1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2013-2014 Intel Mobile Communications GmbH 6 * Copyright 2015-2016 Intel Deutschland GmbH 7 */ 8 9 #include <linux/if.h> 10 #include <linux/module.h> 11 #include <linux/err.h> 12 #include <linux/slab.h> 13 #include <linux/list.h> 14 #include <linux/if_ether.h> 15 #include <linux/ieee80211.h> 16 #include <linux/nl80211.h> 17 #include <linux/rtnetlink.h> 18 #include <linux/netlink.h> 19 #include <linux/etherdevice.h> 20 #include <net/net_namespace.h> 21 #include <net/genetlink.h> 22 #include <net/cfg80211.h> 23 #include <net/sock.h> 24 #include <net/inet_connection_sock.h> 25 #include "core.h" 26 #include "nl80211.h" 27 #include "reg.h" 28 #include "rdev-ops.h" 29 30 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 31 struct genl_info *info, 32 struct cfg80211_crypto_settings *settings, 33 int cipher_limit); 34 35 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb, 36 struct genl_info *info); 37 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb, 38 struct genl_info *info); 39 40 /* the netlink family */ 41 static struct genl_family nl80211_fam = { 42 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 43 .name = NL80211_GENL_NAME, /* have users key off the name instead */ 44 .hdrsize = 0, /* no private header */ 45 .version = 1, /* no particular meaning now */ 46 .maxattr = NL80211_ATTR_MAX, 47 .netnsok = true, 48 .pre_doit = nl80211_pre_doit, 49 .post_doit = nl80211_post_doit, 50 }; 51 52 /* multicast groups */ 53 enum nl80211_multicast_groups { 54 NL80211_MCGRP_CONFIG, 55 NL80211_MCGRP_SCAN, 56 NL80211_MCGRP_REGULATORY, 57 NL80211_MCGRP_MLME, 58 NL80211_MCGRP_VENDOR, 59 NL80211_MCGRP_NAN, 60 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */ 61 }; 62 63 static const struct genl_multicast_group nl80211_mcgrps[] = { 64 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG }, 65 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN }, 66 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG }, 67 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME }, 68 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR }, 69 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN }, 70 #ifdef CONFIG_NL80211_TESTMODE 71 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE } 72 #endif 73 }; 74 75 /* returns ERR_PTR values */ 76 static struct wireless_dev * 77 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs) 78 { 79 struct cfg80211_registered_device *rdev; 80 struct wireless_dev *result = NULL; 81 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX]; 82 bool have_wdev_id = attrs[NL80211_ATTR_WDEV]; 83 u64 wdev_id; 84 int wiphy_idx = -1; 85 int ifidx = -1; 86 87 ASSERT_RTNL(); 88 89 if (!have_ifidx && !have_wdev_id) 90 return ERR_PTR(-EINVAL); 91 92 if (have_ifidx) 93 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 94 if (have_wdev_id) { 95 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 96 wiphy_idx = wdev_id >> 32; 97 } 98 99 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 100 struct wireless_dev *wdev; 101 102 if (wiphy_net(&rdev->wiphy) != netns) 103 continue; 104 105 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx) 106 continue; 107 108 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 109 if (have_ifidx && wdev->netdev && 110 wdev->netdev->ifindex == ifidx) { 111 result = wdev; 112 break; 113 } 114 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 115 result = wdev; 116 break; 117 } 118 } 119 120 if (result) 121 break; 122 } 123 124 if (result) 125 return result; 126 return ERR_PTR(-ENODEV); 127 } 128 129 static struct cfg80211_registered_device * 130 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs) 131 { 132 struct cfg80211_registered_device *rdev = NULL, *tmp; 133 struct net_device *netdev; 134 135 ASSERT_RTNL(); 136 137 if (!attrs[NL80211_ATTR_WIPHY] && 138 !attrs[NL80211_ATTR_IFINDEX] && 139 !attrs[NL80211_ATTR_WDEV]) 140 return ERR_PTR(-EINVAL); 141 142 if (attrs[NL80211_ATTR_WIPHY]) 143 rdev = cfg80211_rdev_by_wiphy_idx( 144 nla_get_u32(attrs[NL80211_ATTR_WIPHY])); 145 146 if (attrs[NL80211_ATTR_WDEV]) { 147 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 148 struct wireless_dev *wdev; 149 bool found = false; 150 151 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32); 152 if (tmp) { 153 /* make sure wdev exists */ 154 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) { 155 if (wdev->identifier != (u32)wdev_id) 156 continue; 157 found = true; 158 break; 159 } 160 161 if (!found) 162 tmp = NULL; 163 164 if (rdev && tmp != rdev) 165 return ERR_PTR(-EINVAL); 166 rdev = tmp; 167 } 168 } 169 170 if (attrs[NL80211_ATTR_IFINDEX]) { 171 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 172 173 netdev = __dev_get_by_index(netns, ifindex); 174 if (netdev) { 175 if (netdev->ieee80211_ptr) 176 tmp = wiphy_to_rdev( 177 netdev->ieee80211_ptr->wiphy); 178 else 179 tmp = NULL; 180 181 /* not wireless device -- return error */ 182 if (!tmp) 183 return ERR_PTR(-EINVAL); 184 185 /* mismatch -- return error */ 186 if (rdev && tmp != rdev) 187 return ERR_PTR(-EINVAL); 188 189 rdev = tmp; 190 } 191 } 192 193 if (!rdev) 194 return ERR_PTR(-ENODEV); 195 196 if (netns != wiphy_net(&rdev->wiphy)) 197 return ERR_PTR(-ENODEV); 198 199 return rdev; 200 } 201 202 /* 203 * This function returns a pointer to the driver 204 * that the genl_info item that is passed refers to. 205 * 206 * The result of this can be a PTR_ERR and hence must 207 * be checked with IS_ERR() for errors. 208 */ 209 static struct cfg80211_registered_device * 210 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info) 211 { 212 return __cfg80211_rdev_from_attrs(netns, info->attrs); 213 } 214 215 /* policy for the attributes */ 216 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { 217 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 218 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 219 .len = 20-1 }, 220 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 221 222 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 223 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 224 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 }, 225 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 }, 226 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 }, 227 228 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 229 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 230 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 231 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 232 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 233 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG }, 234 235 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 236 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 237 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 238 239 [NL80211_ATTR_MAC] = { .len = ETH_ALEN }, 240 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN }, 241 242 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 243 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 244 .len = WLAN_MAX_KEY_LEN }, 245 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 246 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 247 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 248 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 249 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 }, 250 251 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 252 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 253 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 254 .len = IEEE80211_MAX_DATA_LEN }, 255 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 256 .len = IEEE80211_MAX_DATA_LEN }, 257 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 258 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 259 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 260 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 261 .len = NL80211_MAX_SUPP_RATES }, 262 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 263 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 264 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 265 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 266 .len = IEEE80211_MAX_MESH_ID_LEN }, 267 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 268 269 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 270 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 271 272 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 273 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 274 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 275 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 276 .len = NL80211_MAX_SUPP_RATES }, 277 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 278 279 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 280 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 281 282 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN }, 283 284 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 285 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 286 .len = IEEE80211_MAX_DATA_LEN }, 287 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 288 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 289 290 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 291 .len = IEEE80211_MAX_SSID_LEN }, 292 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 293 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 294 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 295 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 296 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 297 [NL80211_ATTR_STA_FLAGS2] = { 298 .len = sizeof(struct nl80211_sta_flag_update), 299 }, 300 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 301 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 302 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 303 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 304 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 305 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 306 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 307 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 308 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 309 .len = WLAN_PMKID_LEN }, 310 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 311 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 312 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 313 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 314 .len = IEEE80211_MAX_DATA_LEN }, 315 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 316 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 317 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 318 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 319 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 320 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 321 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 322 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 323 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 324 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 325 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 326 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 327 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 328 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 329 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, 330 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 331 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 332 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 333 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 }, 334 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY, 335 .len = IEEE80211_MAX_DATA_LEN }, 336 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY, 337 .len = IEEE80211_MAX_DATA_LEN }, 338 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 339 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 340 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 341 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 342 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 343 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 344 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 345 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 346 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG }, 347 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 348 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 349 .len = IEEE80211_MAX_DATA_LEN }, 350 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 351 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 352 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 353 .len = NL80211_HT_CAPABILITY_LEN 354 }, 355 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 356 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 357 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 358 [NL80211_ATTR_WDEV] = { .type = NLA_U64 }, 359 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 }, 360 [NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, }, 361 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN }, 362 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 }, 363 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 }, 364 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 }, 365 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 }, 366 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED }, 367 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 }, 368 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, }, 369 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, }, 370 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG }, 371 [NL80211_ATTR_VHT_CAPABILITY_MASK] = { 372 .len = NL80211_VHT_CAPABILITY_LEN, 373 }, 374 [NL80211_ATTR_MDID] = { .type = NLA_U16 }, 375 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY, 376 .len = IEEE80211_MAX_DATA_LEN }, 377 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 }, 378 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 }, 379 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG }, 380 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED }, 381 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY }, 382 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY }, 383 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY }, 384 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY }, 385 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG }, 386 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 }, 387 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 }, 388 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 }, 389 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY }, 390 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY, 391 .len = IEEE80211_QOS_MAP_LEN_MAX }, 392 [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN }, 393 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 }, 394 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 }, 395 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG }, 396 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY }, 397 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG }, 398 [NL80211_ATTR_TSID] = { .type = NLA_U8 }, 399 [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 }, 400 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 }, 401 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 }, 402 [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN }, 403 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG }, 404 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 }, 405 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 }, 406 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG }, 407 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG }, 408 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED }, 409 [NL80211_ATTR_STA_SUPPORT_P2P_PS] = { .type = NLA_U8 }, 410 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = { 411 .len = VHT_MUMIMO_GROUPS_DATA_LEN 412 }, 413 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN }, 414 [NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 }, 415 [NL80211_ATTR_NAN_DUAL] = { .type = NLA_U8 }, 416 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED }, 417 }; 418 419 /* policy for the key attributes */ 420 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 421 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 422 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 423 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 424 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 425 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 426 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 427 [NL80211_KEY_TYPE] = { .type = NLA_U32 }, 428 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 429 }; 430 431 /* policy for the key default flags */ 432 static const struct nla_policy 433 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 434 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 435 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 436 }; 437 438 /* policy for WoWLAN attributes */ 439 static const struct nla_policy 440 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 441 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 442 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 443 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 444 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 445 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 446 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 447 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 448 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 449 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED }, 450 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED }, 451 }; 452 453 static const struct nla_policy 454 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = { 455 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 }, 456 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 }, 457 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN }, 458 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 }, 459 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 }, 460 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 }, 461 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = { 462 .len = sizeof(struct nl80211_wowlan_tcp_data_seq) 463 }, 464 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = { 465 .len = sizeof(struct nl80211_wowlan_tcp_data_token) 466 }, 467 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 }, 468 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 }, 469 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 }, 470 }; 471 472 /* policy for coalesce rule attributes */ 473 static const struct nla_policy 474 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = { 475 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 }, 476 [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 }, 477 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED }, 478 }; 479 480 /* policy for GTK rekey offload attributes */ 481 static const struct nla_policy 482 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 483 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN }, 484 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN }, 485 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN }, 486 }; 487 488 static const struct nla_policy 489 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 490 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY, 491 .len = IEEE80211_MAX_SSID_LEN }, 492 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 }, 493 }; 494 495 static const struct nla_policy 496 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = { 497 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 }, 498 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 }, 499 }; 500 501 static const struct nla_policy 502 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = { 503 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG }, 504 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 }, 505 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = { 506 .len = sizeof(struct nl80211_bss_select_rssi_adjust) 507 }, 508 }; 509 510 /* policy for NAN function attributes */ 511 static const struct nla_policy 512 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = { 513 [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 }, 514 [NL80211_NAN_FUNC_SERVICE_ID] = { .type = NLA_BINARY, 515 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN }, 516 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 }, 517 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG }, 518 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG }, 519 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 }, 520 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 }, 521 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = { .len = ETH_ALEN }, 522 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG }, 523 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 }, 524 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY, 525 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN }, 526 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED }, 527 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED }, 528 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED }, 529 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 }, 530 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 }, 531 }; 532 533 /* policy for Service Response Filter attributes */ 534 static const struct nla_policy 535 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = { 536 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG }, 537 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY, 538 .len = NL80211_NAN_FUNC_SRF_MAX_LEN }, 539 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 }, 540 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED }, 541 }; 542 543 static int nl80211_prepare_wdev_dump(struct sk_buff *skb, 544 struct netlink_callback *cb, 545 struct cfg80211_registered_device **rdev, 546 struct wireless_dev **wdev) 547 { 548 int err; 549 550 rtnl_lock(); 551 552 if (!cb->args[0]) { 553 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 554 nl80211_fam.attrbuf, nl80211_fam.maxattr, 555 nl80211_policy); 556 if (err) 557 goto out_unlock; 558 559 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), 560 nl80211_fam.attrbuf); 561 if (IS_ERR(*wdev)) { 562 err = PTR_ERR(*wdev); 563 goto out_unlock; 564 } 565 *rdev = wiphy_to_rdev((*wdev)->wiphy); 566 /* 0 is the first index - add 1 to parse only once */ 567 cb->args[0] = (*rdev)->wiphy_idx + 1; 568 cb->args[1] = (*wdev)->identifier; 569 } else { 570 /* subtract the 1 again here */ 571 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1); 572 struct wireless_dev *tmp; 573 574 if (!wiphy) { 575 err = -ENODEV; 576 goto out_unlock; 577 } 578 *rdev = wiphy_to_rdev(wiphy); 579 *wdev = NULL; 580 581 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) { 582 if (tmp->identifier == cb->args[1]) { 583 *wdev = tmp; 584 break; 585 } 586 } 587 588 if (!*wdev) { 589 err = -ENODEV; 590 goto out_unlock; 591 } 592 } 593 594 return 0; 595 out_unlock: 596 rtnl_unlock(); 597 return err; 598 } 599 600 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev) 601 { 602 rtnl_unlock(); 603 } 604 605 /* IE validation */ 606 static bool is_valid_ie_attr(const struct nlattr *attr) 607 { 608 const u8 *pos; 609 int len; 610 611 if (!attr) 612 return true; 613 614 pos = nla_data(attr); 615 len = nla_len(attr); 616 617 while (len) { 618 u8 elemlen; 619 620 if (len < 2) 621 return false; 622 len -= 2; 623 624 elemlen = pos[1]; 625 if (elemlen > len) 626 return false; 627 628 len -= elemlen; 629 pos += 2 + elemlen; 630 } 631 632 return true; 633 } 634 635 /* message building helper */ 636 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq, 637 int flags, u8 cmd) 638 { 639 /* since there is no private header just add the generic one */ 640 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd); 641 } 642 643 static int nl80211_msg_put_channel(struct sk_buff *msg, 644 struct ieee80211_channel *chan, 645 bool large) 646 { 647 /* Some channels must be completely excluded from the 648 * list to protect old user-space tools from breaking 649 */ 650 if (!large && chan->flags & 651 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ)) 652 return 0; 653 654 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ, 655 chan->center_freq)) 656 goto nla_put_failure; 657 658 if ((chan->flags & IEEE80211_CHAN_DISABLED) && 659 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) 660 goto nla_put_failure; 661 if (chan->flags & IEEE80211_CHAN_NO_IR) { 662 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR)) 663 goto nla_put_failure; 664 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS)) 665 goto nla_put_failure; 666 } 667 if (chan->flags & IEEE80211_CHAN_RADAR) { 668 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 669 goto nla_put_failure; 670 if (large) { 671 u32 time; 672 673 time = elapsed_jiffies_msecs(chan->dfs_state_entered); 674 675 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE, 676 chan->dfs_state)) 677 goto nla_put_failure; 678 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME, 679 time)) 680 goto nla_put_failure; 681 if (nla_put_u32(msg, 682 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME, 683 chan->dfs_cac_ms)) 684 goto nla_put_failure; 685 } 686 } 687 688 if (large) { 689 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) && 690 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS)) 691 goto nla_put_failure; 692 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) && 693 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS)) 694 goto nla_put_failure; 695 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) && 696 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ)) 697 goto nla_put_failure; 698 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) && 699 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ)) 700 goto nla_put_failure; 701 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) && 702 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY)) 703 goto nla_put_failure; 704 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) && 705 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT)) 706 goto nla_put_failure; 707 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) && 708 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ)) 709 goto nla_put_failure; 710 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) && 711 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ)) 712 goto nla_put_failure; 713 } 714 715 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 716 DBM_TO_MBM(chan->max_power))) 717 goto nla_put_failure; 718 719 return 0; 720 721 nla_put_failure: 722 return -ENOBUFS; 723 } 724 725 /* netlink command implementations */ 726 727 struct key_parse { 728 struct key_params p; 729 int idx; 730 int type; 731 bool def, defmgmt; 732 bool def_uni, def_multi; 733 }; 734 735 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 736 { 737 struct nlattr *tb[NL80211_KEY_MAX + 1]; 738 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 739 nl80211_key_policy); 740 if (err) 741 return err; 742 743 k->def = !!tb[NL80211_KEY_DEFAULT]; 744 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 745 746 if (k->def) { 747 k->def_uni = true; 748 k->def_multi = true; 749 } 750 if (k->defmgmt) 751 k->def_multi = true; 752 753 if (tb[NL80211_KEY_IDX]) 754 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 755 756 if (tb[NL80211_KEY_DATA]) { 757 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 758 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 759 } 760 761 if (tb[NL80211_KEY_SEQ]) { 762 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 763 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 764 } 765 766 if (tb[NL80211_KEY_CIPHER]) 767 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 768 769 if (tb[NL80211_KEY_TYPE]) { 770 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 771 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 772 return -EINVAL; 773 } 774 775 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 776 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 777 778 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 779 tb[NL80211_KEY_DEFAULT_TYPES], 780 nl80211_key_default_policy); 781 if (err) 782 return err; 783 784 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 785 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 786 } 787 788 return 0; 789 } 790 791 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 792 { 793 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 794 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 795 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 796 } 797 798 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 799 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 800 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 801 } 802 803 if (info->attrs[NL80211_ATTR_KEY_IDX]) 804 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 805 806 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 807 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 808 809 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 810 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 811 812 if (k->def) { 813 k->def_uni = true; 814 k->def_multi = true; 815 } 816 if (k->defmgmt) 817 k->def_multi = true; 818 819 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 820 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 821 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 822 return -EINVAL; 823 } 824 825 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 826 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 827 int err = nla_parse_nested( 828 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 829 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 830 nl80211_key_default_policy); 831 if (err) 832 return err; 833 834 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 835 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 836 } 837 838 return 0; 839 } 840 841 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 842 { 843 int err; 844 845 memset(k, 0, sizeof(*k)); 846 k->idx = -1; 847 k->type = -1; 848 849 if (info->attrs[NL80211_ATTR_KEY]) 850 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 851 else 852 err = nl80211_parse_key_old(info, k); 853 854 if (err) 855 return err; 856 857 if (k->def && k->defmgmt) 858 return -EINVAL; 859 860 if (k->defmgmt) { 861 if (k->def_uni || !k->def_multi) 862 return -EINVAL; 863 } 864 865 if (k->idx != -1) { 866 if (k->defmgmt) { 867 if (k->idx < 4 || k->idx > 5) 868 return -EINVAL; 869 } else if (k->def) { 870 if (k->idx < 0 || k->idx > 3) 871 return -EINVAL; 872 } else { 873 if (k->idx < 0 || k->idx > 5) 874 return -EINVAL; 875 } 876 } 877 878 return 0; 879 } 880 881 static struct cfg80211_cached_keys * 882 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 883 struct nlattr *keys, bool *no_ht) 884 { 885 struct key_parse parse; 886 struct nlattr *key; 887 struct cfg80211_cached_keys *result; 888 int rem, err, def = 0; 889 bool have_key = false; 890 891 nla_for_each_nested(key, keys, rem) { 892 have_key = true; 893 break; 894 } 895 896 if (!have_key) 897 return NULL; 898 899 result = kzalloc(sizeof(*result), GFP_KERNEL); 900 if (!result) 901 return ERR_PTR(-ENOMEM); 902 903 result->def = -1; 904 905 nla_for_each_nested(key, keys, rem) { 906 memset(&parse, 0, sizeof(parse)); 907 parse.idx = -1; 908 909 err = nl80211_parse_key_new(key, &parse); 910 if (err) 911 goto error; 912 err = -EINVAL; 913 if (!parse.p.key) 914 goto error; 915 if (parse.idx < 0 || parse.idx > 3) 916 goto error; 917 if (parse.def) { 918 if (def) 919 goto error; 920 def = 1; 921 result->def = parse.idx; 922 if (!parse.def_uni || !parse.def_multi) 923 goto error; 924 } else if (parse.defmgmt) 925 goto error; 926 err = cfg80211_validate_key_settings(rdev, &parse.p, 927 parse.idx, false, NULL); 928 if (err) 929 goto error; 930 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 && 931 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) { 932 err = -EINVAL; 933 goto error; 934 } 935 result->params[parse.idx].cipher = parse.p.cipher; 936 result->params[parse.idx].key_len = parse.p.key_len; 937 result->params[parse.idx].key = result->data[parse.idx]; 938 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 939 940 /* must be WEP key if we got here */ 941 if (no_ht) 942 *no_ht = true; 943 } 944 945 if (result->def < 0) { 946 err = -EINVAL; 947 goto error; 948 } 949 950 return result; 951 error: 952 kfree(result); 953 return ERR_PTR(err); 954 } 955 956 static int nl80211_key_allowed(struct wireless_dev *wdev) 957 { 958 ASSERT_WDEV_LOCK(wdev); 959 960 switch (wdev->iftype) { 961 case NL80211_IFTYPE_AP: 962 case NL80211_IFTYPE_AP_VLAN: 963 case NL80211_IFTYPE_P2P_GO: 964 case NL80211_IFTYPE_MESH_POINT: 965 break; 966 case NL80211_IFTYPE_ADHOC: 967 case NL80211_IFTYPE_STATION: 968 case NL80211_IFTYPE_P2P_CLIENT: 969 if (!wdev->current_bss) 970 return -ENOLINK; 971 break; 972 case NL80211_IFTYPE_UNSPECIFIED: 973 case NL80211_IFTYPE_OCB: 974 case NL80211_IFTYPE_MONITOR: 975 case NL80211_IFTYPE_NAN: 976 case NL80211_IFTYPE_P2P_DEVICE: 977 case NL80211_IFTYPE_WDS: 978 case NUM_NL80211_IFTYPES: 979 return -EINVAL; 980 } 981 982 return 0; 983 } 984 985 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy, 986 struct nlattr *tb) 987 { 988 struct ieee80211_channel *chan; 989 990 if (tb == NULL) 991 return NULL; 992 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb)); 993 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) 994 return NULL; 995 return chan; 996 } 997 998 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 999 { 1000 struct nlattr *nl_modes = nla_nest_start(msg, attr); 1001 int i; 1002 1003 if (!nl_modes) 1004 goto nla_put_failure; 1005 1006 i = 0; 1007 while (ifmodes) { 1008 if ((ifmodes & 1) && nla_put_flag(msg, i)) 1009 goto nla_put_failure; 1010 ifmodes >>= 1; 1011 i++; 1012 } 1013 1014 nla_nest_end(msg, nl_modes); 1015 return 0; 1016 1017 nla_put_failure: 1018 return -ENOBUFS; 1019 } 1020 1021 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 1022 struct sk_buff *msg, 1023 bool large) 1024 { 1025 struct nlattr *nl_combis; 1026 int i, j; 1027 1028 nl_combis = nla_nest_start(msg, 1029 NL80211_ATTR_INTERFACE_COMBINATIONS); 1030 if (!nl_combis) 1031 goto nla_put_failure; 1032 1033 for (i = 0; i < wiphy->n_iface_combinations; i++) { 1034 const struct ieee80211_iface_combination *c; 1035 struct nlattr *nl_combi, *nl_limits; 1036 1037 c = &wiphy->iface_combinations[i]; 1038 1039 nl_combi = nla_nest_start(msg, i + 1); 1040 if (!nl_combi) 1041 goto nla_put_failure; 1042 1043 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS); 1044 if (!nl_limits) 1045 goto nla_put_failure; 1046 1047 for (j = 0; j < c->n_limits; j++) { 1048 struct nlattr *nl_limit; 1049 1050 nl_limit = nla_nest_start(msg, j + 1); 1051 if (!nl_limit) 1052 goto nla_put_failure; 1053 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, 1054 c->limits[j].max)) 1055 goto nla_put_failure; 1056 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 1057 c->limits[j].types)) 1058 goto nla_put_failure; 1059 nla_nest_end(msg, nl_limit); 1060 } 1061 1062 nla_nest_end(msg, nl_limits); 1063 1064 if (c->beacon_int_infra_match && 1065 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH)) 1066 goto nla_put_failure; 1067 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 1068 c->num_different_channels) || 1069 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM, 1070 c->max_interfaces)) 1071 goto nla_put_failure; 1072 if (large && 1073 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS, 1074 c->radar_detect_widths) || 1075 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS, 1076 c->radar_detect_regions))) 1077 goto nla_put_failure; 1078 1079 nla_nest_end(msg, nl_combi); 1080 } 1081 1082 nla_nest_end(msg, nl_combis); 1083 1084 return 0; 1085 nla_put_failure: 1086 return -ENOBUFS; 1087 } 1088 1089 #ifdef CONFIG_PM 1090 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev, 1091 struct sk_buff *msg) 1092 { 1093 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp; 1094 struct nlattr *nl_tcp; 1095 1096 if (!tcp) 1097 return 0; 1098 1099 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION); 1100 if (!nl_tcp) 1101 return -ENOBUFS; 1102 1103 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 1104 tcp->data_payload_max)) 1105 return -ENOBUFS; 1106 1107 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 1108 tcp->data_payload_max)) 1109 return -ENOBUFS; 1110 1111 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ)) 1112 return -ENOBUFS; 1113 1114 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 1115 sizeof(*tcp->tok), tcp->tok)) 1116 return -ENOBUFS; 1117 1118 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 1119 tcp->data_interval_max)) 1120 return -ENOBUFS; 1121 1122 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 1123 tcp->wake_payload_max)) 1124 return -ENOBUFS; 1125 1126 nla_nest_end(msg, nl_tcp); 1127 return 0; 1128 } 1129 1130 static int nl80211_send_wowlan(struct sk_buff *msg, 1131 struct cfg80211_registered_device *rdev, 1132 bool large) 1133 { 1134 struct nlattr *nl_wowlan; 1135 1136 if (!rdev->wiphy.wowlan) 1137 return 0; 1138 1139 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 1140 if (!nl_wowlan) 1141 return -ENOBUFS; 1142 1143 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) && 1144 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 1145 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) && 1146 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 1147 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) && 1148 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 1149 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) && 1150 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) || 1151 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) && 1152 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 1153 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) && 1154 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 1155 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) && 1156 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 1157 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) && 1158 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 1159 return -ENOBUFS; 1160 1161 if (rdev->wiphy.wowlan->n_patterns) { 1162 struct nl80211_pattern_support pat = { 1163 .max_patterns = rdev->wiphy.wowlan->n_patterns, 1164 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len, 1165 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len, 1166 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset, 1167 }; 1168 1169 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1170 sizeof(pat), &pat)) 1171 return -ENOBUFS; 1172 } 1173 1174 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) && 1175 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT, 1176 rdev->wiphy.wowlan->max_nd_match_sets)) 1177 return -ENOBUFS; 1178 1179 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg)) 1180 return -ENOBUFS; 1181 1182 nla_nest_end(msg, nl_wowlan); 1183 1184 return 0; 1185 } 1186 #endif 1187 1188 static int nl80211_send_coalesce(struct sk_buff *msg, 1189 struct cfg80211_registered_device *rdev) 1190 { 1191 struct nl80211_coalesce_rule_support rule; 1192 1193 if (!rdev->wiphy.coalesce) 1194 return 0; 1195 1196 rule.max_rules = rdev->wiphy.coalesce->n_rules; 1197 rule.max_delay = rdev->wiphy.coalesce->max_delay; 1198 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns; 1199 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len; 1200 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len; 1201 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset; 1202 1203 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule)) 1204 return -ENOBUFS; 1205 1206 return 0; 1207 } 1208 1209 static int nl80211_send_band_rateinfo(struct sk_buff *msg, 1210 struct ieee80211_supported_band *sband) 1211 { 1212 struct nlattr *nl_rates, *nl_rate; 1213 struct ieee80211_rate *rate; 1214 int i; 1215 1216 /* add HT info */ 1217 if (sband->ht_cap.ht_supported && 1218 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET, 1219 sizeof(sband->ht_cap.mcs), 1220 &sband->ht_cap.mcs) || 1221 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA, 1222 sband->ht_cap.cap) || 1223 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 1224 sband->ht_cap.ampdu_factor) || 1225 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 1226 sband->ht_cap.ampdu_density))) 1227 return -ENOBUFS; 1228 1229 /* add VHT info */ 1230 if (sband->vht_cap.vht_supported && 1231 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET, 1232 sizeof(sband->vht_cap.vht_mcs), 1233 &sband->vht_cap.vht_mcs) || 1234 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA, 1235 sband->vht_cap.cap))) 1236 return -ENOBUFS; 1237 1238 /* add bitrates */ 1239 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 1240 if (!nl_rates) 1241 return -ENOBUFS; 1242 1243 for (i = 0; i < sband->n_bitrates; i++) { 1244 nl_rate = nla_nest_start(msg, i); 1245 if (!nl_rate) 1246 return -ENOBUFS; 1247 1248 rate = &sband->bitrates[i]; 1249 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE, 1250 rate->bitrate)) 1251 return -ENOBUFS; 1252 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) && 1253 nla_put_flag(msg, 1254 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE)) 1255 return -ENOBUFS; 1256 1257 nla_nest_end(msg, nl_rate); 1258 } 1259 1260 nla_nest_end(msg, nl_rates); 1261 1262 return 0; 1263 } 1264 1265 static int 1266 nl80211_send_mgmt_stypes(struct sk_buff *msg, 1267 const struct ieee80211_txrx_stypes *mgmt_stypes) 1268 { 1269 u16 stypes; 1270 struct nlattr *nl_ftypes, *nl_ifs; 1271 enum nl80211_iftype ift; 1272 int i; 1273 1274 if (!mgmt_stypes) 1275 return 0; 1276 1277 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES); 1278 if (!nl_ifs) 1279 return -ENOBUFS; 1280 1281 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1282 nl_ftypes = nla_nest_start(msg, ift); 1283 if (!nl_ftypes) 1284 return -ENOBUFS; 1285 i = 0; 1286 stypes = mgmt_stypes[ift].tx; 1287 while (stypes) { 1288 if ((stypes & 1) && 1289 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1290 (i << 4) | IEEE80211_FTYPE_MGMT)) 1291 return -ENOBUFS; 1292 stypes >>= 1; 1293 i++; 1294 } 1295 nla_nest_end(msg, nl_ftypes); 1296 } 1297 1298 nla_nest_end(msg, nl_ifs); 1299 1300 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES); 1301 if (!nl_ifs) 1302 return -ENOBUFS; 1303 1304 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1305 nl_ftypes = nla_nest_start(msg, ift); 1306 if (!nl_ftypes) 1307 return -ENOBUFS; 1308 i = 0; 1309 stypes = mgmt_stypes[ift].rx; 1310 while (stypes) { 1311 if ((stypes & 1) && 1312 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1313 (i << 4) | IEEE80211_FTYPE_MGMT)) 1314 return -ENOBUFS; 1315 stypes >>= 1; 1316 i++; 1317 } 1318 nla_nest_end(msg, nl_ftypes); 1319 } 1320 nla_nest_end(msg, nl_ifs); 1321 1322 return 0; 1323 } 1324 1325 struct nl80211_dump_wiphy_state { 1326 s64 filter_wiphy; 1327 long start; 1328 long split_start, band_start, chan_start, capa_start; 1329 bool split; 1330 }; 1331 1332 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev, 1333 enum nl80211_commands cmd, 1334 struct sk_buff *msg, u32 portid, u32 seq, 1335 int flags, struct nl80211_dump_wiphy_state *state) 1336 { 1337 void *hdr; 1338 struct nlattr *nl_bands, *nl_band; 1339 struct nlattr *nl_freqs, *nl_freq; 1340 struct nlattr *nl_cmds; 1341 enum nl80211_band band; 1342 struct ieee80211_channel *chan; 1343 int i; 1344 const struct ieee80211_txrx_stypes *mgmt_stypes = 1345 rdev->wiphy.mgmt_stypes; 1346 u32 features; 1347 1348 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 1349 if (!hdr) 1350 return -ENOBUFS; 1351 1352 if (WARN_ON(!state)) 1353 return -EINVAL; 1354 1355 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 1356 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, 1357 wiphy_name(&rdev->wiphy)) || 1358 nla_put_u32(msg, NL80211_ATTR_GENERATION, 1359 cfg80211_rdev_list_generation)) 1360 goto nla_put_failure; 1361 1362 if (cmd != NL80211_CMD_NEW_WIPHY) 1363 goto finish; 1364 1365 switch (state->split_start) { 1366 case 0: 1367 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 1368 rdev->wiphy.retry_short) || 1369 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 1370 rdev->wiphy.retry_long) || 1371 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 1372 rdev->wiphy.frag_threshold) || 1373 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 1374 rdev->wiphy.rts_threshold) || 1375 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 1376 rdev->wiphy.coverage_class) || 1377 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 1378 rdev->wiphy.max_scan_ssids) || 1379 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 1380 rdev->wiphy.max_sched_scan_ssids) || 1381 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 1382 rdev->wiphy.max_scan_ie_len) || 1383 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 1384 rdev->wiphy.max_sched_scan_ie_len) || 1385 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS, 1386 rdev->wiphy.max_match_sets) || 1387 nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS, 1388 rdev->wiphy.max_sched_scan_plans) || 1389 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL, 1390 rdev->wiphy.max_sched_scan_plan_interval) || 1391 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS, 1392 rdev->wiphy.max_sched_scan_plan_iterations)) 1393 goto nla_put_failure; 1394 1395 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) && 1396 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN)) 1397 goto nla_put_failure; 1398 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) && 1399 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH)) 1400 goto nla_put_failure; 1401 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 1402 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD)) 1403 goto nla_put_failure; 1404 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) && 1405 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT)) 1406 goto nla_put_failure; 1407 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) && 1408 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT)) 1409 goto nla_put_failure; 1410 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) && 1411 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) 1412 goto nla_put_failure; 1413 state->split_start++; 1414 if (state->split) 1415 break; 1416 case 1: 1417 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES, 1418 sizeof(u32) * rdev->wiphy.n_cipher_suites, 1419 rdev->wiphy.cipher_suites)) 1420 goto nla_put_failure; 1421 1422 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 1423 rdev->wiphy.max_num_pmkids)) 1424 goto nla_put_failure; 1425 1426 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 1427 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE)) 1428 goto nla_put_failure; 1429 1430 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 1431 rdev->wiphy.available_antennas_tx) || 1432 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 1433 rdev->wiphy.available_antennas_rx)) 1434 goto nla_put_failure; 1435 1436 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) && 1437 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 1438 rdev->wiphy.probe_resp_offload)) 1439 goto nla_put_failure; 1440 1441 if ((rdev->wiphy.available_antennas_tx || 1442 rdev->wiphy.available_antennas_rx) && 1443 rdev->ops->get_antenna) { 1444 u32 tx_ant = 0, rx_ant = 0; 1445 int res; 1446 1447 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant); 1448 if (!res) { 1449 if (nla_put_u32(msg, 1450 NL80211_ATTR_WIPHY_ANTENNA_TX, 1451 tx_ant) || 1452 nla_put_u32(msg, 1453 NL80211_ATTR_WIPHY_ANTENNA_RX, 1454 rx_ant)) 1455 goto nla_put_failure; 1456 } 1457 } 1458 1459 state->split_start++; 1460 if (state->split) 1461 break; 1462 case 2: 1463 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 1464 rdev->wiphy.interface_modes)) 1465 goto nla_put_failure; 1466 state->split_start++; 1467 if (state->split) 1468 break; 1469 case 3: 1470 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 1471 if (!nl_bands) 1472 goto nla_put_failure; 1473 1474 for (band = state->band_start; 1475 band < NUM_NL80211_BANDS; band++) { 1476 struct ieee80211_supported_band *sband; 1477 1478 sband = rdev->wiphy.bands[band]; 1479 1480 if (!sband) 1481 continue; 1482 1483 nl_band = nla_nest_start(msg, band); 1484 if (!nl_band) 1485 goto nla_put_failure; 1486 1487 switch (state->chan_start) { 1488 case 0: 1489 if (nl80211_send_band_rateinfo(msg, sband)) 1490 goto nla_put_failure; 1491 state->chan_start++; 1492 if (state->split) 1493 break; 1494 default: 1495 /* add frequencies */ 1496 nl_freqs = nla_nest_start( 1497 msg, NL80211_BAND_ATTR_FREQS); 1498 if (!nl_freqs) 1499 goto nla_put_failure; 1500 1501 for (i = state->chan_start - 1; 1502 i < sband->n_channels; 1503 i++) { 1504 nl_freq = nla_nest_start(msg, i); 1505 if (!nl_freq) 1506 goto nla_put_failure; 1507 1508 chan = &sband->channels[i]; 1509 1510 if (nl80211_msg_put_channel( 1511 msg, chan, 1512 state->split)) 1513 goto nla_put_failure; 1514 1515 nla_nest_end(msg, nl_freq); 1516 if (state->split) 1517 break; 1518 } 1519 if (i < sband->n_channels) 1520 state->chan_start = i + 2; 1521 else 1522 state->chan_start = 0; 1523 nla_nest_end(msg, nl_freqs); 1524 } 1525 1526 nla_nest_end(msg, nl_band); 1527 1528 if (state->split) { 1529 /* start again here */ 1530 if (state->chan_start) 1531 band--; 1532 break; 1533 } 1534 } 1535 nla_nest_end(msg, nl_bands); 1536 1537 if (band < NUM_NL80211_BANDS) 1538 state->band_start = band + 1; 1539 else 1540 state->band_start = 0; 1541 1542 /* if bands & channels are done, continue outside */ 1543 if (state->band_start == 0 && state->chan_start == 0) 1544 state->split_start++; 1545 if (state->split) 1546 break; 1547 case 4: 1548 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 1549 if (!nl_cmds) 1550 goto nla_put_failure; 1551 1552 i = 0; 1553 #define CMD(op, n) \ 1554 do { \ 1555 if (rdev->ops->op) { \ 1556 i++; \ 1557 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \ 1558 goto nla_put_failure; \ 1559 } \ 1560 } while (0) 1561 1562 CMD(add_virtual_intf, NEW_INTERFACE); 1563 CMD(change_virtual_intf, SET_INTERFACE); 1564 CMD(add_key, NEW_KEY); 1565 CMD(start_ap, START_AP); 1566 CMD(add_station, NEW_STATION); 1567 CMD(add_mpath, NEW_MPATH); 1568 CMD(update_mesh_config, SET_MESH_CONFIG); 1569 CMD(change_bss, SET_BSS); 1570 CMD(auth, AUTHENTICATE); 1571 CMD(assoc, ASSOCIATE); 1572 CMD(deauth, DEAUTHENTICATE); 1573 CMD(disassoc, DISASSOCIATE); 1574 CMD(join_ibss, JOIN_IBSS); 1575 CMD(join_mesh, JOIN_MESH); 1576 CMD(set_pmksa, SET_PMKSA); 1577 CMD(del_pmksa, DEL_PMKSA); 1578 CMD(flush_pmksa, FLUSH_PMKSA); 1579 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 1580 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 1581 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 1582 CMD(mgmt_tx, FRAME); 1583 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 1584 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 1585 i++; 1586 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS)) 1587 goto nla_put_failure; 1588 } 1589 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap || 1590 rdev->ops->join_mesh) { 1591 i++; 1592 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL)) 1593 goto nla_put_failure; 1594 } 1595 CMD(set_wds_peer, SET_WDS_PEER); 1596 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 1597 CMD(tdls_mgmt, TDLS_MGMT); 1598 CMD(tdls_oper, TDLS_OPER); 1599 } 1600 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) 1601 CMD(sched_scan_start, START_SCHED_SCAN); 1602 CMD(probe_client, PROBE_CLIENT); 1603 CMD(set_noack_map, SET_NOACK_MAP); 1604 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 1605 i++; 1606 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 1607 goto nla_put_failure; 1608 } 1609 CMD(start_p2p_device, START_P2P_DEVICE); 1610 CMD(set_mcast_rate, SET_MCAST_RATE); 1611 #ifdef CONFIG_NL80211_TESTMODE 1612 CMD(testmode_cmd, TESTMODE); 1613 #endif 1614 if (state->split) { 1615 CMD(crit_proto_start, CRIT_PROTOCOL_START); 1616 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP); 1617 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH) 1618 CMD(channel_switch, CHANNEL_SWITCH); 1619 CMD(set_qos_map, SET_QOS_MAP); 1620 if (rdev->wiphy.features & 1621 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION) 1622 CMD(add_tx_ts, ADD_TX_TS); 1623 } 1624 /* add into the if now */ 1625 #undef CMD 1626 1627 if (rdev->ops->connect || rdev->ops->auth) { 1628 i++; 1629 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT)) 1630 goto nla_put_failure; 1631 } 1632 1633 if (rdev->ops->disconnect || rdev->ops->deauth) { 1634 i++; 1635 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT)) 1636 goto nla_put_failure; 1637 } 1638 1639 nla_nest_end(msg, nl_cmds); 1640 state->split_start++; 1641 if (state->split) 1642 break; 1643 case 5: 1644 if (rdev->ops->remain_on_channel && 1645 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) && 1646 nla_put_u32(msg, 1647 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 1648 rdev->wiphy.max_remain_on_channel_duration)) 1649 goto nla_put_failure; 1650 1651 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) && 1652 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) 1653 goto nla_put_failure; 1654 1655 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes)) 1656 goto nla_put_failure; 1657 state->split_start++; 1658 if (state->split) 1659 break; 1660 case 6: 1661 #ifdef CONFIG_PM 1662 if (nl80211_send_wowlan(msg, rdev, state->split)) 1663 goto nla_put_failure; 1664 state->split_start++; 1665 if (state->split) 1666 break; 1667 #else 1668 state->split_start++; 1669 #endif 1670 case 7: 1671 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 1672 rdev->wiphy.software_iftypes)) 1673 goto nla_put_failure; 1674 1675 if (nl80211_put_iface_combinations(&rdev->wiphy, msg, 1676 state->split)) 1677 goto nla_put_failure; 1678 1679 state->split_start++; 1680 if (state->split) 1681 break; 1682 case 8: 1683 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) && 1684 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME, 1685 rdev->wiphy.ap_sme_capa)) 1686 goto nla_put_failure; 1687 1688 features = rdev->wiphy.features; 1689 /* 1690 * We can only add the per-channel limit information if the 1691 * dump is split, otherwise it makes it too big. Therefore 1692 * only advertise it in that case. 1693 */ 1694 if (state->split) 1695 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS; 1696 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features)) 1697 goto nla_put_failure; 1698 1699 if (rdev->wiphy.ht_capa_mod_mask && 1700 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 1701 sizeof(*rdev->wiphy.ht_capa_mod_mask), 1702 rdev->wiphy.ht_capa_mod_mask)) 1703 goto nla_put_failure; 1704 1705 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME && 1706 rdev->wiphy.max_acl_mac_addrs && 1707 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX, 1708 rdev->wiphy.max_acl_mac_addrs)) 1709 goto nla_put_failure; 1710 1711 /* 1712 * Any information below this point is only available to 1713 * applications that can deal with it being split. This 1714 * helps ensure that newly added capabilities don't break 1715 * older tools by overrunning their buffers. 1716 * 1717 * We still increment split_start so that in the split 1718 * case we'll continue with more data in the next round, 1719 * but break unconditionally so unsplit data stops here. 1720 */ 1721 state->split_start++; 1722 break; 1723 case 9: 1724 if (rdev->wiphy.extended_capabilities && 1725 (nla_put(msg, NL80211_ATTR_EXT_CAPA, 1726 rdev->wiphy.extended_capabilities_len, 1727 rdev->wiphy.extended_capabilities) || 1728 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK, 1729 rdev->wiphy.extended_capabilities_len, 1730 rdev->wiphy.extended_capabilities_mask))) 1731 goto nla_put_failure; 1732 1733 if (rdev->wiphy.vht_capa_mod_mask && 1734 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, 1735 sizeof(*rdev->wiphy.vht_capa_mod_mask), 1736 rdev->wiphy.vht_capa_mod_mask)) 1737 goto nla_put_failure; 1738 1739 state->split_start++; 1740 break; 1741 case 10: 1742 if (nl80211_send_coalesce(msg, rdev)) 1743 goto nla_put_failure; 1744 1745 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) && 1746 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) || 1747 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ))) 1748 goto nla_put_failure; 1749 1750 if (rdev->wiphy.max_ap_assoc_sta && 1751 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA, 1752 rdev->wiphy.max_ap_assoc_sta)) 1753 goto nla_put_failure; 1754 1755 state->split_start++; 1756 break; 1757 case 11: 1758 if (rdev->wiphy.n_vendor_commands) { 1759 const struct nl80211_vendor_cmd_info *info; 1760 struct nlattr *nested; 1761 1762 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA); 1763 if (!nested) 1764 goto nla_put_failure; 1765 1766 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) { 1767 info = &rdev->wiphy.vendor_commands[i].info; 1768 if (nla_put(msg, i + 1, sizeof(*info), info)) 1769 goto nla_put_failure; 1770 } 1771 nla_nest_end(msg, nested); 1772 } 1773 1774 if (rdev->wiphy.n_vendor_events) { 1775 const struct nl80211_vendor_cmd_info *info; 1776 struct nlattr *nested; 1777 1778 nested = nla_nest_start(msg, 1779 NL80211_ATTR_VENDOR_EVENTS); 1780 if (!nested) 1781 goto nla_put_failure; 1782 1783 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) { 1784 info = &rdev->wiphy.vendor_events[i]; 1785 if (nla_put(msg, i + 1, sizeof(*info), info)) 1786 goto nla_put_failure; 1787 } 1788 nla_nest_end(msg, nested); 1789 } 1790 state->split_start++; 1791 break; 1792 case 12: 1793 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH && 1794 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS, 1795 rdev->wiphy.max_num_csa_counters)) 1796 goto nla_put_failure; 1797 1798 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 1799 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 1800 goto nla_put_failure; 1801 1802 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES, 1803 sizeof(rdev->wiphy.ext_features), 1804 rdev->wiphy.ext_features)) 1805 goto nla_put_failure; 1806 1807 if (rdev->wiphy.bss_select_support) { 1808 struct nlattr *nested; 1809 u32 bss_select_support = rdev->wiphy.bss_select_support; 1810 1811 nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT); 1812 if (!nested) 1813 goto nla_put_failure; 1814 1815 i = 0; 1816 while (bss_select_support) { 1817 if ((bss_select_support & 1) && 1818 nla_put_flag(msg, i)) 1819 goto nla_put_failure; 1820 i++; 1821 bss_select_support >>= 1; 1822 } 1823 nla_nest_end(msg, nested); 1824 } 1825 1826 state->split_start++; 1827 break; 1828 case 13: 1829 if (rdev->wiphy.num_iftype_ext_capab && 1830 rdev->wiphy.iftype_ext_capab) { 1831 struct nlattr *nested_ext_capab, *nested; 1832 1833 nested = nla_nest_start(msg, 1834 NL80211_ATTR_IFTYPE_EXT_CAPA); 1835 if (!nested) 1836 goto nla_put_failure; 1837 1838 for (i = state->capa_start; 1839 i < rdev->wiphy.num_iftype_ext_capab; i++) { 1840 const struct wiphy_iftype_ext_capab *capab; 1841 1842 capab = &rdev->wiphy.iftype_ext_capab[i]; 1843 1844 nested_ext_capab = nla_nest_start(msg, i); 1845 if (!nested_ext_capab || 1846 nla_put_u32(msg, NL80211_ATTR_IFTYPE, 1847 capab->iftype) || 1848 nla_put(msg, NL80211_ATTR_EXT_CAPA, 1849 capab->extended_capabilities_len, 1850 capab->extended_capabilities) || 1851 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK, 1852 capab->extended_capabilities_len, 1853 capab->extended_capabilities_mask)) 1854 goto nla_put_failure; 1855 1856 nla_nest_end(msg, nested_ext_capab); 1857 if (state->split) 1858 break; 1859 } 1860 nla_nest_end(msg, nested); 1861 if (i < rdev->wiphy.num_iftype_ext_capab) { 1862 state->capa_start = i + 1; 1863 break; 1864 } 1865 } 1866 1867 /* done */ 1868 state->split_start = 0; 1869 break; 1870 } 1871 finish: 1872 genlmsg_end(msg, hdr); 1873 return 0; 1874 1875 nla_put_failure: 1876 genlmsg_cancel(msg, hdr); 1877 return -EMSGSIZE; 1878 } 1879 1880 static int nl80211_dump_wiphy_parse(struct sk_buff *skb, 1881 struct netlink_callback *cb, 1882 struct nl80211_dump_wiphy_state *state) 1883 { 1884 struct nlattr **tb = nl80211_fam.attrbuf; 1885 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 1886 tb, nl80211_fam.maxattr, nl80211_policy); 1887 /* ignore parse errors for backward compatibility */ 1888 if (ret) 1889 return 0; 1890 1891 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP]; 1892 if (tb[NL80211_ATTR_WIPHY]) 1893 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 1894 if (tb[NL80211_ATTR_WDEV]) 1895 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32; 1896 if (tb[NL80211_ATTR_IFINDEX]) { 1897 struct net_device *netdev; 1898 struct cfg80211_registered_device *rdev; 1899 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 1900 1901 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 1902 if (!netdev) 1903 return -ENODEV; 1904 if (netdev->ieee80211_ptr) { 1905 rdev = wiphy_to_rdev( 1906 netdev->ieee80211_ptr->wiphy); 1907 state->filter_wiphy = rdev->wiphy_idx; 1908 } 1909 } 1910 1911 return 0; 1912 } 1913 1914 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 1915 { 1916 int idx = 0, ret; 1917 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0]; 1918 struct cfg80211_registered_device *rdev; 1919 1920 rtnl_lock(); 1921 if (!state) { 1922 state = kzalloc(sizeof(*state), GFP_KERNEL); 1923 if (!state) { 1924 rtnl_unlock(); 1925 return -ENOMEM; 1926 } 1927 state->filter_wiphy = -1; 1928 ret = nl80211_dump_wiphy_parse(skb, cb, state); 1929 if (ret) { 1930 kfree(state); 1931 rtnl_unlock(); 1932 return ret; 1933 } 1934 cb->args[0] = (long)state; 1935 } 1936 1937 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1938 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1939 continue; 1940 if (++idx <= state->start) 1941 continue; 1942 if (state->filter_wiphy != -1 && 1943 state->filter_wiphy != rdev->wiphy_idx) 1944 continue; 1945 /* attempt to fit multiple wiphy data chunks into the skb */ 1946 do { 1947 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, 1948 skb, 1949 NETLINK_CB(cb->skb).portid, 1950 cb->nlh->nlmsg_seq, 1951 NLM_F_MULTI, state); 1952 if (ret < 0) { 1953 /* 1954 * If sending the wiphy data didn't fit (ENOBUFS 1955 * or EMSGSIZE returned), this SKB is still 1956 * empty (so it's not too big because another 1957 * wiphy dataset is already in the skb) and 1958 * we've not tried to adjust the dump allocation 1959 * yet ... then adjust the alloc size to be 1960 * bigger, and return 1 but with the empty skb. 1961 * This results in an empty message being RX'ed 1962 * in userspace, but that is ignored. 1963 * 1964 * We can then retry with the larger buffer. 1965 */ 1966 if ((ret == -ENOBUFS || ret == -EMSGSIZE) && 1967 !skb->len && !state->split && 1968 cb->min_dump_alloc < 4096) { 1969 cb->min_dump_alloc = 4096; 1970 state->split_start = 0; 1971 rtnl_unlock(); 1972 return 1; 1973 } 1974 idx--; 1975 break; 1976 } 1977 } while (state->split_start > 0); 1978 break; 1979 } 1980 rtnl_unlock(); 1981 1982 state->start = idx; 1983 1984 return skb->len; 1985 } 1986 1987 static int nl80211_dump_wiphy_done(struct netlink_callback *cb) 1988 { 1989 kfree((void *)cb->args[0]); 1990 return 0; 1991 } 1992 1993 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 1994 { 1995 struct sk_buff *msg; 1996 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1997 struct nl80211_dump_wiphy_state state = {}; 1998 1999 msg = nlmsg_new(4096, GFP_KERNEL); 2000 if (!msg) 2001 return -ENOMEM; 2002 2003 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg, 2004 info->snd_portid, info->snd_seq, 0, 2005 &state) < 0) { 2006 nlmsg_free(msg); 2007 return -ENOBUFS; 2008 } 2009 2010 return genlmsg_reply(msg, info); 2011 } 2012 2013 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 2014 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 2015 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 2016 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 2017 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 2018 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 2019 }; 2020 2021 static int parse_txq_params(struct nlattr *tb[], 2022 struct ieee80211_txq_params *txq_params) 2023 { 2024 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || 2025 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 2026 !tb[NL80211_TXQ_ATTR_AIFS]) 2027 return -EINVAL; 2028 2029 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); 2030 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 2031 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 2032 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 2033 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 2034 2035 if (txq_params->ac >= NL80211_NUM_ACS) 2036 return -EINVAL; 2037 2038 return 0; 2039 } 2040 2041 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 2042 { 2043 /* 2044 * You can only set the channel explicitly for WDS interfaces, 2045 * all others have their channel managed via their respective 2046 * "establish a connection" command (connect, join, ...) 2047 * 2048 * For AP/GO and mesh mode, the channel can be set with the 2049 * channel userspace API, but is only stored and passed to the 2050 * low-level driver when the AP starts or the mesh is joined. 2051 * This is for backward compatibility, userspace can also give 2052 * the channel in the start-ap or join-mesh commands instead. 2053 * 2054 * Monitors are special as they are normally slaved to 2055 * whatever else is going on, so they have their own special 2056 * operation to set the monitor channel if possible. 2057 */ 2058 return !wdev || 2059 wdev->iftype == NL80211_IFTYPE_AP || 2060 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 2061 wdev->iftype == NL80211_IFTYPE_MONITOR || 2062 wdev->iftype == NL80211_IFTYPE_P2P_GO; 2063 } 2064 2065 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev, 2066 struct genl_info *info, 2067 struct cfg80211_chan_def *chandef) 2068 { 2069 u32 control_freq; 2070 2071 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 2072 return -EINVAL; 2073 2074 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 2075 2076 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq); 2077 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 2078 chandef->center_freq1 = control_freq; 2079 chandef->center_freq2 = 0; 2080 2081 /* Primary channel not allowed */ 2082 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) 2083 return -EINVAL; 2084 2085 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 2086 enum nl80211_channel_type chantype; 2087 2088 chantype = nla_get_u32( 2089 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 2090 2091 switch (chantype) { 2092 case NL80211_CHAN_NO_HT: 2093 case NL80211_CHAN_HT20: 2094 case NL80211_CHAN_HT40PLUS: 2095 case NL80211_CHAN_HT40MINUS: 2096 cfg80211_chandef_create(chandef, chandef->chan, 2097 chantype); 2098 break; 2099 default: 2100 return -EINVAL; 2101 } 2102 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) { 2103 chandef->width = 2104 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]); 2105 if (info->attrs[NL80211_ATTR_CENTER_FREQ1]) 2106 chandef->center_freq1 = 2107 nla_get_u32( 2108 info->attrs[NL80211_ATTR_CENTER_FREQ1]); 2109 if (info->attrs[NL80211_ATTR_CENTER_FREQ2]) 2110 chandef->center_freq2 = 2111 nla_get_u32( 2112 info->attrs[NL80211_ATTR_CENTER_FREQ2]); 2113 } 2114 2115 if (!cfg80211_chandef_valid(chandef)) 2116 return -EINVAL; 2117 2118 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef, 2119 IEEE80211_CHAN_DISABLED)) 2120 return -EINVAL; 2121 2122 if ((chandef->width == NL80211_CHAN_WIDTH_5 || 2123 chandef->width == NL80211_CHAN_WIDTH_10) && 2124 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) 2125 return -EINVAL; 2126 2127 return 0; 2128 } 2129 2130 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 2131 struct net_device *dev, 2132 struct genl_info *info) 2133 { 2134 struct cfg80211_chan_def chandef; 2135 int result; 2136 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR; 2137 struct wireless_dev *wdev = NULL; 2138 2139 if (dev) 2140 wdev = dev->ieee80211_ptr; 2141 if (!nl80211_can_set_dev_channel(wdev)) 2142 return -EOPNOTSUPP; 2143 if (wdev) 2144 iftype = wdev->iftype; 2145 2146 result = nl80211_parse_chandef(rdev, info, &chandef); 2147 if (result) 2148 return result; 2149 2150 switch (iftype) { 2151 case NL80211_IFTYPE_AP: 2152 case NL80211_IFTYPE_P2P_GO: 2153 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef, 2154 iftype)) { 2155 result = -EINVAL; 2156 break; 2157 } 2158 if (wdev->beacon_interval) { 2159 if (!dev || !rdev->ops->set_ap_chanwidth || 2160 !(rdev->wiphy.features & 2161 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) { 2162 result = -EBUSY; 2163 break; 2164 } 2165 2166 /* Only allow dynamic channel width changes */ 2167 if (chandef.chan != wdev->preset_chandef.chan) { 2168 result = -EBUSY; 2169 break; 2170 } 2171 result = rdev_set_ap_chanwidth(rdev, dev, &chandef); 2172 if (result) 2173 break; 2174 } 2175 wdev->preset_chandef = chandef; 2176 result = 0; 2177 break; 2178 case NL80211_IFTYPE_MESH_POINT: 2179 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef); 2180 break; 2181 case NL80211_IFTYPE_MONITOR: 2182 result = cfg80211_set_monitor_channel(rdev, &chandef); 2183 break; 2184 default: 2185 result = -EINVAL; 2186 } 2187 2188 return result; 2189 } 2190 2191 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 2192 { 2193 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2194 struct net_device *netdev = info->user_ptr[1]; 2195 2196 return __nl80211_set_channel(rdev, netdev, info); 2197 } 2198 2199 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info) 2200 { 2201 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2202 struct net_device *dev = info->user_ptr[1]; 2203 struct wireless_dev *wdev = dev->ieee80211_ptr; 2204 const u8 *bssid; 2205 2206 if (!info->attrs[NL80211_ATTR_MAC]) 2207 return -EINVAL; 2208 2209 if (netif_running(dev)) 2210 return -EBUSY; 2211 2212 if (!rdev->ops->set_wds_peer) 2213 return -EOPNOTSUPP; 2214 2215 if (wdev->iftype != NL80211_IFTYPE_WDS) 2216 return -EOPNOTSUPP; 2217 2218 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 2219 return rdev_set_wds_peer(rdev, dev, bssid); 2220 } 2221 2222 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 2223 { 2224 struct cfg80211_registered_device *rdev; 2225 struct net_device *netdev = NULL; 2226 struct wireless_dev *wdev; 2227 int result = 0, rem_txq_params = 0; 2228 struct nlattr *nl_txq_params; 2229 u32 changed; 2230 u8 retry_short = 0, retry_long = 0; 2231 u32 frag_threshold = 0, rts_threshold = 0; 2232 u8 coverage_class = 0; 2233 2234 ASSERT_RTNL(); 2235 2236 /* 2237 * Try to find the wiphy and netdev. Normally this 2238 * function shouldn't need the netdev, but this is 2239 * done for backward compatibility -- previously 2240 * setting the channel was done per wiphy, but now 2241 * it is per netdev. Previous userland like hostapd 2242 * also passed a netdev to set_wiphy, so that it is 2243 * possible to let that go to the right netdev! 2244 */ 2245 2246 if (info->attrs[NL80211_ATTR_IFINDEX]) { 2247 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 2248 2249 netdev = __dev_get_by_index(genl_info_net(info), ifindex); 2250 if (netdev && netdev->ieee80211_ptr) 2251 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy); 2252 else 2253 netdev = NULL; 2254 } 2255 2256 if (!netdev) { 2257 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info), 2258 info->attrs); 2259 if (IS_ERR(rdev)) 2260 return PTR_ERR(rdev); 2261 wdev = NULL; 2262 netdev = NULL; 2263 result = 0; 2264 } else 2265 wdev = netdev->ieee80211_ptr; 2266 2267 /* 2268 * end workaround code, by now the rdev is available 2269 * and locked, and wdev may or may not be NULL. 2270 */ 2271 2272 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 2273 result = cfg80211_dev_rename( 2274 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 2275 2276 if (result) 2277 return result; 2278 2279 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 2280 struct ieee80211_txq_params txq_params; 2281 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 2282 2283 if (!rdev->ops->set_txq_params) 2284 return -EOPNOTSUPP; 2285 2286 if (!netdev) 2287 return -EINVAL; 2288 2289 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2290 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2291 return -EINVAL; 2292 2293 if (!netif_running(netdev)) 2294 return -ENETDOWN; 2295 2296 nla_for_each_nested(nl_txq_params, 2297 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 2298 rem_txq_params) { 2299 result = nla_parse(tb, NL80211_TXQ_ATTR_MAX, 2300 nla_data(nl_txq_params), 2301 nla_len(nl_txq_params), 2302 txq_params_policy); 2303 if (result) 2304 return result; 2305 result = parse_txq_params(tb, &txq_params); 2306 if (result) 2307 return result; 2308 2309 result = rdev_set_txq_params(rdev, netdev, 2310 &txq_params); 2311 if (result) 2312 return result; 2313 } 2314 } 2315 2316 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 2317 result = __nl80211_set_channel( 2318 rdev, 2319 nl80211_can_set_dev_channel(wdev) ? netdev : NULL, 2320 info); 2321 if (result) 2322 return result; 2323 } 2324 2325 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 2326 struct wireless_dev *txp_wdev = wdev; 2327 enum nl80211_tx_power_setting type; 2328 int idx, mbm = 0; 2329 2330 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER)) 2331 txp_wdev = NULL; 2332 2333 if (!rdev->ops->set_tx_power) 2334 return -EOPNOTSUPP; 2335 2336 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 2337 type = nla_get_u32(info->attrs[idx]); 2338 2339 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 2340 (type != NL80211_TX_POWER_AUTOMATIC)) 2341 return -EINVAL; 2342 2343 if (type != NL80211_TX_POWER_AUTOMATIC) { 2344 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 2345 mbm = nla_get_u32(info->attrs[idx]); 2346 } 2347 2348 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm); 2349 if (result) 2350 return result; 2351 } 2352 2353 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 2354 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 2355 u32 tx_ant, rx_ant; 2356 2357 if ((!rdev->wiphy.available_antennas_tx && 2358 !rdev->wiphy.available_antennas_rx) || 2359 !rdev->ops->set_antenna) 2360 return -EOPNOTSUPP; 2361 2362 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 2363 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 2364 2365 /* reject antenna configurations which don't match the 2366 * available antenna masks, except for the "all" mask */ 2367 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 2368 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) 2369 return -EINVAL; 2370 2371 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 2372 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 2373 2374 result = rdev_set_antenna(rdev, tx_ant, rx_ant); 2375 if (result) 2376 return result; 2377 } 2378 2379 changed = 0; 2380 2381 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 2382 retry_short = nla_get_u8( 2383 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 2384 if (retry_short == 0) 2385 return -EINVAL; 2386 2387 changed |= WIPHY_PARAM_RETRY_SHORT; 2388 } 2389 2390 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 2391 retry_long = nla_get_u8( 2392 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 2393 if (retry_long == 0) 2394 return -EINVAL; 2395 2396 changed |= WIPHY_PARAM_RETRY_LONG; 2397 } 2398 2399 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 2400 frag_threshold = nla_get_u32( 2401 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 2402 if (frag_threshold < 256) 2403 return -EINVAL; 2404 2405 if (frag_threshold != (u32) -1) { 2406 /* 2407 * Fragments (apart from the last one) are required to 2408 * have even length. Make the fragmentation code 2409 * simpler by stripping LSB should someone try to use 2410 * odd threshold value. 2411 */ 2412 frag_threshold &= ~0x1; 2413 } 2414 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 2415 } 2416 2417 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 2418 rts_threshold = nla_get_u32( 2419 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 2420 changed |= WIPHY_PARAM_RTS_THRESHOLD; 2421 } 2422 2423 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 2424 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) 2425 return -EINVAL; 2426 2427 coverage_class = nla_get_u8( 2428 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 2429 changed |= WIPHY_PARAM_COVERAGE_CLASS; 2430 } 2431 2432 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) { 2433 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION)) 2434 return -EOPNOTSUPP; 2435 2436 changed |= WIPHY_PARAM_DYN_ACK; 2437 } 2438 2439 if (changed) { 2440 u8 old_retry_short, old_retry_long; 2441 u32 old_frag_threshold, old_rts_threshold; 2442 u8 old_coverage_class; 2443 2444 if (!rdev->ops->set_wiphy_params) 2445 return -EOPNOTSUPP; 2446 2447 old_retry_short = rdev->wiphy.retry_short; 2448 old_retry_long = rdev->wiphy.retry_long; 2449 old_frag_threshold = rdev->wiphy.frag_threshold; 2450 old_rts_threshold = rdev->wiphy.rts_threshold; 2451 old_coverage_class = rdev->wiphy.coverage_class; 2452 2453 if (changed & WIPHY_PARAM_RETRY_SHORT) 2454 rdev->wiphy.retry_short = retry_short; 2455 if (changed & WIPHY_PARAM_RETRY_LONG) 2456 rdev->wiphy.retry_long = retry_long; 2457 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 2458 rdev->wiphy.frag_threshold = frag_threshold; 2459 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 2460 rdev->wiphy.rts_threshold = rts_threshold; 2461 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 2462 rdev->wiphy.coverage_class = coverage_class; 2463 2464 result = rdev_set_wiphy_params(rdev, changed); 2465 if (result) { 2466 rdev->wiphy.retry_short = old_retry_short; 2467 rdev->wiphy.retry_long = old_retry_long; 2468 rdev->wiphy.frag_threshold = old_frag_threshold; 2469 rdev->wiphy.rts_threshold = old_rts_threshold; 2470 rdev->wiphy.coverage_class = old_coverage_class; 2471 return result; 2472 } 2473 } 2474 return 0; 2475 } 2476 2477 static inline u64 wdev_id(struct wireless_dev *wdev) 2478 { 2479 return (u64)wdev->identifier | 2480 ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32); 2481 } 2482 2483 static int nl80211_send_chandef(struct sk_buff *msg, 2484 const struct cfg80211_chan_def *chandef) 2485 { 2486 if (WARN_ON(!cfg80211_chandef_valid(chandef))) 2487 return -EINVAL; 2488 2489 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 2490 chandef->chan->center_freq)) 2491 return -ENOBUFS; 2492 switch (chandef->width) { 2493 case NL80211_CHAN_WIDTH_20_NOHT: 2494 case NL80211_CHAN_WIDTH_20: 2495 case NL80211_CHAN_WIDTH_40: 2496 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 2497 cfg80211_get_chandef_type(chandef))) 2498 return -ENOBUFS; 2499 break; 2500 default: 2501 break; 2502 } 2503 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width)) 2504 return -ENOBUFS; 2505 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1)) 2506 return -ENOBUFS; 2507 if (chandef->center_freq2 && 2508 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2)) 2509 return -ENOBUFS; 2510 return 0; 2511 } 2512 2513 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags, 2514 struct cfg80211_registered_device *rdev, 2515 struct wireless_dev *wdev, bool removal) 2516 { 2517 struct net_device *dev = wdev->netdev; 2518 u8 cmd = NL80211_CMD_NEW_INTERFACE; 2519 void *hdr; 2520 2521 if (removal) 2522 cmd = NL80211_CMD_DEL_INTERFACE; 2523 2524 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 2525 if (!hdr) 2526 return -1; 2527 2528 if (dev && 2529 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2530 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name))) 2531 goto nla_put_failure; 2532 2533 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 2534 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) || 2535 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 2536 NL80211_ATTR_PAD) || 2537 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) || 2538 nla_put_u32(msg, NL80211_ATTR_GENERATION, 2539 rdev->devlist_generation ^ 2540 (cfg80211_rdev_list_generation << 2))) 2541 goto nla_put_failure; 2542 2543 if (rdev->ops->get_channel) { 2544 int ret; 2545 struct cfg80211_chan_def chandef; 2546 2547 ret = rdev_get_channel(rdev, wdev, &chandef); 2548 if (ret == 0) { 2549 if (nl80211_send_chandef(msg, &chandef)) 2550 goto nla_put_failure; 2551 } 2552 } 2553 2554 if (rdev->ops->get_tx_power) { 2555 int dbm, ret; 2556 2557 ret = rdev_get_tx_power(rdev, wdev, &dbm); 2558 if (ret == 0 && 2559 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL, 2560 DBM_TO_MBM(dbm))) 2561 goto nla_put_failure; 2562 } 2563 2564 if (wdev->ssid_len) { 2565 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid)) 2566 goto nla_put_failure; 2567 } 2568 2569 genlmsg_end(msg, hdr); 2570 return 0; 2571 2572 nla_put_failure: 2573 genlmsg_cancel(msg, hdr); 2574 return -EMSGSIZE; 2575 } 2576 2577 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 2578 { 2579 int wp_idx = 0; 2580 int if_idx = 0; 2581 int wp_start = cb->args[0]; 2582 int if_start = cb->args[1]; 2583 int filter_wiphy = -1; 2584 struct cfg80211_registered_device *rdev; 2585 struct wireless_dev *wdev; 2586 2587 rtnl_lock(); 2588 if (!cb->args[2]) { 2589 struct nl80211_dump_wiphy_state state = { 2590 .filter_wiphy = -1, 2591 }; 2592 int ret; 2593 2594 ret = nl80211_dump_wiphy_parse(skb, cb, &state); 2595 if (ret) 2596 return ret; 2597 2598 filter_wiphy = state.filter_wiphy; 2599 2600 /* 2601 * if filtering, set cb->args[2] to +1 since 0 is the default 2602 * value needed to determine that parsing is necessary. 2603 */ 2604 if (filter_wiphy >= 0) 2605 cb->args[2] = filter_wiphy + 1; 2606 else 2607 cb->args[2] = -1; 2608 } else if (cb->args[2] > 0) { 2609 filter_wiphy = cb->args[2] - 1; 2610 } 2611 2612 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 2613 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 2614 continue; 2615 if (wp_idx < wp_start) { 2616 wp_idx++; 2617 continue; 2618 } 2619 2620 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx) 2621 continue; 2622 2623 if_idx = 0; 2624 2625 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 2626 if (if_idx < if_start) { 2627 if_idx++; 2628 continue; 2629 } 2630 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid, 2631 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2632 rdev, wdev, false) < 0) { 2633 goto out; 2634 } 2635 if_idx++; 2636 } 2637 2638 wp_idx++; 2639 } 2640 out: 2641 rtnl_unlock(); 2642 2643 cb->args[0] = wp_idx; 2644 cb->args[1] = if_idx; 2645 2646 return skb->len; 2647 } 2648 2649 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 2650 { 2651 struct sk_buff *msg; 2652 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2653 struct wireless_dev *wdev = info->user_ptr[1]; 2654 2655 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2656 if (!msg) 2657 return -ENOMEM; 2658 2659 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 2660 rdev, wdev, false) < 0) { 2661 nlmsg_free(msg); 2662 return -ENOBUFS; 2663 } 2664 2665 return genlmsg_reply(msg, info); 2666 } 2667 2668 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 2669 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 2670 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 2671 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 2672 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 2673 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 2674 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG }, 2675 }; 2676 2677 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 2678 { 2679 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 2680 int flag; 2681 2682 *mntrflags = 0; 2683 2684 if (!nla) 2685 return -EINVAL; 2686 2687 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 2688 nla, mntr_flags_policy)) 2689 return -EINVAL; 2690 2691 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 2692 if (flags[flag]) 2693 *mntrflags |= (1<<flag); 2694 2695 return 0; 2696 } 2697 2698 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 2699 struct net_device *netdev, u8 use_4addr, 2700 enum nl80211_iftype iftype) 2701 { 2702 if (!use_4addr) { 2703 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 2704 return -EBUSY; 2705 return 0; 2706 } 2707 2708 switch (iftype) { 2709 case NL80211_IFTYPE_AP_VLAN: 2710 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 2711 return 0; 2712 break; 2713 case NL80211_IFTYPE_STATION: 2714 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 2715 return 0; 2716 break; 2717 default: 2718 break; 2719 } 2720 2721 return -EOPNOTSUPP; 2722 } 2723 2724 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 2725 { 2726 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2727 struct vif_params params; 2728 int err; 2729 enum nl80211_iftype otype, ntype; 2730 struct net_device *dev = info->user_ptr[1]; 2731 u32 _flags, *flags = NULL; 2732 bool change = false; 2733 2734 memset(¶ms, 0, sizeof(params)); 2735 2736 otype = ntype = dev->ieee80211_ptr->iftype; 2737 2738 if (info->attrs[NL80211_ATTR_IFTYPE]) { 2739 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 2740 if (otype != ntype) 2741 change = true; 2742 if (ntype > NL80211_IFTYPE_MAX) 2743 return -EINVAL; 2744 } 2745 2746 if (info->attrs[NL80211_ATTR_MESH_ID]) { 2747 struct wireless_dev *wdev = dev->ieee80211_ptr; 2748 2749 if (ntype != NL80211_IFTYPE_MESH_POINT) 2750 return -EINVAL; 2751 if (netif_running(dev)) 2752 return -EBUSY; 2753 2754 wdev_lock(wdev); 2755 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2756 IEEE80211_MAX_MESH_ID_LEN); 2757 wdev->mesh_id_up_len = 2758 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 2759 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 2760 wdev->mesh_id_up_len); 2761 wdev_unlock(wdev); 2762 } 2763 2764 if (info->attrs[NL80211_ATTR_4ADDR]) { 2765 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 2766 change = true; 2767 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 2768 if (err) 2769 return err; 2770 } else { 2771 params.use_4addr = -1; 2772 } 2773 2774 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 2775 if (ntype != NL80211_IFTYPE_MONITOR) 2776 return -EINVAL; 2777 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 2778 &_flags); 2779 if (err) 2780 return err; 2781 2782 flags = &_flags; 2783 change = true; 2784 } 2785 2786 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) { 2787 const u8 *mumimo_groups; 2788 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER; 2789 2790 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag)) 2791 return -EOPNOTSUPP; 2792 2793 mumimo_groups = 2794 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]); 2795 2796 /* bits 0 and 63 are reserved and must be zero */ 2797 if ((mumimo_groups[0] & BIT(7)) || 2798 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(0))) 2799 return -EINVAL; 2800 2801 memcpy(params.vht_mumimo_groups, mumimo_groups, 2802 VHT_MUMIMO_GROUPS_DATA_LEN); 2803 change = true; 2804 } 2805 2806 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) { 2807 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER; 2808 2809 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag)) 2810 return -EOPNOTSUPP; 2811 2812 nla_memcpy(params.macaddr, 2813 info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR], 2814 ETH_ALEN); 2815 change = true; 2816 } 2817 2818 if (flags && (*flags & MONITOR_FLAG_ACTIVE) && 2819 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR)) 2820 return -EOPNOTSUPP; 2821 2822 if (change) 2823 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 2824 else 2825 err = 0; 2826 2827 if (!err && params.use_4addr != -1) 2828 dev->ieee80211_ptr->use_4addr = params.use_4addr; 2829 2830 return err; 2831 } 2832 2833 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 2834 { 2835 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2836 struct vif_params params; 2837 struct wireless_dev *wdev; 2838 struct sk_buff *msg; 2839 int err; 2840 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 2841 u32 flags; 2842 2843 /* to avoid failing a new interface creation due to pending removal */ 2844 cfg80211_destroy_ifaces(rdev); 2845 2846 memset(¶ms, 0, sizeof(params)); 2847 2848 if (!info->attrs[NL80211_ATTR_IFNAME]) 2849 return -EINVAL; 2850 2851 if (info->attrs[NL80211_ATTR_IFTYPE]) { 2852 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 2853 if (type > NL80211_IFTYPE_MAX) 2854 return -EINVAL; 2855 } 2856 2857 if (!rdev->ops->add_virtual_intf || 2858 !(rdev->wiphy.interface_modes & (1 << type))) 2859 return -EOPNOTSUPP; 2860 2861 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN || 2862 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) && 2863 info->attrs[NL80211_ATTR_MAC]) { 2864 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC], 2865 ETH_ALEN); 2866 if (!is_valid_ether_addr(params.macaddr)) 2867 return -EADDRNOTAVAIL; 2868 } 2869 2870 if (info->attrs[NL80211_ATTR_4ADDR]) { 2871 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 2872 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 2873 if (err) 2874 return err; 2875 } 2876 2877 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 2878 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 2879 &flags); 2880 2881 if (!err && (flags & MONITOR_FLAG_ACTIVE) && 2882 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR)) 2883 return -EOPNOTSUPP; 2884 2885 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2886 if (!msg) 2887 return -ENOMEM; 2888 2889 wdev = rdev_add_virtual_intf(rdev, 2890 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 2891 NET_NAME_USER, type, err ? NULL : &flags, 2892 ¶ms); 2893 if (WARN_ON(!wdev)) { 2894 nlmsg_free(msg); 2895 return -EPROTO; 2896 } else if (IS_ERR(wdev)) { 2897 nlmsg_free(msg); 2898 return PTR_ERR(wdev); 2899 } 2900 2901 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 2902 wdev->owner_nlportid = info->snd_portid; 2903 2904 switch (type) { 2905 case NL80211_IFTYPE_MESH_POINT: 2906 if (!info->attrs[NL80211_ATTR_MESH_ID]) 2907 break; 2908 wdev_lock(wdev); 2909 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2910 IEEE80211_MAX_MESH_ID_LEN); 2911 wdev->mesh_id_up_len = 2912 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 2913 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 2914 wdev->mesh_id_up_len); 2915 wdev_unlock(wdev); 2916 break; 2917 case NL80211_IFTYPE_NAN: 2918 case NL80211_IFTYPE_P2P_DEVICE: 2919 /* 2920 * P2P Device and NAN do not have a netdev, so don't go 2921 * through the netdev notifier and must be added here 2922 */ 2923 mutex_init(&wdev->mtx); 2924 INIT_LIST_HEAD(&wdev->event_list); 2925 spin_lock_init(&wdev->event_lock); 2926 INIT_LIST_HEAD(&wdev->mgmt_registrations); 2927 spin_lock_init(&wdev->mgmt_registrations_lock); 2928 2929 wdev->identifier = ++rdev->wdev_id; 2930 list_add_rcu(&wdev->list, &rdev->wiphy.wdev_list); 2931 rdev->devlist_generation++; 2932 break; 2933 default: 2934 break; 2935 } 2936 2937 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 2938 rdev, wdev, false) < 0) { 2939 nlmsg_free(msg); 2940 return -ENOBUFS; 2941 } 2942 2943 /* 2944 * For wdevs which have no associated netdev object (e.g. of type 2945 * NL80211_IFTYPE_P2P_DEVICE), emit the NEW_INTERFACE event here. 2946 * For all other types, the event will be generated from the 2947 * netdev notifier 2948 */ 2949 if (!wdev->netdev) 2950 nl80211_notify_iface(rdev, wdev, NL80211_CMD_NEW_INTERFACE); 2951 2952 return genlmsg_reply(msg, info); 2953 } 2954 2955 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 2956 { 2957 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2958 struct wireless_dev *wdev = info->user_ptr[1]; 2959 2960 if (!rdev->ops->del_virtual_intf) 2961 return -EOPNOTSUPP; 2962 2963 /* 2964 * If we remove a wireless device without a netdev then clear 2965 * user_ptr[1] so that nl80211_post_doit won't dereference it 2966 * to check if it needs to do dev_put(). Otherwise it crashes 2967 * since the wdev has been freed, unlike with a netdev where 2968 * we need the dev_put() for the netdev to really be freed. 2969 */ 2970 if (!wdev->netdev) 2971 info->user_ptr[1] = NULL; 2972 2973 return rdev_del_virtual_intf(rdev, wdev); 2974 } 2975 2976 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 2977 { 2978 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2979 struct net_device *dev = info->user_ptr[1]; 2980 u16 noack_map; 2981 2982 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 2983 return -EINVAL; 2984 2985 if (!rdev->ops->set_noack_map) 2986 return -EOPNOTSUPP; 2987 2988 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 2989 2990 return rdev_set_noack_map(rdev, dev, noack_map); 2991 } 2992 2993 struct get_key_cookie { 2994 struct sk_buff *msg; 2995 int error; 2996 int idx; 2997 }; 2998 2999 static void get_key_callback(void *c, struct key_params *params) 3000 { 3001 struct nlattr *key; 3002 struct get_key_cookie *cookie = c; 3003 3004 if ((params->key && 3005 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA, 3006 params->key_len, params->key)) || 3007 (params->seq && 3008 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ, 3009 params->seq_len, params->seq)) || 3010 (params->cipher && 3011 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 3012 params->cipher))) 3013 goto nla_put_failure; 3014 3015 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 3016 if (!key) 3017 goto nla_put_failure; 3018 3019 if ((params->key && 3020 nla_put(cookie->msg, NL80211_KEY_DATA, 3021 params->key_len, params->key)) || 3022 (params->seq && 3023 nla_put(cookie->msg, NL80211_KEY_SEQ, 3024 params->seq_len, params->seq)) || 3025 (params->cipher && 3026 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER, 3027 params->cipher))) 3028 goto nla_put_failure; 3029 3030 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx)) 3031 goto nla_put_failure; 3032 3033 nla_nest_end(cookie->msg, key); 3034 3035 return; 3036 nla_put_failure: 3037 cookie->error = 1; 3038 } 3039 3040 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 3041 { 3042 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3043 int err; 3044 struct net_device *dev = info->user_ptr[1]; 3045 u8 key_idx = 0; 3046 const u8 *mac_addr = NULL; 3047 bool pairwise; 3048 struct get_key_cookie cookie = { 3049 .error = 0, 3050 }; 3051 void *hdr; 3052 struct sk_buff *msg; 3053 3054 if (info->attrs[NL80211_ATTR_KEY_IDX]) 3055 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 3056 3057 if (key_idx > 5) 3058 return -EINVAL; 3059 3060 if (info->attrs[NL80211_ATTR_MAC]) 3061 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3062 3063 pairwise = !!mac_addr; 3064 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 3065 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 3066 3067 if (kt >= NUM_NL80211_KEYTYPES) 3068 return -EINVAL; 3069 if (kt != NL80211_KEYTYPE_GROUP && 3070 kt != NL80211_KEYTYPE_PAIRWISE) 3071 return -EINVAL; 3072 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 3073 } 3074 3075 if (!rdev->ops->get_key) 3076 return -EOPNOTSUPP; 3077 3078 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 3079 return -ENOENT; 3080 3081 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3082 if (!msg) 3083 return -ENOMEM; 3084 3085 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 3086 NL80211_CMD_NEW_KEY); 3087 if (!hdr) 3088 goto nla_put_failure; 3089 3090 cookie.msg = msg; 3091 cookie.idx = key_idx; 3092 3093 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3094 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx)) 3095 goto nla_put_failure; 3096 if (mac_addr && 3097 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 3098 goto nla_put_failure; 3099 3100 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie, 3101 get_key_callback); 3102 3103 if (err) 3104 goto free_msg; 3105 3106 if (cookie.error) 3107 goto nla_put_failure; 3108 3109 genlmsg_end(msg, hdr); 3110 return genlmsg_reply(msg, info); 3111 3112 nla_put_failure: 3113 err = -ENOBUFS; 3114 free_msg: 3115 nlmsg_free(msg); 3116 return err; 3117 } 3118 3119 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 3120 { 3121 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3122 struct key_parse key; 3123 int err; 3124 struct net_device *dev = info->user_ptr[1]; 3125 3126 err = nl80211_parse_key(info, &key); 3127 if (err) 3128 return err; 3129 3130 if (key.idx < 0) 3131 return -EINVAL; 3132 3133 /* only support setting default key */ 3134 if (!key.def && !key.defmgmt) 3135 return -EINVAL; 3136 3137 wdev_lock(dev->ieee80211_ptr); 3138 3139 if (key.def) { 3140 if (!rdev->ops->set_default_key) { 3141 err = -EOPNOTSUPP; 3142 goto out; 3143 } 3144 3145 err = nl80211_key_allowed(dev->ieee80211_ptr); 3146 if (err) 3147 goto out; 3148 3149 err = rdev_set_default_key(rdev, dev, key.idx, 3150 key.def_uni, key.def_multi); 3151 3152 if (err) 3153 goto out; 3154 3155 #ifdef CONFIG_CFG80211_WEXT 3156 dev->ieee80211_ptr->wext.default_key = key.idx; 3157 #endif 3158 } else { 3159 if (key.def_uni || !key.def_multi) { 3160 err = -EINVAL; 3161 goto out; 3162 } 3163 3164 if (!rdev->ops->set_default_mgmt_key) { 3165 err = -EOPNOTSUPP; 3166 goto out; 3167 } 3168 3169 err = nl80211_key_allowed(dev->ieee80211_ptr); 3170 if (err) 3171 goto out; 3172 3173 err = rdev_set_default_mgmt_key(rdev, dev, key.idx); 3174 if (err) 3175 goto out; 3176 3177 #ifdef CONFIG_CFG80211_WEXT 3178 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 3179 #endif 3180 } 3181 3182 out: 3183 wdev_unlock(dev->ieee80211_ptr); 3184 3185 return err; 3186 } 3187 3188 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 3189 { 3190 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3191 int err; 3192 struct net_device *dev = info->user_ptr[1]; 3193 struct key_parse key; 3194 const u8 *mac_addr = NULL; 3195 3196 err = nl80211_parse_key(info, &key); 3197 if (err) 3198 return err; 3199 3200 if (!key.p.key) 3201 return -EINVAL; 3202 3203 if (info->attrs[NL80211_ATTR_MAC]) 3204 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3205 3206 if (key.type == -1) { 3207 if (mac_addr) 3208 key.type = NL80211_KEYTYPE_PAIRWISE; 3209 else 3210 key.type = NL80211_KEYTYPE_GROUP; 3211 } 3212 3213 /* for now */ 3214 if (key.type != NL80211_KEYTYPE_PAIRWISE && 3215 key.type != NL80211_KEYTYPE_GROUP) 3216 return -EINVAL; 3217 3218 if (!rdev->ops->add_key) 3219 return -EOPNOTSUPP; 3220 3221 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 3222 key.type == NL80211_KEYTYPE_PAIRWISE, 3223 mac_addr)) 3224 return -EINVAL; 3225 3226 wdev_lock(dev->ieee80211_ptr); 3227 err = nl80211_key_allowed(dev->ieee80211_ptr); 3228 if (!err) 3229 err = rdev_add_key(rdev, dev, key.idx, 3230 key.type == NL80211_KEYTYPE_PAIRWISE, 3231 mac_addr, &key.p); 3232 wdev_unlock(dev->ieee80211_ptr); 3233 3234 return err; 3235 } 3236 3237 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 3238 { 3239 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3240 int err; 3241 struct net_device *dev = info->user_ptr[1]; 3242 u8 *mac_addr = NULL; 3243 struct key_parse key; 3244 3245 err = nl80211_parse_key(info, &key); 3246 if (err) 3247 return err; 3248 3249 if (info->attrs[NL80211_ATTR_MAC]) 3250 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3251 3252 if (key.type == -1) { 3253 if (mac_addr) 3254 key.type = NL80211_KEYTYPE_PAIRWISE; 3255 else 3256 key.type = NL80211_KEYTYPE_GROUP; 3257 } 3258 3259 /* for now */ 3260 if (key.type != NL80211_KEYTYPE_PAIRWISE && 3261 key.type != NL80211_KEYTYPE_GROUP) 3262 return -EINVAL; 3263 3264 if (!rdev->ops->del_key) 3265 return -EOPNOTSUPP; 3266 3267 wdev_lock(dev->ieee80211_ptr); 3268 err = nl80211_key_allowed(dev->ieee80211_ptr); 3269 3270 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr && 3271 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 3272 err = -ENOENT; 3273 3274 if (!err) 3275 err = rdev_del_key(rdev, dev, key.idx, 3276 key.type == NL80211_KEYTYPE_PAIRWISE, 3277 mac_addr); 3278 3279 #ifdef CONFIG_CFG80211_WEXT 3280 if (!err) { 3281 if (key.idx == dev->ieee80211_ptr->wext.default_key) 3282 dev->ieee80211_ptr->wext.default_key = -1; 3283 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 3284 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 3285 } 3286 #endif 3287 wdev_unlock(dev->ieee80211_ptr); 3288 3289 return err; 3290 } 3291 3292 /* This function returns an error or the number of nested attributes */ 3293 static int validate_acl_mac_addrs(struct nlattr *nl_attr) 3294 { 3295 struct nlattr *attr; 3296 int n_entries = 0, tmp; 3297 3298 nla_for_each_nested(attr, nl_attr, tmp) { 3299 if (nla_len(attr) != ETH_ALEN) 3300 return -EINVAL; 3301 3302 n_entries++; 3303 } 3304 3305 return n_entries; 3306 } 3307 3308 /* 3309 * This function parses ACL information and allocates memory for ACL data. 3310 * On successful return, the calling function is responsible to free the 3311 * ACL buffer returned by this function. 3312 */ 3313 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy, 3314 struct genl_info *info) 3315 { 3316 enum nl80211_acl_policy acl_policy; 3317 struct nlattr *attr; 3318 struct cfg80211_acl_data *acl; 3319 int i = 0, n_entries, tmp; 3320 3321 if (!wiphy->max_acl_mac_addrs) 3322 return ERR_PTR(-EOPNOTSUPP); 3323 3324 if (!info->attrs[NL80211_ATTR_ACL_POLICY]) 3325 return ERR_PTR(-EINVAL); 3326 3327 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]); 3328 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED && 3329 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED) 3330 return ERR_PTR(-EINVAL); 3331 3332 if (!info->attrs[NL80211_ATTR_MAC_ADDRS]) 3333 return ERR_PTR(-EINVAL); 3334 3335 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]); 3336 if (n_entries < 0) 3337 return ERR_PTR(n_entries); 3338 3339 if (n_entries > wiphy->max_acl_mac_addrs) 3340 return ERR_PTR(-ENOTSUPP); 3341 3342 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries), 3343 GFP_KERNEL); 3344 if (!acl) 3345 return ERR_PTR(-ENOMEM); 3346 3347 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) { 3348 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN); 3349 i++; 3350 } 3351 3352 acl->n_acl_entries = n_entries; 3353 acl->acl_policy = acl_policy; 3354 3355 return acl; 3356 } 3357 3358 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info) 3359 { 3360 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3361 struct net_device *dev = info->user_ptr[1]; 3362 struct cfg80211_acl_data *acl; 3363 int err; 3364 3365 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3366 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3367 return -EOPNOTSUPP; 3368 3369 if (!dev->ieee80211_ptr->beacon_interval) 3370 return -EINVAL; 3371 3372 acl = parse_acl_data(&rdev->wiphy, info); 3373 if (IS_ERR(acl)) 3374 return PTR_ERR(acl); 3375 3376 err = rdev_set_mac_acl(rdev, dev, acl); 3377 3378 kfree(acl); 3379 3380 return err; 3381 } 3382 3383 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 3384 u8 *rates, u8 rates_len) 3385 { 3386 u8 i; 3387 u32 mask = 0; 3388 3389 for (i = 0; i < rates_len; i++) { 3390 int rate = (rates[i] & 0x7f) * 5; 3391 int ridx; 3392 3393 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 3394 struct ieee80211_rate *srate = 3395 &sband->bitrates[ridx]; 3396 if (rate == srate->bitrate) { 3397 mask |= 1 << ridx; 3398 break; 3399 } 3400 } 3401 if (ridx == sband->n_bitrates) 3402 return 0; /* rate not found */ 3403 } 3404 3405 return mask; 3406 } 3407 3408 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 3409 u8 *rates, u8 rates_len, 3410 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 3411 { 3412 u8 i; 3413 3414 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 3415 3416 for (i = 0; i < rates_len; i++) { 3417 int ridx, rbit; 3418 3419 ridx = rates[i] / 8; 3420 rbit = BIT(rates[i] % 8); 3421 3422 /* check validity */ 3423 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 3424 return false; 3425 3426 /* check availability */ 3427 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 3428 mcs[ridx] |= rbit; 3429 else 3430 return false; 3431 } 3432 3433 return true; 3434 } 3435 3436 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map) 3437 { 3438 u16 mcs_mask = 0; 3439 3440 switch (vht_mcs_map) { 3441 case IEEE80211_VHT_MCS_NOT_SUPPORTED: 3442 break; 3443 case IEEE80211_VHT_MCS_SUPPORT_0_7: 3444 mcs_mask = 0x00FF; 3445 break; 3446 case IEEE80211_VHT_MCS_SUPPORT_0_8: 3447 mcs_mask = 0x01FF; 3448 break; 3449 case IEEE80211_VHT_MCS_SUPPORT_0_9: 3450 mcs_mask = 0x03FF; 3451 break; 3452 default: 3453 break; 3454 } 3455 3456 return mcs_mask; 3457 } 3458 3459 static void vht_build_mcs_mask(u16 vht_mcs_map, 3460 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX]) 3461 { 3462 u8 nss; 3463 3464 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) { 3465 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03); 3466 vht_mcs_map >>= 2; 3467 } 3468 } 3469 3470 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband, 3471 struct nl80211_txrate_vht *txrate, 3472 u16 mcs[NL80211_VHT_NSS_MAX]) 3473 { 3474 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map); 3475 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {}; 3476 u8 i; 3477 3478 if (!sband->vht_cap.vht_supported) 3479 return false; 3480 3481 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX); 3482 3483 /* Build vht_mcs_mask from VHT capabilities */ 3484 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask); 3485 3486 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) { 3487 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i]) 3488 mcs[i] = txrate->mcs[i]; 3489 else 3490 return false; 3491 } 3492 3493 return true; 3494 } 3495 3496 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 3497 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 3498 .len = NL80211_MAX_SUPP_RATES }, 3499 [NL80211_TXRATE_HT] = { .type = NLA_BINARY, 3500 .len = NL80211_MAX_SUPP_HT_RATES }, 3501 [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)}, 3502 [NL80211_TXRATE_GI] = { .type = NLA_U8 }, 3503 }; 3504 3505 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info, 3506 struct cfg80211_bitrate_mask *mask) 3507 { 3508 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 3509 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3510 int rem, i; 3511 struct nlattr *tx_rates; 3512 struct ieee80211_supported_band *sband; 3513 u16 vht_tx_mcs_map; 3514 3515 memset(mask, 0, sizeof(*mask)); 3516 /* Default to all rates enabled */ 3517 for (i = 0; i < NUM_NL80211_BANDS; i++) { 3518 sband = rdev->wiphy.bands[i]; 3519 3520 if (!sband) 3521 continue; 3522 3523 mask->control[i].legacy = (1 << sband->n_bitrates) - 1; 3524 memcpy(mask->control[i].ht_mcs, 3525 sband->ht_cap.mcs.rx_mask, 3526 sizeof(mask->control[i].ht_mcs)); 3527 3528 if (!sband->vht_cap.vht_supported) 3529 continue; 3530 3531 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map); 3532 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs); 3533 } 3534 3535 /* if no rates are given set it back to the defaults */ 3536 if (!info->attrs[NL80211_ATTR_TX_RATES]) 3537 goto out; 3538 3539 /* The nested attribute uses enum nl80211_band as the index. This maps 3540 * directly to the enum nl80211_band values used in cfg80211. 3541 */ 3542 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 3543 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) { 3544 enum nl80211_band band = nla_type(tx_rates); 3545 int err; 3546 3547 if (band < 0 || band >= NUM_NL80211_BANDS) 3548 return -EINVAL; 3549 sband = rdev->wiphy.bands[band]; 3550 if (sband == NULL) 3551 return -EINVAL; 3552 err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 3553 nla_len(tx_rates), nl80211_txattr_policy); 3554 if (err) 3555 return err; 3556 if (tb[NL80211_TXRATE_LEGACY]) { 3557 mask->control[band].legacy = rateset_to_mask( 3558 sband, 3559 nla_data(tb[NL80211_TXRATE_LEGACY]), 3560 nla_len(tb[NL80211_TXRATE_LEGACY])); 3561 if ((mask->control[band].legacy == 0) && 3562 nla_len(tb[NL80211_TXRATE_LEGACY])) 3563 return -EINVAL; 3564 } 3565 if (tb[NL80211_TXRATE_HT]) { 3566 if (!ht_rateset_to_mask( 3567 sband, 3568 nla_data(tb[NL80211_TXRATE_HT]), 3569 nla_len(tb[NL80211_TXRATE_HT]), 3570 mask->control[band].ht_mcs)) 3571 return -EINVAL; 3572 } 3573 if (tb[NL80211_TXRATE_VHT]) { 3574 if (!vht_set_mcs_mask( 3575 sband, 3576 nla_data(tb[NL80211_TXRATE_VHT]), 3577 mask->control[band].vht_mcs)) 3578 return -EINVAL; 3579 } 3580 if (tb[NL80211_TXRATE_GI]) { 3581 mask->control[band].gi = 3582 nla_get_u8(tb[NL80211_TXRATE_GI]); 3583 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI) 3584 return -EINVAL; 3585 } 3586 3587 if (mask->control[band].legacy == 0) { 3588 /* don't allow empty legacy rates if HT or VHT 3589 * are not even supported. 3590 */ 3591 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported || 3592 rdev->wiphy.bands[band]->vht_cap.vht_supported)) 3593 return -EINVAL; 3594 3595 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 3596 if (mask->control[band].ht_mcs[i]) 3597 goto out; 3598 3599 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) 3600 if (mask->control[band].vht_mcs[i]) 3601 goto out; 3602 3603 /* legacy and mcs rates may not be both empty */ 3604 return -EINVAL; 3605 } 3606 } 3607 3608 out: 3609 return 0; 3610 } 3611 3612 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev, 3613 enum nl80211_band band, 3614 struct cfg80211_bitrate_mask *beacon_rate) 3615 { 3616 u32 count_ht, count_vht, i; 3617 u32 rate = beacon_rate->control[band].legacy; 3618 3619 /* Allow only one rate */ 3620 if (hweight32(rate) > 1) 3621 return -EINVAL; 3622 3623 count_ht = 0; 3624 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) { 3625 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) { 3626 return -EINVAL; 3627 } else if (beacon_rate->control[band].ht_mcs[i]) { 3628 count_ht++; 3629 if (count_ht > 1) 3630 return -EINVAL; 3631 } 3632 if (count_ht && rate) 3633 return -EINVAL; 3634 } 3635 3636 count_vht = 0; 3637 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) { 3638 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) { 3639 return -EINVAL; 3640 } else if (beacon_rate->control[band].vht_mcs[i]) { 3641 count_vht++; 3642 if (count_vht > 1) 3643 return -EINVAL; 3644 } 3645 if (count_vht && rate) 3646 return -EINVAL; 3647 } 3648 3649 if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht)) 3650 return -EINVAL; 3651 3652 if (rate && 3653 !wiphy_ext_feature_isset(&rdev->wiphy, 3654 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY)) 3655 return -EINVAL; 3656 if (count_ht && 3657 !wiphy_ext_feature_isset(&rdev->wiphy, 3658 NL80211_EXT_FEATURE_BEACON_RATE_HT)) 3659 return -EINVAL; 3660 if (count_vht && 3661 !wiphy_ext_feature_isset(&rdev->wiphy, 3662 NL80211_EXT_FEATURE_BEACON_RATE_VHT)) 3663 return -EINVAL; 3664 3665 return 0; 3666 } 3667 3668 static int nl80211_parse_beacon(struct nlattr *attrs[], 3669 struct cfg80211_beacon_data *bcn) 3670 { 3671 bool haveinfo = false; 3672 3673 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) || 3674 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) || 3675 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) || 3676 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP])) 3677 return -EINVAL; 3678 3679 memset(bcn, 0, sizeof(*bcn)); 3680 3681 if (attrs[NL80211_ATTR_BEACON_HEAD]) { 3682 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]); 3683 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]); 3684 if (!bcn->head_len) 3685 return -EINVAL; 3686 haveinfo = true; 3687 } 3688 3689 if (attrs[NL80211_ATTR_BEACON_TAIL]) { 3690 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]); 3691 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]); 3692 haveinfo = true; 3693 } 3694 3695 if (!haveinfo) 3696 return -EINVAL; 3697 3698 if (attrs[NL80211_ATTR_IE]) { 3699 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]); 3700 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]); 3701 } 3702 3703 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) { 3704 bcn->proberesp_ies = 3705 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]); 3706 bcn->proberesp_ies_len = 3707 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]); 3708 } 3709 3710 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 3711 bcn->assocresp_ies = 3712 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]); 3713 bcn->assocresp_ies_len = 3714 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]); 3715 } 3716 3717 if (attrs[NL80211_ATTR_PROBE_RESP]) { 3718 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]); 3719 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]); 3720 } 3721 3722 return 0; 3723 } 3724 3725 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev, 3726 struct cfg80211_ap_settings *params) 3727 { 3728 struct wireless_dev *wdev; 3729 bool ret = false; 3730 3731 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 3732 if (wdev->iftype != NL80211_IFTYPE_AP && 3733 wdev->iftype != NL80211_IFTYPE_P2P_GO) 3734 continue; 3735 3736 if (!wdev->preset_chandef.chan) 3737 continue; 3738 3739 params->chandef = wdev->preset_chandef; 3740 ret = true; 3741 break; 3742 } 3743 3744 return ret; 3745 } 3746 3747 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev, 3748 enum nl80211_auth_type auth_type, 3749 enum nl80211_commands cmd) 3750 { 3751 if (auth_type > NL80211_AUTHTYPE_MAX) 3752 return false; 3753 3754 switch (cmd) { 3755 case NL80211_CMD_AUTHENTICATE: 3756 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && 3757 auth_type == NL80211_AUTHTYPE_SAE) 3758 return false; 3759 return true; 3760 case NL80211_CMD_CONNECT: 3761 case NL80211_CMD_START_AP: 3762 /* SAE not supported yet */ 3763 if (auth_type == NL80211_AUTHTYPE_SAE) 3764 return false; 3765 return true; 3766 default: 3767 return false; 3768 } 3769 } 3770 3771 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 3772 { 3773 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3774 struct net_device *dev = info->user_ptr[1]; 3775 struct wireless_dev *wdev = dev->ieee80211_ptr; 3776 struct cfg80211_ap_settings params; 3777 int err; 3778 3779 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3780 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3781 return -EOPNOTSUPP; 3782 3783 if (!rdev->ops->start_ap) 3784 return -EOPNOTSUPP; 3785 3786 if (wdev->beacon_interval) 3787 return -EALREADY; 3788 3789 memset(¶ms, 0, sizeof(params)); 3790 3791 /* these are required for START_AP */ 3792 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 3793 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 3794 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 3795 return -EINVAL; 3796 3797 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon); 3798 if (err) 3799 return err; 3800 3801 params.beacon_interval = 3802 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 3803 params.dtim_period = 3804 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 3805 3806 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval); 3807 if (err) 3808 return err; 3809 3810 /* 3811 * In theory, some of these attributes should be required here 3812 * but since they were not used when the command was originally 3813 * added, keep them optional for old user space programs to let 3814 * them continue to work with drivers that do not need the 3815 * additional information -- drivers must check! 3816 */ 3817 if (info->attrs[NL80211_ATTR_SSID]) { 3818 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3819 params.ssid_len = 3820 nla_len(info->attrs[NL80211_ATTR_SSID]); 3821 if (params.ssid_len == 0 || 3822 params.ssid_len > IEEE80211_MAX_SSID_LEN) 3823 return -EINVAL; 3824 } 3825 3826 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) { 3827 params.hidden_ssid = nla_get_u32( 3828 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 3829 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE && 3830 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN && 3831 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS) 3832 return -EINVAL; 3833 } 3834 3835 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 3836 3837 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 3838 params.auth_type = nla_get_u32( 3839 info->attrs[NL80211_ATTR_AUTH_TYPE]); 3840 if (!nl80211_valid_auth_type(rdev, params.auth_type, 3841 NL80211_CMD_START_AP)) 3842 return -EINVAL; 3843 } else 3844 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 3845 3846 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto, 3847 NL80211_MAX_NR_CIPHER_SUITES); 3848 if (err) 3849 return err; 3850 3851 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 3852 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) 3853 return -EOPNOTSUPP; 3854 params.inactivity_timeout = nla_get_u16( 3855 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 3856 } 3857 3858 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 3859 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3860 return -EINVAL; 3861 params.p2p_ctwindow = 3862 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 3863 if (params.p2p_ctwindow > 127) 3864 return -EINVAL; 3865 if (params.p2p_ctwindow != 0 && 3866 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 3867 return -EINVAL; 3868 } 3869 3870 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 3871 u8 tmp; 3872 3873 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3874 return -EINVAL; 3875 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 3876 if (tmp > 1) 3877 return -EINVAL; 3878 params.p2p_opp_ps = tmp; 3879 if (params.p2p_opp_ps != 0 && 3880 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 3881 return -EINVAL; 3882 } 3883 3884 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 3885 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef); 3886 if (err) 3887 return err; 3888 } else if (wdev->preset_chandef.chan) { 3889 params.chandef = wdev->preset_chandef; 3890 } else if (!nl80211_get_ap_channel(rdev, ¶ms)) 3891 return -EINVAL; 3892 3893 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef, 3894 wdev->iftype)) 3895 return -EINVAL; 3896 3897 if (info->attrs[NL80211_ATTR_TX_RATES]) { 3898 err = nl80211_parse_tx_bitrate_mask(info, ¶ms.beacon_rate); 3899 if (err) 3900 return err; 3901 3902 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band, 3903 ¶ms.beacon_rate); 3904 if (err) 3905 return err; 3906 } 3907 3908 if (info->attrs[NL80211_ATTR_SMPS_MODE]) { 3909 params.smps_mode = 3910 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]); 3911 switch (params.smps_mode) { 3912 case NL80211_SMPS_OFF: 3913 break; 3914 case NL80211_SMPS_STATIC: 3915 if (!(rdev->wiphy.features & 3916 NL80211_FEATURE_STATIC_SMPS)) 3917 return -EINVAL; 3918 break; 3919 case NL80211_SMPS_DYNAMIC: 3920 if (!(rdev->wiphy.features & 3921 NL80211_FEATURE_DYNAMIC_SMPS)) 3922 return -EINVAL; 3923 break; 3924 default: 3925 return -EINVAL; 3926 } 3927 } else { 3928 params.smps_mode = NL80211_SMPS_OFF; 3929 } 3930 3931 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]); 3932 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) 3933 return -EOPNOTSUPP; 3934 3935 if (info->attrs[NL80211_ATTR_ACL_POLICY]) { 3936 params.acl = parse_acl_data(&rdev->wiphy, info); 3937 if (IS_ERR(params.acl)) 3938 return PTR_ERR(params.acl); 3939 } 3940 3941 wdev_lock(wdev); 3942 err = rdev_start_ap(rdev, dev, ¶ms); 3943 if (!err) { 3944 wdev->preset_chandef = params.chandef; 3945 wdev->beacon_interval = params.beacon_interval; 3946 wdev->chandef = params.chandef; 3947 wdev->ssid_len = params.ssid_len; 3948 memcpy(wdev->ssid, params.ssid, wdev->ssid_len); 3949 } 3950 wdev_unlock(wdev); 3951 3952 kfree(params.acl); 3953 3954 return err; 3955 } 3956 3957 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 3958 { 3959 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3960 struct net_device *dev = info->user_ptr[1]; 3961 struct wireless_dev *wdev = dev->ieee80211_ptr; 3962 struct cfg80211_beacon_data params; 3963 int err; 3964 3965 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3966 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3967 return -EOPNOTSUPP; 3968 3969 if (!rdev->ops->change_beacon) 3970 return -EOPNOTSUPP; 3971 3972 if (!wdev->beacon_interval) 3973 return -EINVAL; 3974 3975 err = nl80211_parse_beacon(info->attrs, ¶ms); 3976 if (err) 3977 return err; 3978 3979 wdev_lock(wdev); 3980 err = rdev_change_beacon(rdev, dev, ¶ms); 3981 wdev_unlock(wdev); 3982 3983 return err; 3984 } 3985 3986 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 3987 { 3988 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3989 struct net_device *dev = info->user_ptr[1]; 3990 3991 return cfg80211_stop_ap(rdev, dev, false); 3992 } 3993 3994 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 3995 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 3996 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 3997 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 3998 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 3999 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 4000 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 4001 }; 4002 4003 static int parse_station_flags(struct genl_info *info, 4004 enum nl80211_iftype iftype, 4005 struct station_parameters *params) 4006 { 4007 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 4008 struct nlattr *nla; 4009 int flag; 4010 4011 /* 4012 * Try parsing the new attribute first so userspace 4013 * can specify both for older kernels. 4014 */ 4015 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 4016 if (nla) { 4017 struct nl80211_sta_flag_update *sta_flags; 4018 4019 sta_flags = nla_data(nla); 4020 params->sta_flags_mask = sta_flags->mask; 4021 params->sta_flags_set = sta_flags->set; 4022 params->sta_flags_set &= params->sta_flags_mask; 4023 if ((params->sta_flags_mask | 4024 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 4025 return -EINVAL; 4026 return 0; 4027 } 4028 4029 /* if present, parse the old attribute */ 4030 4031 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 4032 if (!nla) 4033 return 0; 4034 4035 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 4036 nla, sta_flags_policy)) 4037 return -EINVAL; 4038 4039 /* 4040 * Only allow certain flags for interface types so that 4041 * other attributes are silently ignored. Remember that 4042 * this is backward compatibility code with old userspace 4043 * and shouldn't be hit in other cases anyway. 4044 */ 4045 switch (iftype) { 4046 case NL80211_IFTYPE_AP: 4047 case NL80211_IFTYPE_AP_VLAN: 4048 case NL80211_IFTYPE_P2P_GO: 4049 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 4050 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 4051 BIT(NL80211_STA_FLAG_WME) | 4052 BIT(NL80211_STA_FLAG_MFP); 4053 break; 4054 case NL80211_IFTYPE_P2P_CLIENT: 4055 case NL80211_IFTYPE_STATION: 4056 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 4057 BIT(NL80211_STA_FLAG_TDLS_PEER); 4058 break; 4059 case NL80211_IFTYPE_MESH_POINT: 4060 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 4061 BIT(NL80211_STA_FLAG_MFP) | 4062 BIT(NL80211_STA_FLAG_AUTHORIZED); 4063 default: 4064 return -EINVAL; 4065 } 4066 4067 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) { 4068 if (flags[flag]) { 4069 params->sta_flags_set |= (1<<flag); 4070 4071 /* no longer support new API additions in old API */ 4072 if (flag > NL80211_STA_FLAG_MAX_OLD_API) 4073 return -EINVAL; 4074 } 4075 } 4076 4077 return 0; 4078 } 4079 4080 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, 4081 int attr) 4082 { 4083 struct nlattr *rate; 4084 u32 bitrate; 4085 u16 bitrate_compat; 4086 enum nl80211_attrs rate_flg; 4087 4088 rate = nla_nest_start(msg, attr); 4089 if (!rate) 4090 return false; 4091 4092 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 4093 bitrate = cfg80211_calculate_bitrate(info); 4094 /* report 16-bit bitrate only if we can */ 4095 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0; 4096 if (bitrate > 0 && 4097 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) 4098 return false; 4099 if (bitrate_compat > 0 && 4100 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) 4101 return false; 4102 4103 switch (info->bw) { 4104 case RATE_INFO_BW_5: 4105 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH; 4106 break; 4107 case RATE_INFO_BW_10: 4108 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH; 4109 break; 4110 default: 4111 WARN_ON(1); 4112 /* fall through */ 4113 case RATE_INFO_BW_20: 4114 rate_flg = 0; 4115 break; 4116 case RATE_INFO_BW_40: 4117 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH; 4118 break; 4119 case RATE_INFO_BW_80: 4120 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH; 4121 break; 4122 case RATE_INFO_BW_160: 4123 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH; 4124 break; 4125 } 4126 4127 if (rate_flg && nla_put_flag(msg, rate_flg)) 4128 return false; 4129 4130 if (info->flags & RATE_INFO_FLAGS_MCS) { 4131 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) 4132 return false; 4133 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 4134 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 4135 return false; 4136 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) { 4137 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs)) 4138 return false; 4139 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss)) 4140 return false; 4141 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 4142 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 4143 return false; 4144 } 4145 4146 nla_nest_end(msg, rate); 4147 return true; 4148 } 4149 4150 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal, 4151 int id) 4152 { 4153 void *attr; 4154 int i = 0; 4155 4156 if (!mask) 4157 return true; 4158 4159 attr = nla_nest_start(msg, id); 4160 if (!attr) 4161 return false; 4162 4163 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) { 4164 if (!(mask & BIT(i))) 4165 continue; 4166 4167 if (nla_put_u8(msg, i, signal[i])) 4168 return false; 4169 } 4170 4171 nla_nest_end(msg, attr); 4172 4173 return true; 4174 } 4175 4176 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid, 4177 u32 seq, int flags, 4178 struct cfg80211_registered_device *rdev, 4179 struct net_device *dev, 4180 const u8 *mac_addr, struct station_info *sinfo) 4181 { 4182 void *hdr; 4183 struct nlattr *sinfoattr, *bss_param; 4184 4185 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 4186 if (!hdr) 4187 return -1; 4188 4189 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 4190 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 4191 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation)) 4192 goto nla_put_failure; 4193 4194 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 4195 if (!sinfoattr) 4196 goto nla_put_failure; 4197 4198 #define PUT_SINFO(attr, memb, type) do { \ 4199 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \ 4200 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \ 4201 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \ 4202 sinfo->memb)) \ 4203 goto nla_put_failure; \ 4204 } while (0) 4205 #define PUT_SINFO_U64(attr, memb) do { \ 4206 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \ 4207 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \ 4208 sinfo->memb, NL80211_STA_INFO_PAD)) \ 4209 goto nla_put_failure; \ 4210 } while (0) 4211 4212 PUT_SINFO(CONNECTED_TIME, connected_time, u32); 4213 PUT_SINFO(INACTIVE_TIME, inactive_time, u32); 4214 4215 if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) | 4216 BIT(NL80211_STA_INFO_RX_BYTES64)) && 4217 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES, 4218 (u32)sinfo->rx_bytes)) 4219 goto nla_put_failure; 4220 4221 if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) | 4222 BIT(NL80211_STA_INFO_TX_BYTES64)) && 4223 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 4224 (u32)sinfo->tx_bytes)) 4225 goto nla_put_failure; 4226 4227 PUT_SINFO_U64(RX_BYTES64, rx_bytes); 4228 PUT_SINFO_U64(TX_BYTES64, tx_bytes); 4229 PUT_SINFO(LLID, llid, u16); 4230 PUT_SINFO(PLID, plid, u16); 4231 PUT_SINFO(PLINK_STATE, plink_state, u8); 4232 PUT_SINFO_U64(RX_DURATION, rx_duration); 4233 4234 switch (rdev->wiphy.signal_type) { 4235 case CFG80211_SIGNAL_TYPE_MBM: 4236 PUT_SINFO(SIGNAL, signal, u8); 4237 PUT_SINFO(SIGNAL_AVG, signal_avg, u8); 4238 break; 4239 default: 4240 break; 4241 } 4242 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) { 4243 if (!nl80211_put_signal(msg, sinfo->chains, 4244 sinfo->chain_signal, 4245 NL80211_STA_INFO_CHAIN_SIGNAL)) 4246 goto nla_put_failure; 4247 } 4248 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) { 4249 if (!nl80211_put_signal(msg, sinfo->chains, 4250 sinfo->chain_signal_avg, 4251 NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) 4252 goto nla_put_failure; 4253 } 4254 if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) { 4255 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 4256 NL80211_STA_INFO_TX_BITRATE)) 4257 goto nla_put_failure; 4258 } 4259 if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) { 4260 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 4261 NL80211_STA_INFO_RX_BITRATE)) 4262 goto nla_put_failure; 4263 } 4264 4265 PUT_SINFO(RX_PACKETS, rx_packets, u32); 4266 PUT_SINFO(TX_PACKETS, tx_packets, u32); 4267 PUT_SINFO(TX_RETRIES, tx_retries, u32); 4268 PUT_SINFO(TX_FAILED, tx_failed, u32); 4269 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32); 4270 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32); 4271 PUT_SINFO(LOCAL_PM, local_pm, u32); 4272 PUT_SINFO(PEER_PM, peer_pm, u32); 4273 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32); 4274 4275 if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) { 4276 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM); 4277 if (!bss_param) 4278 goto nla_put_failure; 4279 4280 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) && 4281 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) || 4282 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) && 4283 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) || 4284 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) && 4285 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) || 4286 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 4287 sinfo->bss_param.dtim_period) || 4288 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 4289 sinfo->bss_param.beacon_interval)) 4290 goto nla_put_failure; 4291 4292 nla_nest_end(msg, bss_param); 4293 } 4294 if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) && 4295 nla_put(msg, NL80211_STA_INFO_STA_FLAGS, 4296 sizeof(struct nl80211_sta_flag_update), 4297 &sinfo->sta_flags)) 4298 goto nla_put_failure; 4299 4300 PUT_SINFO_U64(T_OFFSET, t_offset); 4301 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc); 4302 PUT_SINFO_U64(BEACON_RX, rx_beacon); 4303 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8); 4304 4305 #undef PUT_SINFO 4306 #undef PUT_SINFO_U64 4307 4308 if (sinfo->filled & BIT(NL80211_STA_INFO_TID_STATS)) { 4309 struct nlattr *tidsattr; 4310 int tid; 4311 4312 tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS); 4313 if (!tidsattr) 4314 goto nla_put_failure; 4315 4316 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) { 4317 struct cfg80211_tid_stats *tidstats; 4318 struct nlattr *tidattr; 4319 4320 tidstats = &sinfo->pertid[tid]; 4321 4322 if (!tidstats->filled) 4323 continue; 4324 4325 tidattr = nla_nest_start(msg, tid + 1); 4326 if (!tidattr) 4327 goto nla_put_failure; 4328 4329 #define PUT_TIDVAL_U64(attr, memb) do { \ 4330 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \ 4331 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \ 4332 tidstats->memb, NL80211_TID_STATS_PAD)) \ 4333 goto nla_put_failure; \ 4334 } while (0) 4335 4336 PUT_TIDVAL_U64(RX_MSDU, rx_msdu); 4337 PUT_TIDVAL_U64(TX_MSDU, tx_msdu); 4338 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries); 4339 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed); 4340 4341 #undef PUT_TIDVAL_U64 4342 nla_nest_end(msg, tidattr); 4343 } 4344 4345 nla_nest_end(msg, tidsattr); 4346 } 4347 4348 nla_nest_end(msg, sinfoattr); 4349 4350 if (sinfo->assoc_req_ies_len && 4351 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 4352 sinfo->assoc_req_ies)) 4353 goto nla_put_failure; 4354 4355 genlmsg_end(msg, hdr); 4356 return 0; 4357 4358 nla_put_failure: 4359 genlmsg_cancel(msg, hdr); 4360 return -EMSGSIZE; 4361 } 4362 4363 static int nl80211_dump_station(struct sk_buff *skb, 4364 struct netlink_callback *cb) 4365 { 4366 struct station_info sinfo; 4367 struct cfg80211_registered_device *rdev; 4368 struct wireless_dev *wdev; 4369 u8 mac_addr[ETH_ALEN]; 4370 int sta_idx = cb->args[2]; 4371 int err; 4372 4373 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev); 4374 if (err) 4375 return err; 4376 4377 if (!wdev->netdev) { 4378 err = -EINVAL; 4379 goto out_err; 4380 } 4381 4382 if (!rdev->ops->dump_station) { 4383 err = -EOPNOTSUPP; 4384 goto out_err; 4385 } 4386 4387 while (1) { 4388 memset(&sinfo, 0, sizeof(sinfo)); 4389 err = rdev_dump_station(rdev, wdev->netdev, sta_idx, 4390 mac_addr, &sinfo); 4391 if (err == -ENOENT) 4392 break; 4393 if (err) 4394 goto out_err; 4395 4396 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION, 4397 NETLINK_CB(cb->skb).portid, 4398 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4399 rdev, wdev->netdev, mac_addr, 4400 &sinfo) < 0) 4401 goto out; 4402 4403 sta_idx++; 4404 } 4405 4406 out: 4407 cb->args[2] = sta_idx; 4408 err = skb->len; 4409 out_err: 4410 nl80211_finish_wdev_dump(rdev); 4411 4412 return err; 4413 } 4414 4415 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 4416 { 4417 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4418 struct net_device *dev = info->user_ptr[1]; 4419 struct station_info sinfo; 4420 struct sk_buff *msg; 4421 u8 *mac_addr = NULL; 4422 int err; 4423 4424 memset(&sinfo, 0, sizeof(sinfo)); 4425 4426 if (!info->attrs[NL80211_ATTR_MAC]) 4427 return -EINVAL; 4428 4429 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4430 4431 if (!rdev->ops->get_station) 4432 return -EOPNOTSUPP; 4433 4434 err = rdev_get_station(rdev, dev, mac_addr, &sinfo); 4435 if (err) 4436 return err; 4437 4438 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4439 if (!msg) 4440 return -ENOMEM; 4441 4442 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 4443 info->snd_portid, info->snd_seq, 0, 4444 rdev, dev, mac_addr, &sinfo) < 0) { 4445 nlmsg_free(msg); 4446 return -ENOBUFS; 4447 } 4448 4449 return genlmsg_reply(msg, info); 4450 } 4451 4452 int cfg80211_check_station_change(struct wiphy *wiphy, 4453 struct station_parameters *params, 4454 enum cfg80211_station_type statype) 4455 { 4456 if (params->listen_interval != -1 && 4457 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 4458 return -EINVAL; 4459 4460 if (params->support_p2p_ps != -1 && 4461 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 4462 return -EINVAL; 4463 4464 if (params->aid && 4465 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) && 4466 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 4467 return -EINVAL; 4468 4469 /* When you run into this, adjust the code below for the new flag */ 4470 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7); 4471 4472 switch (statype) { 4473 case CFG80211_STA_MESH_PEER_KERNEL: 4474 case CFG80211_STA_MESH_PEER_USER: 4475 /* 4476 * No ignoring the TDLS flag here -- the userspace mesh 4477 * code doesn't have the bug of including TDLS in the 4478 * mask everywhere. 4479 */ 4480 if (params->sta_flags_mask & 4481 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 4482 BIT(NL80211_STA_FLAG_MFP) | 4483 BIT(NL80211_STA_FLAG_AUTHORIZED))) 4484 return -EINVAL; 4485 break; 4486 case CFG80211_STA_TDLS_PEER_SETUP: 4487 case CFG80211_STA_TDLS_PEER_ACTIVE: 4488 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 4489 return -EINVAL; 4490 /* ignore since it can't change */ 4491 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 4492 break; 4493 default: 4494 /* disallow mesh-specific things */ 4495 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION) 4496 return -EINVAL; 4497 if (params->local_pm) 4498 return -EINVAL; 4499 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) 4500 return -EINVAL; 4501 } 4502 4503 if (statype != CFG80211_STA_TDLS_PEER_SETUP && 4504 statype != CFG80211_STA_TDLS_PEER_ACTIVE) { 4505 /* TDLS can't be set, ... */ 4506 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 4507 return -EINVAL; 4508 /* 4509 * ... but don't bother the driver with it. This works around 4510 * a hostapd/wpa_supplicant issue -- it always includes the 4511 * TLDS_PEER flag in the mask even for AP mode. 4512 */ 4513 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 4514 } 4515 4516 if (statype != CFG80211_STA_TDLS_PEER_SETUP && 4517 statype != CFG80211_STA_AP_CLIENT_UNASSOC) { 4518 /* reject other things that can't change */ 4519 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD) 4520 return -EINVAL; 4521 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY) 4522 return -EINVAL; 4523 if (params->supported_rates) 4524 return -EINVAL; 4525 if (params->ext_capab || params->ht_capa || params->vht_capa) 4526 return -EINVAL; 4527 } 4528 4529 if (statype != CFG80211_STA_AP_CLIENT && 4530 statype != CFG80211_STA_AP_CLIENT_UNASSOC) { 4531 if (params->vlan) 4532 return -EINVAL; 4533 } 4534 4535 switch (statype) { 4536 case CFG80211_STA_AP_MLME_CLIENT: 4537 /* Use this only for authorizing/unauthorizing a station */ 4538 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED))) 4539 return -EOPNOTSUPP; 4540 break; 4541 case CFG80211_STA_AP_CLIENT: 4542 case CFG80211_STA_AP_CLIENT_UNASSOC: 4543 /* accept only the listed bits */ 4544 if (params->sta_flags_mask & 4545 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 4546 BIT(NL80211_STA_FLAG_AUTHENTICATED) | 4547 BIT(NL80211_STA_FLAG_ASSOCIATED) | 4548 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 4549 BIT(NL80211_STA_FLAG_WME) | 4550 BIT(NL80211_STA_FLAG_MFP))) 4551 return -EINVAL; 4552 4553 /* but authenticated/associated only if driver handles it */ 4554 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 4555 params->sta_flags_mask & 4556 (BIT(NL80211_STA_FLAG_AUTHENTICATED) | 4557 BIT(NL80211_STA_FLAG_ASSOCIATED))) 4558 return -EINVAL; 4559 break; 4560 case CFG80211_STA_IBSS: 4561 case CFG80211_STA_AP_STA: 4562 /* reject any changes other than AUTHORIZED */ 4563 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 4564 return -EINVAL; 4565 break; 4566 case CFG80211_STA_TDLS_PEER_SETUP: 4567 /* reject any changes other than AUTHORIZED or WME */ 4568 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 4569 BIT(NL80211_STA_FLAG_WME))) 4570 return -EINVAL; 4571 /* force (at least) rates when authorizing */ 4572 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) && 4573 !params->supported_rates) 4574 return -EINVAL; 4575 break; 4576 case CFG80211_STA_TDLS_PEER_ACTIVE: 4577 /* reject any changes */ 4578 return -EINVAL; 4579 case CFG80211_STA_MESH_PEER_KERNEL: 4580 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) 4581 return -EINVAL; 4582 break; 4583 case CFG80211_STA_MESH_PEER_USER: 4584 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION && 4585 params->plink_action != NL80211_PLINK_ACTION_BLOCK) 4586 return -EINVAL; 4587 break; 4588 } 4589 4590 return 0; 4591 } 4592 EXPORT_SYMBOL(cfg80211_check_station_change); 4593 4594 /* 4595 * Get vlan interface making sure it is running and on the right wiphy. 4596 */ 4597 static struct net_device *get_vlan(struct genl_info *info, 4598 struct cfg80211_registered_device *rdev) 4599 { 4600 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 4601 struct net_device *v; 4602 int ret; 4603 4604 if (!vlanattr) 4605 return NULL; 4606 4607 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 4608 if (!v) 4609 return ERR_PTR(-ENODEV); 4610 4611 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 4612 ret = -EINVAL; 4613 goto error; 4614 } 4615 4616 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 4617 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 4618 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 4619 ret = -EINVAL; 4620 goto error; 4621 } 4622 4623 if (!netif_running(v)) { 4624 ret = -ENETDOWN; 4625 goto error; 4626 } 4627 4628 return v; 4629 error: 4630 dev_put(v); 4631 return ERR_PTR(ret); 4632 } 4633 4634 static const struct nla_policy 4635 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = { 4636 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 4637 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 4638 }; 4639 4640 static int nl80211_parse_sta_wme(struct genl_info *info, 4641 struct station_parameters *params) 4642 { 4643 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 4644 struct nlattr *nla; 4645 int err; 4646 4647 /* parse WME attributes if present */ 4648 if (!info->attrs[NL80211_ATTR_STA_WME]) 4649 return 0; 4650 4651 nla = info->attrs[NL80211_ATTR_STA_WME]; 4652 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 4653 nl80211_sta_wme_policy); 4654 if (err) 4655 return err; 4656 4657 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 4658 params->uapsd_queues = nla_get_u8( 4659 tb[NL80211_STA_WME_UAPSD_QUEUES]); 4660 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 4661 return -EINVAL; 4662 4663 if (tb[NL80211_STA_WME_MAX_SP]) 4664 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 4665 4666 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 4667 return -EINVAL; 4668 4669 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 4670 4671 return 0; 4672 } 4673 4674 static int nl80211_parse_sta_channel_info(struct genl_info *info, 4675 struct station_parameters *params) 4676 { 4677 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) { 4678 params->supported_channels = 4679 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]); 4680 params->supported_channels_len = 4681 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]); 4682 /* 4683 * Need to include at least one (first channel, number of 4684 * channels) tuple for each subband, and must have proper 4685 * tuples for the rest of the data as well. 4686 */ 4687 if (params->supported_channels_len < 2) 4688 return -EINVAL; 4689 if (params->supported_channels_len % 2) 4690 return -EINVAL; 4691 } 4692 4693 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) { 4694 params->supported_oper_classes = 4695 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]); 4696 params->supported_oper_classes_len = 4697 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]); 4698 /* 4699 * The value of the Length field of the Supported Operating 4700 * Classes element is between 2 and 253. 4701 */ 4702 if (params->supported_oper_classes_len < 2 || 4703 params->supported_oper_classes_len > 253) 4704 return -EINVAL; 4705 } 4706 return 0; 4707 } 4708 4709 static int nl80211_set_station_tdls(struct genl_info *info, 4710 struct station_parameters *params) 4711 { 4712 int err; 4713 /* Dummy STA entry gets updated once the peer capabilities are known */ 4714 if (info->attrs[NL80211_ATTR_PEER_AID]) 4715 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]); 4716 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 4717 params->ht_capa = 4718 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 4719 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 4720 params->vht_capa = 4721 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 4722 4723 err = nl80211_parse_sta_channel_info(info, params); 4724 if (err) 4725 return err; 4726 4727 return nl80211_parse_sta_wme(info, params); 4728 } 4729 4730 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 4731 { 4732 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4733 struct net_device *dev = info->user_ptr[1]; 4734 struct station_parameters params; 4735 u8 *mac_addr; 4736 int err; 4737 4738 memset(¶ms, 0, sizeof(params)); 4739 4740 if (!rdev->ops->change_station) 4741 return -EOPNOTSUPP; 4742 4743 /* 4744 * AID and listen_interval properties can be set only for unassociated 4745 * station. Include these parameters here and will check them in 4746 * cfg80211_check_station_change(). 4747 */ 4748 if (info->attrs[NL80211_ATTR_STA_AID]) 4749 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 4750 4751 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 4752 params.listen_interval = 4753 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 4754 else 4755 params.listen_interval = -1; 4756 4757 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) { 4758 u8 tmp; 4759 4760 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]); 4761 if (tmp >= NUM_NL80211_P2P_PS_STATUS) 4762 return -EINVAL; 4763 4764 params.support_p2p_ps = tmp; 4765 } else { 4766 params.support_p2p_ps = -1; 4767 } 4768 4769 if (!info->attrs[NL80211_ATTR_MAC]) 4770 return -EINVAL; 4771 4772 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4773 4774 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 4775 params.supported_rates = 4776 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 4777 params.supported_rates_len = 4778 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 4779 } 4780 4781 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 4782 params.capability = 4783 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 4784 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 4785 } 4786 4787 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 4788 params.ext_capab = 4789 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 4790 params.ext_capab_len = 4791 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 4792 } 4793 4794 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 4795 return -EINVAL; 4796 4797 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) { 4798 params.plink_action = 4799 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 4800 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS) 4801 return -EINVAL; 4802 } 4803 4804 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) { 4805 params.plink_state = 4806 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 4807 if (params.plink_state >= NUM_NL80211_PLINK_STATES) 4808 return -EINVAL; 4809 if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) { 4810 params.peer_aid = nla_get_u16( 4811 info->attrs[NL80211_ATTR_MESH_PEER_AID]); 4812 if (params.peer_aid > IEEE80211_MAX_AID) 4813 return -EINVAL; 4814 } 4815 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE; 4816 } 4817 4818 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) { 4819 enum nl80211_mesh_power_mode pm = nla_get_u32( 4820 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]); 4821 4822 if (pm <= NL80211_MESH_POWER_UNKNOWN || 4823 pm > NL80211_MESH_POWER_MAX) 4824 return -EINVAL; 4825 4826 params.local_pm = pm; 4827 } 4828 4829 /* Include parameters for TDLS peer (will check later) */ 4830 err = nl80211_set_station_tdls(info, ¶ms); 4831 if (err) 4832 return err; 4833 4834 params.vlan = get_vlan(info, rdev); 4835 if (IS_ERR(params.vlan)) 4836 return PTR_ERR(params.vlan); 4837 4838 switch (dev->ieee80211_ptr->iftype) { 4839 case NL80211_IFTYPE_AP: 4840 case NL80211_IFTYPE_AP_VLAN: 4841 case NL80211_IFTYPE_P2P_GO: 4842 case NL80211_IFTYPE_P2P_CLIENT: 4843 case NL80211_IFTYPE_STATION: 4844 case NL80211_IFTYPE_ADHOC: 4845 case NL80211_IFTYPE_MESH_POINT: 4846 break; 4847 default: 4848 err = -EOPNOTSUPP; 4849 goto out_put_vlan; 4850 } 4851 4852 /* driver will call cfg80211_check_station_change() */ 4853 err = rdev_change_station(rdev, dev, mac_addr, ¶ms); 4854 4855 out_put_vlan: 4856 if (params.vlan) 4857 dev_put(params.vlan); 4858 4859 return err; 4860 } 4861 4862 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 4863 { 4864 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4865 int err; 4866 struct net_device *dev = info->user_ptr[1]; 4867 struct station_parameters params; 4868 u8 *mac_addr = NULL; 4869 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 4870 BIT(NL80211_STA_FLAG_ASSOCIATED); 4871 4872 memset(¶ms, 0, sizeof(params)); 4873 4874 if (!rdev->ops->add_station) 4875 return -EOPNOTSUPP; 4876 4877 if (!info->attrs[NL80211_ATTR_MAC]) 4878 return -EINVAL; 4879 4880 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 4881 return -EINVAL; 4882 4883 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 4884 return -EINVAL; 4885 4886 if (!info->attrs[NL80211_ATTR_STA_AID] && 4887 !info->attrs[NL80211_ATTR_PEER_AID]) 4888 return -EINVAL; 4889 4890 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4891 params.supported_rates = 4892 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 4893 params.supported_rates_len = 4894 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 4895 params.listen_interval = 4896 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 4897 4898 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) { 4899 u8 tmp; 4900 4901 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]); 4902 if (tmp >= NUM_NL80211_P2P_PS_STATUS) 4903 return -EINVAL; 4904 4905 params.support_p2p_ps = tmp; 4906 } else { 4907 /* 4908 * if not specified, assume it's supported for P2P GO interface, 4909 * and is NOT supported for AP interface 4910 */ 4911 params.support_p2p_ps = 4912 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO; 4913 } 4914 4915 if (info->attrs[NL80211_ATTR_PEER_AID]) 4916 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]); 4917 else 4918 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 4919 if (!params.aid || params.aid > IEEE80211_MAX_AID) 4920 return -EINVAL; 4921 4922 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 4923 params.capability = 4924 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 4925 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 4926 } 4927 4928 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 4929 params.ext_capab = 4930 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 4931 params.ext_capab_len = 4932 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 4933 } 4934 4935 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 4936 params.ht_capa = 4937 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 4938 4939 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 4940 params.vht_capa = 4941 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 4942 4943 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) { 4944 params.opmode_notif_used = true; 4945 params.opmode_notif = 4946 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]); 4947 } 4948 4949 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) { 4950 params.plink_action = 4951 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 4952 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS) 4953 return -EINVAL; 4954 } 4955 4956 err = nl80211_parse_sta_channel_info(info, ¶ms); 4957 if (err) 4958 return err; 4959 4960 err = nl80211_parse_sta_wme(info, ¶ms); 4961 if (err) 4962 return err; 4963 4964 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 4965 return -EINVAL; 4966 4967 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT 4968 * as userspace might just pass through the capabilities from the IEs 4969 * directly, rather than enforcing this restriction and returning an 4970 * error in this case. 4971 */ 4972 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) { 4973 params.ht_capa = NULL; 4974 params.vht_capa = NULL; 4975 } 4976 4977 /* When you run into this, adjust the code below for the new flag */ 4978 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7); 4979 4980 switch (dev->ieee80211_ptr->iftype) { 4981 case NL80211_IFTYPE_AP: 4982 case NL80211_IFTYPE_AP_VLAN: 4983 case NL80211_IFTYPE_P2P_GO: 4984 /* ignore WME attributes if iface/sta is not capable */ 4985 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) || 4986 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) 4987 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 4988 4989 /* TDLS peers cannot be added */ 4990 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) || 4991 info->attrs[NL80211_ATTR_PEER_AID]) 4992 return -EINVAL; 4993 /* but don't bother the driver with it */ 4994 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 4995 4996 /* allow authenticated/associated only if driver handles it */ 4997 if (!(rdev->wiphy.features & 4998 NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 4999 params.sta_flags_mask & auth_assoc) 5000 return -EINVAL; 5001 5002 /* Older userspace, or userspace wanting to be compatible with 5003 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth 5004 * and assoc flags in the mask, but assumes the station will be 5005 * added as associated anyway since this was the required driver 5006 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was 5007 * introduced. 5008 * In order to not bother drivers with this quirk in the API 5009 * set the flags in both the mask and set for new stations in 5010 * this case. 5011 */ 5012 if (!(params.sta_flags_mask & auth_assoc)) { 5013 params.sta_flags_mask |= auth_assoc; 5014 params.sta_flags_set |= auth_assoc; 5015 } 5016 5017 /* must be last in here for error handling */ 5018 params.vlan = get_vlan(info, rdev); 5019 if (IS_ERR(params.vlan)) 5020 return PTR_ERR(params.vlan); 5021 break; 5022 case NL80211_IFTYPE_MESH_POINT: 5023 /* ignore uAPSD data */ 5024 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 5025 5026 /* associated is disallowed */ 5027 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED)) 5028 return -EINVAL; 5029 /* TDLS peers cannot be added */ 5030 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) || 5031 info->attrs[NL80211_ATTR_PEER_AID]) 5032 return -EINVAL; 5033 break; 5034 case NL80211_IFTYPE_STATION: 5035 case NL80211_IFTYPE_P2P_CLIENT: 5036 /* ignore uAPSD data */ 5037 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 5038 5039 /* these are disallowed */ 5040 if (params.sta_flags_mask & 5041 (BIT(NL80211_STA_FLAG_ASSOCIATED) | 5042 BIT(NL80211_STA_FLAG_AUTHENTICATED))) 5043 return -EINVAL; 5044 /* Only TDLS peers can be added */ 5045 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 5046 return -EINVAL; 5047 /* Can only add if TDLS ... */ 5048 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 5049 return -EOPNOTSUPP; 5050 /* ... with external setup is supported */ 5051 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 5052 return -EOPNOTSUPP; 5053 /* 5054 * Older wpa_supplicant versions always mark the TDLS peer 5055 * as authorized, but it shouldn't yet be. 5056 */ 5057 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED); 5058 break; 5059 default: 5060 return -EOPNOTSUPP; 5061 } 5062 5063 /* be aware of params.vlan when changing code here */ 5064 5065 err = rdev_add_station(rdev, dev, mac_addr, ¶ms); 5066 5067 if (params.vlan) 5068 dev_put(params.vlan); 5069 return err; 5070 } 5071 5072 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 5073 { 5074 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5075 struct net_device *dev = info->user_ptr[1]; 5076 struct station_del_parameters params; 5077 5078 memset(¶ms, 0, sizeof(params)); 5079 5080 if (info->attrs[NL80211_ATTR_MAC]) 5081 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]); 5082 5083 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5084 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5085 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 5086 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5087 return -EINVAL; 5088 5089 if (!rdev->ops->del_station) 5090 return -EOPNOTSUPP; 5091 5092 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) { 5093 params.subtype = 5094 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]); 5095 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 && 5096 params.subtype != IEEE80211_STYPE_DEAUTH >> 4) 5097 return -EINVAL; 5098 } else { 5099 /* Default to Deauthentication frame */ 5100 params.subtype = IEEE80211_STYPE_DEAUTH >> 4; 5101 } 5102 5103 if (info->attrs[NL80211_ATTR_REASON_CODE]) { 5104 params.reason_code = 5105 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5106 if (params.reason_code == 0) 5107 return -EINVAL; /* 0 is reserved */ 5108 } else { 5109 /* Default to reason code 2 */ 5110 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID; 5111 } 5112 5113 return rdev_del_station(rdev, dev, ¶ms); 5114 } 5115 5116 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq, 5117 int flags, struct net_device *dev, 5118 u8 *dst, u8 *next_hop, 5119 struct mpath_info *pinfo) 5120 { 5121 void *hdr; 5122 struct nlattr *pinfoattr; 5123 5124 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH); 5125 if (!hdr) 5126 return -1; 5127 5128 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 5129 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || 5130 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) || 5131 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation)) 5132 goto nla_put_failure; 5133 5134 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 5135 if (!pinfoattr) 5136 goto nla_put_failure; 5137 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) && 5138 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 5139 pinfo->frame_qlen)) 5140 goto nla_put_failure; 5141 if (((pinfo->filled & MPATH_INFO_SN) && 5142 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) || 5143 ((pinfo->filled & MPATH_INFO_METRIC) && 5144 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC, 5145 pinfo->metric)) || 5146 ((pinfo->filled & MPATH_INFO_EXPTIME) && 5147 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME, 5148 pinfo->exptime)) || 5149 ((pinfo->filled & MPATH_INFO_FLAGS) && 5150 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS, 5151 pinfo->flags)) || 5152 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) && 5153 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 5154 pinfo->discovery_timeout)) || 5155 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) && 5156 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 5157 pinfo->discovery_retries))) 5158 goto nla_put_failure; 5159 5160 nla_nest_end(msg, pinfoattr); 5161 5162 genlmsg_end(msg, hdr); 5163 return 0; 5164 5165 nla_put_failure: 5166 genlmsg_cancel(msg, hdr); 5167 return -EMSGSIZE; 5168 } 5169 5170 static int nl80211_dump_mpath(struct sk_buff *skb, 5171 struct netlink_callback *cb) 5172 { 5173 struct mpath_info pinfo; 5174 struct cfg80211_registered_device *rdev; 5175 struct wireless_dev *wdev; 5176 u8 dst[ETH_ALEN]; 5177 u8 next_hop[ETH_ALEN]; 5178 int path_idx = cb->args[2]; 5179 int err; 5180 5181 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev); 5182 if (err) 5183 return err; 5184 5185 if (!rdev->ops->dump_mpath) { 5186 err = -EOPNOTSUPP; 5187 goto out_err; 5188 } 5189 5190 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) { 5191 err = -EOPNOTSUPP; 5192 goto out_err; 5193 } 5194 5195 while (1) { 5196 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst, 5197 next_hop, &pinfo); 5198 if (err == -ENOENT) 5199 break; 5200 if (err) 5201 goto out_err; 5202 5203 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 5204 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5205 wdev->netdev, dst, next_hop, 5206 &pinfo) < 0) 5207 goto out; 5208 5209 path_idx++; 5210 } 5211 5212 out: 5213 cb->args[2] = path_idx; 5214 err = skb->len; 5215 out_err: 5216 nl80211_finish_wdev_dump(rdev); 5217 return err; 5218 } 5219 5220 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 5221 { 5222 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5223 int err; 5224 struct net_device *dev = info->user_ptr[1]; 5225 struct mpath_info pinfo; 5226 struct sk_buff *msg; 5227 u8 *dst = NULL; 5228 u8 next_hop[ETH_ALEN]; 5229 5230 memset(&pinfo, 0, sizeof(pinfo)); 5231 5232 if (!info->attrs[NL80211_ATTR_MAC]) 5233 return -EINVAL; 5234 5235 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 5236 5237 if (!rdev->ops->get_mpath) 5238 return -EOPNOTSUPP; 5239 5240 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 5241 return -EOPNOTSUPP; 5242 5243 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo); 5244 if (err) 5245 return err; 5246 5247 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5248 if (!msg) 5249 return -ENOMEM; 5250 5251 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 5252 dev, dst, next_hop, &pinfo) < 0) { 5253 nlmsg_free(msg); 5254 return -ENOBUFS; 5255 } 5256 5257 return genlmsg_reply(msg, info); 5258 } 5259 5260 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 5261 { 5262 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5263 struct net_device *dev = info->user_ptr[1]; 5264 u8 *dst = NULL; 5265 u8 *next_hop = NULL; 5266 5267 if (!info->attrs[NL80211_ATTR_MAC]) 5268 return -EINVAL; 5269 5270 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 5271 return -EINVAL; 5272 5273 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 5274 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 5275 5276 if (!rdev->ops->change_mpath) 5277 return -EOPNOTSUPP; 5278 5279 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 5280 return -EOPNOTSUPP; 5281 5282 return rdev_change_mpath(rdev, dev, dst, next_hop); 5283 } 5284 5285 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 5286 { 5287 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5288 struct net_device *dev = info->user_ptr[1]; 5289 u8 *dst = NULL; 5290 u8 *next_hop = NULL; 5291 5292 if (!info->attrs[NL80211_ATTR_MAC]) 5293 return -EINVAL; 5294 5295 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 5296 return -EINVAL; 5297 5298 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 5299 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 5300 5301 if (!rdev->ops->add_mpath) 5302 return -EOPNOTSUPP; 5303 5304 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 5305 return -EOPNOTSUPP; 5306 5307 return rdev_add_mpath(rdev, dev, dst, next_hop); 5308 } 5309 5310 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 5311 { 5312 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5313 struct net_device *dev = info->user_ptr[1]; 5314 u8 *dst = NULL; 5315 5316 if (info->attrs[NL80211_ATTR_MAC]) 5317 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 5318 5319 if (!rdev->ops->del_mpath) 5320 return -EOPNOTSUPP; 5321 5322 return rdev_del_mpath(rdev, dev, dst); 5323 } 5324 5325 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info) 5326 { 5327 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5328 int err; 5329 struct net_device *dev = info->user_ptr[1]; 5330 struct mpath_info pinfo; 5331 struct sk_buff *msg; 5332 u8 *dst = NULL; 5333 u8 mpp[ETH_ALEN]; 5334 5335 memset(&pinfo, 0, sizeof(pinfo)); 5336 5337 if (!info->attrs[NL80211_ATTR_MAC]) 5338 return -EINVAL; 5339 5340 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 5341 5342 if (!rdev->ops->get_mpp) 5343 return -EOPNOTSUPP; 5344 5345 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 5346 return -EOPNOTSUPP; 5347 5348 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo); 5349 if (err) 5350 return err; 5351 5352 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5353 if (!msg) 5354 return -ENOMEM; 5355 5356 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 5357 dev, dst, mpp, &pinfo) < 0) { 5358 nlmsg_free(msg); 5359 return -ENOBUFS; 5360 } 5361 5362 return genlmsg_reply(msg, info); 5363 } 5364 5365 static int nl80211_dump_mpp(struct sk_buff *skb, 5366 struct netlink_callback *cb) 5367 { 5368 struct mpath_info pinfo; 5369 struct cfg80211_registered_device *rdev; 5370 struct wireless_dev *wdev; 5371 u8 dst[ETH_ALEN]; 5372 u8 mpp[ETH_ALEN]; 5373 int path_idx = cb->args[2]; 5374 int err; 5375 5376 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev); 5377 if (err) 5378 return err; 5379 5380 if (!rdev->ops->dump_mpp) { 5381 err = -EOPNOTSUPP; 5382 goto out_err; 5383 } 5384 5385 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) { 5386 err = -EOPNOTSUPP; 5387 goto out_err; 5388 } 5389 5390 while (1) { 5391 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst, 5392 mpp, &pinfo); 5393 if (err == -ENOENT) 5394 break; 5395 if (err) 5396 goto out_err; 5397 5398 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 5399 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5400 wdev->netdev, dst, mpp, 5401 &pinfo) < 0) 5402 goto out; 5403 5404 path_idx++; 5405 } 5406 5407 out: 5408 cb->args[2] = path_idx; 5409 err = skb->len; 5410 out_err: 5411 nl80211_finish_wdev_dump(rdev); 5412 return err; 5413 } 5414 5415 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 5416 { 5417 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5418 struct net_device *dev = info->user_ptr[1]; 5419 struct wireless_dev *wdev = dev->ieee80211_ptr; 5420 struct bss_parameters params; 5421 int err; 5422 5423 memset(¶ms, 0, sizeof(params)); 5424 /* default to not changing parameters */ 5425 params.use_cts_prot = -1; 5426 params.use_short_preamble = -1; 5427 params.use_short_slot_time = -1; 5428 params.ap_isolate = -1; 5429 params.ht_opmode = -1; 5430 params.p2p_ctwindow = -1; 5431 params.p2p_opp_ps = -1; 5432 5433 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 5434 params.use_cts_prot = 5435 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 5436 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 5437 params.use_short_preamble = 5438 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 5439 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 5440 params.use_short_slot_time = 5441 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 5442 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 5443 params.basic_rates = 5444 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5445 params.basic_rates_len = 5446 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5447 } 5448 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 5449 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 5450 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 5451 params.ht_opmode = 5452 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 5453 5454 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 5455 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5456 return -EINVAL; 5457 params.p2p_ctwindow = 5458 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 5459 if (params.p2p_ctwindow < 0) 5460 return -EINVAL; 5461 if (params.p2p_ctwindow != 0 && 5462 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 5463 return -EINVAL; 5464 } 5465 5466 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 5467 u8 tmp; 5468 5469 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5470 return -EINVAL; 5471 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 5472 if (tmp > 1) 5473 return -EINVAL; 5474 params.p2p_opp_ps = tmp; 5475 if (params.p2p_opp_ps && 5476 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 5477 return -EINVAL; 5478 } 5479 5480 if (!rdev->ops->change_bss) 5481 return -EOPNOTSUPP; 5482 5483 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5484 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5485 return -EOPNOTSUPP; 5486 5487 wdev_lock(wdev); 5488 err = rdev_change_bss(rdev, dev, ¶ms); 5489 wdev_unlock(wdev); 5490 5491 return err; 5492 } 5493 5494 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 5495 { 5496 char *data = NULL; 5497 bool is_indoor; 5498 enum nl80211_user_reg_hint_type user_reg_hint_type; 5499 u32 owner_nlportid; 5500 5501 /* 5502 * You should only get this when cfg80211 hasn't yet initialized 5503 * completely when built-in to the kernel right between the time 5504 * window between nl80211_init() and regulatory_init(), if that is 5505 * even possible. 5506 */ 5507 if (unlikely(!rcu_access_pointer(cfg80211_regdomain))) 5508 return -EINPROGRESS; 5509 5510 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]) 5511 user_reg_hint_type = 5512 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]); 5513 else 5514 user_reg_hint_type = NL80211_USER_REG_HINT_USER; 5515 5516 switch (user_reg_hint_type) { 5517 case NL80211_USER_REG_HINT_USER: 5518 case NL80211_USER_REG_HINT_CELL_BASE: 5519 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 5520 return -EINVAL; 5521 5522 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 5523 return regulatory_hint_user(data, user_reg_hint_type); 5524 case NL80211_USER_REG_HINT_INDOOR: 5525 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 5526 owner_nlportid = info->snd_portid; 5527 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR]; 5528 } else { 5529 owner_nlportid = 0; 5530 is_indoor = true; 5531 } 5532 5533 return regulatory_hint_indoor(is_indoor, owner_nlportid); 5534 default: 5535 return -EINVAL; 5536 } 5537 } 5538 5539 static int nl80211_get_mesh_config(struct sk_buff *skb, 5540 struct genl_info *info) 5541 { 5542 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5543 struct net_device *dev = info->user_ptr[1]; 5544 struct wireless_dev *wdev = dev->ieee80211_ptr; 5545 struct mesh_config cur_params; 5546 int err = 0; 5547 void *hdr; 5548 struct nlattr *pinfoattr; 5549 struct sk_buff *msg; 5550 5551 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 5552 return -EOPNOTSUPP; 5553 5554 if (!rdev->ops->get_mesh_config) 5555 return -EOPNOTSUPP; 5556 5557 wdev_lock(wdev); 5558 /* If not connected, get default parameters */ 5559 if (!wdev->mesh_id_len) 5560 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 5561 else 5562 err = rdev_get_mesh_config(rdev, dev, &cur_params); 5563 wdev_unlock(wdev); 5564 5565 if (err) 5566 return err; 5567 5568 /* Draw up a netlink message to send back */ 5569 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5570 if (!msg) 5571 return -ENOMEM; 5572 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 5573 NL80211_CMD_GET_MESH_CONFIG); 5574 if (!hdr) 5575 goto out; 5576 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); 5577 if (!pinfoattr) 5578 goto nla_put_failure; 5579 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 5580 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 5581 cur_params.dot11MeshRetryTimeout) || 5582 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 5583 cur_params.dot11MeshConfirmTimeout) || 5584 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 5585 cur_params.dot11MeshHoldingTimeout) || 5586 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 5587 cur_params.dot11MeshMaxPeerLinks) || 5588 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES, 5589 cur_params.dot11MeshMaxRetries) || 5590 nla_put_u8(msg, NL80211_MESHCONF_TTL, 5591 cur_params.dot11MeshTTL) || 5592 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL, 5593 cur_params.element_ttl) || 5594 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 5595 cur_params.auto_open_plinks) || 5596 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 5597 cur_params.dot11MeshNbrOffsetMaxNeighbor) || 5598 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 5599 cur_params.dot11MeshHWMPmaxPREQretries) || 5600 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 5601 cur_params.path_refresh_time) || 5602 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 5603 cur_params.min_discovery_timeout) || 5604 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 5605 cur_params.dot11MeshHWMPactivePathTimeout) || 5606 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 5607 cur_params.dot11MeshHWMPpreqMinInterval) || 5608 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 5609 cur_params.dot11MeshHWMPperrMinInterval) || 5610 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 5611 cur_params.dot11MeshHWMPnetDiameterTraversalTime) || 5612 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 5613 cur_params.dot11MeshHWMPRootMode) || 5614 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 5615 cur_params.dot11MeshHWMPRannInterval) || 5616 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 5617 cur_params.dot11MeshGateAnnouncementProtocol) || 5618 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING, 5619 cur_params.dot11MeshForwarding) || 5620 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 5621 cur_params.rssi_threshold) || 5622 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE, 5623 cur_params.ht_opmode) || 5624 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 5625 cur_params.dot11MeshHWMPactivePathToRootTimeout) || 5626 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 5627 cur_params.dot11MeshHWMProotInterval) || 5628 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 5629 cur_params.dot11MeshHWMPconfirmationInterval) || 5630 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE, 5631 cur_params.power_mode) || 5632 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW, 5633 cur_params.dot11MeshAwakeWindowDuration) || 5634 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT, 5635 cur_params.plink_timeout)) 5636 goto nla_put_failure; 5637 nla_nest_end(msg, pinfoattr); 5638 genlmsg_end(msg, hdr); 5639 return genlmsg_reply(msg, info); 5640 5641 nla_put_failure: 5642 genlmsg_cancel(msg, hdr); 5643 out: 5644 nlmsg_free(msg); 5645 return -ENOBUFS; 5646 } 5647 5648 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 5649 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 5650 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 5651 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 5652 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 5653 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 5654 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 5655 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 }, 5656 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 5657 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 }, 5658 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 5659 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 5660 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 5661 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 5662 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 5663 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 }, 5664 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 5665 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 }, 5666 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 }, 5667 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 }, 5668 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 }, 5669 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 }, 5670 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 }, 5671 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 }, 5672 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 }, 5673 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 }, 5674 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 }, 5675 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 }, 5676 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 }, 5677 }; 5678 5679 static const struct nla_policy 5680 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 5681 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 }, 5682 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 5683 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 5684 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 5685 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 }, 5686 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG }, 5687 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY, 5688 .len = IEEE80211_MAX_DATA_LEN }, 5689 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 5690 }; 5691 5692 static int nl80211_check_bool(const struct nlattr *nla, u8 min, u8 max, bool *out) 5693 { 5694 u8 val = nla_get_u8(nla); 5695 if (val < min || val > max) 5696 return -EINVAL; 5697 *out = val; 5698 return 0; 5699 } 5700 5701 static int nl80211_check_u8(const struct nlattr *nla, u8 min, u8 max, u8 *out) 5702 { 5703 u8 val = nla_get_u8(nla); 5704 if (val < min || val > max) 5705 return -EINVAL; 5706 *out = val; 5707 return 0; 5708 } 5709 5710 static int nl80211_check_u16(const struct nlattr *nla, u16 min, u16 max, u16 *out) 5711 { 5712 u16 val = nla_get_u16(nla); 5713 if (val < min || val > max) 5714 return -EINVAL; 5715 *out = val; 5716 return 0; 5717 } 5718 5719 static int nl80211_check_u32(const struct nlattr *nla, u32 min, u32 max, u32 *out) 5720 { 5721 u32 val = nla_get_u32(nla); 5722 if (val < min || val > max) 5723 return -EINVAL; 5724 *out = val; 5725 return 0; 5726 } 5727 5728 static int nl80211_check_s32(const struct nlattr *nla, s32 min, s32 max, s32 *out) 5729 { 5730 s32 val = nla_get_s32(nla); 5731 if (val < min || val > max) 5732 return -EINVAL; 5733 *out = val; 5734 return 0; 5735 } 5736 5737 static int nl80211_check_power_mode(const struct nlattr *nla, 5738 enum nl80211_mesh_power_mode min, 5739 enum nl80211_mesh_power_mode max, 5740 enum nl80211_mesh_power_mode *out) 5741 { 5742 u32 val = nla_get_u32(nla); 5743 if (val < min || val > max) 5744 return -EINVAL; 5745 *out = val; 5746 return 0; 5747 } 5748 5749 static int nl80211_parse_mesh_config(struct genl_info *info, 5750 struct mesh_config *cfg, 5751 u32 *mask_out) 5752 { 5753 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 5754 u32 mask = 0; 5755 u16 ht_opmode; 5756 5757 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \ 5758 do { \ 5759 if (tb[attr]) { \ 5760 if (fn(tb[attr], min, max, &cfg->param)) \ 5761 return -EINVAL; \ 5762 mask |= (1 << (attr - 1)); \ 5763 } \ 5764 } while (0) 5765 5766 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 5767 return -EINVAL; 5768 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 5769 info->attrs[NL80211_ATTR_MESH_CONFIG], 5770 nl80211_meshconf_params_policy)) 5771 return -EINVAL; 5772 5773 /* This makes sure that there aren't more than 32 mesh config 5774 * parameters (otherwise our bitfield scheme would not work.) */ 5775 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 5776 5777 /* Fill in the params struct */ 5778 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255, 5779 mask, NL80211_MESHCONF_RETRY_TIMEOUT, 5780 nl80211_check_u16); 5781 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255, 5782 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, 5783 nl80211_check_u16); 5784 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255, 5785 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, 5786 nl80211_check_u16); 5787 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255, 5788 mask, NL80211_MESHCONF_MAX_PEER_LINKS, 5789 nl80211_check_u16); 5790 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16, 5791 mask, NL80211_MESHCONF_MAX_RETRIES, 5792 nl80211_check_u8); 5793 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255, 5794 mask, NL80211_MESHCONF_TTL, nl80211_check_u8); 5795 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255, 5796 mask, NL80211_MESHCONF_ELEMENT_TTL, 5797 nl80211_check_u8); 5798 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1, 5799 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 5800 nl80211_check_bool); 5801 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, 5802 1, 255, mask, 5803 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 5804 nl80211_check_u32); 5805 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255, 5806 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 5807 nl80211_check_u8); 5808 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535, 5809 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, 5810 nl80211_check_u32); 5811 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535, 5812 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 5813 nl80211_check_u16); 5814 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 5815 1, 65535, mask, 5816 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 5817 nl80211_check_u32); 5818 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 5819 1, 65535, mask, 5820 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 5821 nl80211_check_u16); 5822 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, 5823 1, 65535, mask, 5824 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 5825 nl80211_check_u16); 5826 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 5827 dot11MeshHWMPnetDiameterTraversalTime, 5828 1, 65535, mask, 5829 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 5830 nl80211_check_u16); 5831 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4, 5832 mask, NL80211_MESHCONF_HWMP_ROOTMODE, 5833 nl80211_check_u8); 5834 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535, 5835 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 5836 nl80211_check_u16); 5837 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 5838 dot11MeshGateAnnouncementProtocol, 0, 1, 5839 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 5840 nl80211_check_bool); 5841 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1, 5842 mask, NL80211_MESHCONF_FORWARDING, 5843 nl80211_check_bool); 5844 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0, 5845 mask, NL80211_MESHCONF_RSSI_THRESHOLD, 5846 nl80211_check_s32); 5847 /* 5848 * Check HT operation mode based on 5849 * IEEE 802.11 2012 8.4.2.59 HT Operation element. 5850 */ 5851 if (tb[NL80211_MESHCONF_HT_OPMODE]) { 5852 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]); 5853 5854 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION | 5855 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT | 5856 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT)) 5857 return -EINVAL; 5858 5859 if ((ht_opmode & IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT) && 5860 (ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT)) 5861 return -EINVAL; 5862 5863 switch (ht_opmode & IEEE80211_HT_OP_MODE_PROTECTION) { 5864 case IEEE80211_HT_OP_MODE_PROTECTION_NONE: 5865 case IEEE80211_HT_OP_MODE_PROTECTION_20MHZ: 5866 if (ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT) 5867 return -EINVAL; 5868 break; 5869 case IEEE80211_HT_OP_MODE_PROTECTION_NONMEMBER: 5870 case IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED: 5871 if (!(ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT)) 5872 return -EINVAL; 5873 break; 5874 } 5875 cfg->ht_opmode = ht_opmode; 5876 } 5877 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout, 5878 1, 65535, mask, 5879 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 5880 nl80211_check_u32); 5881 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535, 5882 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 5883 nl80211_check_u16); 5884 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 5885 dot11MeshHWMPconfirmationInterval, 5886 1, 65535, mask, 5887 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 5888 nl80211_check_u16); 5889 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, 5890 NL80211_MESH_POWER_ACTIVE, 5891 NL80211_MESH_POWER_MAX, 5892 mask, NL80211_MESHCONF_POWER_MODE, 5893 nl80211_check_power_mode); 5894 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, 5895 0, 65535, mask, 5896 NL80211_MESHCONF_AWAKE_WINDOW, nl80211_check_u16); 5897 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff, 5898 mask, NL80211_MESHCONF_PLINK_TIMEOUT, 5899 nl80211_check_u32); 5900 if (mask_out) 5901 *mask_out = mask; 5902 5903 return 0; 5904 5905 #undef FILL_IN_MESH_PARAM_IF_SET 5906 } 5907 5908 static int nl80211_parse_mesh_setup(struct genl_info *info, 5909 struct mesh_setup *setup) 5910 { 5911 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5912 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 5913 5914 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 5915 return -EINVAL; 5916 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX, 5917 info->attrs[NL80211_ATTR_MESH_SETUP], 5918 nl80211_mesh_setup_params_policy)) 5919 return -EINVAL; 5920 5921 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC]) 5922 setup->sync_method = 5923 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ? 5924 IEEE80211_SYNC_METHOD_VENDOR : 5925 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET; 5926 5927 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 5928 setup->path_sel_proto = 5929 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 5930 IEEE80211_PATH_PROTOCOL_VENDOR : 5931 IEEE80211_PATH_PROTOCOL_HWMP; 5932 5933 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 5934 setup->path_metric = 5935 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 5936 IEEE80211_PATH_METRIC_VENDOR : 5937 IEEE80211_PATH_METRIC_AIRTIME; 5938 5939 if (tb[NL80211_MESH_SETUP_IE]) { 5940 struct nlattr *ieattr = 5941 tb[NL80211_MESH_SETUP_IE]; 5942 if (!is_valid_ie_attr(ieattr)) 5943 return -EINVAL; 5944 setup->ie = nla_data(ieattr); 5945 setup->ie_len = nla_len(ieattr); 5946 } 5947 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] && 5948 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM)) 5949 return -EINVAL; 5950 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]); 5951 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 5952 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 5953 if (setup->is_secure) 5954 setup->user_mpm = true; 5955 5956 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) { 5957 if (!setup->user_mpm) 5958 return -EINVAL; 5959 setup->auth_id = 5960 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]); 5961 } 5962 5963 return 0; 5964 } 5965 5966 static int nl80211_update_mesh_config(struct sk_buff *skb, 5967 struct genl_info *info) 5968 { 5969 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5970 struct net_device *dev = info->user_ptr[1]; 5971 struct wireless_dev *wdev = dev->ieee80211_ptr; 5972 struct mesh_config cfg; 5973 u32 mask; 5974 int err; 5975 5976 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 5977 return -EOPNOTSUPP; 5978 5979 if (!rdev->ops->update_mesh_config) 5980 return -EOPNOTSUPP; 5981 5982 err = nl80211_parse_mesh_config(info, &cfg, &mask); 5983 if (err) 5984 return err; 5985 5986 wdev_lock(wdev); 5987 if (!wdev->mesh_id_len) 5988 err = -ENOLINK; 5989 5990 if (!err) 5991 err = rdev_update_mesh_config(rdev, dev, mask, &cfg); 5992 5993 wdev_unlock(wdev); 5994 5995 return err; 5996 } 5997 5998 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom, 5999 struct sk_buff *msg) 6000 { 6001 struct nlattr *nl_reg_rules; 6002 unsigned int i; 6003 6004 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) || 6005 (regdom->dfs_region && 6006 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region))) 6007 goto nla_put_failure; 6008 6009 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 6010 if (!nl_reg_rules) 6011 goto nla_put_failure; 6012 6013 for (i = 0; i < regdom->n_reg_rules; i++) { 6014 struct nlattr *nl_reg_rule; 6015 const struct ieee80211_reg_rule *reg_rule; 6016 const struct ieee80211_freq_range *freq_range; 6017 const struct ieee80211_power_rule *power_rule; 6018 unsigned int max_bandwidth_khz; 6019 6020 reg_rule = ®dom->reg_rules[i]; 6021 freq_range = ®_rule->freq_range; 6022 power_rule = ®_rule->power_rule; 6023 6024 nl_reg_rule = nla_nest_start(msg, i); 6025 if (!nl_reg_rule) 6026 goto nla_put_failure; 6027 6028 max_bandwidth_khz = freq_range->max_bandwidth_khz; 6029 if (!max_bandwidth_khz) 6030 max_bandwidth_khz = reg_get_max_bandwidth(regdom, 6031 reg_rule); 6032 6033 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS, 6034 reg_rule->flags) || 6035 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START, 6036 freq_range->start_freq_khz) || 6037 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END, 6038 freq_range->end_freq_khz) || 6039 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 6040 max_bandwidth_khz) || 6041 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 6042 power_rule->max_antenna_gain) || 6043 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 6044 power_rule->max_eirp) || 6045 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME, 6046 reg_rule->dfs_cac_ms)) 6047 goto nla_put_failure; 6048 6049 nla_nest_end(msg, nl_reg_rule); 6050 } 6051 6052 nla_nest_end(msg, nl_reg_rules); 6053 return 0; 6054 6055 nla_put_failure: 6056 return -EMSGSIZE; 6057 } 6058 6059 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info) 6060 { 6061 const struct ieee80211_regdomain *regdom = NULL; 6062 struct cfg80211_registered_device *rdev; 6063 struct wiphy *wiphy = NULL; 6064 struct sk_buff *msg; 6065 void *hdr; 6066 6067 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6068 if (!msg) 6069 return -ENOBUFS; 6070 6071 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6072 NL80211_CMD_GET_REG); 6073 if (!hdr) 6074 goto put_failure; 6075 6076 if (info->attrs[NL80211_ATTR_WIPHY]) { 6077 bool self_managed; 6078 6079 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 6080 if (IS_ERR(rdev)) { 6081 nlmsg_free(msg); 6082 return PTR_ERR(rdev); 6083 } 6084 6085 wiphy = &rdev->wiphy; 6086 self_managed = wiphy->regulatory_flags & 6087 REGULATORY_WIPHY_SELF_MANAGED; 6088 regdom = get_wiphy_regdom(wiphy); 6089 6090 /* a self-managed-reg device must have a private regdom */ 6091 if (WARN_ON(!regdom && self_managed)) { 6092 nlmsg_free(msg); 6093 return -EINVAL; 6094 } 6095 6096 if (regdom && 6097 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 6098 goto nla_put_failure; 6099 } 6100 6101 if (!wiphy && reg_last_request_cell_base() && 6102 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 6103 NL80211_USER_REG_HINT_CELL_BASE)) 6104 goto nla_put_failure; 6105 6106 rcu_read_lock(); 6107 6108 if (!regdom) 6109 regdom = rcu_dereference(cfg80211_regdomain); 6110 6111 if (nl80211_put_regdom(regdom, msg)) 6112 goto nla_put_failure_rcu; 6113 6114 rcu_read_unlock(); 6115 6116 genlmsg_end(msg, hdr); 6117 return genlmsg_reply(msg, info); 6118 6119 nla_put_failure_rcu: 6120 rcu_read_unlock(); 6121 nla_put_failure: 6122 genlmsg_cancel(msg, hdr); 6123 put_failure: 6124 nlmsg_free(msg); 6125 return -EMSGSIZE; 6126 } 6127 6128 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb, 6129 u32 seq, int flags, struct wiphy *wiphy, 6130 const struct ieee80211_regdomain *regdom) 6131 { 6132 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 6133 NL80211_CMD_GET_REG); 6134 6135 if (!hdr) 6136 return -1; 6137 6138 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 6139 6140 if (nl80211_put_regdom(regdom, msg)) 6141 goto nla_put_failure; 6142 6143 if (!wiphy && reg_last_request_cell_base() && 6144 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 6145 NL80211_USER_REG_HINT_CELL_BASE)) 6146 goto nla_put_failure; 6147 6148 if (wiphy && 6149 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 6150 goto nla_put_failure; 6151 6152 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 6153 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 6154 goto nla_put_failure; 6155 6156 genlmsg_end(msg, hdr); 6157 return 0; 6158 6159 nla_put_failure: 6160 genlmsg_cancel(msg, hdr); 6161 return -EMSGSIZE; 6162 } 6163 6164 static int nl80211_get_reg_dump(struct sk_buff *skb, 6165 struct netlink_callback *cb) 6166 { 6167 const struct ieee80211_regdomain *regdom = NULL; 6168 struct cfg80211_registered_device *rdev; 6169 int err, reg_idx, start = cb->args[2]; 6170 6171 rtnl_lock(); 6172 6173 if (cfg80211_regdomain && start == 0) { 6174 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq, 6175 NLM_F_MULTI, NULL, 6176 rtnl_dereference(cfg80211_regdomain)); 6177 if (err < 0) 6178 goto out_err; 6179 } 6180 6181 /* the global regdom is idx 0 */ 6182 reg_idx = 1; 6183 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 6184 regdom = get_wiphy_regdom(&rdev->wiphy); 6185 if (!regdom) 6186 continue; 6187 6188 if (++reg_idx <= start) 6189 continue; 6190 6191 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq, 6192 NLM_F_MULTI, &rdev->wiphy, regdom); 6193 if (err < 0) { 6194 reg_idx--; 6195 break; 6196 } 6197 } 6198 6199 cb->args[2] = reg_idx; 6200 err = skb->len; 6201 out_err: 6202 rtnl_unlock(); 6203 return err; 6204 } 6205 6206 #ifdef CONFIG_CFG80211_CRDA_SUPPORT 6207 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 6208 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 6209 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 6210 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 6211 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 6212 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 6213 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 6214 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 }, 6215 }; 6216 6217 static int parse_reg_rule(struct nlattr *tb[], 6218 struct ieee80211_reg_rule *reg_rule) 6219 { 6220 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 6221 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 6222 6223 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 6224 return -EINVAL; 6225 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 6226 return -EINVAL; 6227 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 6228 return -EINVAL; 6229 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 6230 return -EINVAL; 6231 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6232 return -EINVAL; 6233 6234 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 6235 6236 freq_range->start_freq_khz = 6237 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 6238 freq_range->end_freq_khz = 6239 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 6240 freq_range->max_bandwidth_khz = 6241 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 6242 6243 power_rule->max_eirp = 6244 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 6245 6246 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 6247 power_rule->max_antenna_gain = 6248 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 6249 6250 if (tb[NL80211_ATTR_DFS_CAC_TIME]) 6251 reg_rule->dfs_cac_ms = 6252 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]); 6253 6254 return 0; 6255 } 6256 6257 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 6258 { 6259 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 6260 struct nlattr *nl_reg_rule; 6261 char *alpha2; 6262 int rem_reg_rules, r; 6263 u32 num_rules = 0, rule_idx = 0, size_of_regd; 6264 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET; 6265 struct ieee80211_regdomain *rd; 6266 6267 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 6268 return -EINVAL; 6269 6270 if (!info->attrs[NL80211_ATTR_REG_RULES]) 6271 return -EINVAL; 6272 6273 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 6274 6275 if (info->attrs[NL80211_ATTR_DFS_REGION]) 6276 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 6277 6278 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 6279 rem_reg_rules) { 6280 num_rules++; 6281 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 6282 return -EINVAL; 6283 } 6284 6285 if (!reg_is_valid_request(alpha2)) 6286 return -EINVAL; 6287 6288 size_of_regd = sizeof(struct ieee80211_regdomain) + 6289 num_rules * sizeof(struct ieee80211_reg_rule); 6290 6291 rd = kzalloc(size_of_regd, GFP_KERNEL); 6292 if (!rd) 6293 return -ENOMEM; 6294 6295 rd->n_reg_rules = num_rules; 6296 rd->alpha2[0] = alpha2[0]; 6297 rd->alpha2[1] = alpha2[1]; 6298 6299 /* 6300 * Disable DFS master mode if the DFS region was 6301 * not supported or known on this kernel. 6302 */ 6303 if (reg_supported_dfs_region(dfs_region)) 6304 rd->dfs_region = dfs_region; 6305 6306 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 6307 rem_reg_rules) { 6308 r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 6309 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 6310 reg_rule_policy); 6311 if (r) 6312 goto bad_reg; 6313 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 6314 if (r) 6315 goto bad_reg; 6316 6317 rule_idx++; 6318 6319 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 6320 r = -EINVAL; 6321 goto bad_reg; 6322 } 6323 } 6324 6325 /* set_regdom takes ownership of rd */ 6326 return set_regdom(rd, REGD_SOURCE_CRDA); 6327 bad_reg: 6328 kfree(rd); 6329 return r; 6330 } 6331 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */ 6332 6333 static int validate_scan_freqs(struct nlattr *freqs) 6334 { 6335 struct nlattr *attr1, *attr2; 6336 int n_channels = 0, tmp1, tmp2; 6337 6338 nla_for_each_nested(attr1, freqs, tmp1) { 6339 n_channels++; 6340 /* 6341 * Some hardware has a limited channel list for 6342 * scanning, and it is pretty much nonsensical 6343 * to scan for a channel twice, so disallow that 6344 * and don't require drivers to check that the 6345 * channel list they get isn't longer than what 6346 * they can scan, as long as they can scan all 6347 * the channels they registered at once. 6348 */ 6349 nla_for_each_nested(attr2, freqs, tmp2) 6350 if (attr1 != attr2 && 6351 nla_get_u32(attr1) == nla_get_u32(attr2)) 6352 return 0; 6353 } 6354 6355 return n_channels; 6356 } 6357 6358 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b) 6359 { 6360 return b < NUM_NL80211_BANDS && wiphy->bands[b]; 6361 } 6362 6363 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy, 6364 struct cfg80211_bss_selection *bss_select) 6365 { 6366 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1]; 6367 struct nlattr *nest; 6368 int err; 6369 bool found = false; 6370 int i; 6371 6372 /* only process one nested attribute */ 6373 nest = nla_data(nla); 6374 if (!nla_ok(nest, nla_len(nest))) 6375 return -EINVAL; 6376 6377 err = nla_parse(attr, NL80211_BSS_SELECT_ATTR_MAX, nla_data(nest), 6378 nla_len(nest), nl80211_bss_select_policy); 6379 if (err) 6380 return err; 6381 6382 /* only one attribute may be given */ 6383 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) { 6384 if (attr[i]) { 6385 if (found) 6386 return -EINVAL; 6387 found = true; 6388 } 6389 } 6390 6391 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID; 6392 6393 if (attr[NL80211_BSS_SELECT_ATTR_RSSI]) 6394 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI; 6395 6396 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) { 6397 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF; 6398 bss_select->param.band_pref = 6399 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]); 6400 if (!is_band_valid(wiphy, bss_select->param.band_pref)) 6401 return -EINVAL; 6402 } 6403 6404 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) { 6405 struct nl80211_bss_select_rssi_adjust *adj_param; 6406 6407 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]); 6408 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST; 6409 bss_select->param.adjust.band = adj_param->band; 6410 bss_select->param.adjust.delta = adj_param->delta; 6411 if (!is_band_valid(wiphy, bss_select->param.adjust.band)) 6412 return -EINVAL; 6413 } 6414 6415 /* user-space did not provide behaviour attribute */ 6416 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID) 6417 return -EINVAL; 6418 6419 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour))) 6420 return -EINVAL; 6421 6422 return 0; 6423 } 6424 6425 static int nl80211_parse_random_mac(struct nlattr **attrs, 6426 u8 *mac_addr, u8 *mac_addr_mask) 6427 { 6428 int i; 6429 6430 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) { 6431 eth_zero_addr(mac_addr); 6432 eth_zero_addr(mac_addr_mask); 6433 mac_addr[0] = 0x2; 6434 mac_addr_mask[0] = 0x3; 6435 6436 return 0; 6437 } 6438 6439 /* need both or none */ 6440 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK]) 6441 return -EINVAL; 6442 6443 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN); 6444 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN); 6445 6446 /* don't allow or configure an mcast address */ 6447 if (!is_multicast_ether_addr(mac_addr_mask) || 6448 is_multicast_ether_addr(mac_addr)) 6449 return -EINVAL; 6450 6451 /* 6452 * allow users to pass a MAC address that has bits set outside 6453 * of the mask, but don't bother drivers with having to deal 6454 * with such bits 6455 */ 6456 for (i = 0; i < ETH_ALEN; i++) 6457 mac_addr[i] &= mac_addr_mask[i]; 6458 6459 return 0; 6460 } 6461 6462 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 6463 { 6464 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6465 struct wireless_dev *wdev = info->user_ptr[1]; 6466 struct cfg80211_scan_request *request; 6467 struct nlattr *attr; 6468 struct wiphy *wiphy; 6469 int err, tmp, n_ssids = 0, n_channels, i; 6470 size_t ie_len; 6471 6472 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 6473 return -EINVAL; 6474 6475 wiphy = &rdev->wiphy; 6476 6477 if (wdev->iftype == NL80211_IFTYPE_NAN) 6478 return -EOPNOTSUPP; 6479 6480 if (!rdev->ops->scan) 6481 return -EOPNOTSUPP; 6482 6483 if (rdev->scan_req || rdev->scan_msg) { 6484 err = -EBUSY; 6485 goto unlock; 6486 } 6487 6488 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 6489 n_channels = validate_scan_freqs( 6490 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 6491 if (!n_channels) { 6492 err = -EINVAL; 6493 goto unlock; 6494 } 6495 } else { 6496 n_channels = ieee80211_get_num_supported_channels(wiphy); 6497 } 6498 6499 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 6500 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 6501 n_ssids++; 6502 6503 if (n_ssids > wiphy->max_scan_ssids) { 6504 err = -EINVAL; 6505 goto unlock; 6506 } 6507 6508 if (info->attrs[NL80211_ATTR_IE]) 6509 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 6510 else 6511 ie_len = 0; 6512 6513 if (ie_len > wiphy->max_scan_ie_len) { 6514 err = -EINVAL; 6515 goto unlock; 6516 } 6517 6518 request = kzalloc(sizeof(*request) 6519 + sizeof(*request->ssids) * n_ssids 6520 + sizeof(*request->channels) * n_channels 6521 + ie_len, GFP_KERNEL); 6522 if (!request) { 6523 err = -ENOMEM; 6524 goto unlock; 6525 } 6526 6527 if (n_ssids) 6528 request->ssids = (void *)&request->channels[n_channels]; 6529 request->n_ssids = n_ssids; 6530 if (ie_len) { 6531 if (n_ssids) 6532 request->ie = (void *)(request->ssids + n_ssids); 6533 else 6534 request->ie = (void *)(request->channels + n_channels); 6535 } 6536 6537 i = 0; 6538 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 6539 /* user specified, bail out if channel not found */ 6540 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 6541 struct ieee80211_channel *chan; 6542 6543 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 6544 6545 if (!chan) { 6546 err = -EINVAL; 6547 goto out_free; 6548 } 6549 6550 /* ignore disabled channels */ 6551 if (chan->flags & IEEE80211_CHAN_DISABLED) 6552 continue; 6553 6554 request->channels[i] = chan; 6555 i++; 6556 } 6557 } else { 6558 enum nl80211_band band; 6559 6560 /* all channels */ 6561 for (band = 0; band < NUM_NL80211_BANDS; band++) { 6562 int j; 6563 6564 if (!wiphy->bands[band]) 6565 continue; 6566 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 6567 struct ieee80211_channel *chan; 6568 6569 chan = &wiphy->bands[band]->channels[j]; 6570 6571 if (chan->flags & IEEE80211_CHAN_DISABLED) 6572 continue; 6573 6574 request->channels[i] = chan; 6575 i++; 6576 } 6577 } 6578 } 6579 6580 if (!i) { 6581 err = -EINVAL; 6582 goto out_free; 6583 } 6584 6585 request->n_channels = i; 6586 6587 i = 0; 6588 if (n_ssids) { 6589 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 6590 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 6591 err = -EINVAL; 6592 goto out_free; 6593 } 6594 request->ssids[i].ssid_len = nla_len(attr); 6595 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 6596 i++; 6597 } 6598 } 6599 6600 if (info->attrs[NL80211_ATTR_IE]) { 6601 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 6602 memcpy((void *)request->ie, 6603 nla_data(info->attrs[NL80211_ATTR_IE]), 6604 request->ie_len); 6605 } 6606 6607 for (i = 0; i < NUM_NL80211_BANDS; i++) 6608 if (wiphy->bands[i]) 6609 request->rates[i] = 6610 (1 << wiphy->bands[i]->n_bitrates) - 1; 6611 6612 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 6613 nla_for_each_nested(attr, 6614 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 6615 tmp) { 6616 enum nl80211_band band = nla_type(attr); 6617 6618 if (band < 0 || band >= NUM_NL80211_BANDS) { 6619 err = -EINVAL; 6620 goto out_free; 6621 } 6622 6623 if (!wiphy->bands[band]) 6624 continue; 6625 6626 err = ieee80211_get_ratemask(wiphy->bands[band], 6627 nla_data(attr), 6628 nla_len(attr), 6629 &request->rates[band]); 6630 if (err) 6631 goto out_free; 6632 } 6633 } 6634 6635 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) { 6636 if (!wiphy_ext_feature_isset(wiphy, 6637 NL80211_EXT_FEATURE_SET_SCAN_DWELL)) { 6638 err = -EOPNOTSUPP; 6639 goto out_free; 6640 } 6641 6642 request->duration = 6643 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]); 6644 request->duration_mandatory = 6645 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]); 6646 } 6647 6648 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) { 6649 request->flags = nla_get_u32( 6650 info->attrs[NL80211_ATTR_SCAN_FLAGS]); 6651 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 6652 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) { 6653 err = -EOPNOTSUPP; 6654 goto out_free; 6655 } 6656 6657 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) { 6658 if (!(wiphy->features & 6659 NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR)) { 6660 err = -EOPNOTSUPP; 6661 goto out_free; 6662 } 6663 6664 if (wdev->current_bss) { 6665 err = -EOPNOTSUPP; 6666 goto out_free; 6667 } 6668 6669 err = nl80211_parse_random_mac(info->attrs, 6670 request->mac_addr, 6671 request->mac_addr_mask); 6672 if (err) 6673 goto out_free; 6674 } 6675 } 6676 6677 request->no_cck = 6678 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 6679 6680 if (info->attrs[NL80211_ATTR_MAC]) 6681 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]), 6682 ETH_ALEN); 6683 else 6684 eth_broadcast_addr(request->bssid); 6685 6686 request->wdev = wdev; 6687 request->wiphy = &rdev->wiphy; 6688 request->scan_start = jiffies; 6689 6690 rdev->scan_req = request; 6691 err = rdev_scan(rdev, request); 6692 6693 if (!err) { 6694 nl80211_send_scan_start(rdev, wdev); 6695 if (wdev->netdev) 6696 dev_hold(wdev->netdev); 6697 } else { 6698 out_free: 6699 rdev->scan_req = NULL; 6700 kfree(request); 6701 } 6702 6703 unlock: 6704 return err; 6705 } 6706 6707 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info) 6708 { 6709 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6710 struct wireless_dev *wdev = info->user_ptr[1]; 6711 6712 if (!rdev->ops->abort_scan) 6713 return -EOPNOTSUPP; 6714 6715 if (rdev->scan_msg) 6716 return 0; 6717 6718 if (!rdev->scan_req) 6719 return -ENOENT; 6720 6721 rdev_abort_scan(rdev, wdev); 6722 return 0; 6723 } 6724 6725 static int 6726 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans, 6727 struct cfg80211_sched_scan_request *request, 6728 struct nlattr **attrs) 6729 { 6730 int tmp, err, i = 0; 6731 struct nlattr *attr; 6732 6733 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) { 6734 u32 interval; 6735 6736 /* 6737 * If scan plans are not specified, 6738 * %NL80211_ATTR_SCHED_SCAN_INTERVAL must be specified. In this 6739 * case one scan plan will be set with the specified scan 6740 * interval and infinite number of iterations. 6741 */ 6742 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 6743 return -EINVAL; 6744 6745 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 6746 if (!interval) 6747 return -EINVAL; 6748 6749 request->scan_plans[0].interval = 6750 DIV_ROUND_UP(interval, MSEC_PER_SEC); 6751 if (!request->scan_plans[0].interval) 6752 return -EINVAL; 6753 6754 if (request->scan_plans[0].interval > 6755 wiphy->max_sched_scan_plan_interval) 6756 request->scan_plans[0].interval = 6757 wiphy->max_sched_scan_plan_interval; 6758 6759 return 0; 6760 } 6761 6762 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) { 6763 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1]; 6764 6765 if (WARN_ON(i >= n_plans)) 6766 return -EINVAL; 6767 6768 err = nla_parse(plan, NL80211_SCHED_SCAN_PLAN_MAX, 6769 nla_data(attr), nla_len(attr), 6770 nl80211_plan_policy); 6771 if (err) 6772 return err; 6773 6774 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]) 6775 return -EINVAL; 6776 6777 request->scan_plans[i].interval = 6778 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]); 6779 if (!request->scan_plans[i].interval || 6780 request->scan_plans[i].interval > 6781 wiphy->max_sched_scan_plan_interval) 6782 return -EINVAL; 6783 6784 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) { 6785 request->scan_plans[i].iterations = 6786 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]); 6787 if (!request->scan_plans[i].iterations || 6788 (request->scan_plans[i].iterations > 6789 wiphy->max_sched_scan_plan_iterations)) 6790 return -EINVAL; 6791 } else if (i < n_plans - 1) { 6792 /* 6793 * All scan plans but the last one must specify 6794 * a finite number of iterations 6795 */ 6796 return -EINVAL; 6797 } 6798 6799 i++; 6800 } 6801 6802 /* 6803 * The last scan plan must not specify the number of 6804 * iterations, it is supposed to run infinitely 6805 */ 6806 if (request->scan_plans[n_plans - 1].iterations) 6807 return -EINVAL; 6808 6809 return 0; 6810 } 6811 6812 static struct cfg80211_sched_scan_request * 6813 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev, 6814 struct nlattr **attrs) 6815 { 6816 struct cfg80211_sched_scan_request *request; 6817 struct nlattr *attr; 6818 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0; 6819 enum nl80211_band band; 6820 size_t ie_len; 6821 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 6822 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF; 6823 6824 if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE])) 6825 return ERR_PTR(-EINVAL); 6826 6827 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 6828 n_channels = validate_scan_freqs( 6829 attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 6830 if (!n_channels) 6831 return ERR_PTR(-EINVAL); 6832 } else { 6833 n_channels = ieee80211_get_num_supported_channels(wiphy); 6834 } 6835 6836 if (attrs[NL80211_ATTR_SCAN_SSIDS]) 6837 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS], 6838 tmp) 6839 n_ssids++; 6840 6841 if (n_ssids > wiphy->max_sched_scan_ssids) 6842 return ERR_PTR(-EINVAL); 6843 6844 /* 6845 * First, count the number of 'real' matchsets. Due to an issue with 6846 * the old implementation, matchsets containing only the RSSI attribute 6847 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default' 6848 * RSSI for all matchsets, rather than their own matchset for reporting 6849 * all APs with a strong RSSI. This is needed to be compatible with 6850 * older userspace that treated a matchset with only the RSSI as the 6851 * global RSSI for all other matchsets - if there are other matchsets. 6852 */ 6853 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 6854 nla_for_each_nested(attr, 6855 attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 6856 tmp) { 6857 struct nlattr *rssi; 6858 6859 err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 6860 nla_data(attr), nla_len(attr), 6861 nl80211_match_policy); 6862 if (err) 6863 return ERR_PTR(err); 6864 /* add other standalone attributes here */ 6865 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) { 6866 n_match_sets++; 6867 continue; 6868 } 6869 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 6870 if (rssi) 6871 default_match_rssi = nla_get_s32(rssi); 6872 } 6873 } 6874 6875 /* However, if there's no other matchset, add the RSSI one */ 6876 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF) 6877 n_match_sets = 1; 6878 6879 if (n_match_sets > wiphy->max_match_sets) 6880 return ERR_PTR(-EINVAL); 6881 6882 if (attrs[NL80211_ATTR_IE]) 6883 ie_len = nla_len(attrs[NL80211_ATTR_IE]); 6884 else 6885 ie_len = 0; 6886 6887 if (ie_len > wiphy->max_sched_scan_ie_len) 6888 return ERR_PTR(-EINVAL); 6889 6890 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) { 6891 /* 6892 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since 6893 * each scan plan already specifies its own interval 6894 */ 6895 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 6896 return ERR_PTR(-EINVAL); 6897 6898 nla_for_each_nested(attr, 6899 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) 6900 n_plans++; 6901 } else { 6902 /* 6903 * The scan interval attribute is kept for backward 6904 * compatibility. If no scan plans are specified and sched scan 6905 * interval is specified, one scan plan will be set with this 6906 * scan interval and infinite number of iterations. 6907 */ 6908 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 6909 return ERR_PTR(-EINVAL); 6910 6911 n_plans = 1; 6912 } 6913 6914 if (!n_plans || n_plans > wiphy->max_sched_scan_plans) 6915 return ERR_PTR(-EINVAL); 6916 6917 request = kzalloc(sizeof(*request) 6918 + sizeof(*request->ssids) * n_ssids 6919 + sizeof(*request->match_sets) * n_match_sets 6920 + sizeof(*request->scan_plans) * n_plans 6921 + sizeof(*request->channels) * n_channels 6922 + ie_len, GFP_KERNEL); 6923 if (!request) 6924 return ERR_PTR(-ENOMEM); 6925 6926 if (n_ssids) 6927 request->ssids = (void *)&request->channels[n_channels]; 6928 request->n_ssids = n_ssids; 6929 if (ie_len) { 6930 if (n_ssids) 6931 request->ie = (void *)(request->ssids + n_ssids); 6932 else 6933 request->ie = (void *)(request->channels + n_channels); 6934 } 6935 6936 if (n_match_sets) { 6937 if (request->ie) 6938 request->match_sets = (void *)(request->ie + ie_len); 6939 else if (n_ssids) 6940 request->match_sets = 6941 (void *)(request->ssids + n_ssids); 6942 else 6943 request->match_sets = 6944 (void *)(request->channels + n_channels); 6945 } 6946 request->n_match_sets = n_match_sets; 6947 6948 if (n_match_sets) 6949 request->scan_plans = (void *)(request->match_sets + 6950 n_match_sets); 6951 else if (request->ie) 6952 request->scan_plans = (void *)(request->ie + ie_len); 6953 else if (n_ssids) 6954 request->scan_plans = (void *)(request->ssids + n_ssids); 6955 else 6956 request->scan_plans = (void *)(request->channels + n_channels); 6957 6958 request->n_scan_plans = n_plans; 6959 6960 i = 0; 6961 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 6962 /* user specified, bail out if channel not found */ 6963 nla_for_each_nested(attr, 6964 attrs[NL80211_ATTR_SCAN_FREQUENCIES], 6965 tmp) { 6966 struct ieee80211_channel *chan; 6967 6968 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 6969 6970 if (!chan) { 6971 err = -EINVAL; 6972 goto out_free; 6973 } 6974 6975 /* ignore disabled channels */ 6976 if (chan->flags & IEEE80211_CHAN_DISABLED) 6977 continue; 6978 6979 request->channels[i] = chan; 6980 i++; 6981 } 6982 } else { 6983 /* all channels */ 6984 for (band = 0; band < NUM_NL80211_BANDS; band++) { 6985 int j; 6986 6987 if (!wiphy->bands[band]) 6988 continue; 6989 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 6990 struct ieee80211_channel *chan; 6991 6992 chan = &wiphy->bands[band]->channels[j]; 6993 6994 if (chan->flags & IEEE80211_CHAN_DISABLED) 6995 continue; 6996 6997 request->channels[i] = chan; 6998 i++; 6999 } 7000 } 7001 } 7002 7003 if (!i) { 7004 err = -EINVAL; 7005 goto out_free; 7006 } 7007 7008 request->n_channels = i; 7009 7010 i = 0; 7011 if (n_ssids) { 7012 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS], 7013 tmp) { 7014 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 7015 err = -EINVAL; 7016 goto out_free; 7017 } 7018 request->ssids[i].ssid_len = nla_len(attr); 7019 memcpy(request->ssids[i].ssid, nla_data(attr), 7020 nla_len(attr)); 7021 i++; 7022 } 7023 } 7024 7025 i = 0; 7026 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 7027 nla_for_each_nested(attr, 7028 attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 7029 tmp) { 7030 struct nlattr *ssid, *rssi; 7031 7032 err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 7033 nla_data(attr), nla_len(attr), 7034 nl80211_match_policy); 7035 if (err) 7036 goto out_free; 7037 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]; 7038 if (ssid) { 7039 if (WARN_ON(i >= n_match_sets)) { 7040 /* this indicates a programming error, 7041 * the loop above should have verified 7042 * things properly 7043 */ 7044 err = -EINVAL; 7045 goto out_free; 7046 } 7047 7048 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { 7049 err = -EINVAL; 7050 goto out_free; 7051 } 7052 memcpy(request->match_sets[i].ssid.ssid, 7053 nla_data(ssid), nla_len(ssid)); 7054 request->match_sets[i].ssid.ssid_len = 7055 nla_len(ssid); 7056 /* special attribute - old implementation w/a */ 7057 request->match_sets[i].rssi_thold = 7058 default_match_rssi; 7059 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 7060 if (rssi) 7061 request->match_sets[i].rssi_thold = 7062 nla_get_s32(rssi); 7063 } 7064 i++; 7065 } 7066 7067 /* there was no other matchset, so the RSSI one is alone */ 7068 if (i == 0 && n_match_sets) 7069 request->match_sets[0].rssi_thold = default_match_rssi; 7070 7071 request->min_rssi_thold = INT_MAX; 7072 for (i = 0; i < n_match_sets; i++) 7073 request->min_rssi_thold = 7074 min(request->match_sets[i].rssi_thold, 7075 request->min_rssi_thold); 7076 } else { 7077 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF; 7078 } 7079 7080 if (ie_len) { 7081 request->ie_len = ie_len; 7082 memcpy((void *)request->ie, 7083 nla_data(attrs[NL80211_ATTR_IE]), 7084 request->ie_len); 7085 } 7086 7087 if (attrs[NL80211_ATTR_SCAN_FLAGS]) { 7088 request->flags = nla_get_u32( 7089 attrs[NL80211_ATTR_SCAN_FLAGS]); 7090 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 7091 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) { 7092 err = -EOPNOTSUPP; 7093 goto out_free; 7094 } 7095 7096 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) { 7097 u32 flg = NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR; 7098 7099 if (!wdev) /* must be net-detect */ 7100 flg = NL80211_FEATURE_ND_RANDOM_MAC_ADDR; 7101 7102 if (!(wiphy->features & flg)) { 7103 err = -EOPNOTSUPP; 7104 goto out_free; 7105 } 7106 7107 if (wdev && wdev->current_bss) { 7108 err = -EOPNOTSUPP; 7109 goto out_free; 7110 } 7111 7112 err = nl80211_parse_random_mac(attrs, request->mac_addr, 7113 request->mac_addr_mask); 7114 if (err) 7115 goto out_free; 7116 } 7117 } 7118 7119 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY]) 7120 request->delay = 7121 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]); 7122 7123 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs); 7124 if (err) 7125 goto out_free; 7126 7127 request->scan_start = jiffies; 7128 7129 return request; 7130 7131 out_free: 7132 kfree(request); 7133 return ERR_PTR(err); 7134 } 7135 7136 static int nl80211_start_sched_scan(struct sk_buff *skb, 7137 struct genl_info *info) 7138 { 7139 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7140 struct net_device *dev = info->user_ptr[1]; 7141 struct wireless_dev *wdev = dev->ieee80211_ptr; 7142 struct cfg80211_sched_scan_request *sched_scan_req; 7143 int err; 7144 7145 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 7146 !rdev->ops->sched_scan_start) 7147 return -EOPNOTSUPP; 7148 7149 if (rdev->sched_scan_req) 7150 return -EINPROGRESS; 7151 7152 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev, 7153 info->attrs); 7154 7155 err = PTR_ERR_OR_ZERO(sched_scan_req); 7156 if (err) 7157 goto out_err; 7158 7159 err = rdev_sched_scan_start(rdev, dev, sched_scan_req); 7160 if (err) 7161 goto out_free; 7162 7163 sched_scan_req->dev = dev; 7164 sched_scan_req->wiphy = &rdev->wiphy; 7165 7166 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 7167 sched_scan_req->owner_nlportid = info->snd_portid; 7168 7169 rcu_assign_pointer(rdev->sched_scan_req, sched_scan_req); 7170 7171 nl80211_send_sched_scan(rdev, dev, 7172 NL80211_CMD_START_SCHED_SCAN); 7173 return 0; 7174 7175 out_free: 7176 kfree(sched_scan_req); 7177 out_err: 7178 return err; 7179 } 7180 7181 static int nl80211_stop_sched_scan(struct sk_buff *skb, 7182 struct genl_info *info) 7183 { 7184 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7185 7186 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 7187 !rdev->ops->sched_scan_stop) 7188 return -EOPNOTSUPP; 7189 7190 return __cfg80211_stop_sched_scan(rdev, false); 7191 } 7192 7193 static int nl80211_start_radar_detection(struct sk_buff *skb, 7194 struct genl_info *info) 7195 { 7196 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7197 struct net_device *dev = info->user_ptr[1]; 7198 struct wireless_dev *wdev = dev->ieee80211_ptr; 7199 struct cfg80211_chan_def chandef; 7200 enum nl80211_dfs_regions dfs_region; 7201 unsigned int cac_time_ms; 7202 int err; 7203 7204 dfs_region = reg_get_dfs_region(wdev->wiphy); 7205 if (dfs_region == NL80211_DFS_UNSET) 7206 return -EINVAL; 7207 7208 err = nl80211_parse_chandef(rdev, info, &chandef); 7209 if (err) 7210 return err; 7211 7212 if (netif_carrier_ok(dev)) 7213 return -EBUSY; 7214 7215 if (wdev->cac_started) 7216 return -EBUSY; 7217 7218 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, 7219 wdev->iftype); 7220 if (err < 0) 7221 return err; 7222 7223 if (err == 0) 7224 return -EINVAL; 7225 7226 if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef)) 7227 return -EINVAL; 7228 7229 if (!rdev->ops->start_radar_detection) 7230 return -EOPNOTSUPP; 7231 7232 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef); 7233 if (WARN_ON(!cac_time_ms)) 7234 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS; 7235 7236 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms); 7237 if (!err) { 7238 wdev->chandef = chandef; 7239 wdev->cac_started = true; 7240 wdev->cac_start_time = jiffies; 7241 wdev->cac_time_ms = cac_time_ms; 7242 } 7243 return err; 7244 } 7245 7246 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info) 7247 { 7248 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7249 struct net_device *dev = info->user_ptr[1]; 7250 struct wireless_dev *wdev = dev->ieee80211_ptr; 7251 struct cfg80211_csa_settings params; 7252 /* csa_attrs is defined static to avoid waste of stack size - this 7253 * function is called under RTNL lock, so this should not be a problem. 7254 */ 7255 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1]; 7256 int err; 7257 bool need_new_beacon = false; 7258 int len, i; 7259 u32 cs_count; 7260 7261 if (!rdev->ops->channel_switch || 7262 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)) 7263 return -EOPNOTSUPP; 7264 7265 switch (dev->ieee80211_ptr->iftype) { 7266 case NL80211_IFTYPE_AP: 7267 case NL80211_IFTYPE_P2P_GO: 7268 need_new_beacon = true; 7269 7270 /* useless if AP is not running */ 7271 if (!wdev->beacon_interval) 7272 return -ENOTCONN; 7273 break; 7274 case NL80211_IFTYPE_ADHOC: 7275 if (!wdev->ssid_len) 7276 return -ENOTCONN; 7277 break; 7278 case NL80211_IFTYPE_MESH_POINT: 7279 if (!wdev->mesh_id_len) 7280 return -ENOTCONN; 7281 break; 7282 default: 7283 return -EOPNOTSUPP; 7284 } 7285 7286 memset(¶ms, 0, sizeof(params)); 7287 7288 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 7289 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]) 7290 return -EINVAL; 7291 7292 /* only important for AP, IBSS and mesh create IEs internally */ 7293 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES]) 7294 return -EINVAL; 7295 7296 /* Even though the attribute is u32, the specification says 7297 * u8, so let's make sure we don't overflow. 7298 */ 7299 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]); 7300 if (cs_count > 255) 7301 return -EINVAL; 7302 7303 params.count = cs_count; 7304 7305 if (!need_new_beacon) 7306 goto skip_beacons; 7307 7308 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon_after); 7309 if (err) 7310 return err; 7311 7312 err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX, 7313 info->attrs[NL80211_ATTR_CSA_IES], 7314 nl80211_policy); 7315 if (err) 7316 return err; 7317 7318 err = nl80211_parse_beacon(csa_attrs, ¶ms.beacon_csa); 7319 if (err) 7320 return err; 7321 7322 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]) 7323 return -EINVAL; 7324 7325 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]); 7326 if (!len || (len % sizeof(u16))) 7327 return -EINVAL; 7328 7329 params.n_counter_offsets_beacon = len / sizeof(u16); 7330 if (rdev->wiphy.max_num_csa_counters && 7331 (params.n_counter_offsets_beacon > 7332 rdev->wiphy.max_num_csa_counters)) 7333 return -EINVAL; 7334 7335 params.counter_offsets_beacon = 7336 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]); 7337 7338 /* sanity checks - counters should fit and be the same */ 7339 for (i = 0; i < params.n_counter_offsets_beacon; i++) { 7340 u16 offset = params.counter_offsets_beacon[i]; 7341 7342 if (offset >= params.beacon_csa.tail_len) 7343 return -EINVAL; 7344 7345 if (params.beacon_csa.tail[offset] != params.count) 7346 return -EINVAL; 7347 } 7348 7349 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) { 7350 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]); 7351 if (!len || (len % sizeof(u16))) 7352 return -EINVAL; 7353 7354 params.n_counter_offsets_presp = len / sizeof(u16); 7355 if (rdev->wiphy.max_num_csa_counters && 7356 (params.n_counter_offsets_presp > 7357 rdev->wiphy.max_num_csa_counters)) 7358 return -EINVAL; 7359 7360 params.counter_offsets_presp = 7361 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]); 7362 7363 /* sanity checks - counters should fit and be the same */ 7364 for (i = 0; i < params.n_counter_offsets_presp; i++) { 7365 u16 offset = params.counter_offsets_presp[i]; 7366 7367 if (offset >= params.beacon_csa.probe_resp_len) 7368 return -EINVAL; 7369 7370 if (params.beacon_csa.probe_resp[offset] != 7371 params.count) 7372 return -EINVAL; 7373 } 7374 } 7375 7376 skip_beacons: 7377 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef); 7378 if (err) 7379 return err; 7380 7381 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef, 7382 wdev->iftype)) 7383 return -EINVAL; 7384 7385 err = cfg80211_chandef_dfs_required(wdev->wiphy, 7386 ¶ms.chandef, 7387 wdev->iftype); 7388 if (err < 0) 7389 return err; 7390 7391 if (err > 0) 7392 params.radar_required = true; 7393 7394 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX]) 7395 params.block_tx = true; 7396 7397 wdev_lock(wdev); 7398 err = rdev_channel_switch(rdev, dev, ¶ms); 7399 wdev_unlock(wdev); 7400 7401 return err; 7402 } 7403 7404 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 7405 u32 seq, int flags, 7406 struct cfg80211_registered_device *rdev, 7407 struct wireless_dev *wdev, 7408 struct cfg80211_internal_bss *intbss) 7409 { 7410 struct cfg80211_bss *res = &intbss->pub; 7411 const struct cfg80211_bss_ies *ies; 7412 void *hdr; 7413 struct nlattr *bss; 7414 7415 ASSERT_WDEV_LOCK(wdev); 7416 7417 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 7418 NL80211_CMD_NEW_SCAN_RESULTS); 7419 if (!hdr) 7420 return -1; 7421 7422 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 7423 7424 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation)) 7425 goto nla_put_failure; 7426 if (wdev->netdev && 7427 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 7428 goto nla_put_failure; 7429 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 7430 NL80211_ATTR_PAD)) 7431 goto nla_put_failure; 7432 7433 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 7434 if (!bss) 7435 goto nla_put_failure; 7436 if ((!is_zero_ether_addr(res->bssid) && 7437 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid))) 7438 goto nla_put_failure; 7439 7440 rcu_read_lock(); 7441 /* indicate whether we have probe response data or not */ 7442 if (rcu_access_pointer(res->proberesp_ies) && 7443 nla_put_flag(msg, NL80211_BSS_PRESP_DATA)) 7444 goto fail_unlock_rcu; 7445 7446 /* this pointer prefers to be pointed to probe response data 7447 * but is always valid 7448 */ 7449 ies = rcu_dereference(res->ies); 7450 if (ies) { 7451 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf, 7452 NL80211_BSS_PAD)) 7453 goto fail_unlock_rcu; 7454 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS, 7455 ies->len, ies->data)) 7456 goto fail_unlock_rcu; 7457 } 7458 7459 /* and this pointer is always (unless driver didn't know) beacon data */ 7460 ies = rcu_dereference(res->beacon_ies); 7461 if (ies && ies->from_beacon) { 7462 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf, 7463 NL80211_BSS_PAD)) 7464 goto fail_unlock_rcu; 7465 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES, 7466 ies->len, ies->data)) 7467 goto fail_unlock_rcu; 7468 } 7469 rcu_read_unlock(); 7470 7471 if (res->beacon_interval && 7472 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval)) 7473 goto nla_put_failure; 7474 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) || 7475 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) || 7476 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) || 7477 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO, 7478 jiffies_to_msecs(jiffies - intbss->ts))) 7479 goto nla_put_failure; 7480 7481 if (intbss->parent_tsf && 7482 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF, 7483 intbss->parent_tsf, NL80211_BSS_PAD) || 7484 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN, 7485 intbss->parent_bssid))) 7486 goto nla_put_failure; 7487 7488 if (intbss->ts_boottime && 7489 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME, 7490 intbss->ts_boottime, NL80211_BSS_PAD)) 7491 goto nla_put_failure; 7492 7493 switch (rdev->wiphy.signal_type) { 7494 case CFG80211_SIGNAL_TYPE_MBM: 7495 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal)) 7496 goto nla_put_failure; 7497 break; 7498 case CFG80211_SIGNAL_TYPE_UNSPEC: 7499 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal)) 7500 goto nla_put_failure; 7501 break; 7502 default: 7503 break; 7504 } 7505 7506 switch (wdev->iftype) { 7507 case NL80211_IFTYPE_P2P_CLIENT: 7508 case NL80211_IFTYPE_STATION: 7509 if (intbss == wdev->current_bss && 7510 nla_put_u32(msg, NL80211_BSS_STATUS, 7511 NL80211_BSS_STATUS_ASSOCIATED)) 7512 goto nla_put_failure; 7513 break; 7514 case NL80211_IFTYPE_ADHOC: 7515 if (intbss == wdev->current_bss && 7516 nla_put_u32(msg, NL80211_BSS_STATUS, 7517 NL80211_BSS_STATUS_IBSS_JOINED)) 7518 goto nla_put_failure; 7519 break; 7520 default: 7521 break; 7522 } 7523 7524 nla_nest_end(msg, bss); 7525 7526 genlmsg_end(msg, hdr); 7527 return 0; 7528 7529 fail_unlock_rcu: 7530 rcu_read_unlock(); 7531 nla_put_failure: 7532 genlmsg_cancel(msg, hdr); 7533 return -EMSGSIZE; 7534 } 7535 7536 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb) 7537 { 7538 struct cfg80211_registered_device *rdev; 7539 struct cfg80211_internal_bss *scan; 7540 struct wireless_dev *wdev; 7541 int start = cb->args[2], idx = 0; 7542 int err; 7543 7544 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev); 7545 if (err) 7546 return err; 7547 7548 wdev_lock(wdev); 7549 spin_lock_bh(&rdev->bss_lock); 7550 cfg80211_bss_expire(rdev); 7551 7552 cb->seq = rdev->bss_generation; 7553 7554 list_for_each_entry(scan, &rdev->bss_list, list) { 7555 if (++idx <= start) 7556 continue; 7557 if (nl80211_send_bss(skb, cb, 7558 cb->nlh->nlmsg_seq, NLM_F_MULTI, 7559 rdev, wdev, scan) < 0) { 7560 idx--; 7561 break; 7562 } 7563 } 7564 7565 spin_unlock_bh(&rdev->bss_lock); 7566 wdev_unlock(wdev); 7567 7568 cb->args[2] = idx; 7569 nl80211_finish_wdev_dump(rdev); 7570 7571 return skb->len; 7572 } 7573 7574 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq, 7575 int flags, struct net_device *dev, 7576 bool allow_radio_stats, 7577 struct survey_info *survey) 7578 { 7579 void *hdr; 7580 struct nlattr *infoattr; 7581 7582 /* skip radio stats if userspace didn't request them */ 7583 if (!survey->channel && !allow_radio_stats) 7584 return 0; 7585 7586 hdr = nl80211hdr_put(msg, portid, seq, flags, 7587 NL80211_CMD_NEW_SURVEY_RESULTS); 7588 if (!hdr) 7589 return -ENOMEM; 7590 7591 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 7592 goto nla_put_failure; 7593 7594 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 7595 if (!infoattr) 7596 goto nla_put_failure; 7597 7598 if (survey->channel && 7599 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY, 7600 survey->channel->center_freq)) 7601 goto nla_put_failure; 7602 7603 if ((survey->filled & SURVEY_INFO_NOISE_DBM) && 7604 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise)) 7605 goto nla_put_failure; 7606 if ((survey->filled & SURVEY_INFO_IN_USE) && 7607 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE)) 7608 goto nla_put_failure; 7609 if ((survey->filled & SURVEY_INFO_TIME) && 7610 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME, 7611 survey->time, NL80211_SURVEY_INFO_PAD)) 7612 goto nla_put_failure; 7613 if ((survey->filled & SURVEY_INFO_TIME_BUSY) && 7614 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY, 7615 survey->time_busy, NL80211_SURVEY_INFO_PAD)) 7616 goto nla_put_failure; 7617 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) && 7618 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY, 7619 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD)) 7620 goto nla_put_failure; 7621 if ((survey->filled & SURVEY_INFO_TIME_RX) && 7622 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX, 7623 survey->time_rx, NL80211_SURVEY_INFO_PAD)) 7624 goto nla_put_failure; 7625 if ((survey->filled & SURVEY_INFO_TIME_TX) && 7626 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX, 7627 survey->time_tx, NL80211_SURVEY_INFO_PAD)) 7628 goto nla_put_failure; 7629 if ((survey->filled & SURVEY_INFO_TIME_SCAN) && 7630 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN, 7631 survey->time_scan, NL80211_SURVEY_INFO_PAD)) 7632 goto nla_put_failure; 7633 7634 nla_nest_end(msg, infoattr); 7635 7636 genlmsg_end(msg, hdr); 7637 return 0; 7638 7639 nla_put_failure: 7640 genlmsg_cancel(msg, hdr); 7641 return -EMSGSIZE; 7642 } 7643 7644 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb) 7645 { 7646 struct survey_info survey; 7647 struct cfg80211_registered_device *rdev; 7648 struct wireless_dev *wdev; 7649 int survey_idx = cb->args[2]; 7650 int res; 7651 bool radio_stats; 7652 7653 res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev); 7654 if (res) 7655 return res; 7656 7657 /* prepare_wdev_dump parsed the attributes */ 7658 radio_stats = nl80211_fam.attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS]; 7659 7660 if (!wdev->netdev) { 7661 res = -EINVAL; 7662 goto out_err; 7663 } 7664 7665 if (!rdev->ops->dump_survey) { 7666 res = -EOPNOTSUPP; 7667 goto out_err; 7668 } 7669 7670 while (1) { 7671 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey); 7672 if (res == -ENOENT) 7673 break; 7674 if (res) 7675 goto out_err; 7676 7677 /* don't send disabled channels, but do send non-channel data */ 7678 if (survey.channel && 7679 survey.channel->flags & IEEE80211_CHAN_DISABLED) { 7680 survey_idx++; 7681 continue; 7682 } 7683 7684 if (nl80211_send_survey(skb, 7685 NETLINK_CB(cb->skb).portid, 7686 cb->nlh->nlmsg_seq, NLM_F_MULTI, 7687 wdev->netdev, radio_stats, &survey) < 0) 7688 goto out; 7689 survey_idx++; 7690 } 7691 7692 out: 7693 cb->args[2] = survey_idx; 7694 res = skb->len; 7695 out_err: 7696 nl80211_finish_wdev_dump(rdev); 7697 return res; 7698 } 7699 7700 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 7701 { 7702 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 7703 NL80211_WPA_VERSION_2)); 7704 } 7705 7706 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 7707 { 7708 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7709 struct net_device *dev = info->user_ptr[1]; 7710 struct ieee80211_channel *chan; 7711 const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL; 7712 int err, ssid_len, ie_len = 0, sae_data_len = 0; 7713 enum nl80211_auth_type auth_type; 7714 struct key_parse key; 7715 bool local_state_change; 7716 7717 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 7718 return -EINVAL; 7719 7720 if (!info->attrs[NL80211_ATTR_MAC]) 7721 return -EINVAL; 7722 7723 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 7724 return -EINVAL; 7725 7726 if (!info->attrs[NL80211_ATTR_SSID]) 7727 return -EINVAL; 7728 7729 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 7730 return -EINVAL; 7731 7732 err = nl80211_parse_key(info, &key); 7733 if (err) 7734 return err; 7735 7736 if (key.idx >= 0) { 7737 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 7738 return -EINVAL; 7739 if (!key.p.key || !key.p.key_len) 7740 return -EINVAL; 7741 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 7742 key.p.key_len != WLAN_KEY_LEN_WEP40) && 7743 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 7744 key.p.key_len != WLAN_KEY_LEN_WEP104)) 7745 return -EINVAL; 7746 if (key.idx > 3) 7747 return -EINVAL; 7748 } else { 7749 key.p.key_len = 0; 7750 key.p.key = NULL; 7751 } 7752 7753 if (key.idx >= 0) { 7754 int i; 7755 bool ok = false; 7756 7757 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 7758 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 7759 ok = true; 7760 break; 7761 } 7762 } 7763 if (!ok) 7764 return -EINVAL; 7765 } 7766 7767 if (!rdev->ops->auth) 7768 return -EOPNOTSUPP; 7769 7770 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 7771 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 7772 return -EOPNOTSUPP; 7773 7774 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 7775 chan = nl80211_get_valid_chan(&rdev->wiphy, 7776 info->attrs[NL80211_ATTR_WIPHY_FREQ]); 7777 if (!chan) 7778 return -EINVAL; 7779 7780 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 7781 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 7782 7783 if (info->attrs[NL80211_ATTR_IE]) { 7784 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 7785 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 7786 } 7787 7788 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 7789 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE)) 7790 return -EINVAL; 7791 7792 if (auth_type == NL80211_AUTHTYPE_SAE && 7793 !info->attrs[NL80211_ATTR_SAE_DATA]) 7794 return -EINVAL; 7795 7796 if (info->attrs[NL80211_ATTR_SAE_DATA]) { 7797 if (auth_type != NL80211_AUTHTYPE_SAE) 7798 return -EINVAL; 7799 sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]); 7800 sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]); 7801 /* need to include at least Auth Transaction and Status Code */ 7802 if (sae_data_len < 4) 7803 return -EINVAL; 7804 } 7805 7806 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 7807 7808 /* 7809 * Since we no longer track auth state, ignore 7810 * requests to only change local state. 7811 */ 7812 if (local_state_change) 7813 return 0; 7814 7815 wdev_lock(dev->ieee80211_ptr); 7816 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 7817 ssid, ssid_len, ie, ie_len, 7818 key.p.key, key.p.key_len, key.idx, 7819 sae_data, sae_data_len); 7820 wdev_unlock(dev->ieee80211_ptr); 7821 return err; 7822 } 7823 7824 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 7825 struct genl_info *info, 7826 struct cfg80211_crypto_settings *settings, 7827 int cipher_limit) 7828 { 7829 memset(settings, 0, sizeof(*settings)); 7830 7831 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 7832 7833 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 7834 u16 proto; 7835 7836 proto = nla_get_u16( 7837 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 7838 settings->control_port_ethertype = cpu_to_be16(proto); 7839 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 7840 proto != ETH_P_PAE) 7841 return -EINVAL; 7842 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 7843 settings->control_port_no_encrypt = true; 7844 } else 7845 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 7846 7847 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 7848 void *data; 7849 int len, i; 7850 7851 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 7852 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 7853 settings->n_ciphers_pairwise = len / sizeof(u32); 7854 7855 if (len % sizeof(u32)) 7856 return -EINVAL; 7857 7858 if (settings->n_ciphers_pairwise > cipher_limit) 7859 return -EINVAL; 7860 7861 memcpy(settings->ciphers_pairwise, data, len); 7862 7863 for (i = 0; i < settings->n_ciphers_pairwise; i++) 7864 if (!cfg80211_supported_cipher_suite( 7865 &rdev->wiphy, 7866 settings->ciphers_pairwise[i])) 7867 return -EINVAL; 7868 } 7869 7870 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 7871 settings->cipher_group = 7872 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 7873 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 7874 settings->cipher_group)) 7875 return -EINVAL; 7876 } 7877 7878 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 7879 settings->wpa_versions = 7880 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 7881 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 7882 return -EINVAL; 7883 } 7884 7885 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 7886 void *data; 7887 int len; 7888 7889 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 7890 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 7891 settings->n_akm_suites = len / sizeof(u32); 7892 7893 if (len % sizeof(u32)) 7894 return -EINVAL; 7895 7896 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) 7897 return -EINVAL; 7898 7899 memcpy(settings->akm_suites, data, len); 7900 } 7901 7902 return 0; 7903 } 7904 7905 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 7906 { 7907 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7908 struct net_device *dev = info->user_ptr[1]; 7909 struct ieee80211_channel *chan; 7910 struct cfg80211_assoc_request req = {}; 7911 const u8 *bssid, *ssid; 7912 int err, ssid_len = 0; 7913 7914 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 7915 return -EINVAL; 7916 7917 if (!info->attrs[NL80211_ATTR_MAC] || 7918 !info->attrs[NL80211_ATTR_SSID] || 7919 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 7920 return -EINVAL; 7921 7922 if (!rdev->ops->assoc) 7923 return -EOPNOTSUPP; 7924 7925 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 7926 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 7927 return -EOPNOTSUPP; 7928 7929 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 7930 7931 chan = nl80211_get_valid_chan(&rdev->wiphy, 7932 info->attrs[NL80211_ATTR_WIPHY_FREQ]); 7933 if (!chan) 7934 return -EINVAL; 7935 7936 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 7937 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 7938 7939 if (info->attrs[NL80211_ATTR_IE]) { 7940 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 7941 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 7942 } 7943 7944 if (info->attrs[NL80211_ATTR_USE_MFP]) { 7945 enum nl80211_mfp mfp = 7946 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 7947 if (mfp == NL80211_MFP_REQUIRED) 7948 req.use_mfp = true; 7949 else if (mfp != NL80211_MFP_NO) 7950 return -EINVAL; 7951 } 7952 7953 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 7954 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 7955 7956 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 7957 req.flags |= ASSOC_REQ_DISABLE_HT; 7958 7959 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 7960 memcpy(&req.ht_capa_mask, 7961 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 7962 sizeof(req.ht_capa_mask)); 7963 7964 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 7965 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 7966 return -EINVAL; 7967 memcpy(&req.ht_capa, 7968 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 7969 sizeof(req.ht_capa)); 7970 } 7971 7972 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT])) 7973 req.flags |= ASSOC_REQ_DISABLE_VHT; 7974 7975 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 7976 memcpy(&req.vht_capa_mask, 7977 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]), 7978 sizeof(req.vht_capa_mask)); 7979 7980 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) { 7981 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 7982 return -EINVAL; 7983 memcpy(&req.vht_capa, 7984 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]), 7985 sizeof(req.vht_capa)); 7986 } 7987 7988 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) { 7989 if (!((rdev->wiphy.features & 7990 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) && 7991 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) && 7992 !wiphy_ext_feature_isset(&rdev->wiphy, 7993 NL80211_EXT_FEATURE_RRM)) 7994 return -EINVAL; 7995 req.flags |= ASSOC_REQ_USE_RRM; 7996 } 7997 7998 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1); 7999 if (!err) { 8000 wdev_lock(dev->ieee80211_ptr); 8001 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, 8002 ssid, ssid_len, &req); 8003 wdev_unlock(dev->ieee80211_ptr); 8004 } 8005 8006 return err; 8007 } 8008 8009 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 8010 { 8011 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8012 struct net_device *dev = info->user_ptr[1]; 8013 const u8 *ie = NULL, *bssid; 8014 int ie_len = 0, err; 8015 u16 reason_code; 8016 bool local_state_change; 8017 8018 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 8019 return -EINVAL; 8020 8021 if (!info->attrs[NL80211_ATTR_MAC]) 8022 return -EINVAL; 8023 8024 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 8025 return -EINVAL; 8026 8027 if (!rdev->ops->deauth) 8028 return -EOPNOTSUPP; 8029 8030 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 8031 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 8032 return -EOPNOTSUPP; 8033 8034 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 8035 8036 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 8037 if (reason_code == 0) { 8038 /* Reason Code 0 is reserved */ 8039 return -EINVAL; 8040 } 8041 8042 if (info->attrs[NL80211_ATTR_IE]) { 8043 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 8044 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 8045 } 8046 8047 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 8048 8049 wdev_lock(dev->ieee80211_ptr); 8050 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 8051 local_state_change); 8052 wdev_unlock(dev->ieee80211_ptr); 8053 return err; 8054 } 8055 8056 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 8057 { 8058 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8059 struct net_device *dev = info->user_ptr[1]; 8060 const u8 *ie = NULL, *bssid; 8061 int ie_len = 0, err; 8062 u16 reason_code; 8063 bool local_state_change; 8064 8065 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 8066 return -EINVAL; 8067 8068 if (!info->attrs[NL80211_ATTR_MAC]) 8069 return -EINVAL; 8070 8071 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 8072 return -EINVAL; 8073 8074 if (!rdev->ops->disassoc) 8075 return -EOPNOTSUPP; 8076 8077 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 8078 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 8079 return -EOPNOTSUPP; 8080 8081 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 8082 8083 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 8084 if (reason_code == 0) { 8085 /* Reason Code 0 is reserved */ 8086 return -EINVAL; 8087 } 8088 8089 if (info->attrs[NL80211_ATTR_IE]) { 8090 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 8091 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 8092 } 8093 8094 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 8095 8096 wdev_lock(dev->ieee80211_ptr); 8097 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 8098 local_state_change); 8099 wdev_unlock(dev->ieee80211_ptr); 8100 return err; 8101 } 8102 8103 static bool 8104 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 8105 int mcast_rate[NUM_NL80211_BANDS], 8106 int rateval) 8107 { 8108 struct wiphy *wiphy = &rdev->wiphy; 8109 bool found = false; 8110 int band, i; 8111 8112 for (band = 0; band < NUM_NL80211_BANDS; band++) { 8113 struct ieee80211_supported_band *sband; 8114 8115 sband = wiphy->bands[band]; 8116 if (!sband) 8117 continue; 8118 8119 for (i = 0; i < sband->n_bitrates; i++) { 8120 if (sband->bitrates[i].bitrate == rateval) { 8121 mcast_rate[band] = i + 1; 8122 found = true; 8123 break; 8124 } 8125 } 8126 } 8127 8128 return found; 8129 } 8130 8131 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 8132 { 8133 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8134 struct net_device *dev = info->user_ptr[1]; 8135 struct cfg80211_ibss_params ibss; 8136 struct wiphy *wiphy; 8137 struct cfg80211_cached_keys *connkeys = NULL; 8138 int err; 8139 8140 memset(&ibss, 0, sizeof(ibss)); 8141 8142 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 8143 return -EINVAL; 8144 8145 if (!info->attrs[NL80211_ATTR_SSID] || 8146 !nla_len(info->attrs[NL80211_ATTR_SSID])) 8147 return -EINVAL; 8148 8149 ibss.beacon_interval = 100; 8150 8151 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) 8152 ibss.beacon_interval = 8153 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 8154 8155 err = cfg80211_validate_beacon_int(rdev, ibss.beacon_interval); 8156 if (err) 8157 return err; 8158 8159 if (!rdev->ops->join_ibss) 8160 return -EOPNOTSUPP; 8161 8162 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 8163 return -EOPNOTSUPP; 8164 8165 wiphy = &rdev->wiphy; 8166 8167 if (info->attrs[NL80211_ATTR_MAC]) { 8168 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 8169 8170 if (!is_valid_ether_addr(ibss.bssid)) 8171 return -EINVAL; 8172 } 8173 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 8174 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 8175 8176 if (info->attrs[NL80211_ATTR_IE]) { 8177 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 8178 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 8179 } 8180 8181 err = nl80211_parse_chandef(rdev, info, &ibss.chandef); 8182 if (err) 8183 return err; 8184 8185 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef, 8186 NL80211_IFTYPE_ADHOC)) 8187 return -EINVAL; 8188 8189 switch (ibss.chandef.width) { 8190 case NL80211_CHAN_WIDTH_5: 8191 case NL80211_CHAN_WIDTH_10: 8192 case NL80211_CHAN_WIDTH_20_NOHT: 8193 break; 8194 case NL80211_CHAN_WIDTH_20: 8195 case NL80211_CHAN_WIDTH_40: 8196 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)) 8197 return -EINVAL; 8198 break; 8199 case NL80211_CHAN_WIDTH_80: 8200 case NL80211_CHAN_WIDTH_80P80: 8201 case NL80211_CHAN_WIDTH_160: 8202 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)) 8203 return -EINVAL; 8204 if (!wiphy_ext_feature_isset(&rdev->wiphy, 8205 NL80211_EXT_FEATURE_VHT_IBSS)) 8206 return -EINVAL; 8207 break; 8208 default: 8209 return -EINVAL; 8210 } 8211 8212 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 8213 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 8214 8215 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 8216 u8 *rates = 8217 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 8218 int n_rates = 8219 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 8220 struct ieee80211_supported_band *sband = 8221 wiphy->bands[ibss.chandef.chan->band]; 8222 8223 err = ieee80211_get_ratemask(sband, rates, n_rates, 8224 &ibss.basic_rates); 8225 if (err) 8226 return err; 8227 } 8228 8229 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 8230 memcpy(&ibss.ht_capa_mask, 8231 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 8232 sizeof(ibss.ht_capa_mask)); 8233 8234 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 8235 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 8236 return -EINVAL; 8237 memcpy(&ibss.ht_capa, 8238 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 8239 sizeof(ibss.ht_capa)); 8240 } 8241 8242 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 8243 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 8244 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 8245 return -EINVAL; 8246 8247 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 8248 bool no_ht = false; 8249 8250 connkeys = nl80211_parse_connkeys(rdev, 8251 info->attrs[NL80211_ATTR_KEYS], 8252 &no_ht); 8253 if (IS_ERR(connkeys)) 8254 return PTR_ERR(connkeys); 8255 8256 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) && 8257 no_ht) { 8258 kzfree(connkeys); 8259 return -EINVAL; 8260 } 8261 } 8262 8263 ibss.control_port = 8264 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 8265 8266 ibss.userspace_handles_dfs = 8267 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); 8268 8269 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 8270 if (err) 8271 kzfree(connkeys); 8272 return err; 8273 } 8274 8275 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 8276 { 8277 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8278 struct net_device *dev = info->user_ptr[1]; 8279 8280 if (!rdev->ops->leave_ibss) 8281 return -EOPNOTSUPP; 8282 8283 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 8284 return -EOPNOTSUPP; 8285 8286 return cfg80211_leave_ibss(rdev, dev, false); 8287 } 8288 8289 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info) 8290 { 8291 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8292 struct net_device *dev = info->user_ptr[1]; 8293 int mcast_rate[NUM_NL80211_BANDS]; 8294 u32 nla_rate; 8295 int err; 8296 8297 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 8298 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 8299 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB) 8300 return -EOPNOTSUPP; 8301 8302 if (!rdev->ops->set_mcast_rate) 8303 return -EOPNOTSUPP; 8304 8305 memset(mcast_rate, 0, sizeof(mcast_rate)); 8306 8307 if (!info->attrs[NL80211_ATTR_MCAST_RATE]) 8308 return -EINVAL; 8309 8310 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]); 8311 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate)) 8312 return -EINVAL; 8313 8314 err = rdev_set_mcast_rate(rdev, dev, mcast_rate); 8315 8316 return err; 8317 } 8318 8319 static struct sk_buff * 8320 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev, 8321 struct wireless_dev *wdev, int approxlen, 8322 u32 portid, u32 seq, enum nl80211_commands cmd, 8323 enum nl80211_attrs attr, 8324 const struct nl80211_vendor_cmd_info *info, 8325 gfp_t gfp) 8326 { 8327 struct sk_buff *skb; 8328 void *hdr; 8329 struct nlattr *data; 8330 8331 skb = nlmsg_new(approxlen + 100, gfp); 8332 if (!skb) 8333 return NULL; 8334 8335 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd); 8336 if (!hdr) { 8337 kfree_skb(skb); 8338 return NULL; 8339 } 8340 8341 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 8342 goto nla_put_failure; 8343 8344 if (info) { 8345 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID, 8346 info->vendor_id)) 8347 goto nla_put_failure; 8348 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD, 8349 info->subcmd)) 8350 goto nla_put_failure; 8351 } 8352 8353 if (wdev) { 8354 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV, 8355 wdev_id(wdev), NL80211_ATTR_PAD)) 8356 goto nla_put_failure; 8357 if (wdev->netdev && 8358 nla_put_u32(skb, NL80211_ATTR_IFINDEX, 8359 wdev->netdev->ifindex)) 8360 goto nla_put_failure; 8361 } 8362 8363 data = nla_nest_start(skb, attr); 8364 if (!data) 8365 goto nla_put_failure; 8366 8367 ((void **)skb->cb)[0] = rdev; 8368 ((void **)skb->cb)[1] = hdr; 8369 ((void **)skb->cb)[2] = data; 8370 8371 return skb; 8372 8373 nla_put_failure: 8374 kfree_skb(skb); 8375 return NULL; 8376 } 8377 8378 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy, 8379 struct wireless_dev *wdev, 8380 enum nl80211_commands cmd, 8381 enum nl80211_attrs attr, 8382 int vendor_event_idx, 8383 int approxlen, gfp_t gfp) 8384 { 8385 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 8386 const struct nl80211_vendor_cmd_info *info; 8387 8388 switch (cmd) { 8389 case NL80211_CMD_TESTMODE: 8390 if (WARN_ON(vendor_event_idx != -1)) 8391 return NULL; 8392 info = NULL; 8393 break; 8394 case NL80211_CMD_VENDOR: 8395 if (WARN_ON(vendor_event_idx < 0 || 8396 vendor_event_idx >= wiphy->n_vendor_events)) 8397 return NULL; 8398 info = &wiphy->vendor_events[vendor_event_idx]; 8399 break; 8400 default: 8401 WARN_ON(1); 8402 return NULL; 8403 } 8404 8405 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0, 8406 cmd, attr, info, gfp); 8407 } 8408 EXPORT_SYMBOL(__cfg80211_alloc_event_skb); 8409 8410 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp) 8411 { 8412 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 8413 void *hdr = ((void **)skb->cb)[1]; 8414 struct nlattr *data = ((void **)skb->cb)[2]; 8415 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE; 8416 8417 /* clear CB data for netlink core to own from now on */ 8418 memset(skb->cb, 0, sizeof(skb->cb)); 8419 8420 nla_nest_end(skb, data); 8421 genlmsg_end(skb, hdr); 8422 8423 if (data->nla_type == NL80211_ATTR_VENDOR_DATA) 8424 mcgrp = NL80211_MCGRP_VENDOR; 8425 8426 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0, 8427 mcgrp, gfp); 8428 } 8429 EXPORT_SYMBOL(__cfg80211_send_event_skb); 8430 8431 #ifdef CONFIG_NL80211_TESTMODE 8432 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 8433 { 8434 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8435 struct wireless_dev *wdev = 8436 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs); 8437 int err; 8438 8439 if (!rdev->ops->testmode_cmd) 8440 return -EOPNOTSUPP; 8441 8442 if (IS_ERR(wdev)) { 8443 err = PTR_ERR(wdev); 8444 if (err != -EINVAL) 8445 return err; 8446 wdev = NULL; 8447 } else if (wdev->wiphy != &rdev->wiphy) { 8448 return -EINVAL; 8449 } 8450 8451 if (!info->attrs[NL80211_ATTR_TESTDATA]) 8452 return -EINVAL; 8453 8454 rdev->cur_cmd_info = info; 8455 err = rdev_testmode_cmd(rdev, wdev, 8456 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 8457 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 8458 rdev->cur_cmd_info = NULL; 8459 8460 return err; 8461 } 8462 8463 static int nl80211_testmode_dump(struct sk_buff *skb, 8464 struct netlink_callback *cb) 8465 { 8466 struct cfg80211_registered_device *rdev; 8467 int err; 8468 long phy_idx; 8469 void *data = NULL; 8470 int data_len = 0; 8471 8472 rtnl_lock(); 8473 8474 if (cb->args[0]) { 8475 /* 8476 * 0 is a valid index, but not valid for args[0], 8477 * so we need to offset by 1. 8478 */ 8479 phy_idx = cb->args[0] - 1; 8480 } else { 8481 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 8482 nl80211_fam.attrbuf, nl80211_fam.maxattr, 8483 nl80211_policy); 8484 if (err) 8485 goto out_err; 8486 8487 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), 8488 nl80211_fam.attrbuf); 8489 if (IS_ERR(rdev)) { 8490 err = PTR_ERR(rdev); 8491 goto out_err; 8492 } 8493 phy_idx = rdev->wiphy_idx; 8494 rdev = NULL; 8495 8496 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]) 8497 cb->args[1] = 8498 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]; 8499 } 8500 8501 if (cb->args[1]) { 8502 data = nla_data((void *)cb->args[1]); 8503 data_len = nla_len((void *)cb->args[1]); 8504 } 8505 8506 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 8507 if (!rdev) { 8508 err = -ENOENT; 8509 goto out_err; 8510 } 8511 8512 if (!rdev->ops->testmode_dump) { 8513 err = -EOPNOTSUPP; 8514 goto out_err; 8515 } 8516 8517 while (1) { 8518 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 8519 cb->nlh->nlmsg_seq, NLM_F_MULTI, 8520 NL80211_CMD_TESTMODE); 8521 struct nlattr *tmdata; 8522 8523 if (!hdr) 8524 break; 8525 8526 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 8527 genlmsg_cancel(skb, hdr); 8528 break; 8529 } 8530 8531 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 8532 if (!tmdata) { 8533 genlmsg_cancel(skb, hdr); 8534 break; 8535 } 8536 err = rdev_testmode_dump(rdev, skb, cb, data, data_len); 8537 nla_nest_end(skb, tmdata); 8538 8539 if (err == -ENOBUFS || err == -ENOENT) { 8540 genlmsg_cancel(skb, hdr); 8541 break; 8542 } else if (err) { 8543 genlmsg_cancel(skb, hdr); 8544 goto out_err; 8545 } 8546 8547 genlmsg_end(skb, hdr); 8548 } 8549 8550 err = skb->len; 8551 /* see above */ 8552 cb->args[0] = phy_idx + 1; 8553 out_err: 8554 rtnl_unlock(); 8555 return err; 8556 } 8557 #endif 8558 8559 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 8560 { 8561 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8562 struct net_device *dev = info->user_ptr[1]; 8563 struct cfg80211_connect_params connect; 8564 struct wiphy *wiphy; 8565 struct cfg80211_cached_keys *connkeys = NULL; 8566 int err; 8567 8568 memset(&connect, 0, sizeof(connect)); 8569 8570 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 8571 return -EINVAL; 8572 8573 if (!info->attrs[NL80211_ATTR_SSID] || 8574 !nla_len(info->attrs[NL80211_ATTR_SSID])) 8575 return -EINVAL; 8576 8577 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 8578 connect.auth_type = 8579 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 8580 if (!nl80211_valid_auth_type(rdev, connect.auth_type, 8581 NL80211_CMD_CONNECT)) 8582 return -EINVAL; 8583 } else 8584 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 8585 8586 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 8587 8588 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 8589 NL80211_MAX_NR_CIPHER_SUITES); 8590 if (err) 8591 return err; 8592 8593 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 8594 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 8595 return -EOPNOTSUPP; 8596 8597 wiphy = &rdev->wiphy; 8598 8599 connect.bg_scan_period = -1; 8600 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 8601 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 8602 connect.bg_scan_period = 8603 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 8604 } 8605 8606 if (info->attrs[NL80211_ATTR_MAC]) 8607 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 8608 else if (info->attrs[NL80211_ATTR_MAC_HINT]) 8609 connect.bssid_hint = 8610 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]); 8611 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 8612 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 8613 8614 if (info->attrs[NL80211_ATTR_IE]) { 8615 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 8616 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 8617 } 8618 8619 if (info->attrs[NL80211_ATTR_USE_MFP]) { 8620 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 8621 if (connect.mfp != NL80211_MFP_REQUIRED && 8622 connect.mfp != NL80211_MFP_NO) 8623 return -EINVAL; 8624 } else { 8625 connect.mfp = NL80211_MFP_NO; 8626 } 8627 8628 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 8629 connect.prev_bssid = 8630 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 8631 8632 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 8633 connect.channel = nl80211_get_valid_chan( 8634 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]); 8635 if (!connect.channel) 8636 return -EINVAL; 8637 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) { 8638 connect.channel_hint = nl80211_get_valid_chan( 8639 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]); 8640 if (!connect.channel_hint) 8641 return -EINVAL; 8642 } 8643 8644 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 8645 connkeys = nl80211_parse_connkeys(rdev, 8646 info->attrs[NL80211_ATTR_KEYS], NULL); 8647 if (IS_ERR(connkeys)) 8648 return PTR_ERR(connkeys); 8649 } 8650 8651 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 8652 connect.flags |= ASSOC_REQ_DISABLE_HT; 8653 8654 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 8655 memcpy(&connect.ht_capa_mask, 8656 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 8657 sizeof(connect.ht_capa_mask)); 8658 8659 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 8660 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) { 8661 kzfree(connkeys); 8662 return -EINVAL; 8663 } 8664 memcpy(&connect.ht_capa, 8665 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 8666 sizeof(connect.ht_capa)); 8667 } 8668 8669 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT])) 8670 connect.flags |= ASSOC_REQ_DISABLE_VHT; 8671 8672 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 8673 memcpy(&connect.vht_capa_mask, 8674 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]), 8675 sizeof(connect.vht_capa_mask)); 8676 8677 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) { 8678 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) { 8679 kzfree(connkeys); 8680 return -EINVAL; 8681 } 8682 memcpy(&connect.vht_capa, 8683 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]), 8684 sizeof(connect.vht_capa)); 8685 } 8686 8687 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) { 8688 if (!((rdev->wiphy.features & 8689 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) && 8690 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) && 8691 !wiphy_ext_feature_isset(&rdev->wiphy, 8692 NL80211_EXT_FEATURE_RRM)) { 8693 kzfree(connkeys); 8694 return -EINVAL; 8695 } 8696 connect.flags |= ASSOC_REQ_USE_RRM; 8697 } 8698 8699 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]); 8700 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) { 8701 kzfree(connkeys); 8702 return -EOPNOTSUPP; 8703 } 8704 8705 if (info->attrs[NL80211_ATTR_BSS_SELECT]) { 8706 /* bss selection makes no sense if bssid is set */ 8707 if (connect.bssid) { 8708 kzfree(connkeys); 8709 return -EINVAL; 8710 } 8711 8712 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT], 8713 wiphy, &connect.bss_select); 8714 if (err) { 8715 kzfree(connkeys); 8716 return err; 8717 } 8718 } 8719 8720 wdev_lock(dev->ieee80211_ptr); 8721 err = cfg80211_connect(rdev, dev, &connect, connkeys, 8722 connect.prev_bssid); 8723 wdev_unlock(dev->ieee80211_ptr); 8724 if (err) 8725 kzfree(connkeys); 8726 return err; 8727 } 8728 8729 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 8730 { 8731 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8732 struct net_device *dev = info->user_ptr[1]; 8733 u16 reason; 8734 int ret; 8735 8736 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 8737 reason = WLAN_REASON_DEAUTH_LEAVING; 8738 else 8739 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 8740 8741 if (reason == 0) 8742 return -EINVAL; 8743 8744 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 8745 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 8746 return -EOPNOTSUPP; 8747 8748 wdev_lock(dev->ieee80211_ptr); 8749 ret = cfg80211_disconnect(rdev, dev, reason, true); 8750 wdev_unlock(dev->ieee80211_ptr); 8751 return ret; 8752 } 8753 8754 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 8755 { 8756 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8757 struct net *net; 8758 int err; 8759 8760 if (info->attrs[NL80211_ATTR_PID]) { 8761 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 8762 8763 net = get_net_ns_by_pid(pid); 8764 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) { 8765 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]); 8766 8767 net = get_net_ns_by_fd(fd); 8768 } else { 8769 return -EINVAL; 8770 } 8771 8772 if (IS_ERR(net)) 8773 return PTR_ERR(net); 8774 8775 err = 0; 8776 8777 /* check if anything to do */ 8778 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 8779 err = cfg80211_switch_netns(rdev, net); 8780 8781 put_net(net); 8782 return err; 8783 } 8784 8785 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 8786 { 8787 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8788 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 8789 struct cfg80211_pmksa *pmksa) = NULL; 8790 struct net_device *dev = info->user_ptr[1]; 8791 struct cfg80211_pmksa pmksa; 8792 8793 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 8794 8795 if (!info->attrs[NL80211_ATTR_MAC]) 8796 return -EINVAL; 8797 8798 if (!info->attrs[NL80211_ATTR_PMKID]) 8799 return -EINVAL; 8800 8801 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 8802 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 8803 8804 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 8805 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 8806 return -EOPNOTSUPP; 8807 8808 switch (info->genlhdr->cmd) { 8809 case NL80211_CMD_SET_PMKSA: 8810 rdev_ops = rdev->ops->set_pmksa; 8811 break; 8812 case NL80211_CMD_DEL_PMKSA: 8813 rdev_ops = rdev->ops->del_pmksa; 8814 break; 8815 default: 8816 WARN_ON(1); 8817 break; 8818 } 8819 8820 if (!rdev_ops) 8821 return -EOPNOTSUPP; 8822 8823 return rdev_ops(&rdev->wiphy, dev, &pmksa); 8824 } 8825 8826 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 8827 { 8828 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8829 struct net_device *dev = info->user_ptr[1]; 8830 8831 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 8832 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 8833 return -EOPNOTSUPP; 8834 8835 if (!rdev->ops->flush_pmksa) 8836 return -EOPNOTSUPP; 8837 8838 return rdev_flush_pmksa(rdev, dev); 8839 } 8840 8841 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 8842 { 8843 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8844 struct net_device *dev = info->user_ptr[1]; 8845 u8 action_code, dialog_token; 8846 u32 peer_capability = 0; 8847 u16 status_code; 8848 u8 *peer; 8849 bool initiator; 8850 8851 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 8852 !rdev->ops->tdls_mgmt) 8853 return -EOPNOTSUPP; 8854 8855 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 8856 !info->attrs[NL80211_ATTR_STATUS_CODE] || 8857 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 8858 !info->attrs[NL80211_ATTR_IE] || 8859 !info->attrs[NL80211_ATTR_MAC]) 8860 return -EINVAL; 8861 8862 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 8863 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 8864 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 8865 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 8866 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]); 8867 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]) 8868 peer_capability = 8869 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]); 8870 8871 return rdev_tdls_mgmt(rdev, dev, peer, action_code, 8872 dialog_token, status_code, peer_capability, 8873 initiator, 8874 nla_data(info->attrs[NL80211_ATTR_IE]), 8875 nla_len(info->attrs[NL80211_ATTR_IE])); 8876 } 8877 8878 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 8879 { 8880 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8881 struct net_device *dev = info->user_ptr[1]; 8882 enum nl80211_tdls_operation operation; 8883 u8 *peer; 8884 8885 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 8886 !rdev->ops->tdls_oper) 8887 return -EOPNOTSUPP; 8888 8889 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 8890 !info->attrs[NL80211_ATTR_MAC]) 8891 return -EINVAL; 8892 8893 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 8894 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 8895 8896 return rdev_tdls_oper(rdev, dev, peer, operation); 8897 } 8898 8899 static int nl80211_remain_on_channel(struct sk_buff *skb, 8900 struct genl_info *info) 8901 { 8902 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8903 struct wireless_dev *wdev = info->user_ptr[1]; 8904 struct cfg80211_chan_def chandef; 8905 struct sk_buff *msg; 8906 void *hdr; 8907 u64 cookie; 8908 u32 duration; 8909 int err; 8910 8911 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 8912 !info->attrs[NL80211_ATTR_DURATION]) 8913 return -EINVAL; 8914 8915 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 8916 8917 if (!rdev->ops->remain_on_channel || 8918 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 8919 return -EOPNOTSUPP; 8920 8921 /* 8922 * We should be on that channel for at least a minimum amount of 8923 * time (10ms) but no longer than the driver supports. 8924 */ 8925 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 8926 duration > rdev->wiphy.max_remain_on_channel_duration) 8927 return -EINVAL; 8928 8929 err = nl80211_parse_chandef(rdev, info, &chandef); 8930 if (err) 8931 return err; 8932 8933 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8934 if (!msg) 8935 return -ENOMEM; 8936 8937 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 8938 NL80211_CMD_REMAIN_ON_CHANNEL); 8939 if (!hdr) { 8940 err = -ENOBUFS; 8941 goto free_msg; 8942 } 8943 8944 err = rdev_remain_on_channel(rdev, wdev, chandef.chan, 8945 duration, &cookie); 8946 8947 if (err) 8948 goto free_msg; 8949 8950 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 8951 NL80211_ATTR_PAD)) 8952 goto nla_put_failure; 8953 8954 genlmsg_end(msg, hdr); 8955 8956 return genlmsg_reply(msg, info); 8957 8958 nla_put_failure: 8959 err = -ENOBUFS; 8960 free_msg: 8961 nlmsg_free(msg); 8962 return err; 8963 } 8964 8965 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 8966 struct genl_info *info) 8967 { 8968 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8969 struct wireless_dev *wdev = info->user_ptr[1]; 8970 u64 cookie; 8971 8972 if (!info->attrs[NL80211_ATTR_COOKIE]) 8973 return -EINVAL; 8974 8975 if (!rdev->ops->cancel_remain_on_channel) 8976 return -EOPNOTSUPP; 8977 8978 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 8979 8980 return rdev_cancel_remain_on_channel(rdev, wdev, cookie); 8981 } 8982 8983 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 8984 struct genl_info *info) 8985 { 8986 struct cfg80211_bitrate_mask mask; 8987 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8988 struct net_device *dev = info->user_ptr[1]; 8989 int err; 8990 8991 if (!rdev->ops->set_bitrate_mask) 8992 return -EOPNOTSUPP; 8993 8994 err = nl80211_parse_tx_bitrate_mask(info, &mask); 8995 if (err) 8996 return err; 8997 8998 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask); 8999 } 9000 9001 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 9002 { 9003 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9004 struct wireless_dev *wdev = info->user_ptr[1]; 9005 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 9006 9007 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 9008 return -EINVAL; 9009 9010 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 9011 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 9012 9013 switch (wdev->iftype) { 9014 case NL80211_IFTYPE_STATION: 9015 case NL80211_IFTYPE_ADHOC: 9016 case NL80211_IFTYPE_P2P_CLIENT: 9017 case NL80211_IFTYPE_AP: 9018 case NL80211_IFTYPE_AP_VLAN: 9019 case NL80211_IFTYPE_MESH_POINT: 9020 case NL80211_IFTYPE_P2P_GO: 9021 case NL80211_IFTYPE_P2P_DEVICE: 9022 break; 9023 case NL80211_IFTYPE_NAN: 9024 default: 9025 return -EOPNOTSUPP; 9026 } 9027 9028 /* not much point in registering if we can't reply */ 9029 if (!rdev->ops->mgmt_tx) 9030 return -EOPNOTSUPP; 9031 9032 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type, 9033 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 9034 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 9035 } 9036 9037 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 9038 { 9039 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9040 struct wireless_dev *wdev = info->user_ptr[1]; 9041 struct cfg80211_chan_def chandef; 9042 int err; 9043 void *hdr = NULL; 9044 u64 cookie; 9045 struct sk_buff *msg = NULL; 9046 struct cfg80211_mgmt_tx_params params = { 9047 .dont_wait_for_ack = 9048 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK], 9049 }; 9050 9051 if (!info->attrs[NL80211_ATTR_FRAME]) 9052 return -EINVAL; 9053 9054 if (!rdev->ops->mgmt_tx) 9055 return -EOPNOTSUPP; 9056 9057 switch (wdev->iftype) { 9058 case NL80211_IFTYPE_P2P_DEVICE: 9059 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 9060 return -EINVAL; 9061 case NL80211_IFTYPE_STATION: 9062 case NL80211_IFTYPE_ADHOC: 9063 case NL80211_IFTYPE_P2P_CLIENT: 9064 case NL80211_IFTYPE_AP: 9065 case NL80211_IFTYPE_AP_VLAN: 9066 case NL80211_IFTYPE_MESH_POINT: 9067 case NL80211_IFTYPE_P2P_GO: 9068 break; 9069 case NL80211_IFTYPE_NAN: 9070 default: 9071 return -EOPNOTSUPP; 9072 } 9073 9074 if (info->attrs[NL80211_ATTR_DURATION]) { 9075 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 9076 return -EINVAL; 9077 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 9078 9079 /* 9080 * We should wait on the channel for at least a minimum amount 9081 * of time (10ms) but no longer than the driver supports. 9082 */ 9083 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 9084 params.wait > rdev->wiphy.max_remain_on_channel_duration) 9085 return -EINVAL; 9086 } 9087 9088 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 9089 9090 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 9091 return -EINVAL; 9092 9093 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 9094 9095 /* get the channel if any has been specified, otherwise pass NULL to 9096 * the driver. The latter will use the current one 9097 */ 9098 chandef.chan = NULL; 9099 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 9100 err = nl80211_parse_chandef(rdev, info, &chandef); 9101 if (err) 9102 return err; 9103 } 9104 9105 if (!chandef.chan && params.offchan) 9106 return -EINVAL; 9107 9108 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); 9109 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]); 9110 9111 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) { 9112 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]); 9113 int i; 9114 9115 if (len % sizeof(u16)) 9116 return -EINVAL; 9117 9118 params.n_csa_offsets = len / sizeof(u16); 9119 params.csa_offsets = 9120 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]); 9121 9122 /* check that all the offsets fit the frame */ 9123 for (i = 0; i < params.n_csa_offsets; i++) { 9124 if (params.csa_offsets[i] >= params.len) 9125 return -EINVAL; 9126 } 9127 } 9128 9129 if (!params.dont_wait_for_ack) { 9130 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 9131 if (!msg) 9132 return -ENOMEM; 9133 9134 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 9135 NL80211_CMD_FRAME); 9136 if (!hdr) { 9137 err = -ENOBUFS; 9138 goto free_msg; 9139 } 9140 } 9141 9142 params.chan = chandef.chan; 9143 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie); 9144 if (err) 9145 goto free_msg; 9146 9147 if (msg) { 9148 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 9149 NL80211_ATTR_PAD)) 9150 goto nla_put_failure; 9151 9152 genlmsg_end(msg, hdr); 9153 return genlmsg_reply(msg, info); 9154 } 9155 9156 return 0; 9157 9158 nla_put_failure: 9159 err = -ENOBUFS; 9160 free_msg: 9161 nlmsg_free(msg); 9162 return err; 9163 } 9164 9165 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 9166 { 9167 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9168 struct wireless_dev *wdev = info->user_ptr[1]; 9169 u64 cookie; 9170 9171 if (!info->attrs[NL80211_ATTR_COOKIE]) 9172 return -EINVAL; 9173 9174 if (!rdev->ops->mgmt_tx_cancel_wait) 9175 return -EOPNOTSUPP; 9176 9177 switch (wdev->iftype) { 9178 case NL80211_IFTYPE_STATION: 9179 case NL80211_IFTYPE_ADHOC: 9180 case NL80211_IFTYPE_P2P_CLIENT: 9181 case NL80211_IFTYPE_AP: 9182 case NL80211_IFTYPE_AP_VLAN: 9183 case NL80211_IFTYPE_P2P_GO: 9184 case NL80211_IFTYPE_P2P_DEVICE: 9185 break; 9186 case NL80211_IFTYPE_NAN: 9187 default: 9188 return -EOPNOTSUPP; 9189 } 9190 9191 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 9192 9193 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie); 9194 } 9195 9196 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 9197 { 9198 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9199 struct wireless_dev *wdev; 9200 struct net_device *dev = info->user_ptr[1]; 9201 u8 ps_state; 9202 bool state; 9203 int err; 9204 9205 if (!info->attrs[NL80211_ATTR_PS_STATE]) 9206 return -EINVAL; 9207 9208 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 9209 9210 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) 9211 return -EINVAL; 9212 9213 wdev = dev->ieee80211_ptr; 9214 9215 if (!rdev->ops->set_power_mgmt) 9216 return -EOPNOTSUPP; 9217 9218 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 9219 9220 if (state == wdev->ps) 9221 return 0; 9222 9223 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout); 9224 if (!err) 9225 wdev->ps = state; 9226 return err; 9227 } 9228 9229 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 9230 { 9231 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9232 enum nl80211_ps_state ps_state; 9233 struct wireless_dev *wdev; 9234 struct net_device *dev = info->user_ptr[1]; 9235 struct sk_buff *msg; 9236 void *hdr; 9237 int err; 9238 9239 wdev = dev->ieee80211_ptr; 9240 9241 if (!rdev->ops->set_power_mgmt) 9242 return -EOPNOTSUPP; 9243 9244 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 9245 if (!msg) 9246 return -ENOMEM; 9247 9248 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 9249 NL80211_CMD_GET_POWER_SAVE); 9250 if (!hdr) { 9251 err = -ENOBUFS; 9252 goto free_msg; 9253 } 9254 9255 if (wdev->ps) 9256 ps_state = NL80211_PS_ENABLED; 9257 else 9258 ps_state = NL80211_PS_DISABLED; 9259 9260 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state)) 9261 goto nla_put_failure; 9262 9263 genlmsg_end(msg, hdr); 9264 return genlmsg_reply(msg, info); 9265 9266 nla_put_failure: 9267 err = -ENOBUFS; 9268 free_msg: 9269 nlmsg_free(msg); 9270 return err; 9271 } 9272 9273 static const struct nla_policy 9274 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 9275 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 9276 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 9277 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 9278 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 }, 9279 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 }, 9280 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 }, 9281 }; 9282 9283 static int nl80211_set_cqm_txe(struct genl_info *info, 9284 u32 rate, u32 pkts, u32 intvl) 9285 { 9286 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9287 struct net_device *dev = info->user_ptr[1]; 9288 struct wireless_dev *wdev = dev->ieee80211_ptr; 9289 9290 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL) 9291 return -EINVAL; 9292 9293 if (!rdev->ops->set_cqm_txe_config) 9294 return -EOPNOTSUPP; 9295 9296 if (wdev->iftype != NL80211_IFTYPE_STATION && 9297 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 9298 return -EOPNOTSUPP; 9299 9300 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl); 9301 } 9302 9303 static int nl80211_set_cqm_rssi(struct genl_info *info, 9304 s32 threshold, u32 hysteresis) 9305 { 9306 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9307 struct net_device *dev = info->user_ptr[1]; 9308 struct wireless_dev *wdev = dev->ieee80211_ptr; 9309 9310 if (threshold > 0) 9311 return -EINVAL; 9312 9313 /* disabling - hysteresis should also be zero then */ 9314 if (threshold == 0) 9315 hysteresis = 0; 9316 9317 if (!rdev->ops->set_cqm_rssi_config) 9318 return -EOPNOTSUPP; 9319 9320 if (wdev->iftype != NL80211_IFTYPE_STATION && 9321 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 9322 return -EOPNOTSUPP; 9323 9324 return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis); 9325 } 9326 9327 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 9328 { 9329 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 9330 struct nlattr *cqm; 9331 int err; 9332 9333 cqm = info->attrs[NL80211_ATTR_CQM]; 9334 if (!cqm) 9335 return -EINVAL; 9336 9337 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 9338 nl80211_attr_cqm_policy); 9339 if (err) 9340 return err; 9341 9342 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 9343 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 9344 s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 9345 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 9346 9347 return nl80211_set_cqm_rssi(info, threshold, hysteresis); 9348 } 9349 9350 if (attrs[NL80211_ATTR_CQM_TXE_RATE] && 9351 attrs[NL80211_ATTR_CQM_TXE_PKTS] && 9352 attrs[NL80211_ATTR_CQM_TXE_INTVL]) { 9353 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]); 9354 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]); 9355 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]); 9356 9357 return nl80211_set_cqm_txe(info, rate, pkts, intvl); 9358 } 9359 9360 return -EINVAL; 9361 } 9362 9363 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info) 9364 { 9365 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9366 struct net_device *dev = info->user_ptr[1]; 9367 struct ocb_setup setup = {}; 9368 int err; 9369 9370 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 9371 if (err) 9372 return err; 9373 9374 return cfg80211_join_ocb(rdev, dev, &setup); 9375 } 9376 9377 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info) 9378 { 9379 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9380 struct net_device *dev = info->user_ptr[1]; 9381 9382 return cfg80211_leave_ocb(rdev, dev); 9383 } 9384 9385 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 9386 { 9387 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9388 struct net_device *dev = info->user_ptr[1]; 9389 struct mesh_config cfg; 9390 struct mesh_setup setup; 9391 int err; 9392 9393 /* start with default */ 9394 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 9395 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 9396 9397 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 9398 /* and parse parameters if given */ 9399 err = nl80211_parse_mesh_config(info, &cfg, NULL); 9400 if (err) 9401 return err; 9402 } 9403 9404 if (!info->attrs[NL80211_ATTR_MESH_ID] || 9405 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 9406 return -EINVAL; 9407 9408 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 9409 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 9410 9411 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 9412 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 9413 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 9414 return -EINVAL; 9415 9416 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 9417 setup.beacon_interval = 9418 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 9419 9420 err = cfg80211_validate_beacon_int(rdev, setup.beacon_interval); 9421 if (err) 9422 return err; 9423 } 9424 9425 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) { 9426 setup.dtim_period = 9427 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 9428 if (setup.dtim_period < 1 || setup.dtim_period > 100) 9429 return -EINVAL; 9430 } 9431 9432 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 9433 /* parse additional setup parameters if given */ 9434 err = nl80211_parse_mesh_setup(info, &setup); 9435 if (err) 9436 return err; 9437 } 9438 9439 if (setup.user_mpm) 9440 cfg.auto_open_plinks = false; 9441 9442 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 9443 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 9444 if (err) 9445 return err; 9446 } else { 9447 /* cfg80211_join_mesh() will sort it out */ 9448 setup.chandef.chan = NULL; 9449 } 9450 9451 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 9452 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 9453 int n_rates = 9454 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 9455 struct ieee80211_supported_band *sband; 9456 9457 if (!setup.chandef.chan) 9458 return -EINVAL; 9459 9460 sband = rdev->wiphy.bands[setup.chandef.chan->band]; 9461 9462 err = ieee80211_get_ratemask(sband, rates, n_rates, 9463 &setup.basic_rates); 9464 if (err) 9465 return err; 9466 } 9467 9468 if (info->attrs[NL80211_ATTR_TX_RATES]) { 9469 err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate); 9470 if (err) 9471 return err; 9472 9473 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band, 9474 &setup.beacon_rate); 9475 if (err) 9476 return err; 9477 } 9478 9479 return cfg80211_join_mesh(rdev, dev, &setup, &cfg); 9480 } 9481 9482 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 9483 { 9484 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9485 struct net_device *dev = info->user_ptr[1]; 9486 9487 return cfg80211_leave_mesh(rdev, dev); 9488 } 9489 9490 #ifdef CONFIG_PM 9491 static int nl80211_send_wowlan_patterns(struct sk_buff *msg, 9492 struct cfg80211_registered_device *rdev) 9493 { 9494 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config; 9495 struct nlattr *nl_pats, *nl_pat; 9496 int i, pat_len; 9497 9498 if (!wowlan->n_patterns) 9499 return 0; 9500 9501 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN); 9502 if (!nl_pats) 9503 return -ENOBUFS; 9504 9505 for (i = 0; i < wowlan->n_patterns; i++) { 9506 nl_pat = nla_nest_start(msg, i + 1); 9507 if (!nl_pat) 9508 return -ENOBUFS; 9509 pat_len = wowlan->patterns[i].pattern_len; 9510 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8), 9511 wowlan->patterns[i].mask) || 9512 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len, 9513 wowlan->patterns[i].pattern) || 9514 nla_put_u32(msg, NL80211_PKTPAT_OFFSET, 9515 wowlan->patterns[i].pkt_offset)) 9516 return -ENOBUFS; 9517 nla_nest_end(msg, nl_pat); 9518 } 9519 nla_nest_end(msg, nl_pats); 9520 9521 return 0; 9522 } 9523 9524 static int nl80211_send_wowlan_tcp(struct sk_buff *msg, 9525 struct cfg80211_wowlan_tcp *tcp) 9526 { 9527 struct nlattr *nl_tcp; 9528 9529 if (!tcp) 9530 return 0; 9531 9532 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION); 9533 if (!nl_tcp) 9534 return -ENOBUFS; 9535 9536 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) || 9537 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) || 9538 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) || 9539 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) || 9540 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) || 9541 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 9542 tcp->payload_len, tcp->payload) || 9543 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 9544 tcp->data_interval) || 9545 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 9546 tcp->wake_len, tcp->wake_data) || 9547 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK, 9548 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask)) 9549 return -ENOBUFS; 9550 9551 if (tcp->payload_seq.len && 9552 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ, 9553 sizeof(tcp->payload_seq), &tcp->payload_seq)) 9554 return -ENOBUFS; 9555 9556 if (tcp->payload_tok.len && 9557 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 9558 sizeof(tcp->payload_tok) + tcp->tokens_size, 9559 &tcp->payload_tok)) 9560 return -ENOBUFS; 9561 9562 nla_nest_end(msg, nl_tcp); 9563 9564 return 0; 9565 } 9566 9567 static int nl80211_send_wowlan_nd(struct sk_buff *msg, 9568 struct cfg80211_sched_scan_request *req) 9569 { 9570 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan; 9571 int i; 9572 9573 if (!req) 9574 return 0; 9575 9576 nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT); 9577 if (!nd) 9578 return -ENOBUFS; 9579 9580 if (req->n_scan_plans == 1 && 9581 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, 9582 req->scan_plans[0].interval * 1000)) 9583 return -ENOBUFS; 9584 9585 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay)) 9586 return -ENOBUFS; 9587 9588 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 9589 if (!freqs) 9590 return -ENOBUFS; 9591 9592 for (i = 0; i < req->n_channels; i++) { 9593 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 9594 return -ENOBUFS; 9595 } 9596 9597 nla_nest_end(msg, freqs); 9598 9599 if (req->n_match_sets) { 9600 matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH); 9601 if (!matches) 9602 return -ENOBUFS; 9603 9604 for (i = 0; i < req->n_match_sets; i++) { 9605 match = nla_nest_start(msg, i); 9606 if (!match) 9607 return -ENOBUFS; 9608 9609 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID, 9610 req->match_sets[i].ssid.ssid_len, 9611 req->match_sets[i].ssid.ssid)) 9612 return -ENOBUFS; 9613 nla_nest_end(msg, match); 9614 } 9615 nla_nest_end(msg, matches); 9616 } 9617 9618 scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS); 9619 if (!scan_plans) 9620 return -ENOBUFS; 9621 9622 for (i = 0; i < req->n_scan_plans; i++) { 9623 scan_plan = nla_nest_start(msg, i + 1); 9624 if (!scan_plan) 9625 return -ENOBUFS; 9626 9627 if (!scan_plan || 9628 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL, 9629 req->scan_plans[i].interval) || 9630 (req->scan_plans[i].iterations && 9631 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS, 9632 req->scan_plans[i].iterations))) 9633 return -ENOBUFS; 9634 nla_nest_end(msg, scan_plan); 9635 } 9636 nla_nest_end(msg, scan_plans); 9637 9638 nla_nest_end(msg, nd); 9639 9640 return 0; 9641 } 9642 9643 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 9644 { 9645 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9646 struct sk_buff *msg; 9647 void *hdr; 9648 u32 size = NLMSG_DEFAULT_SIZE; 9649 9650 if (!rdev->wiphy.wowlan) 9651 return -EOPNOTSUPP; 9652 9653 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) { 9654 /* adjust size to have room for all the data */ 9655 size += rdev->wiphy.wowlan_config->tcp->tokens_size + 9656 rdev->wiphy.wowlan_config->tcp->payload_len + 9657 rdev->wiphy.wowlan_config->tcp->wake_len + 9658 rdev->wiphy.wowlan_config->tcp->wake_len / 8; 9659 } 9660 9661 msg = nlmsg_new(size, GFP_KERNEL); 9662 if (!msg) 9663 return -ENOMEM; 9664 9665 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 9666 NL80211_CMD_GET_WOWLAN); 9667 if (!hdr) 9668 goto nla_put_failure; 9669 9670 if (rdev->wiphy.wowlan_config) { 9671 struct nlattr *nl_wowlan; 9672 9673 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 9674 if (!nl_wowlan) 9675 goto nla_put_failure; 9676 9677 if ((rdev->wiphy.wowlan_config->any && 9678 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 9679 (rdev->wiphy.wowlan_config->disconnect && 9680 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 9681 (rdev->wiphy.wowlan_config->magic_pkt && 9682 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 9683 (rdev->wiphy.wowlan_config->gtk_rekey_failure && 9684 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 9685 (rdev->wiphy.wowlan_config->eap_identity_req && 9686 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 9687 (rdev->wiphy.wowlan_config->four_way_handshake && 9688 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 9689 (rdev->wiphy.wowlan_config->rfkill_release && 9690 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 9691 goto nla_put_failure; 9692 9693 if (nl80211_send_wowlan_patterns(msg, rdev)) 9694 goto nla_put_failure; 9695 9696 if (nl80211_send_wowlan_tcp(msg, 9697 rdev->wiphy.wowlan_config->tcp)) 9698 goto nla_put_failure; 9699 9700 if (nl80211_send_wowlan_nd( 9701 msg, 9702 rdev->wiphy.wowlan_config->nd_config)) 9703 goto nla_put_failure; 9704 9705 nla_nest_end(msg, nl_wowlan); 9706 } 9707 9708 genlmsg_end(msg, hdr); 9709 return genlmsg_reply(msg, info); 9710 9711 nla_put_failure: 9712 nlmsg_free(msg); 9713 return -ENOBUFS; 9714 } 9715 9716 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev, 9717 struct nlattr *attr, 9718 struct cfg80211_wowlan *trig) 9719 { 9720 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP]; 9721 struct cfg80211_wowlan_tcp *cfg; 9722 struct nl80211_wowlan_tcp_data_token *tok = NULL; 9723 struct nl80211_wowlan_tcp_data_seq *seq = NULL; 9724 u32 size; 9725 u32 data_size, wake_size, tokens_size = 0, wake_mask_size; 9726 int err, port; 9727 9728 if (!rdev->wiphy.wowlan->tcp) 9729 return -EINVAL; 9730 9731 err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP, 9732 nla_data(attr), nla_len(attr), 9733 nl80211_wowlan_tcp_policy); 9734 if (err) 9735 return err; 9736 9737 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] || 9738 !tb[NL80211_WOWLAN_TCP_DST_IPV4] || 9739 !tb[NL80211_WOWLAN_TCP_DST_MAC] || 9740 !tb[NL80211_WOWLAN_TCP_DST_PORT] || 9741 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] || 9742 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] || 9743 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] || 9744 !tb[NL80211_WOWLAN_TCP_WAKE_MASK]) 9745 return -EINVAL; 9746 9747 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]); 9748 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max) 9749 return -EINVAL; 9750 9751 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) > 9752 rdev->wiphy.wowlan->tcp->data_interval_max || 9753 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0) 9754 return -EINVAL; 9755 9756 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]); 9757 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max) 9758 return -EINVAL; 9759 9760 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]); 9761 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8)) 9762 return -EINVAL; 9763 9764 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) { 9765 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 9766 9767 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 9768 tokens_size = tokln - sizeof(*tok); 9769 9770 if (!tok->len || tokens_size % tok->len) 9771 return -EINVAL; 9772 if (!rdev->wiphy.wowlan->tcp->tok) 9773 return -EINVAL; 9774 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len) 9775 return -EINVAL; 9776 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len) 9777 return -EINVAL; 9778 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize) 9779 return -EINVAL; 9780 if (tok->offset + tok->len > data_size) 9781 return -EINVAL; 9782 } 9783 9784 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) { 9785 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]); 9786 if (!rdev->wiphy.wowlan->tcp->seq) 9787 return -EINVAL; 9788 if (seq->len == 0 || seq->len > 4) 9789 return -EINVAL; 9790 if (seq->len + seq->offset > data_size) 9791 return -EINVAL; 9792 } 9793 9794 size = sizeof(*cfg); 9795 size += data_size; 9796 size += wake_size + wake_mask_size; 9797 size += tokens_size; 9798 9799 cfg = kzalloc(size, GFP_KERNEL); 9800 if (!cfg) 9801 return -ENOMEM; 9802 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]); 9803 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]); 9804 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]), 9805 ETH_ALEN); 9806 if (tb[NL80211_WOWLAN_TCP_SRC_PORT]) 9807 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]); 9808 else 9809 port = 0; 9810 #ifdef CONFIG_INET 9811 /* allocate a socket and port for it and use it */ 9812 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM, 9813 IPPROTO_TCP, &cfg->sock, 1); 9814 if (err) { 9815 kfree(cfg); 9816 return err; 9817 } 9818 if (inet_csk_get_port(cfg->sock->sk, port)) { 9819 sock_release(cfg->sock); 9820 kfree(cfg); 9821 return -EADDRINUSE; 9822 } 9823 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num; 9824 #else 9825 if (!port) { 9826 kfree(cfg); 9827 return -EINVAL; 9828 } 9829 cfg->src_port = port; 9830 #endif 9831 9832 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]); 9833 cfg->payload_len = data_size; 9834 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size; 9835 memcpy((void *)cfg->payload, 9836 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]), 9837 data_size); 9838 if (seq) 9839 cfg->payload_seq = *seq; 9840 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]); 9841 cfg->wake_len = wake_size; 9842 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size; 9843 memcpy((void *)cfg->wake_data, 9844 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]), 9845 wake_size); 9846 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size + 9847 data_size + wake_size; 9848 memcpy((void *)cfg->wake_mask, 9849 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]), 9850 wake_mask_size); 9851 if (tok) { 9852 cfg->tokens_size = tokens_size; 9853 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size); 9854 } 9855 9856 trig->tcp = cfg; 9857 9858 return 0; 9859 } 9860 9861 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev, 9862 const struct wiphy_wowlan_support *wowlan, 9863 struct nlattr *attr, 9864 struct cfg80211_wowlan *trig) 9865 { 9866 struct nlattr **tb; 9867 int err; 9868 9869 tb = kzalloc(NUM_NL80211_ATTR * sizeof(*tb), GFP_KERNEL); 9870 if (!tb) 9871 return -ENOMEM; 9872 9873 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) { 9874 err = -EOPNOTSUPP; 9875 goto out; 9876 } 9877 9878 err = nla_parse(tb, NL80211_ATTR_MAX, 9879 nla_data(attr), nla_len(attr), 9880 nl80211_policy); 9881 if (err) 9882 goto out; 9883 9884 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb); 9885 err = PTR_ERR_OR_ZERO(trig->nd_config); 9886 if (err) 9887 trig->nd_config = NULL; 9888 9889 out: 9890 kfree(tb); 9891 return err; 9892 } 9893 9894 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 9895 { 9896 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9897 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 9898 struct cfg80211_wowlan new_triggers = {}; 9899 struct cfg80211_wowlan *ntrig; 9900 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan; 9901 int err, i; 9902 bool prev_enabled = rdev->wiphy.wowlan_config; 9903 bool regular = false; 9904 9905 if (!wowlan) 9906 return -EOPNOTSUPP; 9907 9908 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) { 9909 cfg80211_rdev_free_wowlan(rdev); 9910 rdev->wiphy.wowlan_config = NULL; 9911 goto set_wakeup; 9912 } 9913 9914 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG, 9915 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 9916 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 9917 nl80211_wowlan_policy); 9918 if (err) 9919 return err; 9920 9921 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 9922 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 9923 return -EINVAL; 9924 new_triggers.any = true; 9925 } 9926 9927 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 9928 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 9929 return -EINVAL; 9930 new_triggers.disconnect = true; 9931 regular = true; 9932 } 9933 9934 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 9935 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 9936 return -EINVAL; 9937 new_triggers.magic_pkt = true; 9938 regular = true; 9939 } 9940 9941 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 9942 return -EINVAL; 9943 9944 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 9945 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 9946 return -EINVAL; 9947 new_triggers.gtk_rekey_failure = true; 9948 regular = true; 9949 } 9950 9951 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 9952 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 9953 return -EINVAL; 9954 new_triggers.eap_identity_req = true; 9955 regular = true; 9956 } 9957 9958 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 9959 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 9960 return -EINVAL; 9961 new_triggers.four_way_handshake = true; 9962 regular = true; 9963 } 9964 9965 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 9966 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 9967 return -EINVAL; 9968 new_triggers.rfkill_release = true; 9969 regular = true; 9970 } 9971 9972 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 9973 struct nlattr *pat; 9974 int n_patterns = 0; 9975 int rem, pat_len, mask_len, pkt_offset; 9976 struct nlattr *pat_tb[NUM_NL80211_PKTPAT]; 9977 9978 regular = true; 9979 9980 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 9981 rem) 9982 n_patterns++; 9983 if (n_patterns > wowlan->n_patterns) 9984 return -EINVAL; 9985 9986 new_triggers.patterns = kcalloc(n_patterns, 9987 sizeof(new_triggers.patterns[0]), 9988 GFP_KERNEL); 9989 if (!new_triggers.patterns) 9990 return -ENOMEM; 9991 9992 new_triggers.n_patterns = n_patterns; 9993 i = 0; 9994 9995 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 9996 rem) { 9997 u8 *mask_pat; 9998 9999 nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat), 10000 nla_len(pat), NULL); 10001 err = -EINVAL; 10002 if (!pat_tb[NL80211_PKTPAT_MASK] || 10003 !pat_tb[NL80211_PKTPAT_PATTERN]) 10004 goto error; 10005 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]); 10006 mask_len = DIV_ROUND_UP(pat_len, 8); 10007 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len) 10008 goto error; 10009 if (pat_len > wowlan->pattern_max_len || 10010 pat_len < wowlan->pattern_min_len) 10011 goto error; 10012 10013 if (!pat_tb[NL80211_PKTPAT_OFFSET]) 10014 pkt_offset = 0; 10015 else 10016 pkt_offset = nla_get_u32( 10017 pat_tb[NL80211_PKTPAT_OFFSET]); 10018 if (pkt_offset > wowlan->max_pkt_offset) 10019 goto error; 10020 new_triggers.patterns[i].pkt_offset = pkt_offset; 10021 10022 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL); 10023 if (!mask_pat) { 10024 err = -ENOMEM; 10025 goto error; 10026 } 10027 new_triggers.patterns[i].mask = mask_pat; 10028 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]), 10029 mask_len); 10030 mask_pat += mask_len; 10031 new_triggers.patterns[i].pattern = mask_pat; 10032 new_triggers.patterns[i].pattern_len = pat_len; 10033 memcpy(mask_pat, 10034 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), 10035 pat_len); 10036 i++; 10037 } 10038 } 10039 10040 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) { 10041 regular = true; 10042 err = nl80211_parse_wowlan_tcp( 10043 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION], 10044 &new_triggers); 10045 if (err) 10046 goto error; 10047 } 10048 10049 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) { 10050 regular = true; 10051 err = nl80211_parse_wowlan_nd( 10052 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT], 10053 &new_triggers); 10054 if (err) 10055 goto error; 10056 } 10057 10058 /* The 'any' trigger means the device continues operating more or less 10059 * as in its normal operation mode and wakes up the host on most of the 10060 * normal interrupts (like packet RX, ...) 10061 * It therefore makes little sense to combine with the more constrained 10062 * wakeup trigger modes. 10063 */ 10064 if (new_triggers.any && regular) { 10065 err = -EINVAL; 10066 goto error; 10067 } 10068 10069 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL); 10070 if (!ntrig) { 10071 err = -ENOMEM; 10072 goto error; 10073 } 10074 cfg80211_rdev_free_wowlan(rdev); 10075 rdev->wiphy.wowlan_config = ntrig; 10076 10077 set_wakeup: 10078 if (rdev->ops->set_wakeup && 10079 prev_enabled != !!rdev->wiphy.wowlan_config) 10080 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config); 10081 10082 return 0; 10083 error: 10084 for (i = 0; i < new_triggers.n_patterns; i++) 10085 kfree(new_triggers.patterns[i].mask); 10086 kfree(new_triggers.patterns); 10087 if (new_triggers.tcp && new_triggers.tcp->sock) 10088 sock_release(new_triggers.tcp->sock); 10089 kfree(new_triggers.tcp); 10090 kfree(new_triggers.nd_config); 10091 return err; 10092 } 10093 #endif 10094 10095 static int nl80211_send_coalesce_rules(struct sk_buff *msg, 10096 struct cfg80211_registered_device *rdev) 10097 { 10098 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules; 10099 int i, j, pat_len; 10100 struct cfg80211_coalesce_rules *rule; 10101 10102 if (!rdev->coalesce->n_rules) 10103 return 0; 10104 10105 nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE); 10106 if (!nl_rules) 10107 return -ENOBUFS; 10108 10109 for (i = 0; i < rdev->coalesce->n_rules; i++) { 10110 nl_rule = nla_nest_start(msg, i + 1); 10111 if (!nl_rule) 10112 return -ENOBUFS; 10113 10114 rule = &rdev->coalesce->rules[i]; 10115 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY, 10116 rule->delay)) 10117 return -ENOBUFS; 10118 10119 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION, 10120 rule->condition)) 10121 return -ENOBUFS; 10122 10123 nl_pats = nla_nest_start(msg, 10124 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN); 10125 if (!nl_pats) 10126 return -ENOBUFS; 10127 10128 for (j = 0; j < rule->n_patterns; j++) { 10129 nl_pat = nla_nest_start(msg, j + 1); 10130 if (!nl_pat) 10131 return -ENOBUFS; 10132 pat_len = rule->patterns[j].pattern_len; 10133 if (nla_put(msg, NL80211_PKTPAT_MASK, 10134 DIV_ROUND_UP(pat_len, 8), 10135 rule->patterns[j].mask) || 10136 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len, 10137 rule->patterns[j].pattern) || 10138 nla_put_u32(msg, NL80211_PKTPAT_OFFSET, 10139 rule->patterns[j].pkt_offset)) 10140 return -ENOBUFS; 10141 nla_nest_end(msg, nl_pat); 10142 } 10143 nla_nest_end(msg, nl_pats); 10144 nla_nest_end(msg, nl_rule); 10145 } 10146 nla_nest_end(msg, nl_rules); 10147 10148 return 0; 10149 } 10150 10151 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info) 10152 { 10153 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10154 struct sk_buff *msg; 10155 void *hdr; 10156 10157 if (!rdev->wiphy.coalesce) 10158 return -EOPNOTSUPP; 10159 10160 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 10161 if (!msg) 10162 return -ENOMEM; 10163 10164 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 10165 NL80211_CMD_GET_COALESCE); 10166 if (!hdr) 10167 goto nla_put_failure; 10168 10169 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev)) 10170 goto nla_put_failure; 10171 10172 genlmsg_end(msg, hdr); 10173 return genlmsg_reply(msg, info); 10174 10175 nla_put_failure: 10176 nlmsg_free(msg); 10177 return -ENOBUFS; 10178 } 10179 10180 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev) 10181 { 10182 struct cfg80211_coalesce *coalesce = rdev->coalesce; 10183 int i, j; 10184 struct cfg80211_coalesce_rules *rule; 10185 10186 if (!coalesce) 10187 return; 10188 10189 for (i = 0; i < coalesce->n_rules; i++) { 10190 rule = &coalesce->rules[i]; 10191 for (j = 0; j < rule->n_patterns; j++) 10192 kfree(rule->patterns[j].mask); 10193 kfree(rule->patterns); 10194 } 10195 kfree(coalesce->rules); 10196 kfree(coalesce); 10197 rdev->coalesce = NULL; 10198 } 10199 10200 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev, 10201 struct nlattr *rule, 10202 struct cfg80211_coalesce_rules *new_rule) 10203 { 10204 int err, i; 10205 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce; 10206 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat; 10207 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0; 10208 struct nlattr *pat_tb[NUM_NL80211_PKTPAT]; 10209 10210 err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule), 10211 nla_len(rule), nl80211_coalesce_policy); 10212 if (err) 10213 return err; 10214 10215 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY]) 10216 new_rule->delay = 10217 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]); 10218 if (new_rule->delay > coalesce->max_delay) 10219 return -EINVAL; 10220 10221 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION]) 10222 new_rule->condition = 10223 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]); 10224 if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH && 10225 new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH) 10226 return -EINVAL; 10227 10228 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN]) 10229 return -EINVAL; 10230 10231 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN], 10232 rem) 10233 n_patterns++; 10234 if (n_patterns > coalesce->n_patterns) 10235 return -EINVAL; 10236 10237 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]), 10238 GFP_KERNEL); 10239 if (!new_rule->patterns) 10240 return -ENOMEM; 10241 10242 new_rule->n_patterns = n_patterns; 10243 i = 0; 10244 10245 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN], 10246 rem) { 10247 u8 *mask_pat; 10248 10249 nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat), 10250 nla_len(pat), NULL); 10251 if (!pat_tb[NL80211_PKTPAT_MASK] || 10252 !pat_tb[NL80211_PKTPAT_PATTERN]) 10253 return -EINVAL; 10254 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]); 10255 mask_len = DIV_ROUND_UP(pat_len, 8); 10256 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len) 10257 return -EINVAL; 10258 if (pat_len > coalesce->pattern_max_len || 10259 pat_len < coalesce->pattern_min_len) 10260 return -EINVAL; 10261 10262 if (!pat_tb[NL80211_PKTPAT_OFFSET]) 10263 pkt_offset = 0; 10264 else 10265 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]); 10266 if (pkt_offset > coalesce->max_pkt_offset) 10267 return -EINVAL; 10268 new_rule->patterns[i].pkt_offset = pkt_offset; 10269 10270 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL); 10271 if (!mask_pat) 10272 return -ENOMEM; 10273 10274 new_rule->patterns[i].mask = mask_pat; 10275 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]), 10276 mask_len); 10277 10278 mask_pat += mask_len; 10279 new_rule->patterns[i].pattern = mask_pat; 10280 new_rule->patterns[i].pattern_len = pat_len; 10281 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), 10282 pat_len); 10283 i++; 10284 } 10285 10286 return 0; 10287 } 10288 10289 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info) 10290 { 10291 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10292 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce; 10293 struct cfg80211_coalesce new_coalesce = {}; 10294 struct cfg80211_coalesce *n_coalesce; 10295 int err, rem_rule, n_rules = 0, i, j; 10296 struct nlattr *rule; 10297 struct cfg80211_coalesce_rules *tmp_rule; 10298 10299 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce) 10300 return -EOPNOTSUPP; 10301 10302 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) { 10303 cfg80211_rdev_free_coalesce(rdev); 10304 rdev_set_coalesce(rdev, NULL); 10305 return 0; 10306 } 10307 10308 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE], 10309 rem_rule) 10310 n_rules++; 10311 if (n_rules > coalesce->n_rules) 10312 return -EINVAL; 10313 10314 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]), 10315 GFP_KERNEL); 10316 if (!new_coalesce.rules) 10317 return -ENOMEM; 10318 10319 new_coalesce.n_rules = n_rules; 10320 i = 0; 10321 10322 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE], 10323 rem_rule) { 10324 err = nl80211_parse_coalesce_rule(rdev, rule, 10325 &new_coalesce.rules[i]); 10326 if (err) 10327 goto error; 10328 10329 i++; 10330 } 10331 10332 err = rdev_set_coalesce(rdev, &new_coalesce); 10333 if (err) 10334 goto error; 10335 10336 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL); 10337 if (!n_coalesce) { 10338 err = -ENOMEM; 10339 goto error; 10340 } 10341 cfg80211_rdev_free_coalesce(rdev); 10342 rdev->coalesce = n_coalesce; 10343 10344 return 0; 10345 error: 10346 for (i = 0; i < new_coalesce.n_rules; i++) { 10347 tmp_rule = &new_coalesce.rules[i]; 10348 for (j = 0; j < tmp_rule->n_patterns; j++) 10349 kfree(tmp_rule->patterns[j].mask); 10350 kfree(tmp_rule->patterns); 10351 } 10352 kfree(new_coalesce.rules); 10353 10354 return err; 10355 } 10356 10357 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 10358 { 10359 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10360 struct net_device *dev = info->user_ptr[1]; 10361 struct wireless_dev *wdev = dev->ieee80211_ptr; 10362 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 10363 struct cfg80211_gtk_rekey_data rekey_data; 10364 int err; 10365 10366 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 10367 return -EINVAL; 10368 10369 err = nla_parse(tb, MAX_NL80211_REKEY_DATA, 10370 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]), 10371 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]), 10372 nl80211_rekey_policy); 10373 if (err) 10374 return err; 10375 10376 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) 10377 return -ERANGE; 10378 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) 10379 return -ERANGE; 10380 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN) 10381 return -ERANGE; 10382 10383 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]); 10384 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]); 10385 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]); 10386 10387 wdev_lock(wdev); 10388 if (!wdev->current_bss) { 10389 err = -ENOTCONN; 10390 goto out; 10391 } 10392 10393 if (!rdev->ops->set_rekey_data) { 10394 err = -EOPNOTSUPP; 10395 goto out; 10396 } 10397 10398 err = rdev_set_rekey_data(rdev, dev, &rekey_data); 10399 out: 10400 wdev_unlock(wdev); 10401 return err; 10402 } 10403 10404 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 10405 struct genl_info *info) 10406 { 10407 struct net_device *dev = info->user_ptr[1]; 10408 struct wireless_dev *wdev = dev->ieee80211_ptr; 10409 10410 if (wdev->iftype != NL80211_IFTYPE_AP && 10411 wdev->iftype != NL80211_IFTYPE_P2P_GO) 10412 return -EINVAL; 10413 10414 if (wdev->ap_unexpected_nlportid) 10415 return -EBUSY; 10416 10417 wdev->ap_unexpected_nlportid = info->snd_portid; 10418 return 0; 10419 } 10420 10421 static int nl80211_probe_client(struct sk_buff *skb, 10422 struct genl_info *info) 10423 { 10424 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10425 struct net_device *dev = info->user_ptr[1]; 10426 struct wireless_dev *wdev = dev->ieee80211_ptr; 10427 struct sk_buff *msg; 10428 void *hdr; 10429 const u8 *addr; 10430 u64 cookie; 10431 int err; 10432 10433 if (wdev->iftype != NL80211_IFTYPE_AP && 10434 wdev->iftype != NL80211_IFTYPE_P2P_GO) 10435 return -EOPNOTSUPP; 10436 10437 if (!info->attrs[NL80211_ATTR_MAC]) 10438 return -EINVAL; 10439 10440 if (!rdev->ops->probe_client) 10441 return -EOPNOTSUPP; 10442 10443 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 10444 if (!msg) 10445 return -ENOMEM; 10446 10447 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 10448 NL80211_CMD_PROBE_CLIENT); 10449 if (!hdr) { 10450 err = -ENOBUFS; 10451 goto free_msg; 10452 } 10453 10454 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 10455 10456 err = rdev_probe_client(rdev, dev, addr, &cookie); 10457 if (err) 10458 goto free_msg; 10459 10460 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 10461 NL80211_ATTR_PAD)) 10462 goto nla_put_failure; 10463 10464 genlmsg_end(msg, hdr); 10465 10466 return genlmsg_reply(msg, info); 10467 10468 nla_put_failure: 10469 err = -ENOBUFS; 10470 free_msg: 10471 nlmsg_free(msg); 10472 return err; 10473 } 10474 10475 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 10476 { 10477 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10478 struct cfg80211_beacon_registration *reg, *nreg; 10479 int rv; 10480 10481 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 10482 return -EOPNOTSUPP; 10483 10484 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL); 10485 if (!nreg) 10486 return -ENOMEM; 10487 10488 /* First, check if already registered. */ 10489 spin_lock_bh(&rdev->beacon_registrations_lock); 10490 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 10491 if (reg->nlportid == info->snd_portid) { 10492 rv = -EALREADY; 10493 goto out_err; 10494 } 10495 } 10496 /* Add it to the list */ 10497 nreg->nlportid = info->snd_portid; 10498 list_add(&nreg->list, &rdev->beacon_registrations); 10499 10500 spin_unlock_bh(&rdev->beacon_registrations_lock); 10501 10502 return 0; 10503 out_err: 10504 spin_unlock_bh(&rdev->beacon_registrations_lock); 10505 kfree(nreg); 10506 return rv; 10507 } 10508 10509 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info) 10510 { 10511 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10512 struct wireless_dev *wdev = info->user_ptr[1]; 10513 int err; 10514 10515 if (!rdev->ops->start_p2p_device) 10516 return -EOPNOTSUPP; 10517 10518 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 10519 return -EOPNOTSUPP; 10520 10521 if (wdev->p2p_started) 10522 return 0; 10523 10524 if (rfkill_blocked(rdev->rfkill)) 10525 return -ERFKILL; 10526 10527 err = rdev_start_p2p_device(rdev, wdev); 10528 if (err) 10529 return err; 10530 10531 wdev->p2p_started = true; 10532 rdev->opencount++; 10533 10534 return 0; 10535 } 10536 10537 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info) 10538 { 10539 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10540 struct wireless_dev *wdev = info->user_ptr[1]; 10541 10542 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 10543 return -EOPNOTSUPP; 10544 10545 if (!rdev->ops->stop_p2p_device) 10546 return -EOPNOTSUPP; 10547 10548 cfg80211_stop_p2p_device(rdev, wdev); 10549 10550 return 0; 10551 } 10552 10553 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info) 10554 { 10555 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10556 struct wireless_dev *wdev = info->user_ptr[1]; 10557 struct cfg80211_nan_conf conf = {}; 10558 int err; 10559 10560 if (wdev->iftype != NL80211_IFTYPE_NAN) 10561 return -EOPNOTSUPP; 10562 10563 if (wdev->nan_started) 10564 return -EEXIST; 10565 10566 if (rfkill_blocked(rdev->rfkill)) 10567 return -ERFKILL; 10568 10569 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) 10570 return -EINVAL; 10571 10572 if (!info->attrs[NL80211_ATTR_NAN_DUAL]) 10573 return -EINVAL; 10574 10575 conf.master_pref = 10576 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]); 10577 if (!conf.master_pref) 10578 return -EINVAL; 10579 10580 conf.dual = nla_get_u8(info->attrs[NL80211_ATTR_NAN_DUAL]); 10581 10582 err = rdev_start_nan(rdev, wdev, &conf); 10583 if (err) 10584 return err; 10585 10586 wdev->nan_started = true; 10587 rdev->opencount++; 10588 10589 return 0; 10590 } 10591 10592 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info) 10593 { 10594 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10595 struct wireless_dev *wdev = info->user_ptr[1]; 10596 10597 if (wdev->iftype != NL80211_IFTYPE_NAN) 10598 return -EOPNOTSUPP; 10599 10600 cfg80211_stop_nan(rdev, wdev); 10601 10602 return 0; 10603 } 10604 10605 static int validate_nan_filter(struct nlattr *filter_attr) 10606 { 10607 struct nlattr *attr; 10608 int len = 0, n_entries = 0, rem; 10609 10610 nla_for_each_nested(attr, filter_attr, rem) { 10611 len += nla_len(attr); 10612 n_entries++; 10613 } 10614 10615 if (len >= U8_MAX) 10616 return -EINVAL; 10617 10618 return n_entries; 10619 } 10620 10621 static int handle_nan_filter(struct nlattr *attr_filter, 10622 struct cfg80211_nan_func *func, 10623 bool tx) 10624 { 10625 struct nlattr *attr; 10626 int n_entries, rem, i; 10627 struct cfg80211_nan_func_filter *filter; 10628 10629 n_entries = validate_nan_filter(attr_filter); 10630 if (n_entries < 0) 10631 return n_entries; 10632 10633 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters)); 10634 10635 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL); 10636 if (!filter) 10637 return -ENOMEM; 10638 10639 i = 0; 10640 nla_for_each_nested(attr, attr_filter, rem) { 10641 filter[i].filter = kmemdup(nla_data(attr), nla_len(attr), 10642 GFP_KERNEL); 10643 filter[i].len = nla_len(attr); 10644 i++; 10645 } 10646 if (tx) { 10647 func->num_tx_filters = n_entries; 10648 func->tx_filters = filter; 10649 } else { 10650 func->num_rx_filters = n_entries; 10651 func->rx_filters = filter; 10652 } 10653 10654 return 0; 10655 } 10656 10657 static int nl80211_nan_add_func(struct sk_buff *skb, 10658 struct genl_info *info) 10659 { 10660 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10661 struct wireless_dev *wdev = info->user_ptr[1]; 10662 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr; 10663 struct cfg80211_nan_func *func; 10664 struct sk_buff *msg = NULL; 10665 void *hdr = NULL; 10666 int err = 0; 10667 10668 if (wdev->iftype != NL80211_IFTYPE_NAN) 10669 return -EOPNOTSUPP; 10670 10671 if (!wdev->nan_started) 10672 return -ENOTCONN; 10673 10674 if (!info->attrs[NL80211_ATTR_NAN_FUNC]) 10675 return -EINVAL; 10676 10677 if (wdev->owner_nlportid && 10678 wdev->owner_nlportid != info->snd_portid) 10679 return -ENOTCONN; 10680 10681 err = nla_parse(tb, NL80211_NAN_FUNC_ATTR_MAX, 10682 nla_data(info->attrs[NL80211_ATTR_NAN_FUNC]), 10683 nla_len(info->attrs[NL80211_ATTR_NAN_FUNC]), 10684 nl80211_nan_func_policy); 10685 if (err) 10686 return err; 10687 10688 func = kzalloc(sizeof(*func), GFP_KERNEL); 10689 if (!func) 10690 return -ENOMEM; 10691 10692 func->cookie = wdev->wiphy->cookie_counter++; 10693 10694 if (!tb[NL80211_NAN_FUNC_TYPE] || 10695 nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) { 10696 err = -EINVAL; 10697 goto out; 10698 } 10699 10700 10701 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]); 10702 10703 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) { 10704 err = -EINVAL; 10705 goto out; 10706 } 10707 10708 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]), 10709 sizeof(func->service_id)); 10710 10711 func->close_range = 10712 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]); 10713 10714 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) { 10715 func->serv_spec_info_len = 10716 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]); 10717 func->serv_spec_info = 10718 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]), 10719 func->serv_spec_info_len, 10720 GFP_KERNEL); 10721 if (!func->serv_spec_info) { 10722 err = -ENOMEM; 10723 goto out; 10724 } 10725 } 10726 10727 if (tb[NL80211_NAN_FUNC_TTL]) 10728 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]); 10729 10730 switch (func->type) { 10731 case NL80211_NAN_FUNC_PUBLISH: 10732 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) { 10733 err = -EINVAL; 10734 goto out; 10735 } 10736 10737 func->publish_type = 10738 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]); 10739 func->publish_bcast = 10740 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]); 10741 10742 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) && 10743 func->publish_bcast) { 10744 err = -EINVAL; 10745 goto out; 10746 } 10747 break; 10748 case NL80211_NAN_FUNC_SUBSCRIBE: 10749 func->subscribe_active = 10750 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]); 10751 break; 10752 case NL80211_NAN_FUNC_FOLLOW_UP: 10753 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] || 10754 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]) { 10755 err = -EINVAL; 10756 goto out; 10757 } 10758 10759 func->followup_id = 10760 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]); 10761 func->followup_reqid = 10762 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]); 10763 memcpy(func->followup_dest.addr, 10764 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]), 10765 sizeof(func->followup_dest.addr)); 10766 if (func->ttl) { 10767 err = -EINVAL; 10768 goto out; 10769 } 10770 break; 10771 default: 10772 err = -EINVAL; 10773 goto out; 10774 } 10775 10776 if (tb[NL80211_NAN_FUNC_SRF]) { 10777 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR]; 10778 10779 err = nla_parse(srf_tb, NL80211_NAN_SRF_ATTR_MAX, 10780 nla_data(tb[NL80211_NAN_FUNC_SRF]), 10781 nla_len(tb[NL80211_NAN_FUNC_SRF]), NULL); 10782 if (err) 10783 goto out; 10784 10785 func->srf_include = 10786 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]); 10787 10788 if (srf_tb[NL80211_NAN_SRF_BF]) { 10789 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] || 10790 !srf_tb[NL80211_NAN_SRF_BF_IDX]) { 10791 err = -EINVAL; 10792 goto out; 10793 } 10794 10795 func->srf_bf_len = 10796 nla_len(srf_tb[NL80211_NAN_SRF_BF]); 10797 func->srf_bf = 10798 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]), 10799 func->srf_bf_len, GFP_KERNEL); 10800 if (!func->srf_bf) { 10801 err = -ENOMEM; 10802 goto out; 10803 } 10804 10805 func->srf_bf_idx = 10806 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]); 10807 } else { 10808 struct nlattr *attr, *mac_attr = 10809 srf_tb[NL80211_NAN_SRF_MAC_ADDRS]; 10810 int n_entries, rem, i = 0; 10811 10812 if (!mac_attr) { 10813 err = -EINVAL; 10814 goto out; 10815 } 10816 10817 n_entries = validate_acl_mac_addrs(mac_attr); 10818 if (n_entries <= 0) { 10819 err = -EINVAL; 10820 goto out; 10821 } 10822 10823 func->srf_num_macs = n_entries; 10824 func->srf_macs = 10825 kzalloc(sizeof(*func->srf_macs) * n_entries, 10826 GFP_KERNEL); 10827 if (!func->srf_macs) { 10828 err = -ENOMEM; 10829 goto out; 10830 } 10831 10832 nla_for_each_nested(attr, mac_attr, rem) 10833 memcpy(func->srf_macs[i++].addr, nla_data(attr), 10834 sizeof(*func->srf_macs)); 10835 } 10836 } 10837 10838 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) { 10839 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER], 10840 func, true); 10841 if (err) 10842 goto out; 10843 } 10844 10845 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) { 10846 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER], 10847 func, false); 10848 if (err) 10849 goto out; 10850 } 10851 10852 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 10853 if (!msg) { 10854 err = -ENOMEM; 10855 goto out; 10856 } 10857 10858 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 10859 NL80211_CMD_ADD_NAN_FUNCTION); 10860 /* This can't really happen - we just allocated 4KB */ 10861 if (WARN_ON(!hdr)) { 10862 err = -ENOMEM; 10863 goto out; 10864 } 10865 10866 err = rdev_add_nan_func(rdev, wdev, func); 10867 out: 10868 if (err < 0) { 10869 cfg80211_free_nan_func(func); 10870 nlmsg_free(msg); 10871 return err; 10872 } 10873 10874 /* propagate the instance id and cookie to userspace */ 10875 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie, 10876 NL80211_ATTR_PAD)) 10877 goto nla_put_failure; 10878 10879 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC); 10880 if (!func_attr) 10881 goto nla_put_failure; 10882 10883 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, 10884 func->instance_id)) 10885 goto nla_put_failure; 10886 10887 nla_nest_end(msg, func_attr); 10888 10889 genlmsg_end(msg, hdr); 10890 return genlmsg_reply(msg, info); 10891 10892 nla_put_failure: 10893 nlmsg_free(msg); 10894 return -ENOBUFS; 10895 } 10896 10897 static int nl80211_nan_del_func(struct sk_buff *skb, 10898 struct genl_info *info) 10899 { 10900 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10901 struct wireless_dev *wdev = info->user_ptr[1]; 10902 u64 cookie; 10903 10904 if (wdev->iftype != NL80211_IFTYPE_NAN) 10905 return -EOPNOTSUPP; 10906 10907 if (!wdev->nan_started) 10908 return -ENOTCONN; 10909 10910 if (!info->attrs[NL80211_ATTR_COOKIE]) 10911 return -EINVAL; 10912 10913 if (wdev->owner_nlportid && 10914 wdev->owner_nlportid != info->snd_portid) 10915 return -ENOTCONN; 10916 10917 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 10918 10919 rdev_del_nan_func(rdev, wdev, cookie); 10920 10921 return 0; 10922 } 10923 10924 static int nl80211_nan_change_config(struct sk_buff *skb, 10925 struct genl_info *info) 10926 { 10927 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10928 struct wireless_dev *wdev = info->user_ptr[1]; 10929 struct cfg80211_nan_conf conf = {}; 10930 u32 changed = 0; 10931 10932 if (wdev->iftype != NL80211_IFTYPE_NAN) 10933 return -EOPNOTSUPP; 10934 10935 if (!wdev->nan_started) 10936 return -ENOTCONN; 10937 10938 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) { 10939 conf.master_pref = 10940 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]); 10941 if (conf.master_pref <= 1 || conf.master_pref == 255) 10942 return -EINVAL; 10943 10944 changed |= CFG80211_NAN_CONF_CHANGED_PREF; 10945 } 10946 10947 if (info->attrs[NL80211_ATTR_NAN_DUAL]) { 10948 conf.dual = nla_get_u8(info->attrs[NL80211_ATTR_NAN_DUAL]); 10949 changed |= CFG80211_NAN_CONF_CHANGED_DUAL; 10950 } 10951 10952 if (!changed) 10953 return -EINVAL; 10954 10955 return rdev_nan_change_conf(rdev, wdev, &conf, changed); 10956 } 10957 10958 void cfg80211_nan_match(struct wireless_dev *wdev, 10959 struct cfg80211_nan_match_params *match, gfp_t gfp) 10960 { 10961 struct wiphy *wiphy = wdev->wiphy; 10962 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 10963 struct nlattr *match_attr, *local_func_attr, *peer_func_attr; 10964 struct sk_buff *msg; 10965 void *hdr; 10966 10967 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr)) 10968 return; 10969 10970 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 10971 if (!msg) 10972 return; 10973 10974 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH); 10975 if (!hdr) { 10976 nlmsg_free(msg); 10977 return; 10978 } 10979 10980 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10981 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 10982 wdev->netdev->ifindex)) || 10983 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 10984 NL80211_ATTR_PAD)) 10985 goto nla_put_failure; 10986 10987 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie, 10988 NL80211_ATTR_PAD) || 10989 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr)) 10990 goto nla_put_failure; 10991 10992 match_attr = nla_nest_start(msg, NL80211_ATTR_NAN_MATCH); 10993 if (!match_attr) 10994 goto nla_put_failure; 10995 10996 local_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_LOCAL); 10997 if (!local_func_attr) 10998 goto nla_put_failure; 10999 11000 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id)) 11001 goto nla_put_failure; 11002 11003 nla_nest_end(msg, local_func_attr); 11004 11005 peer_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_PEER); 11006 if (!peer_func_attr) 11007 goto nla_put_failure; 11008 11009 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) || 11010 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id)) 11011 goto nla_put_failure; 11012 11013 if (match->info && match->info_len && 11014 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len, 11015 match->info)) 11016 goto nla_put_failure; 11017 11018 nla_nest_end(msg, peer_func_attr); 11019 nla_nest_end(msg, match_attr); 11020 genlmsg_end(msg, hdr); 11021 11022 if (!wdev->owner_nlportid) 11023 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 11024 msg, 0, NL80211_MCGRP_NAN, gfp); 11025 else 11026 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 11027 wdev->owner_nlportid); 11028 11029 return; 11030 11031 nla_put_failure: 11032 nlmsg_free(msg); 11033 } 11034 EXPORT_SYMBOL(cfg80211_nan_match); 11035 11036 void cfg80211_nan_func_terminated(struct wireless_dev *wdev, 11037 u8 inst_id, 11038 enum nl80211_nan_func_term_reason reason, 11039 u64 cookie, gfp_t gfp) 11040 { 11041 struct wiphy *wiphy = wdev->wiphy; 11042 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 11043 struct sk_buff *msg; 11044 struct nlattr *func_attr; 11045 void *hdr; 11046 11047 if (WARN_ON(!inst_id)) 11048 return; 11049 11050 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 11051 if (!msg) 11052 return; 11053 11054 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION); 11055 if (!hdr) { 11056 nlmsg_free(msg); 11057 return; 11058 } 11059 11060 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 11061 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 11062 wdev->netdev->ifindex)) || 11063 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 11064 NL80211_ATTR_PAD)) 11065 goto nla_put_failure; 11066 11067 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 11068 NL80211_ATTR_PAD)) 11069 goto nla_put_failure; 11070 11071 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC); 11072 if (!func_attr) 11073 goto nla_put_failure; 11074 11075 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) || 11076 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason)) 11077 goto nla_put_failure; 11078 11079 nla_nest_end(msg, func_attr); 11080 genlmsg_end(msg, hdr); 11081 11082 if (!wdev->owner_nlportid) 11083 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 11084 msg, 0, NL80211_MCGRP_NAN, gfp); 11085 else 11086 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 11087 wdev->owner_nlportid); 11088 11089 return; 11090 11091 nla_put_failure: 11092 nlmsg_free(msg); 11093 } 11094 EXPORT_SYMBOL(cfg80211_nan_func_terminated); 11095 11096 static int nl80211_get_protocol_features(struct sk_buff *skb, 11097 struct genl_info *info) 11098 { 11099 void *hdr; 11100 struct sk_buff *msg; 11101 11102 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 11103 if (!msg) 11104 return -ENOMEM; 11105 11106 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 11107 NL80211_CMD_GET_PROTOCOL_FEATURES); 11108 if (!hdr) 11109 goto nla_put_failure; 11110 11111 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES, 11112 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP)) 11113 goto nla_put_failure; 11114 11115 genlmsg_end(msg, hdr); 11116 return genlmsg_reply(msg, info); 11117 11118 nla_put_failure: 11119 kfree_skb(msg); 11120 return -ENOBUFS; 11121 } 11122 11123 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info) 11124 { 11125 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11126 struct cfg80211_update_ft_ies_params ft_params; 11127 struct net_device *dev = info->user_ptr[1]; 11128 11129 if (!rdev->ops->update_ft_ies) 11130 return -EOPNOTSUPP; 11131 11132 if (!info->attrs[NL80211_ATTR_MDID] || 11133 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 11134 return -EINVAL; 11135 11136 memset(&ft_params, 0, sizeof(ft_params)); 11137 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]); 11138 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 11139 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 11140 11141 return rdev_update_ft_ies(rdev, dev, &ft_params); 11142 } 11143 11144 static int nl80211_crit_protocol_start(struct sk_buff *skb, 11145 struct genl_info *info) 11146 { 11147 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11148 struct wireless_dev *wdev = info->user_ptr[1]; 11149 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC; 11150 u16 duration; 11151 int ret; 11152 11153 if (!rdev->ops->crit_proto_start) 11154 return -EOPNOTSUPP; 11155 11156 if (WARN_ON(!rdev->ops->crit_proto_stop)) 11157 return -EINVAL; 11158 11159 if (rdev->crit_proto_nlportid) 11160 return -EBUSY; 11161 11162 /* determine protocol if provided */ 11163 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID]) 11164 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]); 11165 11166 if (proto >= NUM_NL80211_CRIT_PROTO) 11167 return -EINVAL; 11168 11169 /* timeout must be provided */ 11170 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]) 11171 return -EINVAL; 11172 11173 duration = 11174 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]); 11175 11176 if (duration > NL80211_CRIT_PROTO_MAX_DURATION) 11177 return -ERANGE; 11178 11179 ret = rdev_crit_proto_start(rdev, wdev, proto, duration); 11180 if (!ret) 11181 rdev->crit_proto_nlportid = info->snd_portid; 11182 11183 return ret; 11184 } 11185 11186 static int nl80211_crit_protocol_stop(struct sk_buff *skb, 11187 struct genl_info *info) 11188 { 11189 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11190 struct wireless_dev *wdev = info->user_ptr[1]; 11191 11192 if (!rdev->ops->crit_proto_stop) 11193 return -EOPNOTSUPP; 11194 11195 if (rdev->crit_proto_nlportid) { 11196 rdev->crit_proto_nlportid = 0; 11197 rdev_crit_proto_stop(rdev, wdev); 11198 } 11199 return 0; 11200 } 11201 11202 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info) 11203 { 11204 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11205 struct wireless_dev *wdev = 11206 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs); 11207 int i, err; 11208 u32 vid, subcmd; 11209 11210 if (!rdev->wiphy.vendor_commands) 11211 return -EOPNOTSUPP; 11212 11213 if (IS_ERR(wdev)) { 11214 err = PTR_ERR(wdev); 11215 if (err != -EINVAL) 11216 return err; 11217 wdev = NULL; 11218 } else if (wdev->wiphy != &rdev->wiphy) { 11219 return -EINVAL; 11220 } 11221 11222 if (!info->attrs[NL80211_ATTR_VENDOR_ID] || 11223 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD]) 11224 return -EINVAL; 11225 11226 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]); 11227 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]); 11228 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) { 11229 const struct wiphy_vendor_command *vcmd; 11230 void *data = NULL; 11231 int len = 0; 11232 11233 vcmd = &rdev->wiphy.vendor_commands[i]; 11234 11235 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd) 11236 continue; 11237 11238 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV | 11239 WIPHY_VENDOR_CMD_NEED_NETDEV)) { 11240 if (!wdev) 11241 return -EINVAL; 11242 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV && 11243 !wdev->netdev) 11244 return -EINVAL; 11245 11246 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) { 11247 if (wdev->netdev && 11248 !netif_running(wdev->netdev)) 11249 return -ENETDOWN; 11250 if (!wdev->netdev && !wdev->p2p_started) 11251 return -ENETDOWN; 11252 } 11253 11254 if (!vcmd->doit) 11255 return -EOPNOTSUPP; 11256 } else { 11257 wdev = NULL; 11258 } 11259 11260 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) { 11261 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]); 11262 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]); 11263 } 11264 11265 rdev->cur_cmd_info = info; 11266 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev, 11267 data, len); 11268 rdev->cur_cmd_info = NULL; 11269 return err; 11270 } 11271 11272 return -EOPNOTSUPP; 11273 } 11274 11275 static int nl80211_prepare_vendor_dump(struct sk_buff *skb, 11276 struct netlink_callback *cb, 11277 struct cfg80211_registered_device **rdev, 11278 struct wireless_dev **wdev) 11279 { 11280 u32 vid, subcmd; 11281 unsigned int i; 11282 int vcmd_idx = -1; 11283 int err; 11284 void *data = NULL; 11285 unsigned int data_len = 0; 11286 11287 rtnl_lock(); 11288 11289 if (cb->args[0]) { 11290 /* subtract the 1 again here */ 11291 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1); 11292 struct wireless_dev *tmp; 11293 11294 if (!wiphy) { 11295 err = -ENODEV; 11296 goto out_unlock; 11297 } 11298 *rdev = wiphy_to_rdev(wiphy); 11299 *wdev = NULL; 11300 11301 if (cb->args[1]) { 11302 list_for_each_entry(tmp, &wiphy->wdev_list, list) { 11303 if (tmp->identifier == cb->args[1] - 1) { 11304 *wdev = tmp; 11305 break; 11306 } 11307 } 11308 } 11309 11310 /* keep rtnl locked in successful case */ 11311 return 0; 11312 } 11313 11314 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 11315 nl80211_fam.attrbuf, nl80211_fam.maxattr, 11316 nl80211_policy); 11317 if (err) 11318 goto out_unlock; 11319 11320 if (!nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_ID] || 11321 !nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) { 11322 err = -EINVAL; 11323 goto out_unlock; 11324 } 11325 11326 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), 11327 nl80211_fam.attrbuf); 11328 if (IS_ERR(*wdev)) 11329 *wdev = NULL; 11330 11331 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), 11332 nl80211_fam.attrbuf); 11333 if (IS_ERR(*rdev)) { 11334 err = PTR_ERR(*rdev); 11335 goto out_unlock; 11336 } 11337 11338 vid = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_ID]); 11339 subcmd = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_SUBCMD]); 11340 11341 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) { 11342 const struct wiphy_vendor_command *vcmd; 11343 11344 vcmd = &(*rdev)->wiphy.vendor_commands[i]; 11345 11346 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd) 11347 continue; 11348 11349 if (!vcmd->dumpit) { 11350 err = -EOPNOTSUPP; 11351 goto out_unlock; 11352 } 11353 11354 vcmd_idx = i; 11355 break; 11356 } 11357 11358 if (vcmd_idx < 0) { 11359 err = -EOPNOTSUPP; 11360 goto out_unlock; 11361 } 11362 11363 if (nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]) { 11364 data = nla_data(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]); 11365 data_len = nla_len(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]); 11366 } 11367 11368 /* 0 is the first index - add 1 to parse only once */ 11369 cb->args[0] = (*rdev)->wiphy_idx + 1; 11370 /* add 1 to know if it was NULL */ 11371 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0; 11372 cb->args[2] = vcmd_idx; 11373 cb->args[3] = (unsigned long)data; 11374 cb->args[4] = data_len; 11375 11376 /* keep rtnl locked in successful case */ 11377 return 0; 11378 out_unlock: 11379 rtnl_unlock(); 11380 return err; 11381 } 11382 11383 static int nl80211_vendor_cmd_dump(struct sk_buff *skb, 11384 struct netlink_callback *cb) 11385 { 11386 struct cfg80211_registered_device *rdev; 11387 struct wireless_dev *wdev; 11388 unsigned int vcmd_idx; 11389 const struct wiphy_vendor_command *vcmd; 11390 void *data; 11391 int data_len; 11392 int err; 11393 struct nlattr *vendor_data; 11394 11395 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev); 11396 if (err) 11397 return err; 11398 11399 vcmd_idx = cb->args[2]; 11400 data = (void *)cb->args[3]; 11401 data_len = cb->args[4]; 11402 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx]; 11403 11404 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV | 11405 WIPHY_VENDOR_CMD_NEED_NETDEV)) { 11406 if (!wdev) 11407 return -EINVAL; 11408 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV && 11409 !wdev->netdev) 11410 return -EINVAL; 11411 11412 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) { 11413 if (wdev->netdev && 11414 !netif_running(wdev->netdev)) 11415 return -ENETDOWN; 11416 if (!wdev->netdev && !wdev->p2p_started) 11417 return -ENETDOWN; 11418 } 11419 } 11420 11421 while (1) { 11422 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 11423 cb->nlh->nlmsg_seq, NLM_F_MULTI, 11424 NL80211_CMD_VENDOR); 11425 if (!hdr) 11426 break; 11427 11428 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 11429 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV, 11430 wdev_id(wdev), 11431 NL80211_ATTR_PAD))) { 11432 genlmsg_cancel(skb, hdr); 11433 break; 11434 } 11435 11436 vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA); 11437 if (!vendor_data) { 11438 genlmsg_cancel(skb, hdr); 11439 break; 11440 } 11441 11442 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len, 11443 (unsigned long *)&cb->args[5]); 11444 nla_nest_end(skb, vendor_data); 11445 11446 if (err == -ENOBUFS || err == -ENOENT) { 11447 genlmsg_cancel(skb, hdr); 11448 break; 11449 } else if (err) { 11450 genlmsg_cancel(skb, hdr); 11451 goto out; 11452 } 11453 11454 genlmsg_end(skb, hdr); 11455 } 11456 11457 err = skb->len; 11458 out: 11459 rtnl_unlock(); 11460 return err; 11461 } 11462 11463 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy, 11464 enum nl80211_commands cmd, 11465 enum nl80211_attrs attr, 11466 int approxlen) 11467 { 11468 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 11469 11470 if (WARN_ON(!rdev->cur_cmd_info)) 11471 return NULL; 11472 11473 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen, 11474 rdev->cur_cmd_info->snd_portid, 11475 rdev->cur_cmd_info->snd_seq, 11476 cmd, attr, NULL, GFP_KERNEL); 11477 } 11478 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb); 11479 11480 int cfg80211_vendor_cmd_reply(struct sk_buff *skb) 11481 { 11482 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 11483 void *hdr = ((void **)skb->cb)[1]; 11484 struct nlattr *data = ((void **)skb->cb)[2]; 11485 11486 /* clear CB data for netlink core to own from now on */ 11487 memset(skb->cb, 0, sizeof(skb->cb)); 11488 11489 if (WARN_ON(!rdev->cur_cmd_info)) { 11490 kfree_skb(skb); 11491 return -EINVAL; 11492 } 11493 11494 nla_nest_end(skb, data); 11495 genlmsg_end(skb, hdr); 11496 return genlmsg_reply(skb, rdev->cur_cmd_info); 11497 } 11498 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply); 11499 11500 static int nl80211_set_qos_map(struct sk_buff *skb, 11501 struct genl_info *info) 11502 { 11503 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11504 struct cfg80211_qos_map *qos_map = NULL; 11505 struct net_device *dev = info->user_ptr[1]; 11506 u8 *pos, len, num_des, des_len, des; 11507 int ret; 11508 11509 if (!rdev->ops->set_qos_map) 11510 return -EOPNOTSUPP; 11511 11512 if (info->attrs[NL80211_ATTR_QOS_MAP]) { 11513 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]); 11514 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]); 11515 11516 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN || 11517 len > IEEE80211_QOS_MAP_LEN_MAX) 11518 return -EINVAL; 11519 11520 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL); 11521 if (!qos_map) 11522 return -ENOMEM; 11523 11524 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1; 11525 if (num_des) { 11526 des_len = num_des * 11527 sizeof(struct cfg80211_dscp_exception); 11528 memcpy(qos_map->dscp_exception, pos, des_len); 11529 qos_map->num_des = num_des; 11530 for (des = 0; des < num_des; des++) { 11531 if (qos_map->dscp_exception[des].up > 7) { 11532 kfree(qos_map); 11533 return -EINVAL; 11534 } 11535 } 11536 pos += des_len; 11537 } 11538 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN); 11539 } 11540 11541 wdev_lock(dev->ieee80211_ptr); 11542 ret = nl80211_key_allowed(dev->ieee80211_ptr); 11543 if (!ret) 11544 ret = rdev_set_qos_map(rdev, dev, qos_map); 11545 wdev_unlock(dev->ieee80211_ptr); 11546 11547 kfree(qos_map); 11548 return ret; 11549 } 11550 11551 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info) 11552 { 11553 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11554 struct net_device *dev = info->user_ptr[1]; 11555 struct wireless_dev *wdev = dev->ieee80211_ptr; 11556 const u8 *peer; 11557 u8 tsid, up; 11558 u16 admitted_time = 0; 11559 int err; 11560 11561 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)) 11562 return -EOPNOTSUPP; 11563 11564 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] || 11565 !info->attrs[NL80211_ATTR_USER_PRIO]) 11566 return -EINVAL; 11567 11568 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]); 11569 if (tsid >= IEEE80211_NUM_TIDS) 11570 return -EINVAL; 11571 11572 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]); 11573 if (up >= IEEE80211_NUM_UPS) 11574 return -EINVAL; 11575 11576 /* WMM uses TIDs 0-7 even for TSPEC */ 11577 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) { 11578 /* TODO: handle 802.11 TSPEC/admission control 11579 * need more attributes for that (e.g. BA session requirement); 11580 * change the WMM adminssion test above to allow both then 11581 */ 11582 return -EINVAL; 11583 } 11584 11585 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 11586 11587 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) { 11588 admitted_time = 11589 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]); 11590 if (!admitted_time) 11591 return -EINVAL; 11592 } 11593 11594 wdev_lock(wdev); 11595 switch (wdev->iftype) { 11596 case NL80211_IFTYPE_STATION: 11597 case NL80211_IFTYPE_P2P_CLIENT: 11598 if (wdev->current_bss) 11599 break; 11600 err = -ENOTCONN; 11601 goto out; 11602 default: 11603 err = -EOPNOTSUPP; 11604 goto out; 11605 } 11606 11607 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time); 11608 11609 out: 11610 wdev_unlock(wdev); 11611 return err; 11612 } 11613 11614 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info) 11615 { 11616 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11617 struct net_device *dev = info->user_ptr[1]; 11618 struct wireless_dev *wdev = dev->ieee80211_ptr; 11619 const u8 *peer; 11620 u8 tsid; 11621 int err; 11622 11623 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC]) 11624 return -EINVAL; 11625 11626 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]); 11627 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 11628 11629 wdev_lock(wdev); 11630 err = rdev_del_tx_ts(rdev, dev, tsid, peer); 11631 wdev_unlock(wdev); 11632 11633 return err; 11634 } 11635 11636 static int nl80211_tdls_channel_switch(struct sk_buff *skb, 11637 struct genl_info *info) 11638 { 11639 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11640 struct net_device *dev = info->user_ptr[1]; 11641 struct wireless_dev *wdev = dev->ieee80211_ptr; 11642 struct cfg80211_chan_def chandef = {}; 11643 const u8 *addr; 11644 u8 oper_class; 11645 int err; 11646 11647 if (!rdev->ops->tdls_channel_switch || 11648 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 11649 return -EOPNOTSUPP; 11650 11651 switch (dev->ieee80211_ptr->iftype) { 11652 case NL80211_IFTYPE_STATION: 11653 case NL80211_IFTYPE_P2P_CLIENT: 11654 break; 11655 default: 11656 return -EOPNOTSUPP; 11657 } 11658 11659 if (!info->attrs[NL80211_ATTR_MAC] || 11660 !info->attrs[NL80211_ATTR_OPER_CLASS]) 11661 return -EINVAL; 11662 11663 err = nl80211_parse_chandef(rdev, info, &chandef); 11664 if (err) 11665 return err; 11666 11667 /* 11668 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012 11669 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the 11670 * specification is not defined for them. 11671 */ 11672 if (chandef.chan->band == NL80211_BAND_2GHZ && 11673 chandef.width != NL80211_CHAN_WIDTH_20_NOHT && 11674 chandef.width != NL80211_CHAN_WIDTH_20) 11675 return -EINVAL; 11676 11677 /* we will be active on the TDLS link */ 11678 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef, 11679 wdev->iftype)) 11680 return -EINVAL; 11681 11682 /* don't allow switching to DFS channels */ 11683 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype)) 11684 return -EINVAL; 11685 11686 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 11687 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]); 11688 11689 wdev_lock(wdev); 11690 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef); 11691 wdev_unlock(wdev); 11692 11693 return err; 11694 } 11695 11696 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb, 11697 struct genl_info *info) 11698 { 11699 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11700 struct net_device *dev = info->user_ptr[1]; 11701 struct wireless_dev *wdev = dev->ieee80211_ptr; 11702 const u8 *addr; 11703 11704 if (!rdev->ops->tdls_channel_switch || 11705 !rdev->ops->tdls_cancel_channel_switch || 11706 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 11707 return -EOPNOTSUPP; 11708 11709 switch (dev->ieee80211_ptr->iftype) { 11710 case NL80211_IFTYPE_STATION: 11711 case NL80211_IFTYPE_P2P_CLIENT: 11712 break; 11713 default: 11714 return -EOPNOTSUPP; 11715 } 11716 11717 if (!info->attrs[NL80211_ATTR_MAC]) 11718 return -EINVAL; 11719 11720 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 11721 11722 wdev_lock(wdev); 11723 rdev_tdls_cancel_channel_switch(rdev, dev, addr); 11724 wdev_unlock(wdev); 11725 11726 return 0; 11727 } 11728 11729 #define NL80211_FLAG_NEED_WIPHY 0x01 11730 #define NL80211_FLAG_NEED_NETDEV 0x02 11731 #define NL80211_FLAG_NEED_RTNL 0x04 11732 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 11733 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 11734 NL80211_FLAG_CHECK_NETDEV_UP) 11735 #define NL80211_FLAG_NEED_WDEV 0x10 11736 /* If a netdev is associated, it must be UP, P2P must be started */ 11737 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ 11738 NL80211_FLAG_CHECK_NETDEV_UP) 11739 #define NL80211_FLAG_CLEAR_SKB 0x20 11740 11741 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb, 11742 struct genl_info *info) 11743 { 11744 struct cfg80211_registered_device *rdev; 11745 struct wireless_dev *wdev; 11746 struct net_device *dev; 11747 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL; 11748 11749 if (rtnl) 11750 rtnl_lock(); 11751 11752 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) { 11753 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 11754 if (IS_ERR(rdev)) { 11755 if (rtnl) 11756 rtnl_unlock(); 11757 return PTR_ERR(rdev); 11758 } 11759 info->user_ptr[0] = rdev; 11760 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV || 11761 ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 11762 ASSERT_RTNL(); 11763 11764 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info), 11765 info->attrs); 11766 if (IS_ERR(wdev)) { 11767 if (rtnl) 11768 rtnl_unlock(); 11769 return PTR_ERR(wdev); 11770 } 11771 11772 dev = wdev->netdev; 11773 rdev = wiphy_to_rdev(wdev->wiphy); 11774 11775 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) { 11776 if (!dev) { 11777 if (rtnl) 11778 rtnl_unlock(); 11779 return -EINVAL; 11780 } 11781 11782 info->user_ptr[1] = dev; 11783 } else { 11784 info->user_ptr[1] = wdev; 11785 } 11786 11787 if (dev) { 11788 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 11789 !netif_running(dev)) { 11790 if (rtnl) 11791 rtnl_unlock(); 11792 return -ENETDOWN; 11793 } 11794 11795 dev_hold(dev); 11796 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) { 11797 if (wdev->iftype == NL80211_IFTYPE_P2P_DEVICE && 11798 !wdev->p2p_started) { 11799 if (rtnl) 11800 rtnl_unlock(); 11801 return -ENETDOWN; 11802 } 11803 if (wdev->iftype == NL80211_IFTYPE_NAN && 11804 !wdev->nan_started) { 11805 if (rtnl) 11806 rtnl_unlock(); 11807 return -ENETDOWN; 11808 } 11809 } 11810 11811 info->user_ptr[0] = rdev; 11812 } 11813 11814 return 0; 11815 } 11816 11817 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb, 11818 struct genl_info *info) 11819 { 11820 if (info->user_ptr[1]) { 11821 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 11822 struct wireless_dev *wdev = info->user_ptr[1]; 11823 11824 if (wdev->netdev) 11825 dev_put(wdev->netdev); 11826 } else { 11827 dev_put(info->user_ptr[1]); 11828 } 11829 } 11830 11831 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) 11832 rtnl_unlock(); 11833 11834 /* If needed, clear the netlink message payload from the SKB 11835 * as it might contain key data that shouldn't stick around on 11836 * the heap after the SKB is freed. The netlink message header 11837 * is still needed for further processing, so leave it intact. 11838 */ 11839 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) { 11840 struct nlmsghdr *nlh = nlmsg_hdr(skb); 11841 11842 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh)); 11843 } 11844 } 11845 11846 static const struct genl_ops nl80211_ops[] = { 11847 { 11848 .cmd = NL80211_CMD_GET_WIPHY, 11849 .doit = nl80211_get_wiphy, 11850 .dumpit = nl80211_dump_wiphy, 11851 .done = nl80211_dump_wiphy_done, 11852 .policy = nl80211_policy, 11853 /* can be retrieved by unprivileged users */ 11854 .internal_flags = NL80211_FLAG_NEED_WIPHY | 11855 NL80211_FLAG_NEED_RTNL, 11856 }, 11857 { 11858 .cmd = NL80211_CMD_SET_WIPHY, 11859 .doit = nl80211_set_wiphy, 11860 .policy = nl80211_policy, 11861 .flags = GENL_UNS_ADMIN_PERM, 11862 .internal_flags = NL80211_FLAG_NEED_RTNL, 11863 }, 11864 { 11865 .cmd = NL80211_CMD_GET_INTERFACE, 11866 .doit = nl80211_get_interface, 11867 .dumpit = nl80211_dump_interface, 11868 .policy = nl80211_policy, 11869 /* can be retrieved by unprivileged users */ 11870 .internal_flags = NL80211_FLAG_NEED_WDEV | 11871 NL80211_FLAG_NEED_RTNL, 11872 }, 11873 { 11874 .cmd = NL80211_CMD_SET_INTERFACE, 11875 .doit = nl80211_set_interface, 11876 .policy = nl80211_policy, 11877 .flags = GENL_UNS_ADMIN_PERM, 11878 .internal_flags = NL80211_FLAG_NEED_NETDEV | 11879 NL80211_FLAG_NEED_RTNL, 11880 }, 11881 { 11882 .cmd = NL80211_CMD_NEW_INTERFACE, 11883 .doit = nl80211_new_interface, 11884 .policy = nl80211_policy, 11885 .flags = GENL_UNS_ADMIN_PERM, 11886 .internal_flags = NL80211_FLAG_NEED_WIPHY | 11887 NL80211_FLAG_NEED_RTNL, 11888 }, 11889 { 11890 .cmd = NL80211_CMD_DEL_INTERFACE, 11891 .doit = nl80211_del_interface, 11892 .policy = nl80211_policy, 11893 .flags = GENL_UNS_ADMIN_PERM, 11894 .internal_flags = NL80211_FLAG_NEED_WDEV | 11895 NL80211_FLAG_NEED_RTNL, 11896 }, 11897 { 11898 .cmd = NL80211_CMD_GET_KEY, 11899 .doit = nl80211_get_key, 11900 .policy = nl80211_policy, 11901 .flags = GENL_UNS_ADMIN_PERM, 11902 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 11903 NL80211_FLAG_NEED_RTNL, 11904 }, 11905 { 11906 .cmd = NL80211_CMD_SET_KEY, 11907 .doit = nl80211_set_key, 11908 .policy = nl80211_policy, 11909 .flags = GENL_UNS_ADMIN_PERM, 11910 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 11911 NL80211_FLAG_NEED_RTNL | 11912 NL80211_FLAG_CLEAR_SKB, 11913 }, 11914 { 11915 .cmd = NL80211_CMD_NEW_KEY, 11916 .doit = nl80211_new_key, 11917 .policy = nl80211_policy, 11918 .flags = GENL_UNS_ADMIN_PERM, 11919 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 11920 NL80211_FLAG_NEED_RTNL | 11921 NL80211_FLAG_CLEAR_SKB, 11922 }, 11923 { 11924 .cmd = NL80211_CMD_DEL_KEY, 11925 .doit = nl80211_del_key, 11926 .policy = nl80211_policy, 11927 .flags = GENL_UNS_ADMIN_PERM, 11928 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 11929 NL80211_FLAG_NEED_RTNL, 11930 }, 11931 { 11932 .cmd = NL80211_CMD_SET_BEACON, 11933 .policy = nl80211_policy, 11934 .flags = GENL_UNS_ADMIN_PERM, 11935 .doit = nl80211_set_beacon, 11936 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 11937 NL80211_FLAG_NEED_RTNL, 11938 }, 11939 { 11940 .cmd = NL80211_CMD_START_AP, 11941 .policy = nl80211_policy, 11942 .flags = GENL_UNS_ADMIN_PERM, 11943 .doit = nl80211_start_ap, 11944 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 11945 NL80211_FLAG_NEED_RTNL, 11946 }, 11947 { 11948 .cmd = NL80211_CMD_STOP_AP, 11949 .policy = nl80211_policy, 11950 .flags = GENL_UNS_ADMIN_PERM, 11951 .doit = nl80211_stop_ap, 11952 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 11953 NL80211_FLAG_NEED_RTNL, 11954 }, 11955 { 11956 .cmd = NL80211_CMD_GET_STATION, 11957 .doit = nl80211_get_station, 11958 .dumpit = nl80211_dump_station, 11959 .policy = nl80211_policy, 11960 .internal_flags = NL80211_FLAG_NEED_NETDEV | 11961 NL80211_FLAG_NEED_RTNL, 11962 }, 11963 { 11964 .cmd = NL80211_CMD_SET_STATION, 11965 .doit = nl80211_set_station, 11966 .policy = nl80211_policy, 11967 .flags = GENL_UNS_ADMIN_PERM, 11968 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 11969 NL80211_FLAG_NEED_RTNL, 11970 }, 11971 { 11972 .cmd = NL80211_CMD_NEW_STATION, 11973 .doit = nl80211_new_station, 11974 .policy = nl80211_policy, 11975 .flags = GENL_UNS_ADMIN_PERM, 11976 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 11977 NL80211_FLAG_NEED_RTNL, 11978 }, 11979 { 11980 .cmd = NL80211_CMD_DEL_STATION, 11981 .doit = nl80211_del_station, 11982 .policy = nl80211_policy, 11983 .flags = GENL_UNS_ADMIN_PERM, 11984 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 11985 NL80211_FLAG_NEED_RTNL, 11986 }, 11987 { 11988 .cmd = NL80211_CMD_GET_MPATH, 11989 .doit = nl80211_get_mpath, 11990 .dumpit = nl80211_dump_mpath, 11991 .policy = nl80211_policy, 11992 .flags = GENL_UNS_ADMIN_PERM, 11993 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 11994 NL80211_FLAG_NEED_RTNL, 11995 }, 11996 { 11997 .cmd = NL80211_CMD_GET_MPP, 11998 .doit = nl80211_get_mpp, 11999 .dumpit = nl80211_dump_mpp, 12000 .policy = nl80211_policy, 12001 .flags = GENL_UNS_ADMIN_PERM, 12002 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12003 NL80211_FLAG_NEED_RTNL, 12004 }, 12005 { 12006 .cmd = NL80211_CMD_SET_MPATH, 12007 .doit = nl80211_set_mpath, 12008 .policy = nl80211_policy, 12009 .flags = GENL_UNS_ADMIN_PERM, 12010 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12011 NL80211_FLAG_NEED_RTNL, 12012 }, 12013 { 12014 .cmd = NL80211_CMD_NEW_MPATH, 12015 .doit = nl80211_new_mpath, 12016 .policy = nl80211_policy, 12017 .flags = GENL_UNS_ADMIN_PERM, 12018 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12019 NL80211_FLAG_NEED_RTNL, 12020 }, 12021 { 12022 .cmd = NL80211_CMD_DEL_MPATH, 12023 .doit = nl80211_del_mpath, 12024 .policy = nl80211_policy, 12025 .flags = GENL_UNS_ADMIN_PERM, 12026 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12027 NL80211_FLAG_NEED_RTNL, 12028 }, 12029 { 12030 .cmd = NL80211_CMD_SET_BSS, 12031 .doit = nl80211_set_bss, 12032 .policy = nl80211_policy, 12033 .flags = GENL_UNS_ADMIN_PERM, 12034 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12035 NL80211_FLAG_NEED_RTNL, 12036 }, 12037 { 12038 .cmd = NL80211_CMD_GET_REG, 12039 .doit = nl80211_get_reg_do, 12040 .dumpit = nl80211_get_reg_dump, 12041 .policy = nl80211_policy, 12042 .internal_flags = NL80211_FLAG_NEED_RTNL, 12043 /* can be retrieved by unprivileged users */ 12044 }, 12045 #ifdef CONFIG_CFG80211_CRDA_SUPPORT 12046 { 12047 .cmd = NL80211_CMD_SET_REG, 12048 .doit = nl80211_set_reg, 12049 .policy = nl80211_policy, 12050 .flags = GENL_ADMIN_PERM, 12051 .internal_flags = NL80211_FLAG_NEED_RTNL, 12052 }, 12053 #endif 12054 { 12055 .cmd = NL80211_CMD_REQ_SET_REG, 12056 .doit = nl80211_req_set_reg, 12057 .policy = nl80211_policy, 12058 .flags = GENL_ADMIN_PERM, 12059 }, 12060 { 12061 .cmd = NL80211_CMD_GET_MESH_CONFIG, 12062 .doit = nl80211_get_mesh_config, 12063 .policy = nl80211_policy, 12064 /* can be retrieved by unprivileged users */ 12065 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12066 NL80211_FLAG_NEED_RTNL, 12067 }, 12068 { 12069 .cmd = NL80211_CMD_SET_MESH_CONFIG, 12070 .doit = nl80211_update_mesh_config, 12071 .policy = nl80211_policy, 12072 .flags = GENL_UNS_ADMIN_PERM, 12073 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12074 NL80211_FLAG_NEED_RTNL, 12075 }, 12076 { 12077 .cmd = NL80211_CMD_TRIGGER_SCAN, 12078 .doit = nl80211_trigger_scan, 12079 .policy = nl80211_policy, 12080 .flags = GENL_UNS_ADMIN_PERM, 12081 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 12082 NL80211_FLAG_NEED_RTNL, 12083 }, 12084 { 12085 .cmd = NL80211_CMD_ABORT_SCAN, 12086 .doit = nl80211_abort_scan, 12087 .policy = nl80211_policy, 12088 .flags = GENL_UNS_ADMIN_PERM, 12089 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 12090 NL80211_FLAG_NEED_RTNL, 12091 }, 12092 { 12093 .cmd = NL80211_CMD_GET_SCAN, 12094 .policy = nl80211_policy, 12095 .dumpit = nl80211_dump_scan, 12096 }, 12097 { 12098 .cmd = NL80211_CMD_START_SCHED_SCAN, 12099 .doit = nl80211_start_sched_scan, 12100 .policy = nl80211_policy, 12101 .flags = GENL_UNS_ADMIN_PERM, 12102 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12103 NL80211_FLAG_NEED_RTNL, 12104 }, 12105 { 12106 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 12107 .doit = nl80211_stop_sched_scan, 12108 .policy = nl80211_policy, 12109 .flags = GENL_UNS_ADMIN_PERM, 12110 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12111 NL80211_FLAG_NEED_RTNL, 12112 }, 12113 { 12114 .cmd = NL80211_CMD_AUTHENTICATE, 12115 .doit = nl80211_authenticate, 12116 .policy = nl80211_policy, 12117 .flags = GENL_UNS_ADMIN_PERM, 12118 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12119 NL80211_FLAG_NEED_RTNL | 12120 NL80211_FLAG_CLEAR_SKB, 12121 }, 12122 { 12123 .cmd = NL80211_CMD_ASSOCIATE, 12124 .doit = nl80211_associate, 12125 .policy = nl80211_policy, 12126 .flags = GENL_UNS_ADMIN_PERM, 12127 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12128 NL80211_FLAG_NEED_RTNL, 12129 }, 12130 { 12131 .cmd = NL80211_CMD_DEAUTHENTICATE, 12132 .doit = nl80211_deauthenticate, 12133 .policy = nl80211_policy, 12134 .flags = GENL_UNS_ADMIN_PERM, 12135 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12136 NL80211_FLAG_NEED_RTNL, 12137 }, 12138 { 12139 .cmd = NL80211_CMD_DISASSOCIATE, 12140 .doit = nl80211_disassociate, 12141 .policy = nl80211_policy, 12142 .flags = GENL_UNS_ADMIN_PERM, 12143 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12144 NL80211_FLAG_NEED_RTNL, 12145 }, 12146 { 12147 .cmd = NL80211_CMD_JOIN_IBSS, 12148 .doit = nl80211_join_ibss, 12149 .policy = nl80211_policy, 12150 .flags = GENL_UNS_ADMIN_PERM, 12151 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12152 NL80211_FLAG_NEED_RTNL, 12153 }, 12154 { 12155 .cmd = NL80211_CMD_LEAVE_IBSS, 12156 .doit = nl80211_leave_ibss, 12157 .policy = nl80211_policy, 12158 .flags = GENL_UNS_ADMIN_PERM, 12159 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12160 NL80211_FLAG_NEED_RTNL, 12161 }, 12162 #ifdef CONFIG_NL80211_TESTMODE 12163 { 12164 .cmd = NL80211_CMD_TESTMODE, 12165 .doit = nl80211_testmode_do, 12166 .dumpit = nl80211_testmode_dump, 12167 .policy = nl80211_policy, 12168 .flags = GENL_UNS_ADMIN_PERM, 12169 .internal_flags = NL80211_FLAG_NEED_WIPHY | 12170 NL80211_FLAG_NEED_RTNL, 12171 }, 12172 #endif 12173 { 12174 .cmd = NL80211_CMD_CONNECT, 12175 .doit = nl80211_connect, 12176 .policy = nl80211_policy, 12177 .flags = GENL_UNS_ADMIN_PERM, 12178 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12179 NL80211_FLAG_NEED_RTNL, 12180 }, 12181 { 12182 .cmd = NL80211_CMD_DISCONNECT, 12183 .doit = nl80211_disconnect, 12184 .policy = nl80211_policy, 12185 .flags = GENL_UNS_ADMIN_PERM, 12186 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12187 NL80211_FLAG_NEED_RTNL, 12188 }, 12189 { 12190 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 12191 .doit = nl80211_wiphy_netns, 12192 .policy = nl80211_policy, 12193 .flags = GENL_UNS_ADMIN_PERM, 12194 .internal_flags = NL80211_FLAG_NEED_WIPHY | 12195 NL80211_FLAG_NEED_RTNL, 12196 }, 12197 { 12198 .cmd = NL80211_CMD_GET_SURVEY, 12199 .policy = nl80211_policy, 12200 .dumpit = nl80211_dump_survey, 12201 }, 12202 { 12203 .cmd = NL80211_CMD_SET_PMKSA, 12204 .doit = nl80211_setdel_pmksa, 12205 .policy = nl80211_policy, 12206 .flags = GENL_UNS_ADMIN_PERM, 12207 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12208 NL80211_FLAG_NEED_RTNL, 12209 }, 12210 { 12211 .cmd = NL80211_CMD_DEL_PMKSA, 12212 .doit = nl80211_setdel_pmksa, 12213 .policy = nl80211_policy, 12214 .flags = GENL_UNS_ADMIN_PERM, 12215 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12216 NL80211_FLAG_NEED_RTNL, 12217 }, 12218 { 12219 .cmd = NL80211_CMD_FLUSH_PMKSA, 12220 .doit = nl80211_flush_pmksa, 12221 .policy = nl80211_policy, 12222 .flags = GENL_UNS_ADMIN_PERM, 12223 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12224 NL80211_FLAG_NEED_RTNL, 12225 }, 12226 { 12227 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 12228 .doit = nl80211_remain_on_channel, 12229 .policy = nl80211_policy, 12230 .flags = GENL_UNS_ADMIN_PERM, 12231 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 12232 NL80211_FLAG_NEED_RTNL, 12233 }, 12234 { 12235 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 12236 .doit = nl80211_cancel_remain_on_channel, 12237 .policy = nl80211_policy, 12238 .flags = GENL_UNS_ADMIN_PERM, 12239 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 12240 NL80211_FLAG_NEED_RTNL, 12241 }, 12242 { 12243 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 12244 .doit = nl80211_set_tx_bitrate_mask, 12245 .policy = nl80211_policy, 12246 .flags = GENL_UNS_ADMIN_PERM, 12247 .internal_flags = NL80211_FLAG_NEED_NETDEV | 12248 NL80211_FLAG_NEED_RTNL, 12249 }, 12250 { 12251 .cmd = NL80211_CMD_REGISTER_FRAME, 12252 .doit = nl80211_register_mgmt, 12253 .policy = nl80211_policy, 12254 .flags = GENL_UNS_ADMIN_PERM, 12255 .internal_flags = NL80211_FLAG_NEED_WDEV | 12256 NL80211_FLAG_NEED_RTNL, 12257 }, 12258 { 12259 .cmd = NL80211_CMD_FRAME, 12260 .doit = nl80211_tx_mgmt, 12261 .policy = nl80211_policy, 12262 .flags = GENL_UNS_ADMIN_PERM, 12263 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 12264 NL80211_FLAG_NEED_RTNL, 12265 }, 12266 { 12267 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 12268 .doit = nl80211_tx_mgmt_cancel_wait, 12269 .policy = nl80211_policy, 12270 .flags = GENL_UNS_ADMIN_PERM, 12271 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 12272 NL80211_FLAG_NEED_RTNL, 12273 }, 12274 { 12275 .cmd = NL80211_CMD_SET_POWER_SAVE, 12276 .doit = nl80211_set_power_save, 12277 .policy = nl80211_policy, 12278 .flags = GENL_UNS_ADMIN_PERM, 12279 .internal_flags = NL80211_FLAG_NEED_NETDEV | 12280 NL80211_FLAG_NEED_RTNL, 12281 }, 12282 { 12283 .cmd = NL80211_CMD_GET_POWER_SAVE, 12284 .doit = nl80211_get_power_save, 12285 .policy = nl80211_policy, 12286 /* can be retrieved by unprivileged users */ 12287 .internal_flags = NL80211_FLAG_NEED_NETDEV | 12288 NL80211_FLAG_NEED_RTNL, 12289 }, 12290 { 12291 .cmd = NL80211_CMD_SET_CQM, 12292 .doit = nl80211_set_cqm, 12293 .policy = nl80211_policy, 12294 .flags = GENL_UNS_ADMIN_PERM, 12295 .internal_flags = NL80211_FLAG_NEED_NETDEV | 12296 NL80211_FLAG_NEED_RTNL, 12297 }, 12298 { 12299 .cmd = NL80211_CMD_SET_CHANNEL, 12300 .doit = nl80211_set_channel, 12301 .policy = nl80211_policy, 12302 .flags = GENL_UNS_ADMIN_PERM, 12303 .internal_flags = NL80211_FLAG_NEED_NETDEV | 12304 NL80211_FLAG_NEED_RTNL, 12305 }, 12306 { 12307 .cmd = NL80211_CMD_SET_WDS_PEER, 12308 .doit = nl80211_set_wds_peer, 12309 .policy = nl80211_policy, 12310 .flags = GENL_UNS_ADMIN_PERM, 12311 .internal_flags = NL80211_FLAG_NEED_NETDEV | 12312 NL80211_FLAG_NEED_RTNL, 12313 }, 12314 { 12315 .cmd = NL80211_CMD_JOIN_MESH, 12316 .doit = nl80211_join_mesh, 12317 .policy = nl80211_policy, 12318 .flags = GENL_UNS_ADMIN_PERM, 12319 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12320 NL80211_FLAG_NEED_RTNL, 12321 }, 12322 { 12323 .cmd = NL80211_CMD_LEAVE_MESH, 12324 .doit = nl80211_leave_mesh, 12325 .policy = nl80211_policy, 12326 .flags = GENL_UNS_ADMIN_PERM, 12327 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12328 NL80211_FLAG_NEED_RTNL, 12329 }, 12330 { 12331 .cmd = NL80211_CMD_JOIN_OCB, 12332 .doit = nl80211_join_ocb, 12333 .policy = nl80211_policy, 12334 .flags = GENL_UNS_ADMIN_PERM, 12335 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12336 NL80211_FLAG_NEED_RTNL, 12337 }, 12338 { 12339 .cmd = NL80211_CMD_LEAVE_OCB, 12340 .doit = nl80211_leave_ocb, 12341 .policy = nl80211_policy, 12342 .flags = GENL_UNS_ADMIN_PERM, 12343 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12344 NL80211_FLAG_NEED_RTNL, 12345 }, 12346 #ifdef CONFIG_PM 12347 { 12348 .cmd = NL80211_CMD_GET_WOWLAN, 12349 .doit = nl80211_get_wowlan, 12350 .policy = nl80211_policy, 12351 /* can be retrieved by unprivileged users */ 12352 .internal_flags = NL80211_FLAG_NEED_WIPHY | 12353 NL80211_FLAG_NEED_RTNL, 12354 }, 12355 { 12356 .cmd = NL80211_CMD_SET_WOWLAN, 12357 .doit = nl80211_set_wowlan, 12358 .policy = nl80211_policy, 12359 .flags = GENL_UNS_ADMIN_PERM, 12360 .internal_flags = NL80211_FLAG_NEED_WIPHY | 12361 NL80211_FLAG_NEED_RTNL, 12362 }, 12363 #endif 12364 { 12365 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 12366 .doit = nl80211_set_rekey_data, 12367 .policy = nl80211_policy, 12368 .flags = GENL_UNS_ADMIN_PERM, 12369 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12370 NL80211_FLAG_NEED_RTNL | 12371 NL80211_FLAG_CLEAR_SKB, 12372 }, 12373 { 12374 .cmd = NL80211_CMD_TDLS_MGMT, 12375 .doit = nl80211_tdls_mgmt, 12376 .policy = nl80211_policy, 12377 .flags = GENL_UNS_ADMIN_PERM, 12378 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12379 NL80211_FLAG_NEED_RTNL, 12380 }, 12381 { 12382 .cmd = NL80211_CMD_TDLS_OPER, 12383 .doit = nl80211_tdls_oper, 12384 .policy = nl80211_policy, 12385 .flags = GENL_UNS_ADMIN_PERM, 12386 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12387 NL80211_FLAG_NEED_RTNL, 12388 }, 12389 { 12390 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 12391 .doit = nl80211_register_unexpected_frame, 12392 .policy = nl80211_policy, 12393 .flags = GENL_UNS_ADMIN_PERM, 12394 .internal_flags = NL80211_FLAG_NEED_NETDEV | 12395 NL80211_FLAG_NEED_RTNL, 12396 }, 12397 { 12398 .cmd = NL80211_CMD_PROBE_CLIENT, 12399 .doit = nl80211_probe_client, 12400 .policy = nl80211_policy, 12401 .flags = GENL_UNS_ADMIN_PERM, 12402 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12403 NL80211_FLAG_NEED_RTNL, 12404 }, 12405 { 12406 .cmd = NL80211_CMD_REGISTER_BEACONS, 12407 .doit = nl80211_register_beacons, 12408 .policy = nl80211_policy, 12409 .flags = GENL_UNS_ADMIN_PERM, 12410 .internal_flags = NL80211_FLAG_NEED_WIPHY | 12411 NL80211_FLAG_NEED_RTNL, 12412 }, 12413 { 12414 .cmd = NL80211_CMD_SET_NOACK_MAP, 12415 .doit = nl80211_set_noack_map, 12416 .policy = nl80211_policy, 12417 .flags = GENL_UNS_ADMIN_PERM, 12418 .internal_flags = NL80211_FLAG_NEED_NETDEV | 12419 NL80211_FLAG_NEED_RTNL, 12420 }, 12421 { 12422 .cmd = NL80211_CMD_START_P2P_DEVICE, 12423 .doit = nl80211_start_p2p_device, 12424 .policy = nl80211_policy, 12425 .flags = GENL_UNS_ADMIN_PERM, 12426 .internal_flags = NL80211_FLAG_NEED_WDEV | 12427 NL80211_FLAG_NEED_RTNL, 12428 }, 12429 { 12430 .cmd = NL80211_CMD_STOP_P2P_DEVICE, 12431 .doit = nl80211_stop_p2p_device, 12432 .policy = nl80211_policy, 12433 .flags = GENL_UNS_ADMIN_PERM, 12434 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 12435 NL80211_FLAG_NEED_RTNL, 12436 }, 12437 { 12438 .cmd = NL80211_CMD_START_NAN, 12439 .doit = nl80211_start_nan, 12440 .policy = nl80211_policy, 12441 .flags = GENL_ADMIN_PERM, 12442 .internal_flags = NL80211_FLAG_NEED_WDEV | 12443 NL80211_FLAG_NEED_RTNL, 12444 }, 12445 { 12446 .cmd = NL80211_CMD_STOP_NAN, 12447 .doit = nl80211_stop_nan, 12448 .policy = nl80211_policy, 12449 .flags = GENL_ADMIN_PERM, 12450 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 12451 NL80211_FLAG_NEED_RTNL, 12452 }, 12453 { 12454 .cmd = NL80211_CMD_ADD_NAN_FUNCTION, 12455 .doit = nl80211_nan_add_func, 12456 .policy = nl80211_policy, 12457 .flags = GENL_ADMIN_PERM, 12458 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 12459 NL80211_FLAG_NEED_RTNL, 12460 }, 12461 { 12462 .cmd = NL80211_CMD_DEL_NAN_FUNCTION, 12463 .doit = nl80211_nan_del_func, 12464 .policy = nl80211_policy, 12465 .flags = GENL_ADMIN_PERM, 12466 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 12467 NL80211_FLAG_NEED_RTNL, 12468 }, 12469 { 12470 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG, 12471 .doit = nl80211_nan_change_config, 12472 .policy = nl80211_policy, 12473 .flags = GENL_ADMIN_PERM, 12474 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 12475 NL80211_FLAG_NEED_RTNL, 12476 }, 12477 { 12478 .cmd = NL80211_CMD_SET_MCAST_RATE, 12479 .doit = nl80211_set_mcast_rate, 12480 .policy = nl80211_policy, 12481 .flags = GENL_UNS_ADMIN_PERM, 12482 .internal_flags = NL80211_FLAG_NEED_NETDEV | 12483 NL80211_FLAG_NEED_RTNL, 12484 }, 12485 { 12486 .cmd = NL80211_CMD_SET_MAC_ACL, 12487 .doit = nl80211_set_mac_acl, 12488 .policy = nl80211_policy, 12489 .flags = GENL_UNS_ADMIN_PERM, 12490 .internal_flags = NL80211_FLAG_NEED_NETDEV | 12491 NL80211_FLAG_NEED_RTNL, 12492 }, 12493 { 12494 .cmd = NL80211_CMD_RADAR_DETECT, 12495 .doit = nl80211_start_radar_detection, 12496 .policy = nl80211_policy, 12497 .flags = GENL_UNS_ADMIN_PERM, 12498 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12499 NL80211_FLAG_NEED_RTNL, 12500 }, 12501 { 12502 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES, 12503 .doit = nl80211_get_protocol_features, 12504 .policy = nl80211_policy, 12505 }, 12506 { 12507 .cmd = NL80211_CMD_UPDATE_FT_IES, 12508 .doit = nl80211_update_ft_ies, 12509 .policy = nl80211_policy, 12510 .flags = GENL_UNS_ADMIN_PERM, 12511 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12512 NL80211_FLAG_NEED_RTNL, 12513 }, 12514 { 12515 .cmd = NL80211_CMD_CRIT_PROTOCOL_START, 12516 .doit = nl80211_crit_protocol_start, 12517 .policy = nl80211_policy, 12518 .flags = GENL_UNS_ADMIN_PERM, 12519 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 12520 NL80211_FLAG_NEED_RTNL, 12521 }, 12522 { 12523 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP, 12524 .doit = nl80211_crit_protocol_stop, 12525 .policy = nl80211_policy, 12526 .flags = GENL_UNS_ADMIN_PERM, 12527 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 12528 NL80211_FLAG_NEED_RTNL, 12529 }, 12530 { 12531 .cmd = NL80211_CMD_GET_COALESCE, 12532 .doit = nl80211_get_coalesce, 12533 .policy = nl80211_policy, 12534 .internal_flags = NL80211_FLAG_NEED_WIPHY | 12535 NL80211_FLAG_NEED_RTNL, 12536 }, 12537 { 12538 .cmd = NL80211_CMD_SET_COALESCE, 12539 .doit = nl80211_set_coalesce, 12540 .policy = nl80211_policy, 12541 .flags = GENL_UNS_ADMIN_PERM, 12542 .internal_flags = NL80211_FLAG_NEED_WIPHY | 12543 NL80211_FLAG_NEED_RTNL, 12544 }, 12545 { 12546 .cmd = NL80211_CMD_CHANNEL_SWITCH, 12547 .doit = nl80211_channel_switch, 12548 .policy = nl80211_policy, 12549 .flags = GENL_UNS_ADMIN_PERM, 12550 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12551 NL80211_FLAG_NEED_RTNL, 12552 }, 12553 { 12554 .cmd = NL80211_CMD_VENDOR, 12555 .doit = nl80211_vendor_cmd, 12556 .dumpit = nl80211_vendor_cmd_dump, 12557 .policy = nl80211_policy, 12558 .flags = GENL_UNS_ADMIN_PERM, 12559 .internal_flags = NL80211_FLAG_NEED_WIPHY | 12560 NL80211_FLAG_NEED_RTNL, 12561 }, 12562 { 12563 .cmd = NL80211_CMD_SET_QOS_MAP, 12564 .doit = nl80211_set_qos_map, 12565 .policy = nl80211_policy, 12566 .flags = GENL_UNS_ADMIN_PERM, 12567 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12568 NL80211_FLAG_NEED_RTNL, 12569 }, 12570 { 12571 .cmd = NL80211_CMD_ADD_TX_TS, 12572 .doit = nl80211_add_tx_ts, 12573 .policy = nl80211_policy, 12574 .flags = GENL_UNS_ADMIN_PERM, 12575 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12576 NL80211_FLAG_NEED_RTNL, 12577 }, 12578 { 12579 .cmd = NL80211_CMD_DEL_TX_TS, 12580 .doit = nl80211_del_tx_ts, 12581 .policy = nl80211_policy, 12582 .flags = GENL_UNS_ADMIN_PERM, 12583 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12584 NL80211_FLAG_NEED_RTNL, 12585 }, 12586 { 12587 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH, 12588 .doit = nl80211_tdls_channel_switch, 12589 .policy = nl80211_policy, 12590 .flags = GENL_UNS_ADMIN_PERM, 12591 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12592 NL80211_FLAG_NEED_RTNL, 12593 }, 12594 { 12595 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH, 12596 .doit = nl80211_tdls_cancel_channel_switch, 12597 .policy = nl80211_policy, 12598 .flags = GENL_UNS_ADMIN_PERM, 12599 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 12600 NL80211_FLAG_NEED_RTNL, 12601 }, 12602 }; 12603 12604 /* notification functions */ 12605 12606 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev, 12607 enum nl80211_commands cmd) 12608 { 12609 struct sk_buff *msg; 12610 struct nl80211_dump_wiphy_state state = {}; 12611 12612 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY && 12613 cmd != NL80211_CMD_DEL_WIPHY); 12614 12615 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12616 if (!msg) 12617 return; 12618 12619 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) { 12620 nlmsg_free(msg); 12621 return; 12622 } 12623 12624 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 12625 NL80211_MCGRP_CONFIG, GFP_KERNEL); 12626 } 12627 12628 void nl80211_notify_iface(struct cfg80211_registered_device *rdev, 12629 struct wireless_dev *wdev, 12630 enum nl80211_commands cmd) 12631 { 12632 struct sk_buff *msg; 12633 12634 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE && 12635 cmd != NL80211_CMD_DEL_INTERFACE); 12636 12637 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12638 if (!msg) 12639 return; 12640 12641 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, 12642 cmd == NL80211_CMD_DEL_INTERFACE) < 0) { 12643 nlmsg_free(msg); 12644 return; 12645 } 12646 12647 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 12648 NL80211_MCGRP_CONFIG, GFP_KERNEL); 12649 } 12650 12651 static int nl80211_add_scan_req(struct sk_buff *msg, 12652 struct cfg80211_registered_device *rdev) 12653 { 12654 struct cfg80211_scan_request *req = rdev->scan_req; 12655 struct nlattr *nest; 12656 int i; 12657 12658 if (WARN_ON(!req)) 12659 return 0; 12660 12661 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 12662 if (!nest) 12663 goto nla_put_failure; 12664 for (i = 0; i < req->n_ssids; i++) { 12665 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid)) 12666 goto nla_put_failure; 12667 } 12668 nla_nest_end(msg, nest); 12669 12670 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 12671 if (!nest) 12672 goto nla_put_failure; 12673 for (i = 0; i < req->n_channels; i++) { 12674 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 12675 goto nla_put_failure; 12676 } 12677 nla_nest_end(msg, nest); 12678 12679 if (req->ie && 12680 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie)) 12681 goto nla_put_failure; 12682 12683 if (req->flags && 12684 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags)) 12685 goto nla_put_failure; 12686 12687 if (req->info.scan_start_tsf && 12688 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF, 12689 req->info.scan_start_tsf, NL80211_BSS_PAD) || 12690 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN, 12691 req->info.tsf_bssid))) 12692 goto nla_put_failure; 12693 12694 return 0; 12695 nla_put_failure: 12696 return -ENOBUFS; 12697 } 12698 12699 static int nl80211_send_scan_msg(struct sk_buff *msg, 12700 struct cfg80211_registered_device *rdev, 12701 struct wireless_dev *wdev, 12702 u32 portid, u32 seq, int flags, 12703 u32 cmd) 12704 { 12705 void *hdr; 12706 12707 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 12708 if (!hdr) 12709 return -1; 12710 12711 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 12712 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 12713 wdev->netdev->ifindex)) || 12714 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 12715 NL80211_ATTR_PAD)) 12716 goto nla_put_failure; 12717 12718 /* ignore errors and send incomplete event anyway */ 12719 nl80211_add_scan_req(msg, rdev); 12720 12721 genlmsg_end(msg, hdr); 12722 return 0; 12723 12724 nla_put_failure: 12725 genlmsg_cancel(msg, hdr); 12726 return -EMSGSIZE; 12727 } 12728 12729 static int 12730 nl80211_send_sched_scan_msg(struct sk_buff *msg, 12731 struct cfg80211_registered_device *rdev, 12732 struct net_device *netdev, 12733 u32 portid, u32 seq, int flags, u32 cmd) 12734 { 12735 void *hdr; 12736 12737 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 12738 if (!hdr) 12739 return -1; 12740 12741 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 12742 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 12743 goto nla_put_failure; 12744 12745 genlmsg_end(msg, hdr); 12746 return 0; 12747 12748 nla_put_failure: 12749 genlmsg_cancel(msg, hdr); 12750 return -EMSGSIZE; 12751 } 12752 12753 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 12754 struct wireless_dev *wdev) 12755 { 12756 struct sk_buff *msg; 12757 12758 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12759 if (!msg) 12760 return; 12761 12762 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 12763 NL80211_CMD_TRIGGER_SCAN) < 0) { 12764 nlmsg_free(msg); 12765 return; 12766 } 12767 12768 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 12769 NL80211_MCGRP_SCAN, GFP_KERNEL); 12770 } 12771 12772 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev, 12773 struct wireless_dev *wdev, bool aborted) 12774 { 12775 struct sk_buff *msg; 12776 12777 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12778 if (!msg) 12779 return NULL; 12780 12781 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 12782 aborted ? NL80211_CMD_SCAN_ABORTED : 12783 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 12784 nlmsg_free(msg); 12785 return NULL; 12786 } 12787 12788 return msg; 12789 } 12790 12791 void nl80211_send_scan_result(struct cfg80211_registered_device *rdev, 12792 struct sk_buff *msg) 12793 { 12794 if (!msg) 12795 return; 12796 12797 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 12798 NL80211_MCGRP_SCAN, GFP_KERNEL); 12799 } 12800 12801 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, 12802 struct net_device *netdev) 12803 { 12804 struct sk_buff *msg; 12805 12806 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12807 if (!msg) 12808 return; 12809 12810 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, 12811 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) { 12812 nlmsg_free(msg); 12813 return; 12814 } 12815 12816 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 12817 NL80211_MCGRP_SCAN, GFP_KERNEL); 12818 } 12819 12820 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, 12821 struct net_device *netdev, u32 cmd) 12822 { 12823 struct sk_buff *msg; 12824 12825 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12826 if (!msg) 12827 return; 12828 12829 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) { 12830 nlmsg_free(msg); 12831 return; 12832 } 12833 12834 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 12835 NL80211_MCGRP_SCAN, GFP_KERNEL); 12836 } 12837 12838 static bool nl80211_reg_change_event_fill(struct sk_buff *msg, 12839 struct regulatory_request *request) 12840 { 12841 /* Userspace can always count this one always being set */ 12842 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator)) 12843 goto nla_put_failure; 12844 12845 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') { 12846 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 12847 NL80211_REGDOM_TYPE_WORLD)) 12848 goto nla_put_failure; 12849 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') { 12850 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 12851 NL80211_REGDOM_TYPE_CUSTOM_WORLD)) 12852 goto nla_put_failure; 12853 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 12854 request->intersect) { 12855 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 12856 NL80211_REGDOM_TYPE_INTERSECTION)) 12857 goto nla_put_failure; 12858 } else { 12859 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 12860 NL80211_REGDOM_TYPE_COUNTRY) || 12861 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 12862 request->alpha2)) 12863 goto nla_put_failure; 12864 } 12865 12866 if (request->wiphy_idx != WIPHY_IDX_INVALID) { 12867 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx); 12868 12869 if (wiphy && 12870 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx)) 12871 goto nla_put_failure; 12872 12873 if (wiphy && 12874 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 12875 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 12876 goto nla_put_failure; 12877 } 12878 12879 return true; 12880 12881 nla_put_failure: 12882 return false; 12883 } 12884 12885 /* 12886 * This can happen on global regulatory changes or device specific settings 12887 * based on custom regulatory domains. 12888 */ 12889 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id, 12890 struct regulatory_request *request) 12891 { 12892 struct sk_buff *msg; 12893 void *hdr; 12894 12895 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12896 if (!msg) 12897 return; 12898 12899 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id); 12900 if (!hdr) { 12901 nlmsg_free(msg); 12902 return; 12903 } 12904 12905 if (nl80211_reg_change_event_fill(msg, request) == false) 12906 goto nla_put_failure; 12907 12908 genlmsg_end(msg, hdr); 12909 12910 rcu_read_lock(); 12911 genlmsg_multicast_allns(&nl80211_fam, msg, 0, 12912 NL80211_MCGRP_REGULATORY, GFP_ATOMIC); 12913 rcu_read_unlock(); 12914 12915 return; 12916 12917 nla_put_failure: 12918 genlmsg_cancel(msg, hdr); 12919 nlmsg_free(msg); 12920 } 12921 12922 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 12923 struct net_device *netdev, 12924 const u8 *buf, size_t len, 12925 enum nl80211_commands cmd, gfp_t gfp, 12926 int uapsd_queues) 12927 { 12928 struct sk_buff *msg; 12929 void *hdr; 12930 12931 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 12932 if (!msg) 12933 return; 12934 12935 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 12936 if (!hdr) { 12937 nlmsg_free(msg); 12938 return; 12939 } 12940 12941 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 12942 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 12943 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 12944 goto nla_put_failure; 12945 12946 if (uapsd_queues >= 0) { 12947 struct nlattr *nla_wmm = 12948 nla_nest_start(msg, NL80211_ATTR_STA_WME); 12949 if (!nla_wmm) 12950 goto nla_put_failure; 12951 12952 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES, 12953 uapsd_queues)) 12954 goto nla_put_failure; 12955 12956 nla_nest_end(msg, nla_wmm); 12957 } 12958 12959 genlmsg_end(msg, hdr); 12960 12961 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 12962 NL80211_MCGRP_MLME, gfp); 12963 return; 12964 12965 nla_put_failure: 12966 genlmsg_cancel(msg, hdr); 12967 nlmsg_free(msg); 12968 } 12969 12970 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 12971 struct net_device *netdev, const u8 *buf, 12972 size_t len, gfp_t gfp) 12973 { 12974 nl80211_send_mlme_event(rdev, netdev, buf, len, 12975 NL80211_CMD_AUTHENTICATE, gfp, -1); 12976 } 12977 12978 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 12979 struct net_device *netdev, const u8 *buf, 12980 size_t len, gfp_t gfp, int uapsd_queues) 12981 { 12982 nl80211_send_mlme_event(rdev, netdev, buf, len, 12983 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues); 12984 } 12985 12986 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 12987 struct net_device *netdev, const u8 *buf, 12988 size_t len, gfp_t gfp) 12989 { 12990 nl80211_send_mlme_event(rdev, netdev, buf, len, 12991 NL80211_CMD_DEAUTHENTICATE, gfp, -1); 12992 } 12993 12994 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 12995 struct net_device *netdev, const u8 *buf, 12996 size_t len, gfp_t gfp) 12997 { 12998 nl80211_send_mlme_event(rdev, netdev, buf, len, 12999 NL80211_CMD_DISASSOCIATE, gfp, -1); 13000 } 13001 13002 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf, 13003 size_t len) 13004 { 13005 struct wireless_dev *wdev = dev->ieee80211_ptr; 13006 struct wiphy *wiphy = wdev->wiphy; 13007 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 13008 const struct ieee80211_mgmt *mgmt = (void *)buf; 13009 u32 cmd; 13010 13011 if (WARN_ON(len < 2)) 13012 return; 13013 13014 if (ieee80211_is_deauth(mgmt->frame_control)) 13015 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE; 13016 else 13017 cmd = NL80211_CMD_UNPROT_DISASSOCIATE; 13018 13019 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len); 13020 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1); 13021 } 13022 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt); 13023 13024 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 13025 struct net_device *netdev, int cmd, 13026 const u8 *addr, gfp_t gfp) 13027 { 13028 struct sk_buff *msg; 13029 void *hdr; 13030 13031 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13032 if (!msg) 13033 return; 13034 13035 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 13036 if (!hdr) { 13037 nlmsg_free(msg); 13038 return; 13039 } 13040 13041 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13042 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 13043 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 13044 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 13045 goto nla_put_failure; 13046 13047 genlmsg_end(msg, hdr); 13048 13049 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13050 NL80211_MCGRP_MLME, gfp); 13051 return; 13052 13053 nla_put_failure: 13054 genlmsg_cancel(msg, hdr); 13055 nlmsg_free(msg); 13056 } 13057 13058 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 13059 struct net_device *netdev, const u8 *addr, 13060 gfp_t gfp) 13061 { 13062 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 13063 addr, gfp); 13064 } 13065 13066 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 13067 struct net_device *netdev, const u8 *addr, 13068 gfp_t gfp) 13069 { 13070 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 13071 addr, gfp); 13072 } 13073 13074 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 13075 struct net_device *netdev, const u8 *bssid, 13076 const u8 *req_ie, size_t req_ie_len, 13077 const u8 *resp_ie, size_t resp_ie_len, 13078 int status, gfp_t gfp) 13079 { 13080 struct sk_buff *msg; 13081 void *hdr; 13082 13083 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13084 if (!msg) 13085 return; 13086 13087 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 13088 if (!hdr) { 13089 nlmsg_free(msg); 13090 return; 13091 } 13092 13093 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13094 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 13095 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) || 13096 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, 13097 status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE : 13098 status) || 13099 (status < 0 && nla_put_flag(msg, NL80211_ATTR_TIMED_OUT)) || 13100 (req_ie && 13101 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 13102 (resp_ie && 13103 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 13104 goto nla_put_failure; 13105 13106 genlmsg_end(msg, hdr); 13107 13108 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13109 NL80211_MCGRP_MLME, gfp); 13110 return; 13111 13112 nla_put_failure: 13113 genlmsg_cancel(msg, hdr); 13114 nlmsg_free(msg); 13115 } 13116 13117 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 13118 struct net_device *netdev, const u8 *bssid, 13119 const u8 *req_ie, size_t req_ie_len, 13120 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 13121 { 13122 struct sk_buff *msg; 13123 void *hdr; 13124 13125 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13126 if (!msg) 13127 return; 13128 13129 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 13130 if (!hdr) { 13131 nlmsg_free(msg); 13132 return; 13133 } 13134 13135 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13136 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 13137 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) || 13138 (req_ie && 13139 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 13140 (resp_ie && 13141 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 13142 goto nla_put_failure; 13143 13144 genlmsg_end(msg, hdr); 13145 13146 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13147 NL80211_MCGRP_MLME, gfp); 13148 return; 13149 13150 nla_put_failure: 13151 genlmsg_cancel(msg, hdr); 13152 nlmsg_free(msg); 13153 } 13154 13155 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 13156 struct net_device *netdev, u16 reason, 13157 const u8 *ie, size_t ie_len, bool from_ap) 13158 { 13159 struct sk_buff *msg; 13160 void *hdr; 13161 13162 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 13163 if (!msg) 13164 return; 13165 13166 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 13167 if (!hdr) { 13168 nlmsg_free(msg); 13169 return; 13170 } 13171 13172 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13173 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 13174 (from_ap && reason && 13175 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) || 13176 (from_ap && 13177 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) || 13178 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) 13179 goto nla_put_failure; 13180 13181 genlmsg_end(msg, hdr); 13182 13183 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13184 NL80211_MCGRP_MLME, GFP_KERNEL); 13185 return; 13186 13187 nla_put_failure: 13188 genlmsg_cancel(msg, hdr); 13189 nlmsg_free(msg); 13190 } 13191 13192 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 13193 struct net_device *netdev, const u8 *bssid, 13194 gfp_t gfp) 13195 { 13196 struct sk_buff *msg; 13197 void *hdr; 13198 13199 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13200 if (!msg) 13201 return; 13202 13203 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 13204 if (!hdr) { 13205 nlmsg_free(msg); 13206 return; 13207 } 13208 13209 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13210 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 13211 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 13212 goto nla_put_failure; 13213 13214 genlmsg_end(msg, hdr); 13215 13216 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13217 NL80211_MCGRP_MLME, gfp); 13218 return; 13219 13220 nla_put_failure: 13221 genlmsg_cancel(msg, hdr); 13222 nlmsg_free(msg); 13223 } 13224 13225 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr, 13226 const u8* ie, u8 ie_len, gfp_t gfp) 13227 { 13228 struct wireless_dev *wdev = dev->ieee80211_ptr; 13229 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 13230 struct sk_buff *msg; 13231 void *hdr; 13232 13233 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT)) 13234 return; 13235 13236 trace_cfg80211_notify_new_peer_candidate(dev, addr); 13237 13238 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13239 if (!msg) 13240 return; 13241 13242 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 13243 if (!hdr) { 13244 nlmsg_free(msg); 13245 return; 13246 } 13247 13248 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13249 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 13250 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 13251 (ie_len && ie && 13252 nla_put(msg, NL80211_ATTR_IE, ie_len , ie))) 13253 goto nla_put_failure; 13254 13255 genlmsg_end(msg, hdr); 13256 13257 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13258 NL80211_MCGRP_MLME, gfp); 13259 return; 13260 13261 nla_put_failure: 13262 genlmsg_cancel(msg, hdr); 13263 nlmsg_free(msg); 13264 } 13265 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate); 13266 13267 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 13268 struct net_device *netdev, const u8 *addr, 13269 enum nl80211_key_type key_type, int key_id, 13270 const u8 *tsc, gfp_t gfp) 13271 { 13272 struct sk_buff *msg; 13273 void *hdr; 13274 13275 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13276 if (!msg) 13277 return; 13278 13279 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 13280 if (!hdr) { 13281 nlmsg_free(msg); 13282 return; 13283 } 13284 13285 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13286 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 13287 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) || 13288 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) || 13289 (key_id != -1 && 13290 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) || 13291 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc))) 13292 goto nla_put_failure; 13293 13294 genlmsg_end(msg, hdr); 13295 13296 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13297 NL80211_MCGRP_MLME, gfp); 13298 return; 13299 13300 nla_put_failure: 13301 genlmsg_cancel(msg, hdr); 13302 nlmsg_free(msg); 13303 } 13304 13305 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 13306 struct ieee80211_channel *channel_before, 13307 struct ieee80211_channel *channel_after) 13308 { 13309 struct sk_buff *msg; 13310 void *hdr; 13311 struct nlattr *nl_freq; 13312 13313 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 13314 if (!msg) 13315 return; 13316 13317 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 13318 if (!hdr) { 13319 nlmsg_free(msg); 13320 return; 13321 } 13322 13323 /* 13324 * Since we are applying the beacon hint to a wiphy we know its 13325 * wiphy_idx is valid 13326 */ 13327 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 13328 goto nla_put_failure; 13329 13330 /* Before */ 13331 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 13332 if (!nl_freq) 13333 goto nla_put_failure; 13334 if (nl80211_msg_put_channel(msg, channel_before, false)) 13335 goto nla_put_failure; 13336 nla_nest_end(msg, nl_freq); 13337 13338 /* After */ 13339 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 13340 if (!nl_freq) 13341 goto nla_put_failure; 13342 if (nl80211_msg_put_channel(msg, channel_after, false)) 13343 goto nla_put_failure; 13344 nla_nest_end(msg, nl_freq); 13345 13346 genlmsg_end(msg, hdr); 13347 13348 rcu_read_lock(); 13349 genlmsg_multicast_allns(&nl80211_fam, msg, 0, 13350 NL80211_MCGRP_REGULATORY, GFP_ATOMIC); 13351 rcu_read_unlock(); 13352 13353 return; 13354 13355 nla_put_failure: 13356 genlmsg_cancel(msg, hdr); 13357 nlmsg_free(msg); 13358 } 13359 13360 static void nl80211_send_remain_on_chan_event( 13361 int cmd, struct cfg80211_registered_device *rdev, 13362 struct wireless_dev *wdev, u64 cookie, 13363 struct ieee80211_channel *chan, 13364 unsigned int duration, gfp_t gfp) 13365 { 13366 struct sk_buff *msg; 13367 void *hdr; 13368 13369 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13370 if (!msg) 13371 return; 13372 13373 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 13374 if (!hdr) { 13375 nlmsg_free(msg); 13376 return; 13377 } 13378 13379 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13380 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 13381 wdev->netdev->ifindex)) || 13382 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 13383 NL80211_ATTR_PAD) || 13384 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 13385 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 13386 NL80211_CHAN_NO_HT) || 13387 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 13388 NL80211_ATTR_PAD)) 13389 goto nla_put_failure; 13390 13391 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL && 13392 nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) 13393 goto nla_put_failure; 13394 13395 genlmsg_end(msg, hdr); 13396 13397 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13398 NL80211_MCGRP_MLME, gfp); 13399 return; 13400 13401 nla_put_failure: 13402 genlmsg_cancel(msg, hdr); 13403 nlmsg_free(msg); 13404 } 13405 13406 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie, 13407 struct ieee80211_channel *chan, 13408 unsigned int duration, gfp_t gfp) 13409 { 13410 struct wiphy *wiphy = wdev->wiphy; 13411 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 13412 13413 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration); 13414 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 13415 rdev, wdev, cookie, chan, 13416 duration, gfp); 13417 } 13418 EXPORT_SYMBOL(cfg80211_ready_on_channel); 13419 13420 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie, 13421 struct ieee80211_channel *chan, 13422 gfp_t gfp) 13423 { 13424 struct wiphy *wiphy = wdev->wiphy; 13425 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 13426 13427 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan); 13428 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 13429 rdev, wdev, cookie, chan, 0, gfp); 13430 } 13431 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired); 13432 13433 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr, 13434 struct station_info *sinfo, gfp_t gfp) 13435 { 13436 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 13437 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 13438 struct sk_buff *msg; 13439 13440 trace_cfg80211_new_sta(dev, mac_addr, sinfo); 13441 13442 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13443 if (!msg) 13444 return; 13445 13446 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0, 13447 rdev, dev, mac_addr, sinfo) < 0) { 13448 nlmsg_free(msg); 13449 return; 13450 } 13451 13452 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13453 NL80211_MCGRP_MLME, gfp); 13454 } 13455 EXPORT_SYMBOL(cfg80211_new_sta); 13456 13457 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr, 13458 struct station_info *sinfo, gfp_t gfp) 13459 { 13460 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 13461 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 13462 struct sk_buff *msg; 13463 struct station_info empty_sinfo = {}; 13464 13465 if (!sinfo) 13466 sinfo = &empty_sinfo; 13467 13468 trace_cfg80211_del_sta(dev, mac_addr); 13469 13470 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13471 if (!msg) 13472 return; 13473 13474 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0, 13475 rdev, dev, mac_addr, sinfo) < 0) { 13476 nlmsg_free(msg); 13477 return; 13478 } 13479 13480 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13481 NL80211_MCGRP_MLME, gfp); 13482 } 13483 EXPORT_SYMBOL(cfg80211_del_sta_sinfo); 13484 13485 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr, 13486 enum nl80211_connect_failed_reason reason, 13487 gfp_t gfp) 13488 { 13489 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 13490 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 13491 struct sk_buff *msg; 13492 void *hdr; 13493 13494 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 13495 if (!msg) 13496 return; 13497 13498 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED); 13499 if (!hdr) { 13500 nlmsg_free(msg); 13501 return; 13502 } 13503 13504 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 13505 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 13506 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason)) 13507 goto nla_put_failure; 13508 13509 genlmsg_end(msg, hdr); 13510 13511 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13512 NL80211_MCGRP_MLME, gfp); 13513 return; 13514 13515 nla_put_failure: 13516 genlmsg_cancel(msg, hdr); 13517 nlmsg_free(msg); 13518 } 13519 EXPORT_SYMBOL(cfg80211_conn_failed); 13520 13521 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 13522 const u8 *addr, gfp_t gfp) 13523 { 13524 struct wireless_dev *wdev = dev->ieee80211_ptr; 13525 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 13526 struct sk_buff *msg; 13527 void *hdr; 13528 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid); 13529 13530 if (!nlportid) 13531 return false; 13532 13533 msg = nlmsg_new(100, gfp); 13534 if (!msg) 13535 return true; 13536 13537 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 13538 if (!hdr) { 13539 nlmsg_free(msg); 13540 return true; 13541 } 13542 13543 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13544 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 13545 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 13546 goto nla_put_failure; 13547 13548 genlmsg_end(msg, hdr); 13549 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 13550 return true; 13551 13552 nla_put_failure: 13553 genlmsg_cancel(msg, hdr); 13554 nlmsg_free(msg); 13555 return true; 13556 } 13557 13558 bool cfg80211_rx_spurious_frame(struct net_device *dev, 13559 const u8 *addr, gfp_t gfp) 13560 { 13561 struct wireless_dev *wdev = dev->ieee80211_ptr; 13562 bool ret; 13563 13564 trace_cfg80211_rx_spurious_frame(dev, addr); 13565 13566 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 13567 wdev->iftype != NL80211_IFTYPE_P2P_GO)) { 13568 trace_cfg80211_return_bool(false); 13569 return false; 13570 } 13571 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 13572 addr, gfp); 13573 trace_cfg80211_return_bool(ret); 13574 return ret; 13575 } 13576 EXPORT_SYMBOL(cfg80211_rx_spurious_frame); 13577 13578 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev, 13579 const u8 *addr, gfp_t gfp) 13580 { 13581 struct wireless_dev *wdev = dev->ieee80211_ptr; 13582 bool ret; 13583 13584 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr); 13585 13586 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 13587 wdev->iftype != NL80211_IFTYPE_P2P_GO && 13588 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) { 13589 trace_cfg80211_return_bool(false); 13590 return false; 13591 } 13592 ret = __nl80211_unexpected_frame(dev, 13593 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 13594 addr, gfp); 13595 trace_cfg80211_return_bool(ret); 13596 return ret; 13597 } 13598 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame); 13599 13600 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 13601 struct wireless_dev *wdev, u32 nlportid, 13602 int freq, int sig_dbm, 13603 const u8 *buf, size_t len, u32 flags, gfp_t gfp) 13604 { 13605 struct net_device *netdev = wdev->netdev; 13606 struct sk_buff *msg; 13607 void *hdr; 13608 13609 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13610 if (!msg) 13611 return -ENOMEM; 13612 13613 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 13614 if (!hdr) { 13615 nlmsg_free(msg); 13616 return -ENOMEM; 13617 } 13618 13619 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13620 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 13621 netdev->ifindex)) || 13622 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 13623 NL80211_ATTR_PAD) || 13624 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 13625 (sig_dbm && 13626 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 13627 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 13628 (flags && 13629 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags))) 13630 goto nla_put_failure; 13631 13632 genlmsg_end(msg, hdr); 13633 13634 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 13635 13636 nla_put_failure: 13637 genlmsg_cancel(msg, hdr); 13638 nlmsg_free(msg); 13639 return -ENOBUFS; 13640 } 13641 13642 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie, 13643 const u8 *buf, size_t len, bool ack, gfp_t gfp) 13644 { 13645 struct wiphy *wiphy = wdev->wiphy; 13646 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 13647 struct net_device *netdev = wdev->netdev; 13648 struct sk_buff *msg; 13649 void *hdr; 13650 13651 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack); 13652 13653 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13654 if (!msg) 13655 return; 13656 13657 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS); 13658 if (!hdr) { 13659 nlmsg_free(msg); 13660 return; 13661 } 13662 13663 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13664 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 13665 netdev->ifindex)) || 13666 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 13667 NL80211_ATTR_PAD) || 13668 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 13669 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 13670 NL80211_ATTR_PAD) || 13671 (ack && nla_put_flag(msg, NL80211_ATTR_ACK))) 13672 goto nla_put_failure; 13673 13674 genlmsg_end(msg, hdr); 13675 13676 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13677 NL80211_MCGRP_MLME, gfp); 13678 return; 13679 13680 nla_put_failure: 13681 genlmsg_cancel(msg, hdr); 13682 nlmsg_free(msg); 13683 } 13684 EXPORT_SYMBOL(cfg80211_mgmt_tx_status); 13685 13686 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev, 13687 const char *mac, gfp_t gfp) 13688 { 13689 struct wireless_dev *wdev = dev->ieee80211_ptr; 13690 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 13691 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13692 void **cb; 13693 13694 if (!msg) 13695 return NULL; 13696 13697 cb = (void **)msg->cb; 13698 13699 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 13700 if (!cb[0]) { 13701 nlmsg_free(msg); 13702 return NULL; 13703 } 13704 13705 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13706 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 13707 goto nla_put_failure; 13708 13709 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac)) 13710 goto nla_put_failure; 13711 13712 cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM); 13713 if (!cb[1]) 13714 goto nla_put_failure; 13715 13716 cb[2] = rdev; 13717 13718 return msg; 13719 nla_put_failure: 13720 nlmsg_free(msg); 13721 return NULL; 13722 } 13723 13724 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp) 13725 { 13726 void **cb = (void **)msg->cb; 13727 struct cfg80211_registered_device *rdev = cb[2]; 13728 13729 nla_nest_end(msg, cb[1]); 13730 genlmsg_end(msg, cb[0]); 13731 13732 memset(msg->cb, 0, sizeof(msg->cb)); 13733 13734 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13735 NL80211_MCGRP_MLME, gfp); 13736 } 13737 13738 void cfg80211_cqm_rssi_notify(struct net_device *dev, 13739 enum nl80211_cqm_rssi_threshold_event rssi_event, 13740 gfp_t gfp) 13741 { 13742 struct sk_buff *msg; 13743 13744 trace_cfg80211_cqm_rssi_notify(dev, rssi_event); 13745 13746 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW && 13747 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH)) 13748 return; 13749 13750 msg = cfg80211_prepare_cqm(dev, NULL, gfp); 13751 if (!msg) 13752 return; 13753 13754 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 13755 rssi_event)) 13756 goto nla_put_failure; 13757 13758 cfg80211_send_cqm(msg, gfp); 13759 13760 return; 13761 13762 nla_put_failure: 13763 nlmsg_free(msg); 13764 } 13765 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify); 13766 13767 void cfg80211_cqm_txe_notify(struct net_device *dev, 13768 const u8 *peer, u32 num_packets, 13769 u32 rate, u32 intvl, gfp_t gfp) 13770 { 13771 struct sk_buff *msg; 13772 13773 msg = cfg80211_prepare_cqm(dev, peer, gfp); 13774 if (!msg) 13775 return; 13776 13777 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets)) 13778 goto nla_put_failure; 13779 13780 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate)) 13781 goto nla_put_failure; 13782 13783 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl)) 13784 goto nla_put_failure; 13785 13786 cfg80211_send_cqm(msg, gfp); 13787 return; 13788 13789 nla_put_failure: 13790 nlmsg_free(msg); 13791 } 13792 EXPORT_SYMBOL(cfg80211_cqm_txe_notify); 13793 13794 void cfg80211_cqm_pktloss_notify(struct net_device *dev, 13795 const u8 *peer, u32 num_packets, gfp_t gfp) 13796 { 13797 struct sk_buff *msg; 13798 13799 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets); 13800 13801 msg = cfg80211_prepare_cqm(dev, peer, gfp); 13802 if (!msg) 13803 return; 13804 13805 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets)) 13806 goto nla_put_failure; 13807 13808 cfg80211_send_cqm(msg, gfp); 13809 return; 13810 13811 nla_put_failure: 13812 nlmsg_free(msg); 13813 } 13814 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify); 13815 13816 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp) 13817 { 13818 struct sk_buff *msg; 13819 13820 msg = cfg80211_prepare_cqm(dev, NULL, gfp); 13821 if (!msg) 13822 return; 13823 13824 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT)) 13825 goto nla_put_failure; 13826 13827 cfg80211_send_cqm(msg, gfp); 13828 return; 13829 13830 nla_put_failure: 13831 nlmsg_free(msg); 13832 } 13833 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify); 13834 13835 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 13836 struct net_device *netdev, const u8 *bssid, 13837 const u8 *replay_ctr, gfp_t gfp) 13838 { 13839 struct sk_buff *msg; 13840 struct nlattr *rekey_attr; 13841 void *hdr; 13842 13843 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13844 if (!msg) 13845 return; 13846 13847 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 13848 if (!hdr) { 13849 nlmsg_free(msg); 13850 return; 13851 } 13852 13853 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13854 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 13855 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 13856 goto nla_put_failure; 13857 13858 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 13859 if (!rekey_attr) 13860 goto nla_put_failure; 13861 13862 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, 13863 NL80211_REPLAY_CTR_LEN, replay_ctr)) 13864 goto nla_put_failure; 13865 13866 nla_nest_end(msg, rekey_attr); 13867 13868 genlmsg_end(msg, hdr); 13869 13870 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13871 NL80211_MCGRP_MLME, gfp); 13872 return; 13873 13874 nla_put_failure: 13875 genlmsg_cancel(msg, hdr); 13876 nlmsg_free(msg); 13877 } 13878 13879 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid, 13880 const u8 *replay_ctr, gfp_t gfp) 13881 { 13882 struct wireless_dev *wdev = dev->ieee80211_ptr; 13883 struct wiphy *wiphy = wdev->wiphy; 13884 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 13885 13886 trace_cfg80211_gtk_rekey_notify(dev, bssid); 13887 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp); 13888 } 13889 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify); 13890 13891 static void 13892 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 13893 struct net_device *netdev, int index, 13894 const u8 *bssid, bool preauth, gfp_t gfp) 13895 { 13896 struct sk_buff *msg; 13897 struct nlattr *attr; 13898 void *hdr; 13899 13900 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13901 if (!msg) 13902 return; 13903 13904 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 13905 if (!hdr) { 13906 nlmsg_free(msg); 13907 return; 13908 } 13909 13910 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13911 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 13912 goto nla_put_failure; 13913 13914 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE); 13915 if (!attr) 13916 goto nla_put_failure; 13917 13918 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) || 13919 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) || 13920 (preauth && 13921 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH))) 13922 goto nla_put_failure; 13923 13924 nla_nest_end(msg, attr); 13925 13926 genlmsg_end(msg, hdr); 13927 13928 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13929 NL80211_MCGRP_MLME, gfp); 13930 return; 13931 13932 nla_put_failure: 13933 genlmsg_cancel(msg, hdr); 13934 nlmsg_free(msg); 13935 } 13936 13937 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index, 13938 const u8 *bssid, bool preauth, gfp_t gfp) 13939 { 13940 struct wireless_dev *wdev = dev->ieee80211_ptr; 13941 struct wiphy *wiphy = wdev->wiphy; 13942 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 13943 13944 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth); 13945 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp); 13946 } 13947 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify); 13948 13949 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev, 13950 struct net_device *netdev, 13951 struct cfg80211_chan_def *chandef, 13952 gfp_t gfp, 13953 enum nl80211_commands notif, 13954 u8 count) 13955 { 13956 struct sk_buff *msg; 13957 void *hdr; 13958 13959 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13960 if (!msg) 13961 return; 13962 13963 hdr = nl80211hdr_put(msg, 0, 0, 0, notif); 13964 if (!hdr) { 13965 nlmsg_free(msg); 13966 return; 13967 } 13968 13969 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 13970 goto nla_put_failure; 13971 13972 if (nl80211_send_chandef(msg, chandef)) 13973 goto nla_put_failure; 13974 13975 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) && 13976 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))) 13977 goto nla_put_failure; 13978 13979 genlmsg_end(msg, hdr); 13980 13981 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 13982 NL80211_MCGRP_MLME, gfp); 13983 return; 13984 13985 nla_put_failure: 13986 genlmsg_cancel(msg, hdr); 13987 nlmsg_free(msg); 13988 } 13989 13990 void cfg80211_ch_switch_notify(struct net_device *dev, 13991 struct cfg80211_chan_def *chandef) 13992 { 13993 struct wireless_dev *wdev = dev->ieee80211_ptr; 13994 struct wiphy *wiphy = wdev->wiphy; 13995 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 13996 13997 ASSERT_WDEV_LOCK(wdev); 13998 13999 trace_cfg80211_ch_switch_notify(dev, chandef); 14000 14001 wdev->chandef = *chandef; 14002 wdev->preset_chandef = *chandef; 14003 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL, 14004 NL80211_CMD_CH_SWITCH_NOTIFY, 0); 14005 } 14006 EXPORT_SYMBOL(cfg80211_ch_switch_notify); 14007 14008 void cfg80211_ch_switch_started_notify(struct net_device *dev, 14009 struct cfg80211_chan_def *chandef, 14010 u8 count) 14011 { 14012 struct wireless_dev *wdev = dev->ieee80211_ptr; 14013 struct wiphy *wiphy = wdev->wiphy; 14014 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14015 14016 trace_cfg80211_ch_switch_started_notify(dev, chandef); 14017 14018 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL, 14019 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count); 14020 } 14021 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify); 14022 14023 void 14024 nl80211_radar_notify(struct cfg80211_registered_device *rdev, 14025 const struct cfg80211_chan_def *chandef, 14026 enum nl80211_radar_event event, 14027 struct net_device *netdev, gfp_t gfp) 14028 { 14029 struct sk_buff *msg; 14030 void *hdr; 14031 14032 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14033 if (!msg) 14034 return; 14035 14036 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT); 14037 if (!hdr) { 14038 nlmsg_free(msg); 14039 return; 14040 } 14041 14042 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 14043 goto nla_put_failure; 14044 14045 /* NOP and radar events don't need a netdev parameter */ 14046 if (netdev) { 14047 struct wireless_dev *wdev = netdev->ieee80211_ptr; 14048 14049 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 14050 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 14051 NL80211_ATTR_PAD)) 14052 goto nla_put_failure; 14053 } 14054 14055 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event)) 14056 goto nla_put_failure; 14057 14058 if (nl80211_send_chandef(msg, chandef)) 14059 goto nla_put_failure; 14060 14061 genlmsg_end(msg, hdr); 14062 14063 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14064 NL80211_MCGRP_MLME, gfp); 14065 return; 14066 14067 nla_put_failure: 14068 genlmsg_cancel(msg, hdr); 14069 nlmsg_free(msg); 14070 } 14071 14072 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 14073 u64 cookie, bool acked, gfp_t gfp) 14074 { 14075 struct wireless_dev *wdev = dev->ieee80211_ptr; 14076 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 14077 struct sk_buff *msg; 14078 void *hdr; 14079 14080 trace_cfg80211_probe_status(dev, addr, cookie, acked); 14081 14082 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14083 14084 if (!msg) 14085 return; 14086 14087 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 14088 if (!hdr) { 14089 nlmsg_free(msg); 14090 return; 14091 } 14092 14093 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14094 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 14095 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 14096 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 14097 NL80211_ATTR_PAD) || 14098 (acked && nla_put_flag(msg, NL80211_ATTR_ACK))) 14099 goto nla_put_failure; 14100 14101 genlmsg_end(msg, hdr); 14102 14103 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14104 NL80211_MCGRP_MLME, gfp); 14105 return; 14106 14107 nla_put_failure: 14108 genlmsg_cancel(msg, hdr); 14109 nlmsg_free(msg); 14110 } 14111 EXPORT_SYMBOL(cfg80211_probe_status); 14112 14113 void cfg80211_report_obss_beacon(struct wiphy *wiphy, 14114 const u8 *frame, size_t len, 14115 int freq, int sig_dbm) 14116 { 14117 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14118 struct sk_buff *msg; 14119 void *hdr; 14120 struct cfg80211_beacon_registration *reg; 14121 14122 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm); 14123 14124 spin_lock_bh(&rdev->beacon_registrations_lock); 14125 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 14126 msg = nlmsg_new(len + 100, GFP_ATOMIC); 14127 if (!msg) { 14128 spin_unlock_bh(&rdev->beacon_registrations_lock); 14129 return; 14130 } 14131 14132 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 14133 if (!hdr) 14134 goto nla_put_failure; 14135 14136 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14137 (freq && 14138 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) || 14139 (sig_dbm && 14140 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 14141 nla_put(msg, NL80211_ATTR_FRAME, len, frame)) 14142 goto nla_put_failure; 14143 14144 genlmsg_end(msg, hdr); 14145 14146 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid); 14147 } 14148 spin_unlock_bh(&rdev->beacon_registrations_lock); 14149 return; 14150 14151 nla_put_failure: 14152 spin_unlock_bh(&rdev->beacon_registrations_lock); 14153 if (hdr) 14154 genlmsg_cancel(msg, hdr); 14155 nlmsg_free(msg); 14156 } 14157 EXPORT_SYMBOL(cfg80211_report_obss_beacon); 14158 14159 #ifdef CONFIG_PM 14160 static int cfg80211_net_detect_results(struct sk_buff *msg, 14161 struct cfg80211_wowlan_wakeup *wakeup) 14162 { 14163 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect; 14164 struct nlattr *nl_results, *nl_match, *nl_freqs; 14165 int i, j; 14166 14167 nl_results = nla_nest_start( 14168 msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS); 14169 if (!nl_results) 14170 return -EMSGSIZE; 14171 14172 for (i = 0; i < nd->n_matches; i++) { 14173 struct cfg80211_wowlan_nd_match *match = nd->matches[i]; 14174 14175 nl_match = nla_nest_start(msg, i); 14176 if (!nl_match) 14177 break; 14178 14179 /* The SSID attribute is optional in nl80211, but for 14180 * simplicity reasons it's always present in the 14181 * cfg80211 structure. If a driver can't pass the 14182 * SSID, that needs to be changed. A zero length SSID 14183 * is still a valid SSID (wildcard), so it cannot be 14184 * used for this purpose. 14185 */ 14186 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len, 14187 match->ssid.ssid)) { 14188 nla_nest_cancel(msg, nl_match); 14189 goto out; 14190 } 14191 14192 if (match->n_channels) { 14193 nl_freqs = nla_nest_start( 14194 msg, NL80211_ATTR_SCAN_FREQUENCIES); 14195 if (!nl_freqs) { 14196 nla_nest_cancel(msg, nl_match); 14197 goto out; 14198 } 14199 14200 for (j = 0; j < match->n_channels; j++) { 14201 if (nla_put_u32(msg, j, match->channels[j])) { 14202 nla_nest_cancel(msg, nl_freqs); 14203 nla_nest_cancel(msg, nl_match); 14204 goto out; 14205 } 14206 } 14207 14208 nla_nest_end(msg, nl_freqs); 14209 } 14210 14211 nla_nest_end(msg, nl_match); 14212 } 14213 14214 out: 14215 nla_nest_end(msg, nl_results); 14216 return 0; 14217 } 14218 14219 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev, 14220 struct cfg80211_wowlan_wakeup *wakeup, 14221 gfp_t gfp) 14222 { 14223 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 14224 struct sk_buff *msg; 14225 void *hdr; 14226 int size = 200; 14227 14228 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup); 14229 14230 if (wakeup) 14231 size += wakeup->packet_present_len; 14232 14233 msg = nlmsg_new(size, gfp); 14234 if (!msg) 14235 return; 14236 14237 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN); 14238 if (!hdr) 14239 goto free_msg; 14240 14241 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14242 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 14243 NL80211_ATTR_PAD)) 14244 goto free_msg; 14245 14246 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 14247 wdev->netdev->ifindex)) 14248 goto free_msg; 14249 14250 if (wakeup) { 14251 struct nlattr *reasons; 14252 14253 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 14254 if (!reasons) 14255 goto free_msg; 14256 14257 if (wakeup->disconnect && 14258 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) 14259 goto free_msg; 14260 if (wakeup->magic_pkt && 14261 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) 14262 goto free_msg; 14263 if (wakeup->gtk_rekey_failure && 14264 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) 14265 goto free_msg; 14266 if (wakeup->eap_identity_req && 14267 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) 14268 goto free_msg; 14269 if (wakeup->four_way_handshake && 14270 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) 14271 goto free_msg; 14272 if (wakeup->rfkill_release && 14273 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)) 14274 goto free_msg; 14275 14276 if (wakeup->pattern_idx >= 0 && 14277 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 14278 wakeup->pattern_idx)) 14279 goto free_msg; 14280 14281 if (wakeup->tcp_match && 14282 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH)) 14283 goto free_msg; 14284 14285 if (wakeup->tcp_connlost && 14286 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST)) 14287 goto free_msg; 14288 14289 if (wakeup->tcp_nomoretokens && 14290 nla_put_flag(msg, 14291 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS)) 14292 goto free_msg; 14293 14294 if (wakeup->packet) { 14295 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211; 14296 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN; 14297 14298 if (!wakeup->packet_80211) { 14299 pkt_attr = 14300 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023; 14301 len_attr = 14302 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN; 14303 } 14304 14305 if (wakeup->packet_len && 14306 nla_put_u32(msg, len_attr, wakeup->packet_len)) 14307 goto free_msg; 14308 14309 if (nla_put(msg, pkt_attr, wakeup->packet_present_len, 14310 wakeup->packet)) 14311 goto free_msg; 14312 } 14313 14314 if (wakeup->net_detect && 14315 cfg80211_net_detect_results(msg, wakeup)) 14316 goto free_msg; 14317 14318 nla_nest_end(msg, reasons); 14319 } 14320 14321 genlmsg_end(msg, hdr); 14322 14323 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14324 NL80211_MCGRP_MLME, gfp); 14325 return; 14326 14327 free_msg: 14328 nlmsg_free(msg); 14329 } 14330 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup); 14331 #endif 14332 14333 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer, 14334 enum nl80211_tdls_operation oper, 14335 u16 reason_code, gfp_t gfp) 14336 { 14337 struct wireless_dev *wdev = dev->ieee80211_ptr; 14338 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 14339 struct sk_buff *msg; 14340 void *hdr; 14341 14342 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper, 14343 reason_code); 14344 14345 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14346 if (!msg) 14347 return; 14348 14349 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER); 14350 if (!hdr) { 14351 nlmsg_free(msg); 14352 return; 14353 } 14354 14355 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14356 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 14357 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) || 14358 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) || 14359 (reason_code > 0 && 14360 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code))) 14361 goto nla_put_failure; 14362 14363 genlmsg_end(msg, hdr); 14364 14365 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14366 NL80211_MCGRP_MLME, gfp); 14367 return; 14368 14369 nla_put_failure: 14370 genlmsg_cancel(msg, hdr); 14371 nlmsg_free(msg); 14372 } 14373 EXPORT_SYMBOL(cfg80211_tdls_oper_request); 14374 14375 static int nl80211_netlink_notify(struct notifier_block * nb, 14376 unsigned long state, 14377 void *_notify) 14378 { 14379 struct netlink_notify *notify = _notify; 14380 struct cfg80211_registered_device *rdev; 14381 struct wireless_dev *wdev; 14382 struct cfg80211_beacon_registration *reg, *tmp; 14383 14384 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC) 14385 return NOTIFY_DONE; 14386 14387 rcu_read_lock(); 14388 14389 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 14390 bool schedule_destroy_work = false; 14391 bool schedule_scan_stop = false; 14392 struct cfg80211_sched_scan_request *sched_scan_req = 14393 rcu_dereference(rdev->sched_scan_req); 14394 14395 if (sched_scan_req && notify->portid && 14396 sched_scan_req->owner_nlportid == notify->portid) 14397 schedule_scan_stop = true; 14398 14399 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) { 14400 cfg80211_mlme_unregister_socket(wdev, notify->portid); 14401 14402 if (wdev->owner_nlportid == notify->portid) 14403 schedule_destroy_work = true; 14404 } 14405 14406 spin_lock_bh(&rdev->beacon_registrations_lock); 14407 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations, 14408 list) { 14409 if (reg->nlportid == notify->portid) { 14410 list_del(®->list); 14411 kfree(reg); 14412 break; 14413 } 14414 } 14415 spin_unlock_bh(&rdev->beacon_registrations_lock); 14416 14417 if (schedule_destroy_work) { 14418 struct cfg80211_iface_destroy *destroy; 14419 14420 destroy = kzalloc(sizeof(*destroy), GFP_ATOMIC); 14421 if (destroy) { 14422 destroy->nlportid = notify->portid; 14423 spin_lock(&rdev->destroy_list_lock); 14424 list_add(&destroy->list, &rdev->destroy_list); 14425 spin_unlock(&rdev->destroy_list_lock); 14426 schedule_work(&rdev->destroy_work); 14427 } 14428 } else if (schedule_scan_stop) { 14429 sched_scan_req->owner_nlportid = 0; 14430 14431 if (rdev->ops->sched_scan_stop && 14432 rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) 14433 schedule_work(&rdev->sched_scan_stop_wk); 14434 } 14435 } 14436 14437 rcu_read_unlock(); 14438 14439 /* 14440 * It is possible that the user space process that is controlling the 14441 * indoor setting disappeared, so notify the regulatory core. 14442 */ 14443 regulatory_netlink_notify(notify->portid); 14444 return NOTIFY_OK; 14445 } 14446 14447 static struct notifier_block nl80211_netlink_notifier = { 14448 .notifier_call = nl80211_netlink_notify, 14449 }; 14450 14451 void cfg80211_ft_event(struct net_device *netdev, 14452 struct cfg80211_ft_event_params *ft_event) 14453 { 14454 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy; 14455 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14456 struct sk_buff *msg; 14457 void *hdr; 14458 14459 trace_cfg80211_ft_event(wiphy, netdev, ft_event); 14460 14461 if (!ft_event->target_ap) 14462 return; 14463 14464 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14465 if (!msg) 14466 return; 14467 14468 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT); 14469 if (!hdr) 14470 goto out; 14471 14472 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14473 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 14474 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap)) 14475 goto out; 14476 14477 if (ft_event->ies && 14478 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies)) 14479 goto out; 14480 if (ft_event->ric_ies && 14481 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len, 14482 ft_event->ric_ies)) 14483 goto out; 14484 14485 genlmsg_end(msg, hdr); 14486 14487 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 14488 NL80211_MCGRP_MLME, GFP_KERNEL); 14489 return; 14490 out: 14491 nlmsg_free(msg); 14492 } 14493 EXPORT_SYMBOL(cfg80211_ft_event); 14494 14495 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp) 14496 { 14497 struct cfg80211_registered_device *rdev; 14498 struct sk_buff *msg; 14499 void *hdr; 14500 u32 nlportid; 14501 14502 rdev = wiphy_to_rdev(wdev->wiphy); 14503 if (!rdev->crit_proto_nlportid) 14504 return; 14505 14506 nlportid = rdev->crit_proto_nlportid; 14507 rdev->crit_proto_nlportid = 0; 14508 14509 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14510 if (!msg) 14511 return; 14512 14513 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP); 14514 if (!hdr) 14515 goto nla_put_failure; 14516 14517 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14518 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 14519 NL80211_ATTR_PAD)) 14520 goto nla_put_failure; 14521 14522 genlmsg_end(msg, hdr); 14523 14524 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 14525 return; 14526 14527 nla_put_failure: 14528 if (hdr) 14529 genlmsg_cancel(msg, hdr); 14530 nlmsg_free(msg); 14531 } 14532 EXPORT_SYMBOL(cfg80211_crit_proto_stopped); 14533 14534 void nl80211_send_ap_stopped(struct wireless_dev *wdev) 14535 { 14536 struct wiphy *wiphy = wdev->wiphy; 14537 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14538 struct sk_buff *msg; 14539 void *hdr; 14540 14541 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14542 if (!msg) 14543 return; 14544 14545 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP); 14546 if (!hdr) 14547 goto out; 14548 14549 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14550 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) || 14551 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 14552 NL80211_ATTR_PAD)) 14553 goto out; 14554 14555 genlmsg_end(msg, hdr); 14556 14557 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0, 14558 NL80211_MCGRP_MLME, GFP_KERNEL); 14559 return; 14560 out: 14561 nlmsg_free(msg); 14562 } 14563 14564 /* initialisation/exit functions */ 14565 14566 int nl80211_init(void) 14567 { 14568 int err; 14569 14570 err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops, 14571 nl80211_mcgrps); 14572 if (err) 14573 return err; 14574 14575 err = netlink_register_notifier(&nl80211_netlink_notifier); 14576 if (err) 14577 goto err_out; 14578 14579 return 0; 14580 err_out: 14581 genl_unregister_family(&nl80211_fam); 14582 return err; 14583 } 14584 14585 void nl80211_exit(void) 14586 { 14587 netlink_unregister_notifier(&nl80211_netlink_notifier); 14588 genl_unregister_family(&nl80211_fam); 14589 } 14590