1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * This is the new netlink-based wireless configuration interface. 4 * 5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 6 * Copyright 2013-2014 Intel Mobile Communications GmbH 7 * Copyright 2015-2017 Intel Deutschland GmbH 8 * Copyright (C) 2018-2023 Intel Corporation 9 */ 10 11 #include <linux/if.h> 12 #include <linux/module.h> 13 #include <linux/err.h> 14 #include <linux/slab.h> 15 #include <linux/list.h> 16 #include <linux/if_ether.h> 17 #include <linux/ieee80211.h> 18 #include <linux/nl80211.h> 19 #include <linux/rtnetlink.h> 20 #include <linux/netlink.h> 21 #include <linux/nospec.h> 22 #include <linux/etherdevice.h> 23 #include <linux/if_vlan.h> 24 #include <net/net_namespace.h> 25 #include <net/genetlink.h> 26 #include <net/cfg80211.h> 27 #include <net/sock.h> 28 #include <net/inet_connection_sock.h> 29 #include "core.h" 30 #include "nl80211.h" 31 #include "reg.h" 32 #include "rdev-ops.h" 33 34 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 35 struct genl_info *info, 36 struct cfg80211_crypto_settings *settings, 37 int cipher_limit); 38 39 /* the netlink family */ 40 static struct genl_family nl80211_fam; 41 42 /* multicast groups */ 43 enum nl80211_multicast_groups { 44 NL80211_MCGRP_CONFIG, 45 NL80211_MCGRP_SCAN, 46 NL80211_MCGRP_REGULATORY, 47 NL80211_MCGRP_MLME, 48 NL80211_MCGRP_VENDOR, 49 NL80211_MCGRP_NAN, 50 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */ 51 }; 52 53 static const struct genl_multicast_group nl80211_mcgrps[] = { 54 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG }, 55 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN }, 56 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG }, 57 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME }, 58 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR }, 59 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN }, 60 #ifdef CONFIG_NL80211_TESTMODE 61 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE } 62 #endif 63 }; 64 65 /* returns ERR_PTR values */ 66 static struct wireless_dev * 67 __cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev, 68 struct net *netns, struct nlattr **attrs) 69 { 70 struct wireless_dev *result = NULL; 71 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX]; 72 bool have_wdev_id = attrs[NL80211_ATTR_WDEV]; 73 u64 wdev_id = 0; 74 int wiphy_idx = -1; 75 int ifidx = -1; 76 77 if (!have_ifidx && !have_wdev_id) 78 return ERR_PTR(-EINVAL); 79 80 if (have_ifidx) 81 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 82 if (have_wdev_id) { 83 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 84 wiphy_idx = wdev_id >> 32; 85 } 86 87 if (rdev) { 88 struct wireless_dev *wdev; 89 90 lockdep_assert_held(&rdev->wiphy.mtx); 91 92 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 93 if (have_ifidx && wdev->netdev && 94 wdev->netdev->ifindex == ifidx) { 95 result = wdev; 96 break; 97 } 98 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 99 result = wdev; 100 break; 101 } 102 } 103 104 return result ?: ERR_PTR(-ENODEV); 105 } 106 107 ASSERT_RTNL(); 108 109 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 110 struct wireless_dev *wdev; 111 112 if (wiphy_net(&rdev->wiphy) != netns) 113 continue; 114 115 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx) 116 continue; 117 118 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 119 if (have_ifidx && wdev->netdev && 120 wdev->netdev->ifindex == ifidx) { 121 result = wdev; 122 break; 123 } 124 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 125 result = wdev; 126 break; 127 } 128 } 129 130 if (result) 131 break; 132 } 133 134 if (result) 135 return result; 136 return ERR_PTR(-ENODEV); 137 } 138 139 static struct cfg80211_registered_device * 140 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs) 141 { 142 struct cfg80211_registered_device *rdev = NULL, *tmp; 143 struct net_device *netdev; 144 145 ASSERT_RTNL(); 146 147 if (!attrs[NL80211_ATTR_WIPHY] && 148 !attrs[NL80211_ATTR_IFINDEX] && 149 !attrs[NL80211_ATTR_WDEV]) 150 return ERR_PTR(-EINVAL); 151 152 if (attrs[NL80211_ATTR_WIPHY]) 153 rdev = cfg80211_rdev_by_wiphy_idx( 154 nla_get_u32(attrs[NL80211_ATTR_WIPHY])); 155 156 if (attrs[NL80211_ATTR_WDEV]) { 157 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 158 struct wireless_dev *wdev; 159 bool found = false; 160 161 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32); 162 if (tmp) { 163 /* make sure wdev exists */ 164 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) { 165 if (wdev->identifier != (u32)wdev_id) 166 continue; 167 found = true; 168 break; 169 } 170 171 if (!found) 172 tmp = NULL; 173 174 if (rdev && tmp != rdev) 175 return ERR_PTR(-EINVAL); 176 rdev = tmp; 177 } 178 } 179 180 if (attrs[NL80211_ATTR_IFINDEX]) { 181 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 182 183 netdev = __dev_get_by_index(netns, ifindex); 184 if (netdev) { 185 if (netdev->ieee80211_ptr) 186 tmp = wiphy_to_rdev( 187 netdev->ieee80211_ptr->wiphy); 188 else 189 tmp = NULL; 190 191 /* not wireless device -- return error */ 192 if (!tmp) 193 return ERR_PTR(-EINVAL); 194 195 /* mismatch -- return error */ 196 if (rdev && tmp != rdev) 197 return ERR_PTR(-EINVAL); 198 199 rdev = tmp; 200 } 201 } 202 203 if (!rdev) 204 return ERR_PTR(-ENODEV); 205 206 if (netns != wiphy_net(&rdev->wiphy)) 207 return ERR_PTR(-ENODEV); 208 209 return rdev; 210 } 211 212 /* 213 * This function returns a pointer to the driver 214 * that the genl_info item that is passed refers to. 215 * 216 * The result of this can be a PTR_ERR and hence must 217 * be checked with IS_ERR() for errors. 218 */ 219 static struct cfg80211_registered_device * 220 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info) 221 { 222 return __cfg80211_rdev_from_attrs(netns, info->attrs); 223 } 224 225 static int validate_beacon_head(const struct nlattr *attr, 226 struct netlink_ext_ack *extack) 227 { 228 const u8 *data = nla_data(attr); 229 unsigned int len = nla_len(attr); 230 const struct element *elem; 231 const struct ieee80211_mgmt *mgmt = (void *)data; 232 unsigned int fixedlen, hdrlen; 233 bool s1g_bcn; 234 235 if (len < offsetofend(typeof(*mgmt), frame_control)) 236 goto err; 237 238 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control); 239 if (s1g_bcn) { 240 fixedlen = offsetof(struct ieee80211_ext, 241 u.s1g_beacon.variable); 242 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon); 243 } else { 244 fixedlen = offsetof(struct ieee80211_mgmt, 245 u.beacon.variable); 246 hdrlen = offsetof(struct ieee80211_mgmt, u.beacon); 247 } 248 249 if (len < fixedlen) 250 goto err; 251 252 if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen) 253 goto err; 254 255 data += fixedlen; 256 len -= fixedlen; 257 258 for_each_element(elem, data, len) { 259 /* nothing */ 260 } 261 262 if (for_each_element_completed(elem, data, len)) 263 return 0; 264 265 err: 266 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head"); 267 return -EINVAL; 268 } 269 270 static int validate_ie_attr(const struct nlattr *attr, 271 struct netlink_ext_ack *extack) 272 { 273 const u8 *data = nla_data(attr); 274 unsigned int len = nla_len(attr); 275 const struct element *elem; 276 277 for_each_element(elem, data, len) { 278 /* nothing */ 279 } 280 281 if (for_each_element_completed(elem, data, len)) 282 return 0; 283 284 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements"); 285 return -EINVAL; 286 } 287 288 static int validate_he_capa(const struct nlattr *attr, 289 struct netlink_ext_ack *extack) 290 { 291 if (!ieee80211_he_capa_size_ok(nla_data(attr), nla_len(attr))) 292 return -EINVAL; 293 294 return 0; 295 } 296 297 /* policy for the attributes */ 298 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR]; 299 300 static const struct nla_policy 301 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = { 302 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, }, 303 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY, 304 .len = U8_MAX }, 305 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY, 306 .len = U8_MAX }, 307 }; 308 309 static const struct nla_policy 310 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = { 311 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG }, 312 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 }, 313 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] = 314 NLA_POLICY_MAX(NLA_U8, 15), 315 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 }, 316 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] = 317 NLA_POLICY_MAX(NLA_U8, 15), 318 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] = 319 NLA_POLICY_MAX(NLA_U8, 31), 320 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 }, 321 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG }, 322 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG }, 323 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG }, 324 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG }, 325 [NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG }, 326 [NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR] = { .type = NLA_U8 }, 327 }; 328 329 static const struct nla_policy 330 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = { 331 [NL80211_PMSR_TYPE_FTM] = 332 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy), 333 }; 334 335 static const struct nla_policy 336 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = { 337 [NL80211_PMSR_REQ_ATTR_DATA] = 338 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy), 339 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG }, 340 }; 341 342 static const struct nla_policy 343 nl80211_pmsr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = { 344 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR, 345 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy), 346 [NL80211_PMSR_PEER_ATTR_REQ] = 347 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy), 348 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT }, 349 }; 350 351 static const struct nla_policy 352 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = { 353 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT }, 354 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT }, 355 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT }, 356 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT }, 357 [NL80211_PMSR_ATTR_PEERS] = 358 NLA_POLICY_NESTED_ARRAY(nl80211_pmsr_peer_attr_policy), 359 }; 360 361 static const struct nla_policy 362 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = { 363 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] = 364 NLA_POLICY_RANGE(NLA_U8, 1, 20), 365 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] = 366 NLA_POLICY_RANGE(NLA_U8, 1, 20), 367 [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] = 368 NLA_POLICY_RANGE(NLA_U8, 1, 20), 369 [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] = 370 NLA_POLICY_EXACT_LEN(8), 371 [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] = 372 NLA_POLICY_EXACT_LEN(8), 373 [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 }, 374 }; 375 376 static const struct nla_policy 377 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = { 378 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63), 379 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG }, 380 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG }, 381 }; 382 383 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 384 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 385 .len = NL80211_MAX_SUPP_RATES }, 386 [NL80211_TXRATE_HT] = { .type = NLA_BINARY, 387 .len = NL80211_MAX_SUPP_HT_RATES }, 388 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)), 389 [NL80211_TXRATE_GI] = { .type = NLA_U8 }, 390 [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)), 391 [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8, 392 NL80211_RATE_INFO_HE_GI_0_8, 393 NL80211_RATE_INFO_HE_GI_3_2), 394 [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8, 395 NL80211_RATE_INFO_HE_1XLTF, 396 NL80211_RATE_INFO_HE_4XLTF), 397 }; 398 399 static const struct nla_policy 400 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = { 401 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 }, 402 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 }, 403 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG }, 404 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff), 405 [NL80211_TID_CONFIG_ATTR_NOACK] = 406 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE), 407 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1), 408 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1), 409 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] = 410 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE), 411 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] = 412 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE), 413 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] = 414 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE), 415 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] = 416 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED), 417 [NL80211_TID_CONFIG_ATTR_TX_RATE] = 418 NLA_POLICY_NESTED(nl80211_txattr_policy), 419 }; 420 421 static const struct nla_policy 422 nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = { 423 [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000), 424 [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000), 425 [NL80211_FILS_DISCOVERY_ATTR_TMPL] = 426 NLA_POLICY_RANGE(NLA_BINARY, 427 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN, 428 IEEE80211_MAX_DATA_LEN), 429 }; 430 431 static const struct nla_policy 432 nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = { 433 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20), 434 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY, 435 .len = IEEE80211_MAX_DATA_LEN } 436 }; 437 438 static const struct nla_policy 439 sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = { 440 [NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 }, 441 [NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 }, 442 }; 443 444 static const struct nla_policy 445 sar_policy[NL80211_SAR_ATTR_MAX + 1] = { 446 [NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE), 447 [NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy), 448 }; 449 450 static const struct nla_policy 451 nl80211_mbssid_config_policy[NL80211_MBSSID_CONFIG_ATTR_MAX + 1] = { 452 [NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES] = NLA_POLICY_MIN(NLA_U8, 2), 453 [NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY] = 454 NLA_POLICY_MIN(NLA_U8, 1), 455 [NL80211_MBSSID_CONFIG_ATTR_INDEX] = { .type = NLA_U8 }, 456 [NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX] = { .type = NLA_U32 }, 457 [NL80211_MBSSID_CONFIG_ATTR_EMA] = { .type = NLA_FLAG }, 458 }; 459 460 static const struct nla_policy 461 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = { 462 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 463 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 464 }; 465 466 static struct netlink_range_validation nl80211_punct_bitmap_range = { 467 .min = 0, 468 .max = 0xffff, 469 }; 470 471 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { 472 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD }, 473 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 474 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 475 .len = 20-1 }, 476 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 477 478 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 479 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 480 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8, 481 NL80211_EDMG_CHANNELS_MIN, 482 NL80211_EDMG_CHANNELS_MAX), 483 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8, 484 NL80211_EDMG_BW_CONFIG_MIN, 485 NL80211_EDMG_BW_CONFIG_MAX), 486 487 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 }, 488 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 }, 489 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999), 490 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 }, 491 492 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1), 493 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1), 494 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 495 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 496 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 497 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG }, 498 499 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX), 500 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 501 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 502 503 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 504 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 505 506 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 507 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 508 .len = WLAN_MAX_KEY_LEN }, 509 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7), 510 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 511 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 512 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 513 [NL80211_ATTR_KEY_TYPE] = 514 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES), 515 516 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 517 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 518 [NL80211_ATTR_BEACON_HEAD] = 519 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head, 520 IEEE80211_MAX_DATA_LEN), 521 [NL80211_ATTR_BEACON_TAIL] = 522 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr, 523 IEEE80211_MAX_DATA_LEN), 524 [NL80211_ATTR_STA_AID] = 525 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID), 526 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 527 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 528 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 529 .len = NL80211_MAX_SUPP_RATES }, 530 [NL80211_ATTR_STA_PLINK_ACTION] = 531 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1), 532 [NL80211_ATTR_STA_TX_POWER_SETTING] = 533 NLA_POLICY_RANGE(NLA_U8, 534 NL80211_TX_POWER_AUTOMATIC, 535 NL80211_TX_POWER_FIXED), 536 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 }, 537 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 538 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 539 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 540 .len = IEEE80211_MAX_MESH_ID_LEN }, 541 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT, 542 543 /* allow 3 for NUL-termination, we used to declare this NLA_STRING */ 544 [NL80211_ATTR_REG_ALPHA2] = NLA_POLICY_RANGE(NLA_BINARY, 2, 3), 545 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 546 547 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 548 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 549 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 550 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 551 .len = NL80211_MAX_SUPP_RATES }, 552 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 553 554 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 555 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 556 557 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN), 558 559 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 560 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY, 561 validate_ie_attr, 562 IEEE80211_MAX_DATA_LEN), 563 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 564 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 565 566 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 567 .len = IEEE80211_MAX_SSID_LEN }, 568 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 569 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 570 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 571 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 572 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32, 573 NL80211_MFP_NO, 574 NL80211_MFP_OPTIONAL), 575 [NL80211_ATTR_STA_FLAGS2] = 576 NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_sta_flag_update)), 577 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 578 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 579 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 580 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG }, 581 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 582 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 }, 583 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 584 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 585 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 586 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 587 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN), 588 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 589 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 590 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 591 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 592 .len = IEEE80211_MAX_DATA_LEN }, 593 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 594 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32, 595 NL80211_PS_DISABLED, 596 NL80211_PS_ENABLED), 597 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 598 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 599 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 600 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 601 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 602 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 603 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 604 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 605 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 606 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 607 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 608 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 609 [NL80211_ATTR_STA_PLINK_STATE] = 610 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1), 611 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 }, 612 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG }, 613 [NL80211_ATTR_MESH_PEER_AID] = 614 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID), 615 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 616 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 617 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 618 [NL80211_ATTR_HIDDEN_SSID] = 619 NLA_POLICY_RANGE(NLA_U32, 620 NL80211_HIDDEN_SSID_NOT_IN_USE, 621 NL80211_HIDDEN_SSID_ZERO_CONTENTS), 622 [NL80211_ATTR_IE_PROBE_RESP] = 623 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr, 624 IEEE80211_MAX_DATA_LEN), 625 [NL80211_ATTR_IE_ASSOC_RESP] = 626 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr, 627 IEEE80211_MAX_DATA_LEN), 628 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 629 [NL80211_ATTR_STA_WME] = NLA_POLICY_NESTED(nl80211_sta_wme_policy), 630 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 631 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 632 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 633 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 634 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 635 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 636 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 637 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG }, 638 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 639 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 640 .len = IEEE80211_MAX_DATA_LEN }, 641 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 642 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 643 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 644 .len = NL80211_HT_CAPABILITY_LEN 645 }, 646 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 647 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 648 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 649 [NL80211_ATTR_WDEV] = { .type = NLA_U64 }, 650 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 }, 651 652 /* need to include at least Auth Transaction and Status Code */ 653 [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4), 654 655 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN), 656 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 }, 657 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127), 658 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1), 659 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = 660 NLA_POLICY_RANGE(NLA_U32, 661 NL80211_MESH_POWER_UNKNOWN + 1, 662 NL80211_MESH_POWER_MAX), 663 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 }, 664 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED }, 665 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 }, 666 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, }, 667 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, }, 668 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG }, 669 [NL80211_ATTR_VHT_CAPABILITY_MASK] = { 670 .len = NL80211_VHT_CAPABILITY_LEN, 671 }, 672 [NL80211_ATTR_MDID] = { .type = NLA_U16 }, 673 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY, 674 .len = IEEE80211_MAX_DATA_LEN }, 675 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 }, 676 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = 677 NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION), 678 [NL80211_ATTR_PEER_AID] = 679 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID), 680 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 }, 681 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG }, 682 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED }, 683 [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY }, 684 [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY }, 685 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2), 686 /* 687 * The value of the Length field of the Supported Operating 688 * Classes element is between 2 and 253. 689 */ 690 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = 691 NLA_POLICY_RANGE(NLA_BINARY, 2, 253), 692 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG }, 693 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 }, 694 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 }, 695 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 }, 696 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY }, 697 [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY, 698 IEEE80211_QOS_MAP_LEN_MIN, 699 IEEE80211_QOS_MAP_LEN_MAX), 700 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 701 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 }, 702 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 }, 703 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG }, 704 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY }, 705 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG }, 706 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1), 707 [NL80211_ATTR_USER_PRIO] = 708 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1), 709 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 }, 710 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 }, 711 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 }, 712 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 713 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG }, 714 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 }, 715 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 }, 716 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG }, 717 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG }, 718 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED }, 719 [NL80211_ATTR_STA_SUPPORT_P2P_PS] = 720 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1), 721 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = { 722 .len = VHT_MUMIMO_GROUPS_DATA_LEN 723 }, 724 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 725 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1), 726 [NL80211_ATTR_BANDS] = { .type = NLA_U32 }, 727 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED }, 728 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY, 729 .len = FILS_MAX_KEK_LEN }, 730 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN), 731 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, }, 732 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 733 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 }, 734 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = { 735 .len = sizeof(struct nl80211_bss_select_rssi_adjust) 736 }, 737 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 }, 738 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY, 739 .len = FILS_ERP_MAX_USERNAME_LEN }, 740 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY, 741 .len = FILS_ERP_MAX_REALM_LEN }, 742 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 }, 743 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY, 744 .len = FILS_ERP_MAX_RRK_LEN }, 745 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2), 746 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN }, 747 [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN), 748 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG }, 749 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG }, 750 751 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 }, 752 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 }, 753 [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 }, 754 [NL80211_ATTR_HE_CAPABILITY] = 755 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_he_capa, 756 NL80211_HE_MAX_CAPABILITY_LEN), 757 [NL80211_ATTR_FTM_RESPONDER] = 758 NLA_POLICY_NESTED(nl80211_ftm_responder_policy), 759 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1), 760 [NL80211_ATTR_PEER_MEASUREMENTS] = 761 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy), 762 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1), 763 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY, 764 .len = SAE_PASSWORD_MAX_LEN }, 765 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG }, 766 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy), 767 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2), 768 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy), 769 [NL80211_ATTR_TID_CONFIG] = 770 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy), 771 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG }, 772 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1), 773 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100), 774 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG }, 775 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999), 776 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED }, 777 [NL80211_ATTR_HE_6GHZ_CAPABILITY] = 778 NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)), 779 [NL80211_ATTR_FILS_DISCOVERY] = 780 NLA_POLICY_NESTED(nl80211_fils_discovery_policy), 781 [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] = 782 NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy), 783 [NL80211_ATTR_S1G_CAPABILITY] = 784 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN), 785 [NL80211_ATTR_S1G_CAPABILITY_MASK] = 786 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN), 787 [NL80211_ATTR_SAE_PWE] = 788 NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK, 789 NL80211_SAE_PWE_BOTH), 790 [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT }, 791 [NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy), 792 [NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG }, 793 [NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 }, 794 [NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 }, 795 [NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 }, 796 [NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy), 797 [NL80211_ATTR_MBSSID_CONFIG] = 798 NLA_POLICY_NESTED(nl80211_mbssid_config_policy), 799 [NL80211_ATTR_MBSSID_ELEMS] = { .type = NLA_NESTED }, 800 [NL80211_ATTR_RADAR_BACKGROUND] = { .type = NLA_FLAG }, 801 [NL80211_ATTR_AP_SETTINGS_FLAGS] = { .type = NLA_U32 }, 802 [NL80211_ATTR_EHT_CAPABILITY] = 803 NLA_POLICY_RANGE(NLA_BINARY, 804 NL80211_EHT_MIN_CAPABILITY_LEN, 805 NL80211_EHT_MAX_CAPABILITY_LEN), 806 [NL80211_ATTR_DISABLE_EHT] = { .type = NLA_FLAG }, 807 [NL80211_ATTR_MLO_LINKS] = 808 NLA_POLICY_NESTED_ARRAY(nl80211_policy), 809 [NL80211_ATTR_MLO_LINK_ID] = 810 NLA_POLICY_RANGE(NLA_U8, 0, IEEE80211_MLD_MAX_NUM_LINKS), 811 [NL80211_ATTR_MLD_ADDR] = NLA_POLICY_EXACT_LEN(ETH_ALEN), 812 [NL80211_ATTR_MLO_SUPPORT] = { .type = NLA_FLAG }, 813 [NL80211_ATTR_MAX_NUM_AKM_SUITES] = { .type = NLA_REJECT }, 814 [NL80211_ATTR_PUNCT_BITMAP] = 815 NLA_POLICY_FULL_RANGE(NLA_U32, &nl80211_punct_bitmap_range), 816 817 [NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS] = { .type = NLA_U16 }, 818 [NL80211_ATTR_HW_TIMESTAMP_ENABLED] = { .type = NLA_FLAG }, 819 [NL80211_ATTR_EMA_RNR_ELEMS] = { .type = NLA_NESTED }, 820 [NL80211_ATTR_MLO_LINK_DISABLED] = { .type = NLA_FLAG }, 821 }; 822 823 /* policy for the key attributes */ 824 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 825 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 826 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 827 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 828 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 829 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 830 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 831 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1), 832 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 833 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX), 834 }; 835 836 /* policy for the key default flags */ 837 static const struct nla_policy 838 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 839 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 840 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 841 }; 842 843 #ifdef CONFIG_PM 844 /* policy for WoWLAN attributes */ 845 static const struct nla_policy 846 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 847 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 848 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 849 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 850 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 851 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 852 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 853 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 854 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 855 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED }, 856 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED }, 857 }; 858 859 static const struct nla_policy 860 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = { 861 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 }, 862 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 }, 863 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 864 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 }, 865 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 }, 866 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1), 867 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = { 868 .len = sizeof(struct nl80211_wowlan_tcp_data_seq) 869 }, 870 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = { 871 .len = sizeof(struct nl80211_wowlan_tcp_data_token) 872 }, 873 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 }, 874 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1), 875 [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1), 876 }; 877 #endif /* CONFIG_PM */ 878 879 /* policy for coalesce rule attributes */ 880 static const struct nla_policy 881 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = { 882 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 }, 883 [NL80211_ATTR_COALESCE_RULE_CONDITION] = 884 NLA_POLICY_RANGE(NLA_U32, 885 NL80211_COALESCE_CONDITION_MATCH, 886 NL80211_COALESCE_CONDITION_NO_MATCH), 887 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED }, 888 }; 889 890 /* policy for GTK rekey offload attributes */ 891 static const struct nla_policy 892 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 893 [NL80211_REKEY_DATA_KEK] = { 894 .type = NLA_BINARY, 895 .len = NL80211_KEK_EXT_LEN 896 }, 897 [NL80211_REKEY_DATA_KCK] = { 898 .type = NLA_BINARY, 899 .len = NL80211_KCK_EXT_LEN_32 900 }, 901 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN), 902 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 }, 903 }; 904 905 static const struct nla_policy 906 nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = { 907 [NL80211_BAND_2GHZ] = { .type = NLA_S32 }, 908 [NL80211_BAND_5GHZ] = { .type = NLA_S32 }, 909 [NL80211_BAND_6GHZ] = { .type = NLA_S32 }, 910 [NL80211_BAND_60GHZ] = { .type = NLA_S32 }, 911 [NL80211_BAND_LC] = { .type = NLA_S32 }, 912 }; 913 914 static const struct nla_policy 915 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 916 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY, 917 .len = IEEE80211_MAX_SSID_LEN }, 918 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 919 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 }, 920 [NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] = 921 NLA_POLICY_NESTED(nl80211_match_band_rssi_policy), 922 }; 923 924 static const struct nla_policy 925 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = { 926 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 }, 927 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 }, 928 }; 929 930 static const struct nla_policy 931 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = { 932 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG }, 933 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 }, 934 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = { 935 .len = sizeof(struct nl80211_bss_select_rssi_adjust) 936 }, 937 }; 938 939 /* policy for NAN function attributes */ 940 static const struct nla_policy 941 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = { 942 [NL80211_NAN_FUNC_TYPE] = 943 NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE), 944 [NL80211_NAN_FUNC_SERVICE_ID] = { 945 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN }, 946 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 }, 947 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG }, 948 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG }, 949 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 }, 950 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 }, 951 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 952 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG }, 953 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 }, 954 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY, 955 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN }, 956 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED }, 957 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED }, 958 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED }, 959 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 }, 960 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 }, 961 }; 962 963 /* policy for Service Response Filter attributes */ 964 static const struct nla_policy 965 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = { 966 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG }, 967 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY, 968 .len = NL80211_NAN_FUNC_SRF_MAX_LEN }, 969 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 }, 970 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED }, 971 }; 972 973 /* policy for packet pattern attributes */ 974 static const struct nla_policy 975 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = { 976 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, }, 977 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, }, 978 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 }, 979 }; 980 981 static int nl80211_prepare_wdev_dump(struct netlink_callback *cb, 982 struct cfg80211_registered_device **rdev, 983 struct wireless_dev **wdev, 984 struct nlattr **attrbuf) 985 { 986 int err; 987 988 if (!cb->args[0]) { 989 struct nlattr **attrbuf_free = NULL; 990 991 if (!attrbuf) { 992 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), 993 GFP_KERNEL); 994 if (!attrbuf) 995 return -ENOMEM; 996 attrbuf_free = attrbuf; 997 } 998 999 err = nlmsg_parse_deprecated(cb->nlh, 1000 GENL_HDRLEN + nl80211_fam.hdrsize, 1001 attrbuf, nl80211_fam.maxattr, 1002 nl80211_policy, NULL); 1003 if (err) { 1004 kfree(attrbuf_free); 1005 return err; 1006 } 1007 1008 rtnl_lock(); 1009 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk), 1010 attrbuf); 1011 kfree(attrbuf_free); 1012 if (IS_ERR(*wdev)) { 1013 rtnl_unlock(); 1014 return PTR_ERR(*wdev); 1015 } 1016 *rdev = wiphy_to_rdev((*wdev)->wiphy); 1017 mutex_lock(&(*rdev)->wiphy.mtx); 1018 rtnl_unlock(); 1019 /* 0 is the first index - add 1 to parse only once */ 1020 cb->args[0] = (*rdev)->wiphy_idx + 1; 1021 cb->args[1] = (*wdev)->identifier; 1022 } else { 1023 /* subtract the 1 again here */ 1024 struct wiphy *wiphy; 1025 struct wireless_dev *tmp; 1026 1027 rtnl_lock(); 1028 wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1); 1029 if (!wiphy) { 1030 rtnl_unlock(); 1031 return -ENODEV; 1032 } 1033 *rdev = wiphy_to_rdev(wiphy); 1034 *wdev = NULL; 1035 1036 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) { 1037 if (tmp->identifier == cb->args[1]) { 1038 *wdev = tmp; 1039 break; 1040 } 1041 } 1042 1043 if (!*wdev) { 1044 rtnl_unlock(); 1045 return -ENODEV; 1046 } 1047 mutex_lock(&(*rdev)->wiphy.mtx); 1048 rtnl_unlock(); 1049 } 1050 1051 return 0; 1052 } 1053 1054 /* message building helper */ 1055 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq, 1056 int flags, u8 cmd) 1057 { 1058 /* since there is no private header just add the generic one */ 1059 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd); 1060 } 1061 1062 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg, 1063 const struct ieee80211_reg_rule *rule) 1064 { 1065 int j; 1066 struct nlattr *nl_wmm_rules = 1067 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM); 1068 1069 if (!nl_wmm_rules) 1070 goto nla_put_failure; 1071 1072 for (j = 0; j < IEEE80211_NUM_ACS; j++) { 1073 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j); 1074 1075 if (!nl_wmm_rule) 1076 goto nla_put_failure; 1077 1078 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN, 1079 rule->wmm_rule.client[j].cw_min) || 1080 nla_put_u16(msg, NL80211_WMMR_CW_MAX, 1081 rule->wmm_rule.client[j].cw_max) || 1082 nla_put_u8(msg, NL80211_WMMR_AIFSN, 1083 rule->wmm_rule.client[j].aifsn) || 1084 nla_put_u16(msg, NL80211_WMMR_TXOP, 1085 rule->wmm_rule.client[j].cot)) 1086 goto nla_put_failure; 1087 1088 nla_nest_end(msg, nl_wmm_rule); 1089 } 1090 nla_nest_end(msg, nl_wmm_rules); 1091 1092 return 0; 1093 1094 nla_put_failure: 1095 return -ENOBUFS; 1096 } 1097 1098 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy, 1099 struct ieee80211_channel *chan, 1100 bool large) 1101 { 1102 /* Some channels must be completely excluded from the 1103 * list to protect old user-space tools from breaking 1104 */ 1105 if (!large && chan->flags & 1106 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ)) 1107 return 0; 1108 if (!large && chan->freq_offset) 1109 return 0; 1110 1111 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ, 1112 chan->center_freq)) 1113 goto nla_put_failure; 1114 1115 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset)) 1116 goto nla_put_failure; 1117 1118 if ((chan->flags & IEEE80211_CHAN_DISABLED) && 1119 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) 1120 goto nla_put_failure; 1121 if (chan->flags & IEEE80211_CHAN_NO_IR) { 1122 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR)) 1123 goto nla_put_failure; 1124 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS)) 1125 goto nla_put_failure; 1126 } 1127 if (chan->flags & IEEE80211_CHAN_RADAR) { 1128 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 1129 goto nla_put_failure; 1130 if (large) { 1131 u32 time; 1132 1133 time = elapsed_jiffies_msecs(chan->dfs_state_entered); 1134 1135 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE, 1136 chan->dfs_state)) 1137 goto nla_put_failure; 1138 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME, 1139 time)) 1140 goto nla_put_failure; 1141 if (nla_put_u32(msg, 1142 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME, 1143 chan->dfs_cac_ms)) 1144 goto nla_put_failure; 1145 } 1146 } 1147 1148 if (large) { 1149 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) && 1150 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS)) 1151 goto nla_put_failure; 1152 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) && 1153 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS)) 1154 goto nla_put_failure; 1155 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) && 1156 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ)) 1157 goto nla_put_failure; 1158 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) && 1159 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ)) 1160 goto nla_put_failure; 1161 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) && 1162 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY)) 1163 goto nla_put_failure; 1164 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) && 1165 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT)) 1166 goto nla_put_failure; 1167 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) && 1168 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ)) 1169 goto nla_put_failure; 1170 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) && 1171 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ)) 1172 goto nla_put_failure; 1173 if ((chan->flags & IEEE80211_CHAN_NO_HE) && 1174 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE)) 1175 goto nla_put_failure; 1176 if ((chan->flags & IEEE80211_CHAN_1MHZ) && 1177 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ)) 1178 goto nla_put_failure; 1179 if ((chan->flags & IEEE80211_CHAN_2MHZ) && 1180 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ)) 1181 goto nla_put_failure; 1182 if ((chan->flags & IEEE80211_CHAN_4MHZ) && 1183 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ)) 1184 goto nla_put_failure; 1185 if ((chan->flags & IEEE80211_CHAN_8MHZ) && 1186 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ)) 1187 goto nla_put_failure; 1188 if ((chan->flags & IEEE80211_CHAN_16MHZ) && 1189 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ)) 1190 goto nla_put_failure; 1191 if ((chan->flags & IEEE80211_CHAN_NO_320MHZ) && 1192 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_320MHZ)) 1193 goto nla_put_failure; 1194 if ((chan->flags & IEEE80211_CHAN_NO_EHT) && 1195 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_EHT)) 1196 goto nla_put_failure; 1197 } 1198 1199 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 1200 DBM_TO_MBM(chan->max_power))) 1201 goto nla_put_failure; 1202 1203 if (large) { 1204 const struct ieee80211_reg_rule *rule = 1205 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq)); 1206 1207 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) { 1208 if (nl80211_msg_put_wmm_rules(msg, rule)) 1209 goto nla_put_failure; 1210 } 1211 } 1212 1213 return 0; 1214 1215 nla_put_failure: 1216 return -ENOBUFS; 1217 } 1218 1219 static bool nl80211_put_txq_stats(struct sk_buff *msg, 1220 struct cfg80211_txq_stats *txqstats, 1221 int attrtype) 1222 { 1223 struct nlattr *txqattr; 1224 1225 #define PUT_TXQVAL_U32(attr, memb) do { \ 1226 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \ 1227 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \ 1228 return false; \ 1229 } while (0) 1230 1231 txqattr = nla_nest_start_noflag(msg, attrtype); 1232 if (!txqattr) 1233 return false; 1234 1235 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes); 1236 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets); 1237 PUT_TXQVAL_U32(FLOWS, flows); 1238 PUT_TXQVAL_U32(DROPS, drops); 1239 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks); 1240 PUT_TXQVAL_U32(OVERLIMIT, overlimit); 1241 PUT_TXQVAL_U32(OVERMEMORY, overmemory); 1242 PUT_TXQVAL_U32(COLLISIONS, collisions); 1243 PUT_TXQVAL_U32(TX_BYTES, tx_bytes); 1244 PUT_TXQVAL_U32(TX_PACKETS, tx_packets); 1245 PUT_TXQVAL_U32(MAX_FLOWS, max_flows); 1246 nla_nest_end(msg, txqattr); 1247 1248 #undef PUT_TXQVAL_U32 1249 return true; 1250 } 1251 1252 /* netlink command implementations */ 1253 1254 /** 1255 * nl80211_link_id - return link ID 1256 * @attrs: attributes to look at 1257 * 1258 * Returns: the link ID or 0 if not given 1259 * 1260 * Note this function doesn't do any validation of the link 1261 * ID validity wrt. links that were actually added, so it must 1262 * be called only from ops with %NL80211_FLAG_MLO_VALID_LINK_ID 1263 * or if additional validation is done. 1264 */ 1265 static unsigned int nl80211_link_id(struct nlattr **attrs) 1266 { 1267 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID]; 1268 1269 if (!linkid) 1270 return 0; 1271 1272 return nla_get_u8(linkid); 1273 } 1274 1275 static int nl80211_link_id_or_invalid(struct nlattr **attrs) 1276 { 1277 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID]; 1278 1279 if (!linkid) 1280 return -1; 1281 1282 return nla_get_u8(linkid); 1283 } 1284 1285 struct key_parse { 1286 struct key_params p; 1287 int idx; 1288 int type; 1289 bool def, defmgmt, defbeacon; 1290 bool def_uni, def_multi; 1291 }; 1292 1293 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key, 1294 struct key_parse *k) 1295 { 1296 struct nlattr *tb[NL80211_KEY_MAX + 1]; 1297 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key, 1298 nl80211_key_policy, 1299 info->extack); 1300 if (err) 1301 return err; 1302 1303 k->def = !!tb[NL80211_KEY_DEFAULT]; 1304 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 1305 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON]; 1306 1307 if (k->def) { 1308 k->def_uni = true; 1309 k->def_multi = true; 1310 } 1311 if (k->defmgmt || k->defbeacon) 1312 k->def_multi = true; 1313 1314 if (tb[NL80211_KEY_IDX]) 1315 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 1316 1317 if (tb[NL80211_KEY_DATA]) { 1318 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 1319 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 1320 } 1321 1322 if (tb[NL80211_KEY_SEQ]) { 1323 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 1324 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 1325 } 1326 1327 if (tb[NL80211_KEY_CIPHER]) 1328 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 1329 1330 if (tb[NL80211_KEY_TYPE]) 1331 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 1332 1333 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 1334 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 1335 1336 err = nla_parse_nested_deprecated(kdt, 1337 NUM_NL80211_KEY_DEFAULT_TYPES - 1, 1338 tb[NL80211_KEY_DEFAULT_TYPES], 1339 nl80211_key_default_policy, 1340 info->extack); 1341 if (err) 1342 return err; 1343 1344 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 1345 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 1346 } 1347 1348 if (tb[NL80211_KEY_MODE]) 1349 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]); 1350 1351 return 0; 1352 } 1353 1354 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 1355 { 1356 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 1357 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 1358 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 1359 } 1360 1361 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 1362 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 1363 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 1364 } 1365 1366 if (info->attrs[NL80211_ATTR_KEY_IDX]) 1367 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 1368 1369 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 1370 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 1371 1372 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 1373 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 1374 1375 if (k->def) { 1376 k->def_uni = true; 1377 k->def_multi = true; 1378 } 1379 if (k->defmgmt) 1380 k->def_multi = true; 1381 1382 if (info->attrs[NL80211_ATTR_KEY_TYPE]) 1383 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 1384 1385 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 1386 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 1387 int err = nla_parse_nested_deprecated(kdt, 1388 NUM_NL80211_KEY_DEFAULT_TYPES - 1, 1389 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 1390 nl80211_key_default_policy, 1391 info->extack); 1392 if (err) 1393 return err; 1394 1395 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 1396 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 1397 } 1398 1399 return 0; 1400 } 1401 1402 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 1403 { 1404 int err; 1405 1406 memset(k, 0, sizeof(*k)); 1407 k->idx = -1; 1408 k->type = -1; 1409 1410 if (info->attrs[NL80211_ATTR_KEY]) 1411 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k); 1412 else 1413 err = nl80211_parse_key_old(info, k); 1414 1415 if (err) 1416 return err; 1417 1418 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) + 1419 (k->defbeacon ? 1 : 0) > 1) { 1420 GENL_SET_ERR_MSG(info, 1421 "key with multiple default flags is invalid"); 1422 return -EINVAL; 1423 } 1424 1425 if (k->defmgmt || k->defbeacon) { 1426 if (k->def_uni || !k->def_multi) { 1427 GENL_SET_ERR_MSG(info, 1428 "defmgmt/defbeacon key must be mcast"); 1429 return -EINVAL; 1430 } 1431 } 1432 1433 if (k->idx != -1) { 1434 if (k->defmgmt) { 1435 if (k->idx < 4 || k->idx > 5) { 1436 GENL_SET_ERR_MSG(info, 1437 "defmgmt key idx not 4 or 5"); 1438 return -EINVAL; 1439 } 1440 } else if (k->defbeacon) { 1441 if (k->idx < 6 || k->idx > 7) { 1442 GENL_SET_ERR_MSG(info, 1443 "defbeacon key idx not 6 or 7"); 1444 return -EINVAL; 1445 } 1446 } else if (k->def) { 1447 if (k->idx < 0 || k->idx > 3) { 1448 GENL_SET_ERR_MSG(info, "def key idx not 0-3"); 1449 return -EINVAL; 1450 } 1451 } else { 1452 if (k->idx < 0 || k->idx > 7) { 1453 GENL_SET_ERR_MSG(info, "key idx not 0-7"); 1454 return -EINVAL; 1455 } 1456 } 1457 } 1458 1459 return 0; 1460 } 1461 1462 static struct cfg80211_cached_keys * 1463 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 1464 struct genl_info *info, bool *no_ht) 1465 { 1466 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS]; 1467 struct key_parse parse; 1468 struct nlattr *key; 1469 struct cfg80211_cached_keys *result; 1470 int rem, err, def = 0; 1471 bool have_key = false; 1472 1473 nla_for_each_nested(key, keys, rem) { 1474 have_key = true; 1475 break; 1476 } 1477 1478 if (!have_key) 1479 return NULL; 1480 1481 result = kzalloc(sizeof(*result), GFP_KERNEL); 1482 if (!result) 1483 return ERR_PTR(-ENOMEM); 1484 1485 result->def = -1; 1486 1487 nla_for_each_nested(key, keys, rem) { 1488 memset(&parse, 0, sizeof(parse)); 1489 parse.idx = -1; 1490 1491 err = nl80211_parse_key_new(info, key, &parse); 1492 if (err) 1493 goto error; 1494 err = -EINVAL; 1495 if (!parse.p.key) 1496 goto error; 1497 if (parse.idx < 0 || parse.idx > 3) { 1498 GENL_SET_ERR_MSG(info, "key index out of range [0-3]"); 1499 goto error; 1500 } 1501 if (parse.def) { 1502 if (def) { 1503 GENL_SET_ERR_MSG(info, 1504 "only one key can be default"); 1505 goto error; 1506 } 1507 def = 1; 1508 result->def = parse.idx; 1509 if (!parse.def_uni || !parse.def_multi) 1510 goto error; 1511 } else if (parse.defmgmt) 1512 goto error; 1513 err = cfg80211_validate_key_settings(rdev, &parse.p, 1514 parse.idx, false, NULL); 1515 if (err) 1516 goto error; 1517 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 && 1518 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) { 1519 GENL_SET_ERR_MSG(info, "connect key must be WEP"); 1520 err = -EINVAL; 1521 goto error; 1522 } 1523 result->params[parse.idx].cipher = parse.p.cipher; 1524 result->params[parse.idx].key_len = parse.p.key_len; 1525 result->params[parse.idx].key = result->data[parse.idx]; 1526 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 1527 1528 /* must be WEP key if we got here */ 1529 if (no_ht) 1530 *no_ht = true; 1531 } 1532 1533 if (result->def < 0) { 1534 err = -EINVAL; 1535 GENL_SET_ERR_MSG(info, "need a default/TX key"); 1536 goto error; 1537 } 1538 1539 return result; 1540 error: 1541 kfree(result); 1542 return ERR_PTR(err); 1543 } 1544 1545 static int nl80211_key_allowed(struct wireless_dev *wdev) 1546 { 1547 ASSERT_WDEV_LOCK(wdev); 1548 1549 switch (wdev->iftype) { 1550 case NL80211_IFTYPE_AP: 1551 case NL80211_IFTYPE_AP_VLAN: 1552 case NL80211_IFTYPE_P2P_GO: 1553 case NL80211_IFTYPE_MESH_POINT: 1554 break; 1555 case NL80211_IFTYPE_ADHOC: 1556 if (wdev->u.ibss.current_bss) 1557 return 0; 1558 return -ENOLINK; 1559 case NL80211_IFTYPE_STATION: 1560 case NL80211_IFTYPE_P2P_CLIENT: 1561 if (wdev->connected) 1562 return 0; 1563 return -ENOLINK; 1564 case NL80211_IFTYPE_NAN: 1565 if (wiphy_ext_feature_isset(wdev->wiphy, 1566 NL80211_EXT_FEATURE_SECURE_NAN)) 1567 return 0; 1568 return -EINVAL; 1569 case NL80211_IFTYPE_UNSPECIFIED: 1570 case NL80211_IFTYPE_OCB: 1571 case NL80211_IFTYPE_MONITOR: 1572 case NL80211_IFTYPE_P2P_DEVICE: 1573 case NL80211_IFTYPE_WDS: 1574 case NUM_NL80211_IFTYPES: 1575 return -EINVAL; 1576 } 1577 1578 return 0; 1579 } 1580 1581 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy, 1582 u32 freq) 1583 { 1584 struct ieee80211_channel *chan; 1585 1586 chan = ieee80211_get_channel_khz(wiphy, freq); 1587 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) 1588 return NULL; 1589 return chan; 1590 } 1591 1592 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 1593 { 1594 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr); 1595 int i; 1596 1597 if (!nl_modes) 1598 goto nla_put_failure; 1599 1600 i = 0; 1601 while (ifmodes) { 1602 if ((ifmodes & 1) && nla_put_flag(msg, i)) 1603 goto nla_put_failure; 1604 ifmodes >>= 1; 1605 i++; 1606 } 1607 1608 nla_nest_end(msg, nl_modes); 1609 return 0; 1610 1611 nla_put_failure: 1612 return -ENOBUFS; 1613 } 1614 1615 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 1616 struct sk_buff *msg, 1617 bool large) 1618 { 1619 struct nlattr *nl_combis; 1620 int i, j; 1621 1622 nl_combis = nla_nest_start_noflag(msg, 1623 NL80211_ATTR_INTERFACE_COMBINATIONS); 1624 if (!nl_combis) 1625 goto nla_put_failure; 1626 1627 for (i = 0; i < wiphy->n_iface_combinations; i++) { 1628 const struct ieee80211_iface_combination *c; 1629 struct nlattr *nl_combi, *nl_limits; 1630 1631 c = &wiphy->iface_combinations[i]; 1632 1633 nl_combi = nla_nest_start_noflag(msg, i + 1); 1634 if (!nl_combi) 1635 goto nla_put_failure; 1636 1637 nl_limits = nla_nest_start_noflag(msg, 1638 NL80211_IFACE_COMB_LIMITS); 1639 if (!nl_limits) 1640 goto nla_put_failure; 1641 1642 for (j = 0; j < c->n_limits; j++) { 1643 struct nlattr *nl_limit; 1644 1645 nl_limit = nla_nest_start_noflag(msg, j + 1); 1646 if (!nl_limit) 1647 goto nla_put_failure; 1648 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, 1649 c->limits[j].max)) 1650 goto nla_put_failure; 1651 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 1652 c->limits[j].types)) 1653 goto nla_put_failure; 1654 nla_nest_end(msg, nl_limit); 1655 } 1656 1657 nla_nest_end(msg, nl_limits); 1658 1659 if (c->beacon_int_infra_match && 1660 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH)) 1661 goto nla_put_failure; 1662 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 1663 c->num_different_channels) || 1664 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM, 1665 c->max_interfaces)) 1666 goto nla_put_failure; 1667 if (large && 1668 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS, 1669 c->radar_detect_widths) || 1670 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS, 1671 c->radar_detect_regions))) 1672 goto nla_put_failure; 1673 if (c->beacon_int_min_gcd && 1674 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD, 1675 c->beacon_int_min_gcd)) 1676 goto nla_put_failure; 1677 1678 nla_nest_end(msg, nl_combi); 1679 } 1680 1681 nla_nest_end(msg, nl_combis); 1682 1683 return 0; 1684 nla_put_failure: 1685 return -ENOBUFS; 1686 } 1687 1688 #ifdef CONFIG_PM 1689 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev, 1690 struct sk_buff *msg) 1691 { 1692 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp; 1693 struct nlattr *nl_tcp; 1694 1695 if (!tcp) 1696 return 0; 1697 1698 nl_tcp = nla_nest_start_noflag(msg, 1699 NL80211_WOWLAN_TRIG_TCP_CONNECTION); 1700 if (!nl_tcp) 1701 return -ENOBUFS; 1702 1703 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 1704 tcp->data_payload_max)) 1705 return -ENOBUFS; 1706 1707 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 1708 tcp->data_payload_max)) 1709 return -ENOBUFS; 1710 1711 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ)) 1712 return -ENOBUFS; 1713 1714 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 1715 sizeof(*tcp->tok), tcp->tok)) 1716 return -ENOBUFS; 1717 1718 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 1719 tcp->data_interval_max)) 1720 return -ENOBUFS; 1721 1722 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 1723 tcp->wake_payload_max)) 1724 return -ENOBUFS; 1725 1726 nla_nest_end(msg, nl_tcp); 1727 return 0; 1728 } 1729 1730 static int nl80211_send_wowlan(struct sk_buff *msg, 1731 struct cfg80211_registered_device *rdev, 1732 bool large) 1733 { 1734 struct nlattr *nl_wowlan; 1735 1736 if (!rdev->wiphy.wowlan) 1737 return 0; 1738 1739 nl_wowlan = nla_nest_start_noflag(msg, 1740 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 1741 if (!nl_wowlan) 1742 return -ENOBUFS; 1743 1744 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) && 1745 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 1746 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) && 1747 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 1748 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) && 1749 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 1750 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) && 1751 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) || 1752 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) && 1753 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 1754 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) && 1755 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 1756 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) && 1757 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 1758 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) && 1759 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 1760 return -ENOBUFS; 1761 1762 if (rdev->wiphy.wowlan->n_patterns) { 1763 struct nl80211_pattern_support pat = { 1764 .max_patterns = rdev->wiphy.wowlan->n_patterns, 1765 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len, 1766 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len, 1767 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset, 1768 }; 1769 1770 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1771 sizeof(pat), &pat)) 1772 return -ENOBUFS; 1773 } 1774 1775 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) && 1776 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT, 1777 rdev->wiphy.wowlan->max_nd_match_sets)) 1778 return -ENOBUFS; 1779 1780 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg)) 1781 return -ENOBUFS; 1782 1783 nla_nest_end(msg, nl_wowlan); 1784 1785 return 0; 1786 } 1787 #endif 1788 1789 static int nl80211_send_coalesce(struct sk_buff *msg, 1790 struct cfg80211_registered_device *rdev) 1791 { 1792 struct nl80211_coalesce_rule_support rule; 1793 1794 if (!rdev->wiphy.coalesce) 1795 return 0; 1796 1797 rule.max_rules = rdev->wiphy.coalesce->n_rules; 1798 rule.max_delay = rdev->wiphy.coalesce->max_delay; 1799 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns; 1800 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len; 1801 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len; 1802 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset; 1803 1804 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule)) 1805 return -ENOBUFS; 1806 1807 return 0; 1808 } 1809 1810 static int 1811 nl80211_send_iftype_data(struct sk_buff *msg, 1812 const struct ieee80211_supported_band *sband, 1813 const struct ieee80211_sband_iftype_data *iftdata) 1814 { 1815 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap; 1816 const struct ieee80211_sta_eht_cap *eht_cap = &iftdata->eht_cap; 1817 1818 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES, 1819 iftdata->types_mask)) 1820 return -ENOBUFS; 1821 1822 if (he_cap->has_he) { 1823 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC, 1824 sizeof(he_cap->he_cap_elem.mac_cap_info), 1825 he_cap->he_cap_elem.mac_cap_info) || 1826 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY, 1827 sizeof(he_cap->he_cap_elem.phy_cap_info), 1828 he_cap->he_cap_elem.phy_cap_info) || 1829 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET, 1830 sizeof(he_cap->he_mcs_nss_supp), 1831 &he_cap->he_mcs_nss_supp) || 1832 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE, 1833 sizeof(he_cap->ppe_thres), he_cap->ppe_thres)) 1834 return -ENOBUFS; 1835 } 1836 1837 if (eht_cap->has_eht && he_cap->has_he) { 1838 u8 mcs_nss_size, ppe_thresh_size; 1839 u16 ppe_thres_hdr; 1840 bool is_ap; 1841 1842 is_ap = iftdata->types_mask & BIT(NL80211_IFTYPE_AP) || 1843 iftdata->types_mask & BIT(NL80211_IFTYPE_P2P_GO); 1844 1845 mcs_nss_size = 1846 ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem, 1847 &eht_cap->eht_cap_elem, 1848 is_ap); 1849 1850 ppe_thres_hdr = get_unaligned_le16(&eht_cap->eht_ppe_thres[0]); 1851 ppe_thresh_size = 1852 ieee80211_eht_ppe_size(ppe_thres_hdr, 1853 eht_cap->eht_cap_elem.phy_cap_info); 1854 1855 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC, 1856 sizeof(eht_cap->eht_cap_elem.mac_cap_info), 1857 eht_cap->eht_cap_elem.mac_cap_info) || 1858 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY, 1859 sizeof(eht_cap->eht_cap_elem.phy_cap_info), 1860 eht_cap->eht_cap_elem.phy_cap_info) || 1861 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET, 1862 mcs_nss_size, &eht_cap->eht_mcs_nss_supp) || 1863 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE, 1864 ppe_thresh_size, eht_cap->eht_ppe_thres)) 1865 return -ENOBUFS; 1866 } 1867 1868 if (sband->band == NL80211_BAND_6GHZ && 1869 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA, 1870 sizeof(iftdata->he_6ghz_capa), 1871 &iftdata->he_6ghz_capa)) 1872 return -ENOBUFS; 1873 1874 if (iftdata->vendor_elems.data && iftdata->vendor_elems.len && 1875 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS, 1876 iftdata->vendor_elems.len, iftdata->vendor_elems.data)) 1877 return -ENOBUFS; 1878 1879 return 0; 1880 } 1881 1882 static int nl80211_send_band_rateinfo(struct sk_buff *msg, 1883 struct ieee80211_supported_band *sband, 1884 bool large) 1885 { 1886 struct nlattr *nl_rates, *nl_rate; 1887 struct ieee80211_rate *rate; 1888 int i; 1889 1890 /* add HT info */ 1891 if (sband->ht_cap.ht_supported && 1892 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET, 1893 sizeof(sband->ht_cap.mcs), 1894 &sband->ht_cap.mcs) || 1895 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA, 1896 sband->ht_cap.cap) || 1897 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 1898 sband->ht_cap.ampdu_factor) || 1899 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 1900 sband->ht_cap.ampdu_density))) 1901 return -ENOBUFS; 1902 1903 /* add VHT info */ 1904 if (sband->vht_cap.vht_supported && 1905 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET, 1906 sizeof(sband->vht_cap.vht_mcs), 1907 &sband->vht_cap.vht_mcs) || 1908 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA, 1909 sband->vht_cap.cap))) 1910 return -ENOBUFS; 1911 1912 if (large && sband->n_iftype_data) { 1913 struct nlattr *nl_iftype_data = 1914 nla_nest_start_noflag(msg, 1915 NL80211_BAND_ATTR_IFTYPE_DATA); 1916 int err; 1917 1918 if (!nl_iftype_data) 1919 return -ENOBUFS; 1920 1921 for (i = 0; i < sband->n_iftype_data; i++) { 1922 struct nlattr *iftdata; 1923 1924 iftdata = nla_nest_start_noflag(msg, i + 1); 1925 if (!iftdata) 1926 return -ENOBUFS; 1927 1928 err = nl80211_send_iftype_data(msg, sband, 1929 &sband->iftype_data[i]); 1930 if (err) 1931 return err; 1932 1933 nla_nest_end(msg, iftdata); 1934 } 1935 1936 nla_nest_end(msg, nl_iftype_data); 1937 } 1938 1939 /* add EDMG info */ 1940 if (large && sband->edmg_cap.channels && 1941 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS, 1942 sband->edmg_cap.channels) || 1943 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG, 1944 sband->edmg_cap.bw_config))) 1945 1946 return -ENOBUFS; 1947 1948 /* add bitrates */ 1949 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES); 1950 if (!nl_rates) 1951 return -ENOBUFS; 1952 1953 for (i = 0; i < sband->n_bitrates; i++) { 1954 nl_rate = nla_nest_start_noflag(msg, i); 1955 if (!nl_rate) 1956 return -ENOBUFS; 1957 1958 rate = &sband->bitrates[i]; 1959 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE, 1960 rate->bitrate)) 1961 return -ENOBUFS; 1962 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) && 1963 nla_put_flag(msg, 1964 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE)) 1965 return -ENOBUFS; 1966 1967 nla_nest_end(msg, nl_rate); 1968 } 1969 1970 nla_nest_end(msg, nl_rates); 1971 1972 /* S1G capabilities */ 1973 if (sband->band == NL80211_BAND_S1GHZ && sband->s1g_cap.s1g && 1974 (nla_put(msg, NL80211_BAND_ATTR_S1G_CAPA, 1975 sizeof(sband->s1g_cap.cap), 1976 sband->s1g_cap.cap) || 1977 nla_put(msg, NL80211_BAND_ATTR_S1G_MCS_NSS_SET, 1978 sizeof(sband->s1g_cap.nss_mcs), 1979 sband->s1g_cap.nss_mcs))) 1980 return -ENOBUFS; 1981 1982 return 0; 1983 } 1984 1985 static int 1986 nl80211_send_mgmt_stypes(struct sk_buff *msg, 1987 const struct ieee80211_txrx_stypes *mgmt_stypes) 1988 { 1989 u16 stypes; 1990 struct nlattr *nl_ftypes, *nl_ifs; 1991 enum nl80211_iftype ift; 1992 int i; 1993 1994 if (!mgmt_stypes) 1995 return 0; 1996 1997 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES); 1998 if (!nl_ifs) 1999 return -ENOBUFS; 2000 2001 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 2002 nl_ftypes = nla_nest_start_noflag(msg, ift); 2003 if (!nl_ftypes) 2004 return -ENOBUFS; 2005 i = 0; 2006 stypes = mgmt_stypes[ift].tx; 2007 while (stypes) { 2008 if ((stypes & 1) && 2009 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 2010 (i << 4) | IEEE80211_FTYPE_MGMT)) 2011 return -ENOBUFS; 2012 stypes >>= 1; 2013 i++; 2014 } 2015 nla_nest_end(msg, nl_ftypes); 2016 } 2017 2018 nla_nest_end(msg, nl_ifs); 2019 2020 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES); 2021 if (!nl_ifs) 2022 return -ENOBUFS; 2023 2024 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 2025 nl_ftypes = nla_nest_start_noflag(msg, ift); 2026 if (!nl_ftypes) 2027 return -ENOBUFS; 2028 i = 0; 2029 stypes = mgmt_stypes[ift].rx; 2030 while (stypes) { 2031 if ((stypes & 1) && 2032 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 2033 (i << 4) | IEEE80211_FTYPE_MGMT)) 2034 return -ENOBUFS; 2035 stypes >>= 1; 2036 i++; 2037 } 2038 nla_nest_end(msg, nl_ftypes); 2039 } 2040 nla_nest_end(msg, nl_ifs); 2041 2042 return 0; 2043 } 2044 2045 #define CMD(op, n) \ 2046 do { \ 2047 if (rdev->ops->op) { \ 2048 i++; \ 2049 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \ 2050 goto nla_put_failure; \ 2051 } \ 2052 } while (0) 2053 2054 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev, 2055 struct sk_buff *msg) 2056 { 2057 int i = 0; 2058 2059 /* 2060 * do *NOT* add anything into this function, new things need to be 2061 * advertised only to new versions of userspace that can deal with 2062 * the split (and they can't possibly care about new features... 2063 */ 2064 CMD(add_virtual_intf, NEW_INTERFACE); 2065 CMD(change_virtual_intf, SET_INTERFACE); 2066 CMD(add_key, NEW_KEY); 2067 CMD(start_ap, START_AP); 2068 CMD(add_station, NEW_STATION); 2069 CMD(add_mpath, NEW_MPATH); 2070 CMD(update_mesh_config, SET_MESH_CONFIG); 2071 CMD(change_bss, SET_BSS); 2072 CMD(auth, AUTHENTICATE); 2073 CMD(assoc, ASSOCIATE); 2074 CMD(deauth, DEAUTHENTICATE); 2075 CMD(disassoc, DISASSOCIATE); 2076 CMD(join_ibss, JOIN_IBSS); 2077 CMD(join_mesh, JOIN_MESH); 2078 CMD(set_pmksa, SET_PMKSA); 2079 CMD(del_pmksa, DEL_PMKSA); 2080 CMD(flush_pmksa, FLUSH_PMKSA); 2081 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 2082 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 2083 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 2084 CMD(mgmt_tx, FRAME); 2085 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 2086 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 2087 i++; 2088 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS)) 2089 goto nla_put_failure; 2090 } 2091 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap || 2092 rdev->ops->join_mesh) { 2093 i++; 2094 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL)) 2095 goto nla_put_failure; 2096 } 2097 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 2098 CMD(tdls_mgmt, TDLS_MGMT); 2099 CMD(tdls_oper, TDLS_OPER); 2100 } 2101 if (rdev->wiphy.max_sched_scan_reqs) 2102 CMD(sched_scan_start, START_SCHED_SCAN); 2103 CMD(probe_client, PROBE_CLIENT); 2104 CMD(set_noack_map, SET_NOACK_MAP); 2105 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 2106 i++; 2107 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 2108 goto nla_put_failure; 2109 } 2110 CMD(start_p2p_device, START_P2P_DEVICE); 2111 CMD(set_mcast_rate, SET_MCAST_RATE); 2112 #ifdef CONFIG_NL80211_TESTMODE 2113 CMD(testmode_cmd, TESTMODE); 2114 #endif 2115 2116 if (rdev->ops->connect || rdev->ops->auth) { 2117 i++; 2118 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT)) 2119 goto nla_put_failure; 2120 } 2121 2122 if (rdev->ops->disconnect || rdev->ops->deauth) { 2123 i++; 2124 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT)) 2125 goto nla_put_failure; 2126 } 2127 2128 return i; 2129 nla_put_failure: 2130 return -ENOBUFS; 2131 } 2132 2133 static int 2134 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap, 2135 struct sk_buff *msg) 2136 { 2137 struct nlattr *ftm; 2138 2139 if (!cap->ftm.supported) 2140 return 0; 2141 2142 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM); 2143 if (!ftm) 2144 return -ENOBUFS; 2145 2146 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP)) 2147 return -ENOBUFS; 2148 if (cap->ftm.non_asap && 2149 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP)) 2150 return -ENOBUFS; 2151 if (cap->ftm.request_lci && 2152 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI)) 2153 return -ENOBUFS; 2154 if (cap->ftm.request_civicloc && 2155 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC)) 2156 return -ENOBUFS; 2157 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES, 2158 cap->ftm.preambles)) 2159 return -ENOBUFS; 2160 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS, 2161 cap->ftm.bandwidths)) 2162 return -ENOBUFS; 2163 if (cap->ftm.max_bursts_exponent >= 0 && 2164 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT, 2165 cap->ftm.max_bursts_exponent)) 2166 return -ENOBUFS; 2167 if (cap->ftm.max_ftms_per_burst && 2168 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST, 2169 cap->ftm.max_ftms_per_burst)) 2170 return -ENOBUFS; 2171 if (cap->ftm.trigger_based && 2172 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED)) 2173 return -ENOBUFS; 2174 if (cap->ftm.non_trigger_based && 2175 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED)) 2176 return -ENOBUFS; 2177 2178 nla_nest_end(msg, ftm); 2179 return 0; 2180 } 2181 2182 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev, 2183 struct sk_buff *msg) 2184 { 2185 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa; 2186 struct nlattr *pmsr, *caps; 2187 2188 if (!cap) 2189 return 0; 2190 2191 /* 2192 * we don't need to clean up anything here since the caller 2193 * will genlmsg_cancel() if we fail 2194 */ 2195 2196 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS); 2197 if (!pmsr) 2198 return -ENOBUFS; 2199 2200 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers)) 2201 return -ENOBUFS; 2202 2203 if (cap->report_ap_tsf && 2204 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF)) 2205 return -ENOBUFS; 2206 2207 if (cap->randomize_mac_addr && 2208 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR)) 2209 return -ENOBUFS; 2210 2211 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA); 2212 if (!caps) 2213 return -ENOBUFS; 2214 2215 if (nl80211_send_pmsr_ftm_capa(cap, msg)) 2216 return -ENOBUFS; 2217 2218 nla_nest_end(msg, caps); 2219 nla_nest_end(msg, pmsr); 2220 2221 return 0; 2222 } 2223 2224 static int 2225 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev, 2226 struct sk_buff *msg) 2227 { 2228 int i; 2229 struct nlattr *nested, *nested_akms; 2230 const struct wiphy_iftype_akm_suites *iftype_akms; 2231 2232 if (!rdev->wiphy.num_iftype_akm_suites || 2233 !rdev->wiphy.iftype_akm_suites) 2234 return 0; 2235 2236 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES); 2237 if (!nested) 2238 return -ENOBUFS; 2239 2240 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) { 2241 nested_akms = nla_nest_start(msg, i + 1); 2242 if (!nested_akms) 2243 return -ENOBUFS; 2244 2245 iftype_akms = &rdev->wiphy.iftype_akm_suites[i]; 2246 2247 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES, 2248 iftype_akms->iftypes_mask)) 2249 return -ENOBUFS; 2250 2251 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES, 2252 sizeof(u32) * iftype_akms->n_akm_suites, 2253 iftype_akms->akm_suites)) { 2254 return -ENOBUFS; 2255 } 2256 nla_nest_end(msg, nested_akms); 2257 } 2258 2259 nla_nest_end(msg, nested); 2260 2261 return 0; 2262 } 2263 2264 static int 2265 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev, 2266 struct sk_buff *msg) 2267 { 2268 struct nlattr *supp; 2269 2270 if (!rdev->wiphy.tid_config_support.vif && 2271 !rdev->wiphy.tid_config_support.peer) 2272 return 0; 2273 2274 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG); 2275 if (!supp) 2276 return -ENOSPC; 2277 2278 if (rdev->wiphy.tid_config_support.vif && 2279 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP, 2280 rdev->wiphy.tid_config_support.vif, 2281 NL80211_TID_CONFIG_ATTR_PAD)) 2282 goto fail; 2283 2284 if (rdev->wiphy.tid_config_support.peer && 2285 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP, 2286 rdev->wiphy.tid_config_support.peer, 2287 NL80211_TID_CONFIG_ATTR_PAD)) 2288 goto fail; 2289 2290 /* for now we just use the same value ... makes more sense */ 2291 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT, 2292 rdev->wiphy.tid_config_support.max_retry)) 2293 goto fail; 2294 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG, 2295 rdev->wiphy.tid_config_support.max_retry)) 2296 goto fail; 2297 2298 nla_nest_end(msg, supp); 2299 2300 return 0; 2301 fail: 2302 nla_nest_cancel(msg, supp); 2303 return -ENOBUFS; 2304 } 2305 2306 static int 2307 nl80211_put_sar_specs(struct cfg80211_registered_device *rdev, 2308 struct sk_buff *msg) 2309 { 2310 struct nlattr *sar_capa, *specs, *sub_freq_range; 2311 u8 num_freq_ranges; 2312 int i; 2313 2314 if (!rdev->wiphy.sar_capa) 2315 return 0; 2316 2317 num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges; 2318 2319 sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC); 2320 if (!sar_capa) 2321 return -ENOSPC; 2322 2323 if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type)) 2324 goto fail; 2325 2326 specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS); 2327 if (!specs) 2328 goto fail; 2329 2330 /* report supported freq_ranges */ 2331 for (i = 0; i < num_freq_ranges; i++) { 2332 sub_freq_range = nla_nest_start(msg, i + 1); 2333 if (!sub_freq_range) 2334 goto fail; 2335 2336 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ, 2337 rdev->wiphy.sar_capa->freq_ranges[i].start_freq)) 2338 goto fail; 2339 2340 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ, 2341 rdev->wiphy.sar_capa->freq_ranges[i].end_freq)) 2342 goto fail; 2343 2344 nla_nest_end(msg, sub_freq_range); 2345 } 2346 2347 nla_nest_end(msg, specs); 2348 nla_nest_end(msg, sar_capa); 2349 2350 return 0; 2351 fail: 2352 nla_nest_cancel(msg, sar_capa); 2353 return -ENOBUFS; 2354 } 2355 2356 static int nl80211_put_mbssid_support(struct wiphy *wiphy, struct sk_buff *msg) 2357 { 2358 struct nlattr *config; 2359 2360 if (!wiphy->mbssid_max_interfaces) 2361 return 0; 2362 2363 config = nla_nest_start(msg, NL80211_ATTR_MBSSID_CONFIG); 2364 if (!config) 2365 return -ENOBUFS; 2366 2367 if (nla_put_u8(msg, NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES, 2368 wiphy->mbssid_max_interfaces)) 2369 goto fail; 2370 2371 if (wiphy->ema_max_profile_periodicity && 2372 nla_put_u8(msg, 2373 NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY, 2374 wiphy->ema_max_profile_periodicity)) 2375 goto fail; 2376 2377 nla_nest_end(msg, config); 2378 return 0; 2379 2380 fail: 2381 nla_nest_cancel(msg, config); 2382 return -ENOBUFS; 2383 } 2384 2385 struct nl80211_dump_wiphy_state { 2386 s64 filter_wiphy; 2387 long start; 2388 long split_start, band_start, chan_start, capa_start; 2389 bool split; 2390 }; 2391 2392 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev, 2393 enum nl80211_commands cmd, 2394 struct sk_buff *msg, u32 portid, u32 seq, 2395 int flags, struct nl80211_dump_wiphy_state *state) 2396 { 2397 void *hdr; 2398 struct nlattr *nl_bands, *nl_band; 2399 struct nlattr *nl_freqs, *nl_freq; 2400 struct nlattr *nl_cmds; 2401 enum nl80211_band band; 2402 struct ieee80211_channel *chan; 2403 int i; 2404 const struct ieee80211_txrx_stypes *mgmt_stypes = 2405 rdev->wiphy.mgmt_stypes; 2406 u32 features; 2407 2408 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 2409 if (!hdr) 2410 return -ENOBUFS; 2411 2412 if (WARN_ON(!state)) 2413 return -EINVAL; 2414 2415 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 2416 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, 2417 wiphy_name(&rdev->wiphy)) || 2418 nla_put_u32(msg, NL80211_ATTR_GENERATION, 2419 cfg80211_rdev_list_generation)) 2420 goto nla_put_failure; 2421 2422 if (cmd != NL80211_CMD_NEW_WIPHY) 2423 goto finish; 2424 2425 switch (state->split_start) { 2426 case 0: 2427 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 2428 rdev->wiphy.retry_short) || 2429 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 2430 rdev->wiphy.retry_long) || 2431 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 2432 rdev->wiphy.frag_threshold) || 2433 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 2434 rdev->wiphy.rts_threshold) || 2435 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 2436 rdev->wiphy.coverage_class) || 2437 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 2438 rdev->wiphy.max_scan_ssids) || 2439 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 2440 rdev->wiphy.max_sched_scan_ssids) || 2441 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 2442 rdev->wiphy.max_scan_ie_len) || 2443 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 2444 rdev->wiphy.max_sched_scan_ie_len) || 2445 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS, 2446 rdev->wiphy.max_match_sets)) 2447 goto nla_put_failure; 2448 2449 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) && 2450 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN)) 2451 goto nla_put_failure; 2452 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) && 2453 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH)) 2454 goto nla_put_failure; 2455 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 2456 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD)) 2457 goto nla_put_failure; 2458 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) && 2459 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT)) 2460 goto nla_put_failure; 2461 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) && 2462 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT)) 2463 goto nla_put_failure; 2464 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) && 2465 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) 2466 goto nla_put_failure; 2467 state->split_start++; 2468 if (state->split) 2469 break; 2470 fallthrough; 2471 case 1: 2472 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES, 2473 sizeof(u32) * rdev->wiphy.n_cipher_suites, 2474 rdev->wiphy.cipher_suites)) 2475 goto nla_put_failure; 2476 2477 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 2478 rdev->wiphy.max_num_pmkids)) 2479 goto nla_put_failure; 2480 2481 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 2482 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE)) 2483 goto nla_put_failure; 2484 2485 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 2486 rdev->wiphy.available_antennas_tx) || 2487 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 2488 rdev->wiphy.available_antennas_rx)) 2489 goto nla_put_failure; 2490 2491 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) && 2492 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 2493 rdev->wiphy.probe_resp_offload)) 2494 goto nla_put_failure; 2495 2496 if ((rdev->wiphy.available_antennas_tx || 2497 rdev->wiphy.available_antennas_rx) && 2498 rdev->ops->get_antenna) { 2499 u32 tx_ant = 0, rx_ant = 0; 2500 int res; 2501 2502 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant); 2503 if (!res) { 2504 if (nla_put_u32(msg, 2505 NL80211_ATTR_WIPHY_ANTENNA_TX, 2506 tx_ant) || 2507 nla_put_u32(msg, 2508 NL80211_ATTR_WIPHY_ANTENNA_RX, 2509 rx_ant)) 2510 goto nla_put_failure; 2511 } 2512 } 2513 2514 state->split_start++; 2515 if (state->split) 2516 break; 2517 fallthrough; 2518 case 2: 2519 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 2520 rdev->wiphy.interface_modes)) 2521 goto nla_put_failure; 2522 state->split_start++; 2523 if (state->split) 2524 break; 2525 fallthrough; 2526 case 3: 2527 nl_bands = nla_nest_start_noflag(msg, 2528 NL80211_ATTR_WIPHY_BANDS); 2529 if (!nl_bands) 2530 goto nla_put_failure; 2531 2532 for (band = state->band_start; 2533 band < (state->split ? 2534 NUM_NL80211_BANDS : 2535 NL80211_BAND_60GHZ + 1); 2536 band++) { 2537 struct ieee80211_supported_band *sband; 2538 2539 /* omit higher bands for ancient software */ 2540 if (band > NL80211_BAND_5GHZ && !state->split) 2541 break; 2542 2543 sband = rdev->wiphy.bands[band]; 2544 2545 if (!sband) 2546 continue; 2547 2548 nl_band = nla_nest_start_noflag(msg, band); 2549 if (!nl_band) 2550 goto nla_put_failure; 2551 2552 switch (state->chan_start) { 2553 case 0: 2554 if (nl80211_send_band_rateinfo(msg, sband, 2555 state->split)) 2556 goto nla_put_failure; 2557 state->chan_start++; 2558 if (state->split) 2559 break; 2560 fallthrough; 2561 default: 2562 /* add frequencies */ 2563 nl_freqs = nla_nest_start_noflag(msg, 2564 NL80211_BAND_ATTR_FREQS); 2565 if (!nl_freqs) 2566 goto nla_put_failure; 2567 2568 for (i = state->chan_start - 1; 2569 i < sband->n_channels; 2570 i++) { 2571 nl_freq = nla_nest_start_noflag(msg, 2572 i); 2573 if (!nl_freq) 2574 goto nla_put_failure; 2575 2576 chan = &sband->channels[i]; 2577 2578 if (nl80211_msg_put_channel( 2579 msg, &rdev->wiphy, chan, 2580 state->split)) 2581 goto nla_put_failure; 2582 2583 nla_nest_end(msg, nl_freq); 2584 if (state->split) 2585 break; 2586 } 2587 if (i < sband->n_channels) 2588 state->chan_start = i + 2; 2589 else 2590 state->chan_start = 0; 2591 nla_nest_end(msg, nl_freqs); 2592 } 2593 2594 nla_nest_end(msg, nl_band); 2595 2596 if (state->split) { 2597 /* start again here */ 2598 if (state->chan_start) 2599 band--; 2600 break; 2601 } 2602 } 2603 nla_nest_end(msg, nl_bands); 2604 2605 if (band < NUM_NL80211_BANDS) 2606 state->band_start = band + 1; 2607 else 2608 state->band_start = 0; 2609 2610 /* if bands & channels are done, continue outside */ 2611 if (state->band_start == 0 && state->chan_start == 0) 2612 state->split_start++; 2613 if (state->split) 2614 break; 2615 fallthrough; 2616 case 4: 2617 nl_cmds = nla_nest_start_noflag(msg, 2618 NL80211_ATTR_SUPPORTED_COMMANDS); 2619 if (!nl_cmds) 2620 goto nla_put_failure; 2621 2622 i = nl80211_add_commands_unsplit(rdev, msg); 2623 if (i < 0) 2624 goto nla_put_failure; 2625 if (state->split) { 2626 CMD(crit_proto_start, CRIT_PROTOCOL_START); 2627 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP); 2628 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH) 2629 CMD(channel_switch, CHANNEL_SWITCH); 2630 CMD(set_qos_map, SET_QOS_MAP); 2631 if (rdev->wiphy.features & 2632 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION) 2633 CMD(add_tx_ts, ADD_TX_TS); 2634 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST); 2635 CMD(update_connect_params, UPDATE_CONNECT_PARAMS); 2636 CMD(update_ft_ies, UPDATE_FT_IES); 2637 if (rdev->wiphy.sar_capa) 2638 CMD(set_sar_specs, SET_SAR_SPECS); 2639 } 2640 #undef CMD 2641 2642 nla_nest_end(msg, nl_cmds); 2643 state->split_start++; 2644 if (state->split) 2645 break; 2646 fallthrough; 2647 case 5: 2648 if (rdev->ops->remain_on_channel && 2649 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) && 2650 nla_put_u32(msg, 2651 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 2652 rdev->wiphy.max_remain_on_channel_duration)) 2653 goto nla_put_failure; 2654 2655 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) && 2656 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) 2657 goto nla_put_failure; 2658 2659 state->split_start++; 2660 if (state->split) 2661 break; 2662 fallthrough; 2663 case 6: 2664 #ifdef CONFIG_PM 2665 if (nl80211_send_wowlan(msg, rdev, state->split)) 2666 goto nla_put_failure; 2667 state->split_start++; 2668 if (state->split) 2669 break; 2670 #else 2671 state->split_start++; 2672 #endif 2673 fallthrough; 2674 case 7: 2675 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 2676 rdev->wiphy.software_iftypes)) 2677 goto nla_put_failure; 2678 2679 if (nl80211_put_iface_combinations(&rdev->wiphy, msg, 2680 state->split)) 2681 goto nla_put_failure; 2682 2683 state->split_start++; 2684 if (state->split) 2685 break; 2686 fallthrough; 2687 case 8: 2688 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) && 2689 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME, 2690 rdev->wiphy.ap_sme_capa)) 2691 goto nla_put_failure; 2692 2693 features = rdev->wiphy.features; 2694 /* 2695 * We can only add the per-channel limit information if the 2696 * dump is split, otherwise it makes it too big. Therefore 2697 * only advertise it in that case. 2698 */ 2699 if (state->split) 2700 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS; 2701 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features)) 2702 goto nla_put_failure; 2703 2704 if (rdev->wiphy.ht_capa_mod_mask && 2705 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 2706 sizeof(*rdev->wiphy.ht_capa_mod_mask), 2707 rdev->wiphy.ht_capa_mod_mask)) 2708 goto nla_put_failure; 2709 2710 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME && 2711 rdev->wiphy.max_acl_mac_addrs && 2712 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX, 2713 rdev->wiphy.max_acl_mac_addrs)) 2714 goto nla_put_failure; 2715 2716 /* 2717 * Any information below this point is only available to 2718 * applications that can deal with it being split. This 2719 * helps ensure that newly added capabilities don't break 2720 * older tools by overrunning their buffers. 2721 * 2722 * We still increment split_start so that in the split 2723 * case we'll continue with more data in the next round, 2724 * but break unconditionally so unsplit data stops here. 2725 */ 2726 if (state->split) 2727 state->split_start++; 2728 else 2729 state->split_start = 0; 2730 break; 2731 case 9: 2732 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes)) 2733 goto nla_put_failure; 2734 2735 if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS, 2736 rdev->wiphy.max_sched_scan_plans) || 2737 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL, 2738 rdev->wiphy.max_sched_scan_plan_interval) || 2739 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS, 2740 rdev->wiphy.max_sched_scan_plan_iterations)) 2741 goto nla_put_failure; 2742 2743 if (rdev->wiphy.extended_capabilities && 2744 (nla_put(msg, NL80211_ATTR_EXT_CAPA, 2745 rdev->wiphy.extended_capabilities_len, 2746 rdev->wiphy.extended_capabilities) || 2747 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK, 2748 rdev->wiphy.extended_capabilities_len, 2749 rdev->wiphy.extended_capabilities_mask))) 2750 goto nla_put_failure; 2751 2752 if (rdev->wiphy.vht_capa_mod_mask && 2753 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, 2754 sizeof(*rdev->wiphy.vht_capa_mod_mask), 2755 rdev->wiphy.vht_capa_mod_mask)) 2756 goto nla_put_failure; 2757 2758 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, 2759 rdev->wiphy.perm_addr)) 2760 goto nla_put_failure; 2761 2762 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) && 2763 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN, 2764 rdev->wiphy.addr_mask)) 2765 goto nla_put_failure; 2766 2767 if (rdev->wiphy.n_addresses > 1) { 2768 void *attr; 2769 2770 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS); 2771 if (!attr) 2772 goto nla_put_failure; 2773 2774 for (i = 0; i < rdev->wiphy.n_addresses; i++) 2775 if (nla_put(msg, i + 1, ETH_ALEN, 2776 rdev->wiphy.addresses[i].addr)) 2777 goto nla_put_failure; 2778 2779 nla_nest_end(msg, attr); 2780 } 2781 2782 state->split_start++; 2783 break; 2784 case 10: 2785 if (nl80211_send_coalesce(msg, rdev)) 2786 goto nla_put_failure; 2787 2788 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) && 2789 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) || 2790 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ))) 2791 goto nla_put_failure; 2792 2793 if (rdev->wiphy.max_ap_assoc_sta && 2794 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA, 2795 rdev->wiphy.max_ap_assoc_sta)) 2796 goto nla_put_failure; 2797 2798 state->split_start++; 2799 break; 2800 case 11: 2801 if (rdev->wiphy.n_vendor_commands) { 2802 const struct nl80211_vendor_cmd_info *info; 2803 struct nlattr *nested; 2804 2805 nested = nla_nest_start_noflag(msg, 2806 NL80211_ATTR_VENDOR_DATA); 2807 if (!nested) 2808 goto nla_put_failure; 2809 2810 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) { 2811 info = &rdev->wiphy.vendor_commands[i].info; 2812 if (nla_put(msg, i + 1, sizeof(*info), info)) 2813 goto nla_put_failure; 2814 } 2815 nla_nest_end(msg, nested); 2816 } 2817 2818 if (rdev->wiphy.n_vendor_events) { 2819 const struct nl80211_vendor_cmd_info *info; 2820 struct nlattr *nested; 2821 2822 nested = nla_nest_start_noflag(msg, 2823 NL80211_ATTR_VENDOR_EVENTS); 2824 if (!nested) 2825 goto nla_put_failure; 2826 2827 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) { 2828 info = &rdev->wiphy.vendor_events[i]; 2829 if (nla_put(msg, i + 1, sizeof(*info), info)) 2830 goto nla_put_failure; 2831 } 2832 nla_nest_end(msg, nested); 2833 } 2834 state->split_start++; 2835 break; 2836 case 12: 2837 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH && 2838 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS, 2839 rdev->wiphy.max_num_csa_counters)) 2840 goto nla_put_failure; 2841 2842 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 2843 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 2844 goto nla_put_failure; 2845 2846 if (rdev->wiphy.max_sched_scan_reqs && 2847 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS, 2848 rdev->wiphy.max_sched_scan_reqs)) 2849 goto nla_put_failure; 2850 2851 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES, 2852 sizeof(rdev->wiphy.ext_features), 2853 rdev->wiphy.ext_features)) 2854 goto nla_put_failure; 2855 2856 if (rdev->wiphy.bss_select_support) { 2857 struct nlattr *nested; 2858 u32 bss_select_support = rdev->wiphy.bss_select_support; 2859 2860 nested = nla_nest_start_noflag(msg, 2861 NL80211_ATTR_BSS_SELECT); 2862 if (!nested) 2863 goto nla_put_failure; 2864 2865 i = 0; 2866 while (bss_select_support) { 2867 if ((bss_select_support & 1) && 2868 nla_put_flag(msg, i)) 2869 goto nla_put_failure; 2870 i++; 2871 bss_select_support >>= 1; 2872 } 2873 nla_nest_end(msg, nested); 2874 } 2875 2876 state->split_start++; 2877 break; 2878 case 13: 2879 if (rdev->wiphy.num_iftype_ext_capab && 2880 rdev->wiphy.iftype_ext_capab) { 2881 struct nlattr *nested_ext_capab, *nested; 2882 2883 nested = nla_nest_start_noflag(msg, 2884 NL80211_ATTR_IFTYPE_EXT_CAPA); 2885 if (!nested) 2886 goto nla_put_failure; 2887 2888 for (i = state->capa_start; 2889 i < rdev->wiphy.num_iftype_ext_capab; i++) { 2890 const struct wiphy_iftype_ext_capab *capab; 2891 2892 capab = &rdev->wiphy.iftype_ext_capab[i]; 2893 2894 nested_ext_capab = nla_nest_start_noflag(msg, 2895 i); 2896 if (!nested_ext_capab || 2897 nla_put_u32(msg, NL80211_ATTR_IFTYPE, 2898 capab->iftype) || 2899 nla_put(msg, NL80211_ATTR_EXT_CAPA, 2900 capab->extended_capabilities_len, 2901 capab->extended_capabilities) || 2902 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK, 2903 capab->extended_capabilities_len, 2904 capab->extended_capabilities_mask)) 2905 goto nla_put_failure; 2906 2907 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO && 2908 (nla_put_u16(msg, 2909 NL80211_ATTR_EML_CAPABILITY, 2910 capab->eml_capabilities) || 2911 nla_put_u16(msg, 2912 NL80211_ATTR_MLD_CAPA_AND_OPS, 2913 capab->mld_capa_and_ops))) 2914 goto nla_put_failure; 2915 2916 nla_nest_end(msg, nested_ext_capab); 2917 if (state->split) 2918 break; 2919 } 2920 nla_nest_end(msg, nested); 2921 if (i < rdev->wiphy.num_iftype_ext_capab) { 2922 state->capa_start = i + 1; 2923 break; 2924 } 2925 } 2926 2927 if (nla_put_u32(msg, NL80211_ATTR_BANDS, 2928 rdev->wiphy.nan_supported_bands)) 2929 goto nla_put_failure; 2930 2931 if (wiphy_ext_feature_isset(&rdev->wiphy, 2932 NL80211_EXT_FEATURE_TXQS)) { 2933 struct cfg80211_txq_stats txqstats = {}; 2934 int res; 2935 2936 res = rdev_get_txq_stats(rdev, NULL, &txqstats); 2937 if (!res && 2938 !nl80211_put_txq_stats(msg, &txqstats, 2939 NL80211_ATTR_TXQ_STATS)) 2940 goto nla_put_failure; 2941 2942 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT, 2943 rdev->wiphy.txq_limit)) 2944 goto nla_put_failure; 2945 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT, 2946 rdev->wiphy.txq_memory_limit)) 2947 goto nla_put_failure; 2948 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM, 2949 rdev->wiphy.txq_quantum)) 2950 goto nla_put_failure; 2951 } 2952 2953 state->split_start++; 2954 break; 2955 case 14: 2956 if (nl80211_send_pmsr_capa(rdev, msg)) 2957 goto nla_put_failure; 2958 2959 state->split_start++; 2960 break; 2961 case 15: 2962 if (rdev->wiphy.akm_suites && 2963 nla_put(msg, NL80211_ATTR_AKM_SUITES, 2964 sizeof(u32) * rdev->wiphy.n_akm_suites, 2965 rdev->wiphy.akm_suites)) 2966 goto nla_put_failure; 2967 2968 if (nl80211_put_iftype_akm_suites(rdev, msg)) 2969 goto nla_put_failure; 2970 2971 if (nl80211_put_tid_config_support(rdev, msg)) 2972 goto nla_put_failure; 2973 state->split_start++; 2974 break; 2975 case 16: 2976 if (nl80211_put_sar_specs(rdev, msg)) 2977 goto nla_put_failure; 2978 2979 if (nl80211_put_mbssid_support(&rdev->wiphy, msg)) 2980 goto nla_put_failure; 2981 2982 if (nla_put_u16(msg, NL80211_ATTR_MAX_NUM_AKM_SUITES, 2983 rdev->wiphy.max_num_akm_suites)) 2984 goto nla_put_failure; 2985 2986 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO) 2987 nla_put_flag(msg, NL80211_ATTR_MLO_SUPPORT); 2988 2989 if (rdev->wiphy.hw_timestamp_max_peers && 2990 nla_put_u16(msg, NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS, 2991 rdev->wiphy.hw_timestamp_max_peers)) 2992 goto nla_put_failure; 2993 2994 /* done */ 2995 state->split_start = 0; 2996 break; 2997 } 2998 finish: 2999 genlmsg_end(msg, hdr); 3000 return 0; 3001 3002 nla_put_failure: 3003 genlmsg_cancel(msg, hdr); 3004 return -EMSGSIZE; 3005 } 3006 3007 static int nl80211_dump_wiphy_parse(struct sk_buff *skb, 3008 struct netlink_callback *cb, 3009 struct nl80211_dump_wiphy_state *state) 3010 { 3011 struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL); 3012 int ret; 3013 3014 if (!tb) 3015 return -ENOMEM; 3016 3017 ret = nlmsg_parse_deprecated(cb->nlh, 3018 GENL_HDRLEN + nl80211_fam.hdrsize, 3019 tb, nl80211_fam.maxattr, 3020 nl80211_policy, NULL); 3021 /* ignore parse errors for backward compatibility */ 3022 if (ret) { 3023 ret = 0; 3024 goto out; 3025 } 3026 3027 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP]; 3028 if (tb[NL80211_ATTR_WIPHY]) 3029 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 3030 if (tb[NL80211_ATTR_WDEV]) 3031 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32; 3032 if (tb[NL80211_ATTR_IFINDEX]) { 3033 struct net_device *netdev; 3034 struct cfg80211_registered_device *rdev; 3035 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 3036 3037 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 3038 if (!netdev) { 3039 ret = -ENODEV; 3040 goto out; 3041 } 3042 if (netdev->ieee80211_ptr) { 3043 rdev = wiphy_to_rdev( 3044 netdev->ieee80211_ptr->wiphy); 3045 state->filter_wiphy = rdev->wiphy_idx; 3046 } 3047 } 3048 3049 ret = 0; 3050 out: 3051 kfree(tb); 3052 return ret; 3053 } 3054 3055 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 3056 { 3057 int idx = 0, ret; 3058 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0]; 3059 struct cfg80211_registered_device *rdev; 3060 3061 rtnl_lock(); 3062 if (!state) { 3063 state = kzalloc(sizeof(*state), GFP_KERNEL); 3064 if (!state) { 3065 rtnl_unlock(); 3066 return -ENOMEM; 3067 } 3068 state->filter_wiphy = -1; 3069 ret = nl80211_dump_wiphy_parse(skb, cb, state); 3070 if (ret) { 3071 kfree(state); 3072 rtnl_unlock(); 3073 return ret; 3074 } 3075 cb->args[0] = (long)state; 3076 } 3077 3078 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 3079 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 3080 continue; 3081 if (++idx <= state->start) 3082 continue; 3083 if (state->filter_wiphy != -1 && 3084 state->filter_wiphy != rdev->wiphy_idx) 3085 continue; 3086 wiphy_lock(&rdev->wiphy); 3087 /* attempt to fit multiple wiphy data chunks into the skb */ 3088 do { 3089 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, 3090 skb, 3091 NETLINK_CB(cb->skb).portid, 3092 cb->nlh->nlmsg_seq, 3093 NLM_F_MULTI, state); 3094 if (ret < 0) { 3095 /* 3096 * If sending the wiphy data didn't fit (ENOBUFS 3097 * or EMSGSIZE returned), this SKB is still 3098 * empty (so it's not too big because another 3099 * wiphy dataset is already in the skb) and 3100 * we've not tried to adjust the dump allocation 3101 * yet ... then adjust the alloc size to be 3102 * bigger, and return 1 but with the empty skb. 3103 * This results in an empty message being RX'ed 3104 * in userspace, but that is ignored. 3105 * 3106 * We can then retry with the larger buffer. 3107 */ 3108 if ((ret == -ENOBUFS || ret == -EMSGSIZE) && 3109 !skb->len && !state->split && 3110 cb->min_dump_alloc < 4096) { 3111 cb->min_dump_alloc = 4096; 3112 state->split_start = 0; 3113 wiphy_unlock(&rdev->wiphy); 3114 rtnl_unlock(); 3115 return 1; 3116 } 3117 idx--; 3118 break; 3119 } 3120 } while (state->split_start > 0); 3121 wiphy_unlock(&rdev->wiphy); 3122 break; 3123 } 3124 rtnl_unlock(); 3125 3126 state->start = idx; 3127 3128 return skb->len; 3129 } 3130 3131 static int nl80211_dump_wiphy_done(struct netlink_callback *cb) 3132 { 3133 kfree((void *)cb->args[0]); 3134 return 0; 3135 } 3136 3137 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 3138 { 3139 struct sk_buff *msg; 3140 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3141 struct nl80211_dump_wiphy_state state = {}; 3142 3143 msg = nlmsg_new(4096, GFP_KERNEL); 3144 if (!msg) 3145 return -ENOMEM; 3146 3147 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg, 3148 info->snd_portid, info->snd_seq, 0, 3149 &state) < 0) { 3150 nlmsg_free(msg); 3151 return -ENOBUFS; 3152 } 3153 3154 return genlmsg_reply(msg, info); 3155 } 3156 3157 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 3158 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 3159 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 3160 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 3161 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 3162 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 3163 }; 3164 3165 static int parse_txq_params(struct nlattr *tb[], 3166 struct ieee80211_txq_params *txq_params) 3167 { 3168 u8 ac; 3169 3170 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || 3171 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 3172 !tb[NL80211_TXQ_ATTR_AIFS]) 3173 return -EINVAL; 3174 3175 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); 3176 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 3177 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 3178 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 3179 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 3180 3181 if (ac >= NL80211_NUM_ACS) 3182 return -EINVAL; 3183 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS); 3184 return 0; 3185 } 3186 3187 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 3188 { 3189 /* 3190 * You can only set the channel explicitly for some interfaces, 3191 * most have their channel managed via their respective 3192 * "establish a connection" command (connect, join, ...) 3193 * 3194 * For AP/GO and mesh mode, the channel can be set with the 3195 * channel userspace API, but is only stored and passed to the 3196 * low-level driver when the AP starts or the mesh is joined. 3197 * This is for backward compatibility, userspace can also give 3198 * the channel in the start-ap or join-mesh commands instead. 3199 * 3200 * Monitors are special as they are normally slaved to 3201 * whatever else is going on, so they have their own special 3202 * operation to set the monitor channel if possible. 3203 */ 3204 return !wdev || 3205 wdev->iftype == NL80211_IFTYPE_AP || 3206 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 3207 wdev->iftype == NL80211_IFTYPE_MONITOR || 3208 wdev->iftype == NL80211_IFTYPE_P2P_GO; 3209 } 3210 3211 static int nl80211_parse_punct_bitmap(struct cfg80211_registered_device *rdev, 3212 struct genl_info *info, 3213 const struct cfg80211_chan_def *chandef, 3214 u16 *punct_bitmap) 3215 { 3216 if (!wiphy_ext_feature_isset(&rdev->wiphy, NL80211_EXT_FEATURE_PUNCT)) 3217 return -EINVAL; 3218 3219 *punct_bitmap = nla_get_u32(info->attrs[NL80211_ATTR_PUNCT_BITMAP]); 3220 if (!cfg80211_valid_disable_subchannel_bitmap(punct_bitmap, chandef)) 3221 return -EINVAL; 3222 3223 return 0; 3224 } 3225 3226 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev, 3227 struct genl_info *info, 3228 struct cfg80211_chan_def *chandef) 3229 { 3230 struct netlink_ext_ack *extack = info->extack; 3231 struct nlattr **attrs = info->attrs; 3232 u32 control_freq; 3233 3234 if (!attrs[NL80211_ATTR_WIPHY_FREQ]) { 3235 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ], 3236 "Frequency is missing"); 3237 return -EINVAL; 3238 } 3239 3240 control_freq = MHZ_TO_KHZ( 3241 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3242 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]) 3243 control_freq += 3244 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]); 3245 3246 memset(chandef, 0, sizeof(*chandef)); 3247 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq); 3248 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 3249 chandef->center_freq1 = KHZ_TO_MHZ(control_freq); 3250 chandef->freq1_offset = control_freq % 1000; 3251 chandef->center_freq2 = 0; 3252 3253 /* Primary channel not allowed */ 3254 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) { 3255 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ], 3256 "Channel is disabled"); 3257 return -EINVAL; 3258 } 3259 3260 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 3261 enum nl80211_channel_type chantype; 3262 3263 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 3264 3265 switch (chantype) { 3266 case NL80211_CHAN_NO_HT: 3267 case NL80211_CHAN_HT20: 3268 case NL80211_CHAN_HT40PLUS: 3269 case NL80211_CHAN_HT40MINUS: 3270 cfg80211_chandef_create(chandef, chandef->chan, 3271 chantype); 3272 /* user input for center_freq is incorrect */ 3273 if (attrs[NL80211_ATTR_CENTER_FREQ1] && 3274 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) { 3275 NL_SET_ERR_MSG_ATTR(extack, 3276 attrs[NL80211_ATTR_CENTER_FREQ1], 3277 "bad center frequency 1"); 3278 return -EINVAL; 3279 } 3280 /* center_freq2 must be zero */ 3281 if (attrs[NL80211_ATTR_CENTER_FREQ2] && 3282 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) { 3283 NL_SET_ERR_MSG_ATTR(extack, 3284 attrs[NL80211_ATTR_CENTER_FREQ2], 3285 "center frequency 2 can't be used"); 3286 return -EINVAL; 3287 } 3288 break; 3289 default: 3290 NL_SET_ERR_MSG_ATTR(extack, 3291 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE], 3292 "invalid channel type"); 3293 return -EINVAL; 3294 } 3295 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) { 3296 chandef->width = 3297 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]); 3298 if (chandef->chan->band == NL80211_BAND_S1GHZ) { 3299 /* User input error for channel width doesn't match channel */ 3300 if (chandef->width != ieee80211_s1g_channel_width(chandef->chan)) { 3301 NL_SET_ERR_MSG_ATTR(extack, 3302 attrs[NL80211_ATTR_CHANNEL_WIDTH], 3303 "bad channel width"); 3304 return -EINVAL; 3305 } 3306 } 3307 if (attrs[NL80211_ATTR_CENTER_FREQ1]) { 3308 chandef->center_freq1 = 3309 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]); 3310 if (attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]) 3311 chandef->freq1_offset = nla_get_u32( 3312 attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]); 3313 else 3314 chandef->freq1_offset = 0; 3315 } 3316 if (attrs[NL80211_ATTR_CENTER_FREQ2]) 3317 chandef->center_freq2 = 3318 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]); 3319 } 3320 3321 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) { 3322 chandef->edmg.channels = 3323 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]); 3324 3325 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]) 3326 chandef->edmg.bw_config = 3327 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]); 3328 } else { 3329 chandef->edmg.bw_config = 0; 3330 chandef->edmg.channels = 0; 3331 } 3332 3333 if (!cfg80211_chandef_valid(chandef)) { 3334 NL_SET_ERR_MSG(extack, "invalid channel definition"); 3335 return -EINVAL; 3336 } 3337 3338 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef, 3339 IEEE80211_CHAN_DISABLED)) { 3340 NL_SET_ERR_MSG(extack, "(extension) channel is disabled"); 3341 return -EINVAL; 3342 } 3343 3344 if ((chandef->width == NL80211_CHAN_WIDTH_5 || 3345 chandef->width == NL80211_CHAN_WIDTH_10) && 3346 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) { 3347 NL_SET_ERR_MSG(extack, "5/10 MHz not supported"); 3348 return -EINVAL; 3349 } 3350 3351 return 0; 3352 } 3353 3354 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 3355 struct net_device *dev, 3356 struct genl_info *info, 3357 int _link_id) 3358 { 3359 struct cfg80211_chan_def chandef; 3360 int result; 3361 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR; 3362 struct wireless_dev *wdev = NULL; 3363 int link_id = _link_id; 3364 3365 if (dev) 3366 wdev = dev->ieee80211_ptr; 3367 if (!nl80211_can_set_dev_channel(wdev)) 3368 return -EOPNOTSUPP; 3369 if (wdev) 3370 iftype = wdev->iftype; 3371 3372 if (link_id < 0) { 3373 if (wdev && wdev->valid_links) 3374 return -EINVAL; 3375 link_id = 0; 3376 } 3377 3378 result = nl80211_parse_chandef(rdev, info, &chandef); 3379 if (result) 3380 return result; 3381 3382 switch (iftype) { 3383 case NL80211_IFTYPE_AP: 3384 case NL80211_IFTYPE_P2P_GO: 3385 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef, 3386 iftype)) 3387 return -EINVAL; 3388 if (wdev->links[link_id].ap.beacon_interval) { 3389 struct ieee80211_channel *cur_chan; 3390 3391 if (!dev || !rdev->ops->set_ap_chanwidth || 3392 !(rdev->wiphy.features & 3393 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) 3394 return -EBUSY; 3395 3396 /* Only allow dynamic channel width changes */ 3397 cur_chan = wdev->links[link_id].ap.chandef.chan; 3398 if (chandef.chan != cur_chan) 3399 return -EBUSY; 3400 3401 result = rdev_set_ap_chanwidth(rdev, dev, link_id, 3402 &chandef); 3403 if (result) 3404 return result; 3405 wdev->links[link_id].ap.chandef = chandef; 3406 } else { 3407 wdev->u.ap.preset_chandef = chandef; 3408 } 3409 return 0; 3410 case NL80211_IFTYPE_MESH_POINT: 3411 return cfg80211_set_mesh_channel(rdev, wdev, &chandef); 3412 case NL80211_IFTYPE_MONITOR: 3413 return cfg80211_set_monitor_channel(rdev, &chandef); 3414 default: 3415 break; 3416 } 3417 3418 return -EINVAL; 3419 } 3420 3421 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 3422 { 3423 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3424 int link_id = nl80211_link_id_or_invalid(info->attrs); 3425 struct net_device *netdev = info->user_ptr[1]; 3426 int ret; 3427 3428 wdev_lock(netdev->ieee80211_ptr); 3429 ret = __nl80211_set_channel(rdev, netdev, info, link_id); 3430 wdev_unlock(netdev->ieee80211_ptr); 3431 3432 return ret; 3433 } 3434 3435 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 3436 { 3437 struct cfg80211_registered_device *rdev = NULL; 3438 struct net_device *netdev = NULL; 3439 struct wireless_dev *wdev; 3440 int result = 0, rem_txq_params = 0; 3441 struct nlattr *nl_txq_params; 3442 u32 changed; 3443 u8 retry_short = 0, retry_long = 0; 3444 u32 frag_threshold = 0, rts_threshold = 0; 3445 u8 coverage_class = 0; 3446 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0; 3447 3448 rtnl_lock(); 3449 /* 3450 * Try to find the wiphy and netdev. Normally this 3451 * function shouldn't need the netdev, but this is 3452 * done for backward compatibility -- previously 3453 * setting the channel was done per wiphy, but now 3454 * it is per netdev. Previous userland like hostapd 3455 * also passed a netdev to set_wiphy, so that it is 3456 * possible to let that go to the right netdev! 3457 */ 3458 3459 if (info->attrs[NL80211_ATTR_IFINDEX]) { 3460 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 3461 3462 netdev = __dev_get_by_index(genl_info_net(info), ifindex); 3463 if (netdev && netdev->ieee80211_ptr) 3464 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy); 3465 else 3466 netdev = NULL; 3467 } 3468 3469 if (!netdev) { 3470 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info), 3471 info->attrs); 3472 if (IS_ERR(rdev)) { 3473 rtnl_unlock(); 3474 return PTR_ERR(rdev); 3475 } 3476 wdev = NULL; 3477 netdev = NULL; 3478 result = 0; 3479 } else 3480 wdev = netdev->ieee80211_ptr; 3481 3482 wiphy_lock(&rdev->wiphy); 3483 3484 /* 3485 * end workaround code, by now the rdev is available 3486 * and locked, and wdev may or may not be NULL. 3487 */ 3488 3489 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 3490 result = cfg80211_dev_rename( 3491 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 3492 rtnl_unlock(); 3493 3494 if (result) 3495 goto out; 3496 3497 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 3498 struct ieee80211_txq_params txq_params; 3499 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 3500 3501 if (!rdev->ops->set_txq_params) { 3502 result = -EOPNOTSUPP; 3503 goto out; 3504 } 3505 3506 if (!netdev) { 3507 result = -EINVAL; 3508 goto out; 3509 } 3510 3511 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3512 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 3513 result = -EINVAL; 3514 goto out; 3515 } 3516 3517 if (!netif_running(netdev)) { 3518 result = -ENETDOWN; 3519 goto out; 3520 } 3521 3522 nla_for_each_nested(nl_txq_params, 3523 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 3524 rem_txq_params) { 3525 result = nla_parse_nested_deprecated(tb, 3526 NL80211_TXQ_ATTR_MAX, 3527 nl_txq_params, 3528 txq_params_policy, 3529 info->extack); 3530 if (result) 3531 goto out; 3532 result = parse_txq_params(tb, &txq_params); 3533 if (result) 3534 goto out; 3535 3536 txq_params.link_id = 3537 nl80211_link_id_or_invalid(info->attrs); 3538 3539 wdev_lock(netdev->ieee80211_ptr); 3540 if (txq_params.link_id >= 0 && 3541 !(netdev->ieee80211_ptr->valid_links & 3542 BIT(txq_params.link_id))) 3543 result = -ENOLINK; 3544 else if (txq_params.link_id >= 0 && 3545 !netdev->ieee80211_ptr->valid_links) 3546 result = -EINVAL; 3547 else 3548 result = rdev_set_txq_params(rdev, netdev, 3549 &txq_params); 3550 wdev_unlock(netdev->ieee80211_ptr); 3551 if (result) 3552 goto out; 3553 } 3554 } 3555 3556 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 3557 int link_id = nl80211_link_id_or_invalid(info->attrs); 3558 3559 if (wdev) { 3560 wdev_lock(wdev); 3561 result = __nl80211_set_channel( 3562 rdev, 3563 nl80211_can_set_dev_channel(wdev) ? netdev : NULL, 3564 info, link_id); 3565 wdev_unlock(wdev); 3566 } else { 3567 result = __nl80211_set_channel(rdev, netdev, info, link_id); 3568 } 3569 3570 if (result) 3571 goto out; 3572 } 3573 3574 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 3575 struct wireless_dev *txp_wdev = wdev; 3576 enum nl80211_tx_power_setting type; 3577 int idx, mbm = 0; 3578 3579 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER)) 3580 txp_wdev = NULL; 3581 3582 if (!rdev->ops->set_tx_power) { 3583 result = -EOPNOTSUPP; 3584 goto out; 3585 } 3586 3587 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 3588 type = nla_get_u32(info->attrs[idx]); 3589 3590 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 3591 (type != NL80211_TX_POWER_AUTOMATIC)) { 3592 result = -EINVAL; 3593 goto out; 3594 } 3595 3596 if (type != NL80211_TX_POWER_AUTOMATIC) { 3597 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 3598 mbm = nla_get_u32(info->attrs[idx]); 3599 } 3600 3601 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm); 3602 if (result) 3603 goto out; 3604 } 3605 3606 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 3607 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 3608 u32 tx_ant, rx_ant; 3609 3610 if ((!rdev->wiphy.available_antennas_tx && 3611 !rdev->wiphy.available_antennas_rx) || 3612 !rdev->ops->set_antenna) { 3613 result = -EOPNOTSUPP; 3614 goto out; 3615 } 3616 3617 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 3618 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 3619 3620 /* reject antenna configurations which don't match the 3621 * available antenna masks, except for the "all" mask */ 3622 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 3623 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) { 3624 result = -EINVAL; 3625 goto out; 3626 } 3627 3628 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 3629 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 3630 3631 result = rdev_set_antenna(rdev, tx_ant, rx_ant); 3632 if (result) 3633 goto out; 3634 } 3635 3636 changed = 0; 3637 3638 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 3639 retry_short = nla_get_u8( 3640 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 3641 3642 changed |= WIPHY_PARAM_RETRY_SHORT; 3643 } 3644 3645 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 3646 retry_long = nla_get_u8( 3647 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 3648 3649 changed |= WIPHY_PARAM_RETRY_LONG; 3650 } 3651 3652 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 3653 frag_threshold = nla_get_u32( 3654 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 3655 if (frag_threshold < 256) { 3656 result = -EINVAL; 3657 goto out; 3658 } 3659 3660 if (frag_threshold != (u32) -1) { 3661 /* 3662 * Fragments (apart from the last one) are required to 3663 * have even length. Make the fragmentation code 3664 * simpler by stripping LSB should someone try to use 3665 * odd threshold value. 3666 */ 3667 frag_threshold &= ~0x1; 3668 } 3669 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 3670 } 3671 3672 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 3673 rts_threshold = nla_get_u32( 3674 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 3675 changed |= WIPHY_PARAM_RTS_THRESHOLD; 3676 } 3677 3678 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 3679 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) { 3680 result = -EINVAL; 3681 goto out; 3682 } 3683 3684 coverage_class = nla_get_u8( 3685 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 3686 changed |= WIPHY_PARAM_COVERAGE_CLASS; 3687 } 3688 3689 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) { 3690 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION)) { 3691 result = -EOPNOTSUPP; 3692 goto out; 3693 } 3694 3695 changed |= WIPHY_PARAM_DYN_ACK; 3696 } 3697 3698 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) { 3699 if (!wiphy_ext_feature_isset(&rdev->wiphy, 3700 NL80211_EXT_FEATURE_TXQS)) { 3701 result = -EOPNOTSUPP; 3702 goto out; 3703 } 3704 txq_limit = nla_get_u32( 3705 info->attrs[NL80211_ATTR_TXQ_LIMIT]); 3706 changed |= WIPHY_PARAM_TXQ_LIMIT; 3707 } 3708 3709 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) { 3710 if (!wiphy_ext_feature_isset(&rdev->wiphy, 3711 NL80211_EXT_FEATURE_TXQS)) { 3712 result = -EOPNOTSUPP; 3713 goto out; 3714 } 3715 txq_memory_limit = nla_get_u32( 3716 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]); 3717 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT; 3718 } 3719 3720 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) { 3721 if (!wiphy_ext_feature_isset(&rdev->wiphy, 3722 NL80211_EXT_FEATURE_TXQS)) { 3723 result = -EOPNOTSUPP; 3724 goto out; 3725 } 3726 txq_quantum = nla_get_u32( 3727 info->attrs[NL80211_ATTR_TXQ_QUANTUM]); 3728 changed |= WIPHY_PARAM_TXQ_QUANTUM; 3729 } 3730 3731 if (changed) { 3732 u8 old_retry_short, old_retry_long; 3733 u32 old_frag_threshold, old_rts_threshold; 3734 u8 old_coverage_class; 3735 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum; 3736 3737 if (!rdev->ops->set_wiphy_params) { 3738 result = -EOPNOTSUPP; 3739 goto out; 3740 } 3741 3742 old_retry_short = rdev->wiphy.retry_short; 3743 old_retry_long = rdev->wiphy.retry_long; 3744 old_frag_threshold = rdev->wiphy.frag_threshold; 3745 old_rts_threshold = rdev->wiphy.rts_threshold; 3746 old_coverage_class = rdev->wiphy.coverage_class; 3747 old_txq_limit = rdev->wiphy.txq_limit; 3748 old_txq_memory_limit = rdev->wiphy.txq_memory_limit; 3749 old_txq_quantum = rdev->wiphy.txq_quantum; 3750 3751 if (changed & WIPHY_PARAM_RETRY_SHORT) 3752 rdev->wiphy.retry_short = retry_short; 3753 if (changed & WIPHY_PARAM_RETRY_LONG) 3754 rdev->wiphy.retry_long = retry_long; 3755 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 3756 rdev->wiphy.frag_threshold = frag_threshold; 3757 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 3758 rdev->wiphy.rts_threshold = rts_threshold; 3759 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 3760 rdev->wiphy.coverage_class = coverage_class; 3761 if (changed & WIPHY_PARAM_TXQ_LIMIT) 3762 rdev->wiphy.txq_limit = txq_limit; 3763 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT) 3764 rdev->wiphy.txq_memory_limit = txq_memory_limit; 3765 if (changed & WIPHY_PARAM_TXQ_QUANTUM) 3766 rdev->wiphy.txq_quantum = txq_quantum; 3767 3768 result = rdev_set_wiphy_params(rdev, changed); 3769 if (result) { 3770 rdev->wiphy.retry_short = old_retry_short; 3771 rdev->wiphy.retry_long = old_retry_long; 3772 rdev->wiphy.frag_threshold = old_frag_threshold; 3773 rdev->wiphy.rts_threshold = old_rts_threshold; 3774 rdev->wiphy.coverage_class = old_coverage_class; 3775 rdev->wiphy.txq_limit = old_txq_limit; 3776 rdev->wiphy.txq_memory_limit = old_txq_memory_limit; 3777 rdev->wiphy.txq_quantum = old_txq_quantum; 3778 goto out; 3779 } 3780 } 3781 3782 result = 0; 3783 3784 out: 3785 wiphy_unlock(&rdev->wiphy); 3786 return result; 3787 } 3788 3789 int nl80211_send_chandef(struct sk_buff *msg, const struct cfg80211_chan_def *chandef) 3790 { 3791 if (WARN_ON(!cfg80211_chandef_valid(chandef))) 3792 return -EINVAL; 3793 3794 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 3795 chandef->chan->center_freq)) 3796 return -ENOBUFS; 3797 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, 3798 chandef->chan->freq_offset)) 3799 return -ENOBUFS; 3800 switch (chandef->width) { 3801 case NL80211_CHAN_WIDTH_20_NOHT: 3802 case NL80211_CHAN_WIDTH_20: 3803 case NL80211_CHAN_WIDTH_40: 3804 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3805 cfg80211_get_chandef_type(chandef))) 3806 return -ENOBUFS; 3807 break; 3808 default: 3809 break; 3810 } 3811 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width)) 3812 return -ENOBUFS; 3813 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1)) 3814 return -ENOBUFS; 3815 if (chandef->center_freq2 && 3816 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2)) 3817 return -ENOBUFS; 3818 return 0; 3819 } 3820 EXPORT_SYMBOL(nl80211_send_chandef); 3821 3822 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags, 3823 struct cfg80211_registered_device *rdev, 3824 struct wireless_dev *wdev, 3825 enum nl80211_commands cmd) 3826 { 3827 struct net_device *dev = wdev->netdev; 3828 void *hdr; 3829 3830 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE && 3831 cmd != NL80211_CMD_DEL_INTERFACE && 3832 cmd != NL80211_CMD_SET_INTERFACE); 3833 3834 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 3835 if (!hdr) 3836 return -1; 3837 3838 if (dev && 3839 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3840 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name))) 3841 goto nla_put_failure; 3842 3843 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 3844 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) || 3845 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 3846 NL80211_ATTR_PAD) || 3847 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) || 3848 nla_put_u32(msg, NL80211_ATTR_GENERATION, 3849 rdev->devlist_generation ^ 3850 (cfg80211_rdev_list_generation << 2)) || 3851 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr)) 3852 goto nla_put_failure; 3853 3854 if (rdev->ops->get_channel && !wdev->valid_links) { 3855 struct cfg80211_chan_def chandef = {}; 3856 int ret; 3857 3858 ret = rdev_get_channel(rdev, wdev, 0, &chandef); 3859 if (ret == 0 && nl80211_send_chandef(msg, &chandef)) 3860 goto nla_put_failure; 3861 } 3862 3863 if (rdev->ops->get_tx_power) { 3864 int dbm, ret; 3865 3866 ret = rdev_get_tx_power(rdev, wdev, &dbm); 3867 if (ret == 0 && 3868 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL, 3869 DBM_TO_MBM(dbm))) 3870 goto nla_put_failure; 3871 } 3872 3873 wdev_lock(wdev); 3874 switch (wdev->iftype) { 3875 case NL80211_IFTYPE_AP: 3876 case NL80211_IFTYPE_P2P_GO: 3877 if (wdev->u.ap.ssid_len && 3878 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len, 3879 wdev->u.ap.ssid)) 3880 goto nla_put_failure_locked; 3881 break; 3882 case NL80211_IFTYPE_STATION: 3883 case NL80211_IFTYPE_P2P_CLIENT: 3884 if (wdev->u.client.ssid_len && 3885 nla_put(msg, NL80211_ATTR_SSID, wdev->u.client.ssid_len, 3886 wdev->u.client.ssid)) 3887 goto nla_put_failure_locked; 3888 break; 3889 case NL80211_IFTYPE_ADHOC: 3890 if (wdev->u.ibss.ssid_len && 3891 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ibss.ssid_len, 3892 wdev->u.ibss.ssid)) 3893 goto nla_put_failure_locked; 3894 break; 3895 default: 3896 /* nothing */ 3897 break; 3898 } 3899 wdev_unlock(wdev); 3900 3901 if (rdev->ops->get_txq_stats) { 3902 struct cfg80211_txq_stats txqstats = {}; 3903 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats); 3904 3905 if (ret == 0 && 3906 !nl80211_put_txq_stats(msg, &txqstats, 3907 NL80211_ATTR_TXQ_STATS)) 3908 goto nla_put_failure; 3909 } 3910 3911 if (wdev->valid_links) { 3912 unsigned int link_id; 3913 struct nlattr *links = nla_nest_start(msg, 3914 NL80211_ATTR_MLO_LINKS); 3915 3916 if (!links) 3917 goto nla_put_failure; 3918 3919 for_each_valid_link(wdev, link_id) { 3920 struct nlattr *link = nla_nest_start(msg, link_id + 1); 3921 struct cfg80211_chan_def chandef = {}; 3922 int ret; 3923 3924 if (!link) 3925 goto nla_put_failure; 3926 3927 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) 3928 goto nla_put_failure; 3929 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, 3930 wdev->links[link_id].addr)) 3931 goto nla_put_failure; 3932 3933 ret = rdev_get_channel(rdev, wdev, link_id, &chandef); 3934 if (ret == 0 && nl80211_send_chandef(msg, &chandef)) 3935 goto nla_put_failure; 3936 3937 nla_nest_end(msg, link); 3938 } 3939 3940 nla_nest_end(msg, links); 3941 } 3942 3943 genlmsg_end(msg, hdr); 3944 return 0; 3945 3946 nla_put_failure_locked: 3947 wdev_unlock(wdev); 3948 nla_put_failure: 3949 genlmsg_cancel(msg, hdr); 3950 return -EMSGSIZE; 3951 } 3952 3953 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 3954 { 3955 int wp_idx = 0; 3956 int if_idx = 0; 3957 int wp_start = cb->args[0]; 3958 int if_start = cb->args[1]; 3959 int filter_wiphy = -1; 3960 struct cfg80211_registered_device *rdev; 3961 struct wireless_dev *wdev; 3962 int ret; 3963 3964 rtnl_lock(); 3965 if (!cb->args[2]) { 3966 struct nl80211_dump_wiphy_state state = { 3967 .filter_wiphy = -1, 3968 }; 3969 3970 ret = nl80211_dump_wiphy_parse(skb, cb, &state); 3971 if (ret) 3972 goto out_unlock; 3973 3974 filter_wiphy = state.filter_wiphy; 3975 3976 /* 3977 * if filtering, set cb->args[2] to +1 since 0 is the default 3978 * value needed to determine that parsing is necessary. 3979 */ 3980 if (filter_wiphy >= 0) 3981 cb->args[2] = filter_wiphy + 1; 3982 else 3983 cb->args[2] = -1; 3984 } else if (cb->args[2] > 0) { 3985 filter_wiphy = cb->args[2] - 1; 3986 } 3987 3988 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 3989 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 3990 continue; 3991 if (wp_idx < wp_start) { 3992 wp_idx++; 3993 continue; 3994 } 3995 3996 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx) 3997 continue; 3998 3999 if_idx = 0; 4000 4001 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 4002 if (if_idx < if_start) { 4003 if_idx++; 4004 continue; 4005 } 4006 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid, 4007 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4008 rdev, wdev, 4009 NL80211_CMD_NEW_INTERFACE) < 0) { 4010 goto out; 4011 } 4012 if_idx++; 4013 } 4014 4015 if_start = 0; 4016 wp_idx++; 4017 } 4018 out: 4019 cb->args[0] = wp_idx; 4020 cb->args[1] = if_idx; 4021 4022 ret = skb->len; 4023 out_unlock: 4024 rtnl_unlock(); 4025 4026 return ret; 4027 } 4028 4029 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 4030 { 4031 struct sk_buff *msg; 4032 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4033 struct wireless_dev *wdev = info->user_ptr[1]; 4034 4035 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4036 if (!msg) 4037 return -ENOMEM; 4038 4039 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 4040 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) { 4041 nlmsg_free(msg); 4042 return -ENOBUFS; 4043 } 4044 4045 return genlmsg_reply(msg, info); 4046 } 4047 4048 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 4049 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 4050 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 4051 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 4052 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 4053 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 4054 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG }, 4055 }; 4056 4057 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 4058 { 4059 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 4060 int flag; 4061 4062 *mntrflags = 0; 4063 4064 if (!nla) 4065 return -EINVAL; 4066 4067 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL)) 4068 return -EINVAL; 4069 4070 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 4071 if (flags[flag]) 4072 *mntrflags |= (1<<flag); 4073 4074 *mntrflags |= MONITOR_FLAG_CHANGED; 4075 4076 return 0; 4077 } 4078 4079 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev, 4080 enum nl80211_iftype type, 4081 struct genl_info *info, 4082 struct vif_params *params) 4083 { 4084 bool change = false; 4085 int err; 4086 4087 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 4088 if (type != NL80211_IFTYPE_MONITOR) 4089 return -EINVAL; 4090 4091 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 4092 ¶ms->flags); 4093 if (err) 4094 return err; 4095 4096 change = true; 4097 } 4098 4099 if (params->flags & MONITOR_FLAG_ACTIVE && 4100 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR)) 4101 return -EOPNOTSUPP; 4102 4103 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) { 4104 const u8 *mumimo_groups; 4105 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER; 4106 4107 if (type != NL80211_IFTYPE_MONITOR) 4108 return -EINVAL; 4109 4110 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag)) 4111 return -EOPNOTSUPP; 4112 4113 mumimo_groups = 4114 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]); 4115 4116 /* bits 0 and 63 are reserved and must be zero */ 4117 if ((mumimo_groups[0] & BIT(0)) || 4118 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7))) 4119 return -EINVAL; 4120 4121 params->vht_mumimo_groups = mumimo_groups; 4122 change = true; 4123 } 4124 4125 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) { 4126 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER; 4127 4128 if (type != NL80211_IFTYPE_MONITOR) 4129 return -EINVAL; 4130 4131 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag)) 4132 return -EOPNOTSUPP; 4133 4134 params->vht_mumimo_follow_addr = 4135 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]); 4136 change = true; 4137 } 4138 4139 return change ? 1 : 0; 4140 } 4141 4142 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 4143 struct net_device *netdev, u8 use_4addr, 4144 enum nl80211_iftype iftype) 4145 { 4146 if (!use_4addr) { 4147 if (netdev && netif_is_bridge_port(netdev)) 4148 return -EBUSY; 4149 return 0; 4150 } 4151 4152 switch (iftype) { 4153 case NL80211_IFTYPE_AP_VLAN: 4154 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 4155 return 0; 4156 break; 4157 case NL80211_IFTYPE_STATION: 4158 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 4159 return 0; 4160 break; 4161 default: 4162 break; 4163 } 4164 4165 return -EOPNOTSUPP; 4166 } 4167 4168 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 4169 { 4170 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4171 struct vif_params params; 4172 int err; 4173 enum nl80211_iftype otype, ntype; 4174 struct net_device *dev = info->user_ptr[1]; 4175 bool change = false; 4176 4177 memset(¶ms, 0, sizeof(params)); 4178 4179 otype = ntype = dev->ieee80211_ptr->iftype; 4180 4181 if (info->attrs[NL80211_ATTR_IFTYPE]) { 4182 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 4183 if (otype != ntype) 4184 change = true; 4185 } 4186 4187 if (info->attrs[NL80211_ATTR_MESH_ID]) { 4188 struct wireless_dev *wdev = dev->ieee80211_ptr; 4189 4190 if (ntype != NL80211_IFTYPE_MESH_POINT) 4191 return -EINVAL; 4192 if (otype != NL80211_IFTYPE_MESH_POINT) 4193 return -EINVAL; 4194 if (netif_running(dev)) 4195 return -EBUSY; 4196 4197 wdev_lock(wdev); 4198 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 4199 IEEE80211_MAX_MESH_ID_LEN); 4200 wdev->u.mesh.id_up_len = 4201 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 4202 memcpy(wdev->u.mesh.id, 4203 nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 4204 wdev->u.mesh.id_up_len); 4205 wdev_unlock(wdev); 4206 } 4207 4208 if (info->attrs[NL80211_ATTR_4ADDR]) { 4209 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 4210 change = true; 4211 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 4212 if (err) 4213 return err; 4214 } else { 4215 params.use_4addr = -1; 4216 } 4217 4218 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms); 4219 if (err < 0) 4220 return err; 4221 if (err > 0) 4222 change = true; 4223 4224 if (change) 4225 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms); 4226 else 4227 err = 0; 4228 4229 if (!err && params.use_4addr != -1) 4230 dev->ieee80211_ptr->use_4addr = params.use_4addr; 4231 4232 if (change && !err) { 4233 struct wireless_dev *wdev = dev->ieee80211_ptr; 4234 4235 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE); 4236 } 4237 4238 return err; 4239 } 4240 4241 static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 4242 { 4243 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4244 struct vif_params params; 4245 struct wireless_dev *wdev; 4246 struct sk_buff *msg; 4247 int err; 4248 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 4249 4250 memset(¶ms, 0, sizeof(params)); 4251 4252 if (!info->attrs[NL80211_ATTR_IFNAME]) 4253 return -EINVAL; 4254 4255 if (info->attrs[NL80211_ATTR_IFTYPE]) 4256 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 4257 4258 if (!rdev->ops->add_virtual_intf) 4259 return -EOPNOTSUPP; 4260 4261 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN || 4262 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) && 4263 info->attrs[NL80211_ATTR_MAC]) { 4264 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC], 4265 ETH_ALEN); 4266 if (!is_valid_ether_addr(params.macaddr)) 4267 return -EADDRNOTAVAIL; 4268 } 4269 4270 if (info->attrs[NL80211_ATTR_4ADDR]) { 4271 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 4272 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 4273 if (err) 4274 return err; 4275 } 4276 4277 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0)) 4278 return -EOPNOTSUPP; 4279 4280 err = nl80211_parse_mon_options(rdev, type, info, ¶ms); 4281 if (err < 0) 4282 return err; 4283 4284 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4285 if (!msg) 4286 return -ENOMEM; 4287 4288 wdev = rdev_add_virtual_intf(rdev, 4289 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 4290 NET_NAME_USER, type, ¶ms); 4291 if (WARN_ON(!wdev)) { 4292 nlmsg_free(msg); 4293 return -EPROTO; 4294 } else if (IS_ERR(wdev)) { 4295 nlmsg_free(msg); 4296 return PTR_ERR(wdev); 4297 } 4298 4299 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 4300 wdev->owner_nlportid = info->snd_portid; 4301 4302 switch (type) { 4303 case NL80211_IFTYPE_MESH_POINT: 4304 if (!info->attrs[NL80211_ATTR_MESH_ID]) 4305 break; 4306 wdev_lock(wdev); 4307 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 4308 IEEE80211_MAX_MESH_ID_LEN); 4309 wdev->u.mesh.id_up_len = 4310 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 4311 memcpy(wdev->u.mesh.id, 4312 nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 4313 wdev->u.mesh.id_up_len); 4314 wdev_unlock(wdev); 4315 break; 4316 case NL80211_IFTYPE_NAN: 4317 case NL80211_IFTYPE_P2P_DEVICE: 4318 /* 4319 * P2P Device and NAN do not have a netdev, so don't go 4320 * through the netdev notifier and must be added here 4321 */ 4322 cfg80211_init_wdev(wdev); 4323 cfg80211_register_wdev(rdev, wdev); 4324 break; 4325 default: 4326 break; 4327 } 4328 4329 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 4330 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) { 4331 nlmsg_free(msg); 4332 return -ENOBUFS; 4333 } 4334 4335 return genlmsg_reply(msg, info); 4336 } 4337 4338 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 4339 { 4340 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4341 int ret; 4342 4343 /* to avoid failing a new interface creation due to pending removal */ 4344 cfg80211_destroy_ifaces(rdev); 4345 4346 wiphy_lock(&rdev->wiphy); 4347 ret = _nl80211_new_interface(skb, info); 4348 wiphy_unlock(&rdev->wiphy); 4349 4350 return ret; 4351 } 4352 4353 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 4354 { 4355 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4356 struct wireless_dev *wdev = info->user_ptr[1]; 4357 4358 if (!rdev->ops->del_virtual_intf) 4359 return -EOPNOTSUPP; 4360 4361 /* 4362 * We hold RTNL, so this is safe, without RTNL opencount cannot 4363 * reach 0, and thus the rdev cannot be deleted. 4364 * 4365 * We need to do it for the dev_close(), since that will call 4366 * the netdev notifiers, and we need to acquire the mutex there 4367 * but don't know if we get there from here or from some other 4368 * place (e.g. "ip link set ... down"). 4369 */ 4370 mutex_unlock(&rdev->wiphy.mtx); 4371 4372 /* 4373 * If we remove a wireless device without a netdev then clear 4374 * user_ptr[1] so that nl80211_post_doit won't dereference it 4375 * to check if it needs to do dev_put(). Otherwise it crashes 4376 * since the wdev has been freed, unlike with a netdev where 4377 * we need the dev_put() for the netdev to really be freed. 4378 */ 4379 if (!wdev->netdev) 4380 info->user_ptr[1] = NULL; 4381 else 4382 dev_close(wdev->netdev); 4383 4384 mutex_lock(&rdev->wiphy.mtx); 4385 4386 return cfg80211_remove_virtual_intf(rdev, wdev); 4387 } 4388 4389 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 4390 { 4391 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4392 struct net_device *dev = info->user_ptr[1]; 4393 u16 noack_map; 4394 4395 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 4396 return -EINVAL; 4397 4398 if (!rdev->ops->set_noack_map) 4399 return -EOPNOTSUPP; 4400 4401 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 4402 4403 return rdev_set_noack_map(rdev, dev, noack_map); 4404 } 4405 4406 static int nl80211_validate_key_link_id(struct genl_info *info, 4407 struct wireless_dev *wdev, 4408 int link_id, bool pairwise) 4409 { 4410 if (pairwise) { 4411 if (link_id != -1) { 4412 GENL_SET_ERR_MSG(info, 4413 "link ID not allowed for pairwise key"); 4414 return -EINVAL; 4415 } 4416 4417 return 0; 4418 } 4419 4420 if (wdev->valid_links) { 4421 if (link_id == -1) { 4422 GENL_SET_ERR_MSG(info, 4423 "link ID must for MLO group key"); 4424 return -EINVAL; 4425 } 4426 if (!(wdev->valid_links & BIT(link_id))) { 4427 GENL_SET_ERR_MSG(info, "invalid link ID for MLO group key"); 4428 return -EINVAL; 4429 } 4430 } else if (link_id != -1) { 4431 GENL_SET_ERR_MSG(info, "link ID not allowed for non-MLO group key"); 4432 return -EINVAL; 4433 } 4434 4435 return 0; 4436 } 4437 4438 struct get_key_cookie { 4439 struct sk_buff *msg; 4440 int error; 4441 int idx; 4442 }; 4443 4444 static void get_key_callback(void *c, struct key_params *params) 4445 { 4446 struct nlattr *key; 4447 struct get_key_cookie *cookie = c; 4448 4449 if ((params->key && 4450 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA, 4451 params->key_len, params->key)) || 4452 (params->seq && 4453 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ, 4454 params->seq_len, params->seq)) || 4455 (params->cipher && 4456 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 4457 params->cipher))) 4458 goto nla_put_failure; 4459 4460 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY); 4461 if (!key) 4462 goto nla_put_failure; 4463 4464 if ((params->key && 4465 nla_put(cookie->msg, NL80211_KEY_DATA, 4466 params->key_len, params->key)) || 4467 (params->seq && 4468 nla_put(cookie->msg, NL80211_KEY_SEQ, 4469 params->seq_len, params->seq)) || 4470 (params->cipher && 4471 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER, 4472 params->cipher))) 4473 goto nla_put_failure; 4474 4475 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx)) 4476 goto nla_put_failure; 4477 4478 nla_nest_end(cookie->msg, key); 4479 4480 return; 4481 nla_put_failure: 4482 cookie->error = 1; 4483 } 4484 4485 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 4486 { 4487 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4488 int err; 4489 struct net_device *dev = info->user_ptr[1]; 4490 u8 key_idx = 0; 4491 const u8 *mac_addr = NULL; 4492 bool pairwise; 4493 struct get_key_cookie cookie = { 4494 .error = 0, 4495 }; 4496 void *hdr; 4497 struct sk_buff *msg; 4498 bool bigtk_support = false; 4499 int link_id = nl80211_link_id_or_invalid(info->attrs); 4500 struct wireless_dev *wdev = dev->ieee80211_ptr; 4501 4502 if (wiphy_ext_feature_isset(&rdev->wiphy, 4503 NL80211_EXT_FEATURE_BEACON_PROTECTION)) 4504 bigtk_support = true; 4505 4506 if ((wdev->iftype == NL80211_IFTYPE_STATION || 4507 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) && 4508 wiphy_ext_feature_isset(&rdev->wiphy, 4509 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT)) 4510 bigtk_support = true; 4511 4512 if (info->attrs[NL80211_ATTR_KEY_IDX]) { 4513 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 4514 4515 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) { 4516 GENL_SET_ERR_MSG(info, "BIGTK not supported"); 4517 return -EINVAL; 4518 } 4519 } 4520 4521 if (info->attrs[NL80211_ATTR_MAC]) 4522 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4523 4524 pairwise = !!mac_addr; 4525 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 4526 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 4527 4528 if (kt != NL80211_KEYTYPE_GROUP && 4529 kt != NL80211_KEYTYPE_PAIRWISE) 4530 return -EINVAL; 4531 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 4532 } 4533 4534 if (!rdev->ops->get_key) 4535 return -EOPNOTSUPP; 4536 4537 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 4538 return -ENOENT; 4539 4540 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4541 if (!msg) 4542 return -ENOMEM; 4543 4544 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 4545 NL80211_CMD_NEW_KEY); 4546 if (!hdr) 4547 goto nla_put_failure; 4548 4549 cookie.msg = msg; 4550 cookie.idx = key_idx; 4551 4552 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 4553 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx)) 4554 goto nla_put_failure; 4555 if (mac_addr && 4556 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 4557 goto nla_put_failure; 4558 4559 err = nl80211_validate_key_link_id(info, wdev, link_id, pairwise); 4560 if (err) 4561 goto free_msg; 4562 4563 err = rdev_get_key(rdev, dev, link_id, key_idx, pairwise, mac_addr, 4564 &cookie, get_key_callback); 4565 4566 if (err) 4567 goto free_msg; 4568 4569 if (cookie.error) 4570 goto nla_put_failure; 4571 4572 genlmsg_end(msg, hdr); 4573 return genlmsg_reply(msg, info); 4574 4575 nla_put_failure: 4576 err = -ENOBUFS; 4577 free_msg: 4578 nlmsg_free(msg); 4579 return err; 4580 } 4581 4582 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 4583 { 4584 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4585 struct key_parse key; 4586 int err; 4587 struct net_device *dev = info->user_ptr[1]; 4588 int link_id = nl80211_link_id_or_invalid(info->attrs); 4589 struct wireless_dev *wdev = dev->ieee80211_ptr; 4590 4591 err = nl80211_parse_key(info, &key); 4592 if (err) 4593 return err; 4594 4595 if (key.idx < 0) 4596 return -EINVAL; 4597 4598 /* Only support setting default key and 4599 * Extended Key ID action NL80211_KEY_SET_TX. 4600 */ 4601 if (!key.def && !key.defmgmt && !key.defbeacon && 4602 !(key.p.mode == NL80211_KEY_SET_TX)) 4603 return -EINVAL; 4604 4605 wdev_lock(wdev); 4606 4607 if (key.def) { 4608 if (!rdev->ops->set_default_key) { 4609 err = -EOPNOTSUPP; 4610 goto out; 4611 } 4612 4613 err = nl80211_key_allowed(wdev); 4614 if (err) 4615 goto out; 4616 4617 err = nl80211_validate_key_link_id(info, wdev, link_id, false); 4618 if (err) 4619 goto out; 4620 4621 err = rdev_set_default_key(rdev, dev, link_id, key.idx, 4622 key.def_uni, key.def_multi); 4623 4624 if (err) 4625 goto out; 4626 4627 #ifdef CONFIG_CFG80211_WEXT 4628 wdev->wext.default_key = key.idx; 4629 #endif 4630 } else if (key.defmgmt) { 4631 if (key.def_uni || !key.def_multi) { 4632 err = -EINVAL; 4633 goto out; 4634 } 4635 4636 if (!rdev->ops->set_default_mgmt_key) { 4637 err = -EOPNOTSUPP; 4638 goto out; 4639 } 4640 4641 err = nl80211_key_allowed(wdev); 4642 if (err) 4643 goto out; 4644 4645 err = nl80211_validate_key_link_id(info, wdev, link_id, false); 4646 if (err) 4647 goto out; 4648 4649 err = rdev_set_default_mgmt_key(rdev, dev, link_id, key.idx); 4650 if (err) 4651 goto out; 4652 4653 #ifdef CONFIG_CFG80211_WEXT 4654 wdev->wext.default_mgmt_key = key.idx; 4655 #endif 4656 } else if (key.defbeacon) { 4657 if (key.def_uni || !key.def_multi) { 4658 err = -EINVAL; 4659 goto out; 4660 } 4661 4662 if (!rdev->ops->set_default_beacon_key) { 4663 err = -EOPNOTSUPP; 4664 goto out; 4665 } 4666 4667 err = nl80211_key_allowed(wdev); 4668 if (err) 4669 goto out; 4670 4671 err = nl80211_validate_key_link_id(info, wdev, link_id, false); 4672 if (err) 4673 goto out; 4674 4675 err = rdev_set_default_beacon_key(rdev, dev, link_id, key.idx); 4676 if (err) 4677 goto out; 4678 } else if (key.p.mode == NL80211_KEY_SET_TX && 4679 wiphy_ext_feature_isset(&rdev->wiphy, 4680 NL80211_EXT_FEATURE_EXT_KEY_ID)) { 4681 u8 *mac_addr = NULL; 4682 4683 if (info->attrs[NL80211_ATTR_MAC]) 4684 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4685 4686 if (!mac_addr || key.idx < 0 || key.idx > 1) { 4687 err = -EINVAL; 4688 goto out; 4689 } 4690 4691 err = nl80211_validate_key_link_id(info, wdev, link_id, true); 4692 if (err) 4693 goto out; 4694 4695 err = rdev_add_key(rdev, dev, link_id, key.idx, 4696 NL80211_KEYTYPE_PAIRWISE, 4697 mac_addr, &key.p); 4698 } else { 4699 err = -EINVAL; 4700 } 4701 out: 4702 wdev_unlock(wdev); 4703 4704 return err; 4705 } 4706 4707 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 4708 { 4709 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4710 int err; 4711 struct net_device *dev = info->user_ptr[1]; 4712 struct key_parse key; 4713 const u8 *mac_addr = NULL; 4714 int link_id = nl80211_link_id_or_invalid(info->attrs); 4715 struct wireless_dev *wdev = dev->ieee80211_ptr; 4716 4717 err = nl80211_parse_key(info, &key); 4718 if (err) 4719 return err; 4720 4721 if (!key.p.key) { 4722 GENL_SET_ERR_MSG(info, "no key"); 4723 return -EINVAL; 4724 } 4725 4726 if (info->attrs[NL80211_ATTR_MAC]) 4727 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4728 4729 if (key.type == -1) { 4730 if (mac_addr) 4731 key.type = NL80211_KEYTYPE_PAIRWISE; 4732 else 4733 key.type = NL80211_KEYTYPE_GROUP; 4734 } 4735 4736 /* for now */ 4737 if (key.type != NL80211_KEYTYPE_PAIRWISE && 4738 key.type != NL80211_KEYTYPE_GROUP) { 4739 GENL_SET_ERR_MSG(info, "key type not pairwise or group"); 4740 return -EINVAL; 4741 } 4742 4743 if (key.type == NL80211_KEYTYPE_GROUP && 4744 info->attrs[NL80211_ATTR_VLAN_ID]) 4745 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]); 4746 4747 if (!rdev->ops->add_key) 4748 return -EOPNOTSUPP; 4749 4750 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 4751 key.type == NL80211_KEYTYPE_PAIRWISE, 4752 mac_addr)) { 4753 GENL_SET_ERR_MSG(info, "key setting validation failed"); 4754 return -EINVAL; 4755 } 4756 4757 wdev_lock(wdev); 4758 err = nl80211_key_allowed(wdev); 4759 if (err) 4760 GENL_SET_ERR_MSG(info, "key not allowed"); 4761 4762 if (!err) 4763 err = nl80211_validate_key_link_id(info, wdev, link_id, 4764 key.type == NL80211_KEYTYPE_PAIRWISE); 4765 4766 if (!err) { 4767 err = rdev_add_key(rdev, dev, link_id, key.idx, 4768 key.type == NL80211_KEYTYPE_PAIRWISE, 4769 mac_addr, &key.p); 4770 if (err) 4771 GENL_SET_ERR_MSG(info, "key addition failed"); 4772 } 4773 wdev_unlock(wdev); 4774 4775 return err; 4776 } 4777 4778 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 4779 { 4780 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4781 int err; 4782 struct net_device *dev = info->user_ptr[1]; 4783 u8 *mac_addr = NULL; 4784 struct key_parse key; 4785 int link_id = nl80211_link_id_or_invalid(info->attrs); 4786 struct wireless_dev *wdev = dev->ieee80211_ptr; 4787 4788 err = nl80211_parse_key(info, &key); 4789 if (err) 4790 return err; 4791 4792 if (info->attrs[NL80211_ATTR_MAC]) 4793 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4794 4795 if (key.type == -1) { 4796 if (mac_addr) 4797 key.type = NL80211_KEYTYPE_PAIRWISE; 4798 else 4799 key.type = NL80211_KEYTYPE_GROUP; 4800 } 4801 4802 /* for now */ 4803 if (key.type != NL80211_KEYTYPE_PAIRWISE && 4804 key.type != NL80211_KEYTYPE_GROUP) 4805 return -EINVAL; 4806 4807 if (!cfg80211_valid_key_idx(rdev, key.idx, 4808 key.type == NL80211_KEYTYPE_PAIRWISE)) 4809 return -EINVAL; 4810 4811 if (!rdev->ops->del_key) 4812 return -EOPNOTSUPP; 4813 4814 wdev_lock(wdev); 4815 err = nl80211_key_allowed(wdev); 4816 4817 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr && 4818 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 4819 err = -ENOENT; 4820 4821 if (!err) 4822 err = nl80211_validate_key_link_id(info, wdev, link_id, 4823 key.type == NL80211_KEYTYPE_PAIRWISE); 4824 4825 if (!err) 4826 err = rdev_del_key(rdev, dev, link_id, key.idx, 4827 key.type == NL80211_KEYTYPE_PAIRWISE, 4828 mac_addr); 4829 4830 #ifdef CONFIG_CFG80211_WEXT 4831 if (!err) { 4832 if (key.idx == wdev->wext.default_key) 4833 wdev->wext.default_key = -1; 4834 else if (key.idx == wdev->wext.default_mgmt_key) 4835 wdev->wext.default_mgmt_key = -1; 4836 } 4837 #endif 4838 wdev_unlock(wdev); 4839 4840 return err; 4841 } 4842 4843 /* This function returns an error or the number of nested attributes */ 4844 static int validate_acl_mac_addrs(struct nlattr *nl_attr) 4845 { 4846 struct nlattr *attr; 4847 int n_entries = 0, tmp; 4848 4849 nla_for_each_nested(attr, nl_attr, tmp) { 4850 if (nla_len(attr) != ETH_ALEN) 4851 return -EINVAL; 4852 4853 n_entries++; 4854 } 4855 4856 return n_entries; 4857 } 4858 4859 /* 4860 * This function parses ACL information and allocates memory for ACL data. 4861 * On successful return, the calling function is responsible to free the 4862 * ACL buffer returned by this function. 4863 */ 4864 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy, 4865 struct genl_info *info) 4866 { 4867 enum nl80211_acl_policy acl_policy; 4868 struct nlattr *attr; 4869 struct cfg80211_acl_data *acl; 4870 int i = 0, n_entries, tmp; 4871 4872 if (!wiphy->max_acl_mac_addrs) 4873 return ERR_PTR(-EOPNOTSUPP); 4874 4875 if (!info->attrs[NL80211_ATTR_ACL_POLICY]) 4876 return ERR_PTR(-EINVAL); 4877 4878 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]); 4879 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED && 4880 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED) 4881 return ERR_PTR(-EINVAL); 4882 4883 if (!info->attrs[NL80211_ATTR_MAC_ADDRS]) 4884 return ERR_PTR(-EINVAL); 4885 4886 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]); 4887 if (n_entries < 0) 4888 return ERR_PTR(n_entries); 4889 4890 if (n_entries > wiphy->max_acl_mac_addrs) 4891 return ERR_PTR(-ENOTSUPP); 4892 4893 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL); 4894 if (!acl) 4895 return ERR_PTR(-ENOMEM); 4896 acl->n_acl_entries = n_entries; 4897 4898 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) { 4899 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN); 4900 i++; 4901 } 4902 acl->acl_policy = acl_policy; 4903 4904 return acl; 4905 } 4906 4907 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info) 4908 { 4909 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4910 struct net_device *dev = info->user_ptr[1]; 4911 struct cfg80211_acl_data *acl; 4912 int err; 4913 4914 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 4915 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4916 return -EOPNOTSUPP; 4917 4918 if (!dev->ieee80211_ptr->links[0].ap.beacon_interval) 4919 return -EINVAL; 4920 4921 acl = parse_acl_data(&rdev->wiphy, info); 4922 if (IS_ERR(acl)) 4923 return PTR_ERR(acl); 4924 4925 err = rdev_set_mac_acl(rdev, dev, acl); 4926 4927 kfree(acl); 4928 4929 return err; 4930 } 4931 4932 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 4933 u8 *rates, u8 rates_len) 4934 { 4935 u8 i; 4936 u32 mask = 0; 4937 4938 for (i = 0; i < rates_len; i++) { 4939 int rate = (rates[i] & 0x7f) * 5; 4940 int ridx; 4941 4942 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 4943 struct ieee80211_rate *srate = 4944 &sband->bitrates[ridx]; 4945 if (rate == srate->bitrate) { 4946 mask |= 1 << ridx; 4947 break; 4948 } 4949 } 4950 if (ridx == sband->n_bitrates) 4951 return 0; /* rate not found */ 4952 } 4953 4954 return mask; 4955 } 4956 4957 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 4958 u8 *rates, u8 rates_len, 4959 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 4960 { 4961 u8 i; 4962 4963 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 4964 4965 for (i = 0; i < rates_len; i++) { 4966 int ridx, rbit; 4967 4968 ridx = rates[i] / 8; 4969 rbit = BIT(rates[i] % 8); 4970 4971 /* check validity */ 4972 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 4973 return false; 4974 4975 /* check availability */ 4976 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN); 4977 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 4978 mcs[ridx] |= rbit; 4979 else 4980 return false; 4981 } 4982 4983 return true; 4984 } 4985 4986 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map) 4987 { 4988 u16 mcs_mask = 0; 4989 4990 switch (vht_mcs_map) { 4991 case IEEE80211_VHT_MCS_NOT_SUPPORTED: 4992 break; 4993 case IEEE80211_VHT_MCS_SUPPORT_0_7: 4994 mcs_mask = 0x00FF; 4995 break; 4996 case IEEE80211_VHT_MCS_SUPPORT_0_8: 4997 mcs_mask = 0x01FF; 4998 break; 4999 case IEEE80211_VHT_MCS_SUPPORT_0_9: 5000 mcs_mask = 0x03FF; 5001 break; 5002 default: 5003 break; 5004 } 5005 5006 return mcs_mask; 5007 } 5008 5009 static void vht_build_mcs_mask(u16 vht_mcs_map, 5010 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX]) 5011 { 5012 u8 nss; 5013 5014 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) { 5015 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03); 5016 vht_mcs_map >>= 2; 5017 } 5018 } 5019 5020 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband, 5021 struct nl80211_txrate_vht *txrate, 5022 u16 mcs[NL80211_VHT_NSS_MAX]) 5023 { 5024 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map); 5025 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {}; 5026 u8 i; 5027 5028 if (!sband->vht_cap.vht_supported) 5029 return false; 5030 5031 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX); 5032 5033 /* Build vht_mcs_mask from VHT capabilities */ 5034 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask); 5035 5036 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) { 5037 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i]) 5038 mcs[i] = txrate->mcs[i]; 5039 else 5040 return false; 5041 } 5042 5043 return true; 5044 } 5045 5046 static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map) 5047 { 5048 switch (he_mcs_map) { 5049 case IEEE80211_HE_MCS_NOT_SUPPORTED: 5050 return 0; 5051 case IEEE80211_HE_MCS_SUPPORT_0_7: 5052 return 0x00FF; 5053 case IEEE80211_HE_MCS_SUPPORT_0_9: 5054 return 0x03FF; 5055 case IEEE80211_HE_MCS_SUPPORT_0_11: 5056 return 0xFFF; 5057 default: 5058 break; 5059 } 5060 return 0; 5061 } 5062 5063 static void he_build_mcs_mask(u16 he_mcs_map, 5064 u16 he_mcs_mask[NL80211_HE_NSS_MAX]) 5065 { 5066 u8 nss; 5067 5068 for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) { 5069 he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03); 5070 he_mcs_map >>= 2; 5071 } 5072 } 5073 5074 static u16 he_get_txmcsmap(struct genl_info *info, unsigned int link_id, 5075 const struct ieee80211_sta_he_cap *he_cap) 5076 { 5077 struct net_device *dev = info->user_ptr[1]; 5078 struct wireless_dev *wdev = dev->ieee80211_ptr; 5079 struct cfg80211_chan_def *chandef; 5080 __le16 tx_mcs; 5081 5082 chandef = wdev_chandef(wdev, link_id); 5083 if (!chandef) { 5084 /* 5085 * This is probably broken, but we never maintained 5086 * a chandef in these cases, so it always was. 5087 */ 5088 return le16_to_cpu(he_cap->he_mcs_nss_supp.tx_mcs_80); 5089 } 5090 5091 switch (chandef->width) { 5092 case NL80211_CHAN_WIDTH_80P80: 5093 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80; 5094 break; 5095 case NL80211_CHAN_WIDTH_160: 5096 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160; 5097 break; 5098 default: 5099 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80; 5100 break; 5101 } 5102 5103 return le16_to_cpu(tx_mcs); 5104 } 5105 5106 static bool he_set_mcs_mask(struct genl_info *info, 5107 struct wireless_dev *wdev, 5108 struct ieee80211_supported_band *sband, 5109 struct nl80211_txrate_he *txrate, 5110 u16 mcs[NL80211_HE_NSS_MAX], 5111 unsigned int link_id) 5112 { 5113 const struct ieee80211_sta_he_cap *he_cap; 5114 u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {}; 5115 u16 tx_mcs_map = 0; 5116 u8 i; 5117 5118 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype); 5119 if (!he_cap) 5120 return false; 5121 5122 memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX); 5123 5124 tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap); 5125 5126 /* Build he_mcs_mask from HE capabilities */ 5127 he_build_mcs_mask(tx_mcs_map, tx_mcs_mask); 5128 5129 for (i = 0; i < NL80211_HE_NSS_MAX; i++) { 5130 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i]) 5131 mcs[i] = txrate->mcs[i]; 5132 else 5133 return false; 5134 } 5135 5136 return true; 5137 } 5138 5139 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info, 5140 struct nlattr *attrs[], 5141 enum nl80211_attrs attr, 5142 struct cfg80211_bitrate_mask *mask, 5143 struct net_device *dev, 5144 bool default_all_enabled, 5145 unsigned int link_id) 5146 { 5147 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 5148 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5149 struct wireless_dev *wdev = dev->ieee80211_ptr; 5150 int rem, i; 5151 struct nlattr *tx_rates; 5152 struct ieee80211_supported_band *sband; 5153 u16 vht_tx_mcs_map, he_tx_mcs_map; 5154 5155 memset(mask, 0, sizeof(*mask)); 5156 /* Default to all rates enabled */ 5157 for (i = 0; i < NUM_NL80211_BANDS; i++) { 5158 const struct ieee80211_sta_he_cap *he_cap; 5159 5160 if (!default_all_enabled) 5161 break; 5162 5163 sband = rdev->wiphy.bands[i]; 5164 5165 if (!sband) 5166 continue; 5167 5168 mask->control[i].legacy = (1 << sband->n_bitrates) - 1; 5169 memcpy(mask->control[i].ht_mcs, 5170 sband->ht_cap.mcs.rx_mask, 5171 sizeof(mask->control[i].ht_mcs)); 5172 5173 if (sband->vht_cap.vht_supported) { 5174 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map); 5175 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs); 5176 } 5177 5178 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype); 5179 if (!he_cap) 5180 continue; 5181 5182 he_tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap); 5183 he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs); 5184 5185 mask->control[i].he_gi = 0xFF; 5186 mask->control[i].he_ltf = 0xFF; 5187 } 5188 5189 /* if no rates are given set it back to the defaults */ 5190 if (!attrs[attr]) 5191 goto out; 5192 5193 /* The nested attribute uses enum nl80211_band as the index. This maps 5194 * directly to the enum nl80211_band values used in cfg80211. 5195 */ 5196 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 5197 nla_for_each_nested(tx_rates, attrs[attr], rem) { 5198 enum nl80211_band band = nla_type(tx_rates); 5199 int err; 5200 5201 if (band < 0 || band >= NUM_NL80211_BANDS) 5202 return -EINVAL; 5203 sband = rdev->wiphy.bands[band]; 5204 if (sband == NULL) 5205 return -EINVAL; 5206 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX, 5207 tx_rates, 5208 nl80211_txattr_policy, 5209 info->extack); 5210 if (err) 5211 return err; 5212 if (tb[NL80211_TXRATE_LEGACY]) { 5213 mask->control[band].legacy = rateset_to_mask( 5214 sband, 5215 nla_data(tb[NL80211_TXRATE_LEGACY]), 5216 nla_len(tb[NL80211_TXRATE_LEGACY])); 5217 if ((mask->control[band].legacy == 0) && 5218 nla_len(tb[NL80211_TXRATE_LEGACY])) 5219 return -EINVAL; 5220 } 5221 if (tb[NL80211_TXRATE_HT]) { 5222 if (!ht_rateset_to_mask( 5223 sband, 5224 nla_data(tb[NL80211_TXRATE_HT]), 5225 nla_len(tb[NL80211_TXRATE_HT]), 5226 mask->control[band].ht_mcs)) 5227 return -EINVAL; 5228 } 5229 5230 if (tb[NL80211_TXRATE_VHT]) { 5231 if (!vht_set_mcs_mask( 5232 sband, 5233 nla_data(tb[NL80211_TXRATE_VHT]), 5234 mask->control[band].vht_mcs)) 5235 return -EINVAL; 5236 } 5237 5238 if (tb[NL80211_TXRATE_GI]) { 5239 mask->control[band].gi = 5240 nla_get_u8(tb[NL80211_TXRATE_GI]); 5241 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI) 5242 return -EINVAL; 5243 } 5244 if (tb[NL80211_TXRATE_HE] && 5245 !he_set_mcs_mask(info, wdev, sband, 5246 nla_data(tb[NL80211_TXRATE_HE]), 5247 mask->control[band].he_mcs, 5248 link_id)) 5249 return -EINVAL; 5250 5251 if (tb[NL80211_TXRATE_HE_GI]) 5252 mask->control[band].he_gi = 5253 nla_get_u8(tb[NL80211_TXRATE_HE_GI]); 5254 if (tb[NL80211_TXRATE_HE_LTF]) 5255 mask->control[band].he_ltf = 5256 nla_get_u8(tb[NL80211_TXRATE_HE_LTF]); 5257 5258 if (mask->control[band].legacy == 0) { 5259 /* don't allow empty legacy rates if HT, VHT or HE 5260 * are not even supported. 5261 */ 5262 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported || 5263 rdev->wiphy.bands[band]->vht_cap.vht_supported || 5264 ieee80211_get_he_iftype_cap(sband, wdev->iftype))) 5265 return -EINVAL; 5266 5267 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 5268 if (mask->control[band].ht_mcs[i]) 5269 goto out; 5270 5271 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) 5272 if (mask->control[band].vht_mcs[i]) 5273 goto out; 5274 5275 for (i = 0; i < NL80211_HE_NSS_MAX; i++) 5276 if (mask->control[band].he_mcs[i]) 5277 goto out; 5278 5279 /* legacy and mcs rates may not be both empty */ 5280 return -EINVAL; 5281 } 5282 } 5283 5284 out: 5285 return 0; 5286 } 5287 5288 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev, 5289 enum nl80211_band band, 5290 struct cfg80211_bitrate_mask *beacon_rate) 5291 { 5292 u32 count_ht, count_vht, count_he, i; 5293 u32 rate = beacon_rate->control[band].legacy; 5294 5295 /* Allow only one rate */ 5296 if (hweight32(rate) > 1) 5297 return -EINVAL; 5298 5299 count_ht = 0; 5300 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) { 5301 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) { 5302 return -EINVAL; 5303 } else if (beacon_rate->control[band].ht_mcs[i]) { 5304 count_ht++; 5305 if (count_ht > 1) 5306 return -EINVAL; 5307 } 5308 if (count_ht && rate) 5309 return -EINVAL; 5310 } 5311 5312 count_vht = 0; 5313 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) { 5314 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) { 5315 return -EINVAL; 5316 } else if (beacon_rate->control[band].vht_mcs[i]) { 5317 count_vht++; 5318 if (count_vht > 1) 5319 return -EINVAL; 5320 } 5321 if (count_vht && rate) 5322 return -EINVAL; 5323 } 5324 5325 count_he = 0; 5326 for (i = 0; i < NL80211_HE_NSS_MAX; i++) { 5327 if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) { 5328 return -EINVAL; 5329 } else if (beacon_rate->control[band].he_mcs[i]) { 5330 count_he++; 5331 if (count_he > 1) 5332 return -EINVAL; 5333 } 5334 if (count_he && rate) 5335 return -EINVAL; 5336 } 5337 5338 if ((count_ht && count_vht && count_he) || 5339 (!rate && !count_ht && !count_vht && !count_he)) 5340 return -EINVAL; 5341 5342 if (rate && 5343 !wiphy_ext_feature_isset(&rdev->wiphy, 5344 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY)) 5345 return -EINVAL; 5346 if (count_ht && 5347 !wiphy_ext_feature_isset(&rdev->wiphy, 5348 NL80211_EXT_FEATURE_BEACON_RATE_HT)) 5349 return -EINVAL; 5350 if (count_vht && 5351 !wiphy_ext_feature_isset(&rdev->wiphy, 5352 NL80211_EXT_FEATURE_BEACON_RATE_VHT)) 5353 return -EINVAL; 5354 if (count_he && 5355 !wiphy_ext_feature_isset(&rdev->wiphy, 5356 NL80211_EXT_FEATURE_BEACON_RATE_HE)) 5357 return -EINVAL; 5358 5359 return 0; 5360 } 5361 5362 static int nl80211_parse_mbssid_config(struct wiphy *wiphy, 5363 struct net_device *dev, 5364 struct nlattr *attrs, 5365 struct cfg80211_mbssid_config *config, 5366 u8 num_elems) 5367 { 5368 struct nlattr *tb[NL80211_MBSSID_CONFIG_ATTR_MAX + 1]; 5369 5370 if (!wiphy->mbssid_max_interfaces) 5371 return -EOPNOTSUPP; 5372 5373 if (nla_parse_nested(tb, NL80211_MBSSID_CONFIG_ATTR_MAX, attrs, NULL, 5374 NULL) || 5375 !tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]) 5376 return -EINVAL; 5377 5378 config->ema = nla_get_flag(tb[NL80211_MBSSID_CONFIG_ATTR_EMA]); 5379 if (config->ema) { 5380 if (!wiphy->ema_max_profile_periodicity) 5381 return -EOPNOTSUPP; 5382 5383 if (num_elems > wiphy->ema_max_profile_periodicity) 5384 return -EINVAL; 5385 } 5386 5387 config->index = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]); 5388 if (config->index >= wiphy->mbssid_max_interfaces || 5389 (!config->index && !num_elems)) 5390 return -EINVAL; 5391 5392 if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]) { 5393 u32 tx_ifindex = 5394 nla_get_u32(tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]); 5395 5396 if ((!config->index && tx_ifindex != dev->ifindex) || 5397 (config->index && tx_ifindex == dev->ifindex)) 5398 return -EINVAL; 5399 5400 if (tx_ifindex != dev->ifindex) { 5401 struct net_device *tx_netdev = 5402 dev_get_by_index(wiphy_net(wiphy), tx_ifindex); 5403 5404 if (!tx_netdev || !tx_netdev->ieee80211_ptr || 5405 tx_netdev->ieee80211_ptr->wiphy != wiphy || 5406 tx_netdev->ieee80211_ptr->iftype != 5407 NL80211_IFTYPE_AP) { 5408 dev_put(tx_netdev); 5409 return -EINVAL; 5410 } 5411 5412 config->tx_wdev = tx_netdev->ieee80211_ptr; 5413 } else { 5414 config->tx_wdev = dev->ieee80211_ptr; 5415 } 5416 } else if (!config->index) { 5417 config->tx_wdev = dev->ieee80211_ptr; 5418 } else { 5419 return -EINVAL; 5420 } 5421 5422 return 0; 5423 } 5424 5425 static struct cfg80211_mbssid_elems * 5426 nl80211_parse_mbssid_elems(struct wiphy *wiphy, struct nlattr *attrs) 5427 { 5428 struct nlattr *nl_elems; 5429 struct cfg80211_mbssid_elems *elems; 5430 int rem_elems; 5431 u8 i = 0, num_elems = 0; 5432 5433 if (!wiphy->mbssid_max_interfaces) 5434 return ERR_PTR(-EINVAL); 5435 5436 nla_for_each_nested(nl_elems, attrs, rem_elems) { 5437 if (num_elems >= 255) 5438 return ERR_PTR(-EINVAL); 5439 num_elems++; 5440 } 5441 5442 elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL); 5443 if (!elems) 5444 return ERR_PTR(-ENOMEM); 5445 elems->cnt = num_elems; 5446 5447 nla_for_each_nested(nl_elems, attrs, rem_elems) { 5448 elems->elem[i].data = nla_data(nl_elems); 5449 elems->elem[i].len = nla_len(nl_elems); 5450 i++; 5451 } 5452 return elems; 5453 } 5454 5455 static struct cfg80211_rnr_elems * 5456 nl80211_parse_rnr_elems(struct wiphy *wiphy, struct nlattr *attrs, 5457 struct netlink_ext_ack *extack) 5458 { 5459 struct nlattr *nl_elems; 5460 struct cfg80211_rnr_elems *elems; 5461 int rem_elems; 5462 u8 i = 0, num_elems = 0; 5463 5464 nla_for_each_nested(nl_elems, attrs, rem_elems) { 5465 int ret; 5466 5467 ret = validate_ie_attr(nl_elems, extack); 5468 if (ret) 5469 return ERR_PTR(ret); 5470 5471 num_elems++; 5472 } 5473 5474 elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL); 5475 if (!elems) 5476 return ERR_PTR(-ENOMEM); 5477 elems->cnt = num_elems; 5478 5479 nla_for_each_nested(nl_elems, attrs, rem_elems) { 5480 elems->elem[i].data = nla_data(nl_elems); 5481 elems->elem[i].len = nla_len(nl_elems); 5482 i++; 5483 } 5484 return elems; 5485 } 5486 5487 static int nl80211_parse_he_bss_color(struct nlattr *attrs, 5488 struct cfg80211_he_bss_color *he_bss_color) 5489 { 5490 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1]; 5491 int err; 5492 5493 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs, 5494 he_bss_color_policy, NULL); 5495 if (err) 5496 return err; 5497 5498 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]) 5499 return -EINVAL; 5500 5501 he_bss_color->color = 5502 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]); 5503 he_bss_color->enabled = 5504 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]); 5505 he_bss_color->partial = 5506 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]); 5507 5508 return 0; 5509 } 5510 5511 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev, 5512 struct nlattr *attrs[], 5513 struct cfg80211_beacon_data *bcn, 5514 struct netlink_ext_ack *extack) 5515 { 5516 bool haveinfo = false; 5517 int err; 5518 5519 memset(bcn, 0, sizeof(*bcn)); 5520 5521 bcn->link_id = nl80211_link_id(attrs); 5522 5523 if (attrs[NL80211_ATTR_BEACON_HEAD]) { 5524 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]); 5525 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]); 5526 if (!bcn->head_len) 5527 return -EINVAL; 5528 haveinfo = true; 5529 } 5530 5531 if (attrs[NL80211_ATTR_BEACON_TAIL]) { 5532 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]); 5533 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]); 5534 haveinfo = true; 5535 } 5536 5537 if (!haveinfo) 5538 return -EINVAL; 5539 5540 if (attrs[NL80211_ATTR_IE]) { 5541 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]); 5542 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]); 5543 } 5544 5545 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) { 5546 bcn->proberesp_ies = 5547 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]); 5548 bcn->proberesp_ies_len = 5549 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]); 5550 } 5551 5552 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 5553 bcn->assocresp_ies = 5554 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]); 5555 bcn->assocresp_ies_len = 5556 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]); 5557 } 5558 5559 if (attrs[NL80211_ATTR_PROBE_RESP]) { 5560 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]); 5561 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]); 5562 } 5563 5564 if (attrs[NL80211_ATTR_FTM_RESPONDER]) { 5565 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1]; 5566 5567 err = nla_parse_nested_deprecated(tb, 5568 NL80211_FTM_RESP_ATTR_MAX, 5569 attrs[NL80211_ATTR_FTM_RESPONDER], 5570 NULL, NULL); 5571 if (err) 5572 return err; 5573 5574 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] && 5575 wiphy_ext_feature_isset(&rdev->wiphy, 5576 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER)) 5577 bcn->ftm_responder = 1; 5578 else 5579 return -EOPNOTSUPP; 5580 5581 if (tb[NL80211_FTM_RESP_ATTR_LCI]) { 5582 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]); 5583 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]); 5584 } 5585 5586 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) { 5587 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]); 5588 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]); 5589 } 5590 } else { 5591 bcn->ftm_responder = -1; 5592 } 5593 5594 if (attrs[NL80211_ATTR_HE_BSS_COLOR]) { 5595 err = nl80211_parse_he_bss_color(attrs[NL80211_ATTR_HE_BSS_COLOR], 5596 &bcn->he_bss_color); 5597 if (err) 5598 return err; 5599 bcn->he_bss_color_valid = true; 5600 } 5601 5602 if (attrs[NL80211_ATTR_MBSSID_ELEMS]) { 5603 struct cfg80211_mbssid_elems *mbssid = 5604 nl80211_parse_mbssid_elems(&rdev->wiphy, 5605 attrs[NL80211_ATTR_MBSSID_ELEMS]); 5606 5607 if (IS_ERR(mbssid)) 5608 return PTR_ERR(mbssid); 5609 5610 bcn->mbssid_ies = mbssid; 5611 5612 if (bcn->mbssid_ies && attrs[NL80211_ATTR_EMA_RNR_ELEMS]) { 5613 struct cfg80211_rnr_elems *rnr = 5614 nl80211_parse_rnr_elems(&rdev->wiphy, 5615 attrs[NL80211_ATTR_EMA_RNR_ELEMS], 5616 extack); 5617 5618 if (IS_ERR(rnr)) 5619 return PTR_ERR(rnr); 5620 5621 if (rnr && rnr->cnt < bcn->mbssid_ies->cnt) 5622 return -EINVAL; 5623 5624 bcn->rnr_ies = rnr; 5625 } 5626 } 5627 5628 return 0; 5629 } 5630 5631 static int nl80211_parse_he_obss_pd(struct nlattr *attrs, 5632 struct ieee80211_he_obss_pd *he_obss_pd) 5633 { 5634 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1]; 5635 int err; 5636 5637 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs, 5638 he_obss_pd_policy, NULL); 5639 if (err) 5640 return err; 5641 5642 if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]) 5643 return -EINVAL; 5644 5645 he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]); 5646 5647 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]) 5648 he_obss_pd->min_offset = 5649 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]); 5650 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]) 5651 he_obss_pd->max_offset = 5652 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]); 5653 if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]) 5654 he_obss_pd->non_srg_max_offset = 5655 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]); 5656 5657 if (he_obss_pd->min_offset > he_obss_pd->max_offset) 5658 return -EINVAL; 5659 5660 if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]) 5661 memcpy(he_obss_pd->bss_color_bitmap, 5662 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]), 5663 sizeof(he_obss_pd->bss_color_bitmap)); 5664 5665 if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]) 5666 memcpy(he_obss_pd->partial_bssid_bitmap, 5667 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]), 5668 sizeof(he_obss_pd->partial_bssid_bitmap)); 5669 5670 he_obss_pd->enable = true; 5671 5672 return 0; 5673 } 5674 5675 static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev, 5676 struct nlattr *attrs, 5677 struct cfg80211_ap_settings *params) 5678 { 5679 struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1]; 5680 int ret; 5681 struct cfg80211_fils_discovery *fd = ¶ms->fils_discovery; 5682 5683 if (!wiphy_ext_feature_isset(&rdev->wiphy, 5684 NL80211_EXT_FEATURE_FILS_DISCOVERY)) 5685 return -EINVAL; 5686 5687 ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs, 5688 NULL, NULL); 5689 if (ret) 5690 return ret; 5691 5692 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] || 5693 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] || 5694 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]) 5695 return -EINVAL; 5696 5697 fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]); 5698 fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]); 5699 fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]); 5700 fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]); 5701 5702 return 0; 5703 } 5704 5705 static int 5706 nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev, 5707 struct nlattr *attrs, 5708 struct cfg80211_ap_settings *params) 5709 { 5710 struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1]; 5711 int ret; 5712 struct cfg80211_unsol_bcast_probe_resp *presp = 5713 ¶ms->unsol_bcast_probe_resp; 5714 5715 if (!wiphy_ext_feature_isset(&rdev->wiphy, 5716 NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP)) 5717 return -EINVAL; 5718 5719 ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX, 5720 attrs, NULL, NULL); 5721 if (ret) 5722 return ret; 5723 5724 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] || 5725 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]) 5726 return -EINVAL; 5727 5728 presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]); 5729 presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]); 5730 presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]); 5731 return 0; 5732 } 5733 5734 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params, 5735 const struct element *rates) 5736 { 5737 int i; 5738 5739 if (!rates) 5740 return; 5741 5742 for (i = 0; i < rates->datalen; i++) { 5743 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 5744 params->ht_required = true; 5745 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY) 5746 params->vht_required = true; 5747 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY) 5748 params->he_required = true; 5749 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E) 5750 params->sae_h2e_required = true; 5751 } 5752 } 5753 5754 /* 5755 * Since the nl80211 API didn't include, from the beginning, attributes about 5756 * HT/VHT requirements/capabilities, we parse them out of the IEs for the 5757 * benefit of drivers that rebuild IEs in the firmware. 5758 */ 5759 static int nl80211_calculate_ap_params(struct cfg80211_ap_settings *params) 5760 { 5761 const struct cfg80211_beacon_data *bcn = ¶ms->beacon; 5762 size_t ies_len = bcn->tail_len; 5763 const u8 *ies = bcn->tail; 5764 const struct element *rates; 5765 const struct element *cap; 5766 5767 rates = cfg80211_find_elem(WLAN_EID_SUPP_RATES, ies, ies_len); 5768 nl80211_check_ap_rate_selectors(params, rates); 5769 5770 rates = cfg80211_find_elem(WLAN_EID_EXT_SUPP_RATES, ies, ies_len); 5771 nl80211_check_ap_rate_selectors(params, rates); 5772 5773 cap = cfg80211_find_elem(WLAN_EID_HT_CAPABILITY, ies, ies_len); 5774 if (cap && cap->datalen >= sizeof(*params->ht_cap)) 5775 params->ht_cap = (void *)cap->data; 5776 cap = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY, ies, ies_len); 5777 if (cap && cap->datalen >= sizeof(*params->vht_cap)) 5778 params->vht_cap = (void *)cap->data; 5779 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len); 5780 if (cap && cap->datalen >= sizeof(*params->he_cap) + 1) 5781 params->he_cap = (void *)(cap->data + 1); 5782 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_OPERATION, ies, ies_len); 5783 if (cap && cap->datalen >= sizeof(*params->he_oper) + 1) 5784 params->he_oper = (void *)(cap->data + 1); 5785 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_CAPABILITY, ies, ies_len); 5786 if (cap) { 5787 if (!cap->datalen) 5788 return -EINVAL; 5789 params->eht_cap = (void *)(cap->data + 1); 5790 if (!ieee80211_eht_capa_size_ok((const u8 *)params->he_cap, 5791 (const u8 *)params->eht_cap, 5792 cap->datalen - 1, true)) 5793 return -EINVAL; 5794 } 5795 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_OPERATION, ies, ies_len); 5796 if (cap) { 5797 if (!cap->datalen) 5798 return -EINVAL; 5799 params->eht_oper = (void *)(cap->data + 1); 5800 if (!ieee80211_eht_oper_size_ok((const u8 *)params->eht_oper, 5801 cap->datalen - 1)) 5802 return -EINVAL; 5803 } 5804 return 0; 5805 } 5806 5807 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev, 5808 struct cfg80211_ap_settings *params) 5809 { 5810 struct wireless_dev *wdev; 5811 5812 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 5813 if (wdev->iftype != NL80211_IFTYPE_AP && 5814 wdev->iftype != NL80211_IFTYPE_P2P_GO) 5815 continue; 5816 5817 if (!wdev->u.ap.preset_chandef.chan) 5818 continue; 5819 5820 params->chandef = wdev->u.ap.preset_chandef; 5821 return true; 5822 } 5823 5824 return false; 5825 } 5826 5827 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev, 5828 enum nl80211_auth_type auth_type, 5829 enum nl80211_commands cmd) 5830 { 5831 if (auth_type > NL80211_AUTHTYPE_MAX) 5832 return false; 5833 5834 switch (cmd) { 5835 case NL80211_CMD_AUTHENTICATE: 5836 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && 5837 auth_type == NL80211_AUTHTYPE_SAE) 5838 return false; 5839 if (!wiphy_ext_feature_isset(&rdev->wiphy, 5840 NL80211_EXT_FEATURE_FILS_STA) && 5841 (auth_type == NL80211_AUTHTYPE_FILS_SK || 5842 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 5843 auth_type == NL80211_AUTHTYPE_FILS_PK)) 5844 return false; 5845 return true; 5846 case NL80211_CMD_CONNECT: 5847 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && 5848 !wiphy_ext_feature_isset(&rdev->wiphy, 5849 NL80211_EXT_FEATURE_SAE_OFFLOAD) && 5850 auth_type == NL80211_AUTHTYPE_SAE) 5851 return false; 5852 5853 /* FILS with SK PFS or PK not supported yet */ 5854 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 5855 auth_type == NL80211_AUTHTYPE_FILS_PK) 5856 return false; 5857 if (!wiphy_ext_feature_isset( 5858 &rdev->wiphy, 5859 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) && 5860 auth_type == NL80211_AUTHTYPE_FILS_SK) 5861 return false; 5862 return true; 5863 case NL80211_CMD_START_AP: 5864 if (!wiphy_ext_feature_isset(&rdev->wiphy, 5865 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) && 5866 auth_type == NL80211_AUTHTYPE_SAE) 5867 return false; 5868 /* FILS not supported yet */ 5869 if (auth_type == NL80211_AUTHTYPE_FILS_SK || 5870 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 5871 auth_type == NL80211_AUTHTYPE_FILS_PK) 5872 return false; 5873 return true; 5874 default: 5875 return false; 5876 } 5877 } 5878 5879 static void nl80211_send_ap_started(struct wireless_dev *wdev, 5880 unsigned int link_id) 5881 { 5882 struct wiphy *wiphy = wdev->wiphy; 5883 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 5884 struct sk_buff *msg; 5885 void *hdr; 5886 5887 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5888 if (!msg) 5889 return; 5890 5891 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_START_AP); 5892 if (!hdr) 5893 goto out; 5894 5895 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 5896 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) || 5897 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 5898 NL80211_ATTR_PAD) || 5899 (wdev->u.ap.ssid_len && 5900 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len, 5901 wdev->u.ap.ssid)) || 5902 (wdev->valid_links && 5903 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))) 5904 goto out; 5905 5906 genlmsg_end(msg, hdr); 5907 5908 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0, 5909 NL80211_MCGRP_MLME, GFP_KERNEL); 5910 return; 5911 out: 5912 nlmsg_free(msg); 5913 } 5914 5915 static int nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings *params) 5916 { 5917 struct ieee80211_channel *channel = params->chandef.chan; 5918 5919 if ((params->he_cap || params->he_oper) && 5920 (channel->flags & IEEE80211_CHAN_NO_HE)) 5921 return -EOPNOTSUPP; 5922 5923 if ((params->eht_cap || params->eht_oper) && 5924 (channel->flags & IEEE80211_CHAN_NO_EHT)) 5925 return -EOPNOTSUPP; 5926 5927 return 0; 5928 } 5929 5930 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 5931 { 5932 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5933 unsigned int link_id = nl80211_link_id(info->attrs); 5934 struct net_device *dev = info->user_ptr[1]; 5935 struct wireless_dev *wdev = dev->ieee80211_ptr; 5936 struct cfg80211_ap_settings *params; 5937 int err; 5938 5939 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5940 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5941 return -EOPNOTSUPP; 5942 5943 if (!rdev->ops->start_ap) 5944 return -EOPNOTSUPP; 5945 5946 if (wdev->links[link_id].ap.beacon_interval) 5947 return -EALREADY; 5948 5949 /* these are required for START_AP */ 5950 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 5951 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 5952 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 5953 return -EINVAL; 5954 5955 params = kzalloc(sizeof(*params), GFP_KERNEL); 5956 if (!params) 5957 return -ENOMEM; 5958 5959 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon, 5960 info->extack); 5961 if (err) 5962 goto out; 5963 5964 params->beacon_interval = 5965 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 5966 params->dtim_period = 5967 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 5968 5969 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype, 5970 params->beacon_interval); 5971 if (err) 5972 goto out; 5973 5974 /* 5975 * In theory, some of these attributes should be required here 5976 * but since they were not used when the command was originally 5977 * added, keep them optional for old user space programs to let 5978 * them continue to work with drivers that do not need the 5979 * additional information -- drivers must check! 5980 */ 5981 if (info->attrs[NL80211_ATTR_SSID]) { 5982 params->ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5983 params->ssid_len = 5984 nla_len(info->attrs[NL80211_ATTR_SSID]); 5985 if (params->ssid_len == 0) { 5986 err = -EINVAL; 5987 goto out; 5988 } 5989 5990 if (wdev->u.ap.ssid_len && 5991 (wdev->u.ap.ssid_len != params->ssid_len || 5992 memcmp(wdev->u.ap.ssid, params->ssid, params->ssid_len))) { 5993 /* require identical SSID for MLO */ 5994 err = -EINVAL; 5995 goto out; 5996 } 5997 } else if (wdev->valid_links) { 5998 /* require SSID for MLO */ 5999 err = -EINVAL; 6000 goto out; 6001 } 6002 6003 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) 6004 params->hidden_ssid = nla_get_u32( 6005 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 6006 6007 params->privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 6008 6009 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 6010 params->auth_type = nla_get_u32( 6011 info->attrs[NL80211_ATTR_AUTH_TYPE]); 6012 if (!nl80211_valid_auth_type(rdev, params->auth_type, 6013 NL80211_CMD_START_AP)) { 6014 err = -EINVAL; 6015 goto out; 6016 } 6017 } else 6018 params->auth_type = NL80211_AUTHTYPE_AUTOMATIC; 6019 6020 err = nl80211_crypto_settings(rdev, info, ¶ms->crypto, 6021 NL80211_MAX_NR_CIPHER_SUITES); 6022 if (err) 6023 goto out; 6024 6025 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 6026 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) { 6027 err = -EOPNOTSUPP; 6028 goto out; 6029 } 6030 params->inactivity_timeout = nla_get_u16( 6031 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 6032 } 6033 6034 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 6035 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 6036 err = -EINVAL; 6037 goto out; 6038 } 6039 params->p2p_ctwindow = 6040 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 6041 if (params->p2p_ctwindow != 0 && 6042 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) { 6043 err = -EINVAL; 6044 goto out; 6045 } 6046 } 6047 6048 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 6049 u8 tmp; 6050 6051 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 6052 err = -EINVAL; 6053 goto out; 6054 } 6055 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 6056 params->p2p_opp_ps = tmp; 6057 if (params->p2p_opp_ps != 0 && 6058 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) { 6059 err = -EINVAL; 6060 goto out; 6061 } 6062 } 6063 6064 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 6065 err = nl80211_parse_chandef(rdev, info, ¶ms->chandef); 6066 if (err) 6067 goto out; 6068 } else if (wdev->valid_links) { 6069 /* with MLD need to specify the channel configuration */ 6070 err = -EINVAL; 6071 goto out; 6072 } else if (wdev->u.ap.preset_chandef.chan) { 6073 params->chandef = wdev->u.ap.preset_chandef; 6074 } else if (!nl80211_get_ap_channel(rdev, params)) { 6075 err = -EINVAL; 6076 goto out; 6077 } 6078 6079 if (info->attrs[NL80211_ATTR_PUNCT_BITMAP]) { 6080 err = nl80211_parse_punct_bitmap(rdev, info, 6081 ¶ms->chandef, 6082 ¶ms->punct_bitmap); 6083 if (err) 6084 goto out; 6085 } 6086 6087 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms->chandef, 6088 wdev->iftype)) { 6089 err = -EINVAL; 6090 goto out; 6091 } 6092 6093 wdev_lock(wdev); 6094 6095 if (info->attrs[NL80211_ATTR_TX_RATES]) { 6096 err = nl80211_parse_tx_bitrate_mask(info, info->attrs, 6097 NL80211_ATTR_TX_RATES, 6098 ¶ms->beacon_rate, 6099 dev, false, link_id); 6100 if (err) 6101 goto out_unlock; 6102 6103 err = validate_beacon_tx_rate(rdev, params->chandef.chan->band, 6104 ¶ms->beacon_rate); 6105 if (err) 6106 goto out_unlock; 6107 } 6108 6109 if (info->attrs[NL80211_ATTR_SMPS_MODE]) { 6110 params->smps_mode = 6111 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]); 6112 switch (params->smps_mode) { 6113 case NL80211_SMPS_OFF: 6114 break; 6115 case NL80211_SMPS_STATIC: 6116 if (!(rdev->wiphy.features & 6117 NL80211_FEATURE_STATIC_SMPS)) { 6118 err = -EINVAL; 6119 goto out_unlock; 6120 } 6121 break; 6122 case NL80211_SMPS_DYNAMIC: 6123 if (!(rdev->wiphy.features & 6124 NL80211_FEATURE_DYNAMIC_SMPS)) { 6125 err = -EINVAL; 6126 goto out_unlock; 6127 } 6128 break; 6129 default: 6130 err = -EINVAL; 6131 goto out_unlock; 6132 } 6133 } else { 6134 params->smps_mode = NL80211_SMPS_OFF; 6135 } 6136 6137 params->pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]); 6138 if (params->pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) { 6139 err = -EOPNOTSUPP; 6140 goto out_unlock; 6141 } 6142 6143 if (info->attrs[NL80211_ATTR_ACL_POLICY]) { 6144 params->acl = parse_acl_data(&rdev->wiphy, info); 6145 if (IS_ERR(params->acl)) { 6146 err = PTR_ERR(params->acl); 6147 params->acl = NULL; 6148 goto out_unlock; 6149 } 6150 } 6151 6152 params->twt_responder = 6153 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]); 6154 6155 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) { 6156 err = nl80211_parse_he_obss_pd( 6157 info->attrs[NL80211_ATTR_HE_OBSS_PD], 6158 ¶ms->he_obss_pd); 6159 if (err) 6160 goto out_unlock; 6161 } 6162 6163 if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) { 6164 err = nl80211_parse_fils_discovery(rdev, 6165 info->attrs[NL80211_ATTR_FILS_DISCOVERY], 6166 params); 6167 if (err) 6168 goto out_unlock; 6169 } 6170 6171 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) { 6172 err = nl80211_parse_unsol_bcast_probe_resp( 6173 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP], 6174 params); 6175 if (err) 6176 goto out_unlock; 6177 } 6178 6179 if (info->attrs[NL80211_ATTR_MBSSID_CONFIG]) { 6180 err = nl80211_parse_mbssid_config(&rdev->wiphy, dev, 6181 info->attrs[NL80211_ATTR_MBSSID_CONFIG], 6182 ¶ms->mbssid_config, 6183 params->beacon.mbssid_ies ? 6184 params->beacon.mbssid_ies->cnt : 6185 0); 6186 if (err) 6187 goto out_unlock; 6188 } 6189 6190 if (!params->mbssid_config.ema && params->beacon.rnr_ies) { 6191 err = -EINVAL; 6192 goto out_unlock; 6193 } 6194 6195 err = nl80211_calculate_ap_params(params); 6196 if (err) 6197 goto out_unlock; 6198 6199 err = nl80211_validate_ap_phy_operation(params); 6200 if (err) 6201 goto out_unlock; 6202 6203 if (info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]) 6204 params->flags = nla_get_u32( 6205 info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]); 6206 else if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT]) 6207 params->flags |= NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT; 6208 6209 if (wdev->conn_owner_nlportid && 6210 info->attrs[NL80211_ATTR_SOCKET_OWNER] && 6211 wdev->conn_owner_nlportid != info->snd_portid) { 6212 err = -EINVAL; 6213 goto out_unlock; 6214 } 6215 6216 /* FIXME: validate MLO/link-id against driver capabilities */ 6217 6218 err = rdev_start_ap(rdev, dev, params); 6219 if (!err) { 6220 wdev->links[link_id].ap.beacon_interval = params->beacon_interval; 6221 wdev->links[link_id].ap.chandef = params->chandef; 6222 wdev->u.ap.ssid_len = params->ssid_len; 6223 memcpy(wdev->u.ap.ssid, params->ssid, 6224 params->ssid_len); 6225 6226 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 6227 wdev->conn_owner_nlportid = info->snd_portid; 6228 6229 nl80211_send_ap_started(wdev, link_id); 6230 } 6231 out_unlock: 6232 wdev_unlock(wdev); 6233 out: 6234 kfree(params->acl); 6235 kfree(params->beacon.mbssid_ies); 6236 if (params->mbssid_config.tx_wdev && 6237 params->mbssid_config.tx_wdev->netdev && 6238 params->mbssid_config.tx_wdev->netdev != dev) 6239 dev_put(params->mbssid_config.tx_wdev->netdev); 6240 kfree(params->beacon.rnr_ies); 6241 kfree(params); 6242 6243 return err; 6244 } 6245 6246 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 6247 { 6248 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6249 unsigned int link_id = nl80211_link_id(info->attrs); 6250 struct net_device *dev = info->user_ptr[1]; 6251 struct wireless_dev *wdev = dev->ieee80211_ptr; 6252 struct cfg80211_beacon_data params; 6253 int err; 6254 6255 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 6256 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 6257 return -EOPNOTSUPP; 6258 6259 if (!rdev->ops->change_beacon) 6260 return -EOPNOTSUPP; 6261 6262 if (!wdev->links[link_id].ap.beacon_interval) 6263 return -EINVAL; 6264 6265 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms, info->extack); 6266 if (err) 6267 goto out; 6268 6269 wdev_lock(wdev); 6270 err = rdev_change_beacon(rdev, dev, ¶ms); 6271 wdev_unlock(wdev); 6272 6273 out: 6274 kfree(params.mbssid_ies); 6275 kfree(params.rnr_ies); 6276 return err; 6277 } 6278 6279 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 6280 { 6281 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6282 unsigned int link_id = nl80211_link_id(info->attrs); 6283 struct net_device *dev = info->user_ptr[1]; 6284 6285 return cfg80211_stop_ap(rdev, dev, link_id, false); 6286 } 6287 6288 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 6289 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 6290 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 6291 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 6292 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 6293 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 6294 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 6295 }; 6296 6297 static int parse_station_flags(struct genl_info *info, 6298 enum nl80211_iftype iftype, 6299 struct station_parameters *params) 6300 { 6301 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 6302 struct nlattr *nla; 6303 int flag; 6304 6305 /* 6306 * Try parsing the new attribute first so userspace 6307 * can specify both for older kernels. 6308 */ 6309 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 6310 if (nla) { 6311 struct nl80211_sta_flag_update *sta_flags; 6312 6313 sta_flags = nla_data(nla); 6314 params->sta_flags_mask = sta_flags->mask; 6315 params->sta_flags_set = sta_flags->set; 6316 params->sta_flags_set &= params->sta_flags_mask; 6317 if ((params->sta_flags_mask | 6318 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 6319 return -EINVAL; 6320 return 0; 6321 } 6322 6323 /* if present, parse the old attribute */ 6324 6325 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 6326 if (!nla) 6327 return 0; 6328 6329 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack)) 6330 return -EINVAL; 6331 6332 /* 6333 * Only allow certain flags for interface types so that 6334 * other attributes are silently ignored. Remember that 6335 * this is backward compatibility code with old userspace 6336 * and shouldn't be hit in other cases anyway. 6337 */ 6338 switch (iftype) { 6339 case NL80211_IFTYPE_AP: 6340 case NL80211_IFTYPE_AP_VLAN: 6341 case NL80211_IFTYPE_P2P_GO: 6342 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 6343 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 6344 BIT(NL80211_STA_FLAG_WME) | 6345 BIT(NL80211_STA_FLAG_MFP); 6346 break; 6347 case NL80211_IFTYPE_P2P_CLIENT: 6348 case NL80211_IFTYPE_STATION: 6349 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 6350 BIT(NL80211_STA_FLAG_TDLS_PEER); 6351 break; 6352 case NL80211_IFTYPE_MESH_POINT: 6353 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 6354 BIT(NL80211_STA_FLAG_MFP) | 6355 BIT(NL80211_STA_FLAG_AUTHORIZED); 6356 break; 6357 default: 6358 return -EINVAL; 6359 } 6360 6361 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) { 6362 if (flags[flag]) { 6363 params->sta_flags_set |= (1<<flag); 6364 6365 /* no longer support new API additions in old API */ 6366 if (flag > NL80211_STA_FLAG_MAX_OLD_API) 6367 return -EINVAL; 6368 } 6369 } 6370 6371 return 0; 6372 } 6373 6374 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr) 6375 { 6376 struct nlattr *rate; 6377 u32 bitrate; 6378 u16 bitrate_compat; 6379 enum nl80211_rate_info rate_flg; 6380 6381 rate = nla_nest_start_noflag(msg, attr); 6382 if (!rate) 6383 return false; 6384 6385 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 6386 bitrate = cfg80211_calculate_bitrate(info); 6387 /* report 16-bit bitrate only if we can */ 6388 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0; 6389 if (bitrate > 0 && 6390 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) 6391 return false; 6392 if (bitrate_compat > 0 && 6393 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) 6394 return false; 6395 6396 switch (info->bw) { 6397 case RATE_INFO_BW_1: 6398 rate_flg = NL80211_RATE_INFO_1_MHZ_WIDTH; 6399 break; 6400 case RATE_INFO_BW_2: 6401 rate_flg = NL80211_RATE_INFO_2_MHZ_WIDTH; 6402 break; 6403 case RATE_INFO_BW_4: 6404 rate_flg = NL80211_RATE_INFO_4_MHZ_WIDTH; 6405 break; 6406 case RATE_INFO_BW_5: 6407 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH; 6408 break; 6409 case RATE_INFO_BW_8: 6410 rate_flg = NL80211_RATE_INFO_8_MHZ_WIDTH; 6411 break; 6412 case RATE_INFO_BW_10: 6413 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH; 6414 break; 6415 case RATE_INFO_BW_16: 6416 rate_flg = NL80211_RATE_INFO_16_MHZ_WIDTH; 6417 break; 6418 default: 6419 WARN_ON(1); 6420 fallthrough; 6421 case RATE_INFO_BW_20: 6422 rate_flg = 0; 6423 break; 6424 case RATE_INFO_BW_40: 6425 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH; 6426 break; 6427 case RATE_INFO_BW_80: 6428 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH; 6429 break; 6430 case RATE_INFO_BW_160: 6431 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH; 6432 break; 6433 case RATE_INFO_BW_HE_RU: 6434 rate_flg = 0; 6435 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS)); 6436 break; 6437 case RATE_INFO_BW_320: 6438 rate_flg = NL80211_RATE_INFO_320_MHZ_WIDTH; 6439 break; 6440 case RATE_INFO_BW_EHT_RU: 6441 rate_flg = 0; 6442 WARN_ON(!(info->flags & RATE_INFO_FLAGS_EHT_MCS)); 6443 break; 6444 } 6445 6446 if (rate_flg && nla_put_flag(msg, rate_flg)) 6447 return false; 6448 6449 if (info->flags & RATE_INFO_FLAGS_MCS) { 6450 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) 6451 return false; 6452 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 6453 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 6454 return false; 6455 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) { 6456 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs)) 6457 return false; 6458 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss)) 6459 return false; 6460 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 6461 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 6462 return false; 6463 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) { 6464 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs)) 6465 return false; 6466 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss)) 6467 return false; 6468 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi)) 6469 return false; 6470 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm)) 6471 return false; 6472 if (info->bw == RATE_INFO_BW_HE_RU && 6473 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC, 6474 info->he_ru_alloc)) 6475 return false; 6476 } else if (info->flags & RATE_INFO_FLAGS_S1G_MCS) { 6477 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_MCS, info->mcs)) 6478 return false; 6479 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_NSS, info->nss)) 6480 return false; 6481 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 6482 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 6483 return false; 6484 } else if (info->flags & RATE_INFO_FLAGS_EHT_MCS) { 6485 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_MCS, info->mcs)) 6486 return false; 6487 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss)) 6488 return false; 6489 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi)) 6490 return false; 6491 if (info->bw == RATE_INFO_BW_EHT_RU && 6492 nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC, 6493 info->eht_ru_alloc)) 6494 return false; 6495 } 6496 6497 nla_nest_end(msg, rate); 6498 return true; 6499 } 6500 6501 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal, 6502 int id) 6503 { 6504 void *attr; 6505 int i = 0; 6506 6507 if (!mask) 6508 return true; 6509 6510 attr = nla_nest_start_noflag(msg, id); 6511 if (!attr) 6512 return false; 6513 6514 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) { 6515 if (!(mask & BIT(i))) 6516 continue; 6517 6518 if (nla_put_u8(msg, i, signal[i])) 6519 return false; 6520 } 6521 6522 nla_nest_end(msg, attr); 6523 6524 return true; 6525 } 6526 6527 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid, 6528 u32 seq, int flags, 6529 struct cfg80211_registered_device *rdev, 6530 struct net_device *dev, 6531 const u8 *mac_addr, struct station_info *sinfo) 6532 { 6533 void *hdr; 6534 struct nlattr *sinfoattr, *bss_param; 6535 6536 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 6537 if (!hdr) { 6538 cfg80211_sinfo_release_content(sinfo); 6539 return -1; 6540 } 6541 6542 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 6543 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 6544 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation)) 6545 goto nla_put_failure; 6546 6547 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO); 6548 if (!sinfoattr) 6549 goto nla_put_failure; 6550 6551 #define PUT_SINFO(attr, memb, type) do { \ 6552 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \ 6553 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \ 6554 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \ 6555 sinfo->memb)) \ 6556 goto nla_put_failure; \ 6557 } while (0) 6558 #define PUT_SINFO_U64(attr, memb) do { \ 6559 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \ 6560 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \ 6561 sinfo->memb, NL80211_STA_INFO_PAD)) \ 6562 goto nla_put_failure; \ 6563 } while (0) 6564 6565 PUT_SINFO(CONNECTED_TIME, connected_time, u32); 6566 PUT_SINFO(INACTIVE_TIME, inactive_time, u32); 6567 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at); 6568 6569 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) | 6570 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) && 6571 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES, 6572 (u32)sinfo->rx_bytes)) 6573 goto nla_put_failure; 6574 6575 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) | 6576 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) && 6577 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 6578 (u32)sinfo->tx_bytes)) 6579 goto nla_put_failure; 6580 6581 PUT_SINFO_U64(RX_BYTES64, rx_bytes); 6582 PUT_SINFO_U64(TX_BYTES64, tx_bytes); 6583 PUT_SINFO(LLID, llid, u16); 6584 PUT_SINFO(PLID, plid, u16); 6585 PUT_SINFO(PLINK_STATE, plink_state, u8); 6586 PUT_SINFO_U64(RX_DURATION, rx_duration); 6587 PUT_SINFO_U64(TX_DURATION, tx_duration); 6588 6589 if (wiphy_ext_feature_isset(&rdev->wiphy, 6590 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS)) 6591 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16); 6592 6593 switch (rdev->wiphy.signal_type) { 6594 case CFG80211_SIGNAL_TYPE_MBM: 6595 PUT_SINFO(SIGNAL, signal, u8); 6596 PUT_SINFO(SIGNAL_AVG, signal_avg, u8); 6597 break; 6598 default: 6599 break; 6600 } 6601 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) { 6602 if (!nl80211_put_signal(msg, sinfo->chains, 6603 sinfo->chain_signal, 6604 NL80211_STA_INFO_CHAIN_SIGNAL)) 6605 goto nla_put_failure; 6606 } 6607 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) { 6608 if (!nl80211_put_signal(msg, sinfo->chains, 6609 sinfo->chain_signal_avg, 6610 NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) 6611 goto nla_put_failure; 6612 } 6613 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) { 6614 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 6615 NL80211_STA_INFO_TX_BITRATE)) 6616 goto nla_put_failure; 6617 } 6618 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) { 6619 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 6620 NL80211_STA_INFO_RX_BITRATE)) 6621 goto nla_put_failure; 6622 } 6623 6624 PUT_SINFO(RX_PACKETS, rx_packets, u32); 6625 PUT_SINFO(TX_PACKETS, tx_packets, u32); 6626 PUT_SINFO(TX_RETRIES, tx_retries, u32); 6627 PUT_SINFO(TX_FAILED, tx_failed, u32); 6628 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32); 6629 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32); 6630 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32); 6631 PUT_SINFO(LOCAL_PM, local_pm, u32); 6632 PUT_SINFO(PEER_PM, peer_pm, u32); 6633 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32); 6634 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8); 6635 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8); 6636 6637 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) { 6638 bss_param = nla_nest_start_noflag(msg, 6639 NL80211_STA_INFO_BSS_PARAM); 6640 if (!bss_param) 6641 goto nla_put_failure; 6642 6643 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) && 6644 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) || 6645 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) && 6646 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) || 6647 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) && 6648 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) || 6649 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 6650 sinfo->bss_param.dtim_period) || 6651 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 6652 sinfo->bss_param.beacon_interval)) 6653 goto nla_put_failure; 6654 6655 nla_nest_end(msg, bss_param); 6656 } 6657 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) && 6658 nla_put(msg, NL80211_STA_INFO_STA_FLAGS, 6659 sizeof(struct nl80211_sta_flag_update), 6660 &sinfo->sta_flags)) 6661 goto nla_put_failure; 6662 6663 PUT_SINFO_U64(T_OFFSET, t_offset); 6664 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc); 6665 PUT_SINFO_U64(BEACON_RX, rx_beacon); 6666 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8); 6667 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32); 6668 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32); 6669 if (wiphy_ext_feature_isset(&rdev->wiphy, 6670 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) { 6671 PUT_SINFO(ACK_SIGNAL, ack_signal, u8); 6672 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8); 6673 } 6674 6675 #undef PUT_SINFO 6676 #undef PUT_SINFO_U64 6677 6678 if (sinfo->pertid) { 6679 struct nlattr *tidsattr; 6680 int tid; 6681 6682 tidsattr = nla_nest_start_noflag(msg, 6683 NL80211_STA_INFO_TID_STATS); 6684 if (!tidsattr) 6685 goto nla_put_failure; 6686 6687 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) { 6688 struct cfg80211_tid_stats *tidstats; 6689 struct nlattr *tidattr; 6690 6691 tidstats = &sinfo->pertid[tid]; 6692 6693 if (!tidstats->filled) 6694 continue; 6695 6696 tidattr = nla_nest_start_noflag(msg, tid + 1); 6697 if (!tidattr) 6698 goto nla_put_failure; 6699 6700 #define PUT_TIDVAL_U64(attr, memb) do { \ 6701 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \ 6702 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \ 6703 tidstats->memb, NL80211_TID_STATS_PAD)) \ 6704 goto nla_put_failure; \ 6705 } while (0) 6706 6707 PUT_TIDVAL_U64(RX_MSDU, rx_msdu); 6708 PUT_TIDVAL_U64(TX_MSDU, tx_msdu); 6709 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries); 6710 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed); 6711 6712 #undef PUT_TIDVAL_U64 6713 if ((tidstats->filled & 6714 BIT(NL80211_TID_STATS_TXQ_STATS)) && 6715 !nl80211_put_txq_stats(msg, &tidstats->txq_stats, 6716 NL80211_TID_STATS_TXQ_STATS)) 6717 goto nla_put_failure; 6718 6719 nla_nest_end(msg, tidattr); 6720 } 6721 6722 nla_nest_end(msg, tidsattr); 6723 } 6724 6725 nla_nest_end(msg, sinfoattr); 6726 6727 if (sinfo->assoc_req_ies_len && 6728 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 6729 sinfo->assoc_req_ies)) 6730 goto nla_put_failure; 6731 6732 if (sinfo->assoc_resp_ies_len && 6733 nla_put(msg, NL80211_ATTR_RESP_IE, sinfo->assoc_resp_ies_len, 6734 sinfo->assoc_resp_ies)) 6735 goto nla_put_failure; 6736 6737 if (sinfo->mlo_params_valid) { 6738 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, 6739 sinfo->assoc_link_id)) 6740 goto nla_put_failure; 6741 6742 if (!is_zero_ether_addr(sinfo->mld_addr) && 6743 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, 6744 sinfo->mld_addr)) 6745 goto nla_put_failure; 6746 } 6747 6748 cfg80211_sinfo_release_content(sinfo); 6749 genlmsg_end(msg, hdr); 6750 return 0; 6751 6752 nla_put_failure: 6753 cfg80211_sinfo_release_content(sinfo); 6754 genlmsg_cancel(msg, hdr); 6755 return -EMSGSIZE; 6756 } 6757 6758 static int nl80211_dump_station(struct sk_buff *skb, 6759 struct netlink_callback *cb) 6760 { 6761 struct station_info sinfo; 6762 struct cfg80211_registered_device *rdev; 6763 struct wireless_dev *wdev; 6764 u8 mac_addr[ETH_ALEN]; 6765 int sta_idx = cb->args[2]; 6766 int err; 6767 6768 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL); 6769 if (err) 6770 return err; 6771 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 6772 __acquire(&rdev->wiphy.mtx); 6773 6774 if (!wdev->netdev) { 6775 err = -EINVAL; 6776 goto out_err; 6777 } 6778 6779 if (!rdev->ops->dump_station) { 6780 err = -EOPNOTSUPP; 6781 goto out_err; 6782 } 6783 6784 while (1) { 6785 memset(&sinfo, 0, sizeof(sinfo)); 6786 err = rdev_dump_station(rdev, wdev->netdev, sta_idx, 6787 mac_addr, &sinfo); 6788 if (err == -ENOENT) 6789 break; 6790 if (err) 6791 goto out_err; 6792 6793 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION, 6794 NETLINK_CB(cb->skb).portid, 6795 cb->nlh->nlmsg_seq, NLM_F_MULTI, 6796 rdev, wdev->netdev, mac_addr, 6797 &sinfo) < 0) 6798 goto out; 6799 6800 sta_idx++; 6801 } 6802 6803 out: 6804 cb->args[2] = sta_idx; 6805 err = skb->len; 6806 out_err: 6807 wiphy_unlock(&rdev->wiphy); 6808 6809 return err; 6810 } 6811 6812 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 6813 { 6814 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6815 struct net_device *dev = info->user_ptr[1]; 6816 struct station_info sinfo; 6817 struct sk_buff *msg; 6818 u8 *mac_addr = NULL; 6819 int err; 6820 6821 memset(&sinfo, 0, sizeof(sinfo)); 6822 6823 if (!info->attrs[NL80211_ATTR_MAC]) 6824 return -EINVAL; 6825 6826 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 6827 6828 if (!rdev->ops->get_station) 6829 return -EOPNOTSUPP; 6830 6831 err = rdev_get_station(rdev, dev, mac_addr, &sinfo); 6832 if (err) 6833 return err; 6834 6835 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6836 if (!msg) { 6837 cfg80211_sinfo_release_content(&sinfo); 6838 return -ENOMEM; 6839 } 6840 6841 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 6842 info->snd_portid, info->snd_seq, 0, 6843 rdev, dev, mac_addr, &sinfo) < 0) { 6844 nlmsg_free(msg); 6845 return -ENOBUFS; 6846 } 6847 6848 return genlmsg_reply(msg, info); 6849 } 6850 6851 int cfg80211_check_station_change(struct wiphy *wiphy, 6852 struct station_parameters *params, 6853 enum cfg80211_station_type statype) 6854 { 6855 if (params->listen_interval != -1 && 6856 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 6857 return -EINVAL; 6858 6859 if (params->support_p2p_ps != -1 && 6860 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 6861 return -EINVAL; 6862 6863 if (params->aid && 6864 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) && 6865 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 6866 return -EINVAL; 6867 6868 /* When you run into this, adjust the code below for the new flag */ 6869 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7); 6870 6871 switch (statype) { 6872 case CFG80211_STA_MESH_PEER_KERNEL: 6873 case CFG80211_STA_MESH_PEER_USER: 6874 /* 6875 * No ignoring the TDLS flag here -- the userspace mesh 6876 * code doesn't have the bug of including TDLS in the 6877 * mask everywhere. 6878 */ 6879 if (params->sta_flags_mask & 6880 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 6881 BIT(NL80211_STA_FLAG_MFP) | 6882 BIT(NL80211_STA_FLAG_AUTHORIZED))) 6883 return -EINVAL; 6884 break; 6885 case CFG80211_STA_TDLS_PEER_SETUP: 6886 case CFG80211_STA_TDLS_PEER_ACTIVE: 6887 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 6888 return -EINVAL; 6889 /* ignore since it can't change */ 6890 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 6891 break; 6892 default: 6893 /* disallow mesh-specific things */ 6894 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION) 6895 return -EINVAL; 6896 if (params->local_pm) 6897 return -EINVAL; 6898 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) 6899 return -EINVAL; 6900 } 6901 6902 if (statype != CFG80211_STA_TDLS_PEER_SETUP && 6903 statype != CFG80211_STA_TDLS_PEER_ACTIVE) { 6904 /* TDLS can't be set, ... */ 6905 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 6906 return -EINVAL; 6907 /* 6908 * ... but don't bother the driver with it. This works around 6909 * a hostapd/wpa_supplicant issue -- it always includes the 6910 * TLDS_PEER flag in the mask even for AP mode. 6911 */ 6912 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 6913 } 6914 6915 if (statype != CFG80211_STA_TDLS_PEER_SETUP && 6916 statype != CFG80211_STA_AP_CLIENT_UNASSOC) { 6917 /* reject other things that can't change */ 6918 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD) 6919 return -EINVAL; 6920 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY) 6921 return -EINVAL; 6922 if (params->link_sta_params.supported_rates) 6923 return -EINVAL; 6924 if (params->ext_capab || params->link_sta_params.ht_capa || 6925 params->link_sta_params.vht_capa || 6926 params->link_sta_params.he_capa || 6927 params->link_sta_params.eht_capa) 6928 return -EINVAL; 6929 } 6930 6931 if (statype != CFG80211_STA_AP_CLIENT && 6932 statype != CFG80211_STA_AP_CLIENT_UNASSOC) { 6933 if (params->vlan) 6934 return -EINVAL; 6935 } 6936 6937 switch (statype) { 6938 case CFG80211_STA_AP_MLME_CLIENT: 6939 /* Use this only for authorizing/unauthorizing a station */ 6940 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED))) 6941 return -EOPNOTSUPP; 6942 break; 6943 case CFG80211_STA_AP_CLIENT: 6944 case CFG80211_STA_AP_CLIENT_UNASSOC: 6945 /* accept only the listed bits */ 6946 if (params->sta_flags_mask & 6947 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 6948 BIT(NL80211_STA_FLAG_AUTHENTICATED) | 6949 BIT(NL80211_STA_FLAG_ASSOCIATED) | 6950 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 6951 BIT(NL80211_STA_FLAG_WME) | 6952 BIT(NL80211_STA_FLAG_MFP))) 6953 return -EINVAL; 6954 6955 /* but authenticated/associated only if driver handles it */ 6956 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 6957 params->sta_flags_mask & 6958 (BIT(NL80211_STA_FLAG_AUTHENTICATED) | 6959 BIT(NL80211_STA_FLAG_ASSOCIATED))) 6960 return -EINVAL; 6961 break; 6962 case CFG80211_STA_IBSS: 6963 case CFG80211_STA_AP_STA: 6964 /* reject any changes other than AUTHORIZED */ 6965 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 6966 return -EINVAL; 6967 break; 6968 case CFG80211_STA_TDLS_PEER_SETUP: 6969 /* reject any changes other than AUTHORIZED or WME */ 6970 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 6971 BIT(NL80211_STA_FLAG_WME))) 6972 return -EINVAL; 6973 /* force (at least) rates when authorizing */ 6974 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) && 6975 !params->link_sta_params.supported_rates) 6976 return -EINVAL; 6977 break; 6978 case CFG80211_STA_TDLS_PEER_ACTIVE: 6979 /* reject any changes */ 6980 return -EINVAL; 6981 case CFG80211_STA_MESH_PEER_KERNEL: 6982 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) 6983 return -EINVAL; 6984 break; 6985 case CFG80211_STA_MESH_PEER_USER: 6986 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION && 6987 params->plink_action != NL80211_PLINK_ACTION_BLOCK) 6988 return -EINVAL; 6989 break; 6990 } 6991 6992 /* 6993 * Older kernel versions ignored this attribute entirely, so don't 6994 * reject attempts to update it but mark it as unused instead so the 6995 * driver won't look at the data. 6996 */ 6997 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC && 6998 statype != CFG80211_STA_TDLS_PEER_SETUP) 6999 params->link_sta_params.opmode_notif_used = false; 7000 7001 return 0; 7002 } 7003 EXPORT_SYMBOL(cfg80211_check_station_change); 7004 7005 /* 7006 * Get vlan interface making sure it is running and on the right wiphy. 7007 */ 7008 static struct net_device *get_vlan(struct genl_info *info, 7009 struct cfg80211_registered_device *rdev) 7010 { 7011 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 7012 struct net_device *v; 7013 int ret; 7014 7015 if (!vlanattr) 7016 return NULL; 7017 7018 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 7019 if (!v) 7020 return ERR_PTR(-ENODEV); 7021 7022 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 7023 ret = -EINVAL; 7024 goto error; 7025 } 7026 7027 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 7028 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 7029 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 7030 ret = -EINVAL; 7031 goto error; 7032 } 7033 7034 if (!netif_running(v)) { 7035 ret = -ENETDOWN; 7036 goto error; 7037 } 7038 7039 return v; 7040 error: 7041 dev_put(v); 7042 return ERR_PTR(ret); 7043 } 7044 7045 static int nl80211_parse_sta_wme(struct genl_info *info, 7046 struct station_parameters *params) 7047 { 7048 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 7049 struct nlattr *nla; 7050 int err; 7051 7052 /* parse WME attributes if present */ 7053 if (!info->attrs[NL80211_ATTR_STA_WME]) 7054 return 0; 7055 7056 nla = info->attrs[NL80211_ATTR_STA_WME]; 7057 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla, 7058 nl80211_sta_wme_policy, 7059 info->extack); 7060 if (err) 7061 return err; 7062 7063 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 7064 params->uapsd_queues = nla_get_u8( 7065 tb[NL80211_STA_WME_UAPSD_QUEUES]); 7066 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 7067 return -EINVAL; 7068 7069 if (tb[NL80211_STA_WME_MAX_SP]) 7070 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 7071 7072 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 7073 return -EINVAL; 7074 7075 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 7076 7077 return 0; 7078 } 7079 7080 static int nl80211_parse_sta_channel_info(struct genl_info *info, 7081 struct station_parameters *params) 7082 { 7083 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) { 7084 params->supported_channels = 7085 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]); 7086 params->supported_channels_len = 7087 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]); 7088 /* 7089 * Need to include at least one (first channel, number of 7090 * channels) tuple for each subband (checked in policy), 7091 * and must have proper tuples for the rest of the data as well. 7092 */ 7093 if (params->supported_channels_len % 2) 7094 return -EINVAL; 7095 } 7096 7097 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) { 7098 params->supported_oper_classes = 7099 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]); 7100 params->supported_oper_classes_len = 7101 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]); 7102 } 7103 return 0; 7104 } 7105 7106 static int nl80211_set_station_tdls(struct genl_info *info, 7107 struct station_parameters *params) 7108 { 7109 int err; 7110 /* Dummy STA entry gets updated once the peer capabilities are known */ 7111 if (info->attrs[NL80211_ATTR_PEER_AID]) 7112 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]); 7113 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 7114 params->link_sta_params.ht_capa = 7115 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 7116 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 7117 params->link_sta_params.vht_capa = 7118 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 7119 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) { 7120 params->link_sta_params.he_capa = 7121 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 7122 params->link_sta_params.he_capa_len = 7123 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 7124 7125 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) { 7126 params->link_sta_params.eht_capa = 7127 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 7128 params->link_sta_params.eht_capa_len = 7129 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 7130 7131 if (!ieee80211_eht_capa_size_ok((const u8 *)params->link_sta_params.he_capa, 7132 (const u8 *)params->link_sta_params.eht_capa, 7133 params->link_sta_params.eht_capa_len, 7134 false)) 7135 return -EINVAL; 7136 } 7137 } 7138 7139 err = nl80211_parse_sta_channel_info(info, params); 7140 if (err) 7141 return err; 7142 7143 return nl80211_parse_sta_wme(info, params); 7144 } 7145 7146 static int nl80211_parse_sta_txpower_setting(struct genl_info *info, 7147 struct sta_txpwr *txpwr, 7148 bool *txpwr_set) 7149 { 7150 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7151 int idx; 7152 7153 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) { 7154 if (!rdev->ops->set_tx_power || 7155 !wiphy_ext_feature_isset(&rdev->wiphy, 7156 NL80211_EXT_FEATURE_STA_TX_PWR)) 7157 return -EOPNOTSUPP; 7158 7159 idx = NL80211_ATTR_STA_TX_POWER_SETTING; 7160 txpwr->type = nla_get_u8(info->attrs[idx]); 7161 7162 if (txpwr->type == NL80211_TX_POWER_LIMITED) { 7163 idx = NL80211_ATTR_STA_TX_POWER; 7164 7165 if (info->attrs[idx]) 7166 txpwr->power = nla_get_s16(info->attrs[idx]); 7167 else 7168 return -EINVAL; 7169 } 7170 7171 *txpwr_set = true; 7172 } else { 7173 *txpwr_set = false; 7174 } 7175 7176 return 0; 7177 } 7178 7179 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 7180 { 7181 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7182 struct net_device *dev = info->user_ptr[1]; 7183 struct station_parameters params; 7184 u8 *mac_addr; 7185 int err; 7186 7187 memset(¶ms, 0, sizeof(params)); 7188 7189 if (!rdev->ops->change_station) 7190 return -EOPNOTSUPP; 7191 7192 /* 7193 * AID and listen_interval properties can be set only for unassociated 7194 * station. Include these parameters here and will check them in 7195 * cfg80211_check_station_change(). 7196 */ 7197 if (info->attrs[NL80211_ATTR_STA_AID]) 7198 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 7199 7200 if (info->attrs[NL80211_ATTR_VLAN_ID]) 7201 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]); 7202 7203 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 7204 params.listen_interval = 7205 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 7206 else 7207 params.listen_interval = -1; 7208 7209 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) 7210 params.support_p2p_ps = 7211 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]); 7212 else 7213 params.support_p2p_ps = -1; 7214 7215 if (!info->attrs[NL80211_ATTR_MAC]) 7216 return -EINVAL; 7217 7218 params.link_sta_params.link_id = 7219 nl80211_link_id_or_invalid(info->attrs); 7220 7221 if (info->attrs[NL80211_ATTR_MLD_ADDR]) { 7222 /* If MLD_ADDR attribute is set then this is an MLD station 7223 * and the MLD_ADDR attribute holds the MLD address and the 7224 * MAC attribute holds for the LINK address. 7225 * In that case, the link_id is also expected to be valid. 7226 */ 7227 if (params.link_sta_params.link_id < 0) 7228 return -EINVAL; 7229 7230 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]); 7231 params.link_sta_params.mld_mac = mac_addr; 7232 params.link_sta_params.link_mac = 7233 nla_data(info->attrs[NL80211_ATTR_MAC]); 7234 if (!is_valid_ether_addr(params.link_sta_params.link_mac)) 7235 return -EINVAL; 7236 } else { 7237 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 7238 } 7239 7240 7241 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 7242 params.link_sta_params.supported_rates = 7243 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 7244 params.link_sta_params.supported_rates_len = 7245 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 7246 } 7247 7248 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 7249 params.capability = 7250 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 7251 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 7252 } 7253 7254 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 7255 params.ext_capab = 7256 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 7257 params.ext_capab_len = 7258 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 7259 } 7260 7261 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 7262 return -EINVAL; 7263 7264 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 7265 params.plink_action = 7266 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 7267 7268 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) { 7269 params.plink_state = 7270 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 7271 if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) 7272 params.peer_aid = nla_get_u16( 7273 info->attrs[NL80211_ATTR_MESH_PEER_AID]); 7274 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE; 7275 } 7276 7277 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) 7278 params.local_pm = nla_get_u32( 7279 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]); 7280 7281 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) { 7282 params.link_sta_params.opmode_notif_used = true; 7283 params.link_sta_params.opmode_notif = 7284 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]); 7285 } 7286 7287 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]) 7288 params.link_sta_params.he_6ghz_capa = 7289 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]); 7290 7291 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]) 7292 params.airtime_weight = 7293 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]); 7294 7295 if (params.airtime_weight && 7296 !wiphy_ext_feature_isset(&rdev->wiphy, 7297 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS)) 7298 return -EOPNOTSUPP; 7299 7300 err = nl80211_parse_sta_txpower_setting(info, 7301 ¶ms.link_sta_params.txpwr, 7302 ¶ms.link_sta_params.txpwr_set); 7303 if (err) 7304 return err; 7305 7306 /* Include parameters for TDLS peer (will check later) */ 7307 err = nl80211_set_station_tdls(info, ¶ms); 7308 if (err) 7309 return err; 7310 7311 params.vlan = get_vlan(info, rdev); 7312 if (IS_ERR(params.vlan)) 7313 return PTR_ERR(params.vlan); 7314 7315 switch (dev->ieee80211_ptr->iftype) { 7316 case NL80211_IFTYPE_AP: 7317 case NL80211_IFTYPE_AP_VLAN: 7318 case NL80211_IFTYPE_P2P_GO: 7319 case NL80211_IFTYPE_P2P_CLIENT: 7320 case NL80211_IFTYPE_STATION: 7321 case NL80211_IFTYPE_ADHOC: 7322 case NL80211_IFTYPE_MESH_POINT: 7323 break; 7324 default: 7325 err = -EOPNOTSUPP; 7326 goto out_put_vlan; 7327 } 7328 7329 /* driver will call cfg80211_check_station_change() */ 7330 wdev_lock(dev->ieee80211_ptr); 7331 err = rdev_change_station(rdev, dev, mac_addr, ¶ms); 7332 wdev_unlock(dev->ieee80211_ptr); 7333 7334 out_put_vlan: 7335 dev_put(params.vlan); 7336 7337 return err; 7338 } 7339 7340 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 7341 { 7342 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7343 int err; 7344 struct net_device *dev = info->user_ptr[1]; 7345 struct wireless_dev *wdev = dev->ieee80211_ptr; 7346 struct station_parameters params; 7347 u8 *mac_addr = NULL; 7348 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 7349 BIT(NL80211_STA_FLAG_ASSOCIATED); 7350 7351 memset(¶ms, 0, sizeof(params)); 7352 7353 if (!rdev->ops->add_station) 7354 return -EOPNOTSUPP; 7355 7356 if (!info->attrs[NL80211_ATTR_MAC]) 7357 return -EINVAL; 7358 7359 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 7360 return -EINVAL; 7361 7362 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 7363 return -EINVAL; 7364 7365 if (!info->attrs[NL80211_ATTR_STA_AID] && 7366 !info->attrs[NL80211_ATTR_PEER_AID]) 7367 return -EINVAL; 7368 7369 params.link_sta_params.link_id = 7370 nl80211_link_id_or_invalid(info->attrs); 7371 7372 if (info->attrs[NL80211_ATTR_MLD_ADDR]) { 7373 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]); 7374 params.link_sta_params.mld_mac = mac_addr; 7375 params.link_sta_params.link_mac = 7376 nla_data(info->attrs[NL80211_ATTR_MAC]); 7377 if (!is_valid_ether_addr(params.link_sta_params.link_mac)) 7378 return -EINVAL; 7379 } else { 7380 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 7381 } 7382 7383 params.link_sta_params.supported_rates = 7384 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 7385 params.link_sta_params.supported_rates_len = 7386 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 7387 params.listen_interval = 7388 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 7389 7390 if (info->attrs[NL80211_ATTR_VLAN_ID]) 7391 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]); 7392 7393 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) { 7394 params.support_p2p_ps = 7395 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]); 7396 } else { 7397 /* 7398 * if not specified, assume it's supported for P2P GO interface, 7399 * and is NOT supported for AP interface 7400 */ 7401 params.support_p2p_ps = 7402 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO; 7403 } 7404 7405 if (info->attrs[NL80211_ATTR_PEER_AID]) 7406 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]); 7407 else 7408 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 7409 7410 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 7411 params.capability = 7412 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 7413 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 7414 } 7415 7416 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 7417 params.ext_capab = 7418 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 7419 params.ext_capab_len = 7420 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 7421 } 7422 7423 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 7424 params.link_sta_params.ht_capa = 7425 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 7426 7427 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 7428 params.link_sta_params.vht_capa = 7429 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 7430 7431 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) { 7432 params.link_sta_params.he_capa = 7433 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 7434 params.link_sta_params.he_capa_len = 7435 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 7436 7437 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) { 7438 params.link_sta_params.eht_capa = 7439 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 7440 params.link_sta_params.eht_capa_len = 7441 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 7442 7443 if (!ieee80211_eht_capa_size_ok((const u8 *)params.link_sta_params.he_capa, 7444 (const u8 *)params.link_sta_params.eht_capa, 7445 params.link_sta_params.eht_capa_len, 7446 false)) 7447 return -EINVAL; 7448 } 7449 } 7450 7451 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]) 7452 params.link_sta_params.he_6ghz_capa = 7453 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]); 7454 7455 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) { 7456 params.link_sta_params.opmode_notif_used = true; 7457 params.link_sta_params.opmode_notif = 7458 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]); 7459 } 7460 7461 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 7462 params.plink_action = 7463 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 7464 7465 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]) 7466 params.airtime_weight = 7467 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]); 7468 7469 if (params.airtime_weight && 7470 !wiphy_ext_feature_isset(&rdev->wiphy, 7471 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS)) 7472 return -EOPNOTSUPP; 7473 7474 err = nl80211_parse_sta_txpower_setting(info, 7475 ¶ms.link_sta_params.txpwr, 7476 ¶ms.link_sta_params.txpwr_set); 7477 if (err) 7478 return err; 7479 7480 err = nl80211_parse_sta_channel_info(info, ¶ms); 7481 if (err) 7482 return err; 7483 7484 err = nl80211_parse_sta_wme(info, ¶ms); 7485 if (err) 7486 return err; 7487 7488 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 7489 return -EINVAL; 7490 7491 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT 7492 * as userspace might just pass through the capabilities from the IEs 7493 * directly, rather than enforcing this restriction and returning an 7494 * error in this case. 7495 */ 7496 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) { 7497 params.link_sta_params.ht_capa = NULL; 7498 params.link_sta_params.vht_capa = NULL; 7499 7500 /* HE and EHT require WME */ 7501 if (params.link_sta_params.he_capa_len || 7502 params.link_sta_params.he_6ghz_capa || 7503 params.link_sta_params.eht_capa_len) 7504 return -EINVAL; 7505 } 7506 7507 /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */ 7508 if (params.link_sta_params.he_6ghz_capa && 7509 (params.link_sta_params.ht_capa || params.link_sta_params.vht_capa)) 7510 return -EINVAL; 7511 7512 /* When you run into this, adjust the code below for the new flag */ 7513 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7); 7514 7515 switch (dev->ieee80211_ptr->iftype) { 7516 case NL80211_IFTYPE_AP: 7517 case NL80211_IFTYPE_AP_VLAN: 7518 case NL80211_IFTYPE_P2P_GO: 7519 /* ignore WME attributes if iface/sta is not capable */ 7520 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) || 7521 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) 7522 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 7523 7524 /* TDLS peers cannot be added */ 7525 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) || 7526 info->attrs[NL80211_ATTR_PEER_AID]) 7527 return -EINVAL; 7528 /* but don't bother the driver with it */ 7529 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 7530 7531 /* allow authenticated/associated only if driver handles it */ 7532 if (!(rdev->wiphy.features & 7533 NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 7534 params.sta_flags_mask & auth_assoc) 7535 return -EINVAL; 7536 7537 /* Older userspace, or userspace wanting to be compatible with 7538 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth 7539 * and assoc flags in the mask, but assumes the station will be 7540 * added as associated anyway since this was the required driver 7541 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was 7542 * introduced. 7543 * In order to not bother drivers with this quirk in the API 7544 * set the flags in both the mask and set for new stations in 7545 * this case. 7546 */ 7547 if (!(params.sta_flags_mask & auth_assoc)) { 7548 params.sta_flags_mask |= auth_assoc; 7549 params.sta_flags_set |= auth_assoc; 7550 } 7551 7552 /* must be last in here for error handling */ 7553 params.vlan = get_vlan(info, rdev); 7554 if (IS_ERR(params.vlan)) 7555 return PTR_ERR(params.vlan); 7556 break; 7557 case NL80211_IFTYPE_MESH_POINT: 7558 /* ignore uAPSD data */ 7559 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 7560 7561 /* associated is disallowed */ 7562 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED)) 7563 return -EINVAL; 7564 /* TDLS peers cannot be added */ 7565 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) || 7566 info->attrs[NL80211_ATTR_PEER_AID]) 7567 return -EINVAL; 7568 break; 7569 case NL80211_IFTYPE_STATION: 7570 case NL80211_IFTYPE_P2P_CLIENT: 7571 /* ignore uAPSD data */ 7572 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 7573 7574 /* these are disallowed */ 7575 if (params.sta_flags_mask & 7576 (BIT(NL80211_STA_FLAG_ASSOCIATED) | 7577 BIT(NL80211_STA_FLAG_AUTHENTICATED))) 7578 return -EINVAL; 7579 /* Only TDLS peers can be added */ 7580 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 7581 return -EINVAL; 7582 /* Can only add if TDLS ... */ 7583 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 7584 return -EOPNOTSUPP; 7585 /* ... with external setup is supported */ 7586 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 7587 return -EOPNOTSUPP; 7588 /* 7589 * Older wpa_supplicant versions always mark the TDLS peer 7590 * as authorized, but it shouldn't yet be. 7591 */ 7592 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED); 7593 break; 7594 default: 7595 return -EOPNOTSUPP; 7596 } 7597 7598 /* be aware of params.vlan when changing code here */ 7599 7600 wdev_lock(dev->ieee80211_ptr); 7601 if (wdev->valid_links) { 7602 if (params.link_sta_params.link_id < 0) { 7603 err = -EINVAL; 7604 goto out; 7605 } 7606 if (!(wdev->valid_links & BIT(params.link_sta_params.link_id))) { 7607 err = -ENOLINK; 7608 goto out; 7609 } 7610 } else { 7611 if (params.link_sta_params.link_id >= 0) { 7612 err = -EINVAL; 7613 goto out; 7614 } 7615 } 7616 err = rdev_add_station(rdev, dev, mac_addr, ¶ms); 7617 out: 7618 wdev_unlock(dev->ieee80211_ptr); 7619 dev_put(params.vlan); 7620 return err; 7621 } 7622 7623 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 7624 { 7625 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7626 struct net_device *dev = info->user_ptr[1]; 7627 struct station_del_parameters params; 7628 int ret; 7629 7630 memset(¶ms, 0, sizeof(params)); 7631 7632 if (info->attrs[NL80211_ATTR_MAC]) 7633 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]); 7634 7635 switch (dev->ieee80211_ptr->iftype) { 7636 case NL80211_IFTYPE_AP: 7637 case NL80211_IFTYPE_AP_VLAN: 7638 case NL80211_IFTYPE_MESH_POINT: 7639 case NL80211_IFTYPE_P2P_GO: 7640 /* always accept these */ 7641 break; 7642 case NL80211_IFTYPE_ADHOC: 7643 /* conditionally accept */ 7644 if (wiphy_ext_feature_isset(&rdev->wiphy, 7645 NL80211_EXT_FEATURE_DEL_IBSS_STA)) 7646 break; 7647 return -EINVAL; 7648 default: 7649 return -EINVAL; 7650 } 7651 7652 if (!rdev->ops->del_station) 7653 return -EOPNOTSUPP; 7654 7655 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) { 7656 params.subtype = 7657 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]); 7658 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 && 7659 params.subtype != IEEE80211_STYPE_DEAUTH >> 4) 7660 return -EINVAL; 7661 } else { 7662 /* Default to Deauthentication frame */ 7663 params.subtype = IEEE80211_STYPE_DEAUTH >> 4; 7664 } 7665 7666 if (info->attrs[NL80211_ATTR_REASON_CODE]) { 7667 params.reason_code = 7668 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 7669 if (params.reason_code == 0) 7670 return -EINVAL; /* 0 is reserved */ 7671 } else { 7672 /* Default to reason code 2 */ 7673 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID; 7674 } 7675 7676 wdev_lock(dev->ieee80211_ptr); 7677 ret = rdev_del_station(rdev, dev, ¶ms); 7678 wdev_unlock(dev->ieee80211_ptr); 7679 7680 return ret; 7681 } 7682 7683 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq, 7684 int flags, struct net_device *dev, 7685 u8 *dst, u8 *next_hop, 7686 struct mpath_info *pinfo) 7687 { 7688 void *hdr; 7689 struct nlattr *pinfoattr; 7690 7691 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH); 7692 if (!hdr) 7693 return -1; 7694 7695 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 7696 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || 7697 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) || 7698 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation)) 7699 goto nla_put_failure; 7700 7701 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO); 7702 if (!pinfoattr) 7703 goto nla_put_failure; 7704 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) && 7705 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 7706 pinfo->frame_qlen)) 7707 goto nla_put_failure; 7708 if (((pinfo->filled & MPATH_INFO_SN) && 7709 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) || 7710 ((pinfo->filled & MPATH_INFO_METRIC) && 7711 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC, 7712 pinfo->metric)) || 7713 ((pinfo->filled & MPATH_INFO_EXPTIME) && 7714 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME, 7715 pinfo->exptime)) || 7716 ((pinfo->filled & MPATH_INFO_FLAGS) && 7717 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS, 7718 pinfo->flags)) || 7719 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) && 7720 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 7721 pinfo->discovery_timeout)) || 7722 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) && 7723 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 7724 pinfo->discovery_retries)) || 7725 ((pinfo->filled & MPATH_INFO_HOP_COUNT) && 7726 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT, 7727 pinfo->hop_count)) || 7728 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) && 7729 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE, 7730 pinfo->path_change_count))) 7731 goto nla_put_failure; 7732 7733 nla_nest_end(msg, pinfoattr); 7734 7735 genlmsg_end(msg, hdr); 7736 return 0; 7737 7738 nla_put_failure: 7739 genlmsg_cancel(msg, hdr); 7740 return -EMSGSIZE; 7741 } 7742 7743 static int nl80211_dump_mpath(struct sk_buff *skb, 7744 struct netlink_callback *cb) 7745 { 7746 struct mpath_info pinfo; 7747 struct cfg80211_registered_device *rdev; 7748 struct wireless_dev *wdev; 7749 u8 dst[ETH_ALEN]; 7750 u8 next_hop[ETH_ALEN]; 7751 int path_idx = cb->args[2]; 7752 int err; 7753 7754 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL); 7755 if (err) 7756 return err; 7757 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 7758 __acquire(&rdev->wiphy.mtx); 7759 7760 if (!rdev->ops->dump_mpath) { 7761 err = -EOPNOTSUPP; 7762 goto out_err; 7763 } 7764 7765 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) { 7766 err = -EOPNOTSUPP; 7767 goto out_err; 7768 } 7769 7770 while (1) { 7771 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst, 7772 next_hop, &pinfo); 7773 if (err == -ENOENT) 7774 break; 7775 if (err) 7776 goto out_err; 7777 7778 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 7779 cb->nlh->nlmsg_seq, NLM_F_MULTI, 7780 wdev->netdev, dst, next_hop, 7781 &pinfo) < 0) 7782 goto out; 7783 7784 path_idx++; 7785 } 7786 7787 out: 7788 cb->args[2] = path_idx; 7789 err = skb->len; 7790 out_err: 7791 wiphy_unlock(&rdev->wiphy); 7792 return err; 7793 } 7794 7795 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 7796 { 7797 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7798 int err; 7799 struct net_device *dev = info->user_ptr[1]; 7800 struct mpath_info pinfo; 7801 struct sk_buff *msg; 7802 u8 *dst = NULL; 7803 u8 next_hop[ETH_ALEN]; 7804 7805 memset(&pinfo, 0, sizeof(pinfo)); 7806 7807 if (!info->attrs[NL80211_ATTR_MAC]) 7808 return -EINVAL; 7809 7810 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 7811 7812 if (!rdev->ops->get_mpath) 7813 return -EOPNOTSUPP; 7814 7815 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 7816 return -EOPNOTSUPP; 7817 7818 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo); 7819 if (err) 7820 return err; 7821 7822 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7823 if (!msg) 7824 return -ENOMEM; 7825 7826 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 7827 dev, dst, next_hop, &pinfo) < 0) { 7828 nlmsg_free(msg); 7829 return -ENOBUFS; 7830 } 7831 7832 return genlmsg_reply(msg, info); 7833 } 7834 7835 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 7836 { 7837 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7838 struct net_device *dev = info->user_ptr[1]; 7839 u8 *dst = NULL; 7840 u8 *next_hop = NULL; 7841 7842 if (!info->attrs[NL80211_ATTR_MAC]) 7843 return -EINVAL; 7844 7845 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 7846 return -EINVAL; 7847 7848 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 7849 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 7850 7851 if (!rdev->ops->change_mpath) 7852 return -EOPNOTSUPP; 7853 7854 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 7855 return -EOPNOTSUPP; 7856 7857 return rdev_change_mpath(rdev, dev, dst, next_hop); 7858 } 7859 7860 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 7861 { 7862 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7863 struct net_device *dev = info->user_ptr[1]; 7864 u8 *dst = NULL; 7865 u8 *next_hop = NULL; 7866 7867 if (!info->attrs[NL80211_ATTR_MAC]) 7868 return -EINVAL; 7869 7870 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 7871 return -EINVAL; 7872 7873 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 7874 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 7875 7876 if (!rdev->ops->add_mpath) 7877 return -EOPNOTSUPP; 7878 7879 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 7880 return -EOPNOTSUPP; 7881 7882 return rdev_add_mpath(rdev, dev, dst, next_hop); 7883 } 7884 7885 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 7886 { 7887 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7888 struct net_device *dev = info->user_ptr[1]; 7889 u8 *dst = NULL; 7890 7891 if (info->attrs[NL80211_ATTR_MAC]) 7892 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 7893 7894 if (!rdev->ops->del_mpath) 7895 return -EOPNOTSUPP; 7896 7897 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 7898 return -EOPNOTSUPP; 7899 7900 return rdev_del_mpath(rdev, dev, dst); 7901 } 7902 7903 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info) 7904 { 7905 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7906 int err; 7907 struct net_device *dev = info->user_ptr[1]; 7908 struct mpath_info pinfo; 7909 struct sk_buff *msg; 7910 u8 *dst = NULL; 7911 u8 mpp[ETH_ALEN]; 7912 7913 memset(&pinfo, 0, sizeof(pinfo)); 7914 7915 if (!info->attrs[NL80211_ATTR_MAC]) 7916 return -EINVAL; 7917 7918 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 7919 7920 if (!rdev->ops->get_mpp) 7921 return -EOPNOTSUPP; 7922 7923 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 7924 return -EOPNOTSUPP; 7925 7926 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo); 7927 if (err) 7928 return err; 7929 7930 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7931 if (!msg) 7932 return -ENOMEM; 7933 7934 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 7935 dev, dst, mpp, &pinfo) < 0) { 7936 nlmsg_free(msg); 7937 return -ENOBUFS; 7938 } 7939 7940 return genlmsg_reply(msg, info); 7941 } 7942 7943 static int nl80211_dump_mpp(struct sk_buff *skb, 7944 struct netlink_callback *cb) 7945 { 7946 struct mpath_info pinfo; 7947 struct cfg80211_registered_device *rdev; 7948 struct wireless_dev *wdev; 7949 u8 dst[ETH_ALEN]; 7950 u8 mpp[ETH_ALEN]; 7951 int path_idx = cb->args[2]; 7952 int err; 7953 7954 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL); 7955 if (err) 7956 return err; 7957 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 7958 __acquire(&rdev->wiphy.mtx); 7959 7960 if (!rdev->ops->dump_mpp) { 7961 err = -EOPNOTSUPP; 7962 goto out_err; 7963 } 7964 7965 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) { 7966 err = -EOPNOTSUPP; 7967 goto out_err; 7968 } 7969 7970 while (1) { 7971 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst, 7972 mpp, &pinfo); 7973 if (err == -ENOENT) 7974 break; 7975 if (err) 7976 goto out_err; 7977 7978 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 7979 cb->nlh->nlmsg_seq, NLM_F_MULTI, 7980 wdev->netdev, dst, mpp, 7981 &pinfo) < 0) 7982 goto out; 7983 7984 path_idx++; 7985 } 7986 7987 out: 7988 cb->args[2] = path_idx; 7989 err = skb->len; 7990 out_err: 7991 wiphy_unlock(&rdev->wiphy); 7992 return err; 7993 } 7994 7995 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 7996 { 7997 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7998 struct net_device *dev = info->user_ptr[1]; 7999 struct wireless_dev *wdev = dev->ieee80211_ptr; 8000 struct bss_parameters params; 8001 int err; 8002 8003 memset(¶ms, 0, sizeof(params)); 8004 params.link_id = nl80211_link_id_or_invalid(info->attrs); 8005 /* default to not changing parameters */ 8006 params.use_cts_prot = -1; 8007 params.use_short_preamble = -1; 8008 params.use_short_slot_time = -1; 8009 params.ap_isolate = -1; 8010 params.ht_opmode = -1; 8011 params.p2p_ctwindow = -1; 8012 params.p2p_opp_ps = -1; 8013 8014 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 8015 params.use_cts_prot = 8016 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 8017 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 8018 params.use_short_preamble = 8019 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 8020 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 8021 params.use_short_slot_time = 8022 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 8023 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 8024 params.basic_rates = 8025 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 8026 params.basic_rates_len = 8027 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 8028 } 8029 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 8030 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 8031 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 8032 params.ht_opmode = 8033 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 8034 8035 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 8036 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 8037 return -EINVAL; 8038 params.p2p_ctwindow = 8039 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 8040 if (params.p2p_ctwindow != 0 && 8041 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 8042 return -EINVAL; 8043 } 8044 8045 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 8046 u8 tmp; 8047 8048 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 8049 return -EINVAL; 8050 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 8051 params.p2p_opp_ps = tmp; 8052 if (params.p2p_opp_ps && 8053 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 8054 return -EINVAL; 8055 } 8056 8057 if (!rdev->ops->change_bss) 8058 return -EOPNOTSUPP; 8059 8060 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 8061 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 8062 return -EOPNOTSUPP; 8063 8064 wdev_lock(wdev); 8065 err = rdev_change_bss(rdev, dev, ¶ms); 8066 wdev_unlock(wdev); 8067 8068 return err; 8069 } 8070 8071 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 8072 { 8073 char *data = NULL; 8074 bool is_indoor; 8075 enum nl80211_user_reg_hint_type user_reg_hint_type; 8076 u32 owner_nlportid; 8077 8078 /* 8079 * You should only get this when cfg80211 hasn't yet initialized 8080 * completely when built-in to the kernel right between the time 8081 * window between nl80211_init() and regulatory_init(), if that is 8082 * even possible. 8083 */ 8084 if (unlikely(!rcu_access_pointer(cfg80211_regdomain))) 8085 return -EINPROGRESS; 8086 8087 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]) 8088 user_reg_hint_type = 8089 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]); 8090 else 8091 user_reg_hint_type = NL80211_USER_REG_HINT_USER; 8092 8093 switch (user_reg_hint_type) { 8094 case NL80211_USER_REG_HINT_USER: 8095 case NL80211_USER_REG_HINT_CELL_BASE: 8096 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 8097 return -EINVAL; 8098 8099 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 8100 return regulatory_hint_user(data, user_reg_hint_type); 8101 case NL80211_USER_REG_HINT_INDOOR: 8102 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 8103 owner_nlportid = info->snd_portid; 8104 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR]; 8105 } else { 8106 owner_nlportid = 0; 8107 is_indoor = true; 8108 } 8109 8110 return regulatory_hint_indoor(is_indoor, owner_nlportid); 8111 default: 8112 return -EINVAL; 8113 } 8114 } 8115 8116 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info) 8117 { 8118 return reg_reload_regdb(); 8119 } 8120 8121 static int nl80211_get_mesh_config(struct sk_buff *skb, 8122 struct genl_info *info) 8123 { 8124 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8125 struct net_device *dev = info->user_ptr[1]; 8126 struct wireless_dev *wdev = dev->ieee80211_ptr; 8127 struct mesh_config cur_params; 8128 int err = 0; 8129 void *hdr; 8130 struct nlattr *pinfoattr; 8131 struct sk_buff *msg; 8132 8133 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 8134 return -EOPNOTSUPP; 8135 8136 if (!rdev->ops->get_mesh_config) 8137 return -EOPNOTSUPP; 8138 8139 wdev_lock(wdev); 8140 /* If not connected, get default parameters */ 8141 if (!wdev->u.mesh.id_len) 8142 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 8143 else 8144 err = rdev_get_mesh_config(rdev, dev, &cur_params); 8145 wdev_unlock(wdev); 8146 8147 if (err) 8148 return err; 8149 8150 /* Draw up a netlink message to send back */ 8151 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8152 if (!msg) 8153 return -ENOMEM; 8154 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 8155 NL80211_CMD_GET_MESH_CONFIG); 8156 if (!hdr) 8157 goto out; 8158 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG); 8159 if (!pinfoattr) 8160 goto nla_put_failure; 8161 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8162 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 8163 cur_params.dot11MeshRetryTimeout) || 8164 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 8165 cur_params.dot11MeshConfirmTimeout) || 8166 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 8167 cur_params.dot11MeshHoldingTimeout) || 8168 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 8169 cur_params.dot11MeshMaxPeerLinks) || 8170 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES, 8171 cur_params.dot11MeshMaxRetries) || 8172 nla_put_u8(msg, NL80211_MESHCONF_TTL, 8173 cur_params.dot11MeshTTL) || 8174 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL, 8175 cur_params.element_ttl) || 8176 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 8177 cur_params.auto_open_plinks) || 8178 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 8179 cur_params.dot11MeshNbrOffsetMaxNeighbor) || 8180 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 8181 cur_params.dot11MeshHWMPmaxPREQretries) || 8182 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 8183 cur_params.path_refresh_time) || 8184 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 8185 cur_params.min_discovery_timeout) || 8186 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 8187 cur_params.dot11MeshHWMPactivePathTimeout) || 8188 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 8189 cur_params.dot11MeshHWMPpreqMinInterval) || 8190 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 8191 cur_params.dot11MeshHWMPperrMinInterval) || 8192 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 8193 cur_params.dot11MeshHWMPnetDiameterTraversalTime) || 8194 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 8195 cur_params.dot11MeshHWMPRootMode) || 8196 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 8197 cur_params.dot11MeshHWMPRannInterval) || 8198 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 8199 cur_params.dot11MeshGateAnnouncementProtocol) || 8200 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING, 8201 cur_params.dot11MeshForwarding) || 8202 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 8203 cur_params.rssi_threshold) || 8204 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE, 8205 cur_params.ht_opmode) || 8206 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 8207 cur_params.dot11MeshHWMPactivePathToRootTimeout) || 8208 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 8209 cur_params.dot11MeshHWMProotInterval) || 8210 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 8211 cur_params.dot11MeshHWMPconfirmationInterval) || 8212 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE, 8213 cur_params.power_mode) || 8214 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW, 8215 cur_params.dot11MeshAwakeWindowDuration) || 8216 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT, 8217 cur_params.plink_timeout) || 8218 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE, 8219 cur_params.dot11MeshConnectedToMeshGate) || 8220 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN, 8221 cur_params.dot11MeshNolearn) || 8222 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS, 8223 cur_params.dot11MeshConnectedToAuthServer)) 8224 goto nla_put_failure; 8225 nla_nest_end(msg, pinfoattr); 8226 genlmsg_end(msg, hdr); 8227 return genlmsg_reply(msg, info); 8228 8229 nla_put_failure: 8230 out: 8231 nlmsg_free(msg); 8232 return -ENOBUFS; 8233 } 8234 8235 static const struct nla_policy 8236 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 8237 [NL80211_MESHCONF_RETRY_TIMEOUT] = 8238 NLA_POLICY_RANGE(NLA_U16, 1, 255), 8239 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = 8240 NLA_POLICY_RANGE(NLA_U16, 1, 255), 8241 [NL80211_MESHCONF_HOLDING_TIMEOUT] = 8242 NLA_POLICY_RANGE(NLA_U16, 1, 255), 8243 [NL80211_MESHCONF_MAX_PEER_LINKS] = 8244 NLA_POLICY_RANGE(NLA_U16, 0, 255), 8245 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16), 8246 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1), 8247 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1), 8248 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1), 8249 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = 8250 NLA_POLICY_RANGE(NLA_U32, 1, 255), 8251 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 8252 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 8253 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1), 8254 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 8255 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = 8256 NLA_POLICY_MIN(NLA_U16, 1), 8257 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = 8258 NLA_POLICY_MIN(NLA_U16, 1), 8259 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = 8260 NLA_POLICY_MIN(NLA_U16, 1), 8261 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4), 8262 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = 8263 NLA_POLICY_MIN(NLA_U16, 1), 8264 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1), 8265 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1), 8266 [NL80211_MESHCONF_RSSI_THRESHOLD] = 8267 NLA_POLICY_RANGE(NLA_S32, -255, 0), 8268 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 }, 8269 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 }, 8270 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = 8271 NLA_POLICY_MIN(NLA_U16, 1), 8272 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = 8273 NLA_POLICY_MIN(NLA_U16, 1), 8274 [NL80211_MESHCONF_POWER_MODE] = 8275 NLA_POLICY_RANGE(NLA_U32, 8276 NL80211_MESH_POWER_ACTIVE, 8277 NL80211_MESH_POWER_MAX), 8278 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 }, 8279 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 }, 8280 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1), 8281 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1), 8282 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1), 8283 }; 8284 8285 static const struct nla_policy 8286 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 8287 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 }, 8288 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 8289 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 8290 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 8291 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 }, 8292 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG }, 8293 [NL80211_MESH_SETUP_IE] = 8294 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr, 8295 IEEE80211_MAX_DATA_LEN), 8296 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 8297 }; 8298 8299 static int nl80211_parse_mesh_config(struct genl_info *info, 8300 struct mesh_config *cfg, 8301 u32 *mask_out) 8302 { 8303 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 8304 u32 mask = 0; 8305 u16 ht_opmode; 8306 8307 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \ 8308 do { \ 8309 if (tb[attr]) { \ 8310 cfg->param = fn(tb[attr]); \ 8311 mask |= BIT((attr) - 1); \ 8312 } \ 8313 } while (0) 8314 8315 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 8316 return -EINVAL; 8317 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack)) 8318 return -EINVAL; 8319 8320 /* This makes sure that there aren't more than 32 mesh config 8321 * parameters (otherwise our bitfield scheme would not work.) */ 8322 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 8323 8324 /* Fill in the params struct */ 8325 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask, 8326 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16); 8327 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask, 8328 NL80211_MESHCONF_CONFIRM_TIMEOUT, 8329 nla_get_u16); 8330 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask, 8331 NL80211_MESHCONF_HOLDING_TIMEOUT, 8332 nla_get_u16); 8333 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask, 8334 NL80211_MESHCONF_MAX_PEER_LINKS, 8335 nla_get_u16); 8336 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask, 8337 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8); 8338 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask, 8339 NL80211_MESHCONF_TTL, nla_get_u8); 8340 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask, 8341 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8); 8342 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask, 8343 NL80211_MESHCONF_AUTO_OPEN_PLINKS, 8344 nla_get_u8); 8345 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, 8346 mask, 8347 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 8348 nla_get_u32); 8349 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask, 8350 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 8351 nla_get_u8); 8352 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask, 8353 NL80211_MESHCONF_PATH_REFRESH_TIME, 8354 nla_get_u32); 8355 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) && 8356 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535)) 8357 return -EINVAL; 8358 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask, 8359 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 8360 nla_get_u16); 8361 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 8362 mask, 8363 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 8364 nla_get_u32); 8365 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) && 8366 (cfg->dot11MeshHWMPactivePathTimeout < 1 || 8367 cfg->dot11MeshHWMPactivePathTimeout > 65535)) 8368 return -EINVAL; 8369 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask, 8370 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 8371 nla_get_u16); 8372 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask, 8373 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 8374 nla_get_u16); 8375 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 8376 dot11MeshHWMPnetDiameterTraversalTime, mask, 8377 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 8378 nla_get_u16); 8379 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask, 8380 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8); 8381 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask, 8382 NL80211_MESHCONF_HWMP_RANN_INTERVAL, 8383 nla_get_u16); 8384 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol, 8385 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 8386 nla_get_u8); 8387 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask, 8388 NL80211_MESHCONF_FORWARDING, nla_get_u8); 8389 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask, 8390 NL80211_MESHCONF_RSSI_THRESHOLD, 8391 nla_get_s32); 8392 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask, 8393 NL80211_MESHCONF_CONNECTED_TO_GATE, 8394 nla_get_u8); 8395 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask, 8396 NL80211_MESHCONF_CONNECTED_TO_AS, 8397 nla_get_u8); 8398 /* 8399 * Check HT operation mode based on 8400 * IEEE 802.11-2016 9.4.2.57 HT Operation element. 8401 */ 8402 if (tb[NL80211_MESHCONF_HT_OPMODE]) { 8403 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]); 8404 8405 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION | 8406 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT | 8407 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT)) 8408 return -EINVAL; 8409 8410 /* NON_HT_STA bit is reserved, but some programs set it */ 8411 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT; 8412 8413 cfg->ht_opmode = ht_opmode; 8414 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1)); 8415 } 8416 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 8417 dot11MeshHWMPactivePathToRootTimeout, mask, 8418 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 8419 nla_get_u32); 8420 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) && 8421 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 || 8422 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535)) 8423 return -EINVAL; 8424 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask, 8425 NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 8426 nla_get_u16); 8427 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval, 8428 mask, 8429 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 8430 nla_get_u16); 8431 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask, 8432 NL80211_MESHCONF_POWER_MODE, nla_get_u32); 8433 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask, 8434 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16); 8435 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask, 8436 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32); 8437 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask, 8438 NL80211_MESHCONF_NOLEARN, nla_get_u8); 8439 if (mask_out) 8440 *mask_out = mask; 8441 8442 return 0; 8443 8444 #undef FILL_IN_MESH_PARAM_IF_SET 8445 } 8446 8447 static int nl80211_parse_mesh_setup(struct genl_info *info, 8448 struct mesh_setup *setup) 8449 { 8450 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8451 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 8452 8453 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 8454 return -EINVAL; 8455 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack)) 8456 return -EINVAL; 8457 8458 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC]) 8459 setup->sync_method = 8460 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ? 8461 IEEE80211_SYNC_METHOD_VENDOR : 8462 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET; 8463 8464 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 8465 setup->path_sel_proto = 8466 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 8467 IEEE80211_PATH_PROTOCOL_VENDOR : 8468 IEEE80211_PATH_PROTOCOL_HWMP; 8469 8470 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 8471 setup->path_metric = 8472 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 8473 IEEE80211_PATH_METRIC_VENDOR : 8474 IEEE80211_PATH_METRIC_AIRTIME; 8475 8476 if (tb[NL80211_MESH_SETUP_IE]) { 8477 struct nlattr *ieattr = 8478 tb[NL80211_MESH_SETUP_IE]; 8479 setup->ie = nla_data(ieattr); 8480 setup->ie_len = nla_len(ieattr); 8481 } 8482 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] && 8483 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM)) 8484 return -EINVAL; 8485 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]); 8486 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 8487 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 8488 if (setup->is_secure) 8489 setup->user_mpm = true; 8490 8491 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) { 8492 if (!setup->user_mpm) 8493 return -EINVAL; 8494 setup->auth_id = 8495 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]); 8496 } 8497 8498 return 0; 8499 } 8500 8501 static int nl80211_update_mesh_config(struct sk_buff *skb, 8502 struct genl_info *info) 8503 { 8504 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8505 struct net_device *dev = info->user_ptr[1]; 8506 struct wireless_dev *wdev = dev->ieee80211_ptr; 8507 struct mesh_config cfg = {}; 8508 u32 mask; 8509 int err; 8510 8511 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 8512 return -EOPNOTSUPP; 8513 8514 if (!rdev->ops->update_mesh_config) 8515 return -EOPNOTSUPP; 8516 8517 err = nl80211_parse_mesh_config(info, &cfg, &mask); 8518 if (err) 8519 return err; 8520 8521 wdev_lock(wdev); 8522 if (!wdev->u.mesh.id_len) 8523 err = -ENOLINK; 8524 8525 if (!err) 8526 err = rdev_update_mesh_config(rdev, dev, mask, &cfg); 8527 8528 wdev_unlock(wdev); 8529 8530 return err; 8531 } 8532 8533 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom, 8534 struct sk_buff *msg) 8535 { 8536 struct nlattr *nl_reg_rules; 8537 unsigned int i; 8538 8539 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) || 8540 (regdom->dfs_region && 8541 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region))) 8542 goto nla_put_failure; 8543 8544 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES); 8545 if (!nl_reg_rules) 8546 goto nla_put_failure; 8547 8548 for (i = 0; i < regdom->n_reg_rules; i++) { 8549 struct nlattr *nl_reg_rule; 8550 const struct ieee80211_reg_rule *reg_rule; 8551 const struct ieee80211_freq_range *freq_range; 8552 const struct ieee80211_power_rule *power_rule; 8553 unsigned int max_bandwidth_khz; 8554 8555 reg_rule = ®dom->reg_rules[i]; 8556 freq_range = ®_rule->freq_range; 8557 power_rule = ®_rule->power_rule; 8558 8559 nl_reg_rule = nla_nest_start_noflag(msg, i); 8560 if (!nl_reg_rule) 8561 goto nla_put_failure; 8562 8563 max_bandwidth_khz = freq_range->max_bandwidth_khz; 8564 if (!max_bandwidth_khz) 8565 max_bandwidth_khz = reg_get_max_bandwidth(regdom, 8566 reg_rule); 8567 8568 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS, 8569 reg_rule->flags) || 8570 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START, 8571 freq_range->start_freq_khz) || 8572 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END, 8573 freq_range->end_freq_khz) || 8574 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 8575 max_bandwidth_khz) || 8576 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 8577 power_rule->max_antenna_gain) || 8578 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 8579 power_rule->max_eirp) || 8580 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME, 8581 reg_rule->dfs_cac_ms)) 8582 goto nla_put_failure; 8583 8584 nla_nest_end(msg, nl_reg_rule); 8585 } 8586 8587 nla_nest_end(msg, nl_reg_rules); 8588 return 0; 8589 8590 nla_put_failure: 8591 return -EMSGSIZE; 8592 } 8593 8594 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info) 8595 { 8596 const struct ieee80211_regdomain *regdom = NULL; 8597 struct cfg80211_registered_device *rdev; 8598 struct wiphy *wiphy = NULL; 8599 struct sk_buff *msg; 8600 int err = -EMSGSIZE; 8601 void *hdr; 8602 8603 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8604 if (!msg) 8605 return -ENOBUFS; 8606 8607 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 8608 NL80211_CMD_GET_REG); 8609 if (!hdr) 8610 goto put_failure; 8611 8612 rtnl_lock(); 8613 8614 if (info->attrs[NL80211_ATTR_WIPHY]) { 8615 bool self_managed; 8616 8617 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 8618 if (IS_ERR(rdev)) { 8619 err = PTR_ERR(rdev); 8620 goto nla_put_failure; 8621 } 8622 8623 wiphy = &rdev->wiphy; 8624 self_managed = wiphy->regulatory_flags & 8625 REGULATORY_WIPHY_SELF_MANAGED; 8626 8627 rcu_read_lock(); 8628 8629 regdom = get_wiphy_regdom(wiphy); 8630 8631 /* a self-managed-reg device must have a private regdom */ 8632 if (WARN_ON(!regdom && self_managed)) { 8633 err = -EINVAL; 8634 goto nla_put_failure_rcu; 8635 } 8636 8637 if (regdom && 8638 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 8639 goto nla_put_failure_rcu; 8640 } else { 8641 rcu_read_lock(); 8642 } 8643 8644 if (!wiphy && reg_last_request_cell_base() && 8645 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 8646 NL80211_USER_REG_HINT_CELL_BASE)) 8647 goto nla_put_failure_rcu; 8648 8649 if (!regdom) 8650 regdom = rcu_dereference(cfg80211_regdomain); 8651 8652 if (nl80211_put_regdom(regdom, msg)) 8653 goto nla_put_failure_rcu; 8654 8655 rcu_read_unlock(); 8656 8657 genlmsg_end(msg, hdr); 8658 rtnl_unlock(); 8659 return genlmsg_reply(msg, info); 8660 8661 nla_put_failure_rcu: 8662 rcu_read_unlock(); 8663 nla_put_failure: 8664 rtnl_unlock(); 8665 put_failure: 8666 nlmsg_free(msg); 8667 return err; 8668 } 8669 8670 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb, 8671 u32 seq, int flags, struct wiphy *wiphy, 8672 const struct ieee80211_regdomain *regdom) 8673 { 8674 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 8675 NL80211_CMD_GET_REG); 8676 8677 if (!hdr) 8678 return -1; 8679 8680 genl_dump_check_consistent(cb, hdr); 8681 8682 if (nl80211_put_regdom(regdom, msg)) 8683 goto nla_put_failure; 8684 8685 if (!wiphy && reg_last_request_cell_base() && 8686 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 8687 NL80211_USER_REG_HINT_CELL_BASE)) 8688 goto nla_put_failure; 8689 8690 if (wiphy && 8691 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 8692 goto nla_put_failure; 8693 8694 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 8695 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 8696 goto nla_put_failure; 8697 8698 genlmsg_end(msg, hdr); 8699 return 0; 8700 8701 nla_put_failure: 8702 genlmsg_cancel(msg, hdr); 8703 return -EMSGSIZE; 8704 } 8705 8706 static int nl80211_get_reg_dump(struct sk_buff *skb, 8707 struct netlink_callback *cb) 8708 { 8709 const struct ieee80211_regdomain *regdom = NULL; 8710 struct cfg80211_registered_device *rdev; 8711 int err, reg_idx, start = cb->args[2]; 8712 8713 rcu_read_lock(); 8714 8715 if (cfg80211_regdomain && start == 0) { 8716 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq, 8717 NLM_F_MULTI, NULL, 8718 rcu_dereference(cfg80211_regdomain)); 8719 if (err < 0) 8720 goto out_err; 8721 } 8722 8723 /* the global regdom is idx 0 */ 8724 reg_idx = 1; 8725 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 8726 regdom = get_wiphy_regdom(&rdev->wiphy); 8727 if (!regdom) 8728 continue; 8729 8730 if (++reg_idx <= start) 8731 continue; 8732 8733 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq, 8734 NLM_F_MULTI, &rdev->wiphy, regdom); 8735 if (err < 0) { 8736 reg_idx--; 8737 break; 8738 } 8739 } 8740 8741 cb->args[2] = reg_idx; 8742 err = skb->len; 8743 out_err: 8744 rcu_read_unlock(); 8745 return err; 8746 } 8747 8748 #ifdef CONFIG_CFG80211_CRDA_SUPPORT 8749 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 8750 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 8751 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 8752 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 8753 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 8754 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 8755 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 8756 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 }, 8757 }; 8758 8759 static int parse_reg_rule(struct nlattr *tb[], 8760 struct ieee80211_reg_rule *reg_rule) 8761 { 8762 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 8763 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 8764 8765 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 8766 return -EINVAL; 8767 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 8768 return -EINVAL; 8769 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 8770 return -EINVAL; 8771 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 8772 return -EINVAL; 8773 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 8774 return -EINVAL; 8775 8776 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 8777 8778 freq_range->start_freq_khz = 8779 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 8780 freq_range->end_freq_khz = 8781 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 8782 freq_range->max_bandwidth_khz = 8783 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 8784 8785 power_rule->max_eirp = 8786 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 8787 8788 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 8789 power_rule->max_antenna_gain = 8790 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 8791 8792 if (tb[NL80211_ATTR_DFS_CAC_TIME]) 8793 reg_rule->dfs_cac_ms = 8794 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]); 8795 8796 return 0; 8797 } 8798 8799 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 8800 { 8801 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 8802 struct nlattr *nl_reg_rule; 8803 char *alpha2; 8804 int rem_reg_rules, r; 8805 u32 num_rules = 0, rule_idx = 0; 8806 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET; 8807 struct ieee80211_regdomain *rd; 8808 8809 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 8810 return -EINVAL; 8811 8812 if (!info->attrs[NL80211_ATTR_REG_RULES]) 8813 return -EINVAL; 8814 8815 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 8816 8817 if (info->attrs[NL80211_ATTR_DFS_REGION]) 8818 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 8819 8820 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 8821 rem_reg_rules) { 8822 num_rules++; 8823 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 8824 return -EINVAL; 8825 } 8826 8827 rtnl_lock(); 8828 if (!reg_is_valid_request(alpha2)) { 8829 r = -EINVAL; 8830 goto out; 8831 } 8832 8833 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL); 8834 if (!rd) { 8835 r = -ENOMEM; 8836 goto out; 8837 } 8838 8839 rd->n_reg_rules = num_rules; 8840 rd->alpha2[0] = alpha2[0]; 8841 rd->alpha2[1] = alpha2[1]; 8842 8843 /* 8844 * Disable DFS master mode if the DFS region was 8845 * not supported or known on this kernel. 8846 */ 8847 if (reg_supported_dfs_region(dfs_region)) 8848 rd->dfs_region = dfs_region; 8849 8850 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 8851 rem_reg_rules) { 8852 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX, 8853 nl_reg_rule, reg_rule_policy, 8854 info->extack); 8855 if (r) 8856 goto bad_reg; 8857 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 8858 if (r) 8859 goto bad_reg; 8860 8861 rule_idx++; 8862 8863 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 8864 r = -EINVAL; 8865 goto bad_reg; 8866 } 8867 } 8868 8869 r = set_regdom(rd, REGD_SOURCE_CRDA); 8870 /* set_regdom takes ownership of rd */ 8871 rd = NULL; 8872 bad_reg: 8873 kfree(rd); 8874 out: 8875 rtnl_unlock(); 8876 return r; 8877 } 8878 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */ 8879 8880 static int validate_scan_freqs(struct nlattr *freqs) 8881 { 8882 struct nlattr *attr1, *attr2; 8883 int n_channels = 0, tmp1, tmp2; 8884 8885 nla_for_each_nested(attr1, freqs, tmp1) 8886 if (nla_len(attr1) != sizeof(u32)) 8887 return 0; 8888 8889 nla_for_each_nested(attr1, freqs, tmp1) { 8890 n_channels++; 8891 /* 8892 * Some hardware has a limited channel list for 8893 * scanning, and it is pretty much nonsensical 8894 * to scan for a channel twice, so disallow that 8895 * and don't require drivers to check that the 8896 * channel list they get isn't longer than what 8897 * they can scan, as long as they can scan all 8898 * the channels they registered at once. 8899 */ 8900 nla_for_each_nested(attr2, freqs, tmp2) 8901 if (attr1 != attr2 && 8902 nla_get_u32(attr1) == nla_get_u32(attr2)) 8903 return 0; 8904 } 8905 8906 return n_channels; 8907 } 8908 8909 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b) 8910 { 8911 return b < NUM_NL80211_BANDS && wiphy->bands[b]; 8912 } 8913 8914 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy, 8915 struct cfg80211_bss_selection *bss_select) 8916 { 8917 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1]; 8918 struct nlattr *nest; 8919 int err; 8920 bool found = false; 8921 int i; 8922 8923 /* only process one nested attribute */ 8924 nest = nla_data(nla); 8925 if (!nla_ok(nest, nla_len(nest))) 8926 return -EINVAL; 8927 8928 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX, 8929 nest, nl80211_bss_select_policy, 8930 NULL); 8931 if (err) 8932 return err; 8933 8934 /* only one attribute may be given */ 8935 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) { 8936 if (attr[i]) { 8937 if (found) 8938 return -EINVAL; 8939 found = true; 8940 } 8941 } 8942 8943 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID; 8944 8945 if (attr[NL80211_BSS_SELECT_ATTR_RSSI]) 8946 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI; 8947 8948 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) { 8949 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF; 8950 bss_select->param.band_pref = 8951 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]); 8952 if (!is_band_valid(wiphy, bss_select->param.band_pref)) 8953 return -EINVAL; 8954 } 8955 8956 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) { 8957 struct nl80211_bss_select_rssi_adjust *adj_param; 8958 8959 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]); 8960 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST; 8961 bss_select->param.adjust.band = adj_param->band; 8962 bss_select->param.adjust.delta = adj_param->delta; 8963 if (!is_band_valid(wiphy, bss_select->param.adjust.band)) 8964 return -EINVAL; 8965 } 8966 8967 /* user-space did not provide behaviour attribute */ 8968 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID) 8969 return -EINVAL; 8970 8971 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour))) 8972 return -EINVAL; 8973 8974 return 0; 8975 } 8976 8977 int nl80211_parse_random_mac(struct nlattr **attrs, 8978 u8 *mac_addr, u8 *mac_addr_mask) 8979 { 8980 int i; 8981 8982 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) { 8983 eth_zero_addr(mac_addr); 8984 eth_zero_addr(mac_addr_mask); 8985 mac_addr[0] = 0x2; 8986 mac_addr_mask[0] = 0x3; 8987 8988 return 0; 8989 } 8990 8991 /* need both or none */ 8992 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK]) 8993 return -EINVAL; 8994 8995 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN); 8996 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN); 8997 8998 /* don't allow or configure an mcast address */ 8999 if (!is_multicast_ether_addr(mac_addr_mask) || 9000 is_multicast_ether_addr(mac_addr)) 9001 return -EINVAL; 9002 9003 /* 9004 * allow users to pass a MAC address that has bits set outside 9005 * of the mask, but don't bother drivers with having to deal 9006 * with such bits 9007 */ 9008 for (i = 0; i < ETH_ALEN; i++) 9009 mac_addr[i] &= mac_addr_mask[i]; 9010 9011 return 0; 9012 } 9013 9014 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev, 9015 struct ieee80211_channel *chan) 9016 { 9017 unsigned int link_id; 9018 bool all_ok = true; 9019 9020 ASSERT_WDEV_LOCK(wdev); 9021 9022 if (!cfg80211_beaconing_iface_active(wdev)) 9023 return true; 9024 9025 /* 9026 * FIXME: check if we have a free HW resource/link for chan 9027 * 9028 * This, as well as the FIXME below, requires knowing the link 9029 * capabilities of the hardware. 9030 */ 9031 9032 /* we cannot leave radar channels */ 9033 for_each_valid_link(wdev, link_id) { 9034 struct cfg80211_chan_def *chandef; 9035 9036 chandef = wdev_chandef(wdev, link_id); 9037 if (!chandef || !chandef->chan) 9038 continue; 9039 9040 /* 9041 * FIXME: don't require all_ok, but rather check only the 9042 * correct HW resource/link onto which 'chan' falls, 9043 * as only that link leaves the channel for doing 9044 * the off-channel operation. 9045 */ 9046 9047 if (chandef->chan->flags & IEEE80211_CHAN_RADAR) 9048 all_ok = false; 9049 } 9050 9051 if (all_ok) 9052 return true; 9053 9054 return regulatory_pre_cac_allowed(wdev->wiphy); 9055 } 9056 9057 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag, 9058 enum nl80211_ext_feature_index feat) 9059 { 9060 if (!(flags & flag)) 9061 return true; 9062 if (wiphy_ext_feature_isset(wiphy, feat)) 9063 return true; 9064 return false; 9065 } 9066 9067 static int 9068 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev, 9069 void *request, struct nlattr **attrs, 9070 bool is_sched_scan) 9071 { 9072 u8 *mac_addr, *mac_addr_mask; 9073 u32 *flags; 9074 enum nl80211_feature_flags randomness_flag; 9075 9076 if (!attrs[NL80211_ATTR_SCAN_FLAGS]) 9077 return 0; 9078 9079 if (is_sched_scan) { 9080 struct cfg80211_sched_scan_request *req = request; 9081 9082 randomness_flag = wdev ? 9083 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR : 9084 NL80211_FEATURE_ND_RANDOM_MAC_ADDR; 9085 flags = &req->flags; 9086 mac_addr = req->mac_addr; 9087 mac_addr_mask = req->mac_addr_mask; 9088 } else { 9089 struct cfg80211_scan_request *req = request; 9090 9091 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR; 9092 flags = &req->flags; 9093 mac_addr = req->mac_addr; 9094 mac_addr_mask = req->mac_addr_mask; 9095 } 9096 9097 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]); 9098 9099 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 9100 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) || 9101 !nl80211_check_scan_feat(wiphy, *flags, 9102 NL80211_SCAN_FLAG_LOW_SPAN, 9103 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) || 9104 !nl80211_check_scan_feat(wiphy, *flags, 9105 NL80211_SCAN_FLAG_LOW_POWER, 9106 NL80211_EXT_FEATURE_LOW_POWER_SCAN) || 9107 !nl80211_check_scan_feat(wiphy, *flags, 9108 NL80211_SCAN_FLAG_HIGH_ACCURACY, 9109 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) || 9110 !nl80211_check_scan_feat(wiphy, *flags, 9111 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME, 9112 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) || 9113 !nl80211_check_scan_feat(wiphy, *flags, 9114 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP, 9115 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) || 9116 !nl80211_check_scan_feat(wiphy, *flags, 9117 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION, 9118 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) || 9119 !nl80211_check_scan_feat(wiphy, *flags, 9120 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE, 9121 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) || 9122 !nl80211_check_scan_feat(wiphy, *flags, 9123 NL80211_SCAN_FLAG_RANDOM_SN, 9124 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) || 9125 !nl80211_check_scan_feat(wiphy, *flags, 9126 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT, 9127 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT)) 9128 return -EOPNOTSUPP; 9129 9130 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) { 9131 int err; 9132 9133 if (!(wiphy->features & randomness_flag) || 9134 (wdev && wdev->connected)) 9135 return -EOPNOTSUPP; 9136 9137 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask); 9138 if (err) 9139 return err; 9140 } 9141 9142 return 0; 9143 } 9144 9145 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 9146 { 9147 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9148 struct wireless_dev *wdev = info->user_ptr[1]; 9149 struct cfg80211_scan_request *request; 9150 struct nlattr *scan_freqs = NULL; 9151 bool scan_freqs_khz = false; 9152 struct nlattr *attr; 9153 struct wiphy *wiphy; 9154 int err, tmp, n_ssids = 0, n_channels, i; 9155 size_t ie_len, size; 9156 size_t ssids_offset, ie_offset; 9157 9158 wiphy = &rdev->wiphy; 9159 9160 if (wdev->iftype == NL80211_IFTYPE_NAN) 9161 return -EOPNOTSUPP; 9162 9163 if (!rdev->ops->scan) 9164 return -EOPNOTSUPP; 9165 9166 if (rdev->scan_req || rdev->scan_msg) 9167 return -EBUSY; 9168 9169 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) { 9170 if (!wiphy_ext_feature_isset(wiphy, 9171 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ)) 9172 return -EOPNOTSUPP; 9173 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]; 9174 scan_freqs_khz = true; 9175 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) 9176 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]; 9177 9178 if (scan_freqs) { 9179 n_channels = validate_scan_freqs(scan_freqs); 9180 if (!n_channels) 9181 return -EINVAL; 9182 } else { 9183 n_channels = ieee80211_get_num_supported_channels(wiphy); 9184 } 9185 9186 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 9187 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 9188 n_ssids++; 9189 9190 if (n_ssids > wiphy->max_scan_ssids) 9191 return -EINVAL; 9192 9193 if (info->attrs[NL80211_ATTR_IE]) 9194 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 9195 else 9196 ie_len = 0; 9197 9198 if (ie_len > wiphy->max_scan_ie_len) 9199 return -EINVAL; 9200 9201 size = struct_size(request, channels, n_channels); 9202 ssids_offset = size; 9203 size = size_add(size, array_size(sizeof(*request->ssids), n_ssids)); 9204 ie_offset = size; 9205 size = size_add(size, ie_len); 9206 request = kzalloc(size, GFP_KERNEL); 9207 if (!request) 9208 return -ENOMEM; 9209 request->n_channels = n_channels; 9210 9211 if (n_ssids) 9212 request->ssids = (void *)request + ssids_offset; 9213 request->n_ssids = n_ssids; 9214 if (ie_len) 9215 request->ie = (void *)request + ie_offset; 9216 9217 i = 0; 9218 if (scan_freqs) { 9219 /* user specified, bail out if channel not found */ 9220 nla_for_each_nested(attr, scan_freqs, tmp) { 9221 struct ieee80211_channel *chan; 9222 int freq = nla_get_u32(attr); 9223 9224 if (!scan_freqs_khz) 9225 freq = MHZ_TO_KHZ(freq); 9226 9227 chan = ieee80211_get_channel_khz(wiphy, freq); 9228 if (!chan) { 9229 err = -EINVAL; 9230 goto out_free; 9231 } 9232 9233 /* ignore disabled channels */ 9234 if (chan->flags & IEEE80211_CHAN_DISABLED) 9235 continue; 9236 9237 request->channels[i] = chan; 9238 i++; 9239 } 9240 } else { 9241 enum nl80211_band band; 9242 9243 /* all channels */ 9244 for (band = 0; band < NUM_NL80211_BANDS; band++) { 9245 int j; 9246 9247 if (!wiphy->bands[band]) 9248 continue; 9249 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 9250 struct ieee80211_channel *chan; 9251 9252 chan = &wiphy->bands[band]->channels[j]; 9253 9254 if (chan->flags & IEEE80211_CHAN_DISABLED) 9255 continue; 9256 9257 request->channels[i] = chan; 9258 i++; 9259 } 9260 } 9261 } 9262 9263 if (!i) { 9264 err = -EINVAL; 9265 goto out_free; 9266 } 9267 9268 request->n_channels = i; 9269 9270 wdev_lock(wdev); 9271 for (i = 0; i < request->n_channels; i++) { 9272 struct ieee80211_channel *chan = request->channels[i]; 9273 9274 /* if we can go off-channel to the target channel we're good */ 9275 if (cfg80211_off_channel_oper_allowed(wdev, chan)) 9276 continue; 9277 9278 if (!cfg80211_wdev_on_sub_chan(wdev, chan, true)) { 9279 wdev_unlock(wdev); 9280 err = -EBUSY; 9281 goto out_free; 9282 } 9283 } 9284 wdev_unlock(wdev); 9285 9286 i = 0; 9287 if (n_ssids) { 9288 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 9289 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 9290 err = -EINVAL; 9291 goto out_free; 9292 } 9293 request->ssids[i].ssid_len = nla_len(attr); 9294 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 9295 i++; 9296 } 9297 } 9298 9299 if (info->attrs[NL80211_ATTR_IE]) { 9300 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 9301 memcpy((void *)request->ie, 9302 nla_data(info->attrs[NL80211_ATTR_IE]), 9303 request->ie_len); 9304 } 9305 9306 for (i = 0; i < NUM_NL80211_BANDS; i++) 9307 if (wiphy->bands[i]) 9308 request->rates[i] = 9309 (1 << wiphy->bands[i]->n_bitrates) - 1; 9310 9311 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 9312 nla_for_each_nested(attr, 9313 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 9314 tmp) { 9315 enum nl80211_band band = nla_type(attr); 9316 9317 if (band < 0 || band >= NUM_NL80211_BANDS) { 9318 err = -EINVAL; 9319 goto out_free; 9320 } 9321 9322 if (!wiphy->bands[band]) 9323 continue; 9324 9325 err = ieee80211_get_ratemask(wiphy->bands[band], 9326 nla_data(attr), 9327 nla_len(attr), 9328 &request->rates[band]); 9329 if (err) 9330 goto out_free; 9331 } 9332 } 9333 9334 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) { 9335 request->duration = 9336 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]); 9337 request->duration_mandatory = 9338 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]); 9339 } 9340 9341 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs, 9342 false); 9343 if (err) 9344 goto out_free; 9345 9346 request->no_cck = 9347 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 9348 9349 /* Initial implementation used NL80211_ATTR_MAC to set the specific 9350 * BSSID to scan for. This was problematic because that same attribute 9351 * was already used for another purpose (local random MAC address). The 9352 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards 9353 * compatibility with older userspace components, also use the 9354 * NL80211_ATTR_MAC value here if it can be determined to be used for 9355 * the specific BSSID use case instead of the random MAC address 9356 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use). 9357 */ 9358 if (info->attrs[NL80211_ATTR_BSSID]) 9359 memcpy(request->bssid, 9360 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN); 9361 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) && 9362 info->attrs[NL80211_ATTR_MAC]) 9363 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]), 9364 ETH_ALEN); 9365 else 9366 eth_broadcast_addr(request->bssid); 9367 9368 request->wdev = wdev; 9369 request->wiphy = &rdev->wiphy; 9370 request->scan_start = jiffies; 9371 9372 rdev->scan_req = request; 9373 err = cfg80211_scan(rdev); 9374 9375 if (err) 9376 goto out_free; 9377 9378 nl80211_send_scan_start(rdev, wdev); 9379 dev_hold(wdev->netdev); 9380 9381 return 0; 9382 9383 out_free: 9384 rdev->scan_req = NULL; 9385 kfree(request); 9386 9387 return err; 9388 } 9389 9390 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info) 9391 { 9392 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9393 struct wireless_dev *wdev = info->user_ptr[1]; 9394 9395 if (!rdev->ops->abort_scan) 9396 return -EOPNOTSUPP; 9397 9398 if (rdev->scan_msg) 9399 return 0; 9400 9401 if (!rdev->scan_req) 9402 return -ENOENT; 9403 9404 rdev_abort_scan(rdev, wdev); 9405 return 0; 9406 } 9407 9408 static int 9409 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans, 9410 struct cfg80211_sched_scan_request *request, 9411 struct nlattr **attrs) 9412 { 9413 int tmp, err, i = 0; 9414 struct nlattr *attr; 9415 9416 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) { 9417 u32 interval; 9418 9419 /* 9420 * If scan plans are not specified, 9421 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this 9422 * case one scan plan will be set with the specified scan 9423 * interval and infinite number of iterations. 9424 */ 9425 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 9426 if (!interval) 9427 return -EINVAL; 9428 9429 request->scan_plans[0].interval = 9430 DIV_ROUND_UP(interval, MSEC_PER_SEC); 9431 if (!request->scan_plans[0].interval) 9432 return -EINVAL; 9433 9434 if (request->scan_plans[0].interval > 9435 wiphy->max_sched_scan_plan_interval) 9436 request->scan_plans[0].interval = 9437 wiphy->max_sched_scan_plan_interval; 9438 9439 return 0; 9440 } 9441 9442 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) { 9443 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1]; 9444 9445 if (WARN_ON(i >= n_plans)) 9446 return -EINVAL; 9447 9448 err = nla_parse_nested_deprecated(plan, 9449 NL80211_SCHED_SCAN_PLAN_MAX, 9450 attr, nl80211_plan_policy, 9451 NULL); 9452 if (err) 9453 return err; 9454 9455 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]) 9456 return -EINVAL; 9457 9458 request->scan_plans[i].interval = 9459 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]); 9460 if (!request->scan_plans[i].interval || 9461 request->scan_plans[i].interval > 9462 wiphy->max_sched_scan_plan_interval) 9463 return -EINVAL; 9464 9465 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) { 9466 request->scan_plans[i].iterations = 9467 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]); 9468 if (!request->scan_plans[i].iterations || 9469 (request->scan_plans[i].iterations > 9470 wiphy->max_sched_scan_plan_iterations)) 9471 return -EINVAL; 9472 } else if (i < n_plans - 1) { 9473 /* 9474 * All scan plans but the last one must specify 9475 * a finite number of iterations 9476 */ 9477 return -EINVAL; 9478 } 9479 9480 i++; 9481 } 9482 9483 /* 9484 * The last scan plan must not specify the number of 9485 * iterations, it is supposed to run infinitely 9486 */ 9487 if (request->scan_plans[n_plans - 1].iterations) 9488 return -EINVAL; 9489 9490 return 0; 9491 } 9492 9493 static int 9494 nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy, 9495 struct cfg80211_match_set *match_sets, 9496 struct nlattr *tb_band_rssi, 9497 s32 rssi_thold) 9498 { 9499 struct nlattr *attr; 9500 int i, tmp, ret = 0; 9501 9502 if (!wiphy_ext_feature_isset(wiphy, 9503 NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) { 9504 if (tb_band_rssi) 9505 ret = -EOPNOTSUPP; 9506 else 9507 for (i = 0; i < NUM_NL80211_BANDS; i++) 9508 match_sets->per_band_rssi_thold[i] = 9509 NL80211_SCAN_RSSI_THOLD_OFF; 9510 return ret; 9511 } 9512 9513 for (i = 0; i < NUM_NL80211_BANDS; i++) 9514 match_sets->per_band_rssi_thold[i] = rssi_thold; 9515 9516 nla_for_each_nested(attr, tb_band_rssi, tmp) { 9517 enum nl80211_band band = nla_type(attr); 9518 9519 if (band < 0 || band >= NUM_NL80211_BANDS) 9520 return -EINVAL; 9521 9522 match_sets->per_band_rssi_thold[band] = nla_get_s32(attr); 9523 } 9524 9525 return 0; 9526 } 9527 9528 static struct cfg80211_sched_scan_request * 9529 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev, 9530 struct nlattr **attrs, int max_match_sets) 9531 { 9532 struct cfg80211_sched_scan_request *request; 9533 struct nlattr *attr; 9534 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0; 9535 enum nl80211_band band; 9536 size_t ie_len, size; 9537 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 9538 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF; 9539 9540 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 9541 n_channels = validate_scan_freqs( 9542 attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 9543 if (!n_channels) 9544 return ERR_PTR(-EINVAL); 9545 } else { 9546 n_channels = ieee80211_get_num_supported_channels(wiphy); 9547 } 9548 9549 if (attrs[NL80211_ATTR_SCAN_SSIDS]) 9550 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS], 9551 tmp) 9552 n_ssids++; 9553 9554 if (n_ssids > wiphy->max_sched_scan_ssids) 9555 return ERR_PTR(-EINVAL); 9556 9557 /* 9558 * First, count the number of 'real' matchsets. Due to an issue with 9559 * the old implementation, matchsets containing only the RSSI attribute 9560 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default' 9561 * RSSI for all matchsets, rather than their own matchset for reporting 9562 * all APs with a strong RSSI. This is needed to be compatible with 9563 * older userspace that treated a matchset with only the RSSI as the 9564 * global RSSI for all other matchsets - if there are other matchsets. 9565 */ 9566 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 9567 nla_for_each_nested(attr, 9568 attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 9569 tmp) { 9570 struct nlattr *rssi; 9571 9572 err = nla_parse_nested_deprecated(tb, 9573 NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 9574 attr, 9575 nl80211_match_policy, 9576 NULL); 9577 if (err) 9578 return ERR_PTR(err); 9579 9580 /* SSID and BSSID are mutually exclusive */ 9581 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] && 9582 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) 9583 return ERR_PTR(-EINVAL); 9584 9585 /* add other standalone attributes here */ 9586 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] || 9587 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) { 9588 n_match_sets++; 9589 continue; 9590 } 9591 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 9592 if (rssi) 9593 default_match_rssi = nla_get_s32(rssi); 9594 } 9595 } 9596 9597 /* However, if there's no other matchset, add the RSSI one */ 9598 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF) 9599 n_match_sets = 1; 9600 9601 if (n_match_sets > max_match_sets) 9602 return ERR_PTR(-EINVAL); 9603 9604 if (attrs[NL80211_ATTR_IE]) 9605 ie_len = nla_len(attrs[NL80211_ATTR_IE]); 9606 else 9607 ie_len = 0; 9608 9609 if (ie_len > wiphy->max_sched_scan_ie_len) 9610 return ERR_PTR(-EINVAL); 9611 9612 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) { 9613 /* 9614 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since 9615 * each scan plan already specifies its own interval 9616 */ 9617 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 9618 return ERR_PTR(-EINVAL); 9619 9620 nla_for_each_nested(attr, 9621 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) 9622 n_plans++; 9623 } else { 9624 /* 9625 * The scan interval attribute is kept for backward 9626 * compatibility. If no scan plans are specified and sched scan 9627 * interval is specified, one scan plan will be set with this 9628 * scan interval and infinite number of iterations. 9629 */ 9630 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 9631 return ERR_PTR(-EINVAL); 9632 9633 n_plans = 1; 9634 } 9635 9636 if (!n_plans || n_plans > wiphy->max_sched_scan_plans) 9637 return ERR_PTR(-EINVAL); 9638 9639 if (!wiphy_ext_feature_isset( 9640 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) && 9641 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] || 9642 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST])) 9643 return ERR_PTR(-EINVAL); 9644 9645 size = struct_size(request, channels, n_channels); 9646 size = size_add(size, array_size(sizeof(*request->ssids), n_ssids)); 9647 size = size_add(size, array_size(sizeof(*request->match_sets), 9648 n_match_sets)); 9649 size = size_add(size, array_size(sizeof(*request->scan_plans), 9650 n_plans)); 9651 size = size_add(size, ie_len); 9652 request = kzalloc(size, GFP_KERNEL); 9653 if (!request) 9654 return ERR_PTR(-ENOMEM); 9655 9656 if (n_ssids) 9657 request->ssids = (void *)&request->channels[n_channels]; 9658 request->n_ssids = n_ssids; 9659 if (ie_len) { 9660 if (n_ssids) 9661 request->ie = (void *)(request->ssids + n_ssids); 9662 else 9663 request->ie = (void *)(request->channels + n_channels); 9664 } 9665 9666 if (n_match_sets) { 9667 if (request->ie) 9668 request->match_sets = (void *)(request->ie + ie_len); 9669 else if (n_ssids) 9670 request->match_sets = 9671 (void *)(request->ssids + n_ssids); 9672 else 9673 request->match_sets = 9674 (void *)(request->channels + n_channels); 9675 } 9676 request->n_match_sets = n_match_sets; 9677 9678 if (n_match_sets) 9679 request->scan_plans = (void *)(request->match_sets + 9680 n_match_sets); 9681 else if (request->ie) 9682 request->scan_plans = (void *)(request->ie + ie_len); 9683 else if (n_ssids) 9684 request->scan_plans = (void *)(request->ssids + n_ssids); 9685 else 9686 request->scan_plans = (void *)(request->channels + n_channels); 9687 9688 request->n_scan_plans = n_plans; 9689 9690 i = 0; 9691 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 9692 /* user specified, bail out if channel not found */ 9693 nla_for_each_nested(attr, 9694 attrs[NL80211_ATTR_SCAN_FREQUENCIES], 9695 tmp) { 9696 struct ieee80211_channel *chan; 9697 9698 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 9699 9700 if (!chan) { 9701 err = -EINVAL; 9702 goto out_free; 9703 } 9704 9705 /* ignore disabled channels */ 9706 if (chan->flags & IEEE80211_CHAN_DISABLED) 9707 continue; 9708 9709 request->channels[i] = chan; 9710 i++; 9711 } 9712 } else { 9713 /* all channels */ 9714 for (band = 0; band < NUM_NL80211_BANDS; band++) { 9715 int j; 9716 9717 if (!wiphy->bands[band]) 9718 continue; 9719 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 9720 struct ieee80211_channel *chan; 9721 9722 chan = &wiphy->bands[band]->channels[j]; 9723 9724 if (chan->flags & IEEE80211_CHAN_DISABLED) 9725 continue; 9726 9727 request->channels[i] = chan; 9728 i++; 9729 } 9730 } 9731 } 9732 9733 if (!i) { 9734 err = -EINVAL; 9735 goto out_free; 9736 } 9737 9738 request->n_channels = i; 9739 9740 i = 0; 9741 if (n_ssids) { 9742 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS], 9743 tmp) { 9744 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 9745 err = -EINVAL; 9746 goto out_free; 9747 } 9748 request->ssids[i].ssid_len = nla_len(attr); 9749 memcpy(request->ssids[i].ssid, nla_data(attr), 9750 nla_len(attr)); 9751 i++; 9752 } 9753 } 9754 9755 i = 0; 9756 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 9757 nla_for_each_nested(attr, 9758 attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 9759 tmp) { 9760 struct nlattr *ssid, *bssid, *rssi; 9761 9762 err = nla_parse_nested_deprecated(tb, 9763 NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 9764 attr, 9765 nl80211_match_policy, 9766 NULL); 9767 if (err) 9768 goto out_free; 9769 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]; 9770 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]; 9771 9772 if (!ssid && !bssid) { 9773 i++; 9774 continue; 9775 } 9776 9777 if (WARN_ON(i >= n_match_sets)) { 9778 /* this indicates a programming error, 9779 * the loop above should have verified 9780 * things properly 9781 */ 9782 err = -EINVAL; 9783 goto out_free; 9784 } 9785 9786 if (ssid) { 9787 memcpy(request->match_sets[i].ssid.ssid, 9788 nla_data(ssid), nla_len(ssid)); 9789 request->match_sets[i].ssid.ssid_len = 9790 nla_len(ssid); 9791 } 9792 if (bssid) 9793 memcpy(request->match_sets[i].bssid, 9794 nla_data(bssid), ETH_ALEN); 9795 9796 /* special attribute - old implementation w/a */ 9797 request->match_sets[i].rssi_thold = default_match_rssi; 9798 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 9799 if (rssi) 9800 request->match_sets[i].rssi_thold = 9801 nla_get_s32(rssi); 9802 9803 /* Parse per band RSSI attribute */ 9804 err = nl80211_parse_sched_scan_per_band_rssi(wiphy, 9805 &request->match_sets[i], 9806 tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI], 9807 request->match_sets[i].rssi_thold); 9808 if (err) 9809 goto out_free; 9810 9811 i++; 9812 } 9813 9814 /* there was no other matchset, so the RSSI one is alone */ 9815 if (i == 0 && n_match_sets) 9816 request->match_sets[0].rssi_thold = default_match_rssi; 9817 9818 request->min_rssi_thold = INT_MAX; 9819 for (i = 0; i < n_match_sets; i++) 9820 request->min_rssi_thold = 9821 min(request->match_sets[i].rssi_thold, 9822 request->min_rssi_thold); 9823 } else { 9824 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF; 9825 } 9826 9827 if (ie_len) { 9828 request->ie_len = ie_len; 9829 memcpy((void *)request->ie, 9830 nla_data(attrs[NL80211_ATTR_IE]), 9831 request->ie_len); 9832 } 9833 9834 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true); 9835 if (err) 9836 goto out_free; 9837 9838 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY]) 9839 request->delay = 9840 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]); 9841 9842 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) { 9843 request->relative_rssi = nla_get_s8( 9844 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]); 9845 request->relative_rssi_set = true; 9846 } 9847 9848 if (request->relative_rssi_set && 9849 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) { 9850 struct nl80211_bss_select_rssi_adjust *rssi_adjust; 9851 9852 rssi_adjust = nla_data( 9853 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]); 9854 request->rssi_adjust.band = rssi_adjust->band; 9855 request->rssi_adjust.delta = rssi_adjust->delta; 9856 if (!is_band_valid(wiphy, request->rssi_adjust.band)) { 9857 err = -EINVAL; 9858 goto out_free; 9859 } 9860 } 9861 9862 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs); 9863 if (err) 9864 goto out_free; 9865 9866 request->scan_start = jiffies; 9867 9868 return request; 9869 9870 out_free: 9871 kfree(request); 9872 return ERR_PTR(err); 9873 } 9874 9875 static int nl80211_start_sched_scan(struct sk_buff *skb, 9876 struct genl_info *info) 9877 { 9878 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9879 struct net_device *dev = info->user_ptr[1]; 9880 struct wireless_dev *wdev = dev->ieee80211_ptr; 9881 struct cfg80211_sched_scan_request *sched_scan_req; 9882 bool want_multi; 9883 int err; 9884 9885 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start) 9886 return -EOPNOTSUPP; 9887 9888 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI]; 9889 err = cfg80211_sched_scan_req_possible(rdev, want_multi); 9890 if (err) 9891 return err; 9892 9893 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev, 9894 info->attrs, 9895 rdev->wiphy.max_match_sets); 9896 9897 err = PTR_ERR_OR_ZERO(sched_scan_req); 9898 if (err) 9899 goto out_err; 9900 9901 /* leave request id zero for legacy request 9902 * or if driver does not support multi-scheduled scan 9903 */ 9904 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) 9905 sched_scan_req->reqid = cfg80211_assign_cookie(rdev); 9906 9907 err = rdev_sched_scan_start(rdev, dev, sched_scan_req); 9908 if (err) 9909 goto out_free; 9910 9911 sched_scan_req->dev = dev; 9912 sched_scan_req->wiphy = &rdev->wiphy; 9913 9914 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 9915 sched_scan_req->owner_nlportid = info->snd_portid; 9916 9917 cfg80211_add_sched_scan_req(rdev, sched_scan_req); 9918 9919 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN); 9920 return 0; 9921 9922 out_free: 9923 kfree(sched_scan_req); 9924 out_err: 9925 return err; 9926 } 9927 9928 static int nl80211_stop_sched_scan(struct sk_buff *skb, 9929 struct genl_info *info) 9930 { 9931 struct cfg80211_sched_scan_request *req; 9932 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9933 u64 cookie; 9934 9935 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop) 9936 return -EOPNOTSUPP; 9937 9938 if (info->attrs[NL80211_ATTR_COOKIE]) { 9939 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 9940 return __cfg80211_stop_sched_scan(rdev, cookie, false); 9941 } 9942 9943 req = list_first_or_null_rcu(&rdev->sched_scan_req_list, 9944 struct cfg80211_sched_scan_request, 9945 list); 9946 if (!req || req->reqid || 9947 (req->owner_nlportid && 9948 req->owner_nlportid != info->snd_portid)) 9949 return -ENOENT; 9950 9951 return cfg80211_stop_sched_scan_req(rdev, req, false); 9952 } 9953 9954 static int nl80211_start_radar_detection(struct sk_buff *skb, 9955 struct genl_info *info) 9956 { 9957 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9958 struct net_device *dev = info->user_ptr[1]; 9959 struct wireless_dev *wdev = dev->ieee80211_ptr; 9960 struct wiphy *wiphy = wdev->wiphy; 9961 struct cfg80211_chan_def chandef; 9962 enum nl80211_dfs_regions dfs_region; 9963 unsigned int cac_time_ms; 9964 int err = -EINVAL; 9965 9966 flush_delayed_work(&rdev->dfs_update_channels_wk); 9967 9968 wiphy_lock(wiphy); 9969 9970 dfs_region = reg_get_dfs_region(wiphy); 9971 if (dfs_region == NL80211_DFS_UNSET) 9972 goto unlock; 9973 9974 err = nl80211_parse_chandef(rdev, info, &chandef); 9975 if (err) 9976 goto unlock; 9977 9978 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype); 9979 if (err < 0) 9980 goto unlock; 9981 9982 if (err == 0) { 9983 err = -EINVAL; 9984 goto unlock; 9985 } 9986 9987 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef)) { 9988 err = -EINVAL; 9989 goto unlock; 9990 } 9991 9992 if (nla_get_flag(info->attrs[NL80211_ATTR_RADAR_BACKGROUND])) { 9993 err = cfg80211_start_background_radar_detection(rdev, wdev, 9994 &chandef); 9995 goto unlock; 9996 } 9997 9998 if (netif_carrier_ok(dev)) { 9999 err = -EBUSY; 10000 goto unlock; 10001 } 10002 10003 if (wdev->cac_started) { 10004 err = -EBUSY; 10005 goto unlock; 10006 } 10007 10008 /* CAC start is offloaded to HW and can't be started manually */ 10009 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD)) { 10010 err = -EOPNOTSUPP; 10011 goto unlock; 10012 } 10013 10014 if (!rdev->ops->start_radar_detection) { 10015 err = -EOPNOTSUPP; 10016 goto unlock; 10017 } 10018 10019 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef); 10020 if (WARN_ON(!cac_time_ms)) 10021 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS; 10022 10023 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms); 10024 if (!err) { 10025 wdev->links[0].ap.chandef = chandef; 10026 wdev->cac_started = true; 10027 wdev->cac_start_time = jiffies; 10028 wdev->cac_time_ms = cac_time_ms; 10029 } 10030 unlock: 10031 wiphy_unlock(wiphy); 10032 10033 return err; 10034 } 10035 10036 static int nl80211_notify_radar_detection(struct sk_buff *skb, 10037 struct genl_info *info) 10038 { 10039 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10040 struct net_device *dev = info->user_ptr[1]; 10041 struct wireless_dev *wdev = dev->ieee80211_ptr; 10042 struct wiphy *wiphy = wdev->wiphy; 10043 struct cfg80211_chan_def chandef; 10044 enum nl80211_dfs_regions dfs_region; 10045 int err; 10046 10047 dfs_region = reg_get_dfs_region(wiphy); 10048 if (dfs_region == NL80211_DFS_UNSET) { 10049 GENL_SET_ERR_MSG(info, 10050 "DFS Region is not set. Unexpected Radar indication"); 10051 return -EINVAL; 10052 } 10053 10054 err = nl80211_parse_chandef(rdev, info, &chandef); 10055 if (err) { 10056 GENL_SET_ERR_MSG(info, "Unable to extract chandef info"); 10057 return err; 10058 } 10059 10060 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype); 10061 if (err < 0) { 10062 GENL_SET_ERR_MSG(info, "chandef is invalid"); 10063 return err; 10064 } 10065 10066 if (err == 0) { 10067 GENL_SET_ERR_MSG(info, 10068 "Unexpected Radar indication for chandef/iftype"); 10069 return -EINVAL; 10070 } 10071 10072 /* Do not process this notification if radar is already detected 10073 * by kernel on this channel, and return success. 10074 */ 10075 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE) 10076 return 0; 10077 10078 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE); 10079 10080 cfg80211_sched_dfs_chan_update(rdev); 10081 10082 rdev->radar_chandef = chandef; 10083 10084 /* Propagate this notification to other radios as well */ 10085 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk); 10086 10087 return 0; 10088 } 10089 10090 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info) 10091 { 10092 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10093 unsigned int link_id = nl80211_link_id(info->attrs); 10094 struct net_device *dev = info->user_ptr[1]; 10095 struct wireless_dev *wdev = dev->ieee80211_ptr; 10096 struct cfg80211_csa_settings params; 10097 struct nlattr **csa_attrs = NULL; 10098 int err; 10099 bool need_new_beacon = false; 10100 bool need_handle_dfs_flag = true; 10101 int len, i; 10102 u32 cs_count; 10103 10104 if (!rdev->ops->channel_switch || 10105 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)) 10106 return -EOPNOTSUPP; 10107 10108 switch (dev->ieee80211_ptr->iftype) { 10109 case NL80211_IFTYPE_AP: 10110 case NL80211_IFTYPE_P2P_GO: 10111 need_new_beacon = true; 10112 /* For all modes except AP the handle_dfs flag needs to be 10113 * supplied to tell the kernel that userspace will handle radar 10114 * events when they happen. Otherwise a switch to a channel 10115 * requiring DFS will be rejected. 10116 */ 10117 need_handle_dfs_flag = false; 10118 10119 /* useless if AP is not running */ 10120 if (!wdev->links[link_id].ap.beacon_interval) 10121 return -ENOTCONN; 10122 break; 10123 case NL80211_IFTYPE_ADHOC: 10124 if (!wdev->u.ibss.ssid_len) 10125 return -ENOTCONN; 10126 break; 10127 case NL80211_IFTYPE_MESH_POINT: 10128 if (!wdev->u.mesh.id_len) 10129 return -ENOTCONN; 10130 break; 10131 default: 10132 return -EOPNOTSUPP; 10133 } 10134 10135 memset(¶ms, 0, sizeof(params)); 10136 params.beacon_csa.ftm_responder = -1; 10137 10138 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 10139 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]) 10140 return -EINVAL; 10141 10142 /* only important for AP, IBSS and mesh create IEs internally */ 10143 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES]) 10144 return -EINVAL; 10145 10146 /* Even though the attribute is u32, the specification says 10147 * u8, so let's make sure we don't overflow. 10148 */ 10149 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]); 10150 if (cs_count > 255) 10151 return -EINVAL; 10152 10153 params.count = cs_count; 10154 10155 if (!need_new_beacon) 10156 goto skip_beacons; 10157 10158 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_after, 10159 info->extack); 10160 if (err) 10161 goto free; 10162 10163 csa_attrs = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*csa_attrs), 10164 GFP_KERNEL); 10165 if (!csa_attrs) { 10166 err = -ENOMEM; 10167 goto free; 10168 } 10169 10170 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX, 10171 info->attrs[NL80211_ATTR_CSA_IES], 10172 nl80211_policy, info->extack); 10173 if (err) 10174 goto free; 10175 10176 err = nl80211_parse_beacon(rdev, csa_attrs, ¶ms.beacon_csa, 10177 info->extack); 10178 if (err) 10179 goto free; 10180 10181 if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) { 10182 err = -EINVAL; 10183 goto free; 10184 } 10185 10186 len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]); 10187 if (!len || (len % sizeof(u16))) { 10188 err = -EINVAL; 10189 goto free; 10190 } 10191 10192 params.n_counter_offsets_beacon = len / sizeof(u16); 10193 if (rdev->wiphy.max_num_csa_counters && 10194 (params.n_counter_offsets_beacon > 10195 rdev->wiphy.max_num_csa_counters)) { 10196 err = -EINVAL; 10197 goto free; 10198 } 10199 10200 params.counter_offsets_beacon = 10201 nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]); 10202 10203 /* sanity checks - counters should fit and be the same */ 10204 for (i = 0; i < params.n_counter_offsets_beacon; i++) { 10205 u16 offset = params.counter_offsets_beacon[i]; 10206 10207 if (offset >= params.beacon_csa.tail_len) { 10208 err = -EINVAL; 10209 goto free; 10210 } 10211 10212 if (params.beacon_csa.tail[offset] != params.count) { 10213 err = -EINVAL; 10214 goto free; 10215 } 10216 } 10217 10218 if (csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]) { 10219 len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]); 10220 if (!len || (len % sizeof(u16))) { 10221 err = -EINVAL; 10222 goto free; 10223 } 10224 10225 params.n_counter_offsets_presp = len / sizeof(u16); 10226 if (rdev->wiphy.max_num_csa_counters && 10227 (params.n_counter_offsets_presp > 10228 rdev->wiphy.max_num_csa_counters)) { 10229 err = -EINVAL; 10230 goto free; 10231 } 10232 10233 params.counter_offsets_presp = 10234 nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]); 10235 10236 /* sanity checks - counters should fit and be the same */ 10237 for (i = 0; i < params.n_counter_offsets_presp; i++) { 10238 u16 offset = params.counter_offsets_presp[i]; 10239 10240 if (offset >= params.beacon_csa.probe_resp_len) { 10241 err = -EINVAL; 10242 goto free; 10243 } 10244 10245 if (params.beacon_csa.probe_resp[offset] != 10246 params.count) { 10247 err = -EINVAL; 10248 goto free; 10249 } 10250 } 10251 } 10252 10253 skip_beacons: 10254 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef); 10255 if (err) 10256 goto free; 10257 10258 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef, 10259 wdev->iftype)) { 10260 err = -EINVAL; 10261 goto free; 10262 } 10263 10264 err = cfg80211_chandef_dfs_required(wdev->wiphy, 10265 ¶ms.chandef, 10266 wdev->iftype); 10267 if (err < 0) 10268 goto free; 10269 10270 if (err > 0) { 10271 params.radar_required = true; 10272 if (need_handle_dfs_flag && 10273 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) { 10274 err = -EINVAL; 10275 goto free; 10276 } 10277 } 10278 10279 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX]) 10280 params.block_tx = true; 10281 10282 if (info->attrs[NL80211_ATTR_PUNCT_BITMAP]) { 10283 err = nl80211_parse_punct_bitmap(rdev, info, 10284 ¶ms.chandef, 10285 ¶ms.punct_bitmap); 10286 if (err) 10287 goto free; 10288 } 10289 10290 wdev_lock(wdev); 10291 err = rdev_channel_switch(rdev, dev, ¶ms); 10292 wdev_unlock(wdev); 10293 10294 free: 10295 kfree(params.beacon_after.mbssid_ies); 10296 kfree(params.beacon_csa.mbssid_ies); 10297 kfree(params.beacon_after.rnr_ies); 10298 kfree(params.beacon_csa.rnr_ies); 10299 kfree(csa_attrs); 10300 return err; 10301 } 10302 10303 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 10304 u32 seq, int flags, 10305 struct cfg80211_registered_device *rdev, 10306 struct wireless_dev *wdev, 10307 struct cfg80211_internal_bss *intbss) 10308 { 10309 struct cfg80211_bss *res = &intbss->pub; 10310 const struct cfg80211_bss_ies *ies; 10311 unsigned int link_id; 10312 void *hdr; 10313 struct nlattr *bss; 10314 10315 ASSERT_WDEV_LOCK(wdev); 10316 10317 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 10318 NL80211_CMD_NEW_SCAN_RESULTS); 10319 if (!hdr) 10320 return -1; 10321 10322 genl_dump_check_consistent(cb, hdr); 10323 10324 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation)) 10325 goto nla_put_failure; 10326 if (wdev->netdev && 10327 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 10328 goto nla_put_failure; 10329 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 10330 NL80211_ATTR_PAD)) 10331 goto nla_put_failure; 10332 10333 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS); 10334 if (!bss) 10335 goto nla_put_failure; 10336 if ((!is_zero_ether_addr(res->bssid) && 10337 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid))) 10338 goto nla_put_failure; 10339 10340 rcu_read_lock(); 10341 /* indicate whether we have probe response data or not */ 10342 if (rcu_access_pointer(res->proberesp_ies) && 10343 nla_put_flag(msg, NL80211_BSS_PRESP_DATA)) 10344 goto fail_unlock_rcu; 10345 10346 /* this pointer prefers to be pointed to probe response data 10347 * but is always valid 10348 */ 10349 ies = rcu_dereference(res->ies); 10350 if (ies) { 10351 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf, 10352 NL80211_BSS_PAD)) 10353 goto fail_unlock_rcu; 10354 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS, 10355 ies->len, ies->data)) 10356 goto fail_unlock_rcu; 10357 } 10358 10359 /* and this pointer is always (unless driver didn't know) beacon data */ 10360 ies = rcu_dereference(res->beacon_ies); 10361 if (ies && ies->from_beacon) { 10362 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf, 10363 NL80211_BSS_PAD)) 10364 goto fail_unlock_rcu; 10365 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES, 10366 ies->len, ies->data)) 10367 goto fail_unlock_rcu; 10368 } 10369 rcu_read_unlock(); 10370 10371 if (res->beacon_interval && 10372 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval)) 10373 goto nla_put_failure; 10374 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) || 10375 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) || 10376 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET, 10377 res->channel->freq_offset) || 10378 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) || 10379 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO, 10380 jiffies_to_msecs(jiffies - intbss->ts))) 10381 goto nla_put_failure; 10382 10383 if (intbss->parent_tsf && 10384 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF, 10385 intbss->parent_tsf, NL80211_BSS_PAD) || 10386 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN, 10387 intbss->parent_bssid))) 10388 goto nla_put_failure; 10389 10390 if (intbss->ts_boottime && 10391 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME, 10392 intbss->ts_boottime, NL80211_BSS_PAD)) 10393 goto nla_put_failure; 10394 10395 if (!nl80211_put_signal(msg, intbss->pub.chains, 10396 intbss->pub.chain_signal, 10397 NL80211_BSS_CHAIN_SIGNAL)) 10398 goto nla_put_failure; 10399 10400 switch (rdev->wiphy.signal_type) { 10401 case CFG80211_SIGNAL_TYPE_MBM: 10402 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal)) 10403 goto nla_put_failure; 10404 break; 10405 case CFG80211_SIGNAL_TYPE_UNSPEC: 10406 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal)) 10407 goto nla_put_failure; 10408 break; 10409 default: 10410 break; 10411 } 10412 10413 switch (wdev->iftype) { 10414 case NL80211_IFTYPE_P2P_CLIENT: 10415 case NL80211_IFTYPE_STATION: 10416 for_each_valid_link(wdev, link_id) { 10417 if (intbss == wdev->links[link_id].client.current_bss && 10418 (nla_put_u32(msg, NL80211_BSS_STATUS, 10419 NL80211_BSS_STATUS_ASSOCIATED) || 10420 (wdev->valid_links && 10421 (nla_put_u8(msg, NL80211_BSS_MLO_LINK_ID, 10422 link_id) || 10423 nla_put(msg, NL80211_BSS_MLD_ADDR, ETH_ALEN, 10424 wdev->u.client.connected_addr))))) 10425 goto nla_put_failure; 10426 } 10427 break; 10428 case NL80211_IFTYPE_ADHOC: 10429 if (intbss == wdev->u.ibss.current_bss && 10430 nla_put_u32(msg, NL80211_BSS_STATUS, 10431 NL80211_BSS_STATUS_IBSS_JOINED)) 10432 goto nla_put_failure; 10433 break; 10434 default: 10435 break; 10436 } 10437 10438 nla_nest_end(msg, bss); 10439 10440 genlmsg_end(msg, hdr); 10441 return 0; 10442 10443 fail_unlock_rcu: 10444 rcu_read_unlock(); 10445 nla_put_failure: 10446 genlmsg_cancel(msg, hdr); 10447 return -EMSGSIZE; 10448 } 10449 10450 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb) 10451 { 10452 struct cfg80211_registered_device *rdev; 10453 struct cfg80211_internal_bss *scan; 10454 struct wireless_dev *wdev; 10455 int start = cb->args[2], idx = 0; 10456 int err; 10457 10458 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL); 10459 if (err) 10460 return err; 10461 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 10462 __acquire(&rdev->wiphy.mtx); 10463 10464 wdev_lock(wdev); 10465 spin_lock_bh(&rdev->bss_lock); 10466 10467 /* 10468 * dump_scan will be called multiple times to break up the scan results 10469 * into multiple messages. It is unlikely that any more bss-es will be 10470 * expired after the first call, so only call only call this on the 10471 * first dump_scan invocation. 10472 */ 10473 if (start == 0) 10474 cfg80211_bss_expire(rdev); 10475 10476 cb->seq = rdev->bss_generation; 10477 10478 list_for_each_entry(scan, &rdev->bss_list, list) { 10479 if (++idx <= start) 10480 continue; 10481 if (nl80211_send_bss(skb, cb, 10482 cb->nlh->nlmsg_seq, NLM_F_MULTI, 10483 rdev, wdev, scan) < 0) { 10484 idx--; 10485 break; 10486 } 10487 } 10488 10489 spin_unlock_bh(&rdev->bss_lock); 10490 wdev_unlock(wdev); 10491 10492 cb->args[2] = idx; 10493 wiphy_unlock(&rdev->wiphy); 10494 10495 return skb->len; 10496 } 10497 10498 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq, 10499 int flags, struct net_device *dev, 10500 bool allow_radio_stats, 10501 struct survey_info *survey) 10502 { 10503 void *hdr; 10504 struct nlattr *infoattr; 10505 10506 /* skip radio stats if userspace didn't request them */ 10507 if (!survey->channel && !allow_radio_stats) 10508 return 0; 10509 10510 hdr = nl80211hdr_put(msg, portid, seq, flags, 10511 NL80211_CMD_NEW_SURVEY_RESULTS); 10512 if (!hdr) 10513 return -ENOMEM; 10514 10515 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 10516 goto nla_put_failure; 10517 10518 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO); 10519 if (!infoattr) 10520 goto nla_put_failure; 10521 10522 if (survey->channel && 10523 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY, 10524 survey->channel->center_freq)) 10525 goto nla_put_failure; 10526 10527 if (survey->channel && survey->channel->freq_offset && 10528 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET, 10529 survey->channel->freq_offset)) 10530 goto nla_put_failure; 10531 10532 if ((survey->filled & SURVEY_INFO_NOISE_DBM) && 10533 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise)) 10534 goto nla_put_failure; 10535 if ((survey->filled & SURVEY_INFO_IN_USE) && 10536 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE)) 10537 goto nla_put_failure; 10538 if ((survey->filled & SURVEY_INFO_TIME) && 10539 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME, 10540 survey->time, NL80211_SURVEY_INFO_PAD)) 10541 goto nla_put_failure; 10542 if ((survey->filled & SURVEY_INFO_TIME_BUSY) && 10543 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY, 10544 survey->time_busy, NL80211_SURVEY_INFO_PAD)) 10545 goto nla_put_failure; 10546 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) && 10547 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY, 10548 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD)) 10549 goto nla_put_failure; 10550 if ((survey->filled & SURVEY_INFO_TIME_RX) && 10551 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX, 10552 survey->time_rx, NL80211_SURVEY_INFO_PAD)) 10553 goto nla_put_failure; 10554 if ((survey->filled & SURVEY_INFO_TIME_TX) && 10555 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX, 10556 survey->time_tx, NL80211_SURVEY_INFO_PAD)) 10557 goto nla_put_failure; 10558 if ((survey->filled & SURVEY_INFO_TIME_SCAN) && 10559 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN, 10560 survey->time_scan, NL80211_SURVEY_INFO_PAD)) 10561 goto nla_put_failure; 10562 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) && 10563 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX, 10564 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD)) 10565 goto nla_put_failure; 10566 10567 nla_nest_end(msg, infoattr); 10568 10569 genlmsg_end(msg, hdr); 10570 return 0; 10571 10572 nla_put_failure: 10573 genlmsg_cancel(msg, hdr); 10574 return -EMSGSIZE; 10575 } 10576 10577 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb) 10578 { 10579 struct nlattr **attrbuf; 10580 struct survey_info survey; 10581 struct cfg80211_registered_device *rdev; 10582 struct wireless_dev *wdev; 10583 int survey_idx = cb->args[2]; 10584 int res; 10585 bool radio_stats; 10586 10587 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL); 10588 if (!attrbuf) 10589 return -ENOMEM; 10590 10591 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf); 10592 if (res) { 10593 kfree(attrbuf); 10594 return res; 10595 } 10596 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 10597 __acquire(&rdev->wiphy.mtx); 10598 10599 /* prepare_wdev_dump parsed the attributes */ 10600 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS]; 10601 10602 if (!wdev->netdev) { 10603 res = -EINVAL; 10604 goto out_err; 10605 } 10606 10607 if (!rdev->ops->dump_survey) { 10608 res = -EOPNOTSUPP; 10609 goto out_err; 10610 } 10611 10612 while (1) { 10613 wdev_lock(wdev); 10614 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey); 10615 wdev_unlock(wdev); 10616 if (res == -ENOENT) 10617 break; 10618 if (res) 10619 goto out_err; 10620 10621 /* don't send disabled channels, but do send non-channel data */ 10622 if (survey.channel && 10623 survey.channel->flags & IEEE80211_CHAN_DISABLED) { 10624 survey_idx++; 10625 continue; 10626 } 10627 10628 if (nl80211_send_survey(skb, 10629 NETLINK_CB(cb->skb).portid, 10630 cb->nlh->nlmsg_seq, NLM_F_MULTI, 10631 wdev->netdev, radio_stats, &survey) < 0) 10632 goto out; 10633 survey_idx++; 10634 } 10635 10636 out: 10637 cb->args[2] = survey_idx; 10638 res = skb->len; 10639 out_err: 10640 kfree(attrbuf); 10641 wiphy_unlock(&rdev->wiphy); 10642 return res; 10643 } 10644 10645 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 10646 { 10647 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 10648 NL80211_WPA_VERSION_2 | 10649 NL80211_WPA_VERSION_3)); 10650 } 10651 10652 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 10653 { 10654 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10655 struct net_device *dev = info->user_ptr[1]; 10656 struct ieee80211_channel *chan; 10657 const u8 *bssid, *ssid; 10658 int err, ssid_len; 10659 enum nl80211_auth_type auth_type; 10660 struct key_parse key; 10661 bool local_state_change; 10662 struct cfg80211_auth_request req = {}; 10663 u32 freq; 10664 10665 if (!info->attrs[NL80211_ATTR_MAC]) 10666 return -EINVAL; 10667 10668 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 10669 return -EINVAL; 10670 10671 if (!info->attrs[NL80211_ATTR_SSID]) 10672 return -EINVAL; 10673 10674 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 10675 return -EINVAL; 10676 10677 err = nl80211_parse_key(info, &key); 10678 if (err) 10679 return err; 10680 10681 if (key.idx >= 0) { 10682 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 10683 return -EINVAL; 10684 if (!key.p.key || !key.p.key_len) 10685 return -EINVAL; 10686 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 10687 key.p.key_len != WLAN_KEY_LEN_WEP40) && 10688 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 10689 key.p.key_len != WLAN_KEY_LEN_WEP104)) 10690 return -EINVAL; 10691 if (key.idx > 3) 10692 return -EINVAL; 10693 } else { 10694 key.p.key_len = 0; 10695 key.p.key = NULL; 10696 } 10697 10698 if (key.idx >= 0) { 10699 int i; 10700 bool ok = false; 10701 10702 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 10703 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 10704 ok = true; 10705 break; 10706 } 10707 } 10708 if (!ok) 10709 return -EINVAL; 10710 } 10711 10712 if (!rdev->ops->auth) 10713 return -EOPNOTSUPP; 10714 10715 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 10716 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 10717 return -EOPNOTSUPP; 10718 10719 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 10720 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 10721 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]) 10722 freq += 10723 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]); 10724 10725 chan = nl80211_get_valid_chan(&rdev->wiphy, freq); 10726 if (!chan) 10727 return -EINVAL; 10728 10729 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 10730 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 10731 10732 if (info->attrs[NL80211_ATTR_IE]) { 10733 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 10734 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 10735 } 10736 10737 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 10738 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE)) 10739 return -EINVAL; 10740 10741 if ((auth_type == NL80211_AUTHTYPE_SAE || 10742 auth_type == NL80211_AUTHTYPE_FILS_SK || 10743 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 10744 auth_type == NL80211_AUTHTYPE_FILS_PK) && 10745 !info->attrs[NL80211_ATTR_AUTH_DATA]) 10746 return -EINVAL; 10747 10748 if (info->attrs[NL80211_ATTR_AUTH_DATA]) { 10749 if (auth_type != NL80211_AUTHTYPE_SAE && 10750 auth_type != NL80211_AUTHTYPE_FILS_SK && 10751 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS && 10752 auth_type != NL80211_AUTHTYPE_FILS_PK) 10753 return -EINVAL; 10754 req.auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]); 10755 req.auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]); 10756 } 10757 10758 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 10759 10760 /* 10761 * Since we no longer track auth state, ignore 10762 * requests to only change local state. 10763 */ 10764 if (local_state_change) 10765 return 0; 10766 10767 req.auth_type = auth_type; 10768 req.key = key.p.key; 10769 req.key_len = key.p.key_len; 10770 req.key_idx = key.idx; 10771 req.link_id = nl80211_link_id_or_invalid(info->attrs); 10772 if (req.link_id >= 0) { 10773 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO)) 10774 return -EINVAL; 10775 if (!info->attrs[NL80211_ATTR_MLD_ADDR]) 10776 return -EINVAL; 10777 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]); 10778 if (!is_valid_ether_addr(req.ap_mld_addr)) 10779 return -EINVAL; 10780 } 10781 10782 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 10783 IEEE80211_BSS_TYPE_ESS, 10784 IEEE80211_PRIVACY_ANY); 10785 if (!req.bss) 10786 return -ENOENT; 10787 10788 wdev_lock(dev->ieee80211_ptr); 10789 err = cfg80211_mlme_auth(rdev, dev, &req); 10790 wdev_unlock(dev->ieee80211_ptr); 10791 10792 cfg80211_put_bss(&rdev->wiphy, req.bss); 10793 10794 return err; 10795 } 10796 10797 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev, 10798 struct genl_info *info) 10799 { 10800 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 10801 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set"); 10802 return -EINVAL; 10803 } 10804 10805 if (!rdev->ops->tx_control_port || 10806 !wiphy_ext_feature_isset(&rdev->wiphy, 10807 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) 10808 return -EOPNOTSUPP; 10809 10810 return 0; 10811 } 10812 10813 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 10814 struct genl_info *info, 10815 struct cfg80211_crypto_settings *settings, 10816 int cipher_limit) 10817 { 10818 memset(settings, 0, sizeof(*settings)); 10819 10820 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 10821 10822 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 10823 u16 proto; 10824 10825 proto = nla_get_u16( 10826 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 10827 settings->control_port_ethertype = cpu_to_be16(proto); 10828 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 10829 proto != ETH_P_PAE) 10830 return -EINVAL; 10831 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 10832 settings->control_port_no_encrypt = true; 10833 } else 10834 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 10835 10836 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { 10837 int r = validate_pae_over_nl80211(rdev, info); 10838 10839 if (r < 0) 10840 return r; 10841 10842 settings->control_port_over_nl80211 = true; 10843 10844 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH]) 10845 settings->control_port_no_preauth = true; 10846 } 10847 10848 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 10849 void *data; 10850 int len, i; 10851 10852 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 10853 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 10854 settings->n_ciphers_pairwise = len / sizeof(u32); 10855 10856 if (len % sizeof(u32)) 10857 return -EINVAL; 10858 10859 if (settings->n_ciphers_pairwise > cipher_limit) 10860 return -EINVAL; 10861 10862 memcpy(settings->ciphers_pairwise, data, len); 10863 10864 for (i = 0; i < settings->n_ciphers_pairwise; i++) 10865 if (!cfg80211_supported_cipher_suite( 10866 &rdev->wiphy, 10867 settings->ciphers_pairwise[i])) 10868 return -EINVAL; 10869 } 10870 10871 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 10872 settings->cipher_group = 10873 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 10874 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 10875 settings->cipher_group)) 10876 return -EINVAL; 10877 } 10878 10879 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 10880 settings->wpa_versions = 10881 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 10882 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 10883 return -EINVAL; 10884 } 10885 10886 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 10887 void *data; 10888 int len; 10889 10890 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 10891 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 10892 settings->n_akm_suites = len / sizeof(u32); 10893 10894 if (len % sizeof(u32)) 10895 return -EINVAL; 10896 10897 if (settings->n_akm_suites > rdev->wiphy.max_num_akm_suites) 10898 return -EINVAL; 10899 10900 memcpy(settings->akm_suites, data, len); 10901 } 10902 10903 if (info->attrs[NL80211_ATTR_PMK]) { 10904 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN) 10905 return -EINVAL; 10906 if (!wiphy_ext_feature_isset(&rdev->wiphy, 10907 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) && 10908 !wiphy_ext_feature_isset(&rdev->wiphy, 10909 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK)) 10910 return -EINVAL; 10911 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]); 10912 } 10913 10914 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) { 10915 if (!wiphy_ext_feature_isset(&rdev->wiphy, 10916 NL80211_EXT_FEATURE_SAE_OFFLOAD) && 10917 !wiphy_ext_feature_isset(&rdev->wiphy, 10918 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP)) 10919 return -EINVAL; 10920 settings->sae_pwd = 10921 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]); 10922 settings->sae_pwd_len = 10923 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]); 10924 } 10925 10926 if (info->attrs[NL80211_ATTR_SAE_PWE]) 10927 settings->sae_pwe = 10928 nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]); 10929 else 10930 settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED; 10931 10932 return 0; 10933 } 10934 10935 static struct cfg80211_bss *nl80211_assoc_bss(struct cfg80211_registered_device *rdev, 10936 const u8 *ssid, int ssid_len, 10937 struct nlattr **attrs) 10938 { 10939 struct ieee80211_channel *chan; 10940 struct cfg80211_bss *bss; 10941 const u8 *bssid; 10942 u32 freq; 10943 10944 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_WIPHY_FREQ]) 10945 return ERR_PTR(-EINVAL); 10946 10947 bssid = nla_data(attrs[NL80211_ATTR_MAC]); 10948 10949 freq = MHZ_TO_KHZ(nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ])); 10950 if (attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]) 10951 freq += nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]); 10952 10953 chan = nl80211_get_valid_chan(&rdev->wiphy, freq); 10954 if (!chan) 10955 return ERR_PTR(-EINVAL); 10956 10957 bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, 10958 ssid, ssid_len, 10959 IEEE80211_BSS_TYPE_ESS, 10960 IEEE80211_PRIVACY_ANY); 10961 if (!bss) 10962 return ERR_PTR(-ENOENT); 10963 10964 return bss; 10965 } 10966 10967 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 10968 { 10969 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10970 struct net_device *dev = info->user_ptr[1]; 10971 struct cfg80211_assoc_request req = {}; 10972 struct nlattr **attrs = NULL; 10973 const u8 *ap_addr, *ssid; 10974 unsigned int link_id; 10975 int err, ssid_len; 10976 10977 if (dev->ieee80211_ptr->conn_owner_nlportid && 10978 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 10979 return -EPERM; 10980 10981 if (!info->attrs[NL80211_ATTR_SSID]) 10982 return -EINVAL; 10983 10984 if (!rdev->ops->assoc) 10985 return -EOPNOTSUPP; 10986 10987 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 10988 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 10989 return -EOPNOTSUPP; 10990 10991 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 10992 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 10993 10994 if (info->attrs[NL80211_ATTR_IE]) { 10995 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 10996 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 10997 10998 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE, 10999 req.ie, req.ie_len)) { 11000 GENL_SET_ERR_MSG(info, 11001 "non-inheritance makes no sense"); 11002 return -EINVAL; 11003 } 11004 } 11005 11006 if (info->attrs[NL80211_ATTR_USE_MFP]) { 11007 enum nl80211_mfp mfp = 11008 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 11009 if (mfp == NL80211_MFP_REQUIRED) 11010 req.use_mfp = true; 11011 else if (mfp != NL80211_MFP_NO) 11012 return -EINVAL; 11013 } 11014 11015 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 11016 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 11017 11018 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 11019 req.flags |= ASSOC_REQ_DISABLE_HT; 11020 11021 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 11022 memcpy(&req.ht_capa_mask, 11023 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 11024 sizeof(req.ht_capa_mask)); 11025 11026 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 11027 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 11028 return -EINVAL; 11029 memcpy(&req.ht_capa, 11030 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 11031 sizeof(req.ht_capa)); 11032 } 11033 11034 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT])) 11035 req.flags |= ASSOC_REQ_DISABLE_VHT; 11036 11037 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE])) 11038 req.flags |= ASSOC_REQ_DISABLE_HE; 11039 11040 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT])) 11041 req.flags |= ASSOC_REQ_DISABLE_EHT; 11042 11043 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 11044 memcpy(&req.vht_capa_mask, 11045 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]), 11046 sizeof(req.vht_capa_mask)); 11047 11048 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) { 11049 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 11050 return -EINVAL; 11051 memcpy(&req.vht_capa, 11052 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]), 11053 sizeof(req.vht_capa)); 11054 } 11055 11056 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) { 11057 if (!((rdev->wiphy.features & 11058 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) && 11059 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) && 11060 !wiphy_ext_feature_isset(&rdev->wiphy, 11061 NL80211_EXT_FEATURE_RRM)) 11062 return -EINVAL; 11063 req.flags |= ASSOC_REQ_USE_RRM; 11064 } 11065 11066 if (info->attrs[NL80211_ATTR_FILS_KEK]) { 11067 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]); 11068 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]); 11069 if (!info->attrs[NL80211_ATTR_FILS_NONCES]) 11070 return -EINVAL; 11071 req.fils_nonces = 11072 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]); 11073 } 11074 11075 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) { 11076 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY]) 11077 return -EINVAL; 11078 memcpy(&req.s1g_capa_mask, 11079 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]), 11080 sizeof(req.s1g_capa_mask)); 11081 } 11082 11083 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) { 11084 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) 11085 return -EINVAL; 11086 memcpy(&req.s1g_capa, 11087 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]), 11088 sizeof(req.s1g_capa)); 11089 } 11090 11091 req.link_id = nl80211_link_id_or_invalid(info->attrs); 11092 11093 if (info->attrs[NL80211_ATTR_MLO_LINKS]) { 11094 unsigned int attrsize = NUM_NL80211_ATTR * sizeof(*attrs); 11095 struct nlattr *link; 11096 int rem = 0; 11097 11098 if (req.link_id < 0) 11099 return -EINVAL; 11100 11101 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO)) 11102 return -EINVAL; 11103 11104 if (info->attrs[NL80211_ATTR_MAC] || 11105 info->attrs[NL80211_ATTR_WIPHY_FREQ] || 11106 !info->attrs[NL80211_ATTR_MLD_ADDR]) 11107 return -EINVAL; 11108 11109 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]); 11110 ap_addr = req.ap_mld_addr; 11111 11112 attrs = kzalloc(attrsize, GFP_KERNEL); 11113 if (!attrs) 11114 return -ENOMEM; 11115 11116 nla_for_each_nested(link, 11117 info->attrs[NL80211_ATTR_MLO_LINKS], 11118 rem) { 11119 memset(attrs, 0, attrsize); 11120 11121 nla_parse_nested(attrs, NL80211_ATTR_MAX, 11122 link, NULL, NULL); 11123 11124 if (!attrs[NL80211_ATTR_MLO_LINK_ID]) { 11125 err = -EINVAL; 11126 goto free; 11127 } 11128 11129 link_id = nla_get_u8(attrs[NL80211_ATTR_MLO_LINK_ID]); 11130 /* cannot use the same link ID again */ 11131 if (req.links[link_id].bss) { 11132 err = -EINVAL; 11133 goto free; 11134 } 11135 req.links[link_id].bss = 11136 nl80211_assoc_bss(rdev, ssid, ssid_len, attrs); 11137 if (IS_ERR(req.links[link_id].bss)) { 11138 err = PTR_ERR(req.links[link_id].bss); 11139 req.links[link_id].bss = NULL; 11140 goto free; 11141 } 11142 11143 if (attrs[NL80211_ATTR_IE]) { 11144 req.links[link_id].elems = 11145 nla_data(attrs[NL80211_ATTR_IE]); 11146 req.links[link_id].elems_len = 11147 nla_len(attrs[NL80211_ATTR_IE]); 11148 11149 if (cfg80211_find_elem(WLAN_EID_FRAGMENT, 11150 req.links[link_id].elems, 11151 req.links[link_id].elems_len)) { 11152 GENL_SET_ERR_MSG(info, 11153 "cannot deal with fragmentation"); 11154 err = -EINVAL; 11155 goto free; 11156 } 11157 11158 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE, 11159 req.links[link_id].elems, 11160 req.links[link_id].elems_len)) { 11161 GENL_SET_ERR_MSG(info, 11162 "cannot deal with non-inheritance"); 11163 err = -EINVAL; 11164 goto free; 11165 } 11166 } 11167 11168 req.links[link_id].disabled = 11169 nla_get_flag(attrs[NL80211_ATTR_MLO_LINK_DISABLED]); 11170 } 11171 11172 if (!req.links[req.link_id].bss) { 11173 err = -EINVAL; 11174 goto free; 11175 } 11176 11177 if (req.links[req.link_id].elems_len) { 11178 GENL_SET_ERR_MSG(info, 11179 "cannot have per-link elems on assoc link"); 11180 err = -EINVAL; 11181 goto free; 11182 } 11183 11184 if (req.links[req.link_id].disabled) { 11185 GENL_SET_ERR_MSG(info, 11186 "cannot have assoc link disabled"); 11187 err = -EINVAL; 11188 goto free; 11189 } 11190 11191 kfree(attrs); 11192 attrs = NULL; 11193 } else { 11194 if (req.link_id >= 0) 11195 return -EINVAL; 11196 11197 req.bss = nl80211_assoc_bss(rdev, ssid, ssid_len, info->attrs); 11198 if (IS_ERR(req.bss)) 11199 return PTR_ERR(req.bss); 11200 ap_addr = req.bss->bssid; 11201 } 11202 11203 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1); 11204 if (!err) { 11205 wdev_lock(dev->ieee80211_ptr); 11206 11207 err = cfg80211_mlme_assoc(rdev, dev, &req); 11208 11209 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 11210 dev->ieee80211_ptr->conn_owner_nlportid = 11211 info->snd_portid; 11212 memcpy(dev->ieee80211_ptr->disconnect_bssid, 11213 ap_addr, ETH_ALEN); 11214 } 11215 11216 wdev_unlock(dev->ieee80211_ptr); 11217 } 11218 11219 free: 11220 for (link_id = 0; link_id < ARRAY_SIZE(req.links); link_id++) 11221 cfg80211_put_bss(&rdev->wiphy, req.links[link_id].bss); 11222 cfg80211_put_bss(&rdev->wiphy, req.bss); 11223 kfree(attrs); 11224 11225 return err; 11226 } 11227 11228 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 11229 { 11230 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11231 struct net_device *dev = info->user_ptr[1]; 11232 const u8 *ie = NULL, *bssid; 11233 int ie_len = 0, err; 11234 u16 reason_code; 11235 bool local_state_change; 11236 11237 if (dev->ieee80211_ptr->conn_owner_nlportid && 11238 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 11239 return -EPERM; 11240 11241 if (!info->attrs[NL80211_ATTR_MAC]) 11242 return -EINVAL; 11243 11244 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 11245 return -EINVAL; 11246 11247 if (!rdev->ops->deauth) 11248 return -EOPNOTSUPP; 11249 11250 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 11251 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 11252 return -EOPNOTSUPP; 11253 11254 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 11255 11256 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 11257 if (reason_code == 0) { 11258 /* Reason Code 0 is reserved */ 11259 return -EINVAL; 11260 } 11261 11262 if (info->attrs[NL80211_ATTR_IE]) { 11263 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 11264 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 11265 } 11266 11267 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 11268 11269 wdev_lock(dev->ieee80211_ptr); 11270 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 11271 local_state_change); 11272 wdev_unlock(dev->ieee80211_ptr); 11273 return err; 11274 } 11275 11276 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 11277 { 11278 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11279 struct net_device *dev = info->user_ptr[1]; 11280 const u8 *ie = NULL, *bssid; 11281 int ie_len = 0, err; 11282 u16 reason_code; 11283 bool local_state_change; 11284 11285 if (dev->ieee80211_ptr->conn_owner_nlportid && 11286 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 11287 return -EPERM; 11288 11289 if (!info->attrs[NL80211_ATTR_MAC]) 11290 return -EINVAL; 11291 11292 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 11293 return -EINVAL; 11294 11295 if (!rdev->ops->disassoc) 11296 return -EOPNOTSUPP; 11297 11298 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 11299 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 11300 return -EOPNOTSUPP; 11301 11302 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 11303 11304 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 11305 if (reason_code == 0) { 11306 /* Reason Code 0 is reserved */ 11307 return -EINVAL; 11308 } 11309 11310 if (info->attrs[NL80211_ATTR_IE]) { 11311 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 11312 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 11313 } 11314 11315 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 11316 11317 wdev_lock(dev->ieee80211_ptr); 11318 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 11319 local_state_change); 11320 wdev_unlock(dev->ieee80211_ptr); 11321 return err; 11322 } 11323 11324 static bool 11325 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 11326 int mcast_rate[NUM_NL80211_BANDS], 11327 int rateval) 11328 { 11329 struct wiphy *wiphy = &rdev->wiphy; 11330 bool found = false; 11331 int band, i; 11332 11333 for (band = 0; band < NUM_NL80211_BANDS; band++) { 11334 struct ieee80211_supported_band *sband; 11335 11336 sband = wiphy->bands[band]; 11337 if (!sband) 11338 continue; 11339 11340 for (i = 0; i < sband->n_bitrates; i++) { 11341 if (sband->bitrates[i].bitrate == rateval) { 11342 mcast_rate[band] = i + 1; 11343 found = true; 11344 break; 11345 } 11346 } 11347 } 11348 11349 return found; 11350 } 11351 11352 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 11353 { 11354 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11355 struct net_device *dev = info->user_ptr[1]; 11356 struct cfg80211_ibss_params ibss; 11357 struct wiphy *wiphy; 11358 struct cfg80211_cached_keys *connkeys = NULL; 11359 int err; 11360 11361 memset(&ibss, 0, sizeof(ibss)); 11362 11363 if (!info->attrs[NL80211_ATTR_SSID] || 11364 !nla_len(info->attrs[NL80211_ATTR_SSID])) 11365 return -EINVAL; 11366 11367 ibss.beacon_interval = 100; 11368 11369 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) 11370 ibss.beacon_interval = 11371 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 11372 11373 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC, 11374 ibss.beacon_interval); 11375 if (err) 11376 return err; 11377 11378 if (!rdev->ops->join_ibss) 11379 return -EOPNOTSUPP; 11380 11381 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 11382 return -EOPNOTSUPP; 11383 11384 wiphy = &rdev->wiphy; 11385 11386 if (info->attrs[NL80211_ATTR_MAC]) { 11387 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 11388 11389 if (!is_valid_ether_addr(ibss.bssid)) 11390 return -EINVAL; 11391 } 11392 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 11393 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 11394 11395 if (info->attrs[NL80211_ATTR_IE]) { 11396 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 11397 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 11398 } 11399 11400 err = nl80211_parse_chandef(rdev, info, &ibss.chandef); 11401 if (err) 11402 return err; 11403 11404 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef, 11405 NL80211_IFTYPE_ADHOC)) 11406 return -EINVAL; 11407 11408 switch (ibss.chandef.width) { 11409 case NL80211_CHAN_WIDTH_5: 11410 case NL80211_CHAN_WIDTH_10: 11411 case NL80211_CHAN_WIDTH_20_NOHT: 11412 break; 11413 case NL80211_CHAN_WIDTH_20: 11414 case NL80211_CHAN_WIDTH_40: 11415 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)) 11416 return -EINVAL; 11417 break; 11418 case NL80211_CHAN_WIDTH_80: 11419 case NL80211_CHAN_WIDTH_80P80: 11420 case NL80211_CHAN_WIDTH_160: 11421 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)) 11422 return -EINVAL; 11423 if (!wiphy_ext_feature_isset(&rdev->wiphy, 11424 NL80211_EXT_FEATURE_VHT_IBSS)) 11425 return -EINVAL; 11426 break; 11427 case NL80211_CHAN_WIDTH_320: 11428 return -EINVAL; 11429 default: 11430 return -EINVAL; 11431 } 11432 11433 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 11434 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 11435 11436 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 11437 u8 *rates = 11438 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 11439 int n_rates = 11440 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 11441 struct ieee80211_supported_band *sband = 11442 wiphy->bands[ibss.chandef.chan->band]; 11443 11444 err = ieee80211_get_ratemask(sband, rates, n_rates, 11445 &ibss.basic_rates); 11446 if (err) 11447 return err; 11448 } 11449 11450 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 11451 memcpy(&ibss.ht_capa_mask, 11452 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 11453 sizeof(ibss.ht_capa_mask)); 11454 11455 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 11456 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 11457 return -EINVAL; 11458 memcpy(&ibss.ht_capa, 11459 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 11460 sizeof(ibss.ht_capa)); 11461 } 11462 11463 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 11464 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 11465 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 11466 return -EINVAL; 11467 11468 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 11469 bool no_ht = false; 11470 11471 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht); 11472 if (IS_ERR(connkeys)) 11473 return PTR_ERR(connkeys); 11474 11475 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) && 11476 no_ht) { 11477 kfree_sensitive(connkeys); 11478 return -EINVAL; 11479 } 11480 } 11481 11482 ibss.control_port = 11483 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 11484 11485 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { 11486 int r = validate_pae_over_nl80211(rdev, info); 11487 11488 if (r < 0) { 11489 kfree_sensitive(connkeys); 11490 return r; 11491 } 11492 11493 ibss.control_port_over_nl80211 = true; 11494 } 11495 11496 ibss.userspace_handles_dfs = 11497 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); 11498 11499 wdev_lock(dev->ieee80211_ptr); 11500 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 11501 if (err) 11502 kfree_sensitive(connkeys); 11503 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 11504 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; 11505 wdev_unlock(dev->ieee80211_ptr); 11506 11507 return err; 11508 } 11509 11510 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 11511 { 11512 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11513 struct net_device *dev = info->user_ptr[1]; 11514 11515 if (!rdev->ops->leave_ibss) 11516 return -EOPNOTSUPP; 11517 11518 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 11519 return -EOPNOTSUPP; 11520 11521 return cfg80211_leave_ibss(rdev, dev, false); 11522 } 11523 11524 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info) 11525 { 11526 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11527 struct net_device *dev = info->user_ptr[1]; 11528 int mcast_rate[NUM_NL80211_BANDS]; 11529 u32 nla_rate; 11530 11531 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 11532 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 11533 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB) 11534 return -EOPNOTSUPP; 11535 11536 if (!rdev->ops->set_mcast_rate) 11537 return -EOPNOTSUPP; 11538 11539 memset(mcast_rate, 0, sizeof(mcast_rate)); 11540 11541 if (!info->attrs[NL80211_ATTR_MCAST_RATE]) 11542 return -EINVAL; 11543 11544 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]); 11545 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate)) 11546 return -EINVAL; 11547 11548 return rdev_set_mcast_rate(rdev, dev, mcast_rate); 11549 } 11550 11551 static struct sk_buff * 11552 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev, 11553 struct wireless_dev *wdev, int approxlen, 11554 u32 portid, u32 seq, enum nl80211_commands cmd, 11555 enum nl80211_attrs attr, 11556 const struct nl80211_vendor_cmd_info *info, 11557 gfp_t gfp) 11558 { 11559 struct sk_buff *skb; 11560 void *hdr; 11561 struct nlattr *data; 11562 11563 skb = nlmsg_new(approxlen + 100, gfp); 11564 if (!skb) 11565 return NULL; 11566 11567 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd); 11568 if (!hdr) { 11569 kfree_skb(skb); 11570 return NULL; 11571 } 11572 11573 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 11574 goto nla_put_failure; 11575 11576 if (info) { 11577 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID, 11578 info->vendor_id)) 11579 goto nla_put_failure; 11580 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD, 11581 info->subcmd)) 11582 goto nla_put_failure; 11583 } 11584 11585 if (wdev) { 11586 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV, 11587 wdev_id(wdev), NL80211_ATTR_PAD)) 11588 goto nla_put_failure; 11589 if (wdev->netdev && 11590 nla_put_u32(skb, NL80211_ATTR_IFINDEX, 11591 wdev->netdev->ifindex)) 11592 goto nla_put_failure; 11593 } 11594 11595 data = nla_nest_start_noflag(skb, attr); 11596 if (!data) 11597 goto nla_put_failure; 11598 11599 ((void **)skb->cb)[0] = rdev; 11600 ((void **)skb->cb)[1] = hdr; 11601 ((void **)skb->cb)[2] = data; 11602 11603 return skb; 11604 11605 nla_put_failure: 11606 kfree_skb(skb); 11607 return NULL; 11608 } 11609 11610 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy, 11611 struct wireless_dev *wdev, 11612 enum nl80211_commands cmd, 11613 enum nl80211_attrs attr, 11614 unsigned int portid, 11615 int vendor_event_idx, 11616 int approxlen, gfp_t gfp) 11617 { 11618 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 11619 const struct nl80211_vendor_cmd_info *info; 11620 11621 switch (cmd) { 11622 case NL80211_CMD_TESTMODE: 11623 if (WARN_ON(vendor_event_idx != -1)) 11624 return NULL; 11625 info = NULL; 11626 break; 11627 case NL80211_CMD_VENDOR: 11628 if (WARN_ON(vendor_event_idx < 0 || 11629 vendor_event_idx >= wiphy->n_vendor_events)) 11630 return NULL; 11631 info = &wiphy->vendor_events[vendor_event_idx]; 11632 break; 11633 default: 11634 WARN_ON(1); 11635 return NULL; 11636 } 11637 11638 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0, 11639 cmd, attr, info, gfp); 11640 } 11641 EXPORT_SYMBOL(__cfg80211_alloc_event_skb); 11642 11643 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp) 11644 { 11645 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 11646 void *hdr = ((void **)skb->cb)[1]; 11647 struct nlmsghdr *nlhdr = nlmsg_hdr(skb); 11648 struct nlattr *data = ((void **)skb->cb)[2]; 11649 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE; 11650 11651 /* clear CB data for netlink core to own from now on */ 11652 memset(skb->cb, 0, sizeof(skb->cb)); 11653 11654 nla_nest_end(skb, data); 11655 genlmsg_end(skb, hdr); 11656 11657 if (nlhdr->nlmsg_pid) { 11658 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb, 11659 nlhdr->nlmsg_pid); 11660 } else { 11661 if (data->nla_type == NL80211_ATTR_VENDOR_DATA) 11662 mcgrp = NL80211_MCGRP_VENDOR; 11663 11664 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 11665 skb, 0, mcgrp, gfp); 11666 } 11667 } 11668 EXPORT_SYMBOL(__cfg80211_send_event_skb); 11669 11670 #ifdef CONFIG_NL80211_TESTMODE 11671 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 11672 { 11673 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11674 struct wireless_dev *wdev; 11675 int err; 11676 11677 lockdep_assert_held(&rdev->wiphy.mtx); 11678 11679 wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info), 11680 info->attrs); 11681 11682 if (!rdev->ops->testmode_cmd) 11683 return -EOPNOTSUPP; 11684 11685 if (IS_ERR(wdev)) { 11686 err = PTR_ERR(wdev); 11687 if (err != -EINVAL) 11688 return err; 11689 wdev = NULL; 11690 } else if (wdev->wiphy != &rdev->wiphy) { 11691 return -EINVAL; 11692 } 11693 11694 if (!info->attrs[NL80211_ATTR_TESTDATA]) 11695 return -EINVAL; 11696 11697 rdev->cur_cmd_info = info; 11698 err = rdev_testmode_cmd(rdev, wdev, 11699 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 11700 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 11701 rdev->cur_cmd_info = NULL; 11702 11703 return err; 11704 } 11705 11706 static int nl80211_testmode_dump(struct sk_buff *skb, 11707 struct netlink_callback *cb) 11708 { 11709 struct cfg80211_registered_device *rdev; 11710 struct nlattr **attrbuf = NULL; 11711 int err; 11712 long phy_idx; 11713 void *data = NULL; 11714 int data_len = 0; 11715 11716 rtnl_lock(); 11717 11718 if (cb->args[0]) { 11719 /* 11720 * 0 is a valid index, but not valid for args[0], 11721 * so we need to offset by 1. 11722 */ 11723 phy_idx = cb->args[0] - 1; 11724 11725 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 11726 if (!rdev) { 11727 err = -ENOENT; 11728 goto out_err; 11729 } 11730 } else { 11731 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), 11732 GFP_KERNEL); 11733 if (!attrbuf) { 11734 err = -ENOMEM; 11735 goto out_err; 11736 } 11737 11738 err = nlmsg_parse_deprecated(cb->nlh, 11739 GENL_HDRLEN + nl80211_fam.hdrsize, 11740 attrbuf, nl80211_fam.maxattr, 11741 nl80211_policy, NULL); 11742 if (err) 11743 goto out_err; 11744 11745 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf); 11746 if (IS_ERR(rdev)) { 11747 err = PTR_ERR(rdev); 11748 goto out_err; 11749 } 11750 phy_idx = rdev->wiphy_idx; 11751 11752 if (attrbuf[NL80211_ATTR_TESTDATA]) 11753 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA]; 11754 } 11755 11756 if (cb->args[1]) { 11757 data = nla_data((void *)cb->args[1]); 11758 data_len = nla_len((void *)cb->args[1]); 11759 } 11760 11761 if (!rdev->ops->testmode_dump) { 11762 err = -EOPNOTSUPP; 11763 goto out_err; 11764 } 11765 11766 while (1) { 11767 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 11768 cb->nlh->nlmsg_seq, NLM_F_MULTI, 11769 NL80211_CMD_TESTMODE); 11770 struct nlattr *tmdata; 11771 11772 if (!hdr) 11773 break; 11774 11775 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 11776 genlmsg_cancel(skb, hdr); 11777 break; 11778 } 11779 11780 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA); 11781 if (!tmdata) { 11782 genlmsg_cancel(skb, hdr); 11783 break; 11784 } 11785 err = rdev_testmode_dump(rdev, skb, cb, data, data_len); 11786 nla_nest_end(skb, tmdata); 11787 11788 if (err == -ENOBUFS || err == -ENOENT) { 11789 genlmsg_cancel(skb, hdr); 11790 break; 11791 } else if (err) { 11792 genlmsg_cancel(skb, hdr); 11793 goto out_err; 11794 } 11795 11796 genlmsg_end(skb, hdr); 11797 } 11798 11799 err = skb->len; 11800 /* see above */ 11801 cb->args[0] = phy_idx + 1; 11802 out_err: 11803 kfree(attrbuf); 11804 rtnl_unlock(); 11805 return err; 11806 } 11807 #endif 11808 11809 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 11810 { 11811 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11812 struct net_device *dev = info->user_ptr[1]; 11813 struct cfg80211_connect_params connect; 11814 struct wiphy *wiphy; 11815 struct cfg80211_cached_keys *connkeys = NULL; 11816 u32 freq = 0; 11817 int err; 11818 11819 memset(&connect, 0, sizeof(connect)); 11820 11821 if (!info->attrs[NL80211_ATTR_SSID] || 11822 !nla_len(info->attrs[NL80211_ATTR_SSID])) 11823 return -EINVAL; 11824 11825 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 11826 connect.auth_type = 11827 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 11828 if (!nl80211_valid_auth_type(rdev, connect.auth_type, 11829 NL80211_CMD_CONNECT)) 11830 return -EINVAL; 11831 } else 11832 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 11833 11834 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 11835 11836 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] && 11837 !wiphy_ext_feature_isset(&rdev->wiphy, 11838 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) 11839 return -EINVAL; 11840 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS]; 11841 11842 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 11843 NL80211_MAX_NR_CIPHER_SUITES); 11844 if (err) 11845 return err; 11846 11847 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 11848 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 11849 return -EOPNOTSUPP; 11850 11851 wiphy = &rdev->wiphy; 11852 11853 connect.bg_scan_period = -1; 11854 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 11855 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 11856 connect.bg_scan_period = 11857 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 11858 } 11859 11860 if (info->attrs[NL80211_ATTR_MAC]) 11861 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 11862 else if (info->attrs[NL80211_ATTR_MAC_HINT]) 11863 connect.bssid_hint = 11864 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]); 11865 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 11866 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 11867 11868 if (info->attrs[NL80211_ATTR_IE]) { 11869 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 11870 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 11871 } 11872 11873 if (info->attrs[NL80211_ATTR_USE_MFP]) { 11874 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 11875 if (connect.mfp == NL80211_MFP_OPTIONAL && 11876 !wiphy_ext_feature_isset(&rdev->wiphy, 11877 NL80211_EXT_FEATURE_MFP_OPTIONAL)) 11878 return -EOPNOTSUPP; 11879 } else { 11880 connect.mfp = NL80211_MFP_NO; 11881 } 11882 11883 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 11884 connect.prev_bssid = 11885 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 11886 11887 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) 11888 freq = MHZ_TO_KHZ(nla_get_u32( 11889 info->attrs[NL80211_ATTR_WIPHY_FREQ])); 11890 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]) 11891 freq += 11892 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]); 11893 11894 if (freq) { 11895 connect.channel = nl80211_get_valid_chan(wiphy, freq); 11896 if (!connect.channel) 11897 return -EINVAL; 11898 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) { 11899 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]); 11900 freq = MHZ_TO_KHZ(freq); 11901 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq); 11902 if (!connect.channel_hint) 11903 return -EINVAL; 11904 } 11905 11906 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) { 11907 connect.edmg.channels = 11908 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]); 11909 11910 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]) 11911 connect.edmg.bw_config = 11912 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]); 11913 } 11914 11915 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 11916 connkeys = nl80211_parse_connkeys(rdev, info, NULL); 11917 if (IS_ERR(connkeys)) 11918 return PTR_ERR(connkeys); 11919 } 11920 11921 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 11922 connect.flags |= ASSOC_REQ_DISABLE_HT; 11923 11924 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 11925 memcpy(&connect.ht_capa_mask, 11926 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 11927 sizeof(connect.ht_capa_mask)); 11928 11929 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 11930 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) { 11931 kfree_sensitive(connkeys); 11932 return -EINVAL; 11933 } 11934 memcpy(&connect.ht_capa, 11935 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 11936 sizeof(connect.ht_capa)); 11937 } 11938 11939 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT])) 11940 connect.flags |= ASSOC_REQ_DISABLE_VHT; 11941 11942 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE])) 11943 connect.flags |= ASSOC_REQ_DISABLE_HE; 11944 11945 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT])) 11946 connect.flags |= ASSOC_REQ_DISABLE_EHT; 11947 11948 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 11949 memcpy(&connect.vht_capa_mask, 11950 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]), 11951 sizeof(connect.vht_capa_mask)); 11952 11953 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) { 11954 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) { 11955 kfree_sensitive(connkeys); 11956 return -EINVAL; 11957 } 11958 memcpy(&connect.vht_capa, 11959 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]), 11960 sizeof(connect.vht_capa)); 11961 } 11962 11963 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) { 11964 if (!((rdev->wiphy.features & 11965 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) && 11966 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) && 11967 !wiphy_ext_feature_isset(&rdev->wiphy, 11968 NL80211_EXT_FEATURE_RRM)) { 11969 kfree_sensitive(connkeys); 11970 return -EINVAL; 11971 } 11972 connect.flags |= ASSOC_REQ_USE_RRM; 11973 } 11974 11975 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]); 11976 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) { 11977 kfree_sensitive(connkeys); 11978 return -EOPNOTSUPP; 11979 } 11980 11981 if (info->attrs[NL80211_ATTR_BSS_SELECT]) { 11982 /* bss selection makes no sense if bssid is set */ 11983 if (connect.bssid) { 11984 kfree_sensitive(connkeys); 11985 return -EINVAL; 11986 } 11987 11988 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT], 11989 wiphy, &connect.bss_select); 11990 if (err) { 11991 kfree_sensitive(connkeys); 11992 return err; 11993 } 11994 } 11995 11996 if (wiphy_ext_feature_isset(&rdev->wiphy, 11997 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) && 11998 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] && 11999 info->attrs[NL80211_ATTR_FILS_ERP_REALM] && 12000 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] && 12001 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 12002 connect.fils_erp_username = 12003 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 12004 connect.fils_erp_username_len = 12005 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 12006 connect.fils_erp_realm = 12007 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 12008 connect.fils_erp_realm_len = 12009 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 12010 connect.fils_erp_next_seq_num = 12011 nla_get_u16( 12012 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]); 12013 connect.fils_erp_rrk = 12014 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 12015 connect.fils_erp_rrk_len = 12016 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 12017 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] || 12018 info->attrs[NL80211_ATTR_FILS_ERP_REALM] || 12019 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] || 12020 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 12021 kfree_sensitive(connkeys); 12022 return -EINVAL; 12023 } 12024 12025 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) { 12026 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 12027 kfree_sensitive(connkeys); 12028 GENL_SET_ERR_MSG(info, 12029 "external auth requires connection ownership"); 12030 return -EINVAL; 12031 } 12032 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT; 12033 } 12034 12035 if (nla_get_flag(info->attrs[NL80211_ATTR_MLO_SUPPORT])) 12036 connect.flags |= CONNECT_REQ_MLO_SUPPORT; 12037 12038 wdev_lock(dev->ieee80211_ptr); 12039 12040 err = cfg80211_connect(rdev, dev, &connect, connkeys, 12041 connect.prev_bssid); 12042 if (err) 12043 kfree_sensitive(connkeys); 12044 12045 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 12046 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; 12047 if (connect.bssid) 12048 memcpy(dev->ieee80211_ptr->disconnect_bssid, 12049 connect.bssid, ETH_ALEN); 12050 else 12051 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid); 12052 } 12053 12054 wdev_unlock(dev->ieee80211_ptr); 12055 12056 return err; 12057 } 12058 12059 static int nl80211_update_connect_params(struct sk_buff *skb, 12060 struct genl_info *info) 12061 { 12062 struct cfg80211_connect_params connect = {}; 12063 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12064 struct net_device *dev = info->user_ptr[1]; 12065 struct wireless_dev *wdev = dev->ieee80211_ptr; 12066 bool fils_sk_offload; 12067 u32 auth_type; 12068 u32 changed = 0; 12069 int ret; 12070 12071 if (!rdev->ops->update_connect_params) 12072 return -EOPNOTSUPP; 12073 12074 if (info->attrs[NL80211_ATTR_IE]) { 12075 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 12076 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 12077 changed |= UPDATE_ASSOC_IES; 12078 } 12079 12080 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy, 12081 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD); 12082 12083 /* 12084 * when driver supports fils-sk offload all attributes must be 12085 * provided. So the else covers "fils-sk-not-all" and 12086 * "no-fils-sk-any". 12087 */ 12088 if (fils_sk_offload && 12089 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] && 12090 info->attrs[NL80211_ATTR_FILS_ERP_REALM] && 12091 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] && 12092 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 12093 connect.fils_erp_username = 12094 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 12095 connect.fils_erp_username_len = 12096 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 12097 connect.fils_erp_realm = 12098 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 12099 connect.fils_erp_realm_len = 12100 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 12101 connect.fils_erp_next_seq_num = 12102 nla_get_u16( 12103 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]); 12104 connect.fils_erp_rrk = 12105 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 12106 connect.fils_erp_rrk_len = 12107 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 12108 changed |= UPDATE_FILS_ERP_INFO; 12109 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] || 12110 info->attrs[NL80211_ATTR_FILS_ERP_REALM] || 12111 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] || 12112 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 12113 return -EINVAL; 12114 } 12115 12116 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 12117 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 12118 if (!nl80211_valid_auth_type(rdev, auth_type, 12119 NL80211_CMD_CONNECT)) 12120 return -EINVAL; 12121 12122 if (auth_type == NL80211_AUTHTYPE_FILS_SK && 12123 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO)) 12124 return -EINVAL; 12125 12126 connect.auth_type = auth_type; 12127 changed |= UPDATE_AUTH_TYPE; 12128 } 12129 12130 wdev_lock(dev->ieee80211_ptr); 12131 if (!wdev->connected) 12132 ret = -ENOLINK; 12133 else 12134 ret = rdev_update_connect_params(rdev, dev, &connect, changed); 12135 wdev_unlock(dev->ieee80211_ptr); 12136 12137 return ret; 12138 } 12139 12140 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 12141 { 12142 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12143 struct net_device *dev = info->user_ptr[1]; 12144 u16 reason; 12145 int ret; 12146 12147 if (dev->ieee80211_ptr->conn_owner_nlportid && 12148 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 12149 return -EPERM; 12150 12151 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 12152 reason = WLAN_REASON_DEAUTH_LEAVING; 12153 else 12154 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 12155 12156 if (reason == 0) 12157 return -EINVAL; 12158 12159 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 12160 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 12161 return -EOPNOTSUPP; 12162 12163 wdev_lock(dev->ieee80211_ptr); 12164 ret = cfg80211_disconnect(rdev, dev, reason, true); 12165 wdev_unlock(dev->ieee80211_ptr); 12166 return ret; 12167 } 12168 12169 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 12170 { 12171 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12172 struct net *net; 12173 int err; 12174 12175 if (info->attrs[NL80211_ATTR_PID]) { 12176 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 12177 12178 net = get_net_ns_by_pid(pid); 12179 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) { 12180 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]); 12181 12182 net = get_net_ns_by_fd(fd); 12183 } else { 12184 return -EINVAL; 12185 } 12186 12187 if (IS_ERR(net)) 12188 return PTR_ERR(net); 12189 12190 err = 0; 12191 12192 /* check if anything to do */ 12193 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 12194 err = cfg80211_switch_netns(rdev, net); 12195 12196 put_net(net); 12197 return err; 12198 } 12199 12200 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 12201 { 12202 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12203 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 12204 struct cfg80211_pmksa *pmksa) = NULL; 12205 struct net_device *dev = info->user_ptr[1]; 12206 struct cfg80211_pmksa pmksa; 12207 12208 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 12209 12210 if (!info->attrs[NL80211_ATTR_PMKID]) 12211 return -EINVAL; 12212 12213 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 12214 12215 if (info->attrs[NL80211_ATTR_MAC]) { 12216 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 12217 } else if (info->attrs[NL80211_ATTR_SSID] && 12218 info->attrs[NL80211_ATTR_FILS_CACHE_ID] && 12219 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA || 12220 info->attrs[NL80211_ATTR_PMK])) { 12221 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 12222 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 12223 pmksa.cache_id = 12224 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]); 12225 } else { 12226 return -EINVAL; 12227 } 12228 if (info->attrs[NL80211_ATTR_PMK]) { 12229 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]); 12230 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]); 12231 } 12232 12233 if (info->attrs[NL80211_ATTR_PMK_LIFETIME]) 12234 pmksa.pmk_lifetime = 12235 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]); 12236 12237 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]) 12238 pmksa.pmk_reauth_threshold = 12239 nla_get_u8( 12240 info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]); 12241 12242 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 12243 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 12244 !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP && 12245 wiphy_ext_feature_isset(&rdev->wiphy, 12246 NL80211_EXT_FEATURE_AP_PMKSA_CACHING))) 12247 return -EOPNOTSUPP; 12248 12249 switch (info->genlhdr->cmd) { 12250 case NL80211_CMD_SET_PMKSA: 12251 rdev_ops = rdev->ops->set_pmksa; 12252 break; 12253 case NL80211_CMD_DEL_PMKSA: 12254 rdev_ops = rdev->ops->del_pmksa; 12255 break; 12256 default: 12257 WARN_ON(1); 12258 break; 12259 } 12260 12261 if (!rdev_ops) 12262 return -EOPNOTSUPP; 12263 12264 return rdev_ops(&rdev->wiphy, dev, &pmksa); 12265 } 12266 12267 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 12268 { 12269 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12270 struct net_device *dev = info->user_ptr[1]; 12271 12272 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 12273 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 12274 return -EOPNOTSUPP; 12275 12276 if (!rdev->ops->flush_pmksa) 12277 return -EOPNOTSUPP; 12278 12279 return rdev_flush_pmksa(rdev, dev); 12280 } 12281 12282 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 12283 { 12284 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12285 struct net_device *dev = info->user_ptr[1]; 12286 u8 action_code, dialog_token; 12287 u32 peer_capability = 0; 12288 u16 status_code; 12289 u8 *peer; 12290 int link_id; 12291 bool initiator; 12292 12293 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 12294 !rdev->ops->tdls_mgmt) 12295 return -EOPNOTSUPP; 12296 12297 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 12298 !info->attrs[NL80211_ATTR_STATUS_CODE] || 12299 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 12300 !info->attrs[NL80211_ATTR_IE] || 12301 !info->attrs[NL80211_ATTR_MAC]) 12302 return -EINVAL; 12303 12304 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 12305 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 12306 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 12307 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 12308 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]); 12309 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]) 12310 peer_capability = 12311 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]); 12312 link_id = nl80211_link_id_or_invalid(info->attrs); 12313 12314 return rdev_tdls_mgmt(rdev, dev, peer, link_id, action_code, 12315 dialog_token, status_code, peer_capability, 12316 initiator, 12317 nla_data(info->attrs[NL80211_ATTR_IE]), 12318 nla_len(info->attrs[NL80211_ATTR_IE])); 12319 } 12320 12321 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 12322 { 12323 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12324 struct net_device *dev = info->user_ptr[1]; 12325 enum nl80211_tdls_operation operation; 12326 u8 *peer; 12327 12328 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 12329 !rdev->ops->tdls_oper) 12330 return -EOPNOTSUPP; 12331 12332 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 12333 !info->attrs[NL80211_ATTR_MAC]) 12334 return -EINVAL; 12335 12336 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 12337 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 12338 12339 return rdev_tdls_oper(rdev, dev, peer, operation); 12340 } 12341 12342 static int nl80211_remain_on_channel(struct sk_buff *skb, 12343 struct genl_info *info) 12344 { 12345 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12346 unsigned int link_id = nl80211_link_id(info->attrs); 12347 struct wireless_dev *wdev = info->user_ptr[1]; 12348 struct cfg80211_chan_def chandef; 12349 struct sk_buff *msg; 12350 void *hdr; 12351 u64 cookie; 12352 u32 duration; 12353 int err; 12354 12355 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 12356 !info->attrs[NL80211_ATTR_DURATION]) 12357 return -EINVAL; 12358 12359 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 12360 12361 if (!rdev->ops->remain_on_channel || 12362 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 12363 return -EOPNOTSUPP; 12364 12365 /* 12366 * We should be on that channel for at least a minimum amount of 12367 * time (10ms) but no longer than the driver supports. 12368 */ 12369 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 12370 duration > rdev->wiphy.max_remain_on_channel_duration) 12371 return -EINVAL; 12372 12373 err = nl80211_parse_chandef(rdev, info, &chandef); 12374 if (err) 12375 return err; 12376 12377 wdev_lock(wdev); 12378 if (!cfg80211_off_channel_oper_allowed(wdev, chandef.chan)) { 12379 const struct cfg80211_chan_def *oper_chandef, *compat_chandef; 12380 12381 oper_chandef = wdev_chandef(wdev, link_id); 12382 12383 if (WARN_ON(!oper_chandef)) { 12384 /* cannot happen since we must beacon to get here */ 12385 WARN_ON(1); 12386 wdev_unlock(wdev); 12387 return -EBUSY; 12388 } 12389 12390 /* note: returns first one if identical chandefs */ 12391 compat_chandef = cfg80211_chandef_compatible(&chandef, 12392 oper_chandef); 12393 12394 if (compat_chandef != &chandef) { 12395 wdev_unlock(wdev); 12396 return -EBUSY; 12397 } 12398 } 12399 wdev_unlock(wdev); 12400 12401 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12402 if (!msg) 12403 return -ENOMEM; 12404 12405 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 12406 NL80211_CMD_REMAIN_ON_CHANNEL); 12407 if (!hdr) { 12408 err = -ENOBUFS; 12409 goto free_msg; 12410 } 12411 12412 err = rdev_remain_on_channel(rdev, wdev, chandef.chan, 12413 duration, &cookie); 12414 12415 if (err) 12416 goto free_msg; 12417 12418 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 12419 NL80211_ATTR_PAD)) 12420 goto nla_put_failure; 12421 12422 genlmsg_end(msg, hdr); 12423 12424 return genlmsg_reply(msg, info); 12425 12426 nla_put_failure: 12427 err = -ENOBUFS; 12428 free_msg: 12429 nlmsg_free(msg); 12430 return err; 12431 } 12432 12433 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 12434 struct genl_info *info) 12435 { 12436 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12437 struct wireless_dev *wdev = info->user_ptr[1]; 12438 u64 cookie; 12439 12440 if (!info->attrs[NL80211_ATTR_COOKIE]) 12441 return -EINVAL; 12442 12443 if (!rdev->ops->cancel_remain_on_channel) 12444 return -EOPNOTSUPP; 12445 12446 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 12447 12448 return rdev_cancel_remain_on_channel(rdev, wdev, cookie); 12449 } 12450 12451 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 12452 struct genl_info *info) 12453 { 12454 struct cfg80211_bitrate_mask mask; 12455 unsigned int link_id = nl80211_link_id(info->attrs); 12456 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12457 struct net_device *dev = info->user_ptr[1]; 12458 struct wireless_dev *wdev = dev->ieee80211_ptr; 12459 int err; 12460 12461 if (!rdev->ops->set_bitrate_mask) 12462 return -EOPNOTSUPP; 12463 12464 wdev_lock(wdev); 12465 err = nl80211_parse_tx_bitrate_mask(info, info->attrs, 12466 NL80211_ATTR_TX_RATES, &mask, 12467 dev, true, link_id); 12468 if (err) 12469 goto out; 12470 12471 err = rdev_set_bitrate_mask(rdev, dev, link_id, NULL, &mask); 12472 out: 12473 wdev_unlock(wdev); 12474 return err; 12475 } 12476 12477 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 12478 { 12479 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12480 struct wireless_dev *wdev = info->user_ptr[1]; 12481 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 12482 12483 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 12484 return -EINVAL; 12485 12486 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 12487 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 12488 12489 switch (wdev->iftype) { 12490 case NL80211_IFTYPE_STATION: 12491 case NL80211_IFTYPE_ADHOC: 12492 case NL80211_IFTYPE_P2P_CLIENT: 12493 case NL80211_IFTYPE_AP: 12494 case NL80211_IFTYPE_AP_VLAN: 12495 case NL80211_IFTYPE_MESH_POINT: 12496 case NL80211_IFTYPE_P2P_GO: 12497 case NL80211_IFTYPE_P2P_DEVICE: 12498 break; 12499 case NL80211_IFTYPE_NAN: 12500 if (!wiphy_ext_feature_isset(wdev->wiphy, 12501 NL80211_EXT_FEATURE_SECURE_NAN)) 12502 return -EOPNOTSUPP; 12503 break; 12504 default: 12505 return -EOPNOTSUPP; 12506 } 12507 12508 /* not much point in registering if we can't reply */ 12509 if (!rdev->ops->mgmt_tx) 12510 return -EOPNOTSUPP; 12511 12512 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] && 12513 !wiphy_ext_feature_isset(&rdev->wiphy, 12514 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) { 12515 GENL_SET_ERR_MSG(info, 12516 "multicast RX registrations are not supported"); 12517 return -EOPNOTSUPP; 12518 } 12519 12520 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type, 12521 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 12522 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]), 12523 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST], 12524 info->extack); 12525 } 12526 12527 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 12528 { 12529 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12530 struct wireless_dev *wdev = info->user_ptr[1]; 12531 struct cfg80211_chan_def chandef; 12532 int err; 12533 void *hdr = NULL; 12534 u64 cookie; 12535 struct sk_buff *msg = NULL; 12536 struct cfg80211_mgmt_tx_params params = { 12537 .dont_wait_for_ack = 12538 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK], 12539 }; 12540 12541 if (!info->attrs[NL80211_ATTR_FRAME]) 12542 return -EINVAL; 12543 12544 if (!rdev->ops->mgmt_tx) 12545 return -EOPNOTSUPP; 12546 12547 switch (wdev->iftype) { 12548 case NL80211_IFTYPE_P2P_DEVICE: 12549 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 12550 return -EINVAL; 12551 break; 12552 case NL80211_IFTYPE_STATION: 12553 case NL80211_IFTYPE_ADHOC: 12554 case NL80211_IFTYPE_P2P_CLIENT: 12555 case NL80211_IFTYPE_AP: 12556 case NL80211_IFTYPE_AP_VLAN: 12557 case NL80211_IFTYPE_MESH_POINT: 12558 case NL80211_IFTYPE_P2P_GO: 12559 break; 12560 case NL80211_IFTYPE_NAN: 12561 if (!wiphy_ext_feature_isset(wdev->wiphy, 12562 NL80211_EXT_FEATURE_SECURE_NAN)) 12563 return -EOPNOTSUPP; 12564 break; 12565 default: 12566 return -EOPNOTSUPP; 12567 } 12568 12569 if (info->attrs[NL80211_ATTR_DURATION]) { 12570 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 12571 return -EINVAL; 12572 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 12573 12574 /* 12575 * We should wait on the channel for at least a minimum amount 12576 * of time (10ms) but no longer than the driver supports. 12577 */ 12578 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 12579 params.wait > rdev->wiphy.max_remain_on_channel_duration) 12580 return -EINVAL; 12581 } 12582 12583 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 12584 12585 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 12586 return -EINVAL; 12587 12588 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 12589 12590 /* get the channel if any has been specified, otherwise pass NULL to 12591 * the driver. The latter will use the current one 12592 */ 12593 chandef.chan = NULL; 12594 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 12595 err = nl80211_parse_chandef(rdev, info, &chandef); 12596 if (err) 12597 return err; 12598 } 12599 12600 if (!chandef.chan && params.offchan) 12601 return -EINVAL; 12602 12603 wdev_lock(wdev); 12604 if (params.offchan && 12605 !cfg80211_off_channel_oper_allowed(wdev, chandef.chan)) { 12606 wdev_unlock(wdev); 12607 return -EBUSY; 12608 } 12609 12610 params.link_id = nl80211_link_id_or_invalid(info->attrs); 12611 /* 12612 * This now races due to the unlock, but we cannot check 12613 * the valid links for the _station_ anyway, so that's up 12614 * to the driver. 12615 */ 12616 if (params.link_id >= 0 && 12617 !(wdev->valid_links & BIT(params.link_id))) { 12618 wdev_unlock(wdev); 12619 return -EINVAL; 12620 } 12621 wdev_unlock(wdev); 12622 12623 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); 12624 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]); 12625 12626 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) { 12627 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]); 12628 int i; 12629 12630 if (len % sizeof(u16)) 12631 return -EINVAL; 12632 12633 params.n_csa_offsets = len / sizeof(u16); 12634 params.csa_offsets = 12635 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]); 12636 12637 /* check that all the offsets fit the frame */ 12638 for (i = 0; i < params.n_csa_offsets; i++) { 12639 if (params.csa_offsets[i] >= params.len) 12640 return -EINVAL; 12641 } 12642 } 12643 12644 if (!params.dont_wait_for_ack) { 12645 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12646 if (!msg) 12647 return -ENOMEM; 12648 12649 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 12650 NL80211_CMD_FRAME); 12651 if (!hdr) { 12652 err = -ENOBUFS; 12653 goto free_msg; 12654 } 12655 } 12656 12657 params.chan = chandef.chan; 12658 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie); 12659 if (err) 12660 goto free_msg; 12661 12662 if (msg) { 12663 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 12664 NL80211_ATTR_PAD)) 12665 goto nla_put_failure; 12666 12667 genlmsg_end(msg, hdr); 12668 return genlmsg_reply(msg, info); 12669 } 12670 12671 return 0; 12672 12673 nla_put_failure: 12674 err = -ENOBUFS; 12675 free_msg: 12676 nlmsg_free(msg); 12677 return err; 12678 } 12679 12680 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 12681 { 12682 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12683 struct wireless_dev *wdev = info->user_ptr[1]; 12684 u64 cookie; 12685 12686 if (!info->attrs[NL80211_ATTR_COOKIE]) 12687 return -EINVAL; 12688 12689 if (!rdev->ops->mgmt_tx_cancel_wait) 12690 return -EOPNOTSUPP; 12691 12692 switch (wdev->iftype) { 12693 case NL80211_IFTYPE_STATION: 12694 case NL80211_IFTYPE_ADHOC: 12695 case NL80211_IFTYPE_P2P_CLIENT: 12696 case NL80211_IFTYPE_AP: 12697 case NL80211_IFTYPE_AP_VLAN: 12698 case NL80211_IFTYPE_P2P_GO: 12699 case NL80211_IFTYPE_P2P_DEVICE: 12700 break; 12701 case NL80211_IFTYPE_NAN: 12702 if (!wiphy_ext_feature_isset(wdev->wiphy, 12703 NL80211_EXT_FEATURE_SECURE_NAN)) 12704 return -EOPNOTSUPP; 12705 break; 12706 default: 12707 return -EOPNOTSUPP; 12708 } 12709 12710 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 12711 12712 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie); 12713 } 12714 12715 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 12716 { 12717 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12718 struct wireless_dev *wdev; 12719 struct net_device *dev = info->user_ptr[1]; 12720 u8 ps_state; 12721 bool state; 12722 int err; 12723 12724 if (!info->attrs[NL80211_ATTR_PS_STATE]) 12725 return -EINVAL; 12726 12727 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 12728 12729 wdev = dev->ieee80211_ptr; 12730 12731 if (!rdev->ops->set_power_mgmt) 12732 return -EOPNOTSUPP; 12733 12734 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 12735 12736 if (state == wdev->ps) 12737 return 0; 12738 12739 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout); 12740 if (!err) 12741 wdev->ps = state; 12742 return err; 12743 } 12744 12745 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 12746 { 12747 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12748 enum nl80211_ps_state ps_state; 12749 struct wireless_dev *wdev; 12750 struct net_device *dev = info->user_ptr[1]; 12751 struct sk_buff *msg; 12752 void *hdr; 12753 int err; 12754 12755 wdev = dev->ieee80211_ptr; 12756 12757 if (!rdev->ops->set_power_mgmt) 12758 return -EOPNOTSUPP; 12759 12760 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12761 if (!msg) 12762 return -ENOMEM; 12763 12764 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 12765 NL80211_CMD_GET_POWER_SAVE); 12766 if (!hdr) { 12767 err = -ENOBUFS; 12768 goto free_msg; 12769 } 12770 12771 if (wdev->ps) 12772 ps_state = NL80211_PS_ENABLED; 12773 else 12774 ps_state = NL80211_PS_DISABLED; 12775 12776 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state)) 12777 goto nla_put_failure; 12778 12779 genlmsg_end(msg, hdr); 12780 return genlmsg_reply(msg, info); 12781 12782 nla_put_failure: 12783 err = -ENOBUFS; 12784 free_msg: 12785 nlmsg_free(msg); 12786 return err; 12787 } 12788 12789 static const struct nla_policy 12790 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 12791 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY }, 12792 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 12793 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 12794 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 }, 12795 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 }, 12796 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 }, 12797 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 }, 12798 }; 12799 12800 static int nl80211_set_cqm_txe(struct genl_info *info, 12801 u32 rate, u32 pkts, u32 intvl) 12802 { 12803 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12804 struct net_device *dev = info->user_ptr[1]; 12805 struct wireless_dev *wdev = dev->ieee80211_ptr; 12806 12807 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL) 12808 return -EINVAL; 12809 12810 if (!rdev->ops->set_cqm_txe_config) 12811 return -EOPNOTSUPP; 12812 12813 if (wdev->iftype != NL80211_IFTYPE_STATION && 12814 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 12815 return -EOPNOTSUPP; 12816 12817 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl); 12818 } 12819 12820 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev, 12821 struct net_device *dev, 12822 struct cfg80211_cqm_config *cqm_config) 12823 { 12824 struct wireless_dev *wdev = dev->ieee80211_ptr; 12825 s32 last, low, high; 12826 u32 hyst; 12827 int i, n, low_index; 12828 int err; 12829 12830 /* 12831 * Obtain current RSSI value if possible, if not and no RSSI threshold 12832 * event has been received yet, we should receive an event after a 12833 * connection is established and enough beacons received to calculate 12834 * the average. 12835 */ 12836 if (!cqm_config->last_rssi_event_value && 12837 wdev->links[0].client.current_bss && 12838 rdev->ops->get_station) { 12839 struct station_info sinfo = {}; 12840 u8 *mac_addr; 12841 12842 mac_addr = wdev->links[0].client.current_bss->pub.bssid; 12843 12844 err = rdev_get_station(rdev, dev, mac_addr, &sinfo); 12845 if (err) 12846 return err; 12847 12848 cfg80211_sinfo_release_content(&sinfo); 12849 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG)) 12850 cqm_config->last_rssi_event_value = 12851 (s8) sinfo.rx_beacon_signal_avg; 12852 } 12853 12854 last = cqm_config->last_rssi_event_value; 12855 hyst = cqm_config->rssi_hyst; 12856 n = cqm_config->n_rssi_thresholds; 12857 12858 for (i = 0; i < n; i++) { 12859 i = array_index_nospec(i, n); 12860 if (last < cqm_config->rssi_thresholds[i]) 12861 break; 12862 } 12863 12864 low_index = i - 1; 12865 if (low_index >= 0) { 12866 low_index = array_index_nospec(low_index, n); 12867 low = cqm_config->rssi_thresholds[low_index] - hyst; 12868 } else { 12869 low = S32_MIN; 12870 } 12871 if (i < n) { 12872 i = array_index_nospec(i, n); 12873 high = cqm_config->rssi_thresholds[i] + hyst - 1; 12874 } else { 12875 high = S32_MAX; 12876 } 12877 12878 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high); 12879 } 12880 12881 static int nl80211_set_cqm_rssi(struct genl_info *info, 12882 const s32 *thresholds, int n_thresholds, 12883 u32 hysteresis) 12884 { 12885 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12886 struct cfg80211_cqm_config *cqm_config = NULL, *old; 12887 struct net_device *dev = info->user_ptr[1]; 12888 struct wireless_dev *wdev = dev->ieee80211_ptr; 12889 int i, err; 12890 s32 prev = S32_MIN; 12891 12892 /* Check all values negative and sorted */ 12893 for (i = 0; i < n_thresholds; i++) { 12894 if (thresholds[i] > 0 || thresholds[i] <= prev) 12895 return -EINVAL; 12896 12897 prev = thresholds[i]; 12898 } 12899 12900 if (wdev->iftype != NL80211_IFTYPE_STATION && 12901 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 12902 return -EOPNOTSUPP; 12903 12904 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */ 12905 n_thresholds = 0; 12906 12907 wdev_lock(wdev); 12908 old = rcu_dereference_protected(wdev->cqm_config, 12909 lockdep_is_held(&wdev->mtx)); 12910 12911 /* if already disabled just succeed */ 12912 if (!n_thresholds && !old) { 12913 err = 0; 12914 goto unlock; 12915 } 12916 12917 if (n_thresholds > 1) { 12918 if (!wiphy_ext_feature_isset(&rdev->wiphy, 12919 NL80211_EXT_FEATURE_CQM_RSSI_LIST) || 12920 !rdev->ops->set_cqm_rssi_range_config) { 12921 err = -EOPNOTSUPP; 12922 goto unlock; 12923 } 12924 } else { 12925 if (!rdev->ops->set_cqm_rssi_config) { 12926 err = -EOPNOTSUPP; 12927 goto unlock; 12928 } 12929 } 12930 12931 if (n_thresholds) { 12932 cqm_config = kzalloc(struct_size(cqm_config, rssi_thresholds, 12933 n_thresholds), 12934 GFP_KERNEL); 12935 if (!cqm_config) { 12936 err = -ENOMEM; 12937 goto unlock; 12938 } 12939 12940 cqm_config->rssi_hyst = hysteresis; 12941 cqm_config->n_rssi_thresholds = n_thresholds; 12942 memcpy(cqm_config->rssi_thresholds, thresholds, 12943 flex_array_size(cqm_config, rssi_thresholds, 12944 n_thresholds)); 12945 cqm_config->use_range_api = n_thresholds > 1 || 12946 !rdev->ops->set_cqm_rssi_config; 12947 12948 rcu_assign_pointer(wdev->cqm_config, cqm_config); 12949 12950 if (cqm_config->use_range_api) 12951 err = cfg80211_cqm_rssi_update(rdev, dev, cqm_config); 12952 else 12953 err = rdev_set_cqm_rssi_config(rdev, dev, 12954 thresholds[0], 12955 hysteresis); 12956 } else { 12957 RCU_INIT_POINTER(wdev->cqm_config, NULL); 12958 /* if enabled as range also disable via range */ 12959 if (old->use_range_api) 12960 err = rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0); 12961 else 12962 err = rdev_set_cqm_rssi_config(rdev, dev, 0, 0); 12963 } 12964 12965 if (err) { 12966 rcu_assign_pointer(wdev->cqm_config, old); 12967 kfree_rcu(cqm_config, rcu_head); 12968 } else { 12969 kfree_rcu(old, rcu_head); 12970 } 12971 unlock: 12972 wdev_unlock(wdev); 12973 12974 return err; 12975 } 12976 12977 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 12978 { 12979 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 12980 struct nlattr *cqm; 12981 int err; 12982 12983 cqm = info->attrs[NL80211_ATTR_CQM]; 12984 if (!cqm) 12985 return -EINVAL; 12986 12987 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm, 12988 nl80211_attr_cqm_policy, 12989 info->extack); 12990 if (err) 12991 return err; 12992 12993 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 12994 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 12995 const s32 *thresholds = 12996 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 12997 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 12998 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 12999 13000 if (len % 4) 13001 return -EINVAL; 13002 13003 return nl80211_set_cqm_rssi(info, thresholds, len / 4, 13004 hysteresis); 13005 } 13006 13007 if (attrs[NL80211_ATTR_CQM_TXE_RATE] && 13008 attrs[NL80211_ATTR_CQM_TXE_PKTS] && 13009 attrs[NL80211_ATTR_CQM_TXE_INTVL]) { 13010 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]); 13011 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]); 13012 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]); 13013 13014 return nl80211_set_cqm_txe(info, rate, pkts, intvl); 13015 } 13016 13017 return -EINVAL; 13018 } 13019 13020 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info) 13021 { 13022 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13023 struct net_device *dev = info->user_ptr[1]; 13024 struct ocb_setup setup = {}; 13025 int err; 13026 13027 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 13028 if (err) 13029 return err; 13030 13031 return cfg80211_join_ocb(rdev, dev, &setup); 13032 } 13033 13034 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info) 13035 { 13036 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13037 struct net_device *dev = info->user_ptr[1]; 13038 13039 return cfg80211_leave_ocb(rdev, dev); 13040 } 13041 13042 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 13043 { 13044 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13045 struct net_device *dev = info->user_ptr[1]; 13046 struct mesh_config cfg; 13047 struct mesh_setup setup; 13048 int err; 13049 13050 /* start with default */ 13051 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 13052 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 13053 13054 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 13055 /* and parse parameters if given */ 13056 err = nl80211_parse_mesh_config(info, &cfg, NULL); 13057 if (err) 13058 return err; 13059 } 13060 13061 if (!info->attrs[NL80211_ATTR_MESH_ID] || 13062 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 13063 return -EINVAL; 13064 13065 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 13066 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 13067 13068 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 13069 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 13070 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 13071 return -EINVAL; 13072 13073 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 13074 setup.beacon_interval = 13075 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 13076 13077 err = cfg80211_validate_beacon_int(rdev, 13078 NL80211_IFTYPE_MESH_POINT, 13079 setup.beacon_interval); 13080 if (err) 13081 return err; 13082 } 13083 13084 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) { 13085 setup.dtim_period = 13086 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 13087 if (setup.dtim_period < 1 || setup.dtim_period > 100) 13088 return -EINVAL; 13089 } 13090 13091 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 13092 /* parse additional setup parameters if given */ 13093 err = nl80211_parse_mesh_setup(info, &setup); 13094 if (err) 13095 return err; 13096 } 13097 13098 if (setup.user_mpm) 13099 cfg.auto_open_plinks = false; 13100 13101 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 13102 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 13103 if (err) 13104 return err; 13105 } else { 13106 /* __cfg80211_join_mesh() will sort it out */ 13107 setup.chandef.chan = NULL; 13108 } 13109 13110 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 13111 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 13112 int n_rates = 13113 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 13114 struct ieee80211_supported_band *sband; 13115 13116 if (!setup.chandef.chan) 13117 return -EINVAL; 13118 13119 sband = rdev->wiphy.bands[setup.chandef.chan->band]; 13120 13121 err = ieee80211_get_ratemask(sband, rates, n_rates, 13122 &setup.basic_rates); 13123 if (err) 13124 return err; 13125 } 13126 13127 if (info->attrs[NL80211_ATTR_TX_RATES]) { 13128 err = nl80211_parse_tx_bitrate_mask(info, info->attrs, 13129 NL80211_ATTR_TX_RATES, 13130 &setup.beacon_rate, 13131 dev, false, 0); 13132 if (err) 13133 return err; 13134 13135 if (!setup.chandef.chan) 13136 return -EINVAL; 13137 13138 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band, 13139 &setup.beacon_rate); 13140 if (err) 13141 return err; 13142 } 13143 13144 setup.userspace_handles_dfs = 13145 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); 13146 13147 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { 13148 int r = validate_pae_over_nl80211(rdev, info); 13149 13150 if (r < 0) 13151 return r; 13152 13153 setup.control_port_over_nl80211 = true; 13154 } 13155 13156 wdev_lock(dev->ieee80211_ptr); 13157 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg); 13158 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) 13159 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; 13160 wdev_unlock(dev->ieee80211_ptr); 13161 13162 return err; 13163 } 13164 13165 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 13166 { 13167 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13168 struct net_device *dev = info->user_ptr[1]; 13169 13170 return cfg80211_leave_mesh(rdev, dev); 13171 } 13172 13173 #ifdef CONFIG_PM 13174 static int nl80211_send_wowlan_patterns(struct sk_buff *msg, 13175 struct cfg80211_registered_device *rdev) 13176 { 13177 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config; 13178 struct nlattr *nl_pats, *nl_pat; 13179 int i, pat_len; 13180 13181 if (!wowlan->n_patterns) 13182 return 0; 13183 13184 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN); 13185 if (!nl_pats) 13186 return -ENOBUFS; 13187 13188 for (i = 0; i < wowlan->n_patterns; i++) { 13189 nl_pat = nla_nest_start_noflag(msg, i + 1); 13190 if (!nl_pat) 13191 return -ENOBUFS; 13192 pat_len = wowlan->patterns[i].pattern_len; 13193 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8), 13194 wowlan->patterns[i].mask) || 13195 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len, 13196 wowlan->patterns[i].pattern) || 13197 nla_put_u32(msg, NL80211_PKTPAT_OFFSET, 13198 wowlan->patterns[i].pkt_offset)) 13199 return -ENOBUFS; 13200 nla_nest_end(msg, nl_pat); 13201 } 13202 nla_nest_end(msg, nl_pats); 13203 13204 return 0; 13205 } 13206 13207 static int nl80211_send_wowlan_tcp(struct sk_buff *msg, 13208 struct cfg80211_wowlan_tcp *tcp) 13209 { 13210 struct nlattr *nl_tcp; 13211 13212 if (!tcp) 13213 return 0; 13214 13215 nl_tcp = nla_nest_start_noflag(msg, 13216 NL80211_WOWLAN_TRIG_TCP_CONNECTION); 13217 if (!nl_tcp) 13218 return -ENOBUFS; 13219 13220 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) || 13221 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) || 13222 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) || 13223 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) || 13224 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) || 13225 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 13226 tcp->payload_len, tcp->payload) || 13227 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 13228 tcp->data_interval) || 13229 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 13230 tcp->wake_len, tcp->wake_data) || 13231 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK, 13232 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask)) 13233 return -ENOBUFS; 13234 13235 if (tcp->payload_seq.len && 13236 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ, 13237 sizeof(tcp->payload_seq), &tcp->payload_seq)) 13238 return -ENOBUFS; 13239 13240 if (tcp->payload_tok.len && 13241 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 13242 sizeof(tcp->payload_tok) + tcp->tokens_size, 13243 &tcp->payload_tok)) 13244 return -ENOBUFS; 13245 13246 nla_nest_end(msg, nl_tcp); 13247 13248 return 0; 13249 } 13250 13251 static int nl80211_send_wowlan_nd(struct sk_buff *msg, 13252 struct cfg80211_sched_scan_request *req) 13253 { 13254 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan; 13255 int i; 13256 13257 if (!req) 13258 return 0; 13259 13260 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT); 13261 if (!nd) 13262 return -ENOBUFS; 13263 13264 if (req->n_scan_plans == 1 && 13265 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, 13266 req->scan_plans[0].interval * 1000)) 13267 return -ENOBUFS; 13268 13269 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay)) 13270 return -ENOBUFS; 13271 13272 if (req->relative_rssi_set) { 13273 struct nl80211_bss_select_rssi_adjust rssi_adjust; 13274 13275 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI, 13276 req->relative_rssi)) 13277 return -ENOBUFS; 13278 13279 rssi_adjust.band = req->rssi_adjust.band; 13280 rssi_adjust.delta = req->rssi_adjust.delta; 13281 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST, 13282 sizeof(rssi_adjust), &rssi_adjust)) 13283 return -ENOBUFS; 13284 } 13285 13286 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES); 13287 if (!freqs) 13288 return -ENOBUFS; 13289 13290 for (i = 0; i < req->n_channels; i++) { 13291 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 13292 return -ENOBUFS; 13293 } 13294 13295 nla_nest_end(msg, freqs); 13296 13297 if (req->n_match_sets) { 13298 matches = nla_nest_start_noflag(msg, 13299 NL80211_ATTR_SCHED_SCAN_MATCH); 13300 if (!matches) 13301 return -ENOBUFS; 13302 13303 for (i = 0; i < req->n_match_sets; i++) { 13304 match = nla_nest_start_noflag(msg, i); 13305 if (!match) 13306 return -ENOBUFS; 13307 13308 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID, 13309 req->match_sets[i].ssid.ssid_len, 13310 req->match_sets[i].ssid.ssid)) 13311 return -ENOBUFS; 13312 nla_nest_end(msg, match); 13313 } 13314 nla_nest_end(msg, matches); 13315 } 13316 13317 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS); 13318 if (!scan_plans) 13319 return -ENOBUFS; 13320 13321 for (i = 0; i < req->n_scan_plans; i++) { 13322 scan_plan = nla_nest_start_noflag(msg, i + 1); 13323 if (!scan_plan) 13324 return -ENOBUFS; 13325 13326 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL, 13327 req->scan_plans[i].interval) || 13328 (req->scan_plans[i].iterations && 13329 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS, 13330 req->scan_plans[i].iterations))) 13331 return -ENOBUFS; 13332 nla_nest_end(msg, scan_plan); 13333 } 13334 nla_nest_end(msg, scan_plans); 13335 13336 nla_nest_end(msg, nd); 13337 13338 return 0; 13339 } 13340 13341 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 13342 { 13343 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13344 struct sk_buff *msg; 13345 void *hdr; 13346 u32 size = NLMSG_DEFAULT_SIZE; 13347 13348 if (!rdev->wiphy.wowlan) 13349 return -EOPNOTSUPP; 13350 13351 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) { 13352 /* adjust size to have room for all the data */ 13353 size += rdev->wiphy.wowlan_config->tcp->tokens_size + 13354 rdev->wiphy.wowlan_config->tcp->payload_len + 13355 rdev->wiphy.wowlan_config->tcp->wake_len + 13356 rdev->wiphy.wowlan_config->tcp->wake_len / 8; 13357 } 13358 13359 msg = nlmsg_new(size, GFP_KERNEL); 13360 if (!msg) 13361 return -ENOMEM; 13362 13363 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 13364 NL80211_CMD_GET_WOWLAN); 13365 if (!hdr) 13366 goto nla_put_failure; 13367 13368 if (rdev->wiphy.wowlan_config) { 13369 struct nlattr *nl_wowlan; 13370 13371 nl_wowlan = nla_nest_start_noflag(msg, 13372 NL80211_ATTR_WOWLAN_TRIGGERS); 13373 if (!nl_wowlan) 13374 goto nla_put_failure; 13375 13376 if ((rdev->wiphy.wowlan_config->any && 13377 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 13378 (rdev->wiphy.wowlan_config->disconnect && 13379 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 13380 (rdev->wiphy.wowlan_config->magic_pkt && 13381 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 13382 (rdev->wiphy.wowlan_config->gtk_rekey_failure && 13383 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 13384 (rdev->wiphy.wowlan_config->eap_identity_req && 13385 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 13386 (rdev->wiphy.wowlan_config->four_way_handshake && 13387 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 13388 (rdev->wiphy.wowlan_config->rfkill_release && 13389 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 13390 goto nla_put_failure; 13391 13392 if (nl80211_send_wowlan_patterns(msg, rdev)) 13393 goto nla_put_failure; 13394 13395 if (nl80211_send_wowlan_tcp(msg, 13396 rdev->wiphy.wowlan_config->tcp)) 13397 goto nla_put_failure; 13398 13399 if (nl80211_send_wowlan_nd( 13400 msg, 13401 rdev->wiphy.wowlan_config->nd_config)) 13402 goto nla_put_failure; 13403 13404 nla_nest_end(msg, nl_wowlan); 13405 } 13406 13407 genlmsg_end(msg, hdr); 13408 return genlmsg_reply(msg, info); 13409 13410 nla_put_failure: 13411 nlmsg_free(msg); 13412 return -ENOBUFS; 13413 } 13414 13415 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev, 13416 struct nlattr *attr, 13417 struct cfg80211_wowlan *trig) 13418 { 13419 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP]; 13420 struct cfg80211_wowlan_tcp *cfg; 13421 struct nl80211_wowlan_tcp_data_token *tok = NULL; 13422 struct nl80211_wowlan_tcp_data_seq *seq = NULL; 13423 u32 size; 13424 u32 data_size, wake_size, tokens_size = 0, wake_mask_size; 13425 int err, port; 13426 13427 if (!rdev->wiphy.wowlan->tcp) 13428 return -EINVAL; 13429 13430 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr, 13431 nl80211_wowlan_tcp_policy, NULL); 13432 if (err) 13433 return err; 13434 13435 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] || 13436 !tb[NL80211_WOWLAN_TCP_DST_IPV4] || 13437 !tb[NL80211_WOWLAN_TCP_DST_MAC] || 13438 !tb[NL80211_WOWLAN_TCP_DST_PORT] || 13439 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] || 13440 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] || 13441 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] || 13442 !tb[NL80211_WOWLAN_TCP_WAKE_MASK]) 13443 return -EINVAL; 13444 13445 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]); 13446 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max) 13447 return -EINVAL; 13448 13449 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) > 13450 rdev->wiphy.wowlan->tcp->data_interval_max || 13451 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0) 13452 return -EINVAL; 13453 13454 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]); 13455 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max) 13456 return -EINVAL; 13457 13458 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]); 13459 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8)) 13460 return -EINVAL; 13461 13462 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) { 13463 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 13464 13465 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 13466 tokens_size = tokln - sizeof(*tok); 13467 13468 if (!tok->len || tokens_size % tok->len) 13469 return -EINVAL; 13470 if (!rdev->wiphy.wowlan->tcp->tok) 13471 return -EINVAL; 13472 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len) 13473 return -EINVAL; 13474 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len) 13475 return -EINVAL; 13476 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize) 13477 return -EINVAL; 13478 if (tok->offset + tok->len > data_size) 13479 return -EINVAL; 13480 } 13481 13482 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) { 13483 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]); 13484 if (!rdev->wiphy.wowlan->tcp->seq) 13485 return -EINVAL; 13486 if (seq->len == 0 || seq->len > 4) 13487 return -EINVAL; 13488 if (seq->len + seq->offset > data_size) 13489 return -EINVAL; 13490 } 13491 13492 size = sizeof(*cfg); 13493 size += data_size; 13494 size += wake_size + wake_mask_size; 13495 size += tokens_size; 13496 13497 cfg = kzalloc(size, GFP_KERNEL); 13498 if (!cfg) 13499 return -ENOMEM; 13500 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]); 13501 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]); 13502 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]), 13503 ETH_ALEN); 13504 if (tb[NL80211_WOWLAN_TCP_SRC_PORT]) 13505 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]); 13506 else 13507 port = 0; 13508 #ifdef CONFIG_INET 13509 /* allocate a socket and port for it and use it */ 13510 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM, 13511 IPPROTO_TCP, &cfg->sock, 1); 13512 if (err) { 13513 kfree(cfg); 13514 return err; 13515 } 13516 if (inet_csk_get_port(cfg->sock->sk, port)) { 13517 sock_release(cfg->sock); 13518 kfree(cfg); 13519 return -EADDRINUSE; 13520 } 13521 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num; 13522 #else 13523 if (!port) { 13524 kfree(cfg); 13525 return -EINVAL; 13526 } 13527 cfg->src_port = port; 13528 #endif 13529 13530 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]); 13531 cfg->payload_len = data_size; 13532 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size; 13533 memcpy((void *)cfg->payload, 13534 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]), 13535 data_size); 13536 if (seq) 13537 cfg->payload_seq = *seq; 13538 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]); 13539 cfg->wake_len = wake_size; 13540 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size; 13541 memcpy((void *)cfg->wake_data, 13542 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]), 13543 wake_size); 13544 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size + 13545 data_size + wake_size; 13546 memcpy((void *)cfg->wake_mask, 13547 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]), 13548 wake_mask_size); 13549 if (tok) { 13550 cfg->tokens_size = tokens_size; 13551 cfg->payload_tok = *tok; 13552 memcpy(cfg->payload_tok.token_stream, tok->token_stream, 13553 tokens_size); 13554 } 13555 13556 trig->tcp = cfg; 13557 13558 return 0; 13559 } 13560 13561 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev, 13562 const struct wiphy_wowlan_support *wowlan, 13563 struct nlattr *attr, 13564 struct cfg80211_wowlan *trig) 13565 { 13566 struct nlattr **tb; 13567 int err; 13568 13569 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL); 13570 if (!tb) 13571 return -ENOMEM; 13572 13573 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) { 13574 err = -EOPNOTSUPP; 13575 goto out; 13576 } 13577 13578 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr, 13579 nl80211_policy, NULL); 13580 if (err) 13581 goto out; 13582 13583 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb, 13584 wowlan->max_nd_match_sets); 13585 err = PTR_ERR_OR_ZERO(trig->nd_config); 13586 if (err) 13587 trig->nd_config = NULL; 13588 13589 out: 13590 kfree(tb); 13591 return err; 13592 } 13593 13594 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 13595 { 13596 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13597 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 13598 struct cfg80211_wowlan new_triggers = {}; 13599 struct cfg80211_wowlan *ntrig; 13600 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan; 13601 int err, i; 13602 bool prev_enabled = rdev->wiphy.wowlan_config; 13603 bool regular = false; 13604 13605 if (!wowlan) 13606 return -EOPNOTSUPP; 13607 13608 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) { 13609 cfg80211_rdev_free_wowlan(rdev); 13610 rdev->wiphy.wowlan_config = NULL; 13611 goto set_wakeup; 13612 } 13613 13614 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG, 13615 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS], 13616 nl80211_wowlan_policy, info->extack); 13617 if (err) 13618 return err; 13619 13620 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 13621 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 13622 return -EINVAL; 13623 new_triggers.any = true; 13624 } 13625 13626 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 13627 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 13628 return -EINVAL; 13629 new_triggers.disconnect = true; 13630 regular = true; 13631 } 13632 13633 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 13634 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 13635 return -EINVAL; 13636 new_triggers.magic_pkt = true; 13637 regular = true; 13638 } 13639 13640 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 13641 return -EINVAL; 13642 13643 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 13644 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 13645 return -EINVAL; 13646 new_triggers.gtk_rekey_failure = true; 13647 regular = true; 13648 } 13649 13650 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 13651 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 13652 return -EINVAL; 13653 new_triggers.eap_identity_req = true; 13654 regular = true; 13655 } 13656 13657 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 13658 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 13659 return -EINVAL; 13660 new_triggers.four_way_handshake = true; 13661 regular = true; 13662 } 13663 13664 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 13665 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 13666 return -EINVAL; 13667 new_triggers.rfkill_release = true; 13668 regular = true; 13669 } 13670 13671 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 13672 struct nlattr *pat; 13673 int n_patterns = 0; 13674 int rem, pat_len, mask_len, pkt_offset; 13675 struct nlattr *pat_tb[NUM_NL80211_PKTPAT]; 13676 13677 regular = true; 13678 13679 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 13680 rem) 13681 n_patterns++; 13682 if (n_patterns > wowlan->n_patterns) 13683 return -EINVAL; 13684 13685 new_triggers.patterns = kcalloc(n_patterns, 13686 sizeof(new_triggers.patterns[0]), 13687 GFP_KERNEL); 13688 if (!new_triggers.patterns) 13689 return -ENOMEM; 13690 13691 new_triggers.n_patterns = n_patterns; 13692 i = 0; 13693 13694 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 13695 rem) { 13696 u8 *mask_pat; 13697 13698 err = nla_parse_nested_deprecated(pat_tb, 13699 MAX_NL80211_PKTPAT, 13700 pat, 13701 nl80211_packet_pattern_policy, 13702 info->extack); 13703 if (err) 13704 goto error; 13705 13706 err = -EINVAL; 13707 if (!pat_tb[NL80211_PKTPAT_MASK] || 13708 !pat_tb[NL80211_PKTPAT_PATTERN]) 13709 goto error; 13710 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]); 13711 mask_len = DIV_ROUND_UP(pat_len, 8); 13712 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len) 13713 goto error; 13714 if (pat_len > wowlan->pattern_max_len || 13715 pat_len < wowlan->pattern_min_len) 13716 goto error; 13717 13718 if (!pat_tb[NL80211_PKTPAT_OFFSET]) 13719 pkt_offset = 0; 13720 else 13721 pkt_offset = nla_get_u32( 13722 pat_tb[NL80211_PKTPAT_OFFSET]); 13723 if (pkt_offset > wowlan->max_pkt_offset) 13724 goto error; 13725 new_triggers.patterns[i].pkt_offset = pkt_offset; 13726 13727 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL); 13728 if (!mask_pat) { 13729 err = -ENOMEM; 13730 goto error; 13731 } 13732 new_triggers.patterns[i].mask = mask_pat; 13733 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]), 13734 mask_len); 13735 mask_pat += mask_len; 13736 new_triggers.patterns[i].pattern = mask_pat; 13737 new_triggers.patterns[i].pattern_len = pat_len; 13738 memcpy(mask_pat, 13739 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), 13740 pat_len); 13741 i++; 13742 } 13743 } 13744 13745 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) { 13746 regular = true; 13747 err = nl80211_parse_wowlan_tcp( 13748 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION], 13749 &new_triggers); 13750 if (err) 13751 goto error; 13752 } 13753 13754 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) { 13755 regular = true; 13756 err = nl80211_parse_wowlan_nd( 13757 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT], 13758 &new_triggers); 13759 if (err) 13760 goto error; 13761 } 13762 13763 /* The 'any' trigger means the device continues operating more or less 13764 * as in its normal operation mode and wakes up the host on most of the 13765 * normal interrupts (like packet RX, ...) 13766 * It therefore makes little sense to combine with the more constrained 13767 * wakeup trigger modes. 13768 */ 13769 if (new_triggers.any && regular) { 13770 err = -EINVAL; 13771 goto error; 13772 } 13773 13774 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL); 13775 if (!ntrig) { 13776 err = -ENOMEM; 13777 goto error; 13778 } 13779 cfg80211_rdev_free_wowlan(rdev); 13780 rdev->wiphy.wowlan_config = ntrig; 13781 13782 set_wakeup: 13783 if (rdev->ops->set_wakeup && 13784 prev_enabled != !!rdev->wiphy.wowlan_config) 13785 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config); 13786 13787 return 0; 13788 error: 13789 for (i = 0; i < new_triggers.n_patterns; i++) 13790 kfree(new_triggers.patterns[i].mask); 13791 kfree(new_triggers.patterns); 13792 if (new_triggers.tcp && new_triggers.tcp->sock) 13793 sock_release(new_triggers.tcp->sock); 13794 kfree(new_triggers.tcp); 13795 kfree(new_triggers.nd_config); 13796 return err; 13797 } 13798 #endif 13799 13800 static int nl80211_send_coalesce_rules(struct sk_buff *msg, 13801 struct cfg80211_registered_device *rdev) 13802 { 13803 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules; 13804 int i, j, pat_len; 13805 struct cfg80211_coalesce_rules *rule; 13806 13807 if (!rdev->coalesce->n_rules) 13808 return 0; 13809 13810 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE); 13811 if (!nl_rules) 13812 return -ENOBUFS; 13813 13814 for (i = 0; i < rdev->coalesce->n_rules; i++) { 13815 nl_rule = nla_nest_start_noflag(msg, i + 1); 13816 if (!nl_rule) 13817 return -ENOBUFS; 13818 13819 rule = &rdev->coalesce->rules[i]; 13820 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY, 13821 rule->delay)) 13822 return -ENOBUFS; 13823 13824 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION, 13825 rule->condition)) 13826 return -ENOBUFS; 13827 13828 nl_pats = nla_nest_start_noflag(msg, 13829 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN); 13830 if (!nl_pats) 13831 return -ENOBUFS; 13832 13833 for (j = 0; j < rule->n_patterns; j++) { 13834 nl_pat = nla_nest_start_noflag(msg, j + 1); 13835 if (!nl_pat) 13836 return -ENOBUFS; 13837 pat_len = rule->patterns[j].pattern_len; 13838 if (nla_put(msg, NL80211_PKTPAT_MASK, 13839 DIV_ROUND_UP(pat_len, 8), 13840 rule->patterns[j].mask) || 13841 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len, 13842 rule->patterns[j].pattern) || 13843 nla_put_u32(msg, NL80211_PKTPAT_OFFSET, 13844 rule->patterns[j].pkt_offset)) 13845 return -ENOBUFS; 13846 nla_nest_end(msg, nl_pat); 13847 } 13848 nla_nest_end(msg, nl_pats); 13849 nla_nest_end(msg, nl_rule); 13850 } 13851 nla_nest_end(msg, nl_rules); 13852 13853 return 0; 13854 } 13855 13856 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info) 13857 { 13858 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13859 struct sk_buff *msg; 13860 void *hdr; 13861 13862 if (!rdev->wiphy.coalesce) 13863 return -EOPNOTSUPP; 13864 13865 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 13866 if (!msg) 13867 return -ENOMEM; 13868 13869 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 13870 NL80211_CMD_GET_COALESCE); 13871 if (!hdr) 13872 goto nla_put_failure; 13873 13874 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev)) 13875 goto nla_put_failure; 13876 13877 genlmsg_end(msg, hdr); 13878 return genlmsg_reply(msg, info); 13879 13880 nla_put_failure: 13881 nlmsg_free(msg); 13882 return -ENOBUFS; 13883 } 13884 13885 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev) 13886 { 13887 struct cfg80211_coalesce *coalesce = rdev->coalesce; 13888 int i, j; 13889 struct cfg80211_coalesce_rules *rule; 13890 13891 if (!coalesce) 13892 return; 13893 13894 for (i = 0; i < coalesce->n_rules; i++) { 13895 rule = &coalesce->rules[i]; 13896 for (j = 0; j < rule->n_patterns; j++) 13897 kfree(rule->patterns[j].mask); 13898 kfree(rule->patterns); 13899 } 13900 kfree(coalesce->rules); 13901 kfree(coalesce); 13902 rdev->coalesce = NULL; 13903 } 13904 13905 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev, 13906 struct nlattr *rule, 13907 struct cfg80211_coalesce_rules *new_rule) 13908 { 13909 int err, i; 13910 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce; 13911 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat; 13912 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0; 13913 struct nlattr *pat_tb[NUM_NL80211_PKTPAT]; 13914 13915 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX, 13916 rule, nl80211_coalesce_policy, NULL); 13917 if (err) 13918 return err; 13919 13920 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY]) 13921 new_rule->delay = 13922 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]); 13923 if (new_rule->delay > coalesce->max_delay) 13924 return -EINVAL; 13925 13926 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION]) 13927 new_rule->condition = 13928 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]); 13929 13930 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN]) 13931 return -EINVAL; 13932 13933 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN], 13934 rem) 13935 n_patterns++; 13936 if (n_patterns > coalesce->n_patterns) 13937 return -EINVAL; 13938 13939 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]), 13940 GFP_KERNEL); 13941 if (!new_rule->patterns) 13942 return -ENOMEM; 13943 13944 new_rule->n_patterns = n_patterns; 13945 i = 0; 13946 13947 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN], 13948 rem) { 13949 u8 *mask_pat; 13950 13951 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT, 13952 pat, 13953 nl80211_packet_pattern_policy, 13954 NULL); 13955 if (err) 13956 return err; 13957 13958 if (!pat_tb[NL80211_PKTPAT_MASK] || 13959 !pat_tb[NL80211_PKTPAT_PATTERN]) 13960 return -EINVAL; 13961 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]); 13962 mask_len = DIV_ROUND_UP(pat_len, 8); 13963 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len) 13964 return -EINVAL; 13965 if (pat_len > coalesce->pattern_max_len || 13966 pat_len < coalesce->pattern_min_len) 13967 return -EINVAL; 13968 13969 if (!pat_tb[NL80211_PKTPAT_OFFSET]) 13970 pkt_offset = 0; 13971 else 13972 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]); 13973 if (pkt_offset > coalesce->max_pkt_offset) 13974 return -EINVAL; 13975 new_rule->patterns[i].pkt_offset = pkt_offset; 13976 13977 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL); 13978 if (!mask_pat) 13979 return -ENOMEM; 13980 13981 new_rule->patterns[i].mask = mask_pat; 13982 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]), 13983 mask_len); 13984 13985 mask_pat += mask_len; 13986 new_rule->patterns[i].pattern = mask_pat; 13987 new_rule->patterns[i].pattern_len = pat_len; 13988 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), 13989 pat_len); 13990 i++; 13991 } 13992 13993 return 0; 13994 } 13995 13996 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info) 13997 { 13998 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13999 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce; 14000 struct cfg80211_coalesce new_coalesce = {}; 14001 struct cfg80211_coalesce *n_coalesce; 14002 int err, rem_rule, n_rules = 0, i, j; 14003 struct nlattr *rule; 14004 struct cfg80211_coalesce_rules *tmp_rule; 14005 14006 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce) 14007 return -EOPNOTSUPP; 14008 14009 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) { 14010 cfg80211_rdev_free_coalesce(rdev); 14011 rdev_set_coalesce(rdev, NULL); 14012 return 0; 14013 } 14014 14015 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE], 14016 rem_rule) 14017 n_rules++; 14018 if (n_rules > coalesce->n_rules) 14019 return -EINVAL; 14020 14021 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]), 14022 GFP_KERNEL); 14023 if (!new_coalesce.rules) 14024 return -ENOMEM; 14025 14026 new_coalesce.n_rules = n_rules; 14027 i = 0; 14028 14029 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE], 14030 rem_rule) { 14031 err = nl80211_parse_coalesce_rule(rdev, rule, 14032 &new_coalesce.rules[i]); 14033 if (err) 14034 goto error; 14035 14036 i++; 14037 } 14038 14039 err = rdev_set_coalesce(rdev, &new_coalesce); 14040 if (err) 14041 goto error; 14042 14043 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL); 14044 if (!n_coalesce) { 14045 err = -ENOMEM; 14046 goto error; 14047 } 14048 cfg80211_rdev_free_coalesce(rdev); 14049 rdev->coalesce = n_coalesce; 14050 14051 return 0; 14052 error: 14053 for (i = 0; i < new_coalesce.n_rules; i++) { 14054 tmp_rule = &new_coalesce.rules[i]; 14055 if (!tmp_rule) 14056 continue; 14057 for (j = 0; j < tmp_rule->n_patterns; j++) 14058 kfree(tmp_rule->patterns[j].mask); 14059 kfree(tmp_rule->patterns); 14060 } 14061 kfree(new_coalesce.rules); 14062 14063 return err; 14064 } 14065 14066 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 14067 { 14068 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14069 struct net_device *dev = info->user_ptr[1]; 14070 struct wireless_dev *wdev = dev->ieee80211_ptr; 14071 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 14072 struct cfg80211_gtk_rekey_data rekey_data = {}; 14073 int err; 14074 14075 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 14076 return -EINVAL; 14077 14078 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA, 14079 info->attrs[NL80211_ATTR_REKEY_DATA], 14080 nl80211_rekey_policy, info->extack); 14081 if (err) 14082 return err; 14083 14084 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] || 14085 !tb[NL80211_REKEY_DATA_KCK]) 14086 return -EINVAL; 14087 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN && 14088 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK && 14089 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN)) 14090 return -ERANGE; 14091 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN && 14092 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK && 14093 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN) && 14094 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KCK_32 && 14095 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN_32)) 14096 return -ERANGE; 14097 14098 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]); 14099 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]); 14100 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]); 14101 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]); 14102 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]); 14103 if (tb[NL80211_REKEY_DATA_AKM]) 14104 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]); 14105 14106 wdev_lock(wdev); 14107 if (!wdev->connected) { 14108 err = -ENOTCONN; 14109 goto out; 14110 } 14111 14112 if (!rdev->ops->set_rekey_data) { 14113 err = -EOPNOTSUPP; 14114 goto out; 14115 } 14116 14117 err = rdev_set_rekey_data(rdev, dev, &rekey_data); 14118 out: 14119 wdev_unlock(wdev); 14120 return err; 14121 } 14122 14123 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 14124 struct genl_info *info) 14125 { 14126 struct net_device *dev = info->user_ptr[1]; 14127 struct wireless_dev *wdev = dev->ieee80211_ptr; 14128 14129 if (wdev->iftype != NL80211_IFTYPE_AP && 14130 wdev->iftype != NL80211_IFTYPE_P2P_GO) 14131 return -EINVAL; 14132 14133 if (wdev->ap_unexpected_nlportid) 14134 return -EBUSY; 14135 14136 wdev->ap_unexpected_nlportid = info->snd_portid; 14137 return 0; 14138 } 14139 14140 static int nl80211_probe_client(struct sk_buff *skb, 14141 struct genl_info *info) 14142 { 14143 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14144 struct net_device *dev = info->user_ptr[1]; 14145 struct wireless_dev *wdev = dev->ieee80211_ptr; 14146 struct sk_buff *msg; 14147 void *hdr; 14148 const u8 *addr; 14149 u64 cookie; 14150 int err; 14151 14152 if (wdev->iftype != NL80211_IFTYPE_AP && 14153 wdev->iftype != NL80211_IFTYPE_P2P_GO) 14154 return -EOPNOTSUPP; 14155 14156 if (!info->attrs[NL80211_ATTR_MAC]) 14157 return -EINVAL; 14158 14159 if (!rdev->ops->probe_client) 14160 return -EOPNOTSUPP; 14161 14162 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14163 if (!msg) 14164 return -ENOMEM; 14165 14166 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 14167 NL80211_CMD_PROBE_CLIENT); 14168 if (!hdr) { 14169 err = -ENOBUFS; 14170 goto free_msg; 14171 } 14172 14173 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 14174 14175 err = rdev_probe_client(rdev, dev, addr, &cookie); 14176 if (err) 14177 goto free_msg; 14178 14179 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 14180 NL80211_ATTR_PAD)) 14181 goto nla_put_failure; 14182 14183 genlmsg_end(msg, hdr); 14184 14185 return genlmsg_reply(msg, info); 14186 14187 nla_put_failure: 14188 err = -ENOBUFS; 14189 free_msg: 14190 nlmsg_free(msg); 14191 return err; 14192 } 14193 14194 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 14195 { 14196 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14197 struct cfg80211_beacon_registration *reg, *nreg; 14198 int rv; 14199 14200 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 14201 return -EOPNOTSUPP; 14202 14203 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL); 14204 if (!nreg) 14205 return -ENOMEM; 14206 14207 /* First, check if already registered. */ 14208 spin_lock_bh(&rdev->beacon_registrations_lock); 14209 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 14210 if (reg->nlportid == info->snd_portid) { 14211 rv = -EALREADY; 14212 goto out_err; 14213 } 14214 } 14215 /* Add it to the list */ 14216 nreg->nlportid = info->snd_portid; 14217 list_add(&nreg->list, &rdev->beacon_registrations); 14218 14219 spin_unlock_bh(&rdev->beacon_registrations_lock); 14220 14221 return 0; 14222 out_err: 14223 spin_unlock_bh(&rdev->beacon_registrations_lock); 14224 kfree(nreg); 14225 return rv; 14226 } 14227 14228 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info) 14229 { 14230 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14231 struct wireless_dev *wdev = info->user_ptr[1]; 14232 int err; 14233 14234 if (!rdev->ops->start_p2p_device) 14235 return -EOPNOTSUPP; 14236 14237 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 14238 return -EOPNOTSUPP; 14239 14240 if (wdev_running(wdev)) 14241 return 0; 14242 14243 if (rfkill_blocked(rdev->wiphy.rfkill)) 14244 return -ERFKILL; 14245 14246 err = rdev_start_p2p_device(rdev, wdev); 14247 if (err) 14248 return err; 14249 14250 wdev->is_running = true; 14251 rdev->opencount++; 14252 14253 return 0; 14254 } 14255 14256 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info) 14257 { 14258 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14259 struct wireless_dev *wdev = info->user_ptr[1]; 14260 14261 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 14262 return -EOPNOTSUPP; 14263 14264 if (!rdev->ops->stop_p2p_device) 14265 return -EOPNOTSUPP; 14266 14267 cfg80211_stop_p2p_device(rdev, wdev); 14268 14269 return 0; 14270 } 14271 14272 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info) 14273 { 14274 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14275 struct wireless_dev *wdev = info->user_ptr[1]; 14276 struct cfg80211_nan_conf conf = {}; 14277 int err; 14278 14279 if (wdev->iftype != NL80211_IFTYPE_NAN) 14280 return -EOPNOTSUPP; 14281 14282 if (wdev_running(wdev)) 14283 return -EEXIST; 14284 14285 if (rfkill_blocked(rdev->wiphy.rfkill)) 14286 return -ERFKILL; 14287 14288 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) 14289 return -EINVAL; 14290 14291 conf.master_pref = 14292 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]); 14293 14294 if (info->attrs[NL80211_ATTR_BANDS]) { 14295 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]); 14296 14297 if (bands & ~(u32)wdev->wiphy->nan_supported_bands) 14298 return -EOPNOTSUPP; 14299 14300 if (bands && !(bands & BIT(NL80211_BAND_2GHZ))) 14301 return -EINVAL; 14302 14303 conf.bands = bands; 14304 } 14305 14306 err = rdev_start_nan(rdev, wdev, &conf); 14307 if (err) 14308 return err; 14309 14310 wdev->is_running = true; 14311 rdev->opencount++; 14312 14313 return 0; 14314 } 14315 14316 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info) 14317 { 14318 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14319 struct wireless_dev *wdev = info->user_ptr[1]; 14320 14321 if (wdev->iftype != NL80211_IFTYPE_NAN) 14322 return -EOPNOTSUPP; 14323 14324 cfg80211_stop_nan(rdev, wdev); 14325 14326 return 0; 14327 } 14328 14329 static int validate_nan_filter(struct nlattr *filter_attr) 14330 { 14331 struct nlattr *attr; 14332 int len = 0, n_entries = 0, rem; 14333 14334 nla_for_each_nested(attr, filter_attr, rem) { 14335 len += nla_len(attr); 14336 n_entries++; 14337 } 14338 14339 if (len >= U8_MAX) 14340 return -EINVAL; 14341 14342 return n_entries; 14343 } 14344 14345 static int handle_nan_filter(struct nlattr *attr_filter, 14346 struct cfg80211_nan_func *func, 14347 bool tx) 14348 { 14349 struct nlattr *attr; 14350 int n_entries, rem, i; 14351 struct cfg80211_nan_func_filter *filter; 14352 14353 n_entries = validate_nan_filter(attr_filter); 14354 if (n_entries < 0) 14355 return n_entries; 14356 14357 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters)); 14358 14359 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL); 14360 if (!filter) 14361 return -ENOMEM; 14362 14363 i = 0; 14364 nla_for_each_nested(attr, attr_filter, rem) { 14365 filter[i].filter = nla_memdup(attr, GFP_KERNEL); 14366 if (!filter[i].filter) 14367 goto err; 14368 14369 filter[i].len = nla_len(attr); 14370 i++; 14371 } 14372 if (tx) { 14373 func->num_tx_filters = n_entries; 14374 func->tx_filters = filter; 14375 } else { 14376 func->num_rx_filters = n_entries; 14377 func->rx_filters = filter; 14378 } 14379 14380 return 0; 14381 14382 err: 14383 i = 0; 14384 nla_for_each_nested(attr, attr_filter, rem) { 14385 kfree(filter[i].filter); 14386 i++; 14387 } 14388 kfree(filter); 14389 return -ENOMEM; 14390 } 14391 14392 static int nl80211_nan_add_func(struct sk_buff *skb, 14393 struct genl_info *info) 14394 { 14395 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14396 struct wireless_dev *wdev = info->user_ptr[1]; 14397 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr; 14398 struct cfg80211_nan_func *func; 14399 struct sk_buff *msg = NULL; 14400 void *hdr = NULL; 14401 int err = 0; 14402 14403 if (wdev->iftype != NL80211_IFTYPE_NAN) 14404 return -EOPNOTSUPP; 14405 14406 if (!wdev_running(wdev)) 14407 return -ENOTCONN; 14408 14409 if (!info->attrs[NL80211_ATTR_NAN_FUNC]) 14410 return -EINVAL; 14411 14412 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX, 14413 info->attrs[NL80211_ATTR_NAN_FUNC], 14414 nl80211_nan_func_policy, 14415 info->extack); 14416 if (err) 14417 return err; 14418 14419 func = kzalloc(sizeof(*func), GFP_KERNEL); 14420 if (!func) 14421 return -ENOMEM; 14422 14423 func->cookie = cfg80211_assign_cookie(rdev); 14424 14425 if (!tb[NL80211_NAN_FUNC_TYPE]) { 14426 err = -EINVAL; 14427 goto out; 14428 } 14429 14430 14431 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]); 14432 14433 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) { 14434 err = -EINVAL; 14435 goto out; 14436 } 14437 14438 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]), 14439 sizeof(func->service_id)); 14440 14441 func->close_range = 14442 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]); 14443 14444 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) { 14445 func->serv_spec_info_len = 14446 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]); 14447 func->serv_spec_info = 14448 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]), 14449 func->serv_spec_info_len, 14450 GFP_KERNEL); 14451 if (!func->serv_spec_info) { 14452 err = -ENOMEM; 14453 goto out; 14454 } 14455 } 14456 14457 if (tb[NL80211_NAN_FUNC_TTL]) 14458 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]); 14459 14460 switch (func->type) { 14461 case NL80211_NAN_FUNC_PUBLISH: 14462 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) { 14463 err = -EINVAL; 14464 goto out; 14465 } 14466 14467 func->publish_type = 14468 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]); 14469 func->publish_bcast = 14470 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]); 14471 14472 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) && 14473 func->publish_bcast) { 14474 err = -EINVAL; 14475 goto out; 14476 } 14477 break; 14478 case NL80211_NAN_FUNC_SUBSCRIBE: 14479 func->subscribe_active = 14480 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]); 14481 break; 14482 case NL80211_NAN_FUNC_FOLLOW_UP: 14483 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] || 14484 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] || 14485 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) { 14486 err = -EINVAL; 14487 goto out; 14488 } 14489 14490 func->followup_id = 14491 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]); 14492 func->followup_reqid = 14493 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]); 14494 memcpy(func->followup_dest.addr, 14495 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]), 14496 sizeof(func->followup_dest.addr)); 14497 if (func->ttl) { 14498 err = -EINVAL; 14499 goto out; 14500 } 14501 break; 14502 default: 14503 err = -EINVAL; 14504 goto out; 14505 } 14506 14507 if (tb[NL80211_NAN_FUNC_SRF]) { 14508 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR]; 14509 14510 err = nla_parse_nested_deprecated(srf_tb, 14511 NL80211_NAN_SRF_ATTR_MAX, 14512 tb[NL80211_NAN_FUNC_SRF], 14513 nl80211_nan_srf_policy, 14514 info->extack); 14515 if (err) 14516 goto out; 14517 14518 func->srf_include = 14519 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]); 14520 14521 if (srf_tb[NL80211_NAN_SRF_BF]) { 14522 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] || 14523 !srf_tb[NL80211_NAN_SRF_BF_IDX]) { 14524 err = -EINVAL; 14525 goto out; 14526 } 14527 14528 func->srf_bf_len = 14529 nla_len(srf_tb[NL80211_NAN_SRF_BF]); 14530 func->srf_bf = 14531 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]), 14532 func->srf_bf_len, GFP_KERNEL); 14533 if (!func->srf_bf) { 14534 err = -ENOMEM; 14535 goto out; 14536 } 14537 14538 func->srf_bf_idx = 14539 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]); 14540 } else { 14541 struct nlattr *attr, *mac_attr = 14542 srf_tb[NL80211_NAN_SRF_MAC_ADDRS]; 14543 int n_entries, rem, i = 0; 14544 14545 if (!mac_attr) { 14546 err = -EINVAL; 14547 goto out; 14548 } 14549 14550 n_entries = validate_acl_mac_addrs(mac_attr); 14551 if (n_entries <= 0) { 14552 err = -EINVAL; 14553 goto out; 14554 } 14555 14556 func->srf_num_macs = n_entries; 14557 func->srf_macs = 14558 kcalloc(n_entries, sizeof(*func->srf_macs), 14559 GFP_KERNEL); 14560 if (!func->srf_macs) { 14561 err = -ENOMEM; 14562 goto out; 14563 } 14564 14565 nla_for_each_nested(attr, mac_attr, rem) 14566 memcpy(func->srf_macs[i++].addr, nla_data(attr), 14567 sizeof(*func->srf_macs)); 14568 } 14569 } 14570 14571 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) { 14572 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER], 14573 func, true); 14574 if (err) 14575 goto out; 14576 } 14577 14578 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) { 14579 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER], 14580 func, false); 14581 if (err) 14582 goto out; 14583 } 14584 14585 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14586 if (!msg) { 14587 err = -ENOMEM; 14588 goto out; 14589 } 14590 14591 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 14592 NL80211_CMD_ADD_NAN_FUNCTION); 14593 /* This can't really happen - we just allocated 4KB */ 14594 if (WARN_ON(!hdr)) { 14595 err = -ENOMEM; 14596 goto out; 14597 } 14598 14599 err = rdev_add_nan_func(rdev, wdev, func); 14600 out: 14601 if (err < 0) { 14602 cfg80211_free_nan_func(func); 14603 nlmsg_free(msg); 14604 return err; 14605 } 14606 14607 /* propagate the instance id and cookie to userspace */ 14608 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie, 14609 NL80211_ATTR_PAD)) 14610 goto nla_put_failure; 14611 14612 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC); 14613 if (!func_attr) 14614 goto nla_put_failure; 14615 14616 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, 14617 func->instance_id)) 14618 goto nla_put_failure; 14619 14620 nla_nest_end(msg, func_attr); 14621 14622 genlmsg_end(msg, hdr); 14623 return genlmsg_reply(msg, info); 14624 14625 nla_put_failure: 14626 nlmsg_free(msg); 14627 return -ENOBUFS; 14628 } 14629 14630 static int nl80211_nan_del_func(struct sk_buff *skb, 14631 struct genl_info *info) 14632 { 14633 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14634 struct wireless_dev *wdev = info->user_ptr[1]; 14635 u64 cookie; 14636 14637 if (wdev->iftype != NL80211_IFTYPE_NAN) 14638 return -EOPNOTSUPP; 14639 14640 if (!wdev_running(wdev)) 14641 return -ENOTCONN; 14642 14643 if (!info->attrs[NL80211_ATTR_COOKIE]) 14644 return -EINVAL; 14645 14646 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 14647 14648 rdev_del_nan_func(rdev, wdev, cookie); 14649 14650 return 0; 14651 } 14652 14653 static int nl80211_nan_change_config(struct sk_buff *skb, 14654 struct genl_info *info) 14655 { 14656 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14657 struct wireless_dev *wdev = info->user_ptr[1]; 14658 struct cfg80211_nan_conf conf = {}; 14659 u32 changed = 0; 14660 14661 if (wdev->iftype != NL80211_IFTYPE_NAN) 14662 return -EOPNOTSUPP; 14663 14664 if (!wdev_running(wdev)) 14665 return -ENOTCONN; 14666 14667 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) { 14668 conf.master_pref = 14669 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]); 14670 if (conf.master_pref <= 1 || conf.master_pref == 255) 14671 return -EINVAL; 14672 14673 changed |= CFG80211_NAN_CONF_CHANGED_PREF; 14674 } 14675 14676 if (info->attrs[NL80211_ATTR_BANDS]) { 14677 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]); 14678 14679 if (bands & ~(u32)wdev->wiphy->nan_supported_bands) 14680 return -EOPNOTSUPP; 14681 14682 if (bands && !(bands & BIT(NL80211_BAND_2GHZ))) 14683 return -EINVAL; 14684 14685 conf.bands = bands; 14686 changed |= CFG80211_NAN_CONF_CHANGED_BANDS; 14687 } 14688 14689 if (!changed) 14690 return -EINVAL; 14691 14692 return rdev_nan_change_conf(rdev, wdev, &conf, changed); 14693 } 14694 14695 void cfg80211_nan_match(struct wireless_dev *wdev, 14696 struct cfg80211_nan_match_params *match, gfp_t gfp) 14697 { 14698 struct wiphy *wiphy = wdev->wiphy; 14699 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14700 struct nlattr *match_attr, *local_func_attr, *peer_func_attr; 14701 struct sk_buff *msg; 14702 void *hdr; 14703 14704 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr)) 14705 return; 14706 14707 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14708 if (!msg) 14709 return; 14710 14711 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH); 14712 if (!hdr) { 14713 nlmsg_free(msg); 14714 return; 14715 } 14716 14717 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14718 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 14719 wdev->netdev->ifindex)) || 14720 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 14721 NL80211_ATTR_PAD)) 14722 goto nla_put_failure; 14723 14724 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie, 14725 NL80211_ATTR_PAD) || 14726 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr)) 14727 goto nla_put_failure; 14728 14729 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH); 14730 if (!match_attr) 14731 goto nla_put_failure; 14732 14733 local_func_attr = nla_nest_start_noflag(msg, 14734 NL80211_NAN_MATCH_FUNC_LOCAL); 14735 if (!local_func_attr) 14736 goto nla_put_failure; 14737 14738 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id)) 14739 goto nla_put_failure; 14740 14741 nla_nest_end(msg, local_func_attr); 14742 14743 peer_func_attr = nla_nest_start_noflag(msg, 14744 NL80211_NAN_MATCH_FUNC_PEER); 14745 if (!peer_func_attr) 14746 goto nla_put_failure; 14747 14748 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) || 14749 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id)) 14750 goto nla_put_failure; 14751 14752 if (match->info && match->info_len && 14753 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len, 14754 match->info)) 14755 goto nla_put_failure; 14756 14757 nla_nest_end(msg, peer_func_attr); 14758 nla_nest_end(msg, match_attr); 14759 genlmsg_end(msg, hdr); 14760 14761 if (!wdev->owner_nlportid) 14762 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 14763 msg, 0, NL80211_MCGRP_NAN, gfp); 14764 else 14765 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 14766 wdev->owner_nlportid); 14767 14768 return; 14769 14770 nla_put_failure: 14771 nlmsg_free(msg); 14772 } 14773 EXPORT_SYMBOL(cfg80211_nan_match); 14774 14775 void cfg80211_nan_func_terminated(struct wireless_dev *wdev, 14776 u8 inst_id, 14777 enum nl80211_nan_func_term_reason reason, 14778 u64 cookie, gfp_t gfp) 14779 { 14780 struct wiphy *wiphy = wdev->wiphy; 14781 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14782 struct sk_buff *msg; 14783 struct nlattr *func_attr; 14784 void *hdr; 14785 14786 if (WARN_ON(!inst_id)) 14787 return; 14788 14789 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14790 if (!msg) 14791 return; 14792 14793 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION); 14794 if (!hdr) { 14795 nlmsg_free(msg); 14796 return; 14797 } 14798 14799 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14800 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 14801 wdev->netdev->ifindex)) || 14802 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 14803 NL80211_ATTR_PAD)) 14804 goto nla_put_failure; 14805 14806 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 14807 NL80211_ATTR_PAD)) 14808 goto nla_put_failure; 14809 14810 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC); 14811 if (!func_attr) 14812 goto nla_put_failure; 14813 14814 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) || 14815 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason)) 14816 goto nla_put_failure; 14817 14818 nla_nest_end(msg, func_attr); 14819 genlmsg_end(msg, hdr); 14820 14821 if (!wdev->owner_nlportid) 14822 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 14823 msg, 0, NL80211_MCGRP_NAN, gfp); 14824 else 14825 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 14826 wdev->owner_nlportid); 14827 14828 return; 14829 14830 nla_put_failure: 14831 nlmsg_free(msg); 14832 } 14833 EXPORT_SYMBOL(cfg80211_nan_func_terminated); 14834 14835 static int nl80211_get_protocol_features(struct sk_buff *skb, 14836 struct genl_info *info) 14837 { 14838 void *hdr; 14839 struct sk_buff *msg; 14840 14841 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14842 if (!msg) 14843 return -ENOMEM; 14844 14845 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 14846 NL80211_CMD_GET_PROTOCOL_FEATURES); 14847 if (!hdr) 14848 goto nla_put_failure; 14849 14850 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES, 14851 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP)) 14852 goto nla_put_failure; 14853 14854 genlmsg_end(msg, hdr); 14855 return genlmsg_reply(msg, info); 14856 14857 nla_put_failure: 14858 kfree_skb(msg); 14859 return -ENOBUFS; 14860 } 14861 14862 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info) 14863 { 14864 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14865 struct cfg80211_update_ft_ies_params ft_params; 14866 struct net_device *dev = info->user_ptr[1]; 14867 14868 if (!rdev->ops->update_ft_ies) 14869 return -EOPNOTSUPP; 14870 14871 if (!info->attrs[NL80211_ATTR_MDID] || 14872 !info->attrs[NL80211_ATTR_IE]) 14873 return -EINVAL; 14874 14875 memset(&ft_params, 0, sizeof(ft_params)); 14876 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]); 14877 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 14878 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 14879 14880 return rdev_update_ft_ies(rdev, dev, &ft_params); 14881 } 14882 14883 static int nl80211_crit_protocol_start(struct sk_buff *skb, 14884 struct genl_info *info) 14885 { 14886 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14887 struct wireless_dev *wdev = info->user_ptr[1]; 14888 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC; 14889 u16 duration; 14890 int ret; 14891 14892 if (!rdev->ops->crit_proto_start) 14893 return -EOPNOTSUPP; 14894 14895 if (WARN_ON(!rdev->ops->crit_proto_stop)) 14896 return -EINVAL; 14897 14898 if (rdev->crit_proto_nlportid) 14899 return -EBUSY; 14900 14901 /* determine protocol if provided */ 14902 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID]) 14903 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]); 14904 14905 if (proto >= NUM_NL80211_CRIT_PROTO) 14906 return -EINVAL; 14907 14908 /* timeout must be provided */ 14909 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]) 14910 return -EINVAL; 14911 14912 duration = 14913 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]); 14914 14915 ret = rdev_crit_proto_start(rdev, wdev, proto, duration); 14916 if (!ret) 14917 rdev->crit_proto_nlportid = info->snd_portid; 14918 14919 return ret; 14920 } 14921 14922 static int nl80211_crit_protocol_stop(struct sk_buff *skb, 14923 struct genl_info *info) 14924 { 14925 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14926 struct wireless_dev *wdev = info->user_ptr[1]; 14927 14928 if (!rdev->ops->crit_proto_stop) 14929 return -EOPNOTSUPP; 14930 14931 if (rdev->crit_proto_nlportid) { 14932 rdev->crit_proto_nlportid = 0; 14933 rdev_crit_proto_stop(rdev, wdev); 14934 } 14935 return 0; 14936 } 14937 14938 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd, 14939 struct nlattr *attr, 14940 struct netlink_ext_ack *extack) 14941 { 14942 if (vcmd->policy == VENDOR_CMD_RAW_DATA) { 14943 if (attr->nla_type & NLA_F_NESTED) { 14944 NL_SET_ERR_MSG_ATTR(extack, attr, 14945 "unexpected nested data"); 14946 return -EINVAL; 14947 } 14948 14949 return 0; 14950 } 14951 14952 if (!(attr->nla_type & NLA_F_NESTED)) { 14953 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data"); 14954 return -EINVAL; 14955 } 14956 14957 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack); 14958 } 14959 14960 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info) 14961 { 14962 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14963 struct wireless_dev *wdev = 14964 __cfg80211_wdev_from_attrs(rdev, genl_info_net(info), 14965 info->attrs); 14966 int i, err; 14967 u32 vid, subcmd; 14968 14969 if (!rdev->wiphy.vendor_commands) 14970 return -EOPNOTSUPP; 14971 14972 if (IS_ERR(wdev)) { 14973 err = PTR_ERR(wdev); 14974 if (err != -EINVAL) 14975 return err; 14976 wdev = NULL; 14977 } else if (wdev->wiphy != &rdev->wiphy) { 14978 return -EINVAL; 14979 } 14980 14981 if (!info->attrs[NL80211_ATTR_VENDOR_ID] || 14982 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD]) 14983 return -EINVAL; 14984 14985 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]); 14986 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]); 14987 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) { 14988 const struct wiphy_vendor_command *vcmd; 14989 void *data = NULL; 14990 int len = 0; 14991 14992 vcmd = &rdev->wiphy.vendor_commands[i]; 14993 14994 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd) 14995 continue; 14996 14997 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV | 14998 WIPHY_VENDOR_CMD_NEED_NETDEV)) { 14999 if (!wdev) 15000 return -EINVAL; 15001 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV && 15002 !wdev->netdev) 15003 return -EINVAL; 15004 15005 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) { 15006 if (!wdev_running(wdev)) 15007 return -ENETDOWN; 15008 } 15009 } else { 15010 wdev = NULL; 15011 } 15012 15013 if (!vcmd->doit) 15014 return -EOPNOTSUPP; 15015 15016 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) { 15017 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]); 15018 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]); 15019 15020 err = nl80211_vendor_check_policy(vcmd, 15021 info->attrs[NL80211_ATTR_VENDOR_DATA], 15022 info->extack); 15023 if (err) 15024 return err; 15025 } 15026 15027 rdev->cur_cmd_info = info; 15028 err = vcmd->doit(&rdev->wiphy, wdev, data, len); 15029 rdev->cur_cmd_info = NULL; 15030 return err; 15031 } 15032 15033 return -EOPNOTSUPP; 15034 } 15035 15036 static int nl80211_prepare_vendor_dump(struct sk_buff *skb, 15037 struct netlink_callback *cb, 15038 struct cfg80211_registered_device **rdev, 15039 struct wireless_dev **wdev) 15040 { 15041 struct nlattr **attrbuf; 15042 u32 vid, subcmd; 15043 unsigned int i; 15044 int vcmd_idx = -1; 15045 int err; 15046 void *data = NULL; 15047 unsigned int data_len = 0; 15048 15049 if (cb->args[0]) { 15050 /* subtract the 1 again here */ 15051 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1); 15052 struct wireless_dev *tmp; 15053 15054 if (!wiphy) 15055 return -ENODEV; 15056 *rdev = wiphy_to_rdev(wiphy); 15057 *wdev = NULL; 15058 15059 if (cb->args[1]) { 15060 list_for_each_entry(tmp, &wiphy->wdev_list, list) { 15061 if (tmp->identifier == cb->args[1] - 1) { 15062 *wdev = tmp; 15063 break; 15064 } 15065 } 15066 } 15067 15068 /* keep rtnl locked in successful case */ 15069 return 0; 15070 } 15071 15072 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL); 15073 if (!attrbuf) 15074 return -ENOMEM; 15075 15076 err = nlmsg_parse_deprecated(cb->nlh, 15077 GENL_HDRLEN + nl80211_fam.hdrsize, 15078 attrbuf, nl80211_fam.maxattr, 15079 nl80211_policy, NULL); 15080 if (err) 15081 goto out; 15082 15083 if (!attrbuf[NL80211_ATTR_VENDOR_ID] || 15084 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) { 15085 err = -EINVAL; 15086 goto out; 15087 } 15088 15089 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf); 15090 if (IS_ERR(*wdev)) 15091 *wdev = NULL; 15092 15093 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf); 15094 if (IS_ERR(*rdev)) { 15095 err = PTR_ERR(*rdev); 15096 goto out; 15097 } 15098 15099 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]); 15100 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]); 15101 15102 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) { 15103 const struct wiphy_vendor_command *vcmd; 15104 15105 vcmd = &(*rdev)->wiphy.vendor_commands[i]; 15106 15107 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd) 15108 continue; 15109 15110 if (!vcmd->dumpit) { 15111 err = -EOPNOTSUPP; 15112 goto out; 15113 } 15114 15115 vcmd_idx = i; 15116 break; 15117 } 15118 15119 if (vcmd_idx < 0) { 15120 err = -EOPNOTSUPP; 15121 goto out; 15122 } 15123 15124 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) { 15125 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]); 15126 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]); 15127 15128 err = nl80211_vendor_check_policy( 15129 &(*rdev)->wiphy.vendor_commands[vcmd_idx], 15130 attrbuf[NL80211_ATTR_VENDOR_DATA], 15131 cb->extack); 15132 if (err) 15133 goto out; 15134 } 15135 15136 /* 0 is the first index - add 1 to parse only once */ 15137 cb->args[0] = (*rdev)->wiphy_idx + 1; 15138 /* add 1 to know if it was NULL */ 15139 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0; 15140 cb->args[2] = vcmd_idx; 15141 cb->args[3] = (unsigned long)data; 15142 cb->args[4] = data_len; 15143 15144 /* keep rtnl locked in successful case */ 15145 err = 0; 15146 out: 15147 kfree(attrbuf); 15148 return err; 15149 } 15150 15151 static int nl80211_vendor_cmd_dump(struct sk_buff *skb, 15152 struct netlink_callback *cb) 15153 { 15154 struct cfg80211_registered_device *rdev; 15155 struct wireless_dev *wdev; 15156 unsigned int vcmd_idx; 15157 const struct wiphy_vendor_command *vcmd; 15158 void *data; 15159 int data_len; 15160 int err; 15161 struct nlattr *vendor_data; 15162 15163 rtnl_lock(); 15164 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev); 15165 if (err) 15166 goto out; 15167 15168 vcmd_idx = cb->args[2]; 15169 data = (void *)cb->args[3]; 15170 data_len = cb->args[4]; 15171 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx]; 15172 15173 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV | 15174 WIPHY_VENDOR_CMD_NEED_NETDEV)) { 15175 if (!wdev) { 15176 err = -EINVAL; 15177 goto out; 15178 } 15179 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV && 15180 !wdev->netdev) { 15181 err = -EINVAL; 15182 goto out; 15183 } 15184 15185 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) { 15186 if (!wdev_running(wdev)) { 15187 err = -ENETDOWN; 15188 goto out; 15189 } 15190 } 15191 } 15192 15193 while (1) { 15194 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 15195 cb->nlh->nlmsg_seq, NLM_F_MULTI, 15196 NL80211_CMD_VENDOR); 15197 if (!hdr) 15198 break; 15199 15200 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 15201 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV, 15202 wdev_id(wdev), 15203 NL80211_ATTR_PAD))) { 15204 genlmsg_cancel(skb, hdr); 15205 break; 15206 } 15207 15208 vendor_data = nla_nest_start_noflag(skb, 15209 NL80211_ATTR_VENDOR_DATA); 15210 if (!vendor_data) { 15211 genlmsg_cancel(skb, hdr); 15212 break; 15213 } 15214 15215 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len, 15216 (unsigned long *)&cb->args[5]); 15217 nla_nest_end(skb, vendor_data); 15218 15219 if (err == -ENOBUFS || err == -ENOENT) { 15220 genlmsg_cancel(skb, hdr); 15221 break; 15222 } else if (err <= 0) { 15223 genlmsg_cancel(skb, hdr); 15224 goto out; 15225 } 15226 15227 genlmsg_end(skb, hdr); 15228 } 15229 15230 err = skb->len; 15231 out: 15232 rtnl_unlock(); 15233 return err; 15234 } 15235 15236 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy, 15237 enum nl80211_commands cmd, 15238 enum nl80211_attrs attr, 15239 int approxlen) 15240 { 15241 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 15242 15243 if (WARN_ON(!rdev->cur_cmd_info)) 15244 return NULL; 15245 15246 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen, 15247 rdev->cur_cmd_info->snd_portid, 15248 rdev->cur_cmd_info->snd_seq, 15249 cmd, attr, NULL, GFP_KERNEL); 15250 } 15251 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb); 15252 15253 int cfg80211_vendor_cmd_reply(struct sk_buff *skb) 15254 { 15255 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 15256 void *hdr = ((void **)skb->cb)[1]; 15257 struct nlattr *data = ((void **)skb->cb)[2]; 15258 15259 /* clear CB data for netlink core to own from now on */ 15260 memset(skb->cb, 0, sizeof(skb->cb)); 15261 15262 if (WARN_ON(!rdev->cur_cmd_info)) { 15263 kfree_skb(skb); 15264 return -EINVAL; 15265 } 15266 15267 nla_nest_end(skb, data); 15268 genlmsg_end(skb, hdr); 15269 return genlmsg_reply(skb, rdev->cur_cmd_info); 15270 } 15271 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply); 15272 15273 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy) 15274 { 15275 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 15276 15277 if (WARN_ON(!rdev->cur_cmd_info)) 15278 return 0; 15279 15280 return rdev->cur_cmd_info->snd_portid; 15281 } 15282 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender); 15283 15284 static int nl80211_set_qos_map(struct sk_buff *skb, 15285 struct genl_info *info) 15286 { 15287 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15288 struct cfg80211_qos_map *qos_map = NULL; 15289 struct net_device *dev = info->user_ptr[1]; 15290 u8 *pos, len, num_des, des_len, des; 15291 int ret; 15292 15293 if (!rdev->ops->set_qos_map) 15294 return -EOPNOTSUPP; 15295 15296 if (info->attrs[NL80211_ATTR_QOS_MAP]) { 15297 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]); 15298 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]); 15299 15300 if (len % 2) 15301 return -EINVAL; 15302 15303 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL); 15304 if (!qos_map) 15305 return -ENOMEM; 15306 15307 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1; 15308 if (num_des) { 15309 des_len = num_des * 15310 sizeof(struct cfg80211_dscp_exception); 15311 memcpy(qos_map->dscp_exception, pos, des_len); 15312 qos_map->num_des = num_des; 15313 for (des = 0; des < num_des; des++) { 15314 if (qos_map->dscp_exception[des].up > 7) { 15315 kfree(qos_map); 15316 return -EINVAL; 15317 } 15318 } 15319 pos += des_len; 15320 } 15321 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN); 15322 } 15323 15324 wdev_lock(dev->ieee80211_ptr); 15325 ret = nl80211_key_allowed(dev->ieee80211_ptr); 15326 if (!ret) 15327 ret = rdev_set_qos_map(rdev, dev, qos_map); 15328 wdev_unlock(dev->ieee80211_ptr); 15329 15330 kfree(qos_map); 15331 return ret; 15332 } 15333 15334 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info) 15335 { 15336 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15337 struct net_device *dev = info->user_ptr[1]; 15338 struct wireless_dev *wdev = dev->ieee80211_ptr; 15339 const u8 *peer; 15340 u8 tsid, up; 15341 u16 admitted_time = 0; 15342 int err; 15343 15344 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)) 15345 return -EOPNOTSUPP; 15346 15347 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] || 15348 !info->attrs[NL80211_ATTR_USER_PRIO]) 15349 return -EINVAL; 15350 15351 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]); 15352 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]); 15353 15354 /* WMM uses TIDs 0-7 even for TSPEC */ 15355 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) { 15356 /* TODO: handle 802.11 TSPEC/admission control 15357 * need more attributes for that (e.g. BA session requirement); 15358 * change the WMM adminssion test above to allow both then 15359 */ 15360 return -EINVAL; 15361 } 15362 15363 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 15364 15365 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) { 15366 admitted_time = 15367 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]); 15368 if (!admitted_time) 15369 return -EINVAL; 15370 } 15371 15372 wdev_lock(wdev); 15373 switch (wdev->iftype) { 15374 case NL80211_IFTYPE_STATION: 15375 case NL80211_IFTYPE_P2P_CLIENT: 15376 if (wdev->connected) 15377 break; 15378 err = -ENOTCONN; 15379 goto out; 15380 default: 15381 err = -EOPNOTSUPP; 15382 goto out; 15383 } 15384 15385 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time); 15386 15387 out: 15388 wdev_unlock(wdev); 15389 return err; 15390 } 15391 15392 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info) 15393 { 15394 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15395 struct net_device *dev = info->user_ptr[1]; 15396 struct wireless_dev *wdev = dev->ieee80211_ptr; 15397 const u8 *peer; 15398 u8 tsid; 15399 int err; 15400 15401 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC]) 15402 return -EINVAL; 15403 15404 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]); 15405 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 15406 15407 wdev_lock(wdev); 15408 err = rdev_del_tx_ts(rdev, dev, tsid, peer); 15409 wdev_unlock(wdev); 15410 15411 return err; 15412 } 15413 15414 static int nl80211_tdls_channel_switch(struct sk_buff *skb, 15415 struct genl_info *info) 15416 { 15417 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15418 struct net_device *dev = info->user_ptr[1]; 15419 struct wireless_dev *wdev = dev->ieee80211_ptr; 15420 struct cfg80211_chan_def chandef = {}; 15421 const u8 *addr; 15422 u8 oper_class; 15423 int err; 15424 15425 if (!rdev->ops->tdls_channel_switch || 15426 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 15427 return -EOPNOTSUPP; 15428 15429 switch (dev->ieee80211_ptr->iftype) { 15430 case NL80211_IFTYPE_STATION: 15431 case NL80211_IFTYPE_P2P_CLIENT: 15432 break; 15433 default: 15434 return -EOPNOTSUPP; 15435 } 15436 15437 if (!info->attrs[NL80211_ATTR_MAC] || 15438 !info->attrs[NL80211_ATTR_OPER_CLASS]) 15439 return -EINVAL; 15440 15441 err = nl80211_parse_chandef(rdev, info, &chandef); 15442 if (err) 15443 return err; 15444 15445 /* 15446 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012 15447 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the 15448 * specification is not defined for them. 15449 */ 15450 if (chandef.chan->band == NL80211_BAND_2GHZ && 15451 chandef.width != NL80211_CHAN_WIDTH_20_NOHT && 15452 chandef.width != NL80211_CHAN_WIDTH_20) 15453 return -EINVAL; 15454 15455 /* we will be active on the TDLS link */ 15456 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef, 15457 wdev->iftype)) 15458 return -EINVAL; 15459 15460 /* don't allow switching to DFS channels */ 15461 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype)) 15462 return -EINVAL; 15463 15464 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 15465 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]); 15466 15467 wdev_lock(wdev); 15468 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef); 15469 wdev_unlock(wdev); 15470 15471 return err; 15472 } 15473 15474 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb, 15475 struct genl_info *info) 15476 { 15477 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15478 struct net_device *dev = info->user_ptr[1]; 15479 struct wireless_dev *wdev = dev->ieee80211_ptr; 15480 const u8 *addr; 15481 15482 if (!rdev->ops->tdls_channel_switch || 15483 !rdev->ops->tdls_cancel_channel_switch || 15484 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 15485 return -EOPNOTSUPP; 15486 15487 switch (dev->ieee80211_ptr->iftype) { 15488 case NL80211_IFTYPE_STATION: 15489 case NL80211_IFTYPE_P2P_CLIENT: 15490 break; 15491 default: 15492 return -EOPNOTSUPP; 15493 } 15494 15495 if (!info->attrs[NL80211_ATTR_MAC]) 15496 return -EINVAL; 15497 15498 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 15499 15500 wdev_lock(wdev); 15501 rdev_tdls_cancel_channel_switch(rdev, dev, addr); 15502 wdev_unlock(wdev); 15503 15504 return 0; 15505 } 15506 15507 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb, 15508 struct genl_info *info) 15509 { 15510 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15511 struct net_device *dev = info->user_ptr[1]; 15512 struct wireless_dev *wdev = dev->ieee80211_ptr; 15513 const struct nlattr *nla; 15514 bool enabled; 15515 15516 if (!rdev->ops->set_multicast_to_unicast) 15517 return -EOPNOTSUPP; 15518 15519 if (wdev->iftype != NL80211_IFTYPE_AP && 15520 wdev->iftype != NL80211_IFTYPE_P2P_GO) 15521 return -EOPNOTSUPP; 15522 15523 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED]; 15524 enabled = nla_get_flag(nla); 15525 15526 return rdev_set_multicast_to_unicast(rdev, dev, enabled); 15527 } 15528 15529 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info) 15530 { 15531 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15532 struct net_device *dev = info->user_ptr[1]; 15533 struct wireless_dev *wdev = dev->ieee80211_ptr; 15534 struct cfg80211_pmk_conf pmk_conf = {}; 15535 int ret; 15536 15537 if (wdev->iftype != NL80211_IFTYPE_STATION && 15538 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 15539 return -EOPNOTSUPP; 15540 15541 if (!wiphy_ext_feature_isset(&rdev->wiphy, 15542 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) 15543 return -EOPNOTSUPP; 15544 15545 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK]) 15546 return -EINVAL; 15547 15548 wdev_lock(wdev); 15549 if (!wdev->connected) { 15550 ret = -ENOTCONN; 15551 goto out; 15552 } 15553 15554 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]); 15555 if (memcmp(pmk_conf.aa, wdev->u.client.connected_addr, ETH_ALEN)) { 15556 ret = -EINVAL; 15557 goto out; 15558 } 15559 15560 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]); 15561 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]); 15562 if (pmk_conf.pmk_len != WLAN_PMK_LEN && 15563 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) { 15564 ret = -EINVAL; 15565 goto out; 15566 } 15567 15568 if (info->attrs[NL80211_ATTR_PMKR0_NAME]) 15569 pmk_conf.pmk_r0_name = 15570 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]); 15571 15572 ret = rdev_set_pmk(rdev, dev, &pmk_conf); 15573 out: 15574 wdev_unlock(wdev); 15575 return ret; 15576 } 15577 15578 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info) 15579 { 15580 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15581 struct net_device *dev = info->user_ptr[1]; 15582 struct wireless_dev *wdev = dev->ieee80211_ptr; 15583 const u8 *aa; 15584 int ret; 15585 15586 if (wdev->iftype != NL80211_IFTYPE_STATION && 15587 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 15588 return -EOPNOTSUPP; 15589 15590 if (!wiphy_ext_feature_isset(&rdev->wiphy, 15591 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) 15592 return -EOPNOTSUPP; 15593 15594 if (!info->attrs[NL80211_ATTR_MAC]) 15595 return -EINVAL; 15596 15597 wdev_lock(wdev); 15598 aa = nla_data(info->attrs[NL80211_ATTR_MAC]); 15599 ret = rdev_del_pmk(rdev, dev, aa); 15600 wdev_unlock(wdev); 15601 15602 return ret; 15603 } 15604 15605 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info) 15606 { 15607 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15608 struct net_device *dev = info->user_ptr[1]; 15609 struct cfg80211_external_auth_params params; 15610 15611 if (!rdev->ops->external_auth) 15612 return -EOPNOTSUPP; 15613 15614 if (!info->attrs[NL80211_ATTR_SSID] && 15615 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 15616 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 15617 return -EINVAL; 15618 15619 if (!info->attrs[NL80211_ATTR_BSSID]) 15620 return -EINVAL; 15621 15622 if (!info->attrs[NL80211_ATTR_STATUS_CODE]) 15623 return -EINVAL; 15624 15625 memset(¶ms, 0, sizeof(params)); 15626 15627 if (info->attrs[NL80211_ATTR_SSID]) { 15628 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 15629 if (params.ssid.ssid_len == 0) 15630 return -EINVAL; 15631 memcpy(params.ssid.ssid, 15632 nla_data(info->attrs[NL80211_ATTR_SSID]), 15633 params.ssid.ssid_len); 15634 } 15635 15636 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]), 15637 ETH_ALEN); 15638 15639 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 15640 15641 if (info->attrs[NL80211_ATTR_PMKID]) 15642 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 15643 15644 return rdev_external_auth(rdev, dev, ¶ms); 15645 } 15646 15647 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info) 15648 { 15649 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK]; 15650 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15651 struct net_device *dev = info->user_ptr[1]; 15652 struct wireless_dev *wdev = dev->ieee80211_ptr; 15653 const u8 *buf; 15654 size_t len; 15655 u8 *dest; 15656 u16 proto; 15657 bool noencrypt; 15658 u64 cookie = 0; 15659 int link_id; 15660 int err; 15661 15662 if (!wiphy_ext_feature_isset(&rdev->wiphy, 15663 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) 15664 return -EOPNOTSUPP; 15665 15666 if (!rdev->ops->tx_control_port) 15667 return -EOPNOTSUPP; 15668 15669 if (!info->attrs[NL80211_ATTR_FRAME] || 15670 !info->attrs[NL80211_ATTR_MAC] || 15671 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 15672 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing"); 15673 return -EINVAL; 15674 } 15675 15676 wdev_lock(wdev); 15677 15678 switch (wdev->iftype) { 15679 case NL80211_IFTYPE_AP: 15680 case NL80211_IFTYPE_P2P_GO: 15681 case NL80211_IFTYPE_MESH_POINT: 15682 break; 15683 case NL80211_IFTYPE_ADHOC: 15684 if (wdev->u.ibss.current_bss) 15685 break; 15686 err = -ENOTCONN; 15687 goto out; 15688 case NL80211_IFTYPE_STATION: 15689 case NL80211_IFTYPE_P2P_CLIENT: 15690 if (wdev->connected) 15691 break; 15692 err = -ENOTCONN; 15693 goto out; 15694 default: 15695 err = -EOPNOTSUPP; 15696 goto out; 15697 } 15698 15699 wdev_unlock(wdev); 15700 15701 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); 15702 len = nla_len(info->attrs[NL80211_ATTR_FRAME]); 15703 dest = nla_data(info->attrs[NL80211_ATTR_MAC]); 15704 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 15705 noencrypt = 15706 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]); 15707 15708 link_id = nl80211_link_id_or_invalid(info->attrs); 15709 15710 err = rdev_tx_control_port(rdev, dev, buf, len, 15711 dest, cpu_to_be16(proto), noencrypt, link_id, 15712 dont_wait_for_ack ? NULL : &cookie); 15713 if (!err && !dont_wait_for_ack) 15714 nl_set_extack_cookie_u64(info->extack, cookie); 15715 return err; 15716 out: 15717 wdev_unlock(wdev); 15718 return err; 15719 } 15720 15721 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb, 15722 struct genl_info *info) 15723 { 15724 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15725 struct net_device *dev = info->user_ptr[1]; 15726 struct wireless_dev *wdev = dev->ieee80211_ptr; 15727 struct cfg80211_ftm_responder_stats ftm_stats = {}; 15728 unsigned int link_id = nl80211_link_id(info->attrs); 15729 struct sk_buff *msg; 15730 void *hdr; 15731 struct nlattr *ftm_stats_attr; 15732 int err; 15733 15734 if (wdev->iftype != NL80211_IFTYPE_AP || 15735 !wdev->links[link_id].ap.beacon_interval) 15736 return -EOPNOTSUPP; 15737 15738 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats); 15739 if (err) 15740 return err; 15741 15742 if (!ftm_stats.filled) 15743 return -ENODATA; 15744 15745 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 15746 if (!msg) 15747 return -ENOMEM; 15748 15749 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 15750 NL80211_CMD_GET_FTM_RESPONDER_STATS); 15751 if (!hdr) 15752 goto nla_put_failure; 15753 15754 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 15755 goto nla_put_failure; 15756 15757 ftm_stats_attr = nla_nest_start_noflag(msg, 15758 NL80211_ATTR_FTM_RESPONDER_STATS); 15759 if (!ftm_stats_attr) 15760 goto nla_put_failure; 15761 15762 #define SET_FTM(field, name, type) \ 15763 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \ 15764 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \ 15765 ftm_stats.field)) \ 15766 goto nla_put_failure; } while (0) 15767 #define SET_FTM_U64(field, name) \ 15768 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \ 15769 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \ 15770 ftm_stats.field, NL80211_FTM_STATS_PAD)) \ 15771 goto nla_put_failure; } while (0) 15772 15773 SET_FTM(success_num, SUCCESS_NUM, u32); 15774 SET_FTM(partial_num, PARTIAL_NUM, u32); 15775 SET_FTM(failed_num, FAILED_NUM, u32); 15776 SET_FTM(asap_num, ASAP_NUM, u32); 15777 SET_FTM(non_asap_num, NON_ASAP_NUM, u32); 15778 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC); 15779 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32); 15780 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32); 15781 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32); 15782 #undef SET_FTM 15783 15784 nla_nest_end(msg, ftm_stats_attr); 15785 15786 genlmsg_end(msg, hdr); 15787 return genlmsg_reply(msg, info); 15788 15789 nla_put_failure: 15790 nlmsg_free(msg); 15791 return -ENOBUFS; 15792 } 15793 15794 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info) 15795 { 15796 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15797 struct cfg80211_update_owe_info owe_info; 15798 struct net_device *dev = info->user_ptr[1]; 15799 15800 if (!rdev->ops->update_owe_info) 15801 return -EOPNOTSUPP; 15802 15803 if (!info->attrs[NL80211_ATTR_STATUS_CODE] || 15804 !info->attrs[NL80211_ATTR_MAC]) 15805 return -EINVAL; 15806 15807 memset(&owe_info, 0, sizeof(owe_info)); 15808 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 15809 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN); 15810 15811 if (info->attrs[NL80211_ATTR_IE]) { 15812 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 15813 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 15814 } 15815 15816 return rdev_update_owe_info(rdev, dev, &owe_info); 15817 } 15818 15819 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info) 15820 { 15821 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15822 struct net_device *dev = info->user_ptr[1]; 15823 struct wireless_dev *wdev = dev->ieee80211_ptr; 15824 struct station_info sinfo = {}; 15825 const u8 *buf; 15826 size_t len; 15827 u8 *dest; 15828 int err; 15829 15830 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station) 15831 return -EOPNOTSUPP; 15832 15833 if (!info->attrs[NL80211_ATTR_MAC] || 15834 !info->attrs[NL80211_ATTR_FRAME]) { 15835 GENL_SET_ERR_MSG(info, "Frame or MAC missing"); 15836 return -EINVAL; 15837 } 15838 15839 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 15840 return -EOPNOTSUPP; 15841 15842 dest = nla_data(info->attrs[NL80211_ATTR_MAC]); 15843 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); 15844 len = nla_len(info->attrs[NL80211_ATTR_FRAME]); 15845 15846 if (len < sizeof(struct ethhdr)) 15847 return -EINVAL; 15848 15849 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) || 15850 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr)) 15851 return -EINVAL; 15852 15853 err = rdev_get_station(rdev, dev, dest, &sinfo); 15854 if (err) 15855 return err; 15856 15857 cfg80211_sinfo_release_content(&sinfo); 15858 15859 return rdev_probe_mesh_link(rdev, dev, dest, buf, len); 15860 } 15861 15862 static int parse_tid_conf(struct cfg80211_registered_device *rdev, 15863 struct nlattr *attrs[], struct net_device *dev, 15864 struct cfg80211_tid_cfg *tid_conf, 15865 struct genl_info *info, const u8 *peer, 15866 unsigned int link_id) 15867 { 15868 struct netlink_ext_ack *extack = info->extack; 15869 u64 mask; 15870 int err; 15871 15872 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS]) 15873 return -EINVAL; 15874 15875 tid_conf->config_override = 15876 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]); 15877 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]); 15878 15879 if (tid_conf->config_override) { 15880 if (rdev->ops->reset_tid_config) { 15881 err = rdev_reset_tid_config(rdev, dev, peer, 15882 tid_conf->tids); 15883 if (err) 15884 return err; 15885 } else { 15886 return -EINVAL; 15887 } 15888 } 15889 15890 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) { 15891 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK); 15892 tid_conf->noack = 15893 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]); 15894 } 15895 15896 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) { 15897 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT); 15898 tid_conf->retry_short = 15899 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]); 15900 15901 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count) 15902 return -EINVAL; 15903 } 15904 15905 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) { 15906 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG); 15907 tid_conf->retry_long = 15908 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]); 15909 15910 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count) 15911 return -EINVAL; 15912 } 15913 15914 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) { 15915 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL); 15916 tid_conf->ampdu = 15917 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]); 15918 } 15919 15920 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) { 15921 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL); 15922 tid_conf->rtscts = 15923 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]); 15924 } 15925 15926 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) { 15927 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL); 15928 tid_conf->amsdu = 15929 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]); 15930 } 15931 15932 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) { 15933 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr; 15934 15935 tid_conf->txrate_type = nla_get_u8(attrs[idx]); 15936 15937 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) { 15938 attr = NL80211_TID_CONFIG_ATTR_TX_RATE; 15939 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr, 15940 &tid_conf->txrate_mask, dev, 15941 true, link_id); 15942 if (err) 15943 return err; 15944 15945 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE); 15946 } 15947 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE); 15948 } 15949 15950 if (peer) 15951 mask = rdev->wiphy.tid_config_support.peer; 15952 else 15953 mask = rdev->wiphy.tid_config_support.vif; 15954 15955 if (tid_conf->mask & ~mask) { 15956 NL_SET_ERR_MSG(extack, "unsupported TID configuration"); 15957 return -ENOTSUPP; 15958 } 15959 15960 return 0; 15961 } 15962 15963 static int nl80211_set_tid_config(struct sk_buff *skb, 15964 struct genl_info *info) 15965 { 15966 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15967 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1]; 15968 unsigned int link_id = nl80211_link_id(info->attrs); 15969 struct net_device *dev = info->user_ptr[1]; 15970 struct cfg80211_tid_config *tid_config; 15971 struct nlattr *tid; 15972 int conf_idx = 0, rem_conf; 15973 int ret = -EINVAL; 15974 u32 num_conf = 0; 15975 15976 if (!info->attrs[NL80211_ATTR_TID_CONFIG]) 15977 return -EINVAL; 15978 15979 if (!rdev->ops->set_tid_config) 15980 return -EOPNOTSUPP; 15981 15982 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG], 15983 rem_conf) 15984 num_conf++; 15985 15986 tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf), 15987 GFP_KERNEL); 15988 if (!tid_config) 15989 return -ENOMEM; 15990 15991 tid_config->n_tid_conf = num_conf; 15992 15993 if (info->attrs[NL80211_ATTR_MAC]) 15994 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 15995 15996 wdev_lock(dev->ieee80211_ptr); 15997 15998 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG], 15999 rem_conf) { 16000 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX, 16001 tid, NULL, NULL); 16002 16003 if (ret) 16004 goto bad_tid_conf; 16005 16006 ret = parse_tid_conf(rdev, attrs, dev, 16007 &tid_config->tid_conf[conf_idx], 16008 info, tid_config->peer, link_id); 16009 if (ret) 16010 goto bad_tid_conf; 16011 16012 conf_idx++; 16013 } 16014 16015 ret = rdev_set_tid_config(rdev, dev, tid_config); 16016 16017 bad_tid_conf: 16018 kfree(tid_config); 16019 wdev_unlock(dev->ieee80211_ptr); 16020 return ret; 16021 } 16022 16023 static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info) 16024 { 16025 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16026 struct cfg80211_color_change_settings params = {}; 16027 struct net_device *dev = info->user_ptr[1]; 16028 struct wireless_dev *wdev = dev->ieee80211_ptr; 16029 struct nlattr **tb; 16030 u16 offset; 16031 int err; 16032 16033 if (!rdev->ops->color_change) 16034 return -EOPNOTSUPP; 16035 16036 if (!wiphy_ext_feature_isset(&rdev->wiphy, 16037 NL80211_EXT_FEATURE_BSS_COLOR)) 16038 return -EOPNOTSUPP; 16039 16040 if (wdev->iftype != NL80211_IFTYPE_AP) 16041 return -EOPNOTSUPP; 16042 16043 if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] || 16044 !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] || 16045 !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS]) 16046 return -EINVAL; 16047 16048 params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]); 16049 params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]); 16050 16051 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_next, 16052 info->extack); 16053 if (err) 16054 return err; 16055 16056 tb = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*tb), GFP_KERNEL); 16057 if (!tb) 16058 return -ENOMEM; 16059 16060 err = nla_parse_nested(tb, NL80211_ATTR_MAX, 16061 info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS], 16062 nl80211_policy, info->extack); 16063 if (err) 16064 goto out; 16065 16066 err = nl80211_parse_beacon(rdev, tb, ¶ms.beacon_color_change, 16067 info->extack); 16068 if (err) 16069 goto out; 16070 16071 if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) { 16072 err = -EINVAL; 16073 goto out; 16074 } 16075 16076 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) { 16077 err = -EINVAL; 16078 goto out; 16079 } 16080 16081 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]); 16082 if (offset >= params.beacon_color_change.tail_len) { 16083 err = -EINVAL; 16084 goto out; 16085 } 16086 16087 if (params.beacon_color_change.tail[offset] != params.count) { 16088 err = -EINVAL; 16089 goto out; 16090 } 16091 16092 params.counter_offset_beacon = offset; 16093 16094 if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) { 16095 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) != 16096 sizeof(u16)) { 16097 err = -EINVAL; 16098 goto out; 16099 } 16100 16101 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]); 16102 if (offset >= params.beacon_color_change.probe_resp_len) { 16103 err = -EINVAL; 16104 goto out; 16105 } 16106 16107 if (params.beacon_color_change.probe_resp[offset] != 16108 params.count) { 16109 err = -EINVAL; 16110 goto out; 16111 } 16112 16113 params.counter_offset_presp = offset; 16114 } 16115 16116 wdev_lock(wdev); 16117 err = rdev_color_change(rdev, dev, ¶ms); 16118 wdev_unlock(wdev); 16119 16120 out: 16121 kfree(params.beacon_next.mbssid_ies); 16122 kfree(params.beacon_color_change.mbssid_ies); 16123 kfree(params.beacon_next.rnr_ies); 16124 kfree(params.beacon_color_change.rnr_ies); 16125 kfree(tb); 16126 return err; 16127 } 16128 16129 static int nl80211_set_fils_aad(struct sk_buff *skb, 16130 struct genl_info *info) 16131 { 16132 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16133 struct net_device *dev = info->user_ptr[1]; 16134 struct cfg80211_fils_aad fils_aad = {}; 16135 u8 *nonces; 16136 16137 if (!info->attrs[NL80211_ATTR_MAC] || 16138 !info->attrs[NL80211_ATTR_FILS_KEK] || 16139 !info->attrs[NL80211_ATTR_FILS_NONCES]) 16140 return -EINVAL; 16141 16142 fils_aad.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]); 16143 fils_aad.kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]); 16144 fils_aad.kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]); 16145 nonces = nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]); 16146 fils_aad.snonce = nonces; 16147 fils_aad.anonce = nonces + FILS_NONCE_LEN; 16148 16149 return rdev_set_fils_aad(rdev, dev, &fils_aad); 16150 } 16151 16152 static int nl80211_add_link(struct sk_buff *skb, struct genl_info *info) 16153 { 16154 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16155 unsigned int link_id = nl80211_link_id(info->attrs); 16156 struct net_device *dev = info->user_ptr[1]; 16157 struct wireless_dev *wdev = dev->ieee80211_ptr; 16158 int ret; 16159 16160 if (!(wdev->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO)) 16161 return -EINVAL; 16162 16163 switch (wdev->iftype) { 16164 case NL80211_IFTYPE_AP: 16165 break; 16166 default: 16167 return -EINVAL; 16168 } 16169 16170 if (!info->attrs[NL80211_ATTR_MAC] || 16171 !is_valid_ether_addr(nla_data(info->attrs[NL80211_ATTR_MAC]))) 16172 return -EINVAL; 16173 16174 wdev_lock(wdev); 16175 wdev->valid_links |= BIT(link_id); 16176 ether_addr_copy(wdev->links[link_id].addr, 16177 nla_data(info->attrs[NL80211_ATTR_MAC])); 16178 16179 ret = rdev_add_intf_link(rdev, wdev, link_id); 16180 if (ret) { 16181 wdev->valid_links &= ~BIT(link_id); 16182 eth_zero_addr(wdev->links[link_id].addr); 16183 } 16184 wdev_unlock(wdev); 16185 16186 return ret; 16187 } 16188 16189 static int nl80211_remove_link(struct sk_buff *skb, struct genl_info *info) 16190 { 16191 unsigned int link_id = nl80211_link_id(info->attrs); 16192 struct net_device *dev = info->user_ptr[1]; 16193 struct wireless_dev *wdev = dev->ieee80211_ptr; 16194 16195 /* cannot remove if there's no link */ 16196 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID]) 16197 return -EINVAL; 16198 16199 switch (wdev->iftype) { 16200 case NL80211_IFTYPE_AP: 16201 break; 16202 default: 16203 return -EINVAL; 16204 } 16205 16206 wdev_lock(wdev); 16207 cfg80211_remove_link(wdev, link_id); 16208 wdev_unlock(wdev); 16209 16210 return 0; 16211 } 16212 16213 static int 16214 nl80211_add_mod_link_station(struct sk_buff *skb, struct genl_info *info, 16215 bool add) 16216 { 16217 struct link_station_parameters params = {}; 16218 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16219 struct net_device *dev = info->user_ptr[1]; 16220 int err; 16221 16222 if ((add && !rdev->ops->add_link_station) || 16223 (!add && !rdev->ops->mod_link_station)) 16224 return -EOPNOTSUPP; 16225 16226 if (add && !info->attrs[NL80211_ATTR_MAC]) 16227 return -EINVAL; 16228 16229 if (!info->attrs[NL80211_ATTR_MLD_ADDR]) 16230 return -EINVAL; 16231 16232 if (add && !info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 16233 return -EINVAL; 16234 16235 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]); 16236 16237 if (info->attrs[NL80211_ATTR_MAC]) { 16238 params.link_mac = nla_data(info->attrs[NL80211_ATTR_MAC]); 16239 if (!is_valid_ether_addr(params.link_mac)) 16240 return -EINVAL; 16241 } 16242 16243 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID]) 16244 return -EINVAL; 16245 16246 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]); 16247 16248 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 16249 params.supported_rates = 16250 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 16251 params.supported_rates_len = 16252 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 16253 } 16254 16255 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 16256 params.ht_capa = 16257 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 16258 16259 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 16260 params.vht_capa = 16261 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 16262 16263 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) { 16264 params.he_capa = 16265 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 16266 params.he_capa_len = 16267 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 16268 16269 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) { 16270 params.eht_capa = 16271 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 16272 params.eht_capa_len = 16273 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 16274 16275 if (!ieee80211_eht_capa_size_ok((const u8 *)params.he_capa, 16276 (const u8 *)params.eht_capa, 16277 params.eht_capa_len, 16278 false)) 16279 return -EINVAL; 16280 } 16281 } 16282 16283 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]) 16284 params.he_6ghz_capa = 16285 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]); 16286 16287 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) { 16288 params.opmode_notif_used = true; 16289 params.opmode_notif = 16290 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]); 16291 } 16292 16293 err = nl80211_parse_sta_txpower_setting(info, ¶ms.txpwr, 16294 ¶ms.txpwr_set); 16295 if (err) 16296 return err; 16297 16298 wdev_lock(dev->ieee80211_ptr); 16299 if (add) 16300 err = rdev_add_link_station(rdev, dev, ¶ms); 16301 else 16302 err = rdev_mod_link_station(rdev, dev, ¶ms); 16303 wdev_unlock(dev->ieee80211_ptr); 16304 16305 return err; 16306 } 16307 16308 static int 16309 nl80211_add_link_station(struct sk_buff *skb, struct genl_info *info) 16310 { 16311 return nl80211_add_mod_link_station(skb, info, true); 16312 } 16313 16314 static int 16315 nl80211_modify_link_station(struct sk_buff *skb, struct genl_info *info) 16316 { 16317 return nl80211_add_mod_link_station(skb, info, false); 16318 } 16319 16320 static int 16321 nl80211_remove_link_station(struct sk_buff *skb, struct genl_info *info) 16322 { 16323 struct link_station_del_parameters params = {}; 16324 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16325 struct net_device *dev = info->user_ptr[1]; 16326 int ret; 16327 16328 if (!rdev->ops->del_link_station) 16329 return -EOPNOTSUPP; 16330 16331 if (!info->attrs[NL80211_ATTR_MLD_ADDR] || 16332 !info->attrs[NL80211_ATTR_MLO_LINK_ID]) 16333 return -EINVAL; 16334 16335 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]); 16336 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]); 16337 16338 wdev_lock(dev->ieee80211_ptr); 16339 ret = rdev_del_link_station(rdev, dev, ¶ms); 16340 wdev_unlock(dev->ieee80211_ptr); 16341 16342 return ret; 16343 } 16344 16345 static int nl80211_set_hw_timestamp(struct sk_buff *skb, 16346 struct genl_info *info) 16347 { 16348 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16349 struct net_device *dev = info->user_ptr[1]; 16350 struct cfg80211_set_hw_timestamp hwts = {}; 16351 16352 if (!rdev->wiphy.hw_timestamp_max_peers) 16353 return -EOPNOTSUPP; 16354 16355 if (!info->attrs[NL80211_ATTR_MAC] && 16356 rdev->wiphy.hw_timestamp_max_peers != CFG80211_HW_TIMESTAMP_ALL_PEERS) 16357 return -EOPNOTSUPP; 16358 16359 if (info->attrs[NL80211_ATTR_MAC]) 16360 hwts.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]); 16361 16362 hwts.enable = 16363 nla_get_flag(info->attrs[NL80211_ATTR_HW_TIMESTAMP_ENABLED]); 16364 16365 return rdev_set_hw_timestamp(rdev, dev, &hwts); 16366 } 16367 16368 #define NL80211_FLAG_NEED_WIPHY 0x01 16369 #define NL80211_FLAG_NEED_NETDEV 0x02 16370 #define NL80211_FLAG_NEED_RTNL 0x04 16371 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 16372 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 16373 NL80211_FLAG_CHECK_NETDEV_UP) 16374 #define NL80211_FLAG_NEED_WDEV 0x10 16375 /* If a netdev is associated, it must be UP, P2P must be started */ 16376 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ 16377 NL80211_FLAG_CHECK_NETDEV_UP) 16378 #define NL80211_FLAG_CLEAR_SKB 0x20 16379 #define NL80211_FLAG_NO_WIPHY_MTX 0x40 16380 #define NL80211_FLAG_MLO_VALID_LINK_ID 0x80 16381 #define NL80211_FLAG_MLO_UNSUPPORTED 0x100 16382 16383 #define INTERNAL_FLAG_SELECTORS(__sel) \ 16384 SELECTOR(__sel, NONE, 0) /* must be first */ \ 16385 SELECTOR(__sel, WIPHY, \ 16386 NL80211_FLAG_NEED_WIPHY) \ 16387 SELECTOR(__sel, WDEV, \ 16388 NL80211_FLAG_NEED_WDEV) \ 16389 SELECTOR(__sel, NETDEV, \ 16390 NL80211_FLAG_NEED_NETDEV) \ 16391 SELECTOR(__sel, NETDEV_LINK, \ 16392 NL80211_FLAG_NEED_NETDEV | \ 16393 NL80211_FLAG_MLO_VALID_LINK_ID) \ 16394 SELECTOR(__sel, NETDEV_NO_MLO, \ 16395 NL80211_FLAG_NEED_NETDEV | \ 16396 NL80211_FLAG_MLO_UNSUPPORTED) \ 16397 SELECTOR(__sel, WIPHY_RTNL, \ 16398 NL80211_FLAG_NEED_WIPHY | \ 16399 NL80211_FLAG_NEED_RTNL) \ 16400 SELECTOR(__sel, WIPHY_RTNL_NOMTX, \ 16401 NL80211_FLAG_NEED_WIPHY | \ 16402 NL80211_FLAG_NEED_RTNL | \ 16403 NL80211_FLAG_NO_WIPHY_MTX) \ 16404 SELECTOR(__sel, WDEV_RTNL, \ 16405 NL80211_FLAG_NEED_WDEV | \ 16406 NL80211_FLAG_NEED_RTNL) \ 16407 SELECTOR(__sel, NETDEV_RTNL, \ 16408 NL80211_FLAG_NEED_NETDEV | \ 16409 NL80211_FLAG_NEED_RTNL) \ 16410 SELECTOR(__sel, NETDEV_UP, \ 16411 NL80211_FLAG_NEED_NETDEV_UP) \ 16412 SELECTOR(__sel, NETDEV_UP_LINK, \ 16413 NL80211_FLAG_NEED_NETDEV_UP | \ 16414 NL80211_FLAG_MLO_VALID_LINK_ID) \ 16415 SELECTOR(__sel, NETDEV_UP_NO_MLO, \ 16416 NL80211_FLAG_NEED_NETDEV_UP | \ 16417 NL80211_FLAG_MLO_UNSUPPORTED) \ 16418 SELECTOR(__sel, NETDEV_UP_NO_MLO_CLEAR, \ 16419 NL80211_FLAG_NEED_NETDEV_UP | \ 16420 NL80211_FLAG_CLEAR_SKB | \ 16421 NL80211_FLAG_MLO_UNSUPPORTED) \ 16422 SELECTOR(__sel, NETDEV_UP_NOTMX, \ 16423 NL80211_FLAG_NEED_NETDEV_UP | \ 16424 NL80211_FLAG_NO_WIPHY_MTX) \ 16425 SELECTOR(__sel, NETDEV_UP_NOTMX_NOMLO, \ 16426 NL80211_FLAG_NEED_NETDEV_UP | \ 16427 NL80211_FLAG_NO_WIPHY_MTX | \ 16428 NL80211_FLAG_MLO_UNSUPPORTED) \ 16429 SELECTOR(__sel, NETDEV_UP_CLEAR, \ 16430 NL80211_FLAG_NEED_NETDEV_UP | \ 16431 NL80211_FLAG_CLEAR_SKB) \ 16432 SELECTOR(__sel, WDEV_UP, \ 16433 NL80211_FLAG_NEED_WDEV_UP) \ 16434 SELECTOR(__sel, WDEV_UP_LINK, \ 16435 NL80211_FLAG_NEED_WDEV_UP | \ 16436 NL80211_FLAG_MLO_VALID_LINK_ID) \ 16437 SELECTOR(__sel, WDEV_UP_RTNL, \ 16438 NL80211_FLAG_NEED_WDEV_UP | \ 16439 NL80211_FLAG_NEED_RTNL) \ 16440 SELECTOR(__sel, WIPHY_CLEAR, \ 16441 NL80211_FLAG_NEED_WIPHY | \ 16442 NL80211_FLAG_CLEAR_SKB) 16443 16444 enum nl80211_internal_flags_selector { 16445 #define SELECTOR(_, name, value) NL80211_IFL_SEL_##name, 16446 INTERNAL_FLAG_SELECTORS(_) 16447 #undef SELECTOR 16448 }; 16449 16450 static u32 nl80211_internal_flags[] = { 16451 #define SELECTOR(_, name, value) [NL80211_IFL_SEL_##name] = value, 16452 INTERNAL_FLAG_SELECTORS(_) 16453 #undef SELECTOR 16454 }; 16455 16456 static int nl80211_pre_doit(const struct genl_split_ops *ops, 16457 struct sk_buff *skb, 16458 struct genl_info *info) 16459 { 16460 struct cfg80211_registered_device *rdev = NULL; 16461 struct wireless_dev *wdev = NULL; 16462 struct net_device *dev = NULL; 16463 u32 internal_flags; 16464 int err; 16465 16466 if (WARN_ON(ops->internal_flags >= ARRAY_SIZE(nl80211_internal_flags))) 16467 return -EINVAL; 16468 16469 internal_flags = nl80211_internal_flags[ops->internal_flags]; 16470 16471 rtnl_lock(); 16472 if (internal_flags & NL80211_FLAG_NEED_WIPHY) { 16473 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 16474 if (IS_ERR(rdev)) { 16475 err = PTR_ERR(rdev); 16476 goto out_unlock; 16477 } 16478 info->user_ptr[0] = rdev; 16479 } else if (internal_flags & NL80211_FLAG_NEED_NETDEV || 16480 internal_flags & NL80211_FLAG_NEED_WDEV) { 16481 wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info), 16482 info->attrs); 16483 if (IS_ERR(wdev)) { 16484 err = PTR_ERR(wdev); 16485 goto out_unlock; 16486 } 16487 16488 dev = wdev->netdev; 16489 dev_hold(dev); 16490 rdev = wiphy_to_rdev(wdev->wiphy); 16491 16492 if (internal_flags & NL80211_FLAG_NEED_NETDEV) { 16493 if (!dev) { 16494 err = -EINVAL; 16495 goto out_unlock; 16496 } 16497 16498 info->user_ptr[1] = dev; 16499 } else { 16500 info->user_ptr[1] = wdev; 16501 } 16502 16503 if (internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 16504 !wdev_running(wdev)) { 16505 err = -ENETDOWN; 16506 goto out_unlock; 16507 } 16508 16509 info->user_ptr[0] = rdev; 16510 } 16511 16512 if (internal_flags & NL80211_FLAG_MLO_VALID_LINK_ID) { 16513 struct nlattr *link_id = info->attrs[NL80211_ATTR_MLO_LINK_ID]; 16514 16515 if (!wdev) { 16516 err = -EINVAL; 16517 goto out_unlock; 16518 } 16519 16520 /* MLO -> require valid link ID */ 16521 if (wdev->valid_links && 16522 (!link_id || 16523 !(wdev->valid_links & BIT(nla_get_u8(link_id))))) { 16524 err = -EINVAL; 16525 goto out_unlock; 16526 } 16527 16528 /* non-MLO -> no link ID attribute accepted */ 16529 if (!wdev->valid_links && link_id) { 16530 err = -EINVAL; 16531 goto out_unlock; 16532 } 16533 } 16534 16535 if (internal_flags & NL80211_FLAG_MLO_UNSUPPORTED) { 16536 if (info->attrs[NL80211_ATTR_MLO_LINK_ID] || 16537 (wdev && wdev->valid_links)) { 16538 err = -EINVAL; 16539 goto out_unlock; 16540 } 16541 } 16542 16543 if (rdev && !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) { 16544 wiphy_lock(&rdev->wiphy); 16545 /* we keep the mutex locked until post_doit */ 16546 __release(&rdev->wiphy.mtx); 16547 } 16548 if (!(internal_flags & NL80211_FLAG_NEED_RTNL)) 16549 rtnl_unlock(); 16550 16551 return 0; 16552 out_unlock: 16553 rtnl_unlock(); 16554 dev_put(dev); 16555 return err; 16556 } 16557 16558 static void nl80211_post_doit(const struct genl_split_ops *ops, 16559 struct sk_buff *skb, 16560 struct genl_info *info) 16561 { 16562 u32 internal_flags = nl80211_internal_flags[ops->internal_flags]; 16563 16564 if (info->user_ptr[1]) { 16565 if (internal_flags & NL80211_FLAG_NEED_WDEV) { 16566 struct wireless_dev *wdev = info->user_ptr[1]; 16567 16568 dev_put(wdev->netdev); 16569 } else { 16570 dev_put(info->user_ptr[1]); 16571 } 16572 } 16573 16574 if (info->user_ptr[0] && 16575 !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) { 16576 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16577 16578 /* we kept the mutex locked since pre_doit */ 16579 __acquire(&rdev->wiphy.mtx); 16580 wiphy_unlock(&rdev->wiphy); 16581 } 16582 16583 if (internal_flags & NL80211_FLAG_NEED_RTNL) 16584 rtnl_unlock(); 16585 16586 /* If needed, clear the netlink message payload from the SKB 16587 * as it might contain key data that shouldn't stick around on 16588 * the heap after the SKB is freed. The netlink message header 16589 * is still needed for further processing, so leave it intact. 16590 */ 16591 if (internal_flags & NL80211_FLAG_CLEAR_SKB) { 16592 struct nlmsghdr *nlh = nlmsg_hdr(skb); 16593 16594 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh)); 16595 } 16596 } 16597 16598 static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev, 16599 struct cfg80211_sar_specs *sar_specs, 16600 struct nlattr *spec[], int index) 16601 { 16602 u32 range_index, i; 16603 16604 if (!sar_specs || !spec) 16605 return -EINVAL; 16606 16607 if (!spec[NL80211_SAR_ATTR_SPECS_POWER] || 16608 !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]) 16609 return -EINVAL; 16610 16611 range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]); 16612 16613 /* check if range_index exceeds num_freq_ranges */ 16614 if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges) 16615 return -EINVAL; 16616 16617 /* check if range_index duplicates */ 16618 for (i = 0; i < index; i++) { 16619 if (sar_specs->sub_specs[i].freq_range_index == range_index) 16620 return -EINVAL; 16621 } 16622 16623 sar_specs->sub_specs[index].power = 16624 nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]); 16625 16626 sar_specs->sub_specs[index].freq_range_index = range_index; 16627 16628 return 0; 16629 } 16630 16631 static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info) 16632 { 16633 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16634 struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1]; 16635 struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1]; 16636 struct cfg80211_sar_specs *sar_spec; 16637 enum nl80211_sar_type type; 16638 struct nlattr *spec_list; 16639 u32 specs; 16640 int rem, err; 16641 16642 if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs) 16643 return -EOPNOTSUPP; 16644 16645 if (!info->attrs[NL80211_ATTR_SAR_SPEC]) 16646 return -EINVAL; 16647 16648 nla_parse_nested(tb, NL80211_SAR_ATTR_MAX, 16649 info->attrs[NL80211_ATTR_SAR_SPEC], 16650 NULL, NULL); 16651 16652 if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS]) 16653 return -EINVAL; 16654 16655 type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]); 16656 if (type != rdev->wiphy.sar_capa->type) 16657 return -EINVAL; 16658 16659 specs = 0; 16660 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) 16661 specs++; 16662 16663 if (specs > rdev->wiphy.sar_capa->num_freq_ranges) 16664 return -EINVAL; 16665 16666 sar_spec = kzalloc(struct_size(sar_spec, sub_specs, specs), GFP_KERNEL); 16667 if (!sar_spec) 16668 return -ENOMEM; 16669 16670 sar_spec->type = type; 16671 specs = 0; 16672 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) { 16673 nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX, 16674 spec_list, NULL, NULL); 16675 16676 switch (type) { 16677 case NL80211_SAR_TYPE_POWER: 16678 if (nl80211_set_sar_sub_specs(rdev, sar_spec, 16679 spec, specs)) { 16680 err = -EINVAL; 16681 goto error; 16682 } 16683 break; 16684 default: 16685 err = -EINVAL; 16686 goto error; 16687 } 16688 specs++; 16689 } 16690 16691 sar_spec->num_sub_specs = specs; 16692 16693 rdev->cur_cmd_info = info; 16694 err = rdev_set_sar_specs(rdev, sar_spec); 16695 rdev->cur_cmd_info = NULL; 16696 error: 16697 kfree(sar_spec); 16698 return err; 16699 } 16700 16701 #define SELECTOR(__sel, name, value) \ 16702 ((__sel) == (value)) ? NL80211_IFL_SEL_##name : 16703 int __missing_selector(void); 16704 #define IFLAGS(__val) INTERNAL_FLAG_SELECTORS(__val) __missing_selector() 16705 16706 static const struct genl_ops nl80211_ops[] = { 16707 { 16708 .cmd = NL80211_CMD_GET_WIPHY, 16709 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16710 .doit = nl80211_get_wiphy, 16711 .dumpit = nl80211_dump_wiphy, 16712 .done = nl80211_dump_wiphy_done, 16713 /* can be retrieved by unprivileged users */ 16714 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 16715 }, 16716 }; 16717 16718 static const struct genl_small_ops nl80211_small_ops[] = { 16719 { 16720 .cmd = NL80211_CMD_SET_WIPHY, 16721 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16722 .doit = nl80211_set_wiphy, 16723 .flags = GENL_UNS_ADMIN_PERM, 16724 }, 16725 { 16726 .cmd = NL80211_CMD_GET_INTERFACE, 16727 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16728 .doit = nl80211_get_interface, 16729 .dumpit = nl80211_dump_interface, 16730 /* can be retrieved by unprivileged users */ 16731 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV), 16732 }, 16733 { 16734 .cmd = NL80211_CMD_SET_INTERFACE, 16735 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16736 .doit = nl80211_set_interface, 16737 .flags = GENL_UNS_ADMIN_PERM, 16738 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV | 16739 NL80211_FLAG_NEED_RTNL), 16740 }, 16741 { 16742 .cmd = NL80211_CMD_NEW_INTERFACE, 16743 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16744 .doit = nl80211_new_interface, 16745 .flags = GENL_UNS_ADMIN_PERM, 16746 .internal_flags = 16747 IFLAGS(NL80211_FLAG_NEED_WIPHY | 16748 NL80211_FLAG_NEED_RTNL | 16749 /* we take the wiphy mutex later ourselves */ 16750 NL80211_FLAG_NO_WIPHY_MTX), 16751 }, 16752 { 16753 .cmd = NL80211_CMD_DEL_INTERFACE, 16754 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16755 .doit = nl80211_del_interface, 16756 .flags = GENL_UNS_ADMIN_PERM, 16757 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV | 16758 NL80211_FLAG_NEED_RTNL), 16759 }, 16760 { 16761 .cmd = NL80211_CMD_GET_KEY, 16762 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16763 .doit = nl80211_get_key, 16764 .flags = GENL_UNS_ADMIN_PERM, 16765 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16766 }, 16767 { 16768 .cmd = NL80211_CMD_SET_KEY, 16769 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16770 .doit = nl80211_set_key, 16771 .flags = GENL_UNS_ADMIN_PERM, 16772 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on key */ 16773 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16774 NL80211_FLAG_CLEAR_SKB), 16775 }, 16776 { 16777 .cmd = NL80211_CMD_NEW_KEY, 16778 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16779 .doit = nl80211_new_key, 16780 .flags = GENL_UNS_ADMIN_PERM, 16781 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16782 NL80211_FLAG_CLEAR_SKB), 16783 }, 16784 { 16785 .cmd = NL80211_CMD_DEL_KEY, 16786 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16787 .doit = nl80211_del_key, 16788 .flags = GENL_UNS_ADMIN_PERM, 16789 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16790 }, 16791 { 16792 .cmd = NL80211_CMD_SET_BEACON, 16793 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16794 .flags = GENL_UNS_ADMIN_PERM, 16795 .doit = nl80211_set_beacon, 16796 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16797 NL80211_FLAG_MLO_VALID_LINK_ID), 16798 }, 16799 { 16800 .cmd = NL80211_CMD_START_AP, 16801 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16802 .flags = GENL_UNS_ADMIN_PERM, 16803 .doit = nl80211_start_ap, 16804 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16805 NL80211_FLAG_MLO_VALID_LINK_ID), 16806 }, 16807 { 16808 .cmd = NL80211_CMD_STOP_AP, 16809 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16810 .flags = GENL_UNS_ADMIN_PERM, 16811 .doit = nl80211_stop_ap, 16812 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16813 NL80211_FLAG_MLO_VALID_LINK_ID), 16814 }, 16815 { 16816 .cmd = NL80211_CMD_GET_STATION, 16817 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16818 .doit = nl80211_get_station, 16819 .dumpit = nl80211_dump_station, 16820 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 16821 }, 16822 { 16823 .cmd = NL80211_CMD_SET_STATION, 16824 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16825 .doit = nl80211_set_station, 16826 .flags = GENL_UNS_ADMIN_PERM, 16827 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16828 }, 16829 { 16830 .cmd = NL80211_CMD_NEW_STATION, 16831 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16832 .doit = nl80211_new_station, 16833 .flags = GENL_UNS_ADMIN_PERM, 16834 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16835 }, 16836 { 16837 .cmd = NL80211_CMD_DEL_STATION, 16838 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16839 .doit = nl80211_del_station, 16840 .flags = GENL_UNS_ADMIN_PERM, 16841 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16842 }, 16843 { 16844 .cmd = NL80211_CMD_GET_MPATH, 16845 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16846 .doit = nl80211_get_mpath, 16847 .dumpit = nl80211_dump_mpath, 16848 .flags = GENL_UNS_ADMIN_PERM, 16849 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16850 }, 16851 { 16852 .cmd = NL80211_CMD_GET_MPP, 16853 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16854 .doit = nl80211_get_mpp, 16855 .dumpit = nl80211_dump_mpp, 16856 .flags = GENL_UNS_ADMIN_PERM, 16857 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16858 }, 16859 { 16860 .cmd = NL80211_CMD_SET_MPATH, 16861 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16862 .doit = nl80211_set_mpath, 16863 .flags = GENL_UNS_ADMIN_PERM, 16864 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16865 }, 16866 { 16867 .cmd = NL80211_CMD_NEW_MPATH, 16868 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16869 .doit = nl80211_new_mpath, 16870 .flags = GENL_UNS_ADMIN_PERM, 16871 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16872 }, 16873 { 16874 .cmd = NL80211_CMD_DEL_MPATH, 16875 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16876 .doit = nl80211_del_mpath, 16877 .flags = GENL_UNS_ADMIN_PERM, 16878 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16879 }, 16880 { 16881 .cmd = NL80211_CMD_SET_BSS, 16882 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16883 .doit = nl80211_set_bss, 16884 .flags = GENL_UNS_ADMIN_PERM, 16885 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16886 NL80211_FLAG_MLO_VALID_LINK_ID), 16887 }, 16888 { 16889 .cmd = NL80211_CMD_GET_REG, 16890 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16891 .doit = nl80211_get_reg_do, 16892 .dumpit = nl80211_get_reg_dump, 16893 /* can be retrieved by unprivileged users */ 16894 }, 16895 #ifdef CONFIG_CFG80211_CRDA_SUPPORT 16896 { 16897 .cmd = NL80211_CMD_SET_REG, 16898 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16899 .doit = nl80211_set_reg, 16900 .flags = GENL_ADMIN_PERM, 16901 }, 16902 #endif 16903 { 16904 .cmd = NL80211_CMD_REQ_SET_REG, 16905 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16906 .doit = nl80211_req_set_reg, 16907 .flags = GENL_ADMIN_PERM, 16908 }, 16909 { 16910 .cmd = NL80211_CMD_RELOAD_REGDB, 16911 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16912 .doit = nl80211_reload_regdb, 16913 .flags = GENL_ADMIN_PERM, 16914 }, 16915 { 16916 .cmd = NL80211_CMD_GET_MESH_CONFIG, 16917 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16918 .doit = nl80211_get_mesh_config, 16919 /* can be retrieved by unprivileged users */ 16920 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16921 }, 16922 { 16923 .cmd = NL80211_CMD_SET_MESH_CONFIG, 16924 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16925 .doit = nl80211_update_mesh_config, 16926 .flags = GENL_UNS_ADMIN_PERM, 16927 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16928 }, 16929 { 16930 .cmd = NL80211_CMD_TRIGGER_SCAN, 16931 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16932 .doit = nl80211_trigger_scan, 16933 .flags = GENL_UNS_ADMIN_PERM, 16934 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 16935 }, 16936 { 16937 .cmd = NL80211_CMD_ABORT_SCAN, 16938 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16939 .doit = nl80211_abort_scan, 16940 .flags = GENL_UNS_ADMIN_PERM, 16941 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 16942 }, 16943 { 16944 .cmd = NL80211_CMD_GET_SCAN, 16945 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16946 .dumpit = nl80211_dump_scan, 16947 }, 16948 { 16949 .cmd = NL80211_CMD_START_SCHED_SCAN, 16950 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16951 .doit = nl80211_start_sched_scan, 16952 .flags = GENL_UNS_ADMIN_PERM, 16953 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16954 }, 16955 { 16956 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 16957 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16958 .doit = nl80211_stop_sched_scan, 16959 .flags = GENL_UNS_ADMIN_PERM, 16960 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16961 }, 16962 { 16963 .cmd = NL80211_CMD_AUTHENTICATE, 16964 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16965 .doit = nl80211_authenticate, 16966 .flags = GENL_UNS_ADMIN_PERM, 16967 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16968 NL80211_FLAG_CLEAR_SKB), 16969 }, 16970 { 16971 .cmd = NL80211_CMD_ASSOCIATE, 16972 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16973 .doit = nl80211_associate, 16974 .flags = GENL_UNS_ADMIN_PERM, 16975 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16976 NL80211_FLAG_CLEAR_SKB), 16977 }, 16978 { 16979 .cmd = NL80211_CMD_DEAUTHENTICATE, 16980 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16981 .doit = nl80211_deauthenticate, 16982 .flags = GENL_UNS_ADMIN_PERM, 16983 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16984 }, 16985 { 16986 .cmd = NL80211_CMD_DISASSOCIATE, 16987 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16988 .doit = nl80211_disassociate, 16989 .flags = GENL_UNS_ADMIN_PERM, 16990 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16991 }, 16992 { 16993 .cmd = NL80211_CMD_JOIN_IBSS, 16994 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16995 .doit = nl80211_join_ibss, 16996 .flags = GENL_UNS_ADMIN_PERM, 16997 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16998 }, 16999 { 17000 .cmd = NL80211_CMD_LEAVE_IBSS, 17001 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17002 .doit = nl80211_leave_ibss, 17003 .flags = GENL_UNS_ADMIN_PERM, 17004 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17005 }, 17006 #ifdef CONFIG_NL80211_TESTMODE 17007 { 17008 .cmd = NL80211_CMD_TESTMODE, 17009 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17010 .doit = nl80211_testmode_do, 17011 .dumpit = nl80211_testmode_dump, 17012 .flags = GENL_UNS_ADMIN_PERM, 17013 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 17014 }, 17015 #endif 17016 { 17017 .cmd = NL80211_CMD_CONNECT, 17018 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17019 .doit = nl80211_connect, 17020 .flags = GENL_UNS_ADMIN_PERM, 17021 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17022 NL80211_FLAG_CLEAR_SKB), 17023 }, 17024 { 17025 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS, 17026 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17027 .doit = nl80211_update_connect_params, 17028 .flags = GENL_ADMIN_PERM, 17029 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17030 NL80211_FLAG_CLEAR_SKB), 17031 }, 17032 { 17033 .cmd = NL80211_CMD_DISCONNECT, 17034 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17035 .doit = nl80211_disconnect, 17036 .flags = GENL_UNS_ADMIN_PERM, 17037 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17038 }, 17039 { 17040 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 17041 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17042 .doit = nl80211_wiphy_netns, 17043 .flags = GENL_UNS_ADMIN_PERM, 17044 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY | 17045 NL80211_FLAG_NEED_RTNL | 17046 NL80211_FLAG_NO_WIPHY_MTX), 17047 }, 17048 { 17049 .cmd = NL80211_CMD_GET_SURVEY, 17050 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17051 .dumpit = nl80211_dump_survey, 17052 }, 17053 { 17054 .cmd = NL80211_CMD_SET_PMKSA, 17055 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17056 .doit = nl80211_setdel_pmksa, 17057 .flags = GENL_UNS_ADMIN_PERM, 17058 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17059 NL80211_FLAG_CLEAR_SKB), 17060 }, 17061 { 17062 .cmd = NL80211_CMD_DEL_PMKSA, 17063 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17064 .doit = nl80211_setdel_pmksa, 17065 .flags = GENL_UNS_ADMIN_PERM, 17066 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17067 }, 17068 { 17069 .cmd = NL80211_CMD_FLUSH_PMKSA, 17070 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17071 .doit = nl80211_flush_pmksa, 17072 .flags = GENL_UNS_ADMIN_PERM, 17073 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17074 }, 17075 { 17076 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 17077 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17078 .doit = nl80211_remain_on_channel, 17079 .flags = GENL_UNS_ADMIN_PERM, 17080 /* FIXME: requiring a link ID here is probably not good */ 17081 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP | 17082 NL80211_FLAG_MLO_VALID_LINK_ID), 17083 }, 17084 { 17085 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 17086 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17087 .doit = nl80211_cancel_remain_on_channel, 17088 .flags = GENL_UNS_ADMIN_PERM, 17089 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17090 }, 17091 { 17092 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 17093 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17094 .doit = nl80211_set_tx_bitrate_mask, 17095 .flags = GENL_UNS_ADMIN_PERM, 17096 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV | 17097 NL80211_FLAG_MLO_VALID_LINK_ID), 17098 }, 17099 { 17100 .cmd = NL80211_CMD_REGISTER_FRAME, 17101 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17102 .doit = nl80211_register_mgmt, 17103 .flags = GENL_UNS_ADMIN_PERM, 17104 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV), 17105 }, 17106 { 17107 .cmd = NL80211_CMD_FRAME, 17108 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17109 .doit = nl80211_tx_mgmt, 17110 .flags = GENL_UNS_ADMIN_PERM, 17111 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17112 }, 17113 { 17114 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 17115 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17116 .doit = nl80211_tx_mgmt_cancel_wait, 17117 .flags = GENL_UNS_ADMIN_PERM, 17118 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17119 }, 17120 { 17121 .cmd = NL80211_CMD_SET_POWER_SAVE, 17122 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17123 .doit = nl80211_set_power_save, 17124 .flags = GENL_UNS_ADMIN_PERM, 17125 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17126 }, 17127 { 17128 .cmd = NL80211_CMD_GET_POWER_SAVE, 17129 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17130 .doit = nl80211_get_power_save, 17131 /* can be retrieved by unprivileged users */ 17132 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17133 }, 17134 { 17135 .cmd = NL80211_CMD_SET_CQM, 17136 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17137 .doit = nl80211_set_cqm, 17138 .flags = GENL_UNS_ADMIN_PERM, 17139 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17140 }, 17141 { 17142 .cmd = NL80211_CMD_SET_CHANNEL, 17143 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17144 .doit = nl80211_set_channel, 17145 .flags = GENL_UNS_ADMIN_PERM, 17146 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV | 17147 NL80211_FLAG_MLO_VALID_LINK_ID), 17148 }, 17149 { 17150 .cmd = NL80211_CMD_JOIN_MESH, 17151 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17152 .doit = nl80211_join_mesh, 17153 .flags = GENL_UNS_ADMIN_PERM, 17154 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17155 }, 17156 { 17157 .cmd = NL80211_CMD_LEAVE_MESH, 17158 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17159 .doit = nl80211_leave_mesh, 17160 .flags = GENL_UNS_ADMIN_PERM, 17161 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17162 }, 17163 { 17164 .cmd = NL80211_CMD_JOIN_OCB, 17165 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17166 .doit = nl80211_join_ocb, 17167 .flags = GENL_UNS_ADMIN_PERM, 17168 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17169 }, 17170 { 17171 .cmd = NL80211_CMD_LEAVE_OCB, 17172 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17173 .doit = nl80211_leave_ocb, 17174 .flags = GENL_UNS_ADMIN_PERM, 17175 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17176 }, 17177 #ifdef CONFIG_PM 17178 { 17179 .cmd = NL80211_CMD_GET_WOWLAN, 17180 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17181 .doit = nl80211_get_wowlan, 17182 /* can be retrieved by unprivileged users */ 17183 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 17184 }, 17185 { 17186 .cmd = NL80211_CMD_SET_WOWLAN, 17187 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17188 .doit = nl80211_set_wowlan, 17189 .flags = GENL_UNS_ADMIN_PERM, 17190 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 17191 }, 17192 #endif 17193 { 17194 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 17195 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17196 .doit = nl80211_set_rekey_data, 17197 .flags = GENL_UNS_ADMIN_PERM, 17198 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17199 NL80211_FLAG_CLEAR_SKB), 17200 }, 17201 { 17202 .cmd = NL80211_CMD_TDLS_MGMT, 17203 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17204 .doit = nl80211_tdls_mgmt, 17205 .flags = GENL_UNS_ADMIN_PERM, 17206 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17207 NL80211_FLAG_MLO_VALID_LINK_ID), 17208 }, 17209 { 17210 .cmd = NL80211_CMD_TDLS_OPER, 17211 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17212 .doit = nl80211_tdls_oper, 17213 .flags = GENL_UNS_ADMIN_PERM, 17214 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17215 }, 17216 { 17217 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 17218 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17219 .doit = nl80211_register_unexpected_frame, 17220 .flags = GENL_UNS_ADMIN_PERM, 17221 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17222 }, 17223 { 17224 .cmd = NL80211_CMD_PROBE_CLIENT, 17225 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17226 .doit = nl80211_probe_client, 17227 .flags = GENL_UNS_ADMIN_PERM, 17228 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17229 }, 17230 { 17231 .cmd = NL80211_CMD_REGISTER_BEACONS, 17232 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17233 .doit = nl80211_register_beacons, 17234 .flags = GENL_UNS_ADMIN_PERM, 17235 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 17236 }, 17237 { 17238 .cmd = NL80211_CMD_SET_NOACK_MAP, 17239 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17240 .doit = nl80211_set_noack_map, 17241 .flags = GENL_UNS_ADMIN_PERM, 17242 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17243 }, 17244 { 17245 .cmd = NL80211_CMD_START_P2P_DEVICE, 17246 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17247 .doit = nl80211_start_p2p_device, 17248 .flags = GENL_UNS_ADMIN_PERM, 17249 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV | 17250 NL80211_FLAG_NEED_RTNL), 17251 }, 17252 { 17253 .cmd = NL80211_CMD_STOP_P2P_DEVICE, 17254 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17255 .doit = nl80211_stop_p2p_device, 17256 .flags = GENL_UNS_ADMIN_PERM, 17257 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP | 17258 NL80211_FLAG_NEED_RTNL), 17259 }, 17260 { 17261 .cmd = NL80211_CMD_START_NAN, 17262 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17263 .doit = nl80211_start_nan, 17264 .flags = GENL_ADMIN_PERM, 17265 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV | 17266 NL80211_FLAG_NEED_RTNL), 17267 }, 17268 { 17269 .cmd = NL80211_CMD_STOP_NAN, 17270 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17271 .doit = nl80211_stop_nan, 17272 .flags = GENL_ADMIN_PERM, 17273 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP | 17274 NL80211_FLAG_NEED_RTNL), 17275 }, 17276 { 17277 .cmd = NL80211_CMD_ADD_NAN_FUNCTION, 17278 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17279 .doit = nl80211_nan_add_func, 17280 .flags = GENL_ADMIN_PERM, 17281 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17282 }, 17283 { 17284 .cmd = NL80211_CMD_DEL_NAN_FUNCTION, 17285 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17286 .doit = nl80211_nan_del_func, 17287 .flags = GENL_ADMIN_PERM, 17288 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17289 }, 17290 { 17291 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG, 17292 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17293 .doit = nl80211_nan_change_config, 17294 .flags = GENL_ADMIN_PERM, 17295 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17296 }, 17297 { 17298 .cmd = NL80211_CMD_SET_MCAST_RATE, 17299 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17300 .doit = nl80211_set_mcast_rate, 17301 .flags = GENL_UNS_ADMIN_PERM, 17302 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17303 }, 17304 { 17305 .cmd = NL80211_CMD_SET_MAC_ACL, 17306 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17307 .doit = nl80211_set_mac_acl, 17308 .flags = GENL_UNS_ADMIN_PERM, 17309 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV | 17310 NL80211_FLAG_MLO_UNSUPPORTED), 17311 }, 17312 { 17313 .cmd = NL80211_CMD_RADAR_DETECT, 17314 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17315 .doit = nl80211_start_radar_detection, 17316 .flags = GENL_UNS_ADMIN_PERM, 17317 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17318 NL80211_FLAG_NO_WIPHY_MTX | 17319 NL80211_FLAG_MLO_UNSUPPORTED), 17320 }, 17321 { 17322 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES, 17323 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17324 .doit = nl80211_get_protocol_features, 17325 }, 17326 { 17327 .cmd = NL80211_CMD_UPDATE_FT_IES, 17328 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17329 .doit = nl80211_update_ft_ies, 17330 .flags = GENL_UNS_ADMIN_PERM, 17331 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17332 }, 17333 { 17334 .cmd = NL80211_CMD_CRIT_PROTOCOL_START, 17335 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17336 .doit = nl80211_crit_protocol_start, 17337 .flags = GENL_UNS_ADMIN_PERM, 17338 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17339 }, 17340 { 17341 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP, 17342 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17343 .doit = nl80211_crit_protocol_stop, 17344 .flags = GENL_UNS_ADMIN_PERM, 17345 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17346 }, 17347 { 17348 .cmd = NL80211_CMD_GET_COALESCE, 17349 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17350 .doit = nl80211_get_coalesce, 17351 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 17352 }, 17353 { 17354 .cmd = NL80211_CMD_SET_COALESCE, 17355 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17356 .doit = nl80211_set_coalesce, 17357 .flags = GENL_UNS_ADMIN_PERM, 17358 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 17359 }, 17360 { 17361 .cmd = NL80211_CMD_CHANNEL_SWITCH, 17362 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17363 .doit = nl80211_channel_switch, 17364 .flags = GENL_UNS_ADMIN_PERM, 17365 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17366 NL80211_FLAG_MLO_VALID_LINK_ID), 17367 }, 17368 { 17369 .cmd = NL80211_CMD_VENDOR, 17370 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17371 .doit = nl80211_vendor_cmd, 17372 .dumpit = nl80211_vendor_cmd_dump, 17373 .flags = GENL_UNS_ADMIN_PERM, 17374 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY | 17375 NL80211_FLAG_CLEAR_SKB), 17376 }, 17377 { 17378 .cmd = NL80211_CMD_SET_QOS_MAP, 17379 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17380 .doit = nl80211_set_qos_map, 17381 .flags = GENL_UNS_ADMIN_PERM, 17382 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17383 }, 17384 { 17385 .cmd = NL80211_CMD_ADD_TX_TS, 17386 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17387 .doit = nl80211_add_tx_ts, 17388 .flags = GENL_UNS_ADMIN_PERM, 17389 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17390 NL80211_FLAG_MLO_UNSUPPORTED), 17391 }, 17392 { 17393 .cmd = NL80211_CMD_DEL_TX_TS, 17394 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17395 .doit = nl80211_del_tx_ts, 17396 .flags = GENL_UNS_ADMIN_PERM, 17397 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17398 }, 17399 { 17400 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH, 17401 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17402 .doit = nl80211_tdls_channel_switch, 17403 .flags = GENL_UNS_ADMIN_PERM, 17404 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17405 }, 17406 { 17407 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH, 17408 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17409 .doit = nl80211_tdls_cancel_channel_switch, 17410 .flags = GENL_UNS_ADMIN_PERM, 17411 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17412 }, 17413 { 17414 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST, 17415 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17416 .doit = nl80211_set_multicast_to_unicast, 17417 .flags = GENL_UNS_ADMIN_PERM, 17418 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17419 }, 17420 { 17421 .cmd = NL80211_CMD_SET_PMK, 17422 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17423 .doit = nl80211_set_pmk, 17424 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17425 NL80211_FLAG_CLEAR_SKB), 17426 }, 17427 { 17428 .cmd = NL80211_CMD_DEL_PMK, 17429 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17430 .doit = nl80211_del_pmk, 17431 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17432 }, 17433 { 17434 .cmd = NL80211_CMD_EXTERNAL_AUTH, 17435 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17436 .doit = nl80211_external_auth, 17437 .flags = GENL_ADMIN_PERM, 17438 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17439 }, 17440 { 17441 .cmd = NL80211_CMD_CONTROL_PORT_FRAME, 17442 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17443 .doit = nl80211_tx_control_port, 17444 .flags = GENL_UNS_ADMIN_PERM, 17445 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17446 }, 17447 { 17448 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS, 17449 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17450 .doit = nl80211_get_ftm_responder_stats, 17451 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV | 17452 NL80211_FLAG_MLO_VALID_LINK_ID), 17453 }, 17454 { 17455 .cmd = NL80211_CMD_PEER_MEASUREMENT_START, 17456 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17457 .doit = nl80211_pmsr_start, 17458 .flags = GENL_UNS_ADMIN_PERM, 17459 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17460 }, 17461 { 17462 .cmd = NL80211_CMD_NOTIFY_RADAR, 17463 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17464 .doit = nl80211_notify_radar_detection, 17465 .flags = GENL_UNS_ADMIN_PERM, 17466 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17467 }, 17468 { 17469 .cmd = NL80211_CMD_UPDATE_OWE_INFO, 17470 .doit = nl80211_update_owe_info, 17471 .flags = GENL_ADMIN_PERM, 17472 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17473 }, 17474 { 17475 .cmd = NL80211_CMD_PROBE_MESH_LINK, 17476 .doit = nl80211_probe_mesh_link, 17477 .flags = GENL_UNS_ADMIN_PERM, 17478 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17479 }, 17480 { 17481 .cmd = NL80211_CMD_SET_TID_CONFIG, 17482 .doit = nl80211_set_tid_config, 17483 .flags = GENL_UNS_ADMIN_PERM, 17484 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV | 17485 NL80211_FLAG_MLO_VALID_LINK_ID), 17486 }, 17487 { 17488 .cmd = NL80211_CMD_SET_SAR_SPECS, 17489 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17490 .doit = nl80211_set_sar_specs, 17491 .flags = GENL_UNS_ADMIN_PERM, 17492 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY | 17493 NL80211_FLAG_NEED_RTNL), 17494 }, 17495 { 17496 .cmd = NL80211_CMD_COLOR_CHANGE_REQUEST, 17497 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17498 .doit = nl80211_color_change, 17499 .flags = GENL_UNS_ADMIN_PERM, 17500 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17501 }, 17502 { 17503 .cmd = NL80211_CMD_SET_FILS_AAD, 17504 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17505 .doit = nl80211_set_fils_aad, 17506 .flags = GENL_UNS_ADMIN_PERM, 17507 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17508 }, 17509 { 17510 .cmd = NL80211_CMD_ADD_LINK, 17511 .doit = nl80211_add_link, 17512 .flags = GENL_UNS_ADMIN_PERM, 17513 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17514 }, 17515 { 17516 .cmd = NL80211_CMD_REMOVE_LINK, 17517 .doit = nl80211_remove_link, 17518 .flags = GENL_UNS_ADMIN_PERM, 17519 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17520 NL80211_FLAG_MLO_VALID_LINK_ID), 17521 }, 17522 { 17523 .cmd = NL80211_CMD_ADD_LINK_STA, 17524 .doit = nl80211_add_link_station, 17525 .flags = GENL_UNS_ADMIN_PERM, 17526 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17527 NL80211_FLAG_MLO_VALID_LINK_ID), 17528 }, 17529 { 17530 .cmd = NL80211_CMD_MODIFY_LINK_STA, 17531 .doit = nl80211_modify_link_station, 17532 .flags = GENL_UNS_ADMIN_PERM, 17533 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17534 NL80211_FLAG_MLO_VALID_LINK_ID), 17535 }, 17536 { 17537 .cmd = NL80211_CMD_REMOVE_LINK_STA, 17538 .doit = nl80211_remove_link_station, 17539 .flags = GENL_UNS_ADMIN_PERM, 17540 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17541 NL80211_FLAG_MLO_VALID_LINK_ID), 17542 }, 17543 { 17544 .cmd = NL80211_CMD_SET_HW_TIMESTAMP, 17545 .doit = nl80211_set_hw_timestamp, 17546 .flags = GENL_UNS_ADMIN_PERM, 17547 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17548 }, 17549 }; 17550 17551 static struct genl_family nl80211_fam __ro_after_init = { 17552 .name = NL80211_GENL_NAME, /* have users key off the name instead */ 17553 .hdrsize = 0, /* no private header */ 17554 .version = 1, /* no particular meaning now */ 17555 .maxattr = NL80211_ATTR_MAX, 17556 .policy = nl80211_policy, 17557 .netnsok = true, 17558 .pre_doit = nl80211_pre_doit, 17559 .post_doit = nl80211_post_doit, 17560 .module = THIS_MODULE, 17561 .ops = nl80211_ops, 17562 .n_ops = ARRAY_SIZE(nl80211_ops), 17563 .small_ops = nl80211_small_ops, 17564 .n_small_ops = ARRAY_SIZE(nl80211_small_ops), 17565 .resv_start_op = NL80211_CMD_REMOVE_LINK_STA + 1, 17566 .mcgrps = nl80211_mcgrps, 17567 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps), 17568 .parallel_ops = true, 17569 }; 17570 17571 /* notification functions */ 17572 17573 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev, 17574 enum nl80211_commands cmd) 17575 { 17576 struct sk_buff *msg; 17577 struct nl80211_dump_wiphy_state state = {}; 17578 17579 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY && 17580 cmd != NL80211_CMD_DEL_WIPHY); 17581 17582 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 17583 if (!msg) 17584 return; 17585 17586 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) { 17587 nlmsg_free(msg); 17588 return; 17589 } 17590 17591 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17592 NL80211_MCGRP_CONFIG, GFP_KERNEL); 17593 } 17594 17595 void nl80211_notify_iface(struct cfg80211_registered_device *rdev, 17596 struct wireless_dev *wdev, 17597 enum nl80211_commands cmd) 17598 { 17599 struct sk_buff *msg; 17600 17601 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 17602 if (!msg) 17603 return; 17604 17605 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) { 17606 nlmsg_free(msg); 17607 return; 17608 } 17609 17610 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17611 NL80211_MCGRP_CONFIG, GFP_KERNEL); 17612 } 17613 17614 static int nl80211_add_scan_req(struct sk_buff *msg, 17615 struct cfg80211_registered_device *rdev) 17616 { 17617 struct cfg80211_scan_request *req = rdev->scan_req; 17618 struct nlattr *nest; 17619 int i; 17620 struct cfg80211_scan_info *info; 17621 17622 if (WARN_ON(!req)) 17623 return 0; 17624 17625 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS); 17626 if (!nest) 17627 goto nla_put_failure; 17628 for (i = 0; i < req->n_ssids; i++) { 17629 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid)) 17630 goto nla_put_failure; 17631 } 17632 nla_nest_end(msg, nest); 17633 17634 if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) { 17635 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ); 17636 if (!nest) 17637 goto nla_put_failure; 17638 for (i = 0; i < req->n_channels; i++) { 17639 if (nla_put_u32(msg, i, 17640 ieee80211_channel_to_khz(req->channels[i]))) 17641 goto nla_put_failure; 17642 } 17643 nla_nest_end(msg, nest); 17644 } else { 17645 nest = nla_nest_start_noflag(msg, 17646 NL80211_ATTR_SCAN_FREQUENCIES); 17647 if (!nest) 17648 goto nla_put_failure; 17649 for (i = 0; i < req->n_channels; i++) { 17650 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 17651 goto nla_put_failure; 17652 } 17653 nla_nest_end(msg, nest); 17654 } 17655 17656 if (req->ie && 17657 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie)) 17658 goto nla_put_failure; 17659 17660 if (req->flags && 17661 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags)) 17662 goto nla_put_failure; 17663 17664 info = rdev->int_scan_req ? &rdev->int_scan_req->info : 17665 &rdev->scan_req->info; 17666 if (info->scan_start_tsf && 17667 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF, 17668 info->scan_start_tsf, NL80211_BSS_PAD) || 17669 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN, 17670 info->tsf_bssid))) 17671 goto nla_put_failure; 17672 17673 return 0; 17674 nla_put_failure: 17675 return -ENOBUFS; 17676 } 17677 17678 static int nl80211_prep_scan_msg(struct sk_buff *msg, 17679 struct cfg80211_registered_device *rdev, 17680 struct wireless_dev *wdev, 17681 u32 portid, u32 seq, int flags, 17682 u32 cmd) 17683 { 17684 void *hdr; 17685 17686 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 17687 if (!hdr) 17688 return -1; 17689 17690 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17691 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 17692 wdev->netdev->ifindex)) || 17693 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 17694 NL80211_ATTR_PAD)) 17695 goto nla_put_failure; 17696 17697 /* ignore errors and send incomplete event anyway */ 17698 nl80211_add_scan_req(msg, rdev); 17699 17700 genlmsg_end(msg, hdr); 17701 return 0; 17702 17703 nla_put_failure: 17704 genlmsg_cancel(msg, hdr); 17705 return -EMSGSIZE; 17706 } 17707 17708 static int 17709 nl80211_prep_sched_scan_msg(struct sk_buff *msg, 17710 struct cfg80211_sched_scan_request *req, u32 cmd) 17711 { 17712 void *hdr; 17713 17714 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 17715 if (!hdr) 17716 return -1; 17717 17718 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, 17719 wiphy_to_rdev(req->wiphy)->wiphy_idx) || 17720 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) || 17721 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid, 17722 NL80211_ATTR_PAD)) 17723 goto nla_put_failure; 17724 17725 genlmsg_end(msg, hdr); 17726 return 0; 17727 17728 nla_put_failure: 17729 genlmsg_cancel(msg, hdr); 17730 return -EMSGSIZE; 17731 } 17732 17733 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 17734 struct wireless_dev *wdev) 17735 { 17736 struct sk_buff *msg; 17737 17738 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 17739 if (!msg) 17740 return; 17741 17742 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0, 17743 NL80211_CMD_TRIGGER_SCAN) < 0) { 17744 nlmsg_free(msg); 17745 return; 17746 } 17747 17748 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17749 NL80211_MCGRP_SCAN, GFP_KERNEL); 17750 } 17751 17752 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev, 17753 struct wireless_dev *wdev, bool aborted) 17754 { 17755 struct sk_buff *msg; 17756 17757 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 17758 if (!msg) 17759 return NULL; 17760 17761 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0, 17762 aborted ? NL80211_CMD_SCAN_ABORTED : 17763 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 17764 nlmsg_free(msg); 17765 return NULL; 17766 } 17767 17768 return msg; 17769 } 17770 17771 /* send message created by nl80211_build_scan_msg() */ 17772 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev, 17773 struct sk_buff *msg) 17774 { 17775 if (!msg) 17776 return; 17777 17778 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17779 NL80211_MCGRP_SCAN, GFP_KERNEL); 17780 } 17781 17782 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd) 17783 { 17784 struct sk_buff *msg; 17785 17786 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 17787 if (!msg) 17788 return; 17789 17790 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) { 17791 nlmsg_free(msg); 17792 return; 17793 } 17794 17795 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0, 17796 NL80211_MCGRP_SCAN, GFP_KERNEL); 17797 } 17798 17799 static bool nl80211_reg_change_event_fill(struct sk_buff *msg, 17800 struct regulatory_request *request) 17801 { 17802 /* Userspace can always count this one always being set */ 17803 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator)) 17804 goto nla_put_failure; 17805 17806 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') { 17807 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 17808 NL80211_REGDOM_TYPE_WORLD)) 17809 goto nla_put_failure; 17810 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') { 17811 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 17812 NL80211_REGDOM_TYPE_CUSTOM_WORLD)) 17813 goto nla_put_failure; 17814 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 17815 request->intersect) { 17816 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 17817 NL80211_REGDOM_TYPE_INTERSECTION)) 17818 goto nla_put_failure; 17819 } else { 17820 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 17821 NL80211_REGDOM_TYPE_COUNTRY) || 17822 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 17823 request->alpha2)) 17824 goto nla_put_failure; 17825 } 17826 17827 if (request->wiphy_idx != WIPHY_IDX_INVALID) { 17828 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx); 17829 17830 if (wiphy && 17831 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx)) 17832 goto nla_put_failure; 17833 17834 if (wiphy && 17835 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 17836 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 17837 goto nla_put_failure; 17838 } 17839 17840 return true; 17841 17842 nla_put_failure: 17843 return false; 17844 } 17845 17846 /* 17847 * This can happen on global regulatory changes or device specific settings 17848 * based on custom regulatory domains. 17849 */ 17850 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id, 17851 struct regulatory_request *request) 17852 { 17853 struct sk_buff *msg; 17854 void *hdr; 17855 17856 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 17857 if (!msg) 17858 return; 17859 17860 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id); 17861 if (!hdr) 17862 goto nla_put_failure; 17863 17864 if (!nl80211_reg_change_event_fill(msg, request)) 17865 goto nla_put_failure; 17866 17867 genlmsg_end(msg, hdr); 17868 17869 rcu_read_lock(); 17870 genlmsg_multicast_allns(&nl80211_fam, msg, 0, 17871 NL80211_MCGRP_REGULATORY, GFP_ATOMIC); 17872 rcu_read_unlock(); 17873 17874 return; 17875 17876 nla_put_failure: 17877 nlmsg_free(msg); 17878 } 17879 17880 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 17881 struct net_device *netdev, 17882 const u8 *buf, size_t len, 17883 enum nl80211_commands cmd, gfp_t gfp, 17884 int uapsd_queues, const u8 *req_ies, 17885 size_t req_ies_len, bool reconnect) 17886 { 17887 struct sk_buff *msg; 17888 void *hdr; 17889 17890 msg = nlmsg_new(100 + len + req_ies_len, gfp); 17891 if (!msg) 17892 return; 17893 17894 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 17895 if (!hdr) { 17896 nlmsg_free(msg); 17897 return; 17898 } 17899 17900 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17901 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 17902 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 17903 (req_ies && 17904 nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies))) 17905 goto nla_put_failure; 17906 17907 if (reconnect && nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED)) 17908 goto nla_put_failure; 17909 17910 if (uapsd_queues >= 0) { 17911 struct nlattr *nla_wmm = 17912 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME); 17913 if (!nla_wmm) 17914 goto nla_put_failure; 17915 17916 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES, 17917 uapsd_queues)) 17918 goto nla_put_failure; 17919 17920 nla_nest_end(msg, nla_wmm); 17921 } 17922 17923 genlmsg_end(msg, hdr); 17924 17925 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17926 NL80211_MCGRP_MLME, gfp); 17927 return; 17928 17929 nla_put_failure: 17930 nlmsg_free(msg); 17931 } 17932 17933 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 17934 struct net_device *netdev, const u8 *buf, 17935 size_t len, gfp_t gfp) 17936 { 17937 nl80211_send_mlme_event(rdev, netdev, buf, len, 17938 NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0, 17939 false); 17940 } 17941 17942 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 17943 struct net_device *netdev, 17944 struct cfg80211_rx_assoc_resp *data) 17945 { 17946 nl80211_send_mlme_event(rdev, netdev, data->buf, data->len, 17947 NL80211_CMD_ASSOCIATE, GFP_KERNEL, 17948 data->uapsd_queues, 17949 data->req_ies, data->req_ies_len, false); 17950 } 17951 17952 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 17953 struct net_device *netdev, const u8 *buf, 17954 size_t len, bool reconnect, gfp_t gfp) 17955 { 17956 nl80211_send_mlme_event(rdev, netdev, buf, len, 17957 NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0, 17958 reconnect); 17959 } 17960 17961 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 17962 struct net_device *netdev, const u8 *buf, 17963 size_t len, bool reconnect, gfp_t gfp) 17964 { 17965 nl80211_send_mlme_event(rdev, netdev, buf, len, 17966 NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0, 17967 reconnect); 17968 } 17969 17970 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf, 17971 size_t len) 17972 { 17973 struct wireless_dev *wdev = dev->ieee80211_ptr; 17974 struct wiphy *wiphy = wdev->wiphy; 17975 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 17976 const struct ieee80211_mgmt *mgmt = (void *)buf; 17977 u32 cmd; 17978 17979 if (WARN_ON(len < 2)) 17980 return; 17981 17982 if (ieee80211_is_deauth(mgmt->frame_control)) { 17983 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE; 17984 } else if (ieee80211_is_disassoc(mgmt->frame_control)) { 17985 cmd = NL80211_CMD_UNPROT_DISASSOCIATE; 17986 } else if (ieee80211_is_beacon(mgmt->frame_control)) { 17987 if (wdev->unprot_beacon_reported && 17988 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000) 17989 return; 17990 cmd = NL80211_CMD_UNPROT_BEACON; 17991 wdev->unprot_beacon_reported = jiffies; 17992 } else { 17993 return; 17994 } 17995 17996 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len); 17997 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1, 17998 NULL, 0, false); 17999 } 18000 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt); 18001 18002 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 18003 struct net_device *netdev, int cmd, 18004 const u8 *addr, gfp_t gfp) 18005 { 18006 struct sk_buff *msg; 18007 void *hdr; 18008 18009 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18010 if (!msg) 18011 return; 18012 18013 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 18014 if (!hdr) { 18015 nlmsg_free(msg); 18016 return; 18017 } 18018 18019 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18020 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18021 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 18022 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 18023 goto nla_put_failure; 18024 18025 genlmsg_end(msg, hdr); 18026 18027 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18028 NL80211_MCGRP_MLME, gfp); 18029 return; 18030 18031 nla_put_failure: 18032 nlmsg_free(msg); 18033 } 18034 18035 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 18036 struct net_device *netdev, const u8 *addr, 18037 gfp_t gfp) 18038 { 18039 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 18040 addr, gfp); 18041 } 18042 18043 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 18044 struct net_device *netdev, const u8 *addr, 18045 gfp_t gfp) 18046 { 18047 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 18048 addr, gfp); 18049 } 18050 18051 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 18052 struct net_device *netdev, 18053 struct cfg80211_connect_resp_params *cr, 18054 gfp_t gfp) 18055 { 18056 struct sk_buff *msg; 18057 void *hdr; 18058 unsigned int link; 18059 size_t link_info_size = 0; 18060 const u8 *connected_addr = cr->valid_links ? 18061 cr->ap_mld_addr : cr->links[0].bssid; 18062 18063 if (cr->valid_links) { 18064 for_each_valid_link(cr, link) { 18065 /* Nested attribute header */ 18066 link_info_size += NLA_HDRLEN; 18067 /* Link ID */ 18068 link_info_size += nla_total_size(sizeof(u8)); 18069 link_info_size += cr->links[link].addr ? 18070 nla_total_size(ETH_ALEN) : 0; 18071 link_info_size += (cr->links[link].bssid || 18072 cr->links[link].bss) ? 18073 nla_total_size(ETH_ALEN) : 0; 18074 link_info_size += nla_total_size(sizeof(u16)); 18075 } 18076 } 18077 18078 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len + 18079 cr->fils.kek_len + cr->fils.pmk_len + 18080 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size, 18081 gfp); 18082 if (!msg) 18083 return; 18084 18085 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 18086 if (!hdr) { 18087 nlmsg_free(msg); 18088 return; 18089 } 18090 18091 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18092 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18093 (connected_addr && 18094 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr)) || 18095 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, 18096 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE : 18097 cr->status) || 18098 (cr->status < 0 && 18099 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 18100 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON, 18101 cr->timeout_reason))) || 18102 (cr->req_ie && 18103 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) || 18104 (cr->resp_ie && 18105 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len, 18106 cr->resp_ie)) || 18107 (cr->fils.update_erp_next_seq_num && 18108 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM, 18109 cr->fils.erp_next_seq_num)) || 18110 (cr->status == WLAN_STATUS_SUCCESS && 18111 ((cr->fils.kek && 18112 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len, 18113 cr->fils.kek)) || 18114 (cr->fils.pmk && 18115 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) || 18116 (cr->fils.pmkid && 18117 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid))))) 18118 goto nla_put_failure; 18119 18120 if (cr->valid_links) { 18121 int i = 1; 18122 struct nlattr *nested; 18123 18124 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS); 18125 if (!nested) 18126 goto nla_put_failure; 18127 18128 for_each_valid_link(cr, link) { 18129 struct nlattr *nested_mlo_links; 18130 const u8 *bssid = cr->links[link].bss ? 18131 cr->links[link].bss->bssid : 18132 cr->links[link].bssid; 18133 18134 nested_mlo_links = nla_nest_start(msg, i); 18135 if (!nested_mlo_links) 18136 goto nla_put_failure; 18137 18138 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) || 18139 (bssid && 18140 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) || 18141 (cr->links[link].addr && 18142 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, 18143 cr->links[link].addr)) || 18144 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, 18145 cr->links[link].status)) 18146 goto nla_put_failure; 18147 18148 nla_nest_end(msg, nested_mlo_links); 18149 i++; 18150 } 18151 nla_nest_end(msg, nested); 18152 } 18153 18154 genlmsg_end(msg, hdr); 18155 18156 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18157 NL80211_MCGRP_MLME, gfp); 18158 return; 18159 18160 nla_put_failure: 18161 nlmsg_free(msg); 18162 } 18163 18164 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 18165 struct net_device *netdev, 18166 struct cfg80211_roam_info *info, gfp_t gfp) 18167 { 18168 struct sk_buff *msg; 18169 void *hdr; 18170 size_t link_info_size = 0; 18171 unsigned int link; 18172 const u8 *connected_addr = info->ap_mld_addr ? 18173 info->ap_mld_addr : 18174 (info->links[0].bss ? 18175 info->links[0].bss->bssid : 18176 info->links[0].bssid); 18177 18178 if (info->valid_links) { 18179 for_each_valid_link(info, link) { 18180 /* Nested attribute header */ 18181 link_info_size += NLA_HDRLEN; 18182 /* Link ID */ 18183 link_info_size += nla_total_size(sizeof(u8)); 18184 link_info_size += info->links[link].addr ? 18185 nla_total_size(ETH_ALEN) : 0; 18186 link_info_size += (info->links[link].bssid || 18187 info->links[link].bss) ? 18188 nla_total_size(ETH_ALEN) : 0; 18189 } 18190 } 18191 18192 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len + 18193 info->fils.kek_len + info->fils.pmk_len + 18194 (info->fils.pmkid ? WLAN_PMKID_LEN : 0) + 18195 link_info_size, gfp); 18196 if (!msg) 18197 return; 18198 18199 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 18200 if (!hdr) { 18201 nlmsg_free(msg); 18202 return; 18203 } 18204 18205 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18206 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18207 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr) || 18208 (info->req_ie && 18209 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len, 18210 info->req_ie)) || 18211 (info->resp_ie && 18212 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len, 18213 info->resp_ie)) || 18214 (info->fils.update_erp_next_seq_num && 18215 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM, 18216 info->fils.erp_next_seq_num)) || 18217 (info->fils.kek && 18218 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len, 18219 info->fils.kek)) || 18220 (info->fils.pmk && 18221 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) || 18222 (info->fils.pmkid && 18223 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid))) 18224 goto nla_put_failure; 18225 18226 if (info->valid_links) { 18227 int i = 1; 18228 struct nlattr *nested; 18229 18230 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS); 18231 if (!nested) 18232 goto nla_put_failure; 18233 18234 for_each_valid_link(info, link) { 18235 struct nlattr *nested_mlo_links; 18236 const u8 *bssid = info->links[link].bss ? 18237 info->links[link].bss->bssid : 18238 info->links[link].bssid; 18239 18240 nested_mlo_links = nla_nest_start(msg, i); 18241 if (!nested_mlo_links) 18242 goto nla_put_failure; 18243 18244 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) || 18245 (bssid && 18246 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) || 18247 (info->links[link].addr && 18248 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, 18249 info->links[link].addr))) 18250 goto nla_put_failure; 18251 18252 nla_nest_end(msg, nested_mlo_links); 18253 i++; 18254 } 18255 nla_nest_end(msg, nested); 18256 } 18257 18258 genlmsg_end(msg, hdr); 18259 18260 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18261 NL80211_MCGRP_MLME, gfp); 18262 return; 18263 18264 nla_put_failure: 18265 nlmsg_free(msg); 18266 } 18267 18268 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev, 18269 struct net_device *netdev, const u8 *bssid, 18270 const u8 *td_bitmap, u8 td_bitmap_len) 18271 { 18272 struct sk_buff *msg; 18273 void *hdr; 18274 18275 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 18276 if (!msg) 18277 return; 18278 18279 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED); 18280 if (!hdr) { 18281 nlmsg_free(msg); 18282 return; 18283 } 18284 18285 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18286 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18287 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 18288 goto nla_put_failure; 18289 18290 if ((td_bitmap_len > 0) && td_bitmap) 18291 if (nla_put(msg, NL80211_ATTR_TD_BITMAP, 18292 td_bitmap_len, td_bitmap)) 18293 goto nla_put_failure; 18294 18295 genlmsg_end(msg, hdr); 18296 18297 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18298 NL80211_MCGRP_MLME, GFP_KERNEL); 18299 return; 18300 18301 nla_put_failure: 18302 nlmsg_free(msg); 18303 } 18304 18305 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 18306 struct net_device *netdev, u16 reason, 18307 const u8 *ie, size_t ie_len, bool from_ap) 18308 { 18309 struct sk_buff *msg; 18310 void *hdr; 18311 18312 msg = nlmsg_new(100 + ie_len, GFP_KERNEL); 18313 if (!msg) 18314 return; 18315 18316 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 18317 if (!hdr) { 18318 nlmsg_free(msg); 18319 return; 18320 } 18321 18322 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18323 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18324 (reason && 18325 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) || 18326 (from_ap && 18327 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) || 18328 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) 18329 goto nla_put_failure; 18330 18331 genlmsg_end(msg, hdr); 18332 18333 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18334 NL80211_MCGRP_MLME, GFP_KERNEL); 18335 return; 18336 18337 nla_put_failure: 18338 nlmsg_free(msg); 18339 } 18340 18341 void cfg80211_links_removed(struct net_device *dev, u16 link_mask) 18342 { 18343 struct wireless_dev *wdev = dev->ieee80211_ptr; 18344 struct wiphy *wiphy = wdev->wiphy; 18345 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18346 struct sk_buff *msg; 18347 struct nlattr *links; 18348 void *hdr; 18349 18350 ASSERT_WDEV_LOCK(wdev); 18351 trace_cfg80211_links_removed(dev, link_mask); 18352 18353 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && 18354 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) 18355 return; 18356 18357 if (WARN_ON(!wdev->valid_links || !link_mask || 18358 (wdev->valid_links & link_mask) != link_mask || 18359 wdev->valid_links == link_mask)) 18360 return; 18361 18362 cfg80211_wdev_release_link_bsses(wdev, link_mask); 18363 wdev->valid_links &= ~link_mask; 18364 18365 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 18366 if (!msg) 18367 return; 18368 18369 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_LINKS_REMOVED); 18370 if (!hdr) { 18371 nlmsg_free(msg); 18372 return; 18373 } 18374 18375 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18376 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 18377 goto nla_put_failure; 18378 18379 links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS); 18380 if (!links) 18381 goto nla_put_failure; 18382 18383 while (link_mask) { 18384 struct nlattr *link; 18385 int link_id = __ffs(link_mask); 18386 18387 link = nla_nest_start(msg, link_id + 1); 18388 if (!link) 18389 goto nla_put_failure; 18390 18391 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) 18392 goto nla_put_failure; 18393 18394 nla_nest_end(msg, link); 18395 link_mask &= ~(1 << link_id); 18396 } 18397 18398 nla_nest_end(msg, links); 18399 18400 genlmsg_end(msg, hdr); 18401 18402 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18403 NL80211_MCGRP_MLME, GFP_KERNEL); 18404 return; 18405 18406 nla_put_failure: 18407 nlmsg_free(msg); 18408 } 18409 EXPORT_SYMBOL(cfg80211_links_removed); 18410 18411 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 18412 struct net_device *netdev, const u8 *bssid, 18413 gfp_t gfp) 18414 { 18415 struct sk_buff *msg; 18416 void *hdr; 18417 18418 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18419 if (!msg) 18420 return; 18421 18422 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 18423 if (!hdr) { 18424 nlmsg_free(msg); 18425 return; 18426 } 18427 18428 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18429 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18430 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 18431 goto nla_put_failure; 18432 18433 genlmsg_end(msg, hdr); 18434 18435 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18436 NL80211_MCGRP_MLME, gfp); 18437 return; 18438 18439 nla_put_failure: 18440 nlmsg_free(msg); 18441 } 18442 18443 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr, 18444 const u8 *ie, u8 ie_len, 18445 int sig_dbm, gfp_t gfp) 18446 { 18447 struct wireless_dev *wdev = dev->ieee80211_ptr; 18448 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 18449 struct sk_buff *msg; 18450 void *hdr; 18451 18452 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT)) 18453 return; 18454 18455 trace_cfg80211_notify_new_peer_candidate(dev, addr); 18456 18457 msg = nlmsg_new(100 + ie_len, gfp); 18458 if (!msg) 18459 return; 18460 18461 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 18462 if (!hdr) { 18463 nlmsg_free(msg); 18464 return; 18465 } 18466 18467 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18468 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 18469 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 18470 (ie_len && ie && 18471 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) || 18472 (sig_dbm && 18473 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm))) 18474 goto nla_put_failure; 18475 18476 genlmsg_end(msg, hdr); 18477 18478 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18479 NL80211_MCGRP_MLME, gfp); 18480 return; 18481 18482 nla_put_failure: 18483 nlmsg_free(msg); 18484 } 18485 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate); 18486 18487 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 18488 struct net_device *netdev, const u8 *addr, 18489 enum nl80211_key_type key_type, int key_id, 18490 const u8 *tsc, gfp_t gfp) 18491 { 18492 struct sk_buff *msg; 18493 void *hdr; 18494 18495 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18496 if (!msg) 18497 return; 18498 18499 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 18500 if (!hdr) { 18501 nlmsg_free(msg); 18502 return; 18503 } 18504 18505 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18506 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18507 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) || 18508 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) || 18509 (key_id != -1 && 18510 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) || 18511 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc))) 18512 goto nla_put_failure; 18513 18514 genlmsg_end(msg, hdr); 18515 18516 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18517 NL80211_MCGRP_MLME, gfp); 18518 return; 18519 18520 nla_put_failure: 18521 nlmsg_free(msg); 18522 } 18523 18524 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 18525 struct ieee80211_channel *channel_before, 18526 struct ieee80211_channel *channel_after) 18527 { 18528 struct sk_buff *msg; 18529 void *hdr; 18530 struct nlattr *nl_freq; 18531 18532 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 18533 if (!msg) 18534 return; 18535 18536 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 18537 if (!hdr) { 18538 nlmsg_free(msg); 18539 return; 18540 } 18541 18542 /* 18543 * Since we are applying the beacon hint to a wiphy we know its 18544 * wiphy_idx is valid 18545 */ 18546 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 18547 goto nla_put_failure; 18548 18549 /* Before */ 18550 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE); 18551 if (!nl_freq) 18552 goto nla_put_failure; 18553 18554 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false)) 18555 goto nla_put_failure; 18556 nla_nest_end(msg, nl_freq); 18557 18558 /* After */ 18559 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER); 18560 if (!nl_freq) 18561 goto nla_put_failure; 18562 18563 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false)) 18564 goto nla_put_failure; 18565 nla_nest_end(msg, nl_freq); 18566 18567 genlmsg_end(msg, hdr); 18568 18569 rcu_read_lock(); 18570 genlmsg_multicast_allns(&nl80211_fam, msg, 0, 18571 NL80211_MCGRP_REGULATORY, GFP_ATOMIC); 18572 rcu_read_unlock(); 18573 18574 return; 18575 18576 nla_put_failure: 18577 nlmsg_free(msg); 18578 } 18579 18580 static void nl80211_send_remain_on_chan_event( 18581 int cmd, struct cfg80211_registered_device *rdev, 18582 struct wireless_dev *wdev, u64 cookie, 18583 struct ieee80211_channel *chan, 18584 unsigned int duration, gfp_t gfp) 18585 { 18586 struct sk_buff *msg; 18587 void *hdr; 18588 18589 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18590 if (!msg) 18591 return; 18592 18593 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 18594 if (!hdr) { 18595 nlmsg_free(msg); 18596 return; 18597 } 18598 18599 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18600 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 18601 wdev->netdev->ifindex)) || 18602 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 18603 NL80211_ATTR_PAD) || 18604 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 18605 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 18606 NL80211_CHAN_NO_HT) || 18607 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 18608 NL80211_ATTR_PAD)) 18609 goto nla_put_failure; 18610 18611 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL && 18612 nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) 18613 goto nla_put_failure; 18614 18615 genlmsg_end(msg, hdr); 18616 18617 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18618 NL80211_MCGRP_MLME, gfp); 18619 return; 18620 18621 nla_put_failure: 18622 nlmsg_free(msg); 18623 } 18624 18625 void cfg80211_assoc_comeback(struct net_device *netdev, 18626 const u8 *ap_addr, u32 timeout) 18627 { 18628 struct wireless_dev *wdev = netdev->ieee80211_ptr; 18629 struct wiphy *wiphy = wdev->wiphy; 18630 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18631 struct sk_buff *msg; 18632 void *hdr; 18633 18634 trace_cfg80211_assoc_comeback(wdev, ap_addr, timeout); 18635 18636 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 18637 if (!msg) 18638 return; 18639 18640 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ASSOC_COMEBACK); 18641 if (!hdr) { 18642 nlmsg_free(msg); 18643 return; 18644 } 18645 18646 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18647 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18648 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ap_addr) || 18649 nla_put_u32(msg, NL80211_ATTR_TIMEOUT, timeout)) 18650 goto nla_put_failure; 18651 18652 genlmsg_end(msg, hdr); 18653 18654 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18655 NL80211_MCGRP_MLME, GFP_KERNEL); 18656 return; 18657 18658 nla_put_failure: 18659 nlmsg_free(msg); 18660 } 18661 EXPORT_SYMBOL(cfg80211_assoc_comeback); 18662 18663 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie, 18664 struct ieee80211_channel *chan, 18665 unsigned int duration, gfp_t gfp) 18666 { 18667 struct wiphy *wiphy = wdev->wiphy; 18668 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18669 18670 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration); 18671 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 18672 rdev, wdev, cookie, chan, 18673 duration, gfp); 18674 } 18675 EXPORT_SYMBOL(cfg80211_ready_on_channel); 18676 18677 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie, 18678 struct ieee80211_channel *chan, 18679 gfp_t gfp) 18680 { 18681 struct wiphy *wiphy = wdev->wiphy; 18682 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18683 18684 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan); 18685 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 18686 rdev, wdev, cookie, chan, 0, gfp); 18687 } 18688 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired); 18689 18690 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie, 18691 struct ieee80211_channel *chan, 18692 gfp_t gfp) 18693 { 18694 struct wiphy *wiphy = wdev->wiphy; 18695 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18696 18697 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan); 18698 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL, 18699 rdev, wdev, cookie, chan, 0, gfp); 18700 } 18701 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired); 18702 18703 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr, 18704 struct station_info *sinfo, gfp_t gfp) 18705 { 18706 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 18707 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18708 struct sk_buff *msg; 18709 18710 trace_cfg80211_new_sta(dev, mac_addr, sinfo); 18711 18712 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18713 if (!msg) 18714 return; 18715 18716 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0, 18717 rdev, dev, mac_addr, sinfo) < 0) { 18718 nlmsg_free(msg); 18719 return; 18720 } 18721 18722 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18723 NL80211_MCGRP_MLME, gfp); 18724 } 18725 EXPORT_SYMBOL(cfg80211_new_sta); 18726 18727 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr, 18728 struct station_info *sinfo, gfp_t gfp) 18729 { 18730 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 18731 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18732 struct sk_buff *msg; 18733 struct station_info empty_sinfo = {}; 18734 18735 if (!sinfo) 18736 sinfo = &empty_sinfo; 18737 18738 trace_cfg80211_del_sta(dev, mac_addr); 18739 18740 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18741 if (!msg) { 18742 cfg80211_sinfo_release_content(sinfo); 18743 return; 18744 } 18745 18746 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0, 18747 rdev, dev, mac_addr, sinfo) < 0) { 18748 nlmsg_free(msg); 18749 return; 18750 } 18751 18752 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18753 NL80211_MCGRP_MLME, gfp); 18754 } 18755 EXPORT_SYMBOL(cfg80211_del_sta_sinfo); 18756 18757 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr, 18758 enum nl80211_connect_failed_reason reason, 18759 gfp_t gfp) 18760 { 18761 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 18762 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18763 struct sk_buff *msg; 18764 void *hdr; 18765 18766 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 18767 if (!msg) 18768 return; 18769 18770 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED); 18771 if (!hdr) { 18772 nlmsg_free(msg); 18773 return; 18774 } 18775 18776 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 18777 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 18778 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason)) 18779 goto nla_put_failure; 18780 18781 genlmsg_end(msg, hdr); 18782 18783 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18784 NL80211_MCGRP_MLME, gfp); 18785 return; 18786 18787 nla_put_failure: 18788 nlmsg_free(msg); 18789 } 18790 EXPORT_SYMBOL(cfg80211_conn_failed); 18791 18792 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 18793 const u8 *addr, gfp_t gfp) 18794 { 18795 struct wireless_dev *wdev = dev->ieee80211_ptr; 18796 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 18797 struct sk_buff *msg; 18798 void *hdr; 18799 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid); 18800 18801 if (!nlportid) 18802 return false; 18803 18804 msg = nlmsg_new(100, gfp); 18805 if (!msg) 18806 return true; 18807 18808 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 18809 if (!hdr) { 18810 nlmsg_free(msg); 18811 return true; 18812 } 18813 18814 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18815 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 18816 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 18817 goto nla_put_failure; 18818 18819 genlmsg_end(msg, hdr); 18820 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 18821 return true; 18822 18823 nla_put_failure: 18824 nlmsg_free(msg); 18825 return true; 18826 } 18827 18828 bool cfg80211_rx_spurious_frame(struct net_device *dev, 18829 const u8 *addr, gfp_t gfp) 18830 { 18831 struct wireless_dev *wdev = dev->ieee80211_ptr; 18832 bool ret; 18833 18834 trace_cfg80211_rx_spurious_frame(dev, addr); 18835 18836 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 18837 wdev->iftype != NL80211_IFTYPE_P2P_GO)) { 18838 trace_cfg80211_return_bool(false); 18839 return false; 18840 } 18841 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 18842 addr, gfp); 18843 trace_cfg80211_return_bool(ret); 18844 return ret; 18845 } 18846 EXPORT_SYMBOL(cfg80211_rx_spurious_frame); 18847 18848 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev, 18849 const u8 *addr, gfp_t gfp) 18850 { 18851 struct wireless_dev *wdev = dev->ieee80211_ptr; 18852 bool ret; 18853 18854 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr); 18855 18856 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 18857 wdev->iftype != NL80211_IFTYPE_P2P_GO && 18858 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) { 18859 trace_cfg80211_return_bool(false); 18860 return false; 18861 } 18862 ret = __nl80211_unexpected_frame(dev, 18863 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 18864 addr, gfp); 18865 trace_cfg80211_return_bool(ret); 18866 return ret; 18867 } 18868 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame); 18869 18870 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 18871 struct wireless_dev *wdev, u32 nlportid, 18872 struct cfg80211_rx_info *info, gfp_t gfp) 18873 { 18874 struct net_device *netdev = wdev->netdev; 18875 struct sk_buff *msg; 18876 void *hdr; 18877 18878 msg = nlmsg_new(100 + info->len, gfp); 18879 if (!msg) 18880 return -ENOMEM; 18881 18882 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 18883 if (!hdr) { 18884 nlmsg_free(msg); 18885 return -ENOMEM; 18886 } 18887 18888 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18889 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 18890 netdev->ifindex)) || 18891 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 18892 NL80211_ATTR_PAD) || 18893 (info->have_link_id && 18894 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, info->link_id)) || 18895 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(info->freq)) || 18896 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, info->freq % 1000) || 18897 (info->sig_dbm && 18898 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, info->sig_dbm)) || 18899 nla_put(msg, NL80211_ATTR_FRAME, info->len, info->buf) || 18900 (info->flags && 18901 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, info->flags)) || 18902 (info->rx_tstamp && nla_put_u64_64bit(msg, 18903 NL80211_ATTR_RX_HW_TIMESTAMP, 18904 info->rx_tstamp, 18905 NL80211_ATTR_PAD)) || 18906 (info->ack_tstamp && nla_put_u64_64bit(msg, 18907 NL80211_ATTR_TX_HW_TIMESTAMP, 18908 info->ack_tstamp, 18909 NL80211_ATTR_PAD))) 18910 goto nla_put_failure; 18911 18912 genlmsg_end(msg, hdr); 18913 18914 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 18915 18916 nla_put_failure: 18917 nlmsg_free(msg); 18918 return -ENOBUFS; 18919 } 18920 18921 static void nl80211_frame_tx_status(struct wireless_dev *wdev, 18922 struct cfg80211_tx_status *status, 18923 gfp_t gfp, enum nl80211_commands command) 18924 { 18925 struct wiphy *wiphy = wdev->wiphy; 18926 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18927 struct net_device *netdev = wdev->netdev; 18928 struct sk_buff *msg; 18929 void *hdr; 18930 18931 if (command == NL80211_CMD_FRAME_TX_STATUS) 18932 trace_cfg80211_mgmt_tx_status(wdev, status->cookie, 18933 status->ack); 18934 else 18935 trace_cfg80211_control_port_tx_status(wdev, status->cookie, 18936 status->ack); 18937 18938 msg = nlmsg_new(100 + status->len, gfp); 18939 if (!msg) 18940 return; 18941 18942 hdr = nl80211hdr_put(msg, 0, 0, 0, command); 18943 if (!hdr) { 18944 nlmsg_free(msg); 18945 return; 18946 } 18947 18948 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18949 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 18950 netdev->ifindex)) || 18951 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 18952 NL80211_ATTR_PAD) || 18953 nla_put(msg, NL80211_ATTR_FRAME, status->len, status->buf) || 18954 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, status->cookie, 18955 NL80211_ATTR_PAD) || 18956 (status->ack && nla_put_flag(msg, NL80211_ATTR_ACK)) || 18957 (status->tx_tstamp && 18958 nla_put_u64_64bit(msg, NL80211_ATTR_TX_HW_TIMESTAMP, 18959 status->tx_tstamp, NL80211_ATTR_PAD)) || 18960 (status->ack_tstamp && 18961 nla_put_u64_64bit(msg, NL80211_ATTR_RX_HW_TIMESTAMP, 18962 status->ack_tstamp, NL80211_ATTR_PAD))) 18963 goto nla_put_failure; 18964 18965 genlmsg_end(msg, hdr); 18966 18967 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18968 NL80211_MCGRP_MLME, gfp); 18969 return; 18970 18971 nla_put_failure: 18972 nlmsg_free(msg); 18973 } 18974 18975 void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie, 18976 const u8 *buf, size_t len, bool ack, 18977 gfp_t gfp) 18978 { 18979 struct cfg80211_tx_status status = { 18980 .cookie = cookie, 18981 .buf = buf, 18982 .len = len, 18983 .ack = ack 18984 }; 18985 18986 nl80211_frame_tx_status(wdev, &status, gfp, 18987 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS); 18988 } 18989 EXPORT_SYMBOL(cfg80211_control_port_tx_status); 18990 18991 void cfg80211_mgmt_tx_status_ext(struct wireless_dev *wdev, 18992 struct cfg80211_tx_status *status, gfp_t gfp) 18993 { 18994 nl80211_frame_tx_status(wdev, status, gfp, NL80211_CMD_FRAME_TX_STATUS); 18995 } 18996 EXPORT_SYMBOL(cfg80211_mgmt_tx_status_ext); 18997 18998 static int __nl80211_rx_control_port(struct net_device *dev, 18999 struct sk_buff *skb, 19000 bool unencrypted, 19001 int link_id, 19002 gfp_t gfp) 19003 { 19004 struct wireless_dev *wdev = dev->ieee80211_ptr; 19005 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 19006 struct ethhdr *ehdr = eth_hdr(skb); 19007 const u8 *addr = ehdr->h_source; 19008 u16 proto = be16_to_cpu(skb->protocol); 19009 struct sk_buff *msg; 19010 void *hdr; 19011 struct nlattr *frame; 19012 19013 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid); 19014 19015 if (!nlportid) 19016 return -ENOENT; 19017 19018 msg = nlmsg_new(100 + skb->len, gfp); 19019 if (!msg) 19020 return -ENOMEM; 19021 19022 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME); 19023 if (!hdr) { 19024 nlmsg_free(msg); 19025 return -ENOBUFS; 19026 } 19027 19028 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19029 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 19030 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 19031 NL80211_ATTR_PAD) || 19032 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 19033 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) || 19034 (link_id >= 0 && 19035 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) || 19036 (unencrypted && nla_put_flag(msg, 19037 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))) 19038 goto nla_put_failure; 19039 19040 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len); 19041 if (!frame) 19042 goto nla_put_failure; 19043 19044 skb_copy_bits(skb, 0, nla_data(frame), skb->len); 19045 genlmsg_end(msg, hdr); 19046 19047 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 19048 19049 nla_put_failure: 19050 nlmsg_free(msg); 19051 return -ENOBUFS; 19052 } 19053 19054 bool cfg80211_rx_control_port(struct net_device *dev, struct sk_buff *skb, 19055 bool unencrypted, int link_id) 19056 { 19057 int ret; 19058 19059 trace_cfg80211_rx_control_port(dev, skb, unencrypted, link_id); 19060 ret = __nl80211_rx_control_port(dev, skb, unencrypted, link_id, 19061 GFP_ATOMIC); 19062 trace_cfg80211_return_bool(ret == 0); 19063 return ret == 0; 19064 } 19065 EXPORT_SYMBOL(cfg80211_rx_control_port); 19066 19067 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev, 19068 const char *mac, gfp_t gfp) 19069 { 19070 struct wireless_dev *wdev = dev->ieee80211_ptr; 19071 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 19072 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19073 void **cb; 19074 19075 if (!msg) 19076 return NULL; 19077 19078 cb = (void **)msg->cb; 19079 19080 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 19081 if (!cb[0]) { 19082 nlmsg_free(msg); 19083 return NULL; 19084 } 19085 19086 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19087 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 19088 goto nla_put_failure; 19089 19090 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac)) 19091 goto nla_put_failure; 19092 19093 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM); 19094 if (!cb[1]) 19095 goto nla_put_failure; 19096 19097 cb[2] = rdev; 19098 19099 return msg; 19100 nla_put_failure: 19101 nlmsg_free(msg); 19102 return NULL; 19103 } 19104 19105 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp) 19106 { 19107 void **cb = (void **)msg->cb; 19108 struct cfg80211_registered_device *rdev = cb[2]; 19109 19110 nla_nest_end(msg, cb[1]); 19111 genlmsg_end(msg, cb[0]); 19112 19113 memset(msg->cb, 0, sizeof(msg->cb)); 19114 19115 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19116 NL80211_MCGRP_MLME, gfp); 19117 } 19118 19119 void cfg80211_cqm_rssi_notify(struct net_device *dev, 19120 enum nl80211_cqm_rssi_threshold_event rssi_event, 19121 s32 rssi_level, gfp_t gfp) 19122 { 19123 struct wireless_dev *wdev = dev->ieee80211_ptr; 19124 struct cfg80211_cqm_config *cqm_config; 19125 19126 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level); 19127 19128 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW && 19129 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH)) 19130 return; 19131 19132 rcu_read_lock(); 19133 cqm_config = rcu_dereference(wdev->cqm_config); 19134 if (cqm_config) { 19135 cqm_config->last_rssi_event_value = rssi_level; 19136 cqm_config->last_rssi_event_type = rssi_event; 19137 wiphy_work_queue(wdev->wiphy, &wdev->cqm_rssi_work); 19138 } 19139 rcu_read_unlock(); 19140 } 19141 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify); 19142 19143 void cfg80211_cqm_rssi_notify_work(struct wiphy *wiphy, struct wiphy_work *work) 19144 { 19145 struct wireless_dev *wdev = container_of(work, struct wireless_dev, 19146 cqm_rssi_work); 19147 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19148 enum nl80211_cqm_rssi_threshold_event rssi_event; 19149 struct cfg80211_cqm_config *cqm_config; 19150 struct sk_buff *msg; 19151 s32 rssi_level; 19152 19153 wdev_lock(wdev); 19154 cqm_config = rcu_dereference_protected(wdev->cqm_config, 19155 lockdep_is_held(&wdev->mtx)); 19156 if (!cqm_config) 19157 goto unlock; 19158 19159 if (cqm_config->use_range_api) 19160 cfg80211_cqm_rssi_update(rdev, wdev->netdev, cqm_config); 19161 19162 rssi_level = cqm_config->last_rssi_event_value; 19163 rssi_event = cqm_config->last_rssi_event_type; 19164 19165 msg = cfg80211_prepare_cqm(wdev->netdev, NULL, GFP_KERNEL); 19166 if (!msg) 19167 goto unlock; 19168 19169 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 19170 rssi_event)) 19171 goto nla_put_failure; 19172 19173 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL, 19174 rssi_level)) 19175 goto nla_put_failure; 19176 19177 cfg80211_send_cqm(msg, GFP_KERNEL); 19178 19179 goto unlock; 19180 19181 nla_put_failure: 19182 nlmsg_free(msg); 19183 unlock: 19184 wdev_unlock(wdev); 19185 } 19186 19187 void cfg80211_cqm_txe_notify(struct net_device *dev, 19188 const u8 *peer, u32 num_packets, 19189 u32 rate, u32 intvl, gfp_t gfp) 19190 { 19191 struct sk_buff *msg; 19192 19193 msg = cfg80211_prepare_cqm(dev, peer, gfp); 19194 if (!msg) 19195 return; 19196 19197 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets)) 19198 goto nla_put_failure; 19199 19200 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate)) 19201 goto nla_put_failure; 19202 19203 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl)) 19204 goto nla_put_failure; 19205 19206 cfg80211_send_cqm(msg, gfp); 19207 return; 19208 19209 nla_put_failure: 19210 nlmsg_free(msg); 19211 } 19212 EXPORT_SYMBOL(cfg80211_cqm_txe_notify); 19213 19214 void cfg80211_cqm_pktloss_notify(struct net_device *dev, 19215 const u8 *peer, u32 num_packets, gfp_t gfp) 19216 { 19217 struct sk_buff *msg; 19218 19219 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets); 19220 19221 msg = cfg80211_prepare_cqm(dev, peer, gfp); 19222 if (!msg) 19223 return; 19224 19225 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets)) 19226 goto nla_put_failure; 19227 19228 cfg80211_send_cqm(msg, gfp); 19229 return; 19230 19231 nla_put_failure: 19232 nlmsg_free(msg); 19233 } 19234 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify); 19235 19236 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp) 19237 { 19238 struct sk_buff *msg; 19239 19240 msg = cfg80211_prepare_cqm(dev, NULL, gfp); 19241 if (!msg) 19242 return; 19243 19244 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT)) 19245 goto nla_put_failure; 19246 19247 cfg80211_send_cqm(msg, gfp); 19248 return; 19249 19250 nla_put_failure: 19251 nlmsg_free(msg); 19252 } 19253 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify); 19254 19255 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 19256 struct net_device *netdev, const u8 *bssid, 19257 const u8 *replay_ctr, gfp_t gfp) 19258 { 19259 struct sk_buff *msg; 19260 struct nlattr *rekey_attr; 19261 void *hdr; 19262 19263 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19264 if (!msg) 19265 return; 19266 19267 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 19268 if (!hdr) { 19269 nlmsg_free(msg); 19270 return; 19271 } 19272 19273 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19274 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 19275 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 19276 goto nla_put_failure; 19277 19278 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA); 19279 if (!rekey_attr) 19280 goto nla_put_failure; 19281 19282 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, 19283 NL80211_REPLAY_CTR_LEN, replay_ctr)) 19284 goto nla_put_failure; 19285 19286 nla_nest_end(msg, rekey_attr); 19287 19288 genlmsg_end(msg, hdr); 19289 19290 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19291 NL80211_MCGRP_MLME, gfp); 19292 return; 19293 19294 nla_put_failure: 19295 nlmsg_free(msg); 19296 } 19297 19298 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid, 19299 const u8 *replay_ctr, gfp_t gfp) 19300 { 19301 struct wireless_dev *wdev = dev->ieee80211_ptr; 19302 struct wiphy *wiphy = wdev->wiphy; 19303 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19304 19305 trace_cfg80211_gtk_rekey_notify(dev, bssid); 19306 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp); 19307 } 19308 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify); 19309 19310 static void 19311 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 19312 struct net_device *netdev, int index, 19313 const u8 *bssid, bool preauth, gfp_t gfp) 19314 { 19315 struct sk_buff *msg; 19316 struct nlattr *attr; 19317 void *hdr; 19318 19319 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19320 if (!msg) 19321 return; 19322 19323 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 19324 if (!hdr) { 19325 nlmsg_free(msg); 19326 return; 19327 } 19328 19329 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19330 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 19331 goto nla_put_failure; 19332 19333 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE); 19334 if (!attr) 19335 goto nla_put_failure; 19336 19337 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) || 19338 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) || 19339 (preauth && 19340 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH))) 19341 goto nla_put_failure; 19342 19343 nla_nest_end(msg, attr); 19344 19345 genlmsg_end(msg, hdr); 19346 19347 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19348 NL80211_MCGRP_MLME, gfp); 19349 return; 19350 19351 nla_put_failure: 19352 nlmsg_free(msg); 19353 } 19354 19355 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index, 19356 const u8 *bssid, bool preauth, gfp_t gfp) 19357 { 19358 struct wireless_dev *wdev = dev->ieee80211_ptr; 19359 struct wiphy *wiphy = wdev->wiphy; 19360 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19361 19362 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth); 19363 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp); 19364 } 19365 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify); 19366 19367 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev, 19368 struct net_device *netdev, 19369 unsigned int link_id, 19370 struct cfg80211_chan_def *chandef, 19371 gfp_t gfp, 19372 enum nl80211_commands notif, 19373 u8 count, bool quiet, u16 punct_bitmap) 19374 { 19375 struct wireless_dev *wdev = netdev->ieee80211_ptr; 19376 struct sk_buff *msg; 19377 void *hdr; 19378 19379 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19380 if (!msg) 19381 return; 19382 19383 hdr = nl80211hdr_put(msg, 0, 0, 0, notif); 19384 if (!hdr) { 19385 nlmsg_free(msg); 19386 return; 19387 } 19388 19389 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 19390 goto nla_put_failure; 19391 19392 if (wdev->valid_links && 19393 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) 19394 goto nla_put_failure; 19395 19396 if (nl80211_send_chandef(msg, chandef)) 19397 goto nla_put_failure; 19398 19399 if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) { 19400 if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)) 19401 goto nla_put_failure; 19402 if (quiet && 19403 nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX)) 19404 goto nla_put_failure; 19405 } 19406 19407 if (nla_put_u32(msg, NL80211_ATTR_PUNCT_BITMAP, punct_bitmap)) 19408 goto nla_put_failure; 19409 19410 genlmsg_end(msg, hdr); 19411 19412 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19413 NL80211_MCGRP_MLME, gfp); 19414 return; 19415 19416 nla_put_failure: 19417 nlmsg_free(msg); 19418 } 19419 19420 void cfg80211_ch_switch_notify(struct net_device *dev, 19421 struct cfg80211_chan_def *chandef, 19422 unsigned int link_id, u16 punct_bitmap) 19423 { 19424 struct wireless_dev *wdev = dev->ieee80211_ptr; 19425 struct wiphy *wiphy = wdev->wiphy; 19426 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19427 19428 ASSERT_WDEV_LOCK(wdev); 19429 WARN_INVALID_LINK_ID(wdev, link_id); 19430 19431 trace_cfg80211_ch_switch_notify(dev, chandef, link_id, punct_bitmap); 19432 19433 switch (wdev->iftype) { 19434 case NL80211_IFTYPE_STATION: 19435 case NL80211_IFTYPE_P2P_CLIENT: 19436 if (!WARN_ON(!wdev->links[link_id].client.current_bss)) 19437 cfg80211_update_assoc_bss_entry(wdev, link_id, 19438 chandef->chan); 19439 break; 19440 case NL80211_IFTYPE_MESH_POINT: 19441 wdev->u.mesh.chandef = *chandef; 19442 wdev->u.mesh.preset_chandef = *chandef; 19443 break; 19444 case NL80211_IFTYPE_AP: 19445 case NL80211_IFTYPE_P2P_GO: 19446 wdev->links[link_id].ap.chandef = *chandef; 19447 break; 19448 case NL80211_IFTYPE_ADHOC: 19449 wdev->u.ibss.chandef = *chandef; 19450 break; 19451 default: 19452 WARN_ON(1); 19453 break; 19454 } 19455 19456 cfg80211_sched_dfs_chan_update(rdev); 19457 19458 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL, 19459 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false, 19460 punct_bitmap); 19461 } 19462 EXPORT_SYMBOL(cfg80211_ch_switch_notify); 19463 19464 void cfg80211_ch_switch_started_notify(struct net_device *dev, 19465 struct cfg80211_chan_def *chandef, 19466 unsigned int link_id, u8 count, 19467 bool quiet, u16 punct_bitmap) 19468 { 19469 struct wireless_dev *wdev = dev->ieee80211_ptr; 19470 struct wiphy *wiphy = wdev->wiphy; 19471 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19472 19473 ASSERT_WDEV_LOCK(wdev); 19474 WARN_INVALID_LINK_ID(wdev, link_id); 19475 19476 trace_cfg80211_ch_switch_started_notify(dev, chandef, link_id, 19477 punct_bitmap); 19478 19479 19480 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL, 19481 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, 19482 count, quiet, punct_bitmap); 19483 } 19484 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify); 19485 19486 int cfg80211_bss_color_notify(struct net_device *dev, 19487 enum nl80211_commands cmd, u8 count, 19488 u64 color_bitmap) 19489 { 19490 struct wireless_dev *wdev = dev->ieee80211_ptr; 19491 struct wiphy *wiphy = wdev->wiphy; 19492 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19493 struct sk_buff *msg; 19494 void *hdr; 19495 19496 ASSERT_WDEV_LOCK(wdev); 19497 19498 trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap); 19499 19500 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 19501 if (!msg) 19502 return -ENOMEM; 19503 19504 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 19505 if (!hdr) 19506 goto nla_put_failure; 19507 19508 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 19509 goto nla_put_failure; 19510 19511 if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED && 19512 nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count)) 19513 goto nla_put_failure; 19514 19515 if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION && 19516 nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP, 19517 color_bitmap, NL80211_ATTR_PAD)) 19518 goto nla_put_failure; 19519 19520 genlmsg_end(msg, hdr); 19521 19522 return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 19523 msg, 0, NL80211_MCGRP_MLME, GFP_KERNEL); 19524 19525 nla_put_failure: 19526 nlmsg_free(msg); 19527 return -EINVAL; 19528 } 19529 EXPORT_SYMBOL(cfg80211_bss_color_notify); 19530 19531 void 19532 nl80211_radar_notify(struct cfg80211_registered_device *rdev, 19533 const struct cfg80211_chan_def *chandef, 19534 enum nl80211_radar_event event, 19535 struct net_device *netdev, gfp_t gfp) 19536 { 19537 struct sk_buff *msg; 19538 void *hdr; 19539 19540 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19541 if (!msg) 19542 return; 19543 19544 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT); 19545 if (!hdr) { 19546 nlmsg_free(msg); 19547 return; 19548 } 19549 19550 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 19551 goto nla_put_failure; 19552 19553 /* NOP and radar events don't need a netdev parameter */ 19554 if (netdev) { 19555 struct wireless_dev *wdev = netdev->ieee80211_ptr; 19556 19557 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 19558 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 19559 NL80211_ATTR_PAD)) 19560 goto nla_put_failure; 19561 } 19562 19563 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event)) 19564 goto nla_put_failure; 19565 19566 if (nl80211_send_chandef(msg, chandef)) 19567 goto nla_put_failure; 19568 19569 genlmsg_end(msg, hdr); 19570 19571 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19572 NL80211_MCGRP_MLME, gfp); 19573 return; 19574 19575 nla_put_failure: 19576 nlmsg_free(msg); 19577 } 19578 19579 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac, 19580 struct sta_opmode_info *sta_opmode, 19581 gfp_t gfp) 19582 { 19583 struct sk_buff *msg; 19584 struct wireless_dev *wdev = dev->ieee80211_ptr; 19585 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 19586 void *hdr; 19587 19588 if (WARN_ON(!mac)) 19589 return; 19590 19591 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19592 if (!msg) 19593 return; 19594 19595 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED); 19596 if (!hdr) { 19597 nlmsg_free(msg); 19598 return; 19599 } 19600 19601 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 19602 goto nla_put_failure; 19603 19604 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 19605 goto nla_put_failure; 19606 19607 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac)) 19608 goto nla_put_failure; 19609 19610 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) && 19611 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode)) 19612 goto nla_put_failure; 19613 19614 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) && 19615 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw)) 19616 goto nla_put_failure; 19617 19618 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) && 19619 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss)) 19620 goto nla_put_failure; 19621 19622 genlmsg_end(msg, hdr); 19623 19624 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19625 NL80211_MCGRP_MLME, gfp); 19626 19627 return; 19628 19629 nla_put_failure: 19630 nlmsg_free(msg); 19631 } 19632 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify); 19633 19634 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 19635 u64 cookie, bool acked, s32 ack_signal, 19636 bool is_valid_ack_signal, gfp_t gfp) 19637 { 19638 struct wireless_dev *wdev = dev->ieee80211_ptr; 19639 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 19640 struct sk_buff *msg; 19641 void *hdr; 19642 19643 trace_cfg80211_probe_status(dev, addr, cookie, acked); 19644 19645 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19646 19647 if (!msg) 19648 return; 19649 19650 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 19651 if (!hdr) { 19652 nlmsg_free(msg); 19653 return; 19654 } 19655 19656 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19657 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 19658 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 19659 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 19660 NL80211_ATTR_PAD) || 19661 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) || 19662 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL, 19663 ack_signal))) 19664 goto nla_put_failure; 19665 19666 genlmsg_end(msg, hdr); 19667 19668 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19669 NL80211_MCGRP_MLME, gfp); 19670 return; 19671 19672 nla_put_failure: 19673 nlmsg_free(msg); 19674 } 19675 EXPORT_SYMBOL(cfg80211_probe_status); 19676 19677 void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame, 19678 size_t len, int freq, int sig_dbm) 19679 { 19680 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19681 struct sk_buff *msg; 19682 void *hdr; 19683 struct cfg80211_beacon_registration *reg; 19684 19685 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm); 19686 19687 spin_lock_bh(&rdev->beacon_registrations_lock); 19688 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 19689 msg = nlmsg_new(len + 100, GFP_ATOMIC); 19690 if (!msg) { 19691 spin_unlock_bh(&rdev->beacon_registrations_lock); 19692 return; 19693 } 19694 19695 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 19696 if (!hdr) 19697 goto nla_put_failure; 19698 19699 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19700 (freq && 19701 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 19702 KHZ_TO_MHZ(freq)) || 19703 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, 19704 freq % 1000))) || 19705 (sig_dbm && 19706 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 19707 nla_put(msg, NL80211_ATTR_FRAME, len, frame)) 19708 goto nla_put_failure; 19709 19710 genlmsg_end(msg, hdr); 19711 19712 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid); 19713 } 19714 spin_unlock_bh(&rdev->beacon_registrations_lock); 19715 return; 19716 19717 nla_put_failure: 19718 spin_unlock_bh(&rdev->beacon_registrations_lock); 19719 nlmsg_free(msg); 19720 } 19721 EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz); 19722 19723 #ifdef CONFIG_PM 19724 static int cfg80211_net_detect_results(struct sk_buff *msg, 19725 struct cfg80211_wowlan_wakeup *wakeup) 19726 { 19727 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect; 19728 struct nlattr *nl_results, *nl_match, *nl_freqs; 19729 int i, j; 19730 19731 nl_results = nla_nest_start_noflag(msg, 19732 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS); 19733 if (!nl_results) 19734 return -EMSGSIZE; 19735 19736 for (i = 0; i < nd->n_matches; i++) { 19737 struct cfg80211_wowlan_nd_match *match = nd->matches[i]; 19738 19739 nl_match = nla_nest_start_noflag(msg, i); 19740 if (!nl_match) 19741 break; 19742 19743 /* The SSID attribute is optional in nl80211, but for 19744 * simplicity reasons it's always present in the 19745 * cfg80211 structure. If a driver can't pass the 19746 * SSID, that needs to be changed. A zero length SSID 19747 * is still a valid SSID (wildcard), so it cannot be 19748 * used for this purpose. 19749 */ 19750 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len, 19751 match->ssid.ssid)) { 19752 nla_nest_cancel(msg, nl_match); 19753 goto out; 19754 } 19755 19756 if (match->n_channels) { 19757 nl_freqs = nla_nest_start_noflag(msg, 19758 NL80211_ATTR_SCAN_FREQUENCIES); 19759 if (!nl_freqs) { 19760 nla_nest_cancel(msg, nl_match); 19761 goto out; 19762 } 19763 19764 for (j = 0; j < match->n_channels; j++) { 19765 if (nla_put_u32(msg, j, match->channels[j])) { 19766 nla_nest_cancel(msg, nl_freqs); 19767 nla_nest_cancel(msg, nl_match); 19768 goto out; 19769 } 19770 } 19771 19772 nla_nest_end(msg, nl_freqs); 19773 } 19774 19775 nla_nest_end(msg, nl_match); 19776 } 19777 19778 out: 19779 nla_nest_end(msg, nl_results); 19780 return 0; 19781 } 19782 19783 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev, 19784 struct cfg80211_wowlan_wakeup *wakeup, 19785 gfp_t gfp) 19786 { 19787 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 19788 struct sk_buff *msg; 19789 void *hdr; 19790 int size = 200; 19791 19792 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup); 19793 19794 if (wakeup) 19795 size += wakeup->packet_present_len; 19796 19797 msg = nlmsg_new(size, gfp); 19798 if (!msg) 19799 return; 19800 19801 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN); 19802 if (!hdr) 19803 goto free_msg; 19804 19805 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19806 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 19807 NL80211_ATTR_PAD)) 19808 goto free_msg; 19809 19810 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 19811 wdev->netdev->ifindex)) 19812 goto free_msg; 19813 19814 if (wakeup) { 19815 struct nlattr *reasons; 19816 19817 reasons = nla_nest_start_noflag(msg, 19818 NL80211_ATTR_WOWLAN_TRIGGERS); 19819 if (!reasons) 19820 goto free_msg; 19821 19822 if (wakeup->disconnect && 19823 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) 19824 goto free_msg; 19825 if (wakeup->magic_pkt && 19826 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) 19827 goto free_msg; 19828 if (wakeup->gtk_rekey_failure && 19829 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) 19830 goto free_msg; 19831 if (wakeup->eap_identity_req && 19832 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) 19833 goto free_msg; 19834 if (wakeup->four_way_handshake && 19835 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) 19836 goto free_msg; 19837 if (wakeup->rfkill_release && 19838 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)) 19839 goto free_msg; 19840 19841 if (wakeup->pattern_idx >= 0 && 19842 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 19843 wakeup->pattern_idx)) 19844 goto free_msg; 19845 19846 if (wakeup->tcp_match && 19847 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH)) 19848 goto free_msg; 19849 19850 if (wakeup->tcp_connlost && 19851 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST)) 19852 goto free_msg; 19853 19854 if (wakeup->tcp_nomoretokens && 19855 nla_put_flag(msg, 19856 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS)) 19857 goto free_msg; 19858 19859 if (wakeup->packet) { 19860 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211; 19861 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN; 19862 19863 if (!wakeup->packet_80211) { 19864 pkt_attr = 19865 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023; 19866 len_attr = 19867 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN; 19868 } 19869 19870 if (wakeup->packet_len && 19871 nla_put_u32(msg, len_attr, wakeup->packet_len)) 19872 goto free_msg; 19873 19874 if (nla_put(msg, pkt_attr, wakeup->packet_present_len, 19875 wakeup->packet)) 19876 goto free_msg; 19877 } 19878 19879 if (wakeup->net_detect && 19880 cfg80211_net_detect_results(msg, wakeup)) 19881 goto free_msg; 19882 19883 nla_nest_end(msg, reasons); 19884 } 19885 19886 genlmsg_end(msg, hdr); 19887 19888 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19889 NL80211_MCGRP_MLME, gfp); 19890 return; 19891 19892 free_msg: 19893 nlmsg_free(msg); 19894 } 19895 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup); 19896 #endif 19897 19898 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer, 19899 enum nl80211_tdls_operation oper, 19900 u16 reason_code, gfp_t gfp) 19901 { 19902 struct wireless_dev *wdev = dev->ieee80211_ptr; 19903 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 19904 struct sk_buff *msg; 19905 void *hdr; 19906 19907 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper, 19908 reason_code); 19909 19910 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19911 if (!msg) 19912 return; 19913 19914 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER); 19915 if (!hdr) { 19916 nlmsg_free(msg); 19917 return; 19918 } 19919 19920 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19921 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 19922 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) || 19923 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) || 19924 (reason_code > 0 && 19925 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code))) 19926 goto nla_put_failure; 19927 19928 genlmsg_end(msg, hdr); 19929 19930 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19931 NL80211_MCGRP_MLME, gfp); 19932 return; 19933 19934 nla_put_failure: 19935 nlmsg_free(msg); 19936 } 19937 EXPORT_SYMBOL(cfg80211_tdls_oper_request); 19938 19939 static int nl80211_netlink_notify(struct notifier_block * nb, 19940 unsigned long state, 19941 void *_notify) 19942 { 19943 struct netlink_notify *notify = _notify; 19944 struct cfg80211_registered_device *rdev; 19945 struct wireless_dev *wdev; 19946 struct cfg80211_beacon_registration *reg, *tmp; 19947 19948 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC) 19949 return NOTIFY_DONE; 19950 19951 rcu_read_lock(); 19952 19953 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 19954 struct cfg80211_sched_scan_request *sched_scan_req; 19955 19956 list_for_each_entry_rcu(sched_scan_req, 19957 &rdev->sched_scan_req_list, 19958 list) { 19959 if (sched_scan_req->owner_nlportid == notify->portid) { 19960 sched_scan_req->nl_owner_dead = true; 19961 wiphy_work_queue(&rdev->wiphy, 19962 &rdev->sched_scan_stop_wk); 19963 } 19964 } 19965 19966 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) { 19967 cfg80211_mlme_unregister_socket(wdev, notify->portid); 19968 19969 if (wdev->owner_nlportid == notify->portid) { 19970 wdev->nl_owner_dead = true; 19971 schedule_work(&rdev->destroy_work); 19972 } else if (wdev->conn_owner_nlportid == notify->portid) { 19973 schedule_work(&wdev->disconnect_wk); 19974 } 19975 19976 cfg80211_release_pmsr(wdev, notify->portid); 19977 } 19978 19979 spin_lock_bh(&rdev->beacon_registrations_lock); 19980 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations, 19981 list) { 19982 if (reg->nlportid == notify->portid) { 19983 list_del(®->list); 19984 kfree(reg); 19985 break; 19986 } 19987 } 19988 spin_unlock_bh(&rdev->beacon_registrations_lock); 19989 } 19990 19991 rcu_read_unlock(); 19992 19993 /* 19994 * It is possible that the user space process that is controlling the 19995 * indoor setting disappeared, so notify the regulatory core. 19996 */ 19997 regulatory_netlink_notify(notify->portid); 19998 return NOTIFY_OK; 19999 } 20000 20001 static struct notifier_block nl80211_netlink_notifier = { 20002 .notifier_call = nl80211_netlink_notify, 20003 }; 20004 20005 void cfg80211_ft_event(struct net_device *netdev, 20006 struct cfg80211_ft_event_params *ft_event) 20007 { 20008 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy; 20009 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 20010 struct sk_buff *msg; 20011 void *hdr; 20012 20013 trace_cfg80211_ft_event(wiphy, netdev, ft_event); 20014 20015 if (!ft_event->target_ap) 20016 return; 20017 20018 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len, 20019 GFP_KERNEL); 20020 if (!msg) 20021 return; 20022 20023 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT); 20024 if (!hdr) 20025 goto out; 20026 20027 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 20028 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 20029 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap)) 20030 goto out; 20031 20032 if (ft_event->ies && 20033 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies)) 20034 goto out; 20035 if (ft_event->ric_ies && 20036 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len, 20037 ft_event->ric_ies)) 20038 goto out; 20039 20040 genlmsg_end(msg, hdr); 20041 20042 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 20043 NL80211_MCGRP_MLME, GFP_KERNEL); 20044 return; 20045 out: 20046 nlmsg_free(msg); 20047 } 20048 EXPORT_SYMBOL(cfg80211_ft_event); 20049 20050 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp) 20051 { 20052 struct cfg80211_registered_device *rdev; 20053 struct sk_buff *msg; 20054 void *hdr; 20055 u32 nlportid; 20056 20057 rdev = wiphy_to_rdev(wdev->wiphy); 20058 if (!rdev->crit_proto_nlportid) 20059 return; 20060 20061 nlportid = rdev->crit_proto_nlportid; 20062 rdev->crit_proto_nlportid = 0; 20063 20064 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 20065 if (!msg) 20066 return; 20067 20068 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP); 20069 if (!hdr) 20070 goto nla_put_failure; 20071 20072 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 20073 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 20074 NL80211_ATTR_PAD)) 20075 goto nla_put_failure; 20076 20077 genlmsg_end(msg, hdr); 20078 20079 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 20080 return; 20081 20082 nla_put_failure: 20083 nlmsg_free(msg); 20084 } 20085 EXPORT_SYMBOL(cfg80211_crit_proto_stopped); 20086 20087 void nl80211_send_ap_stopped(struct wireless_dev *wdev, unsigned int link_id) 20088 { 20089 struct wiphy *wiphy = wdev->wiphy; 20090 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 20091 struct sk_buff *msg; 20092 void *hdr; 20093 20094 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 20095 if (!msg) 20096 return; 20097 20098 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP); 20099 if (!hdr) 20100 goto out; 20101 20102 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 20103 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) || 20104 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 20105 NL80211_ATTR_PAD) || 20106 (wdev->valid_links && 20107 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))) 20108 goto out; 20109 20110 genlmsg_end(msg, hdr); 20111 20112 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0, 20113 NL80211_MCGRP_MLME, GFP_KERNEL); 20114 return; 20115 out: 20116 nlmsg_free(msg); 20117 } 20118 20119 int cfg80211_external_auth_request(struct net_device *dev, 20120 struct cfg80211_external_auth_params *params, 20121 gfp_t gfp) 20122 { 20123 struct wireless_dev *wdev = dev->ieee80211_ptr; 20124 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 20125 struct sk_buff *msg; 20126 void *hdr; 20127 20128 if (!wdev->conn_owner_nlportid) 20129 return -EINVAL; 20130 20131 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 20132 if (!msg) 20133 return -ENOMEM; 20134 20135 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH); 20136 if (!hdr) 20137 goto nla_put_failure; 20138 20139 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 20140 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 20141 nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) || 20142 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION, 20143 params->action) || 20144 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) || 20145 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len, 20146 params->ssid.ssid) || 20147 (!is_zero_ether_addr(params->mld_addr) && 20148 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, params->mld_addr))) 20149 goto nla_put_failure; 20150 20151 genlmsg_end(msg, hdr); 20152 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 20153 wdev->conn_owner_nlportid); 20154 return 0; 20155 20156 nla_put_failure: 20157 nlmsg_free(msg); 20158 return -ENOBUFS; 20159 } 20160 EXPORT_SYMBOL(cfg80211_external_auth_request); 20161 20162 void cfg80211_update_owe_info_event(struct net_device *netdev, 20163 struct cfg80211_update_owe_info *owe_info, 20164 gfp_t gfp) 20165 { 20166 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy; 20167 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 20168 struct sk_buff *msg; 20169 void *hdr; 20170 20171 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info); 20172 20173 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 20174 if (!msg) 20175 return; 20176 20177 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO); 20178 if (!hdr) 20179 goto nla_put_failure; 20180 20181 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 20182 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 20183 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer)) 20184 goto nla_put_failure; 20185 20186 if (!owe_info->ie_len || 20187 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie)) 20188 goto nla_put_failure; 20189 20190 if (owe_info->assoc_link_id != -1) { 20191 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, 20192 owe_info->assoc_link_id)) 20193 goto nla_put_failure; 20194 20195 if (!is_zero_ether_addr(owe_info->peer_mld_addr) && 20196 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, 20197 owe_info->peer_mld_addr)) 20198 goto nla_put_failure; 20199 } 20200 20201 genlmsg_end(msg, hdr); 20202 20203 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 20204 NL80211_MCGRP_MLME, gfp); 20205 return; 20206 20207 nla_put_failure: 20208 genlmsg_cancel(msg, hdr); 20209 nlmsg_free(msg); 20210 } 20211 EXPORT_SYMBOL(cfg80211_update_owe_info_event); 20212 20213 /* initialisation/exit functions */ 20214 20215 int __init nl80211_init(void) 20216 { 20217 int err; 20218 20219 err = genl_register_family(&nl80211_fam); 20220 if (err) 20221 return err; 20222 20223 err = netlink_register_notifier(&nl80211_netlink_notifier); 20224 if (err) 20225 goto err_out; 20226 20227 return 0; 20228 err_out: 20229 genl_unregister_family(&nl80211_fam); 20230 return err; 20231 } 20232 20233 void nl80211_exit(void) 20234 { 20235 netlink_unregister_notifier(&nl80211_netlink_notifier); 20236 genl_unregister_family(&nl80211_fam); 20237 } 20238