170 } 171 172 if (!rdev) 173 return ERR_PTR(-ENODEV); 174 175 if (netns != wiphy_net(&rdev->wiphy)) 176 return ERR_PTR(-ENODEV); 177 178 return rdev; 179 } 180 181 /* 182 * This function returns a pointer to the driver 183 * that the genl_info item that is passed refers to. 184 * If successful, it returns non-NULL and also locks 185 * the driver's mutex! 186 * 187 * This means that you need to call cfg80211_unlock_rdev() 188 * before being allowed to acquire &cfg80211_mutex! 189 * 190 * This is necessary because we need to lock the global 191 * mutex to get an item off the list safely, and then 192 * we lock the rdev mutex so it doesn't go away under us. 193 * 194 * We don't want to keep cfg80211_mutex locked 195 * for all the time in order to allow requests on 196 * other interfaces to go through at the same time. 197 * 198 * The result of this can be a PTR_ERR and hence must 199 * be checked with IS_ERR() for errors. 200 */ 201 static struct cfg80211_registered_device * 202 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info) 203 { 204 struct cfg80211_registered_device *rdev; 205 206 mutex_lock(&cfg80211_mutex); 207 rdev = __cfg80211_rdev_from_attrs(netns, info->attrs); 208 209 /* if it is not an error we grab the lock on 210 * it to assure it won't be going away while 211 * we operate on it */ 212 if (!IS_ERR(rdev)) 213 mutex_lock(&rdev->mtx); 214 215 mutex_unlock(&cfg80211_mutex); 216 217 return rdev; 218 } 219 220 /* policy for the attributes */ 221 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 222 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 223 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 224 .len = 20-1 }, 225 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 226 227 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 228 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 229 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 }, 230 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 }, 231 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 }, 232 233 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 234 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 235 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 236 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 237 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 238 239 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 240 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 241 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 242 243 [NL80211_ATTR_MAC] = { .len = ETH_ALEN }, 244 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN }, 245 246 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 247 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 248 .len = WLAN_MAX_KEY_LEN }, 249 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 250 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 251 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 252 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 253 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 }, 254 255 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 256 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 257 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 258 .len = IEEE80211_MAX_DATA_LEN }, 259 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 260 .len = IEEE80211_MAX_DATA_LEN }, 261 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 262 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 263 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 264 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 265 .len = NL80211_MAX_SUPP_RATES }, 266 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 267 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 268 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 269 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 270 .len = IEEE80211_MAX_MESH_ID_LEN }, 271 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 272 273 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 274 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 275 276 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 277 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 278 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 279 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 280 .len = NL80211_MAX_SUPP_RATES }, 281 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 282 283 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 284 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 285 286 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN }, 287 288 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 289 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 290 .len = IEEE80211_MAX_DATA_LEN }, 291 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 292 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 293 294 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 295 .len = IEEE80211_MAX_SSID_LEN }, 296 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 297 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 298 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 299 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 300 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 301 [NL80211_ATTR_STA_FLAGS2] = { 302 .len = sizeof(struct nl80211_sta_flag_update), 303 }, 304 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 305 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 306 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 307 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 308 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 309 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 310 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 311 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 312 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 313 .len = WLAN_PMKID_LEN }, 314 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 315 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 316 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 317 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 318 .len = IEEE80211_MAX_DATA_LEN }, 319 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 320 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 321 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 322 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 323 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 324 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 325 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 326 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 327 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 328 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 329 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 330 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 331 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 332 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 333 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, 334 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 335 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 336 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 337 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 }, 338 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY, 339 .len = IEEE80211_MAX_DATA_LEN }, 340 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY, 341 .len = IEEE80211_MAX_DATA_LEN }, 342 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 343 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 344 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 345 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 346 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 347 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 348 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 349 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 350 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 351 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 352 .len = IEEE80211_MAX_DATA_LEN }, 353 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 354 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 355 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 356 .len = NL80211_HT_CAPABILITY_LEN 357 }, 358 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 359 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 360 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 361 [NL80211_ATTR_WDEV] = { .type = NLA_U64 }, 362 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 }, 363 [NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, }, 364 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN }, 365 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 }, 366 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 }, 367 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 }, 368 }; 369 370 /* policy for the key attributes */ 371 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 372 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 373 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 374 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 375 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 376 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 377 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 378 [NL80211_KEY_TYPE] = { .type = NLA_U32 }, 379 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 380 }; 381 382 /* policy for the key default flags */ 383 static const struct nla_policy 384 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 385 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 386 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 387 }; 388 389 /* policy for WoWLAN attributes */ 390 static const struct nla_policy 391 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 392 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 393 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 394 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 395 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 396 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 397 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 398 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 399 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 400 }; 401 402 /* policy for GTK rekey offload attributes */ 403 static const struct nla_policy 404 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 405 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN }, 406 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN }, 407 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN }, 408 }; 409 410 static const struct nla_policy 411 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 412 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY, 413 .len = IEEE80211_MAX_SSID_LEN }, 414 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 }, 415 }; 416 417 /* ifidx get helper */ 418 static int nl80211_get_ifidx(struct netlink_callback *cb) 419 { 420 int res; 421 422 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 423 nl80211_fam.attrbuf, nl80211_fam.maxattr, 424 nl80211_policy); 425 if (res) 426 return res; 427 428 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 429 return -EINVAL; 430 431 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 432 if (!res) 433 return -EINVAL; 434 return res; 435 } 436 437 static int nl80211_prepare_netdev_dump(struct sk_buff *skb, 438 struct netlink_callback *cb, 439 struct cfg80211_registered_device **rdev, 440 struct net_device **dev) 441 { 442 int ifidx = cb->args[0]; 443 int err; 444 445 if (!ifidx) 446 ifidx = nl80211_get_ifidx(cb); 447 if (ifidx < 0) 448 return ifidx; 449 450 cb->args[0] = ifidx; 451 452 rtnl_lock(); 453 454 *dev = __dev_get_by_index(sock_net(skb->sk), ifidx); 455 if (!*dev) { 456 err = -ENODEV; 457 goto out_rtnl; 458 } 459 460 *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 461 if (IS_ERR(*rdev)) { 462 err = PTR_ERR(*rdev); 463 goto out_rtnl; 464 } 465 466 return 0; 467 out_rtnl: 468 rtnl_unlock(); 469 return err; 470 } 471 472 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev) 473 { 474 cfg80211_unlock_rdev(rdev); 475 rtnl_unlock(); 476 } 477 478 /* IE validation */ 479 static bool is_valid_ie_attr(const struct nlattr *attr) 480 { 481 const u8 *pos; 482 int len; 483 484 if (!attr) 485 return true; 486 487 pos = nla_data(attr); 488 len = nla_len(attr); 489 490 while (len) { 491 u8 elemlen; 492 493 if (len < 2) 494 return false; 495 len -= 2; 496 497 elemlen = pos[1]; 498 if (elemlen > len) 499 return false; 500 501 len -= elemlen; 502 pos += 2 + elemlen; 503 } 504 505 return true; 506 } 507 508 /* message building helper */ 509 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq, 510 int flags, u8 cmd) 511 { 512 /* since there is no private header just add the generic one */ 513 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd); 514 } 515 516 static int nl80211_msg_put_channel(struct sk_buff *msg, 517 struct ieee80211_channel *chan) 518 { 519 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ, 520 chan->center_freq)) 521 goto nla_put_failure; 522 523 if ((chan->flags & IEEE80211_CHAN_DISABLED) && 524 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) 525 goto nla_put_failure; 526 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) && 527 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN)) 528 goto nla_put_failure; 529 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) && 530 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS)) 531 goto nla_put_failure; 532 if ((chan->flags & IEEE80211_CHAN_RADAR) && 533 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 534 goto nla_put_failure; 535 536 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 537 DBM_TO_MBM(chan->max_power))) 538 goto nla_put_failure; 539 540 return 0; 541 542 nla_put_failure: 543 return -ENOBUFS; 544 } 545 546 /* netlink command implementations */ 547 548 struct key_parse { 549 struct key_params p; 550 int idx; 551 int type; 552 bool def, defmgmt; 553 bool def_uni, def_multi; 554 }; 555 556 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 557 { 558 struct nlattr *tb[NL80211_KEY_MAX + 1]; 559 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 560 nl80211_key_policy); 561 if (err) 562 return err; 563 564 k->def = !!tb[NL80211_KEY_DEFAULT]; 565 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 566 567 if (k->def) { 568 k->def_uni = true; 569 k->def_multi = true; 570 } 571 if (k->defmgmt) 572 k->def_multi = true; 573 574 if (tb[NL80211_KEY_IDX]) 575 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 576 577 if (tb[NL80211_KEY_DATA]) { 578 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 579 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 580 } 581 582 if (tb[NL80211_KEY_SEQ]) { 583 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 584 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 585 } 586 587 if (tb[NL80211_KEY_CIPHER]) 588 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 589 590 if (tb[NL80211_KEY_TYPE]) { 591 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 592 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 593 return -EINVAL; 594 } 595 596 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 597 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 598 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 599 tb[NL80211_KEY_DEFAULT_TYPES], 600 nl80211_key_default_policy); 601 if (err) 602 return err; 603 604 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 605 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 606 } 607 608 return 0; 609 } 610 611 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 612 { 613 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 614 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 615 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 616 } 617 618 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 619 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 620 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 621 } 622 623 if (info->attrs[NL80211_ATTR_KEY_IDX]) 624 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 625 626 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 627 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 628 629 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 630 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 631 632 if (k->def) { 633 k->def_uni = true; 634 k->def_multi = true; 635 } 636 if (k->defmgmt) 637 k->def_multi = true; 638 639 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 640 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 641 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 642 return -EINVAL; 643 } 644 645 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 646 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 647 int err = nla_parse_nested( 648 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 649 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 650 nl80211_key_default_policy); 651 if (err) 652 return err; 653 654 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 655 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 656 } 657 658 return 0; 659 } 660 661 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 662 { 663 int err; 664 665 memset(k, 0, sizeof(*k)); 666 k->idx = -1; 667 k->type = -1; 668 669 if (info->attrs[NL80211_ATTR_KEY]) 670 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 671 else 672 err = nl80211_parse_key_old(info, k); 673 674 if (err) 675 return err; 676 677 if (k->def && k->defmgmt) 678 return -EINVAL; 679 680 if (k->defmgmt) { 681 if (k->def_uni || !k->def_multi) 682 return -EINVAL; 683 } 684 685 if (k->idx != -1) { 686 if (k->defmgmt) { 687 if (k->idx < 4 || k->idx > 5) 688 return -EINVAL; 689 } else if (k->def) { 690 if (k->idx < 0 || k->idx > 3) 691 return -EINVAL; 692 } else { 693 if (k->idx < 0 || k->idx > 5) 694 return -EINVAL; 695 } 696 } 697 698 return 0; 699 } 700 701 static struct cfg80211_cached_keys * 702 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 703 struct nlattr *keys, bool *no_ht) 704 { 705 struct key_parse parse; 706 struct nlattr *key; 707 struct cfg80211_cached_keys *result; 708 int rem, err, def = 0; 709 710 result = kzalloc(sizeof(*result), GFP_KERNEL); 711 if (!result) 712 return ERR_PTR(-ENOMEM); 713 714 result->def = -1; 715 result->defmgmt = -1; 716 717 nla_for_each_nested(key, keys, rem) { 718 memset(&parse, 0, sizeof(parse)); 719 parse.idx = -1; 720 721 err = nl80211_parse_key_new(key, &parse); 722 if (err) 723 goto error; 724 err = -EINVAL; 725 if (!parse.p.key) 726 goto error; 727 if (parse.idx < 0 || parse.idx > 4) 728 goto error; 729 if (parse.def) { 730 if (def) 731 goto error; 732 def = 1; 733 result->def = parse.idx; 734 if (!parse.def_uni || !parse.def_multi) 735 goto error; 736 } else if (parse.defmgmt) 737 goto error; 738 err = cfg80211_validate_key_settings(rdev, &parse.p, 739 parse.idx, false, NULL); 740 if (err) 741 goto error; 742 result->params[parse.idx].cipher = parse.p.cipher; 743 result->params[parse.idx].key_len = parse.p.key_len; 744 result->params[parse.idx].key = result->data[parse.idx]; 745 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 746 747 if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 || 748 parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) { 749 if (no_ht) 750 *no_ht = true; 751 } 752 } 753 754 return result; 755 error: 756 kfree(result); 757 return ERR_PTR(err); 758 } 759 760 static int nl80211_key_allowed(struct wireless_dev *wdev) 761 { 762 ASSERT_WDEV_LOCK(wdev); 763 764 switch (wdev->iftype) { 765 case NL80211_IFTYPE_AP: 766 case NL80211_IFTYPE_AP_VLAN: 767 case NL80211_IFTYPE_P2P_GO: 768 case NL80211_IFTYPE_MESH_POINT: 769 break; 770 case NL80211_IFTYPE_ADHOC: 771 if (!wdev->current_bss) 772 return -ENOLINK; 773 break; 774 case NL80211_IFTYPE_STATION: 775 case NL80211_IFTYPE_P2P_CLIENT: 776 if (wdev->sme_state != CFG80211_SME_CONNECTED) 777 return -ENOLINK; 778 break; 779 default: 780 return -EINVAL; 781 } 782 783 return 0; 784 } 785 786 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 787 { 788 struct nlattr *nl_modes = nla_nest_start(msg, attr); 789 int i; 790 791 if (!nl_modes) 792 goto nla_put_failure; 793 794 i = 0; 795 while (ifmodes) { 796 if ((ifmodes & 1) && nla_put_flag(msg, i)) 797 goto nla_put_failure; 798 ifmodes >>= 1; 799 i++; 800 } 801 802 nla_nest_end(msg, nl_modes); 803 return 0; 804 805 nla_put_failure: 806 return -ENOBUFS; 807 } 808 809 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 810 struct sk_buff *msg) 811 { 812 struct nlattr *nl_combis; 813 int i, j; 814 815 nl_combis = nla_nest_start(msg, 816 NL80211_ATTR_INTERFACE_COMBINATIONS); 817 if (!nl_combis) 818 goto nla_put_failure; 819 820 for (i = 0; i < wiphy->n_iface_combinations; i++) { 821 const struct ieee80211_iface_combination *c; 822 struct nlattr *nl_combi, *nl_limits; 823 824 c = &wiphy->iface_combinations[i]; 825 826 nl_combi = nla_nest_start(msg, i + 1); 827 if (!nl_combi) 828 goto nla_put_failure; 829 830 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS); 831 if (!nl_limits) 832 goto nla_put_failure; 833 834 for (j = 0; j < c->n_limits; j++) { 835 struct nlattr *nl_limit; 836 837 nl_limit = nla_nest_start(msg, j + 1); 838 if (!nl_limit) 839 goto nla_put_failure; 840 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, 841 c->limits[j].max)) 842 goto nla_put_failure; 843 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 844 c->limits[j].types)) 845 goto nla_put_failure; 846 nla_nest_end(msg, nl_limit); 847 } 848 849 nla_nest_end(msg, nl_limits); 850 851 if (c->beacon_int_infra_match && 852 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH)) 853 goto nla_put_failure; 854 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 855 c->num_different_channels) || 856 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM, 857 c->max_interfaces)) 858 goto nla_put_failure; 859 860 nla_nest_end(msg, nl_combi); 861 } 862 863 nla_nest_end(msg, nl_combis); 864 865 return 0; 866 nla_put_failure: 867 return -ENOBUFS; 868 } 869 870 static int nl80211_send_wiphy(struct sk_buff *msg, u32 portid, u32 seq, int flags, 871 struct cfg80211_registered_device *dev) 872 { 873 void *hdr; 874 struct nlattr *nl_bands, *nl_band; 875 struct nlattr *nl_freqs, *nl_freq; 876 struct nlattr *nl_rates, *nl_rate; 877 struct nlattr *nl_cmds; 878 enum ieee80211_band band; 879 struct ieee80211_channel *chan; 880 struct ieee80211_rate *rate; 881 int i; 882 const struct ieee80211_txrx_stypes *mgmt_stypes = 883 dev->wiphy.mgmt_stypes; 884 885 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY); 886 if (!hdr) 887 return -1; 888 889 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) || 890 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) || 891 nla_put_u32(msg, NL80211_ATTR_GENERATION, 892 cfg80211_rdev_list_generation) || 893 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 894 dev->wiphy.retry_short) || 895 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 896 dev->wiphy.retry_long) || 897 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 898 dev->wiphy.frag_threshold) || 899 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 900 dev->wiphy.rts_threshold) || 901 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 902 dev->wiphy.coverage_class) || 903 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 904 dev->wiphy.max_scan_ssids) || 905 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 906 dev->wiphy.max_sched_scan_ssids) || 907 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 908 dev->wiphy.max_scan_ie_len) || 909 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 910 dev->wiphy.max_sched_scan_ie_len) || 911 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS, 912 dev->wiphy.max_match_sets)) 913 goto nla_put_failure; 914 915 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) && 916 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN)) 917 goto nla_put_failure; 918 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) && 919 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH)) 920 goto nla_put_failure; 921 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 922 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD)) 923 goto nla_put_failure; 924 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) && 925 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT)) 926 goto nla_put_failure; 927 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) && 928 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT)) 929 goto nla_put_failure; 930 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) && 931 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) 932 goto nla_put_failure; 933 934 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES, 935 sizeof(u32) * dev->wiphy.n_cipher_suites, 936 dev->wiphy.cipher_suites)) 937 goto nla_put_failure; 938 939 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 940 dev->wiphy.max_num_pmkids)) 941 goto nla_put_failure; 942 943 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 944 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE)) 945 goto nla_put_failure; 946 947 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 948 dev->wiphy.available_antennas_tx) || 949 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 950 dev->wiphy.available_antennas_rx)) 951 goto nla_put_failure; 952 953 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) && 954 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 955 dev->wiphy.probe_resp_offload)) 956 goto nla_put_failure; 957 958 if ((dev->wiphy.available_antennas_tx || 959 dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) { 960 u32 tx_ant = 0, rx_ant = 0; 961 int res; 962 res = rdev_get_antenna(dev, &tx_ant, &rx_ant); 963 if (!res) { 964 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, 965 tx_ant) || 966 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, 967 rx_ant)) 968 goto nla_put_failure; 969 } 970 } 971 972 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 973 dev->wiphy.interface_modes)) 974 goto nla_put_failure; 975 976 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 977 if (!nl_bands) 978 goto nla_put_failure; 979 980 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 981 if (!dev->wiphy.bands[band]) 982 continue; 983 984 nl_band = nla_nest_start(msg, band); 985 if (!nl_band) 986 goto nla_put_failure; 987 988 /* add HT info */ 989 if (dev->wiphy.bands[band]->ht_cap.ht_supported && 990 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET, 991 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 992 &dev->wiphy.bands[band]->ht_cap.mcs) || 993 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA, 994 dev->wiphy.bands[band]->ht_cap.cap) || 995 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 996 dev->wiphy.bands[band]->ht_cap.ampdu_factor) || 997 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 998 dev->wiphy.bands[band]->ht_cap.ampdu_density))) 999 goto nla_put_failure; 1000 1001 /* add VHT info */ 1002 if (dev->wiphy.bands[band]->vht_cap.vht_supported && 1003 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET, 1004 sizeof(dev->wiphy.bands[band]->vht_cap.vht_mcs), 1005 &dev->wiphy.bands[band]->vht_cap.vht_mcs) || 1006 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA, 1007 dev->wiphy.bands[band]->vht_cap.cap))) 1008 goto nla_put_failure; 1009 1010 /* add frequencies */ 1011 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 1012 if (!nl_freqs) 1013 goto nla_put_failure; 1014 1015 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 1016 nl_freq = nla_nest_start(msg, i); 1017 if (!nl_freq) 1018 goto nla_put_failure; 1019 1020 chan = &dev->wiphy.bands[band]->channels[i]; 1021 1022 if (nl80211_msg_put_channel(msg, chan)) 1023 goto nla_put_failure; 1024 1025 nla_nest_end(msg, nl_freq); 1026 } 1027 1028 nla_nest_end(msg, nl_freqs); 1029 1030 /* add bitrates */ 1031 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 1032 if (!nl_rates) 1033 goto nla_put_failure; 1034 1035 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 1036 nl_rate = nla_nest_start(msg, i); 1037 if (!nl_rate) 1038 goto nla_put_failure; 1039 1040 rate = &dev->wiphy.bands[band]->bitrates[i]; 1041 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE, 1042 rate->bitrate)) 1043 goto nla_put_failure; 1044 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) && 1045 nla_put_flag(msg, 1046 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE)) 1047 goto nla_put_failure; 1048 1049 nla_nest_end(msg, nl_rate); 1050 } 1051 1052 nla_nest_end(msg, nl_rates); 1053 1054 nla_nest_end(msg, nl_band); 1055 } 1056 nla_nest_end(msg, nl_bands); 1057 1058 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 1059 if (!nl_cmds) 1060 goto nla_put_failure; 1061 1062 i = 0; 1063 #define CMD(op, n) \ 1064 do { \ 1065 if (dev->ops->op) { \ 1066 i++; \ 1067 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \ 1068 goto nla_put_failure; \ 1069 } \ 1070 } while (0) 1071 1072 CMD(add_virtual_intf, NEW_INTERFACE); 1073 CMD(change_virtual_intf, SET_INTERFACE); 1074 CMD(add_key, NEW_KEY); 1075 CMD(start_ap, START_AP); 1076 CMD(add_station, NEW_STATION); 1077 CMD(add_mpath, NEW_MPATH); 1078 CMD(update_mesh_config, SET_MESH_CONFIG); 1079 CMD(change_bss, SET_BSS); 1080 CMD(auth, AUTHENTICATE); 1081 CMD(assoc, ASSOCIATE); 1082 CMD(deauth, DEAUTHENTICATE); 1083 CMD(disassoc, DISASSOCIATE); 1084 CMD(join_ibss, JOIN_IBSS); 1085 CMD(join_mesh, JOIN_MESH); 1086 CMD(set_pmksa, SET_PMKSA); 1087 CMD(del_pmksa, DEL_PMKSA); 1088 CMD(flush_pmksa, FLUSH_PMKSA); 1089 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 1090 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 1091 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 1092 CMD(mgmt_tx, FRAME); 1093 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 1094 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 1095 i++; 1096 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS)) 1097 goto nla_put_failure; 1098 } 1099 if (dev->ops->set_monitor_channel || dev->ops->start_ap || 1100 dev->ops->join_mesh) { 1101 i++; 1102 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL)) 1103 goto nla_put_failure; 1104 } 1105 CMD(set_wds_peer, SET_WDS_PEER); 1106 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 1107 CMD(tdls_mgmt, TDLS_MGMT); 1108 CMD(tdls_oper, TDLS_OPER); 1109 } 1110 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) 1111 CMD(sched_scan_start, START_SCHED_SCAN); 1112 CMD(probe_client, PROBE_CLIENT); 1113 CMD(set_noack_map, SET_NOACK_MAP); 1114 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 1115 i++; 1116 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 1117 goto nla_put_failure; 1118 } 1119 CMD(start_p2p_device, START_P2P_DEVICE); 1120 CMD(set_mcast_rate, SET_MCAST_RATE); 1121 1122 #ifdef CONFIG_NL80211_TESTMODE 1123 CMD(testmode_cmd, TESTMODE); 1124 #endif 1125 1126 #undef CMD 1127 1128 if (dev->ops->connect || dev->ops->auth) { 1129 i++; 1130 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT)) 1131 goto nla_put_failure; 1132 } 1133 1134 if (dev->ops->disconnect || dev->ops->deauth) { 1135 i++; 1136 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT)) 1137 goto nla_put_failure; 1138 } 1139 1140 nla_nest_end(msg, nl_cmds); 1141 1142 if (dev->ops->remain_on_channel && 1143 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) && 1144 nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 1145 dev->wiphy.max_remain_on_channel_duration)) 1146 goto nla_put_failure; 1147 1148 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) && 1149 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) 1150 goto nla_put_failure; 1151 1152 if (mgmt_stypes) { 1153 u16 stypes; 1154 struct nlattr *nl_ftypes, *nl_ifs; 1155 enum nl80211_iftype ift; 1156 1157 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES); 1158 if (!nl_ifs) 1159 goto nla_put_failure; 1160 1161 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1162 nl_ftypes = nla_nest_start(msg, ift); 1163 if (!nl_ftypes) 1164 goto nla_put_failure; 1165 i = 0; 1166 stypes = mgmt_stypes[ift].tx; 1167 while (stypes) { 1168 if ((stypes & 1) && 1169 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1170 (i << 4) | IEEE80211_FTYPE_MGMT)) 1171 goto nla_put_failure; 1172 stypes >>= 1; 1173 i++; 1174 } 1175 nla_nest_end(msg, nl_ftypes); 1176 } 1177 1178 nla_nest_end(msg, nl_ifs); 1179 1180 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES); 1181 if (!nl_ifs) 1182 goto nla_put_failure; 1183 1184 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1185 nl_ftypes = nla_nest_start(msg, ift); 1186 if (!nl_ftypes) 1187 goto nla_put_failure; 1188 i = 0; 1189 stypes = mgmt_stypes[ift].rx; 1190 while (stypes) { 1191 if ((stypes & 1) && 1192 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1193 (i << 4) | IEEE80211_FTYPE_MGMT)) 1194 goto nla_put_failure; 1195 stypes >>= 1; 1196 i++; 1197 } 1198 nla_nest_end(msg, nl_ftypes); 1199 } 1200 nla_nest_end(msg, nl_ifs); 1201 } 1202 1203 #ifdef CONFIG_PM 1204 if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) { 1205 struct nlattr *nl_wowlan; 1206 1207 nl_wowlan = nla_nest_start(msg, 1208 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 1209 if (!nl_wowlan) 1210 goto nla_put_failure; 1211 1212 if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) && 1213 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 1214 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) && 1215 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 1216 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) && 1217 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 1218 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) && 1219 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) || 1220 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) && 1221 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 1222 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) && 1223 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 1224 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) && 1225 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 1226 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) && 1227 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 1228 goto nla_put_failure; 1229 if (dev->wiphy.wowlan.n_patterns) { 1230 struct nl80211_wowlan_pattern_support pat = { 1231 .max_patterns = dev->wiphy.wowlan.n_patterns, 1232 .min_pattern_len = 1233 dev->wiphy.wowlan.pattern_min_len, 1234 .max_pattern_len = 1235 dev->wiphy.wowlan.pattern_max_len, 1236 }; 1237 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1238 sizeof(pat), &pat)) 1239 goto nla_put_failure; 1240 } 1241 1242 nla_nest_end(msg, nl_wowlan); 1243 } 1244 #endif 1245 1246 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 1247 dev->wiphy.software_iftypes)) 1248 goto nla_put_failure; 1249 1250 if (nl80211_put_iface_combinations(&dev->wiphy, msg)) 1251 goto nla_put_failure; 1252 1253 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) && 1254 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME, 1255 dev->wiphy.ap_sme_capa)) 1256 goto nla_put_failure; 1257 1258 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, 1259 dev->wiphy.features)) 1260 goto nla_put_failure; 1261 1262 if (dev->wiphy.ht_capa_mod_mask && 1263 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 1264 sizeof(*dev->wiphy.ht_capa_mod_mask), 1265 dev->wiphy.ht_capa_mod_mask)) 1266 goto nla_put_failure; 1267 1268 return genlmsg_end(msg, hdr); 1269 1270 nla_put_failure: 1271 genlmsg_cancel(msg, hdr); 1272 return -EMSGSIZE; 1273 } 1274 1275 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 1276 { 1277 int idx = 0; 1278 int start = cb->args[0]; 1279 struct cfg80211_registered_device *dev; 1280 1281 mutex_lock(&cfg80211_mutex); 1282 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 1283 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 1284 continue; 1285 if (++idx <= start) 1286 continue; 1287 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).portid, 1288 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1289 dev) < 0) { 1290 idx--; 1291 break; 1292 } 1293 } 1294 mutex_unlock(&cfg80211_mutex); 1295 1296 cb->args[0] = idx; 1297 1298 return skb->len; 1299 } 1300 1301 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 1302 { 1303 struct sk_buff *msg; 1304 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1305 1306 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1307 if (!msg) 1308 return -ENOMEM; 1309 1310 if (nl80211_send_wiphy(msg, info->snd_portid, info->snd_seq, 0, dev) < 0) { 1311 nlmsg_free(msg); 1312 return -ENOBUFS; 1313 } 1314 1315 return genlmsg_reply(msg, info); 1316 } 1317 1318 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 1319 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 1320 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 1321 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 1322 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 1323 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 1324 }; 1325 1326 static int parse_txq_params(struct nlattr *tb[], 1327 struct ieee80211_txq_params *txq_params) 1328 { 1329 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || 1330 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 1331 !tb[NL80211_TXQ_ATTR_AIFS]) 1332 return -EINVAL; 1333 1334 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); 1335 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 1336 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 1337 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 1338 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 1339 1340 if (txq_params->ac >= NL80211_NUM_ACS) 1341 return -EINVAL; 1342 1343 return 0; 1344 } 1345 1346 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 1347 { 1348 /* 1349 * You can only set the channel explicitly for WDS interfaces, 1350 * all others have their channel managed via their respective 1351 * "establish a connection" command (connect, join, ...) 1352 * 1353 * For AP/GO and mesh mode, the channel can be set with the 1354 * channel userspace API, but is only stored and passed to the 1355 * low-level driver when the AP starts or the mesh is joined. 1356 * This is for backward compatibility, userspace can also give 1357 * the channel in the start-ap or join-mesh commands instead. 1358 * 1359 * Monitors are special as they are normally slaved to 1360 * whatever else is going on, so they have their own special 1361 * operation to set the monitor channel if possible. 1362 */ 1363 return !wdev || 1364 wdev->iftype == NL80211_IFTYPE_AP || 1365 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 1366 wdev->iftype == NL80211_IFTYPE_MONITOR || 1367 wdev->iftype == NL80211_IFTYPE_P2P_GO; 1368 } 1369 1370 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev, 1371 struct genl_info *info, 1372 struct cfg80211_chan_def *chandef) 1373 { 1374 u32 control_freq; 1375 1376 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 1377 return -EINVAL; 1378 1379 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 1380 1381 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq); 1382 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 1383 chandef->center_freq1 = control_freq; 1384 chandef->center_freq2 = 0; 1385 1386 /* Primary channel not allowed */ 1387 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) 1388 return -EINVAL; 1389 1390 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 1391 enum nl80211_channel_type chantype; 1392 1393 chantype = nla_get_u32( 1394 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1395 1396 switch (chantype) { 1397 case NL80211_CHAN_NO_HT: 1398 case NL80211_CHAN_HT20: 1399 case NL80211_CHAN_HT40PLUS: 1400 case NL80211_CHAN_HT40MINUS: 1401 cfg80211_chandef_create(chandef, chandef->chan, 1402 chantype); 1403 break; 1404 default: 1405 return -EINVAL; 1406 } 1407 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) { 1408 chandef->width = 1409 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]); 1410 if (info->attrs[NL80211_ATTR_CENTER_FREQ1]) 1411 chandef->center_freq1 = 1412 nla_get_u32( 1413 info->attrs[NL80211_ATTR_CENTER_FREQ1]); 1414 if (info->attrs[NL80211_ATTR_CENTER_FREQ2]) 1415 chandef->center_freq2 = 1416 nla_get_u32( 1417 info->attrs[NL80211_ATTR_CENTER_FREQ2]); 1418 } 1419 1420 if (!cfg80211_chandef_valid(chandef)) 1421 return -EINVAL; 1422 1423 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef, 1424 IEEE80211_CHAN_DISABLED)) 1425 return -EINVAL; 1426 1427 return 0; 1428 } 1429 1430 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 1431 struct wireless_dev *wdev, 1432 struct genl_info *info) 1433 { 1434 struct cfg80211_chan_def chandef; 1435 int result; 1436 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR; 1437 1438 if (wdev) 1439 iftype = wdev->iftype; 1440 1441 if (!nl80211_can_set_dev_channel(wdev)) 1442 return -EOPNOTSUPP; 1443 1444 result = nl80211_parse_chandef(rdev, info, &chandef); 1445 if (result) 1446 return result; 1447 1448 mutex_lock(&rdev->devlist_mtx); 1449 switch (iftype) { 1450 case NL80211_IFTYPE_AP: 1451 case NL80211_IFTYPE_P2P_GO: 1452 if (wdev->beacon_interval) { 1453 result = -EBUSY; 1454 break; 1455 } 1456 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef)) { 1457 result = -EINVAL; 1458 break; 1459 } 1460 wdev->preset_chandef = chandef; 1461 result = 0; 1462 break; 1463 case NL80211_IFTYPE_MESH_POINT: 1464 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef); 1465 break; 1466 case NL80211_IFTYPE_MONITOR: 1467 result = cfg80211_set_monitor_channel(rdev, &chandef); 1468 break; 1469 default: 1470 result = -EINVAL; 1471 } 1472 mutex_unlock(&rdev->devlist_mtx); 1473 1474 return result; 1475 } 1476 1477 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 1478 { 1479 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1480 struct net_device *netdev = info->user_ptr[1]; 1481 1482 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 1483 } 1484 1485 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info) 1486 { 1487 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1488 struct net_device *dev = info->user_ptr[1]; 1489 struct wireless_dev *wdev = dev->ieee80211_ptr; 1490 const u8 *bssid; 1491 1492 if (!info->attrs[NL80211_ATTR_MAC]) 1493 return -EINVAL; 1494 1495 if (netif_running(dev)) 1496 return -EBUSY; 1497 1498 if (!rdev->ops->set_wds_peer) 1499 return -EOPNOTSUPP; 1500 1501 if (wdev->iftype != NL80211_IFTYPE_WDS) 1502 return -EOPNOTSUPP; 1503 1504 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 1505 return rdev_set_wds_peer(rdev, dev, bssid); 1506 } 1507 1508 1509 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 1510 { 1511 struct cfg80211_registered_device *rdev; 1512 struct net_device *netdev = NULL; 1513 struct wireless_dev *wdev; 1514 int result = 0, rem_txq_params = 0; 1515 struct nlattr *nl_txq_params; 1516 u32 changed; 1517 u8 retry_short = 0, retry_long = 0; 1518 u32 frag_threshold = 0, rts_threshold = 0; 1519 u8 coverage_class = 0; 1520 1521 /* 1522 * Try to find the wiphy and netdev. Normally this 1523 * function shouldn't need the netdev, but this is 1524 * done for backward compatibility -- previously 1525 * setting the channel was done per wiphy, but now 1526 * it is per netdev. Previous userland like hostapd 1527 * also passed a netdev to set_wiphy, so that it is 1528 * possible to let that go to the right netdev! 1529 */ 1530 mutex_lock(&cfg80211_mutex); 1531 1532 if (info->attrs[NL80211_ATTR_IFINDEX]) { 1533 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 1534 1535 netdev = dev_get_by_index(genl_info_net(info), ifindex); 1536 if (netdev && netdev->ieee80211_ptr) { 1537 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 1538 mutex_lock(&rdev->mtx); 1539 } else 1540 netdev = NULL; 1541 } 1542 1543 if (!netdev) { 1544 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info), 1545 info->attrs); 1546 if (IS_ERR(rdev)) { 1547 mutex_unlock(&cfg80211_mutex); 1548 return PTR_ERR(rdev); 1549 } 1550 wdev = NULL; 1551 netdev = NULL; 1552 result = 0; 1553 1554 mutex_lock(&rdev->mtx); 1555 } else 1556 wdev = netdev->ieee80211_ptr; 1557 1558 /* 1559 * end workaround code, by now the rdev is available 1560 * and locked, and wdev may or may not be NULL. 1561 */ 1562 1563 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 1564 result = cfg80211_dev_rename( 1565 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 1566 1567 mutex_unlock(&cfg80211_mutex); 1568 1569 if (result) 1570 goto bad_res; 1571 1572 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 1573 struct ieee80211_txq_params txq_params; 1574 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 1575 1576 if (!rdev->ops->set_txq_params) { 1577 result = -EOPNOTSUPP; 1578 goto bad_res; 1579 } 1580 1581 if (!netdev) { 1582 result = -EINVAL; 1583 goto bad_res; 1584 } 1585 1586 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 1587 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 1588 result = -EINVAL; 1589 goto bad_res; 1590 } 1591 1592 if (!netif_running(netdev)) { 1593 result = -ENETDOWN; 1594 goto bad_res; 1595 } 1596 1597 nla_for_each_nested(nl_txq_params, 1598 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 1599 rem_txq_params) { 1600 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 1601 nla_data(nl_txq_params), 1602 nla_len(nl_txq_params), 1603 txq_params_policy); 1604 result = parse_txq_params(tb, &txq_params); 1605 if (result) 1606 goto bad_res; 1607 1608 result = rdev_set_txq_params(rdev, netdev, 1609 &txq_params); 1610 if (result) 1611 goto bad_res; 1612 } 1613 } 1614 1615 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 1616 result = __nl80211_set_channel(rdev, 1617 nl80211_can_set_dev_channel(wdev) ? wdev : NULL, 1618 info); 1619 if (result) 1620 goto bad_res; 1621 } 1622 1623 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 1624 struct wireless_dev *txp_wdev = wdev; 1625 enum nl80211_tx_power_setting type; 1626 int idx, mbm = 0; 1627 1628 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER)) 1629 txp_wdev = NULL; 1630 1631 if (!rdev->ops->set_tx_power) { 1632 result = -EOPNOTSUPP; 1633 goto bad_res; 1634 } 1635 1636 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 1637 type = nla_get_u32(info->attrs[idx]); 1638 1639 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 1640 (type != NL80211_TX_POWER_AUTOMATIC)) { 1641 result = -EINVAL; 1642 goto bad_res; 1643 } 1644 1645 if (type != NL80211_TX_POWER_AUTOMATIC) { 1646 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 1647 mbm = nla_get_u32(info->attrs[idx]); 1648 } 1649 1650 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm); 1651 if (result) 1652 goto bad_res; 1653 } 1654 1655 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 1656 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 1657 u32 tx_ant, rx_ant; 1658 if ((!rdev->wiphy.available_antennas_tx && 1659 !rdev->wiphy.available_antennas_rx) || 1660 !rdev->ops->set_antenna) { 1661 result = -EOPNOTSUPP; 1662 goto bad_res; 1663 } 1664 1665 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 1666 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 1667 1668 /* reject antenna configurations which don't match the 1669 * available antenna masks, except for the "all" mask */ 1670 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 1671 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) { 1672 result = -EINVAL; 1673 goto bad_res; 1674 } 1675 1676 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 1677 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 1678 1679 result = rdev_set_antenna(rdev, tx_ant, rx_ant); 1680 if (result) 1681 goto bad_res; 1682 } 1683 1684 changed = 0; 1685 1686 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 1687 retry_short = nla_get_u8( 1688 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 1689 if (retry_short == 0) { 1690 result = -EINVAL; 1691 goto bad_res; 1692 } 1693 changed |= WIPHY_PARAM_RETRY_SHORT; 1694 } 1695 1696 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 1697 retry_long = nla_get_u8( 1698 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 1699 if (retry_long == 0) { 1700 result = -EINVAL; 1701 goto bad_res; 1702 } 1703 changed |= WIPHY_PARAM_RETRY_LONG; 1704 } 1705 1706 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 1707 frag_threshold = nla_get_u32( 1708 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 1709 if (frag_threshold < 256) { 1710 result = -EINVAL; 1711 goto bad_res; 1712 } 1713 if (frag_threshold != (u32) -1) { 1714 /* 1715 * Fragments (apart from the last one) are required to 1716 * have even length. Make the fragmentation code 1717 * simpler by stripping LSB should someone try to use 1718 * odd threshold value. 1719 */ 1720 frag_threshold &= ~0x1; 1721 } 1722 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 1723 } 1724 1725 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 1726 rts_threshold = nla_get_u32( 1727 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 1728 changed |= WIPHY_PARAM_RTS_THRESHOLD; 1729 } 1730 1731 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 1732 coverage_class = nla_get_u8( 1733 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 1734 changed |= WIPHY_PARAM_COVERAGE_CLASS; 1735 } 1736 1737 if (changed) { 1738 u8 old_retry_short, old_retry_long; 1739 u32 old_frag_threshold, old_rts_threshold; 1740 u8 old_coverage_class; 1741 1742 if (!rdev->ops->set_wiphy_params) { 1743 result = -EOPNOTSUPP; 1744 goto bad_res; 1745 } 1746 1747 old_retry_short = rdev->wiphy.retry_short; 1748 old_retry_long = rdev->wiphy.retry_long; 1749 old_frag_threshold = rdev->wiphy.frag_threshold; 1750 old_rts_threshold = rdev->wiphy.rts_threshold; 1751 old_coverage_class = rdev->wiphy.coverage_class; 1752 1753 if (changed & WIPHY_PARAM_RETRY_SHORT) 1754 rdev->wiphy.retry_short = retry_short; 1755 if (changed & WIPHY_PARAM_RETRY_LONG) 1756 rdev->wiphy.retry_long = retry_long; 1757 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 1758 rdev->wiphy.frag_threshold = frag_threshold; 1759 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 1760 rdev->wiphy.rts_threshold = rts_threshold; 1761 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 1762 rdev->wiphy.coverage_class = coverage_class; 1763 1764 result = rdev_set_wiphy_params(rdev, changed); 1765 if (result) { 1766 rdev->wiphy.retry_short = old_retry_short; 1767 rdev->wiphy.retry_long = old_retry_long; 1768 rdev->wiphy.frag_threshold = old_frag_threshold; 1769 rdev->wiphy.rts_threshold = old_rts_threshold; 1770 rdev->wiphy.coverage_class = old_coverage_class; 1771 } 1772 } 1773 1774 bad_res: 1775 mutex_unlock(&rdev->mtx); 1776 if (netdev) 1777 dev_put(netdev); 1778 return result; 1779 } 1780 1781 static inline u64 wdev_id(struct wireless_dev *wdev) 1782 { 1783 return (u64)wdev->identifier | 1784 ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32); 1785 } 1786 1787 static int nl80211_send_chandef(struct sk_buff *msg, 1788 struct cfg80211_chan_def *chandef) 1789 { 1790 WARN_ON(!cfg80211_chandef_valid(chandef)); 1791 1792 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 1793 chandef->chan->center_freq)) 1794 return -ENOBUFS; 1795 switch (chandef->width) { 1796 case NL80211_CHAN_WIDTH_20_NOHT: 1797 case NL80211_CHAN_WIDTH_20: 1798 case NL80211_CHAN_WIDTH_40: 1799 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 1800 cfg80211_get_chandef_type(chandef))) 1801 return -ENOBUFS; 1802 break; 1803 default: 1804 break; 1805 } 1806 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width)) 1807 return -ENOBUFS; 1808 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1)) 1809 return -ENOBUFS; 1810 if (chandef->center_freq2 && 1811 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2)) 1812 return -ENOBUFS; 1813 return 0; 1814 } 1815 1816 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags, 1817 struct cfg80211_registered_device *rdev, 1818 struct wireless_dev *wdev) 1819 { 1820 struct net_device *dev = wdev->netdev; 1821 void *hdr; 1822 1823 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE); 1824 if (!hdr) 1825 return -1; 1826 1827 if (dev && 1828 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 1829 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name))) 1830 goto nla_put_failure; 1831 1832 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 1833 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) || 1834 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 1835 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) || 1836 nla_put_u32(msg, NL80211_ATTR_GENERATION, 1837 rdev->devlist_generation ^ 1838 (cfg80211_rdev_list_generation << 2))) 1839 goto nla_put_failure; 1840 1841 if (rdev->ops->get_channel) { 1842 int ret; 1843 struct cfg80211_chan_def chandef; 1844 1845 ret = rdev_get_channel(rdev, wdev, &chandef); 1846 if (ret == 0) { 1847 if (nl80211_send_chandef(msg, &chandef)) 1848 goto nla_put_failure; 1849 } 1850 } 1851 1852 if (wdev->ssid_len) { 1853 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid)) 1854 goto nla_put_failure; 1855 } 1856 1857 return genlmsg_end(msg, hdr); 1858 1859 nla_put_failure: 1860 genlmsg_cancel(msg, hdr); 1861 return -EMSGSIZE; 1862 } 1863 1864 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 1865 { 1866 int wp_idx = 0; 1867 int if_idx = 0; 1868 int wp_start = cb->args[0]; 1869 int if_start = cb->args[1]; 1870 struct cfg80211_registered_device *rdev; 1871 struct wireless_dev *wdev; 1872 1873 mutex_lock(&cfg80211_mutex); 1874 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1875 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1876 continue; 1877 if (wp_idx < wp_start) { 1878 wp_idx++; 1879 continue; 1880 } 1881 if_idx = 0; 1882 1883 mutex_lock(&rdev->devlist_mtx); 1884 list_for_each_entry(wdev, &rdev->wdev_list, list) { 1885 if (if_idx < if_start) { 1886 if_idx++; 1887 continue; 1888 } 1889 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid, 1890 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1891 rdev, wdev) < 0) { 1892 mutex_unlock(&rdev->devlist_mtx); 1893 goto out; 1894 } 1895 if_idx++; 1896 } 1897 mutex_unlock(&rdev->devlist_mtx); 1898 1899 wp_idx++; 1900 } 1901 out: 1902 mutex_unlock(&cfg80211_mutex); 1903 1904 cb->args[0] = wp_idx; 1905 cb->args[1] = if_idx; 1906 1907 return skb->len; 1908 } 1909 1910 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 1911 { 1912 struct sk_buff *msg; 1913 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1914 struct wireless_dev *wdev = info->user_ptr[1]; 1915 1916 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1917 if (!msg) 1918 return -ENOMEM; 1919 1920 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 1921 dev, wdev) < 0) { 1922 nlmsg_free(msg); 1923 return -ENOBUFS; 1924 } 1925 1926 return genlmsg_reply(msg, info); 1927 } 1928 1929 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 1930 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 1931 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 1932 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 1933 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 1934 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 1935 }; 1936 1937 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 1938 { 1939 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 1940 int flag; 1941 1942 *mntrflags = 0; 1943 1944 if (!nla) 1945 return -EINVAL; 1946 1947 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 1948 nla, mntr_flags_policy)) 1949 return -EINVAL; 1950 1951 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 1952 if (flags[flag]) 1953 *mntrflags |= (1<<flag); 1954 1955 return 0; 1956 } 1957 1958 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 1959 struct net_device *netdev, u8 use_4addr, 1960 enum nl80211_iftype iftype) 1961 { 1962 if (!use_4addr) { 1963 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 1964 return -EBUSY; 1965 return 0; 1966 } 1967 1968 switch (iftype) { 1969 case NL80211_IFTYPE_AP_VLAN: 1970 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 1971 return 0; 1972 break; 1973 case NL80211_IFTYPE_STATION: 1974 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 1975 return 0; 1976 break; 1977 default: 1978 break; 1979 } 1980 1981 return -EOPNOTSUPP; 1982 } 1983 1984 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 1985 { 1986 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1987 struct vif_params params; 1988 int err; 1989 enum nl80211_iftype otype, ntype; 1990 struct net_device *dev = info->user_ptr[1]; 1991 u32 _flags, *flags = NULL; 1992 bool change = false; 1993 1994 memset(¶ms, 0, sizeof(params)); 1995 1996 otype = ntype = dev->ieee80211_ptr->iftype; 1997 1998 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1999 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 2000 if (otype != ntype) 2001 change = true; 2002 if (ntype > NL80211_IFTYPE_MAX) 2003 return -EINVAL; 2004 } 2005 2006 if (info->attrs[NL80211_ATTR_MESH_ID]) { 2007 struct wireless_dev *wdev = dev->ieee80211_ptr; 2008 2009 if (ntype != NL80211_IFTYPE_MESH_POINT) 2010 return -EINVAL; 2011 if (netif_running(dev)) 2012 return -EBUSY; 2013 2014 wdev_lock(wdev); 2015 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2016 IEEE80211_MAX_MESH_ID_LEN); 2017 wdev->mesh_id_up_len = 2018 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 2019 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 2020 wdev->mesh_id_up_len); 2021 wdev_unlock(wdev); 2022 } 2023 2024 if (info->attrs[NL80211_ATTR_4ADDR]) { 2025 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 2026 change = true; 2027 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 2028 if (err) 2029 return err; 2030 } else { 2031 params.use_4addr = -1; 2032 } 2033 2034 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 2035 if (ntype != NL80211_IFTYPE_MONITOR) 2036 return -EINVAL; 2037 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 2038 &_flags); 2039 if (err) 2040 return err; 2041 2042 flags = &_flags; 2043 change = true; 2044 } 2045 2046 if (change) 2047 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 2048 else 2049 err = 0; 2050 2051 if (!err && params.use_4addr != -1) 2052 dev->ieee80211_ptr->use_4addr = params.use_4addr; 2053 2054 return err; 2055 } 2056 2057 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 2058 { 2059 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2060 struct vif_params params; 2061 struct wireless_dev *wdev; 2062 struct sk_buff *msg; 2063 int err; 2064 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 2065 u32 flags; 2066 2067 memset(¶ms, 0, sizeof(params)); 2068 2069 if (!info->attrs[NL80211_ATTR_IFNAME]) 2070 return -EINVAL; 2071 2072 if (info->attrs[NL80211_ATTR_IFTYPE]) { 2073 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 2074 if (type > NL80211_IFTYPE_MAX) 2075 return -EINVAL; 2076 } 2077 2078 if (!rdev->ops->add_virtual_intf || 2079 !(rdev->wiphy.interface_modes & (1 << type))) 2080 return -EOPNOTSUPP; 2081 2082 if (info->attrs[NL80211_ATTR_4ADDR]) { 2083 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 2084 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 2085 if (err) 2086 return err; 2087 } 2088 2089 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2090 if (!msg) 2091 return -ENOMEM; 2092 2093 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 2094 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 2095 &flags); 2096 wdev = rdev_add_virtual_intf(rdev, 2097 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 2098 type, err ? NULL : &flags, ¶ms); 2099 if (IS_ERR(wdev)) { 2100 nlmsg_free(msg); 2101 return PTR_ERR(wdev); 2102 } 2103 2104 switch (type) { 2105 case NL80211_IFTYPE_MESH_POINT: 2106 if (!info->attrs[NL80211_ATTR_MESH_ID]) 2107 break; 2108 wdev_lock(wdev); 2109 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2110 IEEE80211_MAX_MESH_ID_LEN); 2111 wdev->mesh_id_up_len = 2112 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 2113 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 2114 wdev->mesh_id_up_len); 2115 wdev_unlock(wdev); 2116 break; 2117 case NL80211_IFTYPE_P2P_DEVICE: 2118 /* 2119 * P2P Device doesn't have a netdev, so doesn't go 2120 * through the netdev notifier and must be added here 2121 */ 2122 mutex_init(&wdev->mtx); 2123 INIT_LIST_HEAD(&wdev->event_list); 2124 spin_lock_init(&wdev->event_lock); 2125 INIT_LIST_HEAD(&wdev->mgmt_registrations); 2126 spin_lock_init(&wdev->mgmt_registrations_lock); 2127 2128 mutex_lock(&rdev->devlist_mtx); 2129 wdev->identifier = ++rdev->wdev_id; 2130 list_add_rcu(&wdev->list, &rdev->wdev_list); 2131 rdev->devlist_generation++; 2132 mutex_unlock(&rdev->devlist_mtx); 2133 break; 2134 default: 2135 break; 2136 } 2137 2138 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 2139 rdev, wdev) < 0) { 2140 nlmsg_free(msg); 2141 return -ENOBUFS; 2142 } 2143 2144 return genlmsg_reply(msg, info); 2145 } 2146 2147 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 2148 { 2149 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2150 struct wireless_dev *wdev = info->user_ptr[1]; 2151 2152 if (!rdev->ops->del_virtual_intf) 2153 return -EOPNOTSUPP; 2154 2155 /* 2156 * If we remove a wireless device without a netdev then clear 2157 * user_ptr[1] so that nl80211_post_doit won't dereference it 2158 * to check if it needs to do dev_put(). Otherwise it crashes 2159 * since the wdev has been freed, unlike with a netdev where 2160 * we need the dev_put() for the netdev to really be freed. 2161 */ 2162 if (!wdev->netdev) 2163 info->user_ptr[1] = NULL; 2164 2165 return rdev_del_virtual_intf(rdev, wdev); 2166 } 2167 2168 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 2169 { 2170 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2171 struct net_device *dev = info->user_ptr[1]; 2172 u16 noack_map; 2173 2174 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 2175 return -EINVAL; 2176 2177 if (!rdev->ops->set_noack_map) 2178 return -EOPNOTSUPP; 2179 2180 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 2181 2182 return rdev_set_noack_map(rdev, dev, noack_map); 2183 } 2184 2185 struct get_key_cookie { 2186 struct sk_buff *msg; 2187 int error; 2188 int idx; 2189 }; 2190 2191 static void get_key_callback(void *c, struct key_params *params) 2192 { 2193 struct nlattr *key; 2194 struct get_key_cookie *cookie = c; 2195 2196 if ((params->key && 2197 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA, 2198 params->key_len, params->key)) || 2199 (params->seq && 2200 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ, 2201 params->seq_len, params->seq)) || 2202 (params->cipher && 2203 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 2204 params->cipher))) 2205 goto nla_put_failure; 2206 2207 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 2208 if (!key) 2209 goto nla_put_failure; 2210 2211 if ((params->key && 2212 nla_put(cookie->msg, NL80211_KEY_DATA, 2213 params->key_len, params->key)) || 2214 (params->seq && 2215 nla_put(cookie->msg, NL80211_KEY_SEQ, 2216 params->seq_len, params->seq)) || 2217 (params->cipher && 2218 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER, 2219 params->cipher))) 2220 goto nla_put_failure; 2221 2222 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx)) 2223 goto nla_put_failure; 2224 2225 nla_nest_end(cookie->msg, key); 2226 2227 return; 2228 nla_put_failure: 2229 cookie->error = 1; 2230 } 2231 2232 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 2233 { 2234 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2235 int err; 2236 struct net_device *dev = info->user_ptr[1]; 2237 u8 key_idx = 0; 2238 const u8 *mac_addr = NULL; 2239 bool pairwise; 2240 struct get_key_cookie cookie = { 2241 .error = 0, 2242 }; 2243 void *hdr; 2244 struct sk_buff *msg; 2245 2246 if (info->attrs[NL80211_ATTR_KEY_IDX]) 2247 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 2248 2249 if (key_idx > 5) 2250 return -EINVAL; 2251 2252 if (info->attrs[NL80211_ATTR_MAC]) 2253 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2254 2255 pairwise = !!mac_addr; 2256 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 2257 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 2258 if (kt >= NUM_NL80211_KEYTYPES) 2259 return -EINVAL; 2260 if (kt != NL80211_KEYTYPE_GROUP && 2261 kt != NL80211_KEYTYPE_PAIRWISE) 2262 return -EINVAL; 2263 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 2264 } 2265 2266 if (!rdev->ops->get_key) 2267 return -EOPNOTSUPP; 2268 2269 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2270 if (!msg) 2271 return -ENOMEM; 2272 2273 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 2274 NL80211_CMD_NEW_KEY); 2275 if (IS_ERR(hdr)) 2276 return PTR_ERR(hdr); 2277 2278 cookie.msg = msg; 2279 cookie.idx = key_idx; 2280 2281 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2282 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx)) 2283 goto nla_put_failure; 2284 if (mac_addr && 2285 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 2286 goto nla_put_failure; 2287 2288 if (pairwise && mac_addr && 2289 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2290 return -ENOENT; 2291 2292 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie, 2293 get_key_callback); 2294 2295 if (err) 2296 goto free_msg; 2297 2298 if (cookie.error) 2299 goto nla_put_failure; 2300 2301 genlmsg_end(msg, hdr); 2302 return genlmsg_reply(msg, info); 2303 2304 nla_put_failure: 2305 err = -ENOBUFS; 2306 free_msg: 2307 nlmsg_free(msg); 2308 return err; 2309 } 2310 2311 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 2312 { 2313 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2314 struct key_parse key; 2315 int err; 2316 struct net_device *dev = info->user_ptr[1]; 2317 2318 err = nl80211_parse_key(info, &key); 2319 if (err) 2320 return err; 2321 2322 if (key.idx < 0) 2323 return -EINVAL; 2324 2325 /* only support setting default key */ 2326 if (!key.def && !key.defmgmt) 2327 return -EINVAL; 2328 2329 wdev_lock(dev->ieee80211_ptr); 2330 2331 if (key.def) { 2332 if (!rdev->ops->set_default_key) { 2333 err = -EOPNOTSUPP; 2334 goto out; 2335 } 2336 2337 err = nl80211_key_allowed(dev->ieee80211_ptr); 2338 if (err) 2339 goto out; 2340 2341 err = rdev_set_default_key(rdev, dev, key.idx, 2342 key.def_uni, key.def_multi); 2343 2344 if (err) 2345 goto out; 2346 2347 #ifdef CONFIG_CFG80211_WEXT 2348 dev->ieee80211_ptr->wext.default_key = key.idx; 2349 #endif 2350 } else { 2351 if (key.def_uni || !key.def_multi) { 2352 err = -EINVAL; 2353 goto out; 2354 } 2355 2356 if (!rdev->ops->set_default_mgmt_key) { 2357 err = -EOPNOTSUPP; 2358 goto out; 2359 } 2360 2361 err = nl80211_key_allowed(dev->ieee80211_ptr); 2362 if (err) 2363 goto out; 2364 2365 err = rdev_set_default_mgmt_key(rdev, dev, key.idx); 2366 if (err) 2367 goto out; 2368 2369 #ifdef CONFIG_CFG80211_WEXT 2370 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 2371 #endif 2372 } 2373 2374 out: 2375 wdev_unlock(dev->ieee80211_ptr); 2376 2377 return err; 2378 } 2379 2380 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 2381 { 2382 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2383 int err; 2384 struct net_device *dev = info->user_ptr[1]; 2385 struct key_parse key; 2386 const u8 *mac_addr = NULL; 2387 2388 err = nl80211_parse_key(info, &key); 2389 if (err) 2390 return err; 2391 2392 if (!key.p.key) 2393 return -EINVAL; 2394 2395 if (info->attrs[NL80211_ATTR_MAC]) 2396 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2397 2398 if (key.type == -1) { 2399 if (mac_addr) 2400 key.type = NL80211_KEYTYPE_PAIRWISE; 2401 else 2402 key.type = NL80211_KEYTYPE_GROUP; 2403 } 2404 2405 /* for now */ 2406 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2407 key.type != NL80211_KEYTYPE_GROUP) 2408 return -EINVAL; 2409 2410 if (!rdev->ops->add_key) 2411 return -EOPNOTSUPP; 2412 2413 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 2414 key.type == NL80211_KEYTYPE_PAIRWISE, 2415 mac_addr)) 2416 return -EINVAL; 2417 2418 wdev_lock(dev->ieee80211_ptr); 2419 err = nl80211_key_allowed(dev->ieee80211_ptr); 2420 if (!err) 2421 err = rdev_add_key(rdev, dev, key.idx, 2422 key.type == NL80211_KEYTYPE_PAIRWISE, 2423 mac_addr, &key.p); 2424 wdev_unlock(dev->ieee80211_ptr); 2425 2426 return err; 2427 } 2428 2429 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 2430 { 2431 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2432 int err; 2433 struct net_device *dev = info->user_ptr[1]; 2434 u8 *mac_addr = NULL; 2435 struct key_parse key; 2436 2437 err = nl80211_parse_key(info, &key); 2438 if (err) 2439 return err; 2440 2441 if (info->attrs[NL80211_ATTR_MAC]) 2442 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2443 2444 if (key.type == -1) { 2445 if (mac_addr) 2446 key.type = NL80211_KEYTYPE_PAIRWISE; 2447 else 2448 key.type = NL80211_KEYTYPE_GROUP; 2449 } 2450 2451 /* for now */ 2452 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2453 key.type != NL80211_KEYTYPE_GROUP) 2454 return -EINVAL; 2455 2456 if (!rdev->ops->del_key) 2457 return -EOPNOTSUPP; 2458 2459 wdev_lock(dev->ieee80211_ptr); 2460 err = nl80211_key_allowed(dev->ieee80211_ptr); 2461 2462 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr && 2463 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2464 err = -ENOENT; 2465 2466 if (!err) 2467 err = rdev_del_key(rdev, dev, key.idx, 2468 key.type == NL80211_KEYTYPE_PAIRWISE, 2469 mac_addr); 2470 2471 #ifdef CONFIG_CFG80211_WEXT 2472 if (!err) { 2473 if (key.idx == dev->ieee80211_ptr->wext.default_key) 2474 dev->ieee80211_ptr->wext.default_key = -1; 2475 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 2476 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 2477 } 2478 #endif 2479 wdev_unlock(dev->ieee80211_ptr); 2480 2481 return err; 2482 } 2483 2484 static int nl80211_parse_beacon(struct genl_info *info, 2485 struct cfg80211_beacon_data *bcn) 2486 { 2487 bool haveinfo = false; 2488 2489 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) || 2490 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) || 2491 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) || 2492 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP])) 2493 return -EINVAL; 2494 2495 memset(bcn, 0, sizeof(*bcn)); 2496 2497 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 2498 bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2499 bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2500 if (!bcn->head_len) 2501 return -EINVAL; 2502 haveinfo = true; 2503 } 2504 2505 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 2506 bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2507 bcn->tail_len = 2508 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2509 haveinfo = true; 2510 } 2511 2512 if (!haveinfo) 2513 return -EINVAL; 2514 2515 if (info->attrs[NL80211_ATTR_IE]) { 2516 bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]); 2517 bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]); 2518 } 2519 2520 if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) { 2521 bcn->proberesp_ies = 2522 nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2523 bcn->proberesp_ies_len = 2524 nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2525 } 2526 2527 if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 2528 bcn->assocresp_ies = 2529 nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2530 bcn->assocresp_ies_len = 2531 nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2532 } 2533 2534 if (info->attrs[NL80211_ATTR_PROBE_RESP]) { 2535 bcn->probe_resp = 2536 nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]); 2537 bcn->probe_resp_len = 2538 nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]); 2539 } 2540 2541 return 0; 2542 } 2543 2544 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev, 2545 struct cfg80211_ap_settings *params) 2546 { 2547 struct wireless_dev *wdev; 2548 bool ret = false; 2549 2550 mutex_lock(&rdev->devlist_mtx); 2551 2552 list_for_each_entry(wdev, &rdev->wdev_list, list) { 2553 if (wdev->iftype != NL80211_IFTYPE_AP && 2554 wdev->iftype != NL80211_IFTYPE_P2P_GO) 2555 continue; 2556 2557 if (!wdev->preset_chandef.chan) 2558 continue; 2559 2560 params->chandef = wdev->preset_chandef; 2561 ret = true; 2562 break; 2563 } 2564 2565 mutex_unlock(&rdev->devlist_mtx); 2566 2567 return ret; 2568 } 2569 2570 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev, 2571 enum nl80211_auth_type auth_type, 2572 enum nl80211_commands cmd) 2573 { 2574 if (auth_type > NL80211_AUTHTYPE_MAX) 2575 return false; 2576 2577 switch (cmd) { 2578 case NL80211_CMD_AUTHENTICATE: 2579 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && 2580 auth_type == NL80211_AUTHTYPE_SAE) 2581 return false; 2582 return true; 2583 case NL80211_CMD_CONNECT: 2584 case NL80211_CMD_START_AP: 2585 /* SAE not supported yet */ 2586 if (auth_type == NL80211_AUTHTYPE_SAE) 2587 return false; 2588 return true; 2589 default: 2590 return false; 2591 } 2592 } 2593 2594 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 2595 { 2596 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2597 struct net_device *dev = info->user_ptr[1]; 2598 struct wireless_dev *wdev = dev->ieee80211_ptr; 2599 struct cfg80211_ap_settings params; 2600 int err; 2601 2602 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2603 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2604 return -EOPNOTSUPP; 2605 2606 if (!rdev->ops->start_ap) 2607 return -EOPNOTSUPP; 2608 2609 if (wdev->beacon_interval) 2610 return -EALREADY; 2611 2612 memset(¶ms, 0, sizeof(params)); 2613 2614 /* these are required for START_AP */ 2615 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 2616 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 2617 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 2618 return -EINVAL; 2619 2620 err = nl80211_parse_beacon(info, ¶ms.beacon); 2621 if (err) 2622 return err; 2623 2624 params.beacon_interval = 2625 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 2626 params.dtim_period = 2627 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 2628 2629 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval); 2630 if (err) 2631 return err; 2632 2633 /* 2634 * In theory, some of these attributes should be required here 2635 * but since they were not used when the command was originally 2636 * added, keep them optional for old user space programs to let 2637 * them continue to work with drivers that do not need the 2638 * additional information -- drivers must check! 2639 */ 2640 if (info->attrs[NL80211_ATTR_SSID]) { 2641 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 2642 params.ssid_len = 2643 nla_len(info->attrs[NL80211_ATTR_SSID]); 2644 if (params.ssid_len == 0 || 2645 params.ssid_len > IEEE80211_MAX_SSID_LEN) 2646 return -EINVAL; 2647 } 2648 2649 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) { 2650 params.hidden_ssid = nla_get_u32( 2651 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 2652 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE && 2653 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN && 2654 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS) 2655 return -EINVAL; 2656 } 2657 2658 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 2659 2660 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 2661 params.auth_type = nla_get_u32( 2662 info->attrs[NL80211_ATTR_AUTH_TYPE]); 2663 if (!nl80211_valid_auth_type(rdev, params.auth_type, 2664 NL80211_CMD_START_AP)) 2665 return -EINVAL; 2666 } else 2667 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 2668 2669 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto, 2670 NL80211_MAX_NR_CIPHER_SUITES); 2671 if (err) 2672 return err; 2673 2674 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 2675 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) 2676 return -EOPNOTSUPP; 2677 params.inactivity_timeout = nla_get_u16( 2678 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 2679 } 2680 2681 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 2682 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2683 return -EINVAL; 2684 params.p2p_ctwindow = 2685 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 2686 if (params.p2p_ctwindow > 127) 2687 return -EINVAL; 2688 if (params.p2p_ctwindow != 0 && 2689 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 2690 return -EINVAL; 2691 } 2692 2693 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 2694 u8 tmp; 2695 2696 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2697 return -EINVAL; 2698 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 2699 if (tmp > 1) 2700 return -EINVAL; 2701 params.p2p_opp_ps = tmp; 2702 if (params.p2p_opp_ps != 0 && 2703 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 2704 return -EINVAL; 2705 } 2706 2707 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 2708 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef); 2709 if (err) 2710 return err; 2711 } else if (wdev->preset_chandef.chan) { 2712 params.chandef = wdev->preset_chandef; 2713 } else if (!nl80211_get_ap_channel(rdev, ¶ms)) 2714 return -EINVAL; 2715 2716 if (!cfg80211_reg_can_beacon(&rdev->wiphy, ¶ms.chandef)) 2717 return -EINVAL; 2718 2719 mutex_lock(&rdev->devlist_mtx); 2720 err = cfg80211_can_use_chan(rdev, wdev, params.chandef.chan, 2721 CHAN_MODE_SHARED); 2722 mutex_unlock(&rdev->devlist_mtx); 2723 2724 if (err) 2725 return err; 2726 2727 err = rdev_start_ap(rdev, dev, ¶ms); 2728 if (!err) { 2729 wdev->preset_chandef = params.chandef; 2730 wdev->beacon_interval = params.beacon_interval; 2731 wdev->channel = params.chandef.chan; 2732 wdev->ssid_len = params.ssid_len; 2733 memcpy(wdev->ssid, params.ssid, wdev->ssid_len); 2734 } 2735 return err; 2736 } 2737 2738 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 2739 { 2740 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2741 struct net_device *dev = info->user_ptr[1]; 2742 struct wireless_dev *wdev = dev->ieee80211_ptr; 2743 struct cfg80211_beacon_data params; 2744 int err; 2745 2746 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2747 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2748 return -EOPNOTSUPP; 2749 2750 if (!rdev->ops->change_beacon) 2751 return -EOPNOTSUPP; 2752 2753 if (!wdev->beacon_interval) 2754 return -EINVAL; 2755 2756 err = nl80211_parse_beacon(info, ¶ms); 2757 if (err) 2758 return err; 2759 2760 return rdev_change_beacon(rdev, dev, ¶ms); 2761 } 2762 2763 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 2764 { 2765 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2766 struct net_device *dev = info->user_ptr[1]; 2767 2768 return cfg80211_stop_ap(rdev, dev); 2769 } 2770 2771 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 2772 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 2773 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 2774 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 2775 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 2776 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 2777 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 2778 }; 2779 2780 static int parse_station_flags(struct genl_info *info, 2781 enum nl80211_iftype iftype, 2782 struct station_parameters *params) 2783 { 2784 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 2785 struct nlattr *nla; 2786 int flag; 2787 2788 /* 2789 * Try parsing the new attribute first so userspace 2790 * can specify both for older kernels. 2791 */ 2792 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 2793 if (nla) { 2794 struct nl80211_sta_flag_update *sta_flags; 2795 2796 sta_flags = nla_data(nla); 2797 params->sta_flags_mask = sta_flags->mask; 2798 params->sta_flags_set = sta_flags->set; 2799 if ((params->sta_flags_mask | 2800 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 2801 return -EINVAL; 2802 return 0; 2803 } 2804 2805 /* if present, parse the old attribute */ 2806 2807 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 2808 if (!nla) 2809 return 0; 2810 2811 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 2812 nla, sta_flags_policy)) 2813 return -EINVAL; 2814 2815 /* 2816 * Only allow certain flags for interface types so that 2817 * other attributes are silently ignored. Remember that 2818 * this is backward compatibility code with old userspace 2819 * and shouldn't be hit in other cases anyway. 2820 */ 2821 switch (iftype) { 2822 case NL80211_IFTYPE_AP: 2823 case NL80211_IFTYPE_AP_VLAN: 2824 case NL80211_IFTYPE_P2P_GO: 2825 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2826 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 2827 BIT(NL80211_STA_FLAG_WME) | 2828 BIT(NL80211_STA_FLAG_MFP); 2829 break; 2830 case NL80211_IFTYPE_P2P_CLIENT: 2831 case NL80211_IFTYPE_STATION: 2832 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2833 BIT(NL80211_STA_FLAG_TDLS_PEER); 2834 break; 2835 case NL80211_IFTYPE_MESH_POINT: 2836 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 2837 BIT(NL80211_STA_FLAG_MFP) | 2838 BIT(NL80211_STA_FLAG_AUTHORIZED); 2839 default: 2840 return -EINVAL; 2841 } 2842 2843 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) { 2844 if (flags[flag]) { 2845 params->sta_flags_set |= (1<<flag); 2846 2847 /* no longer support new API additions in old API */ 2848 if (flag > NL80211_STA_FLAG_MAX_OLD_API) 2849 return -EINVAL; 2850 } 2851 } 2852 2853 return 0; 2854 } 2855 2856 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, 2857 int attr) 2858 { 2859 struct nlattr *rate; 2860 u32 bitrate; 2861 u16 bitrate_compat; 2862 2863 rate = nla_nest_start(msg, attr); 2864 if (!rate) 2865 return false; 2866 2867 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 2868 bitrate = cfg80211_calculate_bitrate(info); 2869 /* report 16-bit bitrate only if we can */ 2870 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0; 2871 if (bitrate > 0 && 2872 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) 2873 return false; 2874 if (bitrate_compat > 0 && 2875 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) 2876 return false; 2877 2878 if (info->flags & RATE_INFO_FLAGS_MCS) { 2879 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) 2880 return false; 2881 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH && 2882 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) 2883 return false; 2884 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 2885 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 2886 return false; 2887 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) { 2888 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs)) 2889 return false; 2890 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss)) 2891 return false; 2892 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH && 2893 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) 2894 return false; 2895 if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH && 2896 nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH)) 2897 return false; 2898 if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH && 2899 nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH)) 2900 return false; 2901 if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH && 2902 nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH)) 2903 return false; 2904 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 2905 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 2906 return false; 2907 } 2908 2909 nla_nest_end(msg, rate); 2910 return true; 2911 } 2912 2913 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq, 2914 int flags, 2915 struct cfg80211_registered_device *rdev, 2916 struct net_device *dev, 2917 const u8 *mac_addr, struct station_info *sinfo) 2918 { 2919 void *hdr; 2920 struct nlattr *sinfoattr, *bss_param; 2921 2922 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION); 2923 if (!hdr) 2924 return -1; 2925 2926 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2927 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 2928 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation)) 2929 goto nla_put_failure; 2930 2931 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 2932 if (!sinfoattr) 2933 goto nla_put_failure; 2934 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) && 2935 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME, 2936 sinfo->connected_time)) 2937 goto nla_put_failure; 2938 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) && 2939 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME, 2940 sinfo->inactive_time)) 2941 goto nla_put_failure; 2942 if ((sinfo->filled & STATION_INFO_RX_BYTES) && 2943 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES, 2944 sinfo->rx_bytes)) 2945 goto nla_put_failure; 2946 if ((sinfo->filled & STATION_INFO_TX_BYTES) && 2947 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 2948 sinfo->tx_bytes)) 2949 goto nla_put_failure; 2950 if ((sinfo->filled & STATION_INFO_LLID) && 2951 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid)) 2952 goto nla_put_failure; 2953 if ((sinfo->filled & STATION_INFO_PLID) && 2954 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid)) 2955 goto nla_put_failure; 2956 if ((sinfo->filled & STATION_INFO_PLINK_STATE) && 2957 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE, 2958 sinfo->plink_state)) 2959 goto nla_put_failure; 2960 switch (rdev->wiphy.signal_type) { 2961 case CFG80211_SIGNAL_TYPE_MBM: 2962 if ((sinfo->filled & STATION_INFO_SIGNAL) && 2963 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL, 2964 sinfo->signal)) 2965 goto nla_put_failure; 2966 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) && 2967 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG, 2968 sinfo->signal_avg)) 2969 goto nla_put_failure; 2970 break; 2971 default: 2972 break; 2973 } 2974 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 2975 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 2976 NL80211_STA_INFO_TX_BITRATE)) 2977 goto nla_put_failure; 2978 } 2979 if (sinfo->filled & STATION_INFO_RX_BITRATE) { 2980 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 2981 NL80211_STA_INFO_RX_BITRATE)) 2982 goto nla_put_failure; 2983 } 2984 if ((sinfo->filled & STATION_INFO_RX_PACKETS) && 2985 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS, 2986 sinfo->rx_packets)) 2987 goto nla_put_failure; 2988 if ((sinfo->filled & STATION_INFO_TX_PACKETS) && 2989 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS, 2990 sinfo->tx_packets)) 2991 goto nla_put_failure; 2992 if ((sinfo->filled & STATION_INFO_TX_RETRIES) && 2993 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES, 2994 sinfo->tx_retries)) 2995 goto nla_put_failure; 2996 if ((sinfo->filled & STATION_INFO_TX_FAILED) && 2997 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED, 2998 sinfo->tx_failed)) 2999 goto nla_put_failure; 3000 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) && 3001 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS, 3002 sinfo->beacon_loss_count)) 3003 goto nla_put_failure; 3004 if (sinfo->filled & STATION_INFO_BSS_PARAM) { 3005 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM); 3006 if (!bss_param) 3007 goto nla_put_failure; 3008 3009 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) && 3010 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) || 3011 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) && 3012 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) || 3013 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) && 3014 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) || 3015 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 3016 sinfo->bss_param.dtim_period) || 3017 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 3018 sinfo->bss_param.beacon_interval)) 3019 goto nla_put_failure; 3020 3021 nla_nest_end(msg, bss_param); 3022 } 3023 if ((sinfo->filled & STATION_INFO_STA_FLAGS) && 3024 nla_put(msg, NL80211_STA_INFO_STA_FLAGS, 3025 sizeof(struct nl80211_sta_flag_update), 3026 &sinfo->sta_flags)) 3027 goto nla_put_failure; 3028 if ((sinfo->filled & STATION_INFO_T_OFFSET) && 3029 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET, 3030 sinfo->t_offset)) 3031 goto nla_put_failure; 3032 nla_nest_end(msg, sinfoattr); 3033 3034 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) && 3035 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 3036 sinfo->assoc_req_ies)) 3037 goto nla_put_failure; 3038 3039 return genlmsg_end(msg, hdr); 3040 3041 nla_put_failure: 3042 genlmsg_cancel(msg, hdr); 3043 return -EMSGSIZE; 3044 } 3045 3046 static int nl80211_dump_station(struct sk_buff *skb, 3047 struct netlink_callback *cb) 3048 { 3049 struct station_info sinfo; 3050 struct cfg80211_registered_device *dev; 3051 struct net_device *netdev; 3052 u8 mac_addr[ETH_ALEN]; 3053 int sta_idx = cb->args[1]; 3054 int err; 3055 3056 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 3057 if (err) 3058 return err; 3059 3060 if (!dev->ops->dump_station) { 3061 err = -EOPNOTSUPP; 3062 goto out_err; 3063 } 3064 3065 while (1) { 3066 memset(&sinfo, 0, sizeof(sinfo)); 3067 err = rdev_dump_station(dev, netdev, sta_idx, 3068 mac_addr, &sinfo); 3069 if (err == -ENOENT) 3070 break; 3071 if (err) 3072 goto out_err; 3073 3074 if (nl80211_send_station(skb, 3075 NETLINK_CB(cb->skb).portid, 3076 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3077 dev, netdev, mac_addr, 3078 &sinfo) < 0) 3079 goto out; 3080 3081 sta_idx++; 3082 } 3083 3084 3085 out: 3086 cb->args[1] = sta_idx; 3087 err = skb->len; 3088 out_err: 3089 nl80211_finish_netdev_dump(dev); 3090 3091 return err; 3092 } 3093 3094 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 3095 { 3096 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3097 struct net_device *dev = info->user_ptr[1]; 3098 struct station_info sinfo; 3099 struct sk_buff *msg; 3100 u8 *mac_addr = NULL; 3101 int err; 3102 3103 memset(&sinfo, 0, sizeof(sinfo)); 3104 3105 if (!info->attrs[NL80211_ATTR_MAC]) 3106 return -EINVAL; 3107 3108 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3109 3110 if (!rdev->ops->get_station) 3111 return -EOPNOTSUPP; 3112 3113 err = rdev_get_station(rdev, dev, mac_addr, &sinfo); 3114 if (err) 3115 return err; 3116 3117 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3118 if (!msg) 3119 return -ENOMEM; 3120 3121 if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0, 3122 rdev, dev, mac_addr, &sinfo) < 0) { 3123 nlmsg_free(msg); 3124 return -ENOBUFS; 3125 } 3126 3127 return genlmsg_reply(msg, info); 3128 } 3129 3130 /* 3131 * Get vlan interface making sure it is running and on the right wiphy. 3132 */ 3133 static struct net_device *get_vlan(struct genl_info *info, 3134 struct cfg80211_registered_device *rdev) 3135 { 3136 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 3137 struct net_device *v; 3138 int ret; 3139 3140 if (!vlanattr) 3141 return NULL; 3142 3143 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 3144 if (!v) 3145 return ERR_PTR(-ENODEV); 3146 3147 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 3148 ret = -EINVAL; 3149 goto error; 3150 } 3151 3152 if (!netif_running(v)) { 3153 ret = -ENETDOWN; 3154 goto error; 3155 } 3156 3157 return v; 3158 error: 3159 dev_put(v); 3160 return ERR_PTR(ret); 3161 } 3162 3163 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 3164 { 3165 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3166 int err; 3167 struct net_device *dev = info->user_ptr[1]; 3168 struct station_parameters params; 3169 u8 *mac_addr = NULL; 3170 3171 memset(¶ms, 0, sizeof(params)); 3172 3173 params.listen_interval = -1; 3174 params.plink_state = -1; 3175 3176 if (info->attrs[NL80211_ATTR_STA_AID]) 3177 return -EINVAL; 3178 3179 if (!info->attrs[NL80211_ATTR_MAC]) 3180 return -EINVAL; 3181 3182 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3183 3184 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 3185 params.supported_rates = 3186 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3187 params.supported_rates_len = 3188 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3189 } 3190 3191 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 3192 params.listen_interval = 3193 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 3194 3195 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 3196 params.ht_capa = 3197 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 3198 3199 if (!rdev->ops->change_station) 3200 return -EOPNOTSUPP; 3201 3202 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 3203 return -EINVAL; 3204 3205 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 3206 params.plink_action = 3207 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 3208 3209 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) 3210 params.plink_state = 3211 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 3212 3213 switch (dev->ieee80211_ptr->iftype) { 3214 case NL80211_IFTYPE_AP: 3215 case NL80211_IFTYPE_AP_VLAN: 3216 case NL80211_IFTYPE_P2P_GO: 3217 /* disallow mesh-specific things */ 3218 if (params.plink_action) 3219 return -EINVAL; 3220 3221 /* TDLS can't be set, ... */ 3222 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3223 return -EINVAL; 3224 /* 3225 * ... but don't bother the driver with it. This works around 3226 * a hostapd/wpa_supplicant issue -- it always includes the 3227 * TLDS_PEER flag in the mask even for AP mode. 3228 */ 3229 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3230 3231 /* accept only the listed bits */ 3232 if (params.sta_flags_mask & 3233 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 3234 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 3235 BIT(NL80211_STA_FLAG_WME) | 3236 BIT(NL80211_STA_FLAG_MFP))) 3237 return -EINVAL; 3238 3239 /* must be last in here for error handling */ 3240 params.vlan = get_vlan(info, rdev); 3241 if (IS_ERR(params.vlan)) 3242 return PTR_ERR(params.vlan); 3243 break; 3244 case NL80211_IFTYPE_P2P_CLIENT: 3245 case NL80211_IFTYPE_STATION: 3246 /* 3247 * Don't allow userspace to change the TDLS_PEER flag, 3248 * but silently ignore attempts to change it since we 3249 * don't have state here to verify that it doesn't try 3250 * to change the flag. 3251 */ 3252 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3253 /* fall through */ 3254 case NL80211_IFTYPE_ADHOC: 3255 /* disallow things sta doesn't support */ 3256 if (params.plink_action) 3257 return -EINVAL; 3258 if (params.ht_capa) 3259 return -EINVAL; 3260 if (params.listen_interval >= 0) 3261 return -EINVAL; 3262 /* reject any changes other than AUTHORIZED */ 3263 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 3264 return -EINVAL; 3265 break; 3266 case NL80211_IFTYPE_MESH_POINT: 3267 /* disallow things mesh doesn't support */ 3268 if (params.vlan) 3269 return -EINVAL; 3270 if (params.ht_capa) 3271 return -EINVAL; 3272 if (params.listen_interval >= 0) 3273 return -EINVAL; 3274 /* 3275 * No special handling for TDLS here -- the userspace 3276 * mesh code doesn't have this bug. 3277 */ 3278 if (params.sta_flags_mask & 3279 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3280 BIT(NL80211_STA_FLAG_MFP) | 3281 BIT(NL80211_STA_FLAG_AUTHORIZED))) 3282 return -EINVAL; 3283 break; 3284 default: 3285 return -EOPNOTSUPP; 3286 } 3287 3288 /* be aware of params.vlan when changing code here */ 3289 3290 err = rdev_change_station(rdev, dev, mac_addr, ¶ms); 3291 3292 if (params.vlan) 3293 dev_put(params.vlan); 3294 3295 return err; 3296 } 3297 3298 static struct nla_policy 3299 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = { 3300 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 3301 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 3302 }; 3303 3304 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 3305 { 3306 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3307 int err; 3308 struct net_device *dev = info->user_ptr[1]; 3309 struct station_parameters params; 3310 u8 *mac_addr = NULL; 3311 3312 memset(¶ms, 0, sizeof(params)); 3313 3314 if (!info->attrs[NL80211_ATTR_MAC]) 3315 return -EINVAL; 3316 3317 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 3318 return -EINVAL; 3319 3320 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 3321 return -EINVAL; 3322 3323 if (!info->attrs[NL80211_ATTR_STA_AID]) 3324 return -EINVAL; 3325 3326 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3327 params.supported_rates = 3328 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3329 params.supported_rates_len = 3330 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3331 params.listen_interval = 3332 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 3333 3334 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 3335 if (!params.aid || params.aid > IEEE80211_MAX_AID) 3336 return -EINVAL; 3337 3338 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 3339 params.ht_capa = 3340 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 3341 3342 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 3343 params.vht_capa = 3344 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 3345 3346 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 3347 params.plink_action = 3348 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 3349 3350 if (!rdev->ops->add_station) 3351 return -EOPNOTSUPP; 3352 3353 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 3354 return -EINVAL; 3355 3356 switch (dev->ieee80211_ptr->iftype) { 3357 case NL80211_IFTYPE_AP: 3358 case NL80211_IFTYPE_AP_VLAN: 3359 case NL80211_IFTYPE_P2P_GO: 3360 /* parse WME attributes if sta is WME capable */ 3361 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 3362 (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) && 3363 info->attrs[NL80211_ATTR_STA_WME]) { 3364 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 3365 struct nlattr *nla; 3366 3367 nla = info->attrs[NL80211_ATTR_STA_WME]; 3368 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 3369 nl80211_sta_wme_policy); 3370 if (err) 3371 return err; 3372 3373 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 3374 params.uapsd_queues = 3375 nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]); 3376 if (params.uapsd_queues & 3377 ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 3378 return -EINVAL; 3379 3380 if (tb[NL80211_STA_WME_MAX_SP]) 3381 params.max_sp = 3382 nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 3383 3384 if (params.max_sp & 3385 ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 3386 return -EINVAL; 3387 3388 params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 3389 } 3390 /* TDLS peers cannot be added */ 3391 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3392 return -EINVAL; 3393 /* but don't bother the driver with it */ 3394 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3395 3396 /* must be last in here for error handling */ 3397 params.vlan = get_vlan(info, rdev); 3398 if (IS_ERR(params.vlan)) 3399 return PTR_ERR(params.vlan); 3400 break; 3401 case NL80211_IFTYPE_MESH_POINT: 3402 /* TDLS peers cannot be added */ 3403 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3404 return -EINVAL; 3405 break; 3406 case NL80211_IFTYPE_STATION: 3407 /* Only TDLS peers can be added */ 3408 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 3409 return -EINVAL; 3410 /* Can only add if TDLS ... */ 3411 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 3412 return -EOPNOTSUPP; 3413 /* ... with external setup is supported */ 3414 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 3415 return -EOPNOTSUPP; 3416 break; 3417 default: 3418 return -EOPNOTSUPP; 3419 } 3420 3421 /* be aware of params.vlan when changing code here */ 3422 3423 err = rdev_add_station(rdev, dev, mac_addr, ¶ms); 3424 3425 if (params.vlan) 3426 dev_put(params.vlan); 3427 return err; 3428 } 3429 3430 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 3431 { 3432 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3433 struct net_device *dev = info->user_ptr[1]; 3434 u8 *mac_addr = NULL; 3435 3436 if (info->attrs[NL80211_ATTR_MAC]) 3437 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3438 3439 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3440 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 3441 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 3442 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3443 return -EINVAL; 3444 3445 if (!rdev->ops->del_station) 3446 return -EOPNOTSUPP; 3447 3448 return rdev_del_station(rdev, dev, mac_addr); 3449 } 3450 3451 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq, 3452 int flags, struct net_device *dev, 3453 u8 *dst, u8 *next_hop, 3454 struct mpath_info *pinfo) 3455 { 3456 void *hdr; 3457 struct nlattr *pinfoattr; 3458 3459 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION); 3460 if (!hdr) 3461 return -1; 3462 3463 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3464 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || 3465 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) || 3466 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation)) 3467 goto nla_put_failure; 3468 3469 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 3470 if (!pinfoattr) 3471 goto nla_put_failure; 3472 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) && 3473 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 3474 pinfo->frame_qlen)) 3475 goto nla_put_failure; 3476 if (((pinfo->filled & MPATH_INFO_SN) && 3477 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) || 3478 ((pinfo->filled & MPATH_INFO_METRIC) && 3479 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC, 3480 pinfo->metric)) || 3481 ((pinfo->filled & MPATH_INFO_EXPTIME) && 3482 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME, 3483 pinfo->exptime)) || 3484 ((pinfo->filled & MPATH_INFO_FLAGS) && 3485 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS, 3486 pinfo->flags)) || 3487 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) && 3488 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 3489 pinfo->discovery_timeout)) || 3490 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) && 3491 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 3492 pinfo->discovery_retries))) 3493 goto nla_put_failure; 3494 3495 nla_nest_end(msg, pinfoattr); 3496 3497 return genlmsg_end(msg, hdr); 3498 3499 nla_put_failure: 3500 genlmsg_cancel(msg, hdr); 3501 return -EMSGSIZE; 3502 } 3503 3504 static int nl80211_dump_mpath(struct sk_buff *skb, 3505 struct netlink_callback *cb) 3506 { 3507 struct mpath_info pinfo; 3508 struct cfg80211_registered_device *dev; 3509 struct net_device *netdev; 3510 u8 dst[ETH_ALEN]; 3511 u8 next_hop[ETH_ALEN]; 3512 int path_idx = cb->args[1]; 3513 int err; 3514 3515 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 3516 if (err) 3517 return err; 3518 3519 if (!dev->ops->dump_mpath) { 3520 err = -EOPNOTSUPP; 3521 goto out_err; 3522 } 3523 3524 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 3525 err = -EOPNOTSUPP; 3526 goto out_err; 3527 } 3528 3529 while (1) { 3530 err = rdev_dump_mpath(dev, netdev, path_idx, dst, next_hop, 3531 &pinfo); 3532 if (err == -ENOENT) 3533 break; 3534 if (err) 3535 goto out_err; 3536 3537 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 3538 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3539 netdev, dst, next_hop, 3540 &pinfo) < 0) 3541 goto out; 3542 3543 path_idx++; 3544 } 3545 3546 3547 out: 3548 cb->args[1] = path_idx; 3549 err = skb->len; 3550 out_err: 3551 nl80211_finish_netdev_dump(dev); 3552 return err; 3553 } 3554 3555 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 3556 { 3557 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3558 int err; 3559 struct net_device *dev = info->user_ptr[1]; 3560 struct mpath_info pinfo; 3561 struct sk_buff *msg; 3562 u8 *dst = NULL; 3563 u8 next_hop[ETH_ALEN]; 3564 3565 memset(&pinfo, 0, sizeof(pinfo)); 3566 3567 if (!info->attrs[NL80211_ATTR_MAC]) 3568 return -EINVAL; 3569 3570 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3571 3572 if (!rdev->ops->get_mpath) 3573 return -EOPNOTSUPP; 3574 3575 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3576 return -EOPNOTSUPP; 3577 3578 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo); 3579 if (err) 3580 return err; 3581 3582 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3583 if (!msg) 3584 return -ENOMEM; 3585 3586 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 3587 dev, dst, next_hop, &pinfo) < 0) { 3588 nlmsg_free(msg); 3589 return -ENOBUFS; 3590 } 3591 3592 return genlmsg_reply(msg, info); 3593 } 3594 3595 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 3596 { 3597 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3598 struct net_device *dev = info->user_ptr[1]; 3599 u8 *dst = NULL; 3600 u8 *next_hop = NULL; 3601 3602 if (!info->attrs[NL80211_ATTR_MAC]) 3603 return -EINVAL; 3604 3605 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3606 return -EINVAL; 3607 3608 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3609 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3610 3611 if (!rdev->ops->change_mpath) 3612 return -EOPNOTSUPP; 3613 3614 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3615 return -EOPNOTSUPP; 3616 3617 return rdev_change_mpath(rdev, dev, dst, next_hop); 3618 } 3619 3620 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 3621 { 3622 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3623 struct net_device *dev = info->user_ptr[1]; 3624 u8 *dst = NULL; 3625 u8 *next_hop = NULL; 3626 3627 if (!info->attrs[NL80211_ATTR_MAC]) 3628 return -EINVAL; 3629 3630 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3631 return -EINVAL; 3632 3633 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3634 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3635 3636 if (!rdev->ops->add_mpath) 3637 return -EOPNOTSUPP; 3638 3639 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3640 return -EOPNOTSUPP; 3641 3642 return rdev_add_mpath(rdev, dev, dst, next_hop); 3643 } 3644 3645 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 3646 { 3647 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3648 struct net_device *dev = info->user_ptr[1]; 3649 u8 *dst = NULL; 3650 3651 if (info->attrs[NL80211_ATTR_MAC]) 3652 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3653 3654 if (!rdev->ops->del_mpath) 3655 return -EOPNOTSUPP; 3656 3657 return rdev_del_mpath(rdev, dev, dst); 3658 } 3659 3660 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 3661 { 3662 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3663 struct net_device *dev = info->user_ptr[1]; 3664 struct bss_parameters params; 3665 3666 memset(¶ms, 0, sizeof(params)); 3667 /* default to not changing parameters */ 3668 params.use_cts_prot = -1; 3669 params.use_short_preamble = -1; 3670 params.use_short_slot_time = -1; 3671 params.ap_isolate = -1; 3672 params.ht_opmode = -1; 3673 params.p2p_ctwindow = -1; 3674 params.p2p_opp_ps = -1; 3675 3676 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 3677 params.use_cts_prot = 3678 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 3679 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 3680 params.use_short_preamble = 3681 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 3682 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 3683 params.use_short_slot_time = 3684 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 3685 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 3686 params.basic_rates = 3687 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3688 params.basic_rates_len = 3689 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3690 } 3691 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 3692 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 3693 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 3694 params.ht_opmode = 3695 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 3696 3697 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 3698 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3699 return -EINVAL; 3700 params.p2p_ctwindow = 3701 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 3702 if (params.p2p_ctwindow < 0) 3703 return -EINVAL; 3704 if (params.p2p_ctwindow != 0 && 3705 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 3706 return -EINVAL; 3707 } 3708 3709 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 3710 u8 tmp; 3711 3712 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3713 return -EINVAL; 3714 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 3715 if (tmp > 1) 3716 return -EINVAL; 3717 params.p2p_opp_ps = tmp; 3718 if (params.p2p_opp_ps && 3719 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 3720 return -EINVAL; 3721 } 3722 3723 if (!rdev->ops->change_bss) 3724 return -EOPNOTSUPP; 3725 3726 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3727 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3728 return -EOPNOTSUPP; 3729 3730 return rdev_change_bss(rdev, dev, ¶ms); 3731 } 3732 3733 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 3734 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 3735 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 3736 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 3737 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 3738 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 3739 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 3740 }; 3741 3742 static int parse_reg_rule(struct nlattr *tb[], 3743 struct ieee80211_reg_rule *reg_rule) 3744 { 3745 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 3746 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 3747 3748 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 3749 return -EINVAL; 3750 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 3751 return -EINVAL; 3752 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 3753 return -EINVAL; 3754 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 3755 return -EINVAL; 3756 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 3757 return -EINVAL; 3758 3759 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 3760 3761 freq_range->start_freq_khz = 3762 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 3763 freq_range->end_freq_khz = 3764 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 3765 freq_range->max_bandwidth_khz = 3766 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 3767 3768 power_rule->max_eirp = 3769 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 3770 3771 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 3772 power_rule->max_antenna_gain = 3773 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 3774 3775 return 0; 3776 } 3777 3778 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 3779 { 3780 int r; 3781 char *data = NULL; 3782 enum nl80211_user_reg_hint_type user_reg_hint_type; 3783 3784 /* 3785 * You should only get this when cfg80211 hasn't yet initialized 3786 * completely when built-in to the kernel right between the time 3787 * window between nl80211_init() and regulatory_init(), if that is 3788 * even possible. 3789 */ 3790 mutex_lock(&cfg80211_mutex); 3791 if (unlikely(!cfg80211_regdomain)) { 3792 mutex_unlock(&cfg80211_mutex); 3793 return -EINPROGRESS; 3794 } 3795 mutex_unlock(&cfg80211_mutex); 3796 3797 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 3798 return -EINVAL; 3799 3800 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 3801 3802 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]) 3803 user_reg_hint_type = 3804 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]); 3805 else 3806 user_reg_hint_type = NL80211_USER_REG_HINT_USER; 3807 3808 switch (user_reg_hint_type) { 3809 case NL80211_USER_REG_HINT_USER: 3810 case NL80211_USER_REG_HINT_CELL_BASE: 3811 break; 3812 default: 3813 return -EINVAL; 3814 } 3815 3816 r = regulatory_hint_user(data, user_reg_hint_type); 3817 3818 return r; 3819 } 3820 3821 static int nl80211_get_mesh_config(struct sk_buff *skb, 3822 struct genl_info *info) 3823 { 3824 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3825 struct net_device *dev = info->user_ptr[1]; 3826 struct wireless_dev *wdev = dev->ieee80211_ptr; 3827 struct mesh_config cur_params; 3828 int err = 0; 3829 void *hdr; 3830 struct nlattr *pinfoattr; 3831 struct sk_buff *msg; 3832 3833 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 3834 return -EOPNOTSUPP; 3835 3836 if (!rdev->ops->get_mesh_config) 3837 return -EOPNOTSUPP; 3838 3839 wdev_lock(wdev); 3840 /* If not connected, get default parameters */ 3841 if (!wdev->mesh_id_len) 3842 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 3843 else 3844 err = rdev_get_mesh_config(rdev, dev, &cur_params); 3845 wdev_unlock(wdev); 3846 3847 if (err) 3848 return err; 3849 3850 /* Draw up a netlink message to send back */ 3851 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3852 if (!msg) 3853 return -ENOMEM; 3854 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 3855 NL80211_CMD_GET_MESH_CONFIG); 3856 if (!hdr) 3857 goto out; 3858 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); 3859 if (!pinfoattr) 3860 goto nla_put_failure; 3861 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3862 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 3863 cur_params.dot11MeshRetryTimeout) || 3864 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 3865 cur_params.dot11MeshConfirmTimeout) || 3866 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 3867 cur_params.dot11MeshHoldingTimeout) || 3868 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 3869 cur_params.dot11MeshMaxPeerLinks) || 3870 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES, 3871 cur_params.dot11MeshMaxRetries) || 3872 nla_put_u8(msg, NL80211_MESHCONF_TTL, 3873 cur_params.dot11MeshTTL) || 3874 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL, 3875 cur_params.element_ttl) || 3876 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 3877 cur_params.auto_open_plinks) || 3878 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 3879 cur_params.dot11MeshNbrOffsetMaxNeighbor) || 3880 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3881 cur_params.dot11MeshHWMPmaxPREQretries) || 3882 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 3883 cur_params.path_refresh_time) || 3884 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3885 cur_params.min_discovery_timeout) || 3886 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3887 cur_params.dot11MeshHWMPactivePathTimeout) || 3888 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3889 cur_params.dot11MeshHWMPpreqMinInterval) || 3890 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3891 cur_params.dot11MeshHWMPperrMinInterval) || 3892 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3893 cur_params.dot11MeshHWMPnetDiameterTraversalTime) || 3894 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 3895 cur_params.dot11MeshHWMPRootMode) || 3896 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3897 cur_params.dot11MeshHWMPRannInterval) || 3898 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3899 cur_params.dot11MeshGateAnnouncementProtocol) || 3900 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING, 3901 cur_params.dot11MeshForwarding) || 3902 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 3903 cur_params.rssi_threshold) || 3904 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE, 3905 cur_params.ht_opmode) || 3906 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 3907 cur_params.dot11MeshHWMPactivePathToRootTimeout) || 3908 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 3909 cur_params.dot11MeshHWMProotInterval) || 3910 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 3911 cur_params.dot11MeshHWMPconfirmationInterval)) 3912 goto nla_put_failure; 3913 nla_nest_end(msg, pinfoattr); 3914 genlmsg_end(msg, hdr); 3915 return genlmsg_reply(msg, info); 3916 3917 nla_put_failure: 3918 genlmsg_cancel(msg, hdr); 3919 out: 3920 nlmsg_free(msg); 3921 return -ENOBUFS; 3922 } 3923 3924 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 3925 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 3926 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 3927 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 3928 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 3929 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 3930 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 3931 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 }, 3932 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 3933 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 }, 3934 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 3935 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 3936 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 3937 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 3938 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 3939 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 }, 3940 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 3941 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 }, 3942 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 }, 3943 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 }, 3944 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 }, 3945 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 }, 3946 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 }, 3947 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 }, 3948 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 }, 3949 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 }, 3950 }; 3951 3952 static const struct nla_policy 3953 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 3954 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 }, 3955 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 3956 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 3957 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 3958 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY, 3959 .len = IEEE80211_MAX_DATA_LEN }, 3960 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 3961 }; 3962 3963 static int nl80211_parse_mesh_config(struct genl_info *info, 3964 struct mesh_config *cfg, 3965 u32 *mask_out) 3966 { 3967 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 3968 u32 mask = 0; 3969 3970 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \ 3971 do {\ 3972 if (table[attr_num]) {\ 3973 cfg->param = nla_fn(table[attr_num]); \ 3974 mask |= (1 << (attr_num - 1)); \ 3975 } \ 3976 } while (0);\ 3977 3978 3979 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 3980 return -EINVAL; 3981 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 3982 info->attrs[NL80211_ATTR_MESH_CONFIG], 3983 nl80211_meshconf_params_policy)) 3984 return -EINVAL; 3985 3986 /* This makes sure that there aren't more than 32 mesh config 3987 * parameters (otherwise our bitfield scheme would not work.) */ 3988 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 3989 3990 /* Fill in the params struct */ 3991 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 3992 mask, NL80211_MESHCONF_RETRY_TIMEOUT, 3993 nla_get_u16); 3994 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 3995 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, 3996 nla_get_u16); 3997 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 3998 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, 3999 nla_get_u16); 4000 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 4001 mask, NL80211_MESHCONF_MAX_PEER_LINKS, 4002 nla_get_u16); 4003 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 4004 mask, NL80211_MESHCONF_MAX_RETRIES, 4005 nla_get_u8); 4006 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 4007 mask, NL80211_MESHCONF_TTL, nla_get_u8); 4008 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 4009 mask, NL80211_MESHCONF_ELEMENT_TTL, 4010 nla_get_u8); 4011 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 4012 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 4013 nla_get_u8); 4014 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, mask, 4015 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 4016 nla_get_u32); 4017 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 4018 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 4019 nla_get_u8); 4020 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 4021 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, 4022 nla_get_u32); 4023 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 4024 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 4025 nla_get_u16); 4026 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, mask, 4027 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 4028 nla_get_u32); 4029 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 4030 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 4031 nla_get_u16); 4032 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, 4033 mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 4034 nla_get_u16); 4035 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 4036 dot11MeshHWMPnetDiameterTraversalTime, mask, 4037 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 4038 nla_get_u16); 4039 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask, 4040 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8); 4041 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask, 4042 NL80211_MESHCONF_HWMP_RANN_INTERVAL, 4043 nla_get_u16); 4044 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 4045 dot11MeshGateAnnouncementProtocol, mask, 4046 NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 4047 nla_get_u8); 4048 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 4049 mask, NL80211_MESHCONF_FORWARDING, 4050 nla_get_u8); 4051 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 4052 mask, NL80211_MESHCONF_RSSI_THRESHOLD, 4053 nla_get_u32); 4054 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 4055 mask, NL80211_MESHCONF_HT_OPMODE, 4056 nla_get_u16); 4057 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout, 4058 mask, 4059 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 4060 nla_get_u32); 4061 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 4062 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 4063 nla_get_u16); 4064 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 4065 dot11MeshHWMPconfirmationInterval, mask, 4066 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 4067 nla_get_u16); 4068 if (mask_out) 4069 *mask_out = mask; 4070 4071 return 0; 4072 4073 #undef FILL_IN_MESH_PARAM_IF_SET 4074 } 4075 4076 static int nl80211_parse_mesh_setup(struct genl_info *info, 4077 struct mesh_setup *setup) 4078 { 4079 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 4080 4081 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 4082 return -EINVAL; 4083 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX, 4084 info->attrs[NL80211_ATTR_MESH_SETUP], 4085 nl80211_mesh_setup_params_policy)) 4086 return -EINVAL; 4087 4088 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC]) 4089 setup->sync_method = 4090 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ? 4091 IEEE80211_SYNC_METHOD_VENDOR : 4092 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET; 4093 4094 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 4095 setup->path_sel_proto = 4096 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 4097 IEEE80211_PATH_PROTOCOL_VENDOR : 4098 IEEE80211_PATH_PROTOCOL_HWMP; 4099 4100 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 4101 setup->path_metric = 4102 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 4103 IEEE80211_PATH_METRIC_VENDOR : 4104 IEEE80211_PATH_METRIC_AIRTIME; 4105 4106 4107 if (tb[NL80211_MESH_SETUP_IE]) { 4108 struct nlattr *ieattr = 4109 tb[NL80211_MESH_SETUP_IE]; 4110 if (!is_valid_ie_attr(ieattr)) 4111 return -EINVAL; 4112 setup->ie = nla_data(ieattr); 4113 setup->ie_len = nla_len(ieattr); 4114 } 4115 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 4116 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 4117 4118 return 0; 4119 } 4120 4121 static int nl80211_update_mesh_config(struct sk_buff *skb, 4122 struct genl_info *info) 4123 { 4124 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4125 struct net_device *dev = info->user_ptr[1]; 4126 struct wireless_dev *wdev = dev->ieee80211_ptr; 4127 struct mesh_config cfg; 4128 u32 mask; 4129 int err; 4130 4131 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 4132 return -EOPNOTSUPP; 4133 4134 if (!rdev->ops->update_mesh_config) 4135 return -EOPNOTSUPP; 4136 4137 err = nl80211_parse_mesh_config(info, &cfg, &mask); 4138 if (err) 4139 return err; 4140 4141 wdev_lock(wdev); 4142 if (!wdev->mesh_id_len) 4143 err = -ENOLINK; 4144 4145 if (!err) 4146 err = rdev_update_mesh_config(rdev, dev, mask, &cfg); 4147 4148 wdev_unlock(wdev); 4149 4150 return err; 4151 } 4152 4153 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 4154 { 4155 struct sk_buff *msg; 4156 void *hdr = NULL; 4157 struct nlattr *nl_reg_rules; 4158 unsigned int i; 4159 int err = -EINVAL; 4160 4161 mutex_lock(&cfg80211_mutex); 4162 4163 if (!cfg80211_regdomain) 4164 goto out; 4165 4166 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4167 if (!msg) { 4168 err = -ENOBUFS; 4169 goto out; 4170 } 4171 4172 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 4173 NL80211_CMD_GET_REG); 4174 if (!hdr) 4175 goto put_failure; 4176 4177 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 4178 cfg80211_regdomain->alpha2) || 4179 (cfg80211_regdomain->dfs_region && 4180 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, 4181 cfg80211_regdomain->dfs_region))) 4182 goto nla_put_failure; 4183 4184 if (reg_last_request_cell_base() && 4185 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 4186 NL80211_USER_REG_HINT_CELL_BASE)) 4187 goto nla_put_failure; 4188 4189 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 4190 if (!nl_reg_rules) 4191 goto nla_put_failure; 4192 4193 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) { 4194 struct nlattr *nl_reg_rule; 4195 const struct ieee80211_reg_rule *reg_rule; 4196 const struct ieee80211_freq_range *freq_range; 4197 const struct ieee80211_power_rule *power_rule; 4198 4199 reg_rule = &cfg80211_regdomain->reg_rules[i]; 4200 freq_range = ®_rule->freq_range; 4201 power_rule = ®_rule->power_rule; 4202 4203 nl_reg_rule = nla_nest_start(msg, i); 4204 if (!nl_reg_rule) 4205 goto nla_put_failure; 4206 4207 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS, 4208 reg_rule->flags) || 4209 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START, 4210 freq_range->start_freq_khz) || 4211 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END, 4212 freq_range->end_freq_khz) || 4213 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 4214 freq_range->max_bandwidth_khz) || 4215 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 4216 power_rule->max_antenna_gain) || 4217 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 4218 power_rule->max_eirp)) 4219 goto nla_put_failure; 4220 4221 nla_nest_end(msg, nl_reg_rule); 4222 } 4223 4224 nla_nest_end(msg, nl_reg_rules); 4225 4226 genlmsg_end(msg, hdr); 4227 err = genlmsg_reply(msg, info); 4228 goto out; 4229 4230 nla_put_failure: 4231 genlmsg_cancel(msg, hdr); 4232 put_failure: 4233 nlmsg_free(msg); 4234 err = -EMSGSIZE; 4235 out: 4236 mutex_unlock(&cfg80211_mutex); 4237 return err; 4238 } 4239 4240 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 4241 { 4242 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 4243 struct nlattr *nl_reg_rule; 4244 char *alpha2 = NULL; 4245 int rem_reg_rules = 0, r = 0; 4246 u32 num_rules = 0, rule_idx = 0, size_of_regd; 4247 u8 dfs_region = 0; 4248 struct ieee80211_regdomain *rd = NULL; 4249 4250 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 4251 return -EINVAL; 4252 4253 if (!info->attrs[NL80211_ATTR_REG_RULES]) 4254 return -EINVAL; 4255 4256 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 4257 4258 if (info->attrs[NL80211_ATTR_DFS_REGION]) 4259 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 4260 4261 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 4262 rem_reg_rules) { 4263 num_rules++; 4264 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 4265 return -EINVAL; 4266 } 4267 4268 mutex_lock(&cfg80211_mutex); 4269 4270 if (!reg_is_valid_request(alpha2)) { 4271 r = -EINVAL; 4272 goto bad_reg; 4273 } 4274 4275 size_of_regd = sizeof(struct ieee80211_regdomain) + 4276 (num_rules * sizeof(struct ieee80211_reg_rule)); 4277 4278 rd = kzalloc(size_of_regd, GFP_KERNEL); 4279 if (!rd) { 4280 r = -ENOMEM; 4281 goto bad_reg; 4282 } 4283 4284 rd->n_reg_rules = num_rules; 4285 rd->alpha2[0] = alpha2[0]; 4286 rd->alpha2[1] = alpha2[1]; 4287 4288 /* 4289 * Disable DFS master mode if the DFS region was 4290 * not supported or known on this kernel. 4291 */ 4292 if (reg_supported_dfs_region(dfs_region)) 4293 rd->dfs_region = dfs_region; 4294 4295 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 4296 rem_reg_rules) { 4297 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 4298 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 4299 reg_rule_policy); 4300 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 4301 if (r) 4302 goto bad_reg; 4303 4304 rule_idx++; 4305 4306 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 4307 r = -EINVAL; 4308 goto bad_reg; 4309 } 4310 } 4311 4312 BUG_ON(rule_idx != num_rules); 4313 4314 r = set_regdom(rd); 4315 4316 mutex_unlock(&cfg80211_mutex); 4317 4318 return r; 4319 4320 bad_reg: 4321 mutex_unlock(&cfg80211_mutex); 4322 kfree(rd); 4323 return r; 4324 } 4325 4326 static int validate_scan_freqs(struct nlattr *freqs) 4327 { 4328 struct nlattr *attr1, *attr2; 4329 int n_channels = 0, tmp1, tmp2; 4330 4331 nla_for_each_nested(attr1, freqs, tmp1) { 4332 n_channels++; 4333 /* 4334 * Some hardware has a limited channel list for 4335 * scanning, and it is pretty much nonsensical 4336 * to scan for a channel twice, so disallow that 4337 * and don't require drivers to check that the 4338 * channel list they get isn't longer than what 4339 * they can scan, as long as they can scan all 4340 * the channels they registered at once. 4341 */ 4342 nla_for_each_nested(attr2, freqs, tmp2) 4343 if (attr1 != attr2 && 4344 nla_get_u32(attr1) == nla_get_u32(attr2)) 4345 return 0; 4346 } 4347 4348 return n_channels; 4349 } 4350 4351 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 4352 { 4353 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4354 struct wireless_dev *wdev = info->user_ptr[1]; 4355 struct cfg80211_scan_request *request; 4356 struct nlattr *attr; 4357 struct wiphy *wiphy; 4358 int err, tmp, n_ssids = 0, n_channels, i; 4359 size_t ie_len; 4360 4361 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4362 return -EINVAL; 4363 4364 wiphy = &rdev->wiphy; 4365 4366 if (!rdev->ops->scan) 4367 return -EOPNOTSUPP; 4368 4369 if (rdev->scan_req) 4370 return -EBUSY; 4371 4372 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4373 n_channels = validate_scan_freqs( 4374 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 4375 if (!n_channels) 4376 return -EINVAL; 4377 } else { 4378 enum ieee80211_band band; 4379 n_channels = 0; 4380 4381 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 4382 if (wiphy->bands[band]) 4383 n_channels += wiphy->bands[band]->n_channels; 4384 } 4385 4386 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 4387 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 4388 n_ssids++; 4389 4390 if (n_ssids > wiphy->max_scan_ssids) 4391 return -EINVAL; 4392 4393 if (info->attrs[NL80211_ATTR_IE]) 4394 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4395 else 4396 ie_len = 0; 4397 4398 if (ie_len > wiphy->max_scan_ie_len) 4399 return -EINVAL; 4400 4401 request = kzalloc(sizeof(*request) 4402 + sizeof(*request->ssids) * n_ssids 4403 + sizeof(*request->channels) * n_channels 4404 + ie_len, GFP_KERNEL); 4405 if (!request) 4406 return -ENOMEM; 4407 4408 if (n_ssids) 4409 request->ssids = (void *)&request->channels[n_channels]; 4410 request->n_ssids = n_ssids; 4411 if (ie_len) { 4412 if (request->ssids) 4413 request->ie = (void *)(request->ssids + n_ssids); 4414 else 4415 request->ie = (void *)(request->channels + n_channels); 4416 } 4417 4418 i = 0; 4419 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4420 /* user specified, bail out if channel not found */ 4421 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 4422 struct ieee80211_channel *chan; 4423 4424 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4425 4426 if (!chan) { 4427 err = -EINVAL; 4428 goto out_free; 4429 } 4430 4431 /* ignore disabled channels */ 4432 if (chan->flags & IEEE80211_CHAN_DISABLED) 4433 continue; 4434 4435 request->channels[i] = chan; 4436 i++; 4437 } 4438 } else { 4439 enum ieee80211_band band; 4440 4441 /* all channels */ 4442 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4443 int j; 4444 if (!wiphy->bands[band]) 4445 continue; 4446 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 4447 struct ieee80211_channel *chan; 4448 4449 chan = &wiphy->bands[band]->channels[j]; 4450 4451 if (chan->flags & IEEE80211_CHAN_DISABLED) 4452 continue; 4453 4454 request->channels[i] = chan; 4455 i++; 4456 } 4457 } 4458 } 4459 4460 if (!i) { 4461 err = -EINVAL; 4462 goto out_free; 4463 } 4464 4465 request->n_channels = i; 4466 4467 i = 0; 4468 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 4469 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 4470 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 4471 err = -EINVAL; 4472 goto out_free; 4473 } 4474 request->ssids[i].ssid_len = nla_len(attr); 4475 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 4476 i++; 4477 } 4478 } 4479 4480 if (info->attrs[NL80211_ATTR_IE]) { 4481 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4482 memcpy((void *)request->ie, 4483 nla_data(info->attrs[NL80211_ATTR_IE]), 4484 request->ie_len); 4485 } 4486 4487 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 4488 if (wiphy->bands[i]) 4489 request->rates[i] = 4490 (1 << wiphy->bands[i]->n_bitrates) - 1; 4491 4492 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 4493 nla_for_each_nested(attr, 4494 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 4495 tmp) { 4496 enum ieee80211_band band = nla_type(attr); 4497 4498 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 4499 err = -EINVAL; 4500 goto out_free; 4501 } 4502 err = ieee80211_get_ratemask(wiphy->bands[band], 4503 nla_data(attr), 4504 nla_len(attr), 4505 &request->rates[band]); 4506 if (err) 4507 goto out_free; 4508 } 4509 } 4510 4511 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) { 4512 request->flags = nla_get_u32( 4513 info->attrs[NL80211_ATTR_SCAN_FLAGS]); 4514 if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 4515 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) || 4516 ((request->flags & NL80211_SCAN_FLAG_FLUSH) && 4517 !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) { 4518 err = -EOPNOTSUPP; 4519 goto out_free; 4520 } 4521 } 4522 4523 request->no_cck = 4524 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 4525 4526 request->wdev = wdev; 4527 request->wiphy = &rdev->wiphy; 4528 request->scan_start = jiffies; 4529 4530 rdev->scan_req = request; 4531 err = rdev_scan(rdev, request); 4532 4533 if (!err) { 4534 nl80211_send_scan_start(rdev, wdev); 4535 if (wdev->netdev) 4536 dev_hold(wdev->netdev); 4537 } else { 4538 out_free: 4539 rdev->scan_req = NULL; 4540 kfree(request); 4541 } 4542 4543 return err; 4544 } 4545 4546 static int nl80211_start_sched_scan(struct sk_buff *skb, 4547 struct genl_info *info) 4548 { 4549 struct cfg80211_sched_scan_request *request; 4550 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4551 struct net_device *dev = info->user_ptr[1]; 4552 struct nlattr *attr; 4553 struct wiphy *wiphy; 4554 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i; 4555 u32 interval; 4556 enum ieee80211_band band; 4557 size_t ie_len; 4558 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 4559 4560 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4561 !rdev->ops->sched_scan_start) 4562 return -EOPNOTSUPP; 4563 4564 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4565 return -EINVAL; 4566 4567 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 4568 return -EINVAL; 4569 4570 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 4571 if (interval == 0) 4572 return -EINVAL; 4573 4574 wiphy = &rdev->wiphy; 4575 4576 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4577 n_channels = validate_scan_freqs( 4578 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 4579 if (!n_channels) 4580 return -EINVAL; 4581 } else { 4582 n_channels = 0; 4583 4584 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 4585 if (wiphy->bands[band]) 4586 n_channels += wiphy->bands[band]->n_channels; 4587 } 4588 4589 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 4590 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4591 tmp) 4592 n_ssids++; 4593 4594 if (n_ssids > wiphy->max_sched_scan_ssids) 4595 return -EINVAL; 4596 4597 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) 4598 nla_for_each_nested(attr, 4599 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4600 tmp) 4601 n_match_sets++; 4602 4603 if (n_match_sets > wiphy->max_match_sets) 4604 return -EINVAL; 4605 4606 if (info->attrs[NL80211_ATTR_IE]) 4607 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4608 else 4609 ie_len = 0; 4610 4611 if (ie_len > wiphy->max_sched_scan_ie_len) 4612 return -EINVAL; 4613 4614 mutex_lock(&rdev->sched_scan_mtx); 4615 4616 if (rdev->sched_scan_req) { 4617 err = -EINPROGRESS; 4618 goto out; 4619 } 4620 4621 request = kzalloc(sizeof(*request) 4622 + sizeof(*request->ssids) * n_ssids 4623 + sizeof(*request->match_sets) * n_match_sets 4624 + sizeof(*request->channels) * n_channels 4625 + ie_len, GFP_KERNEL); 4626 if (!request) { 4627 err = -ENOMEM; 4628 goto out; 4629 } 4630 4631 if (n_ssids) 4632 request->ssids = (void *)&request->channels[n_channels]; 4633 request->n_ssids = n_ssids; 4634 if (ie_len) { 4635 if (request->ssids) 4636 request->ie = (void *)(request->ssids + n_ssids); 4637 else 4638 request->ie = (void *)(request->channels + n_channels); 4639 } 4640 4641 if (n_match_sets) { 4642 if (request->ie) 4643 request->match_sets = (void *)(request->ie + ie_len); 4644 else if (request->ssids) 4645 request->match_sets = 4646 (void *)(request->ssids + n_ssids); 4647 else 4648 request->match_sets = 4649 (void *)(request->channels + n_channels); 4650 } 4651 request->n_match_sets = n_match_sets; 4652 4653 i = 0; 4654 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4655 /* user specified, bail out if channel not found */ 4656 nla_for_each_nested(attr, 4657 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], 4658 tmp) { 4659 struct ieee80211_channel *chan; 4660 4661 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4662 4663 if (!chan) { 4664 err = -EINVAL; 4665 goto out_free; 4666 } 4667 4668 /* ignore disabled channels */ 4669 if (chan->flags & IEEE80211_CHAN_DISABLED) 4670 continue; 4671 4672 request->channels[i] = chan; 4673 i++; 4674 } 4675 } else { 4676 /* all channels */ 4677 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4678 int j; 4679 if (!wiphy->bands[band]) 4680 continue; 4681 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 4682 struct ieee80211_channel *chan; 4683 4684 chan = &wiphy->bands[band]->channels[j]; 4685 4686 if (chan->flags & IEEE80211_CHAN_DISABLED) 4687 continue; 4688 4689 request->channels[i] = chan; 4690 i++; 4691 } 4692 } 4693 } 4694 4695 if (!i) { 4696 err = -EINVAL; 4697 goto out_free; 4698 } 4699 4700 request->n_channels = i; 4701 4702 i = 0; 4703 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 4704 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4705 tmp) { 4706 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 4707 err = -EINVAL; 4708 goto out_free; 4709 } 4710 request->ssids[i].ssid_len = nla_len(attr); 4711 memcpy(request->ssids[i].ssid, nla_data(attr), 4712 nla_len(attr)); 4713 i++; 4714 } 4715 } 4716 4717 i = 0; 4718 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 4719 nla_for_each_nested(attr, 4720 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4721 tmp) { 4722 struct nlattr *ssid, *rssi; 4723 4724 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 4725 nla_data(attr), nla_len(attr), 4726 nl80211_match_policy); 4727 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]; 4728 if (ssid) { 4729 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { 4730 err = -EINVAL; 4731 goto out_free; 4732 } 4733 memcpy(request->match_sets[i].ssid.ssid, 4734 nla_data(ssid), nla_len(ssid)); 4735 request->match_sets[i].ssid.ssid_len = 4736 nla_len(ssid); 4737 } 4738 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 4739 if (rssi) 4740 request->rssi_thold = nla_get_u32(rssi); 4741 else 4742 request->rssi_thold = 4743 NL80211_SCAN_RSSI_THOLD_OFF; 4744 i++; 4745 } 4746 } 4747 4748 if (info->attrs[NL80211_ATTR_IE]) { 4749 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4750 memcpy((void *)request->ie, 4751 nla_data(info->attrs[NL80211_ATTR_IE]), 4752 request->ie_len); 4753 } 4754 4755 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) { 4756 request->flags = nla_get_u32( 4757 info->attrs[NL80211_ATTR_SCAN_FLAGS]); 4758 if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 4759 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) || 4760 ((request->flags & NL80211_SCAN_FLAG_FLUSH) && 4761 !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) { 4762 err = -EOPNOTSUPP; 4763 goto out_free; 4764 } 4765 } 4766 4767 request->dev = dev; 4768 request->wiphy = &rdev->wiphy; 4769 request->interval = interval; 4770 request->scan_start = jiffies; 4771 4772 err = rdev_sched_scan_start(rdev, dev, request); 4773 if (!err) { 4774 rdev->sched_scan_req = request; 4775 nl80211_send_sched_scan(rdev, dev, 4776 NL80211_CMD_START_SCHED_SCAN); 4777 goto out; 4778 } 4779 4780 out_free: 4781 kfree(request); 4782 out: 4783 mutex_unlock(&rdev->sched_scan_mtx); 4784 return err; 4785 } 4786 4787 static int nl80211_stop_sched_scan(struct sk_buff *skb, 4788 struct genl_info *info) 4789 { 4790 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4791 int err; 4792 4793 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4794 !rdev->ops->sched_scan_stop) 4795 return -EOPNOTSUPP; 4796 4797 mutex_lock(&rdev->sched_scan_mtx); 4798 err = __cfg80211_stop_sched_scan(rdev, false); 4799 mutex_unlock(&rdev->sched_scan_mtx); 4800 4801 return err; 4802 } 4803 4804 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 4805 u32 seq, int flags, 4806 struct cfg80211_registered_device *rdev, 4807 struct wireless_dev *wdev, 4808 struct cfg80211_internal_bss *intbss) 4809 { 4810 struct cfg80211_bss *res = &intbss->pub; 4811 const struct cfg80211_bss_ies *ies; 4812 void *hdr; 4813 struct nlattr *bss; 4814 4815 ASSERT_WDEV_LOCK(wdev); 4816 4817 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 4818 NL80211_CMD_NEW_SCAN_RESULTS); 4819 if (!hdr) 4820 return -1; 4821 4822 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 4823 4824 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) || 4825 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 4826 goto nla_put_failure; 4827 4828 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 4829 if (!bss) 4830 goto nla_put_failure; 4831 if ((!is_zero_ether_addr(res->bssid) && 4832 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid))) 4833 goto nla_put_failure; 4834 4835 rcu_read_lock(); 4836 ies = rcu_dereference(res->ies); 4837 if (ies && ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS, 4838 ies->len, ies->data)) { 4839 rcu_read_unlock(); 4840 goto nla_put_failure; 4841 } 4842 ies = rcu_dereference(res->beacon_ies); 4843 if (ies && ies->len && nla_put(msg, NL80211_BSS_BEACON_IES, 4844 ies->len, ies->data)) { 4845 rcu_read_unlock(); 4846 goto nla_put_failure; 4847 } 4848 rcu_read_unlock(); 4849 4850 if (res->tsf && 4851 nla_put_u64(msg, NL80211_BSS_TSF, res->tsf)) 4852 goto nla_put_failure; 4853 if (res->beacon_interval && 4854 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval)) 4855 goto nla_put_failure; 4856 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) || 4857 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) || 4858 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO, 4859 jiffies_to_msecs(jiffies - intbss->ts))) 4860 goto nla_put_failure; 4861 4862 switch (rdev->wiphy.signal_type) { 4863 case CFG80211_SIGNAL_TYPE_MBM: 4864 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal)) 4865 goto nla_put_failure; 4866 break; 4867 case CFG80211_SIGNAL_TYPE_UNSPEC: 4868 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal)) 4869 goto nla_put_failure; 4870 break; 4871 default: 4872 break; 4873 } 4874 4875 switch (wdev->iftype) { 4876 case NL80211_IFTYPE_P2P_CLIENT: 4877 case NL80211_IFTYPE_STATION: 4878 if (intbss == wdev->current_bss && 4879 nla_put_u32(msg, NL80211_BSS_STATUS, 4880 NL80211_BSS_STATUS_ASSOCIATED)) 4881 goto nla_put_failure; 4882 break; 4883 case NL80211_IFTYPE_ADHOC: 4884 if (intbss == wdev->current_bss && 4885 nla_put_u32(msg, NL80211_BSS_STATUS, 4886 NL80211_BSS_STATUS_IBSS_JOINED)) 4887 goto nla_put_failure; 4888 break; 4889 default: 4890 break; 4891 } 4892 4893 nla_nest_end(msg, bss); 4894 4895 return genlmsg_end(msg, hdr); 4896 4897 nla_put_failure: 4898 genlmsg_cancel(msg, hdr); 4899 return -EMSGSIZE; 4900 } 4901 4902 static int nl80211_dump_scan(struct sk_buff *skb, 4903 struct netlink_callback *cb) 4904 { 4905 struct cfg80211_registered_device *rdev; 4906 struct net_device *dev; 4907 struct cfg80211_internal_bss *scan; 4908 struct wireless_dev *wdev; 4909 int start = cb->args[1], idx = 0; 4910 int err; 4911 4912 err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev); 4913 if (err) 4914 return err; 4915 4916 wdev = dev->ieee80211_ptr; 4917 4918 wdev_lock(wdev); 4919 spin_lock_bh(&rdev->bss_lock); 4920 cfg80211_bss_expire(rdev); 4921 4922 cb->seq = rdev->bss_generation; 4923 4924 list_for_each_entry(scan, &rdev->bss_list, list) { 4925 if (++idx <= start) 4926 continue; 4927 if (nl80211_send_bss(skb, cb, 4928 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4929 rdev, wdev, scan) < 0) { 4930 idx--; 4931 break; 4932 } 4933 } 4934 4935 spin_unlock_bh(&rdev->bss_lock); 4936 wdev_unlock(wdev); 4937 4938 cb->args[1] = idx; 4939 nl80211_finish_netdev_dump(rdev); 4940 4941 return skb->len; 4942 } 4943 4944 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq, 4945 int flags, struct net_device *dev, 4946 struct survey_info *survey) 4947 { 4948 void *hdr; 4949 struct nlattr *infoattr; 4950 4951 hdr = nl80211hdr_put(msg, portid, seq, flags, 4952 NL80211_CMD_NEW_SURVEY_RESULTS); 4953 if (!hdr) 4954 return -ENOMEM; 4955 4956 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 4957 goto nla_put_failure; 4958 4959 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 4960 if (!infoattr) 4961 goto nla_put_failure; 4962 4963 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY, 4964 survey->channel->center_freq)) 4965 goto nla_put_failure; 4966 4967 if ((survey->filled & SURVEY_INFO_NOISE_DBM) && 4968 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise)) 4969 goto nla_put_failure; 4970 if ((survey->filled & SURVEY_INFO_IN_USE) && 4971 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE)) 4972 goto nla_put_failure; 4973 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) && 4974 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME, 4975 survey->channel_time)) 4976 goto nla_put_failure; 4977 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) && 4978 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY, 4979 survey->channel_time_busy)) 4980 goto nla_put_failure; 4981 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) && 4982 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY, 4983 survey->channel_time_ext_busy)) 4984 goto nla_put_failure; 4985 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) && 4986 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX, 4987 survey->channel_time_rx)) 4988 goto nla_put_failure; 4989 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) && 4990 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX, 4991 survey->channel_time_tx)) 4992 goto nla_put_failure; 4993 4994 nla_nest_end(msg, infoattr); 4995 4996 return genlmsg_end(msg, hdr); 4997 4998 nla_put_failure: 4999 genlmsg_cancel(msg, hdr); 5000 return -EMSGSIZE; 5001 } 5002 5003 static int nl80211_dump_survey(struct sk_buff *skb, 5004 struct netlink_callback *cb) 5005 { 5006 struct survey_info survey; 5007 struct cfg80211_registered_device *dev; 5008 struct net_device *netdev; 5009 int survey_idx = cb->args[1]; 5010 int res; 5011 5012 res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 5013 if (res) 5014 return res; 5015 5016 if (!dev->ops->dump_survey) { 5017 res = -EOPNOTSUPP; 5018 goto out_err; 5019 } 5020 5021 while (1) { 5022 struct ieee80211_channel *chan; 5023 5024 res = rdev_dump_survey(dev, netdev, survey_idx, &survey); 5025 if (res == -ENOENT) 5026 break; 5027 if (res) 5028 goto out_err; 5029 5030 /* Survey without a channel doesn't make sense */ 5031 if (!survey.channel) { 5032 res = -EINVAL; 5033 goto out; 5034 } 5035 5036 chan = ieee80211_get_channel(&dev->wiphy, 5037 survey.channel->center_freq); 5038 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) { 5039 survey_idx++; 5040 continue; 5041 } 5042 5043 if (nl80211_send_survey(skb, 5044 NETLINK_CB(cb->skb).portid, 5045 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5046 netdev, 5047 &survey) < 0) 5048 goto out; 5049 survey_idx++; 5050 } 5051 5052 out: 5053 cb->args[1] = survey_idx; 5054 res = skb->len; 5055 out_err: 5056 nl80211_finish_netdev_dump(dev); 5057 return res; 5058 } 5059 5060 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 5061 { 5062 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 5063 NL80211_WPA_VERSION_2)); 5064 } 5065 5066 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 5067 { 5068 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5069 struct net_device *dev = info->user_ptr[1]; 5070 struct ieee80211_channel *chan; 5071 const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL; 5072 int err, ssid_len, ie_len = 0, sae_data_len = 0; 5073 enum nl80211_auth_type auth_type; 5074 struct key_parse key; 5075 bool local_state_change; 5076 5077 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5078 return -EINVAL; 5079 5080 if (!info->attrs[NL80211_ATTR_MAC]) 5081 return -EINVAL; 5082 5083 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 5084 return -EINVAL; 5085 5086 if (!info->attrs[NL80211_ATTR_SSID]) 5087 return -EINVAL; 5088 5089 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5090 return -EINVAL; 5091 5092 err = nl80211_parse_key(info, &key); 5093 if (err) 5094 return err; 5095 5096 if (key.idx >= 0) { 5097 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 5098 return -EINVAL; 5099 if (!key.p.key || !key.p.key_len) 5100 return -EINVAL; 5101 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 5102 key.p.key_len != WLAN_KEY_LEN_WEP40) && 5103 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 5104 key.p.key_len != WLAN_KEY_LEN_WEP104)) 5105 return -EINVAL; 5106 if (key.idx > 4) 5107 return -EINVAL; 5108 } else { 5109 key.p.key_len = 0; 5110 key.p.key = NULL; 5111 } 5112 5113 if (key.idx >= 0) { 5114 int i; 5115 bool ok = false; 5116 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 5117 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 5118 ok = true; 5119 break; 5120 } 5121 } 5122 if (!ok) 5123 return -EINVAL; 5124 } 5125 5126 if (!rdev->ops->auth) 5127 return -EOPNOTSUPP; 5128 5129 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5130 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5131 return -EOPNOTSUPP; 5132 5133 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5134 chan = ieee80211_get_channel(&rdev->wiphy, 5135 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5136 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 5137 return -EINVAL; 5138 5139 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5140 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5141 5142 if (info->attrs[NL80211_ATTR_IE]) { 5143 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5144 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5145 } 5146 5147 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 5148 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE)) 5149 return -EINVAL; 5150 5151 if (auth_type == NL80211_AUTHTYPE_SAE && 5152 !info->attrs[NL80211_ATTR_SAE_DATA]) 5153 return -EINVAL; 5154 5155 if (info->attrs[NL80211_ATTR_SAE_DATA]) { 5156 if (auth_type != NL80211_AUTHTYPE_SAE) 5157 return -EINVAL; 5158 sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]); 5159 sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]); 5160 /* need to include at least Auth Transaction and Status Code */ 5161 if (sae_data_len < 4) 5162 return -EINVAL; 5163 } 5164 5165 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5166 5167 /* 5168 * Since we no longer track auth state, ignore 5169 * requests to only change local state. 5170 */ 5171 if (local_state_change) 5172 return 0; 5173 5174 return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 5175 ssid, ssid_len, ie, ie_len, 5176 key.p.key, key.p.key_len, key.idx, 5177 sae_data, sae_data_len); 5178 } 5179 5180 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 5181 struct genl_info *info, 5182 struct cfg80211_crypto_settings *settings, 5183 int cipher_limit) 5184 { 5185 memset(settings, 0, sizeof(*settings)); 5186 5187 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 5188 5189 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 5190 u16 proto; 5191 proto = nla_get_u16( 5192 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 5193 settings->control_port_ethertype = cpu_to_be16(proto); 5194 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 5195 proto != ETH_P_PAE) 5196 return -EINVAL; 5197 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 5198 settings->control_port_no_encrypt = true; 5199 } else 5200 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 5201 5202 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 5203 void *data; 5204 int len, i; 5205 5206 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 5207 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 5208 settings->n_ciphers_pairwise = len / sizeof(u32); 5209 5210 if (len % sizeof(u32)) 5211 return -EINVAL; 5212 5213 if (settings->n_ciphers_pairwise > cipher_limit) 5214 return -EINVAL; 5215 5216 memcpy(settings->ciphers_pairwise, data, len); 5217 5218 for (i = 0; i < settings->n_ciphers_pairwise; i++) 5219 if (!cfg80211_supported_cipher_suite( 5220 &rdev->wiphy, 5221 settings->ciphers_pairwise[i])) 5222 return -EINVAL; 5223 } 5224 5225 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 5226 settings->cipher_group = 5227 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 5228 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 5229 settings->cipher_group)) 5230 return -EINVAL; 5231 } 5232 5233 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 5234 settings->wpa_versions = 5235 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 5236 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 5237 return -EINVAL; 5238 } 5239 5240 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 5241 void *data; 5242 int len; 5243 5244 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 5245 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 5246 settings->n_akm_suites = len / sizeof(u32); 5247 5248 if (len % sizeof(u32)) 5249 return -EINVAL; 5250 5251 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) 5252 return -EINVAL; 5253 5254 memcpy(settings->akm_suites, data, len); 5255 } 5256 5257 return 0; 5258 } 5259 5260 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 5261 { 5262 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5263 struct net_device *dev = info->user_ptr[1]; 5264 struct cfg80211_crypto_settings crypto; 5265 struct ieee80211_channel *chan; 5266 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 5267 int err, ssid_len, ie_len = 0; 5268 bool use_mfp = false; 5269 u32 flags = 0; 5270 struct ieee80211_ht_cap *ht_capa = NULL; 5271 struct ieee80211_ht_cap *ht_capa_mask = NULL; 5272 5273 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5274 return -EINVAL; 5275 5276 if (!info->attrs[NL80211_ATTR_MAC] || 5277 !info->attrs[NL80211_ATTR_SSID] || 5278 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5279 return -EINVAL; 5280 5281 if (!rdev->ops->assoc) 5282 return -EOPNOTSUPP; 5283 5284 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5285 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5286 return -EOPNOTSUPP; 5287 5288 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5289 5290 chan = ieee80211_get_channel(&rdev->wiphy, 5291 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5292 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 5293 return -EINVAL; 5294 5295 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5296 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5297 5298 if (info->attrs[NL80211_ATTR_IE]) { 5299 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5300 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5301 } 5302 5303 if (info->attrs[NL80211_ATTR_USE_MFP]) { 5304 enum nl80211_mfp mfp = 5305 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 5306 if (mfp == NL80211_MFP_REQUIRED) 5307 use_mfp = true; 5308 else if (mfp != NL80211_MFP_NO) 5309 return -EINVAL; 5310 } 5311 5312 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 5313 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 5314 5315 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 5316 flags |= ASSOC_REQ_DISABLE_HT; 5317 5318 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5319 ht_capa_mask = 5320 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]); 5321 5322 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 5323 if (!ht_capa_mask) 5324 return -EINVAL; 5325 ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 5326 } 5327 5328 err = nl80211_crypto_settings(rdev, info, &crypto, 1); 5329 if (!err) 5330 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 5331 ssid, ssid_len, ie, ie_len, use_mfp, 5332 &crypto, flags, ht_capa, 5333 ht_capa_mask); 5334 5335 return err; 5336 } 5337 5338 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 5339 { 5340 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5341 struct net_device *dev = info->user_ptr[1]; 5342 const u8 *ie = NULL, *bssid; 5343 int ie_len = 0; 5344 u16 reason_code; 5345 bool local_state_change; 5346 5347 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5348 return -EINVAL; 5349 5350 if (!info->attrs[NL80211_ATTR_MAC]) 5351 return -EINVAL; 5352 5353 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5354 return -EINVAL; 5355 5356 if (!rdev->ops->deauth) 5357 return -EOPNOTSUPP; 5358 5359 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5360 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5361 return -EOPNOTSUPP; 5362 5363 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5364 5365 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5366 if (reason_code == 0) { 5367 /* Reason Code 0 is reserved */ 5368 return -EINVAL; 5369 } 5370 5371 if (info->attrs[NL80211_ATTR_IE]) { 5372 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5373 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5374 } 5375 5376 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5377 5378 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 5379 local_state_change); 5380 } 5381 5382 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 5383 { 5384 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5385 struct net_device *dev = info->user_ptr[1]; 5386 const u8 *ie = NULL, *bssid; 5387 int ie_len = 0; 5388 u16 reason_code; 5389 bool local_state_change; 5390 5391 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5392 return -EINVAL; 5393 5394 if (!info->attrs[NL80211_ATTR_MAC]) 5395 return -EINVAL; 5396 5397 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5398 return -EINVAL; 5399 5400 if (!rdev->ops->disassoc) 5401 return -EOPNOTSUPP; 5402 5403 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5404 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5405 return -EOPNOTSUPP; 5406 5407 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5408 5409 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5410 if (reason_code == 0) { 5411 /* Reason Code 0 is reserved */ 5412 return -EINVAL; 5413 } 5414 5415 if (info->attrs[NL80211_ATTR_IE]) { 5416 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5417 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5418 } 5419 5420 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5421 5422 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 5423 local_state_change); 5424 } 5425 5426 static bool 5427 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 5428 int mcast_rate[IEEE80211_NUM_BANDS], 5429 int rateval) 5430 { 5431 struct wiphy *wiphy = &rdev->wiphy; 5432 bool found = false; 5433 int band, i; 5434 5435 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 5436 struct ieee80211_supported_band *sband; 5437 5438 sband = wiphy->bands[band]; 5439 if (!sband) 5440 continue; 5441 5442 for (i = 0; i < sband->n_bitrates; i++) { 5443 if (sband->bitrates[i].bitrate == rateval) { 5444 mcast_rate[band] = i + 1; 5445 found = true; 5446 break; 5447 } 5448 } 5449 } 5450 5451 return found; 5452 } 5453 5454 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 5455 { 5456 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5457 struct net_device *dev = info->user_ptr[1]; 5458 struct cfg80211_ibss_params ibss; 5459 struct wiphy *wiphy; 5460 struct cfg80211_cached_keys *connkeys = NULL; 5461 int err; 5462 5463 memset(&ibss, 0, sizeof(ibss)); 5464 5465 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5466 return -EINVAL; 5467 5468 if (!info->attrs[NL80211_ATTR_SSID] || 5469 !nla_len(info->attrs[NL80211_ATTR_SSID])) 5470 return -EINVAL; 5471 5472 ibss.beacon_interval = 100; 5473 5474 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 5475 ibss.beacon_interval = 5476 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 5477 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 5478 return -EINVAL; 5479 } 5480 5481 if (!rdev->ops->join_ibss) 5482 return -EOPNOTSUPP; 5483 5484 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 5485 return -EOPNOTSUPP; 5486 5487 wiphy = &rdev->wiphy; 5488 5489 if (info->attrs[NL80211_ATTR_MAC]) { 5490 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5491 5492 if (!is_valid_ether_addr(ibss.bssid)) 5493 return -EINVAL; 5494 } 5495 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5496 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5497 5498 if (info->attrs[NL80211_ATTR_IE]) { 5499 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5500 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5501 } 5502 5503 err = nl80211_parse_chandef(rdev, info, &ibss.chandef); 5504 if (err) 5505 return err; 5506 5507 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef)) 5508 return -EINVAL; 5509 5510 if (ibss.chandef.width > NL80211_CHAN_WIDTH_40) 5511 return -EINVAL; 5512 if (ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT && 5513 !(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)) 5514 return -EINVAL; 5515 5516 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 5517 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 5518 5519 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 5520 u8 *rates = 5521 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5522 int n_rates = 5523 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5524 struct ieee80211_supported_band *sband = 5525 wiphy->bands[ibss.chandef.chan->band]; 5526 5527 err = ieee80211_get_ratemask(sband, rates, n_rates, 5528 &ibss.basic_rates); 5529 if (err) 5530 return err; 5531 } 5532 5533 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 5534 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 5535 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 5536 return -EINVAL; 5537 5538 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 5539 bool no_ht = false; 5540 5541 connkeys = nl80211_parse_connkeys(rdev, 5542 info->attrs[NL80211_ATTR_KEYS], 5543 &no_ht); 5544 if (IS_ERR(connkeys)) 5545 return PTR_ERR(connkeys); 5546 5547 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) && 5548 no_ht) { 5549 kfree(connkeys); 5550 return -EINVAL; 5551 } 5552 } 5553 5554 ibss.control_port = 5555 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 5556 5557 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 5558 if (err) 5559 kfree(connkeys); 5560 return err; 5561 } 5562 5563 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 5564 { 5565 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5566 struct net_device *dev = info->user_ptr[1]; 5567 5568 if (!rdev->ops->leave_ibss) 5569 return -EOPNOTSUPP; 5570 5571 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 5572 return -EOPNOTSUPP; 5573 5574 return cfg80211_leave_ibss(rdev, dev, false); 5575 } 5576 5577 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info) 5578 { 5579 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5580 struct net_device *dev = info->user_ptr[1]; 5581 int mcast_rate[IEEE80211_NUM_BANDS]; 5582 u32 nla_rate; 5583 int err; 5584 5585 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5586 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 5587 return -EOPNOTSUPP; 5588 5589 if (!rdev->ops->set_mcast_rate) 5590 return -EOPNOTSUPP; 5591 5592 memset(mcast_rate, 0, sizeof(mcast_rate)); 5593 5594 if (!info->attrs[NL80211_ATTR_MCAST_RATE]) 5595 return -EINVAL; 5596 5597 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]); 5598 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate)) 5599 return -EINVAL; 5600 5601 err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate); 5602 5603 return err; 5604 } 5605 5606 5607 #ifdef CONFIG_NL80211_TESTMODE 5608 static struct genl_multicast_group nl80211_testmode_mcgrp = { 5609 .name = "testmode", 5610 }; 5611 5612 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 5613 { 5614 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5615 int err; 5616 5617 if (!info->attrs[NL80211_ATTR_TESTDATA]) 5618 return -EINVAL; 5619 5620 err = -EOPNOTSUPP; 5621 if (rdev->ops->testmode_cmd) { 5622 rdev->testmode_info = info; 5623 err = rdev_testmode_cmd(rdev, 5624 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 5625 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 5626 rdev->testmode_info = NULL; 5627 } 5628 5629 return err; 5630 } 5631 5632 static int nl80211_testmode_dump(struct sk_buff *skb, 5633 struct netlink_callback *cb) 5634 { 5635 struct cfg80211_registered_device *rdev; 5636 int err; 5637 long phy_idx; 5638 void *data = NULL; 5639 int data_len = 0; 5640 5641 if (cb->args[0]) { 5642 /* 5643 * 0 is a valid index, but not valid for args[0], 5644 * so we need to offset by 1. 5645 */ 5646 phy_idx = cb->args[0] - 1; 5647 } else { 5648 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 5649 nl80211_fam.attrbuf, nl80211_fam.maxattr, 5650 nl80211_policy); 5651 if (err) 5652 return err; 5653 5654 mutex_lock(&cfg80211_mutex); 5655 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), 5656 nl80211_fam.attrbuf); 5657 if (IS_ERR(rdev)) { 5658 mutex_unlock(&cfg80211_mutex); 5659 return PTR_ERR(rdev); 5660 } 5661 phy_idx = rdev->wiphy_idx; 5662 rdev = NULL; 5663 mutex_unlock(&cfg80211_mutex); 5664 5665 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]) 5666 cb->args[1] = 5667 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]; 5668 } 5669 5670 if (cb->args[1]) { 5671 data = nla_data((void *)cb->args[1]); 5672 data_len = nla_len((void *)cb->args[1]); 5673 } 5674 5675 mutex_lock(&cfg80211_mutex); 5676 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 5677 if (!rdev) { 5678 mutex_unlock(&cfg80211_mutex); 5679 return -ENOENT; 5680 } 5681 cfg80211_lock_rdev(rdev); 5682 mutex_unlock(&cfg80211_mutex); 5683 5684 if (!rdev->ops->testmode_dump) { 5685 err = -EOPNOTSUPP; 5686 goto out_err; 5687 } 5688 5689 while (1) { 5690 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 5691 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5692 NL80211_CMD_TESTMODE); 5693 struct nlattr *tmdata; 5694 5695 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 5696 genlmsg_cancel(skb, hdr); 5697 break; 5698 } 5699 5700 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 5701 if (!tmdata) { 5702 genlmsg_cancel(skb, hdr); 5703 break; 5704 } 5705 err = rdev_testmode_dump(rdev, skb, cb, data, data_len); 5706 nla_nest_end(skb, tmdata); 5707 5708 if (err == -ENOBUFS || err == -ENOENT) { 5709 genlmsg_cancel(skb, hdr); 5710 break; 5711 } else if (err) { 5712 genlmsg_cancel(skb, hdr); 5713 goto out_err; 5714 } 5715 5716 genlmsg_end(skb, hdr); 5717 } 5718 5719 err = skb->len; 5720 /* see above */ 5721 cb->args[0] = phy_idx + 1; 5722 out_err: 5723 cfg80211_unlock_rdev(rdev); 5724 return err; 5725 } 5726 5727 static struct sk_buff * 5728 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 5729 int approxlen, u32 portid, u32 seq, gfp_t gfp) 5730 { 5731 struct sk_buff *skb; 5732 void *hdr; 5733 struct nlattr *data; 5734 5735 skb = nlmsg_new(approxlen + 100, gfp); 5736 if (!skb) 5737 return NULL; 5738 5739 hdr = nl80211hdr_put(skb, portid, seq, 0, NL80211_CMD_TESTMODE); 5740 if (!hdr) { 5741 kfree_skb(skb); 5742 return NULL; 5743 } 5744 5745 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 5746 goto nla_put_failure; 5747 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 5748 5749 ((void **)skb->cb)[0] = rdev; 5750 ((void **)skb->cb)[1] = hdr; 5751 ((void **)skb->cb)[2] = data; 5752 5753 return skb; 5754 5755 nla_put_failure: 5756 kfree_skb(skb); 5757 return NULL; 5758 } 5759 5760 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 5761 int approxlen) 5762 { 5763 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5764 5765 if (WARN_ON(!rdev->testmode_info)) 5766 return NULL; 5767 5768 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 5769 rdev->testmode_info->snd_portid, 5770 rdev->testmode_info->snd_seq, 5771 GFP_KERNEL); 5772 } 5773 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 5774 5775 int cfg80211_testmode_reply(struct sk_buff *skb) 5776 { 5777 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 5778 void *hdr = ((void **)skb->cb)[1]; 5779 struct nlattr *data = ((void **)skb->cb)[2]; 5780 5781 if (WARN_ON(!rdev->testmode_info)) { 5782 kfree_skb(skb); 5783 return -EINVAL; 5784 } 5785 5786 nla_nest_end(skb, data); 5787 genlmsg_end(skb, hdr); 5788 return genlmsg_reply(skb, rdev->testmode_info); 5789 } 5790 EXPORT_SYMBOL(cfg80211_testmode_reply); 5791 5792 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 5793 int approxlen, gfp_t gfp) 5794 { 5795 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5796 5797 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 5798 } 5799 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 5800 5801 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 5802 { 5803 void *hdr = ((void **)skb->cb)[1]; 5804 struct nlattr *data = ((void **)skb->cb)[2]; 5805 5806 nla_nest_end(skb, data); 5807 genlmsg_end(skb, hdr); 5808 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 5809 } 5810 EXPORT_SYMBOL(cfg80211_testmode_event); 5811 #endif 5812 5813 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 5814 { 5815 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5816 struct net_device *dev = info->user_ptr[1]; 5817 struct cfg80211_connect_params connect; 5818 struct wiphy *wiphy; 5819 struct cfg80211_cached_keys *connkeys = NULL; 5820 int err; 5821 5822 memset(&connect, 0, sizeof(connect)); 5823 5824 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5825 return -EINVAL; 5826 5827 if (!info->attrs[NL80211_ATTR_SSID] || 5828 !nla_len(info->attrs[NL80211_ATTR_SSID])) 5829 return -EINVAL; 5830 5831 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 5832 connect.auth_type = 5833 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 5834 if (!nl80211_valid_auth_type(rdev, connect.auth_type, 5835 NL80211_CMD_CONNECT)) 5836 return -EINVAL; 5837 } else 5838 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 5839 5840 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 5841 5842 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 5843 NL80211_MAX_NR_CIPHER_SUITES); 5844 if (err) 5845 return err; 5846 5847 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5848 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5849 return -EOPNOTSUPP; 5850 5851 wiphy = &rdev->wiphy; 5852 5853 connect.bg_scan_period = -1; 5854 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 5855 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 5856 connect.bg_scan_period = 5857 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 5858 } 5859 5860 if (info->attrs[NL80211_ATTR_MAC]) 5861 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5862 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5863 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5864 5865 if (info->attrs[NL80211_ATTR_IE]) { 5866 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5867 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5868 } 5869 5870 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 5871 connect.channel = 5872 ieee80211_get_channel(wiphy, 5873 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5874 if (!connect.channel || 5875 connect.channel->flags & IEEE80211_CHAN_DISABLED) 5876 return -EINVAL; 5877 } 5878 5879 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 5880 connkeys = nl80211_parse_connkeys(rdev, 5881 info->attrs[NL80211_ATTR_KEYS], NULL); 5882 if (IS_ERR(connkeys)) 5883 return PTR_ERR(connkeys); 5884 } 5885 5886 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 5887 connect.flags |= ASSOC_REQ_DISABLE_HT; 5888 5889 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5890 memcpy(&connect.ht_capa_mask, 5891 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 5892 sizeof(connect.ht_capa_mask)); 5893 5894 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 5895 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) { 5896 kfree(connkeys); 5897 return -EINVAL; 5898 } 5899 memcpy(&connect.ht_capa, 5900 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 5901 sizeof(connect.ht_capa)); 5902 } 5903 5904 err = cfg80211_connect(rdev, dev, &connect, connkeys); 5905 if (err) 5906 kfree(connkeys); 5907 return err; 5908 } 5909 5910 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 5911 { 5912 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5913 struct net_device *dev = info->user_ptr[1]; 5914 u16 reason; 5915 5916 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5917 reason = WLAN_REASON_DEAUTH_LEAVING; 5918 else 5919 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5920 5921 if (reason == 0) 5922 return -EINVAL; 5923 5924 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5925 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5926 return -EOPNOTSUPP; 5927 5928 return cfg80211_disconnect(rdev, dev, reason, true); 5929 } 5930 5931 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 5932 { 5933 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5934 struct net *net; 5935 int err; 5936 u32 pid; 5937 5938 if (!info->attrs[NL80211_ATTR_PID]) 5939 return -EINVAL; 5940 5941 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 5942 5943 net = get_net_ns_by_pid(pid); 5944 if (IS_ERR(net)) 5945 return PTR_ERR(net); 5946 5947 err = 0; 5948 5949 /* check if anything to do */ 5950 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 5951 err = cfg80211_switch_netns(rdev, net); 5952 5953 put_net(net); 5954 return err; 5955 } 5956 5957 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 5958 { 5959 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5960 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 5961 struct cfg80211_pmksa *pmksa) = NULL; 5962 struct net_device *dev = info->user_ptr[1]; 5963 struct cfg80211_pmksa pmksa; 5964 5965 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 5966 5967 if (!info->attrs[NL80211_ATTR_MAC]) 5968 return -EINVAL; 5969 5970 if (!info->attrs[NL80211_ATTR_PMKID]) 5971 return -EINVAL; 5972 5973 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 5974 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5975 5976 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5977 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5978 return -EOPNOTSUPP; 5979 5980 switch (info->genlhdr->cmd) { 5981 case NL80211_CMD_SET_PMKSA: 5982 rdev_ops = rdev->ops->set_pmksa; 5983 break; 5984 case NL80211_CMD_DEL_PMKSA: 5985 rdev_ops = rdev->ops->del_pmksa; 5986 break; 5987 default: 5988 WARN_ON(1); 5989 break; 5990 } 5991 5992 if (!rdev_ops) 5993 return -EOPNOTSUPP; 5994 5995 return rdev_ops(&rdev->wiphy, dev, &pmksa); 5996 } 5997 5998 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 5999 { 6000 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6001 struct net_device *dev = info->user_ptr[1]; 6002 6003 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6004 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6005 return -EOPNOTSUPP; 6006 6007 if (!rdev->ops->flush_pmksa) 6008 return -EOPNOTSUPP; 6009 6010 return rdev_flush_pmksa(rdev, dev); 6011 } 6012 6013 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 6014 { 6015 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6016 struct net_device *dev = info->user_ptr[1]; 6017 u8 action_code, dialog_token; 6018 u16 status_code; 6019 u8 *peer; 6020 6021 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 6022 !rdev->ops->tdls_mgmt) 6023 return -EOPNOTSUPP; 6024 6025 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 6026 !info->attrs[NL80211_ATTR_STATUS_CODE] || 6027 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 6028 !info->attrs[NL80211_ATTR_IE] || 6029 !info->attrs[NL80211_ATTR_MAC]) 6030 return -EINVAL; 6031 6032 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 6033 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 6034 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 6035 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 6036 6037 return rdev_tdls_mgmt(rdev, dev, peer, action_code, 6038 dialog_token, status_code, 6039 nla_data(info->attrs[NL80211_ATTR_IE]), 6040 nla_len(info->attrs[NL80211_ATTR_IE])); 6041 } 6042 6043 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 6044 { 6045 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6046 struct net_device *dev = info->user_ptr[1]; 6047 enum nl80211_tdls_operation operation; 6048 u8 *peer; 6049 6050 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 6051 !rdev->ops->tdls_oper) 6052 return -EOPNOTSUPP; 6053 6054 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 6055 !info->attrs[NL80211_ATTR_MAC]) 6056 return -EINVAL; 6057 6058 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 6059 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 6060 6061 return rdev_tdls_oper(rdev, dev, peer, operation); 6062 } 6063 6064 static int nl80211_remain_on_channel(struct sk_buff *skb, 6065 struct genl_info *info) 6066 { 6067 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6068 struct wireless_dev *wdev = info->user_ptr[1]; 6069 struct cfg80211_chan_def chandef; 6070 struct sk_buff *msg; 6071 void *hdr; 6072 u64 cookie; 6073 u32 duration; 6074 int err; 6075 6076 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 6077 !info->attrs[NL80211_ATTR_DURATION]) 6078 return -EINVAL; 6079 6080 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 6081 6082 if (!rdev->ops->remain_on_channel || 6083 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 6084 return -EOPNOTSUPP; 6085 6086 /* 6087 * We should be on that channel for at least a minimum amount of 6088 * time (10ms) but no longer than the driver supports. 6089 */ 6090 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 6091 duration > rdev->wiphy.max_remain_on_channel_duration) 6092 return -EINVAL; 6093 6094 err = nl80211_parse_chandef(rdev, info, &chandef); 6095 if (err) 6096 return err; 6097 6098 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6099 if (!msg) 6100 return -ENOMEM; 6101 6102 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6103 NL80211_CMD_REMAIN_ON_CHANNEL); 6104 6105 if (IS_ERR(hdr)) { 6106 err = PTR_ERR(hdr); 6107 goto free_msg; 6108 } 6109 6110 err = rdev_remain_on_channel(rdev, wdev, chandef.chan, 6111 duration, &cookie); 6112 6113 if (err) 6114 goto free_msg; 6115 6116 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 6117 goto nla_put_failure; 6118 6119 genlmsg_end(msg, hdr); 6120 6121 return genlmsg_reply(msg, info); 6122 6123 nla_put_failure: 6124 err = -ENOBUFS; 6125 free_msg: 6126 nlmsg_free(msg); 6127 return err; 6128 } 6129 6130 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 6131 struct genl_info *info) 6132 { 6133 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6134 struct wireless_dev *wdev = info->user_ptr[1]; 6135 u64 cookie; 6136 6137 if (!info->attrs[NL80211_ATTR_COOKIE]) 6138 return -EINVAL; 6139 6140 if (!rdev->ops->cancel_remain_on_channel) 6141 return -EOPNOTSUPP; 6142 6143 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 6144 6145 return rdev_cancel_remain_on_channel(rdev, wdev, cookie); 6146 } 6147 6148 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 6149 u8 *rates, u8 rates_len) 6150 { 6151 u8 i; 6152 u32 mask = 0; 6153 6154 for (i = 0; i < rates_len; i++) { 6155 int rate = (rates[i] & 0x7f) * 5; 6156 int ridx; 6157 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 6158 struct ieee80211_rate *srate = 6159 &sband->bitrates[ridx]; 6160 if (rate == srate->bitrate) { 6161 mask |= 1 << ridx; 6162 break; 6163 } 6164 } 6165 if (ridx == sband->n_bitrates) 6166 return 0; /* rate not found */ 6167 } 6168 6169 return mask; 6170 } 6171 6172 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 6173 u8 *rates, u8 rates_len, 6174 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 6175 { 6176 u8 i; 6177 6178 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 6179 6180 for (i = 0; i < rates_len; i++) { 6181 int ridx, rbit; 6182 6183 ridx = rates[i] / 8; 6184 rbit = BIT(rates[i] % 8); 6185 6186 /* check validity */ 6187 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 6188 return false; 6189 6190 /* check availability */ 6191 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 6192 mcs[ridx] |= rbit; 6193 else 6194 return false; 6195 } 6196 6197 return true; 6198 } 6199 6200 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 6201 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 6202 .len = NL80211_MAX_SUPP_RATES }, 6203 [NL80211_TXRATE_MCS] = { .type = NLA_BINARY, 6204 .len = NL80211_MAX_SUPP_HT_RATES }, 6205 }; 6206 6207 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 6208 struct genl_info *info) 6209 { 6210 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 6211 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6212 struct cfg80211_bitrate_mask mask; 6213 int rem, i; 6214 struct net_device *dev = info->user_ptr[1]; 6215 struct nlattr *tx_rates; 6216 struct ieee80211_supported_band *sband; 6217 6218 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 6219 return -EINVAL; 6220 6221 if (!rdev->ops->set_bitrate_mask) 6222 return -EOPNOTSUPP; 6223 6224 memset(&mask, 0, sizeof(mask)); 6225 /* Default to all rates enabled */ 6226 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 6227 sband = rdev->wiphy.bands[i]; 6228 mask.control[i].legacy = 6229 sband ? (1 << sband->n_bitrates) - 1 : 0; 6230 if (sband) 6231 memcpy(mask.control[i].mcs, 6232 sband->ht_cap.mcs.rx_mask, 6233 sizeof(mask.control[i].mcs)); 6234 else 6235 memset(mask.control[i].mcs, 0, 6236 sizeof(mask.control[i].mcs)); 6237 } 6238 6239 /* 6240 * The nested attribute uses enum nl80211_band as the index. This maps 6241 * directly to the enum ieee80211_band values used in cfg80211. 6242 */ 6243 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 6244 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 6245 { 6246 enum ieee80211_band band = nla_type(tx_rates); 6247 if (band < 0 || band >= IEEE80211_NUM_BANDS) 6248 return -EINVAL; 6249 sband = rdev->wiphy.bands[band]; 6250 if (sband == NULL) 6251 return -EINVAL; 6252 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 6253 nla_len(tx_rates), nl80211_txattr_policy); 6254 if (tb[NL80211_TXRATE_LEGACY]) { 6255 mask.control[band].legacy = rateset_to_mask( 6256 sband, 6257 nla_data(tb[NL80211_TXRATE_LEGACY]), 6258 nla_len(tb[NL80211_TXRATE_LEGACY])); 6259 if ((mask.control[band].legacy == 0) && 6260 nla_len(tb[NL80211_TXRATE_LEGACY])) 6261 return -EINVAL; 6262 } 6263 if (tb[NL80211_TXRATE_MCS]) { 6264 if (!ht_rateset_to_mask( 6265 sband, 6266 nla_data(tb[NL80211_TXRATE_MCS]), 6267 nla_len(tb[NL80211_TXRATE_MCS]), 6268 mask.control[band].mcs)) 6269 return -EINVAL; 6270 } 6271 6272 if (mask.control[band].legacy == 0) { 6273 /* don't allow empty legacy rates if HT 6274 * is not even supported. */ 6275 if (!rdev->wiphy.bands[band]->ht_cap.ht_supported) 6276 return -EINVAL; 6277 6278 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 6279 if (mask.control[band].mcs[i]) 6280 break; 6281 6282 /* legacy and mcs rates may not be both empty */ 6283 if (i == IEEE80211_HT_MCS_MASK_LEN) 6284 return -EINVAL; 6285 } 6286 } 6287 6288 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask); 6289 } 6290 6291 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 6292 { 6293 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6294 struct wireless_dev *wdev = info->user_ptr[1]; 6295 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 6296 6297 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 6298 return -EINVAL; 6299 6300 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 6301 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 6302 6303 switch (wdev->iftype) { 6304 case NL80211_IFTYPE_STATION: 6305 case NL80211_IFTYPE_ADHOC: 6306 case NL80211_IFTYPE_P2P_CLIENT: 6307 case NL80211_IFTYPE_AP: 6308 case NL80211_IFTYPE_AP_VLAN: 6309 case NL80211_IFTYPE_MESH_POINT: 6310 case NL80211_IFTYPE_P2P_GO: 6311 case NL80211_IFTYPE_P2P_DEVICE: 6312 break; 6313 default: 6314 return -EOPNOTSUPP; 6315 } 6316 6317 /* not much point in registering if we can't reply */ 6318 if (!rdev->ops->mgmt_tx) 6319 return -EOPNOTSUPP; 6320 6321 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type, 6322 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 6323 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 6324 } 6325 6326 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 6327 { 6328 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6329 struct wireless_dev *wdev = info->user_ptr[1]; 6330 struct cfg80211_chan_def chandef; 6331 int err; 6332 void *hdr = NULL; 6333 u64 cookie; 6334 struct sk_buff *msg = NULL; 6335 unsigned int wait = 0; 6336 bool offchan, no_cck, dont_wait_for_ack; 6337 6338 dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK]; 6339 6340 if (!info->attrs[NL80211_ATTR_FRAME]) 6341 return -EINVAL; 6342 6343 if (!rdev->ops->mgmt_tx) 6344 return -EOPNOTSUPP; 6345 6346 switch (wdev->iftype) { 6347 case NL80211_IFTYPE_STATION: 6348 case NL80211_IFTYPE_ADHOC: 6349 case NL80211_IFTYPE_P2P_CLIENT: 6350 case NL80211_IFTYPE_AP: 6351 case NL80211_IFTYPE_AP_VLAN: 6352 case NL80211_IFTYPE_MESH_POINT: 6353 case NL80211_IFTYPE_P2P_GO: 6354 case NL80211_IFTYPE_P2P_DEVICE: 6355 break; 6356 default: 6357 return -EOPNOTSUPP; 6358 } 6359 6360 if (info->attrs[NL80211_ATTR_DURATION]) { 6361 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 6362 return -EINVAL; 6363 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 6364 6365 /* 6366 * We should wait on the channel for at least a minimum amount 6367 * of time (10ms) but no longer than the driver supports. 6368 */ 6369 if (wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 6370 wait > rdev->wiphy.max_remain_on_channel_duration) 6371 return -EINVAL; 6372 6373 } 6374 6375 offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 6376 6377 if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 6378 return -EINVAL; 6379 6380 no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 6381 6382 err = nl80211_parse_chandef(rdev, info, &chandef); 6383 if (err) 6384 return err; 6385 6386 if (!dont_wait_for_ack) { 6387 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6388 if (!msg) 6389 return -ENOMEM; 6390 6391 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6392 NL80211_CMD_FRAME); 6393 6394 if (IS_ERR(hdr)) { 6395 err = PTR_ERR(hdr); 6396 goto free_msg; 6397 } 6398 } 6399 6400 err = cfg80211_mlme_mgmt_tx(rdev, wdev, chandef.chan, offchan, wait, 6401 nla_data(info->attrs[NL80211_ATTR_FRAME]), 6402 nla_len(info->attrs[NL80211_ATTR_FRAME]), 6403 no_cck, dont_wait_for_ack, &cookie); 6404 if (err) 6405 goto free_msg; 6406 6407 if (msg) { 6408 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 6409 goto nla_put_failure; 6410 6411 genlmsg_end(msg, hdr); 6412 return genlmsg_reply(msg, info); 6413 } 6414 6415 return 0; 6416 6417 nla_put_failure: 6418 err = -ENOBUFS; 6419 free_msg: 6420 nlmsg_free(msg); 6421 return err; 6422 } 6423 6424 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 6425 { 6426 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6427 struct wireless_dev *wdev = info->user_ptr[1]; 6428 u64 cookie; 6429 6430 if (!info->attrs[NL80211_ATTR_COOKIE]) 6431 return -EINVAL; 6432 6433 if (!rdev->ops->mgmt_tx_cancel_wait) 6434 return -EOPNOTSUPP; 6435 6436 switch (wdev->iftype) { 6437 case NL80211_IFTYPE_STATION: 6438 case NL80211_IFTYPE_ADHOC: 6439 case NL80211_IFTYPE_P2P_CLIENT: 6440 case NL80211_IFTYPE_AP: 6441 case NL80211_IFTYPE_AP_VLAN: 6442 case NL80211_IFTYPE_P2P_GO: 6443 case NL80211_IFTYPE_P2P_DEVICE: 6444 break; 6445 default: 6446 return -EOPNOTSUPP; 6447 } 6448 6449 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 6450 6451 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie); 6452 } 6453 6454 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 6455 { 6456 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6457 struct wireless_dev *wdev; 6458 struct net_device *dev = info->user_ptr[1]; 6459 u8 ps_state; 6460 bool state; 6461 int err; 6462 6463 if (!info->attrs[NL80211_ATTR_PS_STATE]) 6464 return -EINVAL; 6465 6466 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 6467 6468 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) 6469 return -EINVAL; 6470 6471 wdev = dev->ieee80211_ptr; 6472 6473 if (!rdev->ops->set_power_mgmt) 6474 return -EOPNOTSUPP; 6475 6476 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 6477 6478 if (state == wdev->ps) 6479 return 0; 6480 6481 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout); 6482 if (!err) 6483 wdev->ps = state; 6484 return err; 6485 } 6486 6487 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 6488 { 6489 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6490 enum nl80211_ps_state ps_state; 6491 struct wireless_dev *wdev; 6492 struct net_device *dev = info->user_ptr[1]; 6493 struct sk_buff *msg; 6494 void *hdr; 6495 int err; 6496 6497 wdev = dev->ieee80211_ptr; 6498 6499 if (!rdev->ops->set_power_mgmt) 6500 return -EOPNOTSUPP; 6501 6502 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6503 if (!msg) 6504 return -ENOMEM; 6505 6506 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6507 NL80211_CMD_GET_POWER_SAVE); 6508 if (!hdr) { 6509 err = -ENOBUFS; 6510 goto free_msg; 6511 } 6512 6513 if (wdev->ps) 6514 ps_state = NL80211_PS_ENABLED; 6515 else 6516 ps_state = NL80211_PS_DISABLED; 6517 6518 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state)) 6519 goto nla_put_failure; 6520 6521 genlmsg_end(msg, hdr); 6522 return genlmsg_reply(msg, info); 6523 6524 nla_put_failure: 6525 err = -ENOBUFS; 6526 free_msg: 6527 nlmsg_free(msg); 6528 return err; 6529 } 6530 6531 static struct nla_policy 6532 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 6533 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 6534 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 6535 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 6536 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 }, 6537 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 }, 6538 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 }, 6539 }; 6540 6541 static int nl80211_set_cqm_txe(struct genl_info *info, 6542 u32 rate, u32 pkts, u32 intvl) 6543 { 6544 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6545 struct wireless_dev *wdev; 6546 struct net_device *dev = info->user_ptr[1]; 6547 6548 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL) 6549 return -EINVAL; 6550 6551 wdev = dev->ieee80211_ptr; 6552 6553 if (!rdev->ops->set_cqm_txe_config) 6554 return -EOPNOTSUPP; 6555 6556 if (wdev->iftype != NL80211_IFTYPE_STATION && 6557 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 6558 return -EOPNOTSUPP; 6559 6560 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl); 6561 } 6562 6563 static int nl80211_set_cqm_rssi(struct genl_info *info, 6564 s32 threshold, u32 hysteresis) 6565 { 6566 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6567 struct wireless_dev *wdev; 6568 struct net_device *dev = info->user_ptr[1]; 6569 6570 if (threshold > 0) 6571 return -EINVAL; 6572 6573 wdev = dev->ieee80211_ptr; 6574 6575 if (!rdev->ops->set_cqm_rssi_config) 6576 return -EOPNOTSUPP; 6577 6578 if (wdev->iftype != NL80211_IFTYPE_STATION && 6579 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 6580 return -EOPNOTSUPP; 6581 6582 return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis); 6583 } 6584 6585 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 6586 { 6587 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 6588 struct nlattr *cqm; 6589 int err; 6590 6591 cqm = info->attrs[NL80211_ATTR_CQM]; 6592 if (!cqm) { 6593 err = -EINVAL; 6594 goto out; 6595 } 6596 6597 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 6598 nl80211_attr_cqm_policy); 6599 if (err) 6600 goto out; 6601 6602 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 6603 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 6604 s32 threshold; 6605 u32 hysteresis; 6606 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 6607 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 6608 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 6609 } else if (attrs[NL80211_ATTR_CQM_TXE_RATE] && 6610 attrs[NL80211_ATTR_CQM_TXE_PKTS] && 6611 attrs[NL80211_ATTR_CQM_TXE_INTVL]) { 6612 u32 rate, pkts, intvl; 6613 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]); 6614 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]); 6615 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]); 6616 err = nl80211_set_cqm_txe(info, rate, pkts, intvl); 6617 } else 6618 err = -EINVAL; 6619 6620 out: 6621 return err; 6622 } 6623 6624 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 6625 { 6626 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6627 struct net_device *dev = info->user_ptr[1]; 6628 struct mesh_config cfg; 6629 struct mesh_setup setup; 6630 int err; 6631 6632 /* start with default */ 6633 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 6634 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 6635 6636 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 6637 /* and parse parameters if given */ 6638 err = nl80211_parse_mesh_config(info, &cfg, NULL); 6639 if (err) 6640 return err; 6641 } 6642 6643 if (!info->attrs[NL80211_ATTR_MESH_ID] || 6644 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 6645 return -EINVAL; 6646 6647 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 6648 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 6649 6650 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 6651 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 6652 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 6653 return -EINVAL; 6654 6655 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 6656 /* parse additional setup parameters if given */ 6657 err = nl80211_parse_mesh_setup(info, &setup); 6658 if (err) 6659 return err; 6660 } 6661 6662 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 6663 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 6664 if (err) 6665 return err; 6666 } else { 6667 /* cfg80211_join_mesh() will sort it out */ 6668 setup.chandef.chan = NULL; 6669 } 6670 6671 return cfg80211_join_mesh(rdev, dev, &setup, &cfg); 6672 } 6673 6674 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 6675 { 6676 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6677 struct net_device *dev = info->user_ptr[1]; 6678 6679 return cfg80211_leave_mesh(rdev, dev); 6680 } 6681 6682 #ifdef CONFIG_PM 6683 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 6684 { 6685 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6686 struct sk_buff *msg; 6687 void *hdr; 6688 6689 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 6690 return -EOPNOTSUPP; 6691 6692 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6693 if (!msg) 6694 return -ENOMEM; 6695 6696 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6697 NL80211_CMD_GET_WOWLAN); 6698 if (!hdr) 6699 goto nla_put_failure; 6700 6701 if (rdev->wowlan) { 6702 struct nlattr *nl_wowlan; 6703 6704 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 6705 if (!nl_wowlan) 6706 goto nla_put_failure; 6707 6708 if ((rdev->wowlan->any && 6709 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 6710 (rdev->wowlan->disconnect && 6711 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 6712 (rdev->wowlan->magic_pkt && 6713 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 6714 (rdev->wowlan->gtk_rekey_failure && 6715 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 6716 (rdev->wowlan->eap_identity_req && 6717 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 6718 (rdev->wowlan->four_way_handshake && 6719 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 6720 (rdev->wowlan->rfkill_release && 6721 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 6722 goto nla_put_failure; 6723 if (rdev->wowlan->n_patterns) { 6724 struct nlattr *nl_pats, *nl_pat; 6725 int i, pat_len; 6726 6727 nl_pats = nla_nest_start(msg, 6728 NL80211_WOWLAN_TRIG_PKT_PATTERN); 6729 if (!nl_pats) 6730 goto nla_put_failure; 6731 6732 for (i = 0; i < rdev->wowlan->n_patterns; i++) { 6733 nl_pat = nla_nest_start(msg, i + 1); 6734 if (!nl_pat) 6735 goto nla_put_failure; 6736 pat_len = rdev->wowlan->patterns[i].pattern_len; 6737 if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK, 6738 DIV_ROUND_UP(pat_len, 8), 6739 rdev->wowlan->patterns[i].mask) || 6740 nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN, 6741 pat_len, 6742 rdev->wowlan->patterns[i].pattern)) 6743 goto nla_put_failure; 6744 nla_nest_end(msg, nl_pat); 6745 } 6746 nla_nest_end(msg, nl_pats); 6747 } 6748 6749 nla_nest_end(msg, nl_wowlan); 6750 } 6751 6752 genlmsg_end(msg, hdr); 6753 return genlmsg_reply(msg, info); 6754 6755 nla_put_failure: 6756 nlmsg_free(msg); 6757 return -ENOBUFS; 6758 } 6759 6760 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 6761 { 6762 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6763 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 6764 struct cfg80211_wowlan new_triggers = {}; 6765 struct cfg80211_wowlan *ntrig; 6766 struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan; 6767 int err, i; 6768 bool prev_enabled = rdev->wowlan; 6769 6770 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 6771 return -EOPNOTSUPP; 6772 6773 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) { 6774 cfg80211_rdev_free_wowlan(rdev); 6775 rdev->wowlan = NULL; 6776 goto set_wakeup; 6777 } 6778 6779 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG, 6780 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6781 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6782 nl80211_wowlan_policy); 6783 if (err) 6784 return err; 6785 6786 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 6787 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 6788 return -EINVAL; 6789 new_triggers.any = true; 6790 } 6791 6792 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 6793 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 6794 return -EINVAL; 6795 new_triggers.disconnect = true; 6796 } 6797 6798 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 6799 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 6800 return -EINVAL; 6801 new_triggers.magic_pkt = true; 6802 } 6803 6804 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 6805 return -EINVAL; 6806 6807 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 6808 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 6809 return -EINVAL; 6810 new_triggers.gtk_rekey_failure = true; 6811 } 6812 6813 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 6814 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 6815 return -EINVAL; 6816 new_triggers.eap_identity_req = true; 6817 } 6818 6819 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 6820 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 6821 return -EINVAL; 6822 new_triggers.four_way_handshake = true; 6823 } 6824 6825 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 6826 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 6827 return -EINVAL; 6828 new_triggers.rfkill_release = true; 6829 } 6830 6831 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 6832 struct nlattr *pat; 6833 int n_patterns = 0; 6834 int rem, pat_len, mask_len; 6835 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT]; 6836 6837 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6838 rem) 6839 n_patterns++; 6840 if (n_patterns > wowlan->n_patterns) 6841 return -EINVAL; 6842 6843 new_triggers.patterns = kcalloc(n_patterns, 6844 sizeof(new_triggers.patterns[0]), 6845 GFP_KERNEL); 6846 if (!new_triggers.patterns) 6847 return -ENOMEM; 6848 6849 new_triggers.n_patterns = n_patterns; 6850 i = 0; 6851 6852 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6853 rem) { 6854 nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT, 6855 nla_data(pat), nla_len(pat), NULL); 6856 err = -EINVAL; 6857 if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] || 6858 !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]) 6859 goto error; 6860 pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]); 6861 mask_len = DIV_ROUND_UP(pat_len, 8); 6862 if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) != 6863 mask_len) 6864 goto error; 6865 if (pat_len > wowlan->pattern_max_len || 6866 pat_len < wowlan->pattern_min_len) 6867 goto error; 6868 6869 new_triggers.patterns[i].mask = 6870 kmalloc(mask_len + pat_len, GFP_KERNEL); 6871 if (!new_triggers.patterns[i].mask) { 6872 err = -ENOMEM; 6873 goto error; 6874 } 6875 new_triggers.patterns[i].pattern = 6876 new_triggers.patterns[i].mask + mask_len; 6877 memcpy(new_triggers.patterns[i].mask, 6878 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]), 6879 mask_len); 6880 new_triggers.patterns[i].pattern_len = pat_len; 6881 memcpy(new_triggers.patterns[i].pattern, 6882 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]), 6883 pat_len); 6884 i++; 6885 } 6886 } 6887 6888 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL); 6889 if (!ntrig) { 6890 err = -ENOMEM; 6891 goto error; 6892 } 6893 cfg80211_rdev_free_wowlan(rdev); 6894 rdev->wowlan = ntrig; 6895 6896 set_wakeup: 6897 if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan) 6898 rdev_set_wakeup(rdev, rdev->wowlan); 6899 6900 return 0; 6901 error: 6902 for (i = 0; i < new_triggers.n_patterns; i++) 6903 kfree(new_triggers.patterns[i].mask); 6904 kfree(new_triggers.patterns); 6905 return err; 6906 } 6907 #endif 6908 6909 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 6910 { 6911 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6912 struct net_device *dev = info->user_ptr[1]; 6913 struct wireless_dev *wdev = dev->ieee80211_ptr; 6914 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 6915 struct cfg80211_gtk_rekey_data rekey_data; 6916 int err; 6917 6918 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 6919 return -EINVAL; 6920 6921 err = nla_parse(tb, MAX_NL80211_REKEY_DATA, 6922 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]), 6923 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]), 6924 nl80211_rekey_policy); 6925 if (err) 6926 return err; 6927 6928 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) 6929 return -ERANGE; 6930 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) 6931 return -ERANGE; 6932 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN) 6933 return -ERANGE; 6934 6935 memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]), 6936 NL80211_KEK_LEN); 6937 memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]), 6938 NL80211_KCK_LEN); 6939 memcpy(rekey_data.replay_ctr, 6940 nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]), 6941 NL80211_REPLAY_CTR_LEN); 6942 6943 wdev_lock(wdev); 6944 if (!wdev->current_bss) { 6945 err = -ENOTCONN; 6946 goto out; 6947 } 6948 6949 if (!rdev->ops->set_rekey_data) { 6950 err = -EOPNOTSUPP; 6951 goto out; 6952 } 6953 6954 err = rdev_set_rekey_data(rdev, dev, &rekey_data); 6955 out: 6956 wdev_unlock(wdev); 6957 return err; 6958 } 6959 6960 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 6961 struct genl_info *info) 6962 { 6963 struct net_device *dev = info->user_ptr[1]; 6964 struct wireless_dev *wdev = dev->ieee80211_ptr; 6965 6966 if (wdev->iftype != NL80211_IFTYPE_AP && 6967 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6968 return -EINVAL; 6969 6970 if (wdev->ap_unexpected_nlportid) 6971 return -EBUSY; 6972 6973 wdev->ap_unexpected_nlportid = info->snd_portid; 6974 return 0; 6975 } 6976 6977 static int nl80211_probe_client(struct sk_buff *skb, 6978 struct genl_info *info) 6979 { 6980 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6981 struct net_device *dev = info->user_ptr[1]; 6982 struct wireless_dev *wdev = dev->ieee80211_ptr; 6983 struct sk_buff *msg; 6984 void *hdr; 6985 const u8 *addr; 6986 u64 cookie; 6987 int err; 6988 6989 if (wdev->iftype != NL80211_IFTYPE_AP && 6990 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6991 return -EOPNOTSUPP; 6992 6993 if (!info->attrs[NL80211_ATTR_MAC]) 6994 return -EINVAL; 6995 6996 if (!rdev->ops->probe_client) 6997 return -EOPNOTSUPP; 6998 6999 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7000 if (!msg) 7001 return -ENOMEM; 7002 7003 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 7004 NL80211_CMD_PROBE_CLIENT); 7005 7006 if (IS_ERR(hdr)) { 7007 err = PTR_ERR(hdr); 7008 goto free_msg; 7009 } 7010 7011 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 7012 7013 err = rdev_probe_client(rdev, dev, addr, &cookie); 7014 if (err) 7015 goto free_msg; 7016 7017 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 7018 goto nla_put_failure; 7019 7020 genlmsg_end(msg, hdr); 7021 7022 return genlmsg_reply(msg, info); 7023 7024 nla_put_failure: 7025 err = -ENOBUFS; 7026 free_msg: 7027 nlmsg_free(msg); 7028 return err; 7029 } 7030 7031 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 7032 { 7033 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7034 struct cfg80211_beacon_registration *reg, *nreg; 7035 int rv; 7036 7037 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 7038 return -EOPNOTSUPP; 7039 7040 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL); 7041 if (!nreg) 7042 return -ENOMEM; 7043 7044 /* First, check if already registered. */ 7045 spin_lock_bh(&rdev->beacon_registrations_lock); 7046 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 7047 if (reg->nlportid == info->snd_portid) { 7048 rv = -EALREADY; 7049 goto out_err; 7050 } 7051 } 7052 /* Add it to the list */ 7053 nreg->nlportid = info->snd_portid; 7054 list_add(&nreg->list, &rdev->beacon_registrations); 7055 7056 spin_unlock_bh(&rdev->beacon_registrations_lock); 7057 7058 return 0; 7059 out_err: 7060 spin_unlock_bh(&rdev->beacon_registrations_lock); 7061 kfree(nreg); 7062 return rv; 7063 } 7064 7065 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info) 7066 { 7067 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7068 struct wireless_dev *wdev = info->user_ptr[1]; 7069 int err; 7070 7071 if (!rdev->ops->start_p2p_device) 7072 return -EOPNOTSUPP; 7073 7074 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 7075 return -EOPNOTSUPP; 7076 7077 if (wdev->p2p_started) 7078 return 0; 7079 7080 mutex_lock(&rdev->devlist_mtx); 7081 err = cfg80211_can_add_interface(rdev, wdev->iftype); 7082 mutex_unlock(&rdev->devlist_mtx); 7083 if (err) 7084 return err; 7085 7086 err = rdev_start_p2p_device(rdev, wdev); 7087 if (err) 7088 return err; 7089 7090 wdev->p2p_started = true; 7091 mutex_lock(&rdev->devlist_mtx); 7092 rdev->opencount++; 7093 mutex_unlock(&rdev->devlist_mtx); 7094 7095 return 0; 7096 } 7097 7098 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info) 7099 { 7100 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7101 struct wireless_dev *wdev = info->user_ptr[1]; 7102 7103 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 7104 return -EOPNOTSUPP; 7105 7106 if (!rdev->ops->stop_p2p_device) 7107 return -EOPNOTSUPP; 7108 7109 if (!wdev->p2p_started) 7110 return 0; 7111 7112 rdev_stop_p2p_device(rdev, wdev); 7113 wdev->p2p_started = false; 7114 7115 mutex_lock(&rdev->devlist_mtx); 7116 rdev->opencount--; 7117 mutex_unlock(&rdev->devlist_mtx); 7118 7119 if (WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev)) { 7120 rdev->scan_req->aborted = true; 7121 ___cfg80211_scan_done(rdev, true); 7122 } 7123 7124 return 0; 7125 } 7126 7127 #define NL80211_FLAG_NEED_WIPHY 0x01 7128 #define NL80211_FLAG_NEED_NETDEV 0x02 7129 #define NL80211_FLAG_NEED_RTNL 0x04 7130 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 7131 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 7132 NL80211_FLAG_CHECK_NETDEV_UP) 7133 #define NL80211_FLAG_NEED_WDEV 0x10 7134 /* If a netdev is associated, it must be UP, P2P must be started */ 7135 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ 7136 NL80211_FLAG_CHECK_NETDEV_UP) 7137 7138 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 7139 struct genl_info *info) 7140 { 7141 struct cfg80211_registered_device *rdev; 7142 struct wireless_dev *wdev; 7143 struct net_device *dev; 7144 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL; 7145 7146 if (rtnl) 7147 rtnl_lock(); 7148 7149 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) { 7150 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 7151 if (IS_ERR(rdev)) { 7152 if (rtnl) 7153 rtnl_unlock(); 7154 return PTR_ERR(rdev); 7155 } 7156 info->user_ptr[0] = rdev; 7157 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV || 7158 ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 7159 mutex_lock(&cfg80211_mutex); 7160 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info), 7161 info->attrs); 7162 if (IS_ERR(wdev)) { 7163 mutex_unlock(&cfg80211_mutex); 7164 if (rtnl) 7165 rtnl_unlock(); 7166 return PTR_ERR(wdev); 7167 } 7168 7169 dev = wdev->netdev; 7170 rdev = wiphy_to_dev(wdev->wiphy); 7171 7172 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) { 7173 if (!dev) { 7174 mutex_unlock(&cfg80211_mutex); 7175 if (rtnl) 7176 rtnl_unlock(); 7177 return -EINVAL; 7178 } 7179 7180 info->user_ptr[1] = dev; 7181 } else { 7182 info->user_ptr[1] = wdev; 7183 } 7184 7185 if (dev) { 7186 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 7187 !netif_running(dev)) { 7188 mutex_unlock(&cfg80211_mutex); 7189 if (rtnl) 7190 rtnl_unlock(); 7191 return -ENETDOWN; 7192 } 7193 7194 dev_hold(dev); 7195 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) { 7196 if (!wdev->p2p_started) { 7197 mutex_unlock(&cfg80211_mutex); 7198 if (rtnl) 7199 rtnl_unlock(); 7200 return -ENETDOWN; 7201 } 7202 } 7203 7204 cfg80211_lock_rdev(rdev); 7205 7206 mutex_unlock(&cfg80211_mutex); 7207 7208 info->user_ptr[0] = rdev; 7209 } 7210 7211 return 0; 7212 } 7213 7214 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 7215 struct genl_info *info) 7216 { 7217 if (info->user_ptr[0]) 7218 cfg80211_unlock_rdev(info->user_ptr[0]); 7219 if (info->user_ptr[1]) { 7220 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 7221 struct wireless_dev *wdev = info->user_ptr[1]; 7222 7223 if (wdev->netdev) 7224 dev_put(wdev->netdev); 7225 } else { 7226 dev_put(info->user_ptr[1]); 7227 } 7228 } 7229 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) 7230 rtnl_unlock(); 7231 } 7232 7233 static struct genl_ops nl80211_ops[] = { 7234 { 7235 .cmd = NL80211_CMD_GET_WIPHY, 7236 .doit = nl80211_get_wiphy, 7237 .dumpit = nl80211_dump_wiphy, 7238 .policy = nl80211_policy, 7239 /* can be retrieved by unprivileged users */ 7240 .internal_flags = NL80211_FLAG_NEED_WIPHY, 7241 }, 7242 { 7243 .cmd = NL80211_CMD_SET_WIPHY, 7244 .doit = nl80211_set_wiphy, 7245 .policy = nl80211_policy, 7246 .flags = GENL_ADMIN_PERM, 7247 .internal_flags = NL80211_FLAG_NEED_RTNL, 7248 }, 7249 { 7250 .cmd = NL80211_CMD_GET_INTERFACE, 7251 .doit = nl80211_get_interface, 7252 .dumpit = nl80211_dump_interface, 7253 .policy = nl80211_policy, 7254 /* can be retrieved by unprivileged users */ 7255 .internal_flags = NL80211_FLAG_NEED_WDEV, 7256 }, 7257 { 7258 .cmd = NL80211_CMD_SET_INTERFACE, 7259 .doit = nl80211_set_interface, 7260 .policy = nl80211_policy, 7261 .flags = GENL_ADMIN_PERM, 7262 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7263 NL80211_FLAG_NEED_RTNL, 7264 }, 7265 { 7266 .cmd = NL80211_CMD_NEW_INTERFACE, 7267 .doit = nl80211_new_interface, 7268 .policy = nl80211_policy, 7269 .flags = GENL_ADMIN_PERM, 7270 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7271 NL80211_FLAG_NEED_RTNL, 7272 }, 7273 { 7274 .cmd = NL80211_CMD_DEL_INTERFACE, 7275 .doit = nl80211_del_interface, 7276 .policy = nl80211_policy, 7277 .flags = GENL_ADMIN_PERM, 7278 .internal_flags = NL80211_FLAG_NEED_WDEV | 7279 NL80211_FLAG_NEED_RTNL, 7280 }, 7281 { 7282 .cmd = NL80211_CMD_GET_KEY, 7283 .doit = nl80211_get_key, 7284 .policy = nl80211_policy, 7285 .flags = GENL_ADMIN_PERM, 7286 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7287 NL80211_FLAG_NEED_RTNL, 7288 }, 7289 { 7290 .cmd = NL80211_CMD_SET_KEY, 7291 .doit = nl80211_set_key, 7292 .policy = nl80211_policy, 7293 .flags = GENL_ADMIN_PERM, 7294 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7295 NL80211_FLAG_NEED_RTNL, 7296 }, 7297 { 7298 .cmd = NL80211_CMD_NEW_KEY, 7299 .doit = nl80211_new_key, 7300 .policy = nl80211_policy, 7301 .flags = GENL_ADMIN_PERM, 7302 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7303 NL80211_FLAG_NEED_RTNL, 7304 }, 7305 { 7306 .cmd = NL80211_CMD_DEL_KEY, 7307 .doit = nl80211_del_key, 7308 .policy = nl80211_policy, 7309 .flags = GENL_ADMIN_PERM, 7310 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7311 NL80211_FLAG_NEED_RTNL, 7312 }, 7313 { 7314 .cmd = NL80211_CMD_SET_BEACON, 7315 .policy = nl80211_policy, 7316 .flags = GENL_ADMIN_PERM, 7317 .doit = nl80211_set_beacon, 7318 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7319 NL80211_FLAG_NEED_RTNL, 7320 }, 7321 { 7322 .cmd = NL80211_CMD_START_AP, 7323 .policy = nl80211_policy, 7324 .flags = GENL_ADMIN_PERM, 7325 .doit = nl80211_start_ap, 7326 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7327 NL80211_FLAG_NEED_RTNL, 7328 }, 7329 { 7330 .cmd = NL80211_CMD_STOP_AP, 7331 .policy = nl80211_policy, 7332 .flags = GENL_ADMIN_PERM, 7333 .doit = nl80211_stop_ap, 7334 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7335 NL80211_FLAG_NEED_RTNL, 7336 }, 7337 { 7338 .cmd = NL80211_CMD_GET_STATION, 7339 .doit = nl80211_get_station, 7340 .dumpit = nl80211_dump_station, 7341 .policy = nl80211_policy, 7342 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7343 NL80211_FLAG_NEED_RTNL, 7344 }, 7345 { 7346 .cmd = NL80211_CMD_SET_STATION, 7347 .doit = nl80211_set_station, 7348 .policy = nl80211_policy, 7349 .flags = GENL_ADMIN_PERM, 7350 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7351 NL80211_FLAG_NEED_RTNL, 7352 }, 7353 { 7354 .cmd = NL80211_CMD_NEW_STATION, 7355 .doit = nl80211_new_station, 7356 .policy = nl80211_policy, 7357 .flags = GENL_ADMIN_PERM, 7358 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7359 NL80211_FLAG_NEED_RTNL, 7360 }, 7361 { 7362 .cmd = NL80211_CMD_DEL_STATION, 7363 .doit = nl80211_del_station, 7364 .policy = nl80211_policy, 7365 .flags = GENL_ADMIN_PERM, 7366 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7367 NL80211_FLAG_NEED_RTNL, 7368 }, 7369 { 7370 .cmd = NL80211_CMD_GET_MPATH, 7371 .doit = nl80211_get_mpath, 7372 .dumpit = nl80211_dump_mpath, 7373 .policy = nl80211_policy, 7374 .flags = GENL_ADMIN_PERM, 7375 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7376 NL80211_FLAG_NEED_RTNL, 7377 }, 7378 { 7379 .cmd = NL80211_CMD_SET_MPATH, 7380 .doit = nl80211_set_mpath, 7381 .policy = nl80211_policy, 7382 .flags = GENL_ADMIN_PERM, 7383 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7384 NL80211_FLAG_NEED_RTNL, 7385 }, 7386 { 7387 .cmd = NL80211_CMD_NEW_MPATH, 7388 .doit = nl80211_new_mpath, 7389 .policy = nl80211_policy, 7390 .flags = GENL_ADMIN_PERM, 7391 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7392 NL80211_FLAG_NEED_RTNL, 7393 }, 7394 { 7395 .cmd = NL80211_CMD_DEL_MPATH, 7396 .doit = nl80211_del_mpath, 7397 .policy = nl80211_policy, 7398 .flags = GENL_ADMIN_PERM, 7399 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7400 NL80211_FLAG_NEED_RTNL, 7401 }, 7402 { 7403 .cmd = NL80211_CMD_SET_BSS, 7404 .doit = nl80211_set_bss, 7405 .policy = nl80211_policy, 7406 .flags = GENL_ADMIN_PERM, 7407 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7408 NL80211_FLAG_NEED_RTNL, 7409 }, 7410 { 7411 .cmd = NL80211_CMD_GET_REG, 7412 .doit = nl80211_get_reg, 7413 .policy = nl80211_policy, 7414 /* can be retrieved by unprivileged users */ 7415 }, 7416 { 7417 .cmd = NL80211_CMD_SET_REG, 7418 .doit = nl80211_set_reg, 7419 .policy = nl80211_policy, 7420 .flags = GENL_ADMIN_PERM, 7421 }, 7422 { 7423 .cmd = NL80211_CMD_REQ_SET_REG, 7424 .doit = nl80211_req_set_reg, 7425 .policy = nl80211_policy, 7426 .flags = GENL_ADMIN_PERM, 7427 }, 7428 { 7429 .cmd = NL80211_CMD_GET_MESH_CONFIG, 7430 .doit = nl80211_get_mesh_config, 7431 .policy = nl80211_policy, 7432 /* can be retrieved by unprivileged users */ 7433 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7434 NL80211_FLAG_NEED_RTNL, 7435 }, 7436 { 7437 .cmd = NL80211_CMD_SET_MESH_CONFIG, 7438 .doit = nl80211_update_mesh_config, 7439 .policy = nl80211_policy, 7440 .flags = GENL_ADMIN_PERM, 7441 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7442 NL80211_FLAG_NEED_RTNL, 7443 }, 7444 { 7445 .cmd = NL80211_CMD_TRIGGER_SCAN, 7446 .doit = nl80211_trigger_scan, 7447 .policy = nl80211_policy, 7448 .flags = GENL_ADMIN_PERM, 7449 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7450 NL80211_FLAG_NEED_RTNL, 7451 }, 7452 { 7453 .cmd = NL80211_CMD_GET_SCAN, 7454 .policy = nl80211_policy, 7455 .dumpit = nl80211_dump_scan, 7456 }, 7457 { 7458 .cmd = NL80211_CMD_START_SCHED_SCAN, 7459 .doit = nl80211_start_sched_scan, 7460 .policy = nl80211_policy, 7461 .flags = GENL_ADMIN_PERM, 7462 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7463 NL80211_FLAG_NEED_RTNL, 7464 }, 7465 { 7466 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 7467 .doit = nl80211_stop_sched_scan, 7468 .policy = nl80211_policy, 7469 .flags = GENL_ADMIN_PERM, 7470 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7471 NL80211_FLAG_NEED_RTNL, 7472 }, 7473 { 7474 .cmd = NL80211_CMD_AUTHENTICATE, 7475 .doit = nl80211_authenticate, 7476 .policy = nl80211_policy, 7477 .flags = GENL_ADMIN_PERM, 7478 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7479 NL80211_FLAG_NEED_RTNL, 7480 }, 7481 { 7482 .cmd = NL80211_CMD_ASSOCIATE, 7483 .doit = nl80211_associate, 7484 .policy = nl80211_policy, 7485 .flags = GENL_ADMIN_PERM, 7486 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7487 NL80211_FLAG_NEED_RTNL, 7488 }, 7489 { 7490 .cmd = NL80211_CMD_DEAUTHENTICATE, 7491 .doit = nl80211_deauthenticate, 7492 .policy = nl80211_policy, 7493 .flags = GENL_ADMIN_PERM, 7494 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7495 NL80211_FLAG_NEED_RTNL, 7496 }, 7497 { 7498 .cmd = NL80211_CMD_DISASSOCIATE, 7499 .doit = nl80211_disassociate, 7500 .policy = nl80211_policy, 7501 .flags = GENL_ADMIN_PERM, 7502 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7503 NL80211_FLAG_NEED_RTNL, 7504 }, 7505 { 7506 .cmd = NL80211_CMD_JOIN_IBSS, 7507 .doit = nl80211_join_ibss, 7508 .policy = nl80211_policy, 7509 .flags = GENL_ADMIN_PERM, 7510 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7511 NL80211_FLAG_NEED_RTNL, 7512 }, 7513 { 7514 .cmd = NL80211_CMD_LEAVE_IBSS, 7515 .doit = nl80211_leave_ibss, 7516 .policy = nl80211_policy, 7517 .flags = GENL_ADMIN_PERM, 7518 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7519 NL80211_FLAG_NEED_RTNL, 7520 }, 7521 #ifdef CONFIG_NL80211_TESTMODE 7522 { 7523 .cmd = NL80211_CMD_TESTMODE, 7524 .doit = nl80211_testmode_do, 7525 .dumpit = nl80211_testmode_dump, 7526 .policy = nl80211_policy, 7527 .flags = GENL_ADMIN_PERM, 7528 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7529 NL80211_FLAG_NEED_RTNL, 7530 }, 7531 #endif 7532 { 7533 .cmd = NL80211_CMD_CONNECT, 7534 .doit = nl80211_connect, 7535 .policy = nl80211_policy, 7536 .flags = GENL_ADMIN_PERM, 7537 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7538 NL80211_FLAG_NEED_RTNL, 7539 }, 7540 { 7541 .cmd = NL80211_CMD_DISCONNECT, 7542 .doit = nl80211_disconnect, 7543 .policy = nl80211_policy, 7544 .flags = GENL_ADMIN_PERM, 7545 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7546 NL80211_FLAG_NEED_RTNL, 7547 }, 7548 { 7549 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 7550 .doit = nl80211_wiphy_netns, 7551 .policy = nl80211_policy, 7552 .flags = GENL_ADMIN_PERM, 7553 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7554 NL80211_FLAG_NEED_RTNL, 7555 }, 7556 { 7557 .cmd = NL80211_CMD_GET_SURVEY, 7558 .policy = nl80211_policy, 7559 .dumpit = nl80211_dump_survey, 7560 }, 7561 { 7562 .cmd = NL80211_CMD_SET_PMKSA, 7563 .doit = nl80211_setdel_pmksa, 7564 .policy = nl80211_policy, 7565 .flags = GENL_ADMIN_PERM, 7566 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7567 NL80211_FLAG_NEED_RTNL, 7568 }, 7569 { 7570 .cmd = NL80211_CMD_DEL_PMKSA, 7571 .doit = nl80211_setdel_pmksa, 7572 .policy = nl80211_policy, 7573 .flags = GENL_ADMIN_PERM, 7574 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7575 NL80211_FLAG_NEED_RTNL, 7576 }, 7577 { 7578 .cmd = NL80211_CMD_FLUSH_PMKSA, 7579 .doit = nl80211_flush_pmksa, 7580 .policy = nl80211_policy, 7581 .flags = GENL_ADMIN_PERM, 7582 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7583 NL80211_FLAG_NEED_RTNL, 7584 }, 7585 { 7586 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 7587 .doit = nl80211_remain_on_channel, 7588 .policy = nl80211_policy, 7589 .flags = GENL_ADMIN_PERM, 7590 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7591 NL80211_FLAG_NEED_RTNL, 7592 }, 7593 { 7594 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 7595 .doit = nl80211_cancel_remain_on_channel, 7596 .policy = nl80211_policy, 7597 .flags = GENL_ADMIN_PERM, 7598 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7599 NL80211_FLAG_NEED_RTNL, 7600 }, 7601 { 7602 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 7603 .doit = nl80211_set_tx_bitrate_mask, 7604 .policy = nl80211_policy, 7605 .flags = GENL_ADMIN_PERM, 7606 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7607 NL80211_FLAG_NEED_RTNL, 7608 }, 7609 { 7610 .cmd = NL80211_CMD_REGISTER_FRAME, 7611 .doit = nl80211_register_mgmt, 7612 .policy = nl80211_policy, 7613 .flags = GENL_ADMIN_PERM, 7614 .internal_flags = NL80211_FLAG_NEED_WDEV | 7615 NL80211_FLAG_NEED_RTNL, 7616 }, 7617 { 7618 .cmd = NL80211_CMD_FRAME, 7619 .doit = nl80211_tx_mgmt, 7620 .policy = nl80211_policy, 7621 .flags = GENL_ADMIN_PERM, 7622 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7623 NL80211_FLAG_NEED_RTNL, 7624 }, 7625 { 7626 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 7627 .doit = nl80211_tx_mgmt_cancel_wait, 7628 .policy = nl80211_policy, 7629 .flags = GENL_ADMIN_PERM, 7630 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7631 NL80211_FLAG_NEED_RTNL, 7632 }, 7633 { 7634 .cmd = NL80211_CMD_SET_POWER_SAVE, 7635 .doit = nl80211_set_power_save, 7636 .policy = nl80211_policy, 7637 .flags = GENL_ADMIN_PERM, 7638 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7639 NL80211_FLAG_NEED_RTNL, 7640 }, 7641 { 7642 .cmd = NL80211_CMD_GET_POWER_SAVE, 7643 .doit = nl80211_get_power_save, 7644 .policy = nl80211_policy, 7645 /* can be retrieved by unprivileged users */ 7646 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7647 NL80211_FLAG_NEED_RTNL, 7648 }, 7649 { 7650 .cmd = NL80211_CMD_SET_CQM, 7651 .doit = nl80211_set_cqm, 7652 .policy = nl80211_policy, 7653 .flags = GENL_ADMIN_PERM, 7654 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7655 NL80211_FLAG_NEED_RTNL, 7656 }, 7657 { 7658 .cmd = NL80211_CMD_SET_CHANNEL, 7659 .doit = nl80211_set_channel, 7660 .policy = nl80211_policy, 7661 .flags = GENL_ADMIN_PERM, 7662 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7663 NL80211_FLAG_NEED_RTNL, 7664 }, 7665 { 7666 .cmd = NL80211_CMD_SET_WDS_PEER, 7667 .doit = nl80211_set_wds_peer, 7668 .policy = nl80211_policy, 7669 .flags = GENL_ADMIN_PERM, 7670 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7671 NL80211_FLAG_NEED_RTNL, 7672 }, 7673 { 7674 .cmd = NL80211_CMD_JOIN_MESH, 7675 .doit = nl80211_join_mesh, 7676 .policy = nl80211_policy, 7677 .flags = GENL_ADMIN_PERM, 7678 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7679 NL80211_FLAG_NEED_RTNL, 7680 }, 7681 { 7682 .cmd = NL80211_CMD_LEAVE_MESH, 7683 .doit = nl80211_leave_mesh, 7684 .policy = nl80211_policy, 7685 .flags = GENL_ADMIN_PERM, 7686 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7687 NL80211_FLAG_NEED_RTNL, 7688 }, 7689 #ifdef CONFIG_PM 7690 { 7691 .cmd = NL80211_CMD_GET_WOWLAN, 7692 .doit = nl80211_get_wowlan, 7693 .policy = nl80211_policy, 7694 /* can be retrieved by unprivileged users */ 7695 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7696 NL80211_FLAG_NEED_RTNL, 7697 }, 7698 { 7699 .cmd = NL80211_CMD_SET_WOWLAN, 7700 .doit = nl80211_set_wowlan, 7701 .policy = nl80211_policy, 7702 .flags = GENL_ADMIN_PERM, 7703 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7704 NL80211_FLAG_NEED_RTNL, 7705 }, 7706 #endif 7707 { 7708 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 7709 .doit = nl80211_set_rekey_data, 7710 .policy = nl80211_policy, 7711 .flags = GENL_ADMIN_PERM, 7712 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7713 NL80211_FLAG_NEED_RTNL, 7714 }, 7715 { 7716 .cmd = NL80211_CMD_TDLS_MGMT, 7717 .doit = nl80211_tdls_mgmt, 7718 .policy = nl80211_policy, 7719 .flags = GENL_ADMIN_PERM, 7720 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7721 NL80211_FLAG_NEED_RTNL, 7722 }, 7723 { 7724 .cmd = NL80211_CMD_TDLS_OPER, 7725 .doit = nl80211_tdls_oper, 7726 .policy = nl80211_policy, 7727 .flags = GENL_ADMIN_PERM, 7728 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7729 NL80211_FLAG_NEED_RTNL, 7730 }, 7731 { 7732 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 7733 .doit = nl80211_register_unexpected_frame, 7734 .policy = nl80211_policy, 7735 .flags = GENL_ADMIN_PERM, 7736 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7737 NL80211_FLAG_NEED_RTNL, 7738 }, 7739 { 7740 .cmd = NL80211_CMD_PROBE_CLIENT, 7741 .doit = nl80211_probe_client, 7742 .policy = nl80211_policy, 7743 .flags = GENL_ADMIN_PERM, 7744 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7745 NL80211_FLAG_NEED_RTNL, 7746 }, 7747 { 7748 .cmd = NL80211_CMD_REGISTER_BEACONS, 7749 .doit = nl80211_register_beacons, 7750 .policy = nl80211_policy, 7751 .flags = GENL_ADMIN_PERM, 7752 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7753 NL80211_FLAG_NEED_RTNL, 7754 }, 7755 { 7756 .cmd = NL80211_CMD_SET_NOACK_MAP, 7757 .doit = nl80211_set_noack_map, 7758 .policy = nl80211_policy, 7759 .flags = GENL_ADMIN_PERM, 7760 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7761 NL80211_FLAG_NEED_RTNL, 7762 }, 7763 { 7764 .cmd = NL80211_CMD_START_P2P_DEVICE, 7765 .doit = nl80211_start_p2p_device, 7766 .policy = nl80211_policy, 7767 .flags = GENL_ADMIN_PERM, 7768 .internal_flags = NL80211_FLAG_NEED_WDEV | 7769 NL80211_FLAG_NEED_RTNL, 7770 }, 7771 { 7772 .cmd = NL80211_CMD_STOP_P2P_DEVICE, 7773 .doit = nl80211_stop_p2p_device, 7774 .policy = nl80211_policy, 7775 .flags = GENL_ADMIN_PERM, 7776 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7777 NL80211_FLAG_NEED_RTNL, 7778 }, 7779 { 7780 .cmd = NL80211_CMD_SET_MCAST_RATE, 7781 .doit = nl80211_set_mcast_rate, 7782 .policy = nl80211_policy, 7783 .flags = GENL_ADMIN_PERM, 7784 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7785 NL80211_FLAG_NEED_RTNL, 7786 }, 7787 }; 7788 7789 static struct genl_multicast_group nl80211_mlme_mcgrp = { 7790 .name = "mlme", 7791 }; 7792 7793 /* multicast groups */ 7794 static struct genl_multicast_group nl80211_config_mcgrp = { 7795 .name = "config", 7796 }; 7797 static struct genl_multicast_group nl80211_scan_mcgrp = { 7798 .name = "scan", 7799 }; 7800 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 7801 .name = "regulatory", 7802 }; 7803 7804 /* notification functions */ 7805 7806 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 7807 { 7808 struct sk_buff *msg; 7809 7810 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7811 if (!msg) 7812 return; 7813 7814 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 7815 nlmsg_free(msg); 7816 return; 7817 } 7818 7819 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7820 nl80211_config_mcgrp.id, GFP_KERNEL); 7821 } 7822 7823 static int nl80211_add_scan_req(struct sk_buff *msg, 7824 struct cfg80211_registered_device *rdev) 7825 { 7826 struct cfg80211_scan_request *req = rdev->scan_req; 7827 struct nlattr *nest; 7828 int i; 7829 7830 ASSERT_RDEV_LOCK(rdev); 7831 7832 if (WARN_ON(!req)) 7833 return 0; 7834 7835 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 7836 if (!nest) 7837 goto nla_put_failure; 7838 for (i = 0; i < req->n_ssids; i++) { 7839 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid)) 7840 goto nla_put_failure; 7841 } 7842 nla_nest_end(msg, nest); 7843 7844 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 7845 if (!nest) 7846 goto nla_put_failure; 7847 for (i = 0; i < req->n_channels; i++) { 7848 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 7849 goto nla_put_failure; 7850 } 7851 nla_nest_end(msg, nest); 7852 7853 if (req->ie && 7854 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie)) 7855 goto nla_put_failure; 7856 7857 if (req->flags) 7858 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags); 7859 7860 return 0; 7861 nla_put_failure: 7862 return -ENOBUFS; 7863 } 7864 7865 static int nl80211_send_scan_msg(struct sk_buff *msg, 7866 struct cfg80211_registered_device *rdev, 7867 struct wireless_dev *wdev, 7868 u32 portid, u32 seq, int flags, 7869 u32 cmd) 7870 { 7871 void *hdr; 7872 7873 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 7874 if (!hdr) 7875 return -1; 7876 7877 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7878 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 7879 wdev->netdev->ifindex)) || 7880 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 7881 goto nla_put_failure; 7882 7883 /* ignore errors and send incomplete event anyway */ 7884 nl80211_add_scan_req(msg, rdev); 7885 7886 return genlmsg_end(msg, hdr); 7887 7888 nla_put_failure: 7889 genlmsg_cancel(msg, hdr); 7890 return -EMSGSIZE; 7891 } 7892 7893 static int 7894 nl80211_send_sched_scan_msg(struct sk_buff *msg, 7895 struct cfg80211_registered_device *rdev, 7896 struct net_device *netdev, 7897 u32 portid, u32 seq, int flags, u32 cmd) 7898 { 7899 void *hdr; 7900 7901 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 7902 if (!hdr) 7903 return -1; 7904 7905 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7906 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 7907 goto nla_put_failure; 7908 7909 return genlmsg_end(msg, hdr); 7910 7911 nla_put_failure: 7912 genlmsg_cancel(msg, hdr); 7913 return -EMSGSIZE; 7914 } 7915 7916 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 7917 struct wireless_dev *wdev) 7918 { 7919 struct sk_buff *msg; 7920 7921 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7922 if (!msg) 7923 return; 7924 7925 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 7926 NL80211_CMD_TRIGGER_SCAN) < 0) { 7927 nlmsg_free(msg); 7928 return; 7929 } 7930 7931 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7932 nl80211_scan_mcgrp.id, GFP_KERNEL); 7933 } 7934 7935 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 7936 struct wireless_dev *wdev) 7937 { 7938 struct sk_buff *msg; 7939 7940 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7941 if (!msg) 7942 return; 7943 7944 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 7945 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 7946 nlmsg_free(msg); 7947 return; 7948 } 7949 7950 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7951 nl80211_scan_mcgrp.id, GFP_KERNEL); 7952 } 7953 7954 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 7955 struct wireless_dev *wdev) 7956 { 7957 struct sk_buff *msg; 7958 7959 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7960 if (!msg) 7961 return; 7962 7963 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 7964 NL80211_CMD_SCAN_ABORTED) < 0) { 7965 nlmsg_free(msg); 7966 return; 7967 } 7968 7969 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7970 nl80211_scan_mcgrp.id, GFP_KERNEL); 7971 } 7972 7973 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, 7974 struct net_device *netdev) 7975 { 7976 struct sk_buff *msg; 7977 7978 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7979 if (!msg) 7980 return; 7981 7982 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, 7983 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) { 7984 nlmsg_free(msg); 7985 return; 7986 } 7987 7988 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7989 nl80211_scan_mcgrp.id, GFP_KERNEL); 7990 } 7991 7992 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, 7993 struct net_device *netdev, u32 cmd) 7994 { 7995 struct sk_buff *msg; 7996 7997 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7998 if (!msg) 7999 return; 8000 8001 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) { 8002 nlmsg_free(msg); 8003 return; 8004 } 8005 8006 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8007 nl80211_scan_mcgrp.id, GFP_KERNEL); 8008 } 8009 8010 /* 8011 * This can happen on global regulatory changes or device specific settings 8012 * based on custom world regulatory domains. 8013 */ 8014 void nl80211_send_reg_change_event(struct regulatory_request *request) 8015 { 8016 struct sk_buff *msg; 8017 void *hdr; 8018 8019 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8020 if (!msg) 8021 return; 8022 8023 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 8024 if (!hdr) { 8025 nlmsg_free(msg); 8026 return; 8027 } 8028 8029 /* Userspace can always count this one always being set */ 8030 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator)) 8031 goto nla_put_failure; 8032 8033 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') { 8034 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 8035 NL80211_REGDOM_TYPE_WORLD)) 8036 goto nla_put_failure; 8037 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') { 8038 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 8039 NL80211_REGDOM_TYPE_CUSTOM_WORLD)) 8040 goto nla_put_failure; 8041 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 8042 request->intersect) { 8043 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 8044 NL80211_REGDOM_TYPE_INTERSECTION)) 8045 goto nla_put_failure; 8046 } else { 8047 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 8048 NL80211_REGDOM_TYPE_COUNTRY) || 8049 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 8050 request->alpha2)) 8051 goto nla_put_failure; 8052 } 8053 8054 if (wiphy_idx_valid(request->wiphy_idx) && 8055 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx)) 8056 goto nla_put_failure; 8057 8058 genlmsg_end(msg, hdr); 8059 8060 rcu_read_lock(); 8061 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 8062 GFP_ATOMIC); 8063 rcu_read_unlock(); 8064 8065 return; 8066 8067 nla_put_failure: 8068 genlmsg_cancel(msg, hdr); 8069 nlmsg_free(msg); 8070 } 8071 8072 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 8073 struct net_device *netdev, 8074 const u8 *buf, size_t len, 8075 enum nl80211_commands cmd, gfp_t gfp) 8076 { 8077 struct sk_buff *msg; 8078 void *hdr; 8079 8080 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8081 if (!msg) 8082 return; 8083 8084 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 8085 if (!hdr) { 8086 nlmsg_free(msg); 8087 return; 8088 } 8089 8090 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8091 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8092 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 8093 goto nla_put_failure; 8094 8095 genlmsg_end(msg, hdr); 8096 8097 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8098 nl80211_mlme_mcgrp.id, gfp); 8099 return; 8100 8101 nla_put_failure: 8102 genlmsg_cancel(msg, hdr); 8103 nlmsg_free(msg); 8104 } 8105 8106 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 8107 struct net_device *netdev, const u8 *buf, 8108 size_t len, gfp_t gfp) 8109 { 8110 nl80211_send_mlme_event(rdev, netdev, buf, len, 8111 NL80211_CMD_AUTHENTICATE, gfp); 8112 } 8113 8114 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 8115 struct net_device *netdev, const u8 *buf, 8116 size_t len, gfp_t gfp) 8117 { 8118 nl80211_send_mlme_event(rdev, netdev, buf, len, 8119 NL80211_CMD_ASSOCIATE, gfp); 8120 } 8121 8122 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 8123 struct net_device *netdev, const u8 *buf, 8124 size_t len, gfp_t gfp) 8125 { 8126 nl80211_send_mlme_event(rdev, netdev, buf, len, 8127 NL80211_CMD_DEAUTHENTICATE, gfp); 8128 } 8129 8130 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 8131 struct net_device *netdev, const u8 *buf, 8132 size_t len, gfp_t gfp) 8133 { 8134 nl80211_send_mlme_event(rdev, netdev, buf, len, 8135 NL80211_CMD_DISASSOCIATE, gfp); 8136 } 8137 8138 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev, 8139 struct net_device *netdev, const u8 *buf, 8140 size_t len, gfp_t gfp) 8141 { 8142 nl80211_send_mlme_event(rdev, netdev, buf, len, 8143 NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp); 8144 } 8145 8146 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev, 8147 struct net_device *netdev, const u8 *buf, 8148 size_t len, gfp_t gfp) 8149 { 8150 nl80211_send_mlme_event(rdev, netdev, buf, len, 8151 NL80211_CMD_UNPROT_DISASSOCIATE, gfp); 8152 } 8153 8154 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 8155 struct net_device *netdev, int cmd, 8156 const u8 *addr, gfp_t gfp) 8157 { 8158 struct sk_buff *msg; 8159 void *hdr; 8160 8161 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8162 if (!msg) 8163 return; 8164 8165 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 8166 if (!hdr) { 8167 nlmsg_free(msg); 8168 return; 8169 } 8170 8171 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8172 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8173 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 8174 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 8175 goto nla_put_failure; 8176 8177 genlmsg_end(msg, hdr); 8178 8179 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8180 nl80211_mlme_mcgrp.id, gfp); 8181 return; 8182 8183 nla_put_failure: 8184 genlmsg_cancel(msg, hdr); 8185 nlmsg_free(msg); 8186 } 8187 8188 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 8189 struct net_device *netdev, const u8 *addr, 8190 gfp_t gfp) 8191 { 8192 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 8193 addr, gfp); 8194 } 8195 8196 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 8197 struct net_device *netdev, const u8 *addr, 8198 gfp_t gfp) 8199 { 8200 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 8201 addr, gfp); 8202 } 8203 8204 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 8205 struct net_device *netdev, const u8 *bssid, 8206 const u8 *req_ie, size_t req_ie_len, 8207 const u8 *resp_ie, size_t resp_ie_len, 8208 u16 status, gfp_t gfp) 8209 { 8210 struct sk_buff *msg; 8211 void *hdr; 8212 8213 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8214 if (!msg) 8215 return; 8216 8217 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 8218 if (!hdr) { 8219 nlmsg_free(msg); 8220 return; 8221 } 8222 8223 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8224 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8225 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) || 8226 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) || 8227 (req_ie && 8228 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 8229 (resp_ie && 8230 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 8231 goto nla_put_failure; 8232 8233 genlmsg_end(msg, hdr); 8234 8235 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8236 nl80211_mlme_mcgrp.id, gfp); 8237 return; 8238 8239 nla_put_failure: 8240 genlmsg_cancel(msg, hdr); 8241 nlmsg_free(msg); 8242 8243 } 8244 8245 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 8246 struct net_device *netdev, const u8 *bssid, 8247 const u8 *req_ie, size_t req_ie_len, 8248 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 8249 { 8250 struct sk_buff *msg; 8251 void *hdr; 8252 8253 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8254 if (!msg) 8255 return; 8256 8257 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 8258 if (!hdr) { 8259 nlmsg_free(msg); 8260 return; 8261 } 8262 8263 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8264 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8265 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) || 8266 (req_ie && 8267 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 8268 (resp_ie && 8269 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 8270 goto nla_put_failure; 8271 8272 genlmsg_end(msg, hdr); 8273 8274 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8275 nl80211_mlme_mcgrp.id, gfp); 8276 return; 8277 8278 nla_put_failure: 8279 genlmsg_cancel(msg, hdr); 8280 nlmsg_free(msg); 8281 8282 } 8283 8284 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 8285 struct net_device *netdev, u16 reason, 8286 const u8 *ie, size_t ie_len, bool from_ap) 8287 { 8288 struct sk_buff *msg; 8289 void *hdr; 8290 8291 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8292 if (!msg) 8293 return; 8294 8295 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 8296 if (!hdr) { 8297 nlmsg_free(msg); 8298 return; 8299 } 8300 8301 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8302 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8303 (from_ap && reason && 8304 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) || 8305 (from_ap && 8306 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) || 8307 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) 8308 goto nla_put_failure; 8309 8310 genlmsg_end(msg, hdr); 8311 8312 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8313 nl80211_mlme_mcgrp.id, GFP_KERNEL); 8314 return; 8315 8316 nla_put_failure: 8317 genlmsg_cancel(msg, hdr); 8318 nlmsg_free(msg); 8319 8320 } 8321 8322 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 8323 struct net_device *netdev, const u8 *bssid, 8324 gfp_t gfp) 8325 { 8326 struct sk_buff *msg; 8327 void *hdr; 8328 8329 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8330 if (!msg) 8331 return; 8332 8333 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 8334 if (!hdr) { 8335 nlmsg_free(msg); 8336 return; 8337 } 8338 8339 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8340 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8341 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 8342 goto nla_put_failure; 8343 8344 genlmsg_end(msg, hdr); 8345 8346 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8347 nl80211_mlme_mcgrp.id, gfp); 8348 return; 8349 8350 nla_put_failure: 8351 genlmsg_cancel(msg, hdr); 8352 nlmsg_free(msg); 8353 } 8354 8355 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev, 8356 struct net_device *netdev, 8357 const u8 *macaddr, const u8* ie, u8 ie_len, 8358 gfp_t gfp) 8359 { 8360 struct sk_buff *msg; 8361 void *hdr; 8362 8363 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8364 if (!msg) 8365 return; 8366 8367 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 8368 if (!hdr) { 8369 nlmsg_free(msg); 8370 return; 8371 } 8372 8373 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8374 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8375 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr) || 8376 (ie_len && ie && 8377 nla_put(msg, NL80211_ATTR_IE, ie_len , ie))) 8378 goto nla_put_failure; 8379 8380 genlmsg_end(msg, hdr); 8381 8382 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8383 nl80211_mlme_mcgrp.id, gfp); 8384 return; 8385 8386 nla_put_failure: 8387 genlmsg_cancel(msg, hdr); 8388 nlmsg_free(msg); 8389 } 8390 8391 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 8392 struct net_device *netdev, const u8 *addr, 8393 enum nl80211_key_type key_type, int key_id, 8394 const u8 *tsc, gfp_t gfp) 8395 { 8396 struct sk_buff *msg; 8397 void *hdr; 8398 8399 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8400 if (!msg) 8401 return; 8402 8403 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 8404 if (!hdr) { 8405 nlmsg_free(msg); 8406 return; 8407 } 8408 8409 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8410 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8411 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) || 8412 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) || 8413 (key_id != -1 && 8414 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) || 8415 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc))) 8416 goto nla_put_failure; 8417 8418 genlmsg_end(msg, hdr); 8419 8420 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8421 nl80211_mlme_mcgrp.id, gfp); 8422 return; 8423 8424 nla_put_failure: 8425 genlmsg_cancel(msg, hdr); 8426 nlmsg_free(msg); 8427 } 8428 8429 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 8430 struct ieee80211_channel *channel_before, 8431 struct ieee80211_channel *channel_after) 8432 { 8433 struct sk_buff *msg; 8434 void *hdr; 8435 struct nlattr *nl_freq; 8436 8437 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 8438 if (!msg) 8439 return; 8440 8441 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 8442 if (!hdr) { 8443 nlmsg_free(msg); 8444 return; 8445 } 8446 8447 /* 8448 * Since we are applying the beacon hint to a wiphy we know its 8449 * wiphy_idx is valid 8450 */ 8451 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 8452 goto nla_put_failure; 8453 8454 /* Before */ 8455 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 8456 if (!nl_freq) 8457 goto nla_put_failure; 8458 if (nl80211_msg_put_channel(msg, channel_before)) 8459 goto nla_put_failure; 8460 nla_nest_end(msg, nl_freq); 8461 8462 /* After */ 8463 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 8464 if (!nl_freq) 8465 goto nla_put_failure; 8466 if (nl80211_msg_put_channel(msg, channel_after)) 8467 goto nla_put_failure; 8468 nla_nest_end(msg, nl_freq); 8469 8470 genlmsg_end(msg, hdr); 8471 8472 rcu_read_lock(); 8473 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 8474 GFP_ATOMIC); 8475 rcu_read_unlock(); 8476 8477 return; 8478 8479 nla_put_failure: 8480 genlmsg_cancel(msg, hdr); 8481 nlmsg_free(msg); 8482 } 8483 8484 static void nl80211_send_remain_on_chan_event( 8485 int cmd, struct cfg80211_registered_device *rdev, 8486 struct wireless_dev *wdev, u64 cookie, 8487 struct ieee80211_channel *chan, 8488 unsigned int duration, gfp_t gfp) 8489 { 8490 struct sk_buff *msg; 8491 void *hdr; 8492 8493 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8494 if (!msg) 8495 return; 8496 8497 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 8498 if (!hdr) { 8499 nlmsg_free(msg); 8500 return; 8501 } 8502 8503 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8504 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 8505 wdev->netdev->ifindex)) || 8506 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 8507 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 8508 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 8509 NL80211_CHAN_NO_HT) || 8510 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 8511 goto nla_put_failure; 8512 8513 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL && 8514 nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) 8515 goto nla_put_failure; 8516 8517 genlmsg_end(msg, hdr); 8518 8519 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8520 nl80211_mlme_mcgrp.id, gfp); 8521 return; 8522 8523 nla_put_failure: 8524 genlmsg_cancel(msg, hdr); 8525 nlmsg_free(msg); 8526 } 8527 8528 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 8529 struct wireless_dev *wdev, u64 cookie, 8530 struct ieee80211_channel *chan, 8531 unsigned int duration, gfp_t gfp) 8532 { 8533 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 8534 rdev, wdev, cookie, chan, 8535 duration, gfp); 8536 } 8537 8538 void nl80211_send_remain_on_channel_cancel( 8539 struct cfg80211_registered_device *rdev, 8540 struct wireless_dev *wdev, 8541 u64 cookie, struct ieee80211_channel *chan, gfp_t gfp) 8542 { 8543 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 8544 rdev, wdev, cookie, chan, 0, gfp); 8545 } 8546 8547 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 8548 struct net_device *dev, const u8 *mac_addr, 8549 struct station_info *sinfo, gfp_t gfp) 8550 { 8551 struct sk_buff *msg; 8552 8553 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8554 if (!msg) 8555 return; 8556 8557 if (nl80211_send_station(msg, 0, 0, 0, 8558 rdev, dev, mac_addr, sinfo) < 0) { 8559 nlmsg_free(msg); 8560 return; 8561 } 8562 8563 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8564 nl80211_mlme_mcgrp.id, gfp); 8565 } 8566 8567 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev, 8568 struct net_device *dev, const u8 *mac_addr, 8569 gfp_t gfp) 8570 { 8571 struct sk_buff *msg; 8572 void *hdr; 8573 8574 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8575 if (!msg) 8576 return; 8577 8578 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION); 8579 if (!hdr) { 8580 nlmsg_free(msg); 8581 return; 8582 } 8583 8584 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8585 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 8586 goto nla_put_failure; 8587 8588 genlmsg_end(msg, hdr); 8589 8590 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8591 nl80211_mlme_mcgrp.id, gfp); 8592 return; 8593 8594 nla_put_failure: 8595 genlmsg_cancel(msg, hdr); 8596 nlmsg_free(msg); 8597 } 8598 8599 void nl80211_send_conn_failed_event(struct cfg80211_registered_device *rdev, 8600 struct net_device *dev, const u8 *mac_addr, 8601 enum nl80211_connect_failed_reason reason, 8602 gfp_t gfp) 8603 { 8604 struct sk_buff *msg; 8605 void *hdr; 8606 8607 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 8608 if (!msg) 8609 return; 8610 8611 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED); 8612 if (!hdr) { 8613 nlmsg_free(msg); 8614 return; 8615 } 8616 8617 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8618 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 8619 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason)) 8620 goto nla_put_failure; 8621 8622 genlmsg_end(msg, hdr); 8623 8624 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8625 nl80211_mlme_mcgrp.id, gfp); 8626 return; 8627 8628 nla_put_failure: 8629 genlmsg_cancel(msg, hdr); 8630 nlmsg_free(msg); 8631 } 8632 8633 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 8634 const u8 *addr, gfp_t gfp) 8635 { 8636 struct wireless_dev *wdev = dev->ieee80211_ptr; 8637 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 8638 struct sk_buff *msg; 8639 void *hdr; 8640 int err; 8641 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid); 8642 8643 if (!nlportid) 8644 return false; 8645 8646 msg = nlmsg_new(100, gfp); 8647 if (!msg) 8648 return true; 8649 8650 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 8651 if (!hdr) { 8652 nlmsg_free(msg); 8653 return true; 8654 } 8655 8656 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8657 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8658 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 8659 goto nla_put_failure; 8660 8661 err = genlmsg_end(msg, hdr); 8662 if (err < 0) { 8663 nlmsg_free(msg); 8664 return true; 8665 } 8666 8667 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 8668 return true; 8669 8670 nla_put_failure: 8671 genlmsg_cancel(msg, hdr); 8672 nlmsg_free(msg); 8673 return true; 8674 } 8675 8676 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp) 8677 { 8678 return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 8679 addr, gfp); 8680 } 8681 8682 bool nl80211_unexpected_4addr_frame(struct net_device *dev, 8683 const u8 *addr, gfp_t gfp) 8684 { 8685 return __nl80211_unexpected_frame(dev, 8686 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 8687 addr, gfp); 8688 } 8689 8690 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 8691 struct wireless_dev *wdev, u32 nlportid, 8692 int freq, int sig_dbm, 8693 const u8 *buf, size_t len, gfp_t gfp) 8694 { 8695 struct net_device *netdev = wdev->netdev; 8696 struct sk_buff *msg; 8697 void *hdr; 8698 8699 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8700 if (!msg) 8701 return -ENOMEM; 8702 8703 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 8704 if (!hdr) { 8705 nlmsg_free(msg); 8706 return -ENOMEM; 8707 } 8708 8709 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8710 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 8711 netdev->ifindex)) || 8712 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 8713 (sig_dbm && 8714 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 8715 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 8716 goto nla_put_failure; 8717 8718 genlmsg_end(msg, hdr); 8719 8720 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 8721 8722 nla_put_failure: 8723 genlmsg_cancel(msg, hdr); 8724 nlmsg_free(msg); 8725 return -ENOBUFS; 8726 } 8727 8728 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev, 8729 struct wireless_dev *wdev, u64 cookie, 8730 const u8 *buf, size_t len, bool ack, 8731 gfp_t gfp) 8732 { 8733 struct net_device *netdev = wdev->netdev; 8734 struct sk_buff *msg; 8735 void *hdr; 8736 8737 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8738 if (!msg) 8739 return; 8740 8741 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS); 8742 if (!hdr) { 8743 nlmsg_free(msg); 8744 return; 8745 } 8746 8747 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8748 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 8749 netdev->ifindex)) || 8750 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 8751 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 8752 (ack && nla_put_flag(msg, NL80211_ATTR_ACK))) 8753 goto nla_put_failure; 8754 8755 genlmsg_end(msg, hdr); 8756 8757 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 8758 return; 8759 8760 nla_put_failure: 8761 genlmsg_cancel(msg, hdr); 8762 nlmsg_free(msg); 8763 } 8764 8765 void 8766 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, 8767 struct net_device *netdev, 8768 enum nl80211_cqm_rssi_threshold_event rssi_event, 8769 gfp_t gfp) 8770 { 8771 struct sk_buff *msg; 8772 struct nlattr *pinfoattr; 8773 void *hdr; 8774 8775 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8776 if (!msg) 8777 return; 8778 8779 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 8780 if (!hdr) { 8781 nlmsg_free(msg); 8782 return; 8783 } 8784 8785 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8786 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 8787 goto nla_put_failure; 8788 8789 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 8790 if (!pinfoattr) 8791 goto nla_put_failure; 8792 8793 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 8794 rssi_event)) 8795 goto nla_put_failure; 8796 8797 nla_nest_end(msg, pinfoattr); 8798 8799 genlmsg_end(msg, hdr); 8800 8801 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8802 nl80211_mlme_mcgrp.id, gfp); 8803 return; 8804 8805 nla_put_failure: 8806 genlmsg_cancel(msg, hdr); 8807 nlmsg_free(msg); 8808 } 8809 8810 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 8811 struct net_device *netdev, const u8 *bssid, 8812 const u8 *replay_ctr, gfp_t gfp) 8813 { 8814 struct sk_buff *msg; 8815 struct nlattr *rekey_attr; 8816 void *hdr; 8817 8818 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8819 if (!msg) 8820 return; 8821 8822 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 8823 if (!hdr) { 8824 nlmsg_free(msg); 8825 return; 8826 } 8827 8828 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8829 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8830 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 8831 goto nla_put_failure; 8832 8833 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 8834 if (!rekey_attr) 8835 goto nla_put_failure; 8836 8837 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, 8838 NL80211_REPLAY_CTR_LEN, replay_ctr)) 8839 goto nla_put_failure; 8840 8841 nla_nest_end(msg, rekey_attr); 8842 8843 genlmsg_end(msg, hdr); 8844 8845 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8846 nl80211_mlme_mcgrp.id, gfp); 8847 return; 8848 8849 nla_put_failure: 8850 genlmsg_cancel(msg, hdr); 8851 nlmsg_free(msg); 8852 } 8853 8854 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 8855 struct net_device *netdev, int index, 8856 const u8 *bssid, bool preauth, gfp_t gfp) 8857 { 8858 struct sk_buff *msg; 8859 struct nlattr *attr; 8860 void *hdr; 8861 8862 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8863 if (!msg) 8864 return; 8865 8866 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 8867 if (!hdr) { 8868 nlmsg_free(msg); 8869 return; 8870 } 8871 8872 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8873 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 8874 goto nla_put_failure; 8875 8876 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE); 8877 if (!attr) 8878 goto nla_put_failure; 8879 8880 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) || 8881 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) || 8882 (preauth && 8883 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH))) 8884 goto nla_put_failure; 8885 8886 nla_nest_end(msg, attr); 8887 8888 genlmsg_end(msg, hdr); 8889 8890 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8891 nl80211_mlme_mcgrp.id, gfp); 8892 return; 8893 8894 nla_put_failure: 8895 genlmsg_cancel(msg, hdr); 8896 nlmsg_free(msg); 8897 } 8898 8899 void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev, 8900 struct net_device *netdev, 8901 struct cfg80211_chan_def *chandef, gfp_t gfp) 8902 { 8903 struct sk_buff *msg; 8904 void *hdr; 8905 8906 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8907 if (!msg) 8908 return; 8909 8910 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY); 8911 if (!hdr) { 8912 nlmsg_free(msg); 8913 return; 8914 } 8915 8916 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 8917 goto nla_put_failure; 8918 8919 if (nl80211_send_chandef(msg, chandef)) 8920 goto nla_put_failure; 8921 8922 genlmsg_end(msg, hdr); 8923 8924 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8925 nl80211_mlme_mcgrp.id, gfp); 8926 return; 8927 8928 nla_put_failure: 8929 genlmsg_cancel(msg, hdr); 8930 nlmsg_free(msg); 8931 } 8932 8933 void 8934 nl80211_send_cqm_txe_notify(struct cfg80211_registered_device *rdev, 8935 struct net_device *netdev, const u8 *peer, 8936 u32 num_packets, u32 rate, u32 intvl, gfp_t gfp) 8937 { 8938 struct sk_buff *msg; 8939 struct nlattr *pinfoattr; 8940 void *hdr; 8941 8942 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 8943 if (!msg) 8944 return; 8945 8946 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 8947 if (!hdr) { 8948 nlmsg_free(msg); 8949 return; 8950 } 8951 8952 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8953 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8954 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 8955 goto nla_put_failure; 8956 8957 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 8958 if (!pinfoattr) 8959 goto nla_put_failure; 8960 8961 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets)) 8962 goto nla_put_failure; 8963 8964 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate)) 8965 goto nla_put_failure; 8966 8967 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl)) 8968 goto nla_put_failure; 8969 8970 nla_nest_end(msg, pinfoattr); 8971 8972 genlmsg_end(msg, hdr); 8973 8974 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8975 nl80211_mlme_mcgrp.id, gfp); 8976 return; 8977 8978 nla_put_failure: 8979 genlmsg_cancel(msg, hdr); 8980 nlmsg_free(msg); 8981 } 8982 8983 void 8984 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev, 8985 struct net_device *netdev, const u8 *peer, 8986 u32 num_packets, gfp_t gfp) 8987 { 8988 struct sk_buff *msg; 8989 struct nlattr *pinfoattr; 8990 void *hdr; 8991 8992 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8993 if (!msg) 8994 return; 8995 8996 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 8997 if (!hdr) { 8998 nlmsg_free(msg); 8999 return; 9000 } 9001 9002 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9003 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9004 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 9005 goto nla_put_failure; 9006 9007 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 9008 if (!pinfoattr) 9009 goto nla_put_failure; 9010 9011 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets)) 9012 goto nla_put_failure; 9013 9014 nla_nest_end(msg, pinfoattr); 9015 9016 genlmsg_end(msg, hdr); 9017 9018 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9019 nl80211_mlme_mcgrp.id, gfp); 9020 return; 9021 9022 nla_put_failure: 9023 genlmsg_cancel(msg, hdr); 9024 nlmsg_free(msg); 9025 } 9026 9027 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 9028 u64 cookie, bool acked, gfp_t gfp) 9029 { 9030 struct wireless_dev *wdev = dev->ieee80211_ptr; 9031 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 9032 struct sk_buff *msg; 9033 void *hdr; 9034 int err; 9035 9036 trace_cfg80211_probe_status(dev, addr, cookie, acked); 9037 9038 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9039 9040 if (!msg) 9041 return; 9042 9043 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 9044 if (!hdr) { 9045 nlmsg_free(msg); 9046 return; 9047 } 9048 9049 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9050 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9051 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 9052 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 9053 (acked && nla_put_flag(msg, NL80211_ATTR_ACK))) 9054 goto nla_put_failure; 9055 9056 err = genlmsg_end(msg, hdr); 9057 if (err < 0) { 9058 nlmsg_free(msg); 9059 return; 9060 } 9061 9062 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9063 nl80211_mlme_mcgrp.id, gfp); 9064 return; 9065 9066 nla_put_failure: 9067 genlmsg_cancel(msg, hdr); 9068 nlmsg_free(msg); 9069 } 9070 EXPORT_SYMBOL(cfg80211_probe_status); 9071 9072 void cfg80211_report_obss_beacon(struct wiphy *wiphy, 9073 const u8 *frame, size_t len, 9074 int freq, int sig_dbm) 9075 { 9076 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 9077 struct sk_buff *msg; 9078 void *hdr; 9079 struct cfg80211_beacon_registration *reg; 9080 9081 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm); 9082 9083 spin_lock_bh(&rdev->beacon_registrations_lock); 9084 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 9085 msg = nlmsg_new(len + 100, GFP_ATOMIC); 9086 if (!msg) { 9087 spin_unlock_bh(&rdev->beacon_registrations_lock); 9088 return; 9089 } 9090 9091 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 9092 if (!hdr) 9093 goto nla_put_failure; 9094 9095 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9096 (freq && 9097 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) || 9098 (sig_dbm && 9099 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 9100 nla_put(msg, NL80211_ATTR_FRAME, len, frame)) 9101 goto nla_put_failure; 9102 9103 genlmsg_end(msg, hdr); 9104 9105 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid); 9106 } 9107 spin_unlock_bh(&rdev->beacon_registrations_lock); 9108 return; 9109 9110 nla_put_failure: 9111 spin_unlock_bh(&rdev->beacon_registrations_lock); 9112 if (hdr) 9113 genlmsg_cancel(msg, hdr); 9114 nlmsg_free(msg); 9115 } 9116 EXPORT_SYMBOL(cfg80211_report_obss_beacon); 9117 9118 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer, 9119 enum nl80211_tdls_operation oper, 9120 u16 reason_code, gfp_t gfp) 9121 { 9122 struct wireless_dev *wdev = dev->ieee80211_ptr; 9123 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 9124 struct sk_buff *msg; 9125 void *hdr; 9126 int err; 9127 9128 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper, 9129 reason_code); 9130 9131 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9132 if (!msg) 9133 return; 9134 9135 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER); 9136 if (!hdr) { 9137 nlmsg_free(msg); 9138 return; 9139 } 9140 9141 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9142 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9143 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) || 9144 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) || 9145 (reason_code > 0 && 9146 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code))) 9147 goto nla_put_failure; 9148 9149 err = genlmsg_end(msg, hdr); 9150 if (err < 0) { 9151 nlmsg_free(msg); 9152 return; 9153 } 9154 9155 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9156 nl80211_mlme_mcgrp.id, gfp); 9157 return; 9158 9159 nla_put_failure: 9160 genlmsg_cancel(msg, hdr); 9161 nlmsg_free(msg); 9162 } 9163 EXPORT_SYMBOL(cfg80211_tdls_oper_request); 9164 9165 static int nl80211_netlink_notify(struct notifier_block * nb, 9166 unsigned long state, 9167 void *_notify) 9168 { 9169 struct netlink_notify *notify = _notify; 9170 struct cfg80211_registered_device *rdev; 9171 struct wireless_dev *wdev; 9172 struct cfg80211_beacon_registration *reg, *tmp; 9173 9174 if (state != NETLINK_URELEASE) 9175 return NOTIFY_DONE; 9176 9177 rcu_read_lock(); 9178 9179 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 9180 list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) 9181 cfg80211_mlme_unregister_socket(wdev, notify->portid); 9182 9183 spin_lock_bh(&rdev->beacon_registrations_lock); 9184 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations, 9185 list) { 9186 if (reg->nlportid == notify->portid) { 9187 list_del(®->list); 9188 kfree(reg); 9189 break; 9190 } 9191 } 9192 spin_unlock_bh(&rdev->beacon_registrations_lock); 9193 } 9194 9195 rcu_read_unlock(); 9196 9197 return NOTIFY_DONE; 9198 } 9199 9200 static struct notifier_block nl80211_netlink_notifier = { 9201 .notifier_call = nl80211_netlink_notify, 9202 }; 9203 9204 /* initialisation/exit functions */ 9205 9206 int nl80211_init(void) 9207 { 9208 int err; 9209 9210 err = genl_register_family_with_ops(&nl80211_fam, 9211 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 9212 if (err) 9213 return err; 9214 9215 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 9216 if (err) 9217 goto err_out; 9218 9219 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 9220 if (err) 9221 goto err_out; 9222 9223 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 9224 if (err) 9225 goto err_out; 9226 9227 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 9228 if (err) 9229 goto err_out; 9230 9231 #ifdef CONFIG_NL80211_TESTMODE 9232 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 9233 if (err) 9234 goto err_out; 9235 #endif 9236 9237 err = netlink_register_notifier(&nl80211_netlink_notifier); 9238 if (err) 9239 goto err_out; 9240 9241 return 0; 9242 err_out: 9243 genl_unregister_family(&nl80211_fam); 9244 return err; 9245 } 9246 9247 void nl80211_exit(void) 9248 { 9249 netlink_unregister_notifier(&nl80211_netlink_notifier); 9250 genl_unregister_family(&nl80211_fam); 9251 } 9252