nl80211.c (518810B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * This is the new netlink-based wireless configuration interface. 4 * 5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 6 * Copyright 2013-2014 Intel Mobile Communications GmbH 7 * Copyright 2015-2017 Intel Deutschland GmbH 8 * Copyright (C) 2018-2022 Intel Corporation 9 */ 10 11#include <linux/if.h> 12#include <linux/module.h> 13#include <linux/err.h> 14#include <linux/slab.h> 15#include <linux/list.h> 16#include <linux/if_ether.h> 17#include <linux/ieee80211.h> 18#include <linux/nl80211.h> 19#include <linux/rtnetlink.h> 20#include <linux/netlink.h> 21#include <linux/nospec.h> 22#include <linux/etherdevice.h> 23#include <linux/if_vlan.h> 24#include <net/net_namespace.h> 25#include <net/genetlink.h> 26#include <net/cfg80211.h> 27#include <net/sock.h> 28#include <net/inet_connection_sock.h> 29#include "core.h" 30#include "nl80211.h" 31#include "reg.h" 32#include "rdev-ops.h" 33 34static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 35 struct genl_info *info, 36 struct cfg80211_crypto_settings *settings, 37 int cipher_limit); 38 39/* the netlink family */ 40static struct genl_family nl80211_fam; 41 42/* multicast groups */ 43enum nl80211_multicast_groups { 44 NL80211_MCGRP_CONFIG, 45 NL80211_MCGRP_SCAN, 46 NL80211_MCGRP_REGULATORY, 47 NL80211_MCGRP_MLME, 48 NL80211_MCGRP_VENDOR, 49 NL80211_MCGRP_NAN, 50 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */ 51}; 52 53static const struct genl_multicast_group nl80211_mcgrps[] = { 54 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG }, 55 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN }, 56 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG }, 57 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME }, 58 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR }, 59 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN }, 60#ifdef CONFIG_NL80211_TESTMODE 61 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE } 62#endif 63}; 64 65/* returns ERR_PTR values */ 66static struct wireless_dev * 67__cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev, 68 struct net *netns, struct nlattr **attrs) 69{ 70 struct wireless_dev *result = NULL; 71 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX]; 72 bool have_wdev_id = attrs[NL80211_ATTR_WDEV]; 73 u64 wdev_id = 0; 74 int wiphy_idx = -1; 75 int ifidx = -1; 76 77 if (!have_ifidx && !have_wdev_id) 78 return ERR_PTR(-EINVAL); 79 80 if (have_ifidx) 81 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 82 if (have_wdev_id) { 83 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 84 wiphy_idx = wdev_id >> 32; 85 } 86 87 if (rdev) { 88 struct wireless_dev *wdev; 89 90 lockdep_assert_held(&rdev->wiphy.mtx); 91 92 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 93 if (have_ifidx && wdev->netdev && 94 wdev->netdev->ifindex == ifidx) { 95 result = wdev; 96 break; 97 } 98 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 99 result = wdev; 100 break; 101 } 102 } 103 104 return result ?: ERR_PTR(-ENODEV); 105 } 106 107 ASSERT_RTNL(); 108 109 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 110 struct wireless_dev *wdev; 111 112 if (wiphy_net(&rdev->wiphy) != netns) 113 continue; 114 115 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx) 116 continue; 117 118 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 119 if (have_ifidx && wdev->netdev && 120 wdev->netdev->ifindex == ifidx) { 121 result = wdev; 122 break; 123 } 124 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 125 result = wdev; 126 break; 127 } 128 } 129 130 if (result) 131 break; 132 } 133 134 if (result) 135 return result; 136 return ERR_PTR(-ENODEV); 137} 138 139static struct cfg80211_registered_device * 140__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs) 141{ 142 struct cfg80211_registered_device *rdev = NULL, *tmp; 143 struct net_device *netdev; 144 145 ASSERT_RTNL(); 146 147 if (!attrs[NL80211_ATTR_WIPHY] && 148 !attrs[NL80211_ATTR_IFINDEX] && 149 !attrs[NL80211_ATTR_WDEV]) 150 return ERR_PTR(-EINVAL); 151 152 if (attrs[NL80211_ATTR_WIPHY]) 153 rdev = cfg80211_rdev_by_wiphy_idx( 154 nla_get_u32(attrs[NL80211_ATTR_WIPHY])); 155 156 if (attrs[NL80211_ATTR_WDEV]) { 157 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 158 struct wireless_dev *wdev; 159 bool found = false; 160 161 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32); 162 if (tmp) { 163 /* make sure wdev exists */ 164 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) { 165 if (wdev->identifier != (u32)wdev_id) 166 continue; 167 found = true; 168 break; 169 } 170 171 if (!found) 172 tmp = NULL; 173 174 if (rdev && tmp != rdev) 175 return ERR_PTR(-EINVAL); 176 rdev = tmp; 177 } 178 } 179 180 if (attrs[NL80211_ATTR_IFINDEX]) { 181 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 182 183 netdev = __dev_get_by_index(netns, ifindex); 184 if (netdev) { 185 if (netdev->ieee80211_ptr) 186 tmp = wiphy_to_rdev( 187 netdev->ieee80211_ptr->wiphy); 188 else 189 tmp = NULL; 190 191 /* not wireless device -- return error */ 192 if (!tmp) 193 return ERR_PTR(-EINVAL); 194 195 /* mismatch -- return error */ 196 if (rdev && tmp != rdev) 197 return ERR_PTR(-EINVAL); 198 199 rdev = tmp; 200 } 201 } 202 203 if (!rdev) 204 return ERR_PTR(-ENODEV); 205 206 if (netns != wiphy_net(&rdev->wiphy)) 207 return ERR_PTR(-ENODEV); 208 209 return rdev; 210} 211 212/* 213 * This function returns a pointer to the driver 214 * that the genl_info item that is passed refers to. 215 * 216 * The result of this can be a PTR_ERR and hence must 217 * be checked with IS_ERR() for errors. 218 */ 219static struct cfg80211_registered_device * 220cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info) 221{ 222 return __cfg80211_rdev_from_attrs(netns, info->attrs); 223} 224 225static int validate_beacon_head(const struct nlattr *attr, 226 struct netlink_ext_ack *extack) 227{ 228 const u8 *data = nla_data(attr); 229 unsigned int len = nla_len(attr); 230 const struct element *elem; 231 const struct ieee80211_mgmt *mgmt = (void *)data; 232 unsigned int fixedlen, hdrlen; 233 bool s1g_bcn; 234 235 if (len < offsetofend(typeof(*mgmt), frame_control)) 236 goto err; 237 238 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control); 239 if (s1g_bcn) { 240 fixedlen = offsetof(struct ieee80211_ext, 241 u.s1g_beacon.variable); 242 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon); 243 } else { 244 fixedlen = offsetof(struct ieee80211_mgmt, 245 u.beacon.variable); 246 hdrlen = offsetof(struct ieee80211_mgmt, u.beacon); 247 } 248 249 if (len < fixedlen) 250 goto err; 251 252 if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen) 253 goto err; 254 255 data += fixedlen; 256 len -= fixedlen; 257 258 for_each_element(elem, data, len) { 259 /* nothing */ 260 } 261 262 if (for_each_element_completed(elem, data, len)) 263 return 0; 264 265err: 266 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head"); 267 return -EINVAL; 268} 269 270static int validate_ie_attr(const struct nlattr *attr, 271 struct netlink_ext_ack *extack) 272{ 273 const u8 *data = nla_data(attr); 274 unsigned int len = nla_len(attr); 275 const struct element *elem; 276 277 for_each_element(elem, data, len) { 278 /* nothing */ 279 } 280 281 if (for_each_element_completed(elem, data, len)) 282 return 0; 283 284 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements"); 285 return -EINVAL; 286} 287 288static int validate_he_capa(const struct nlattr *attr, 289 struct netlink_ext_ack *extack) 290{ 291 if (!ieee80211_he_capa_size_ok(nla_data(attr), nla_len(attr))) 292 return -EINVAL; 293 294 return 0; 295} 296 297/* policy for the attributes */ 298static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR]; 299 300static const struct nla_policy 301nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = { 302 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, }, 303 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY, 304 .len = U8_MAX }, 305 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY, 306 .len = U8_MAX }, 307}; 308 309static const struct nla_policy 310nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = { 311 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG }, 312 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 }, 313 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] = 314 NLA_POLICY_MAX(NLA_U8, 15), 315 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 }, 316 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] = 317 NLA_POLICY_MAX(NLA_U8, 15), 318 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] = 319 NLA_POLICY_MAX(NLA_U8, 31), 320 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 }, 321 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG }, 322 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG }, 323 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG }, 324 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG }, 325 [NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG }, 326}; 327 328static const struct nla_policy 329nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = { 330 [NL80211_PMSR_TYPE_FTM] = 331 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy), 332}; 333 334static const struct nla_policy 335nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = { 336 [NL80211_PMSR_REQ_ATTR_DATA] = 337 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy), 338 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG }, 339}; 340 341static const struct nla_policy 342nl80211_pmsr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = { 343 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR, 344 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy), 345 [NL80211_PMSR_PEER_ATTR_REQ] = 346 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy), 347 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT }, 348}; 349 350static const struct nla_policy 351nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = { 352 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT }, 353 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT }, 354 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT }, 355 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT }, 356 [NL80211_PMSR_ATTR_PEERS] = 357 NLA_POLICY_NESTED_ARRAY(nl80211_pmsr_peer_attr_policy), 358}; 359 360static const struct nla_policy 361he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = { 362 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] = 363 NLA_POLICY_RANGE(NLA_U8, 1, 20), 364 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] = 365 NLA_POLICY_RANGE(NLA_U8, 1, 20), 366 [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] = 367 NLA_POLICY_RANGE(NLA_U8, 1, 20), 368 [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] = 369 NLA_POLICY_EXACT_LEN(8), 370 [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] = 371 NLA_POLICY_EXACT_LEN(8), 372 [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 }, 373}; 374 375static const struct nla_policy 376he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = { 377 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63), 378 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG }, 379 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG }, 380}; 381 382static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 383 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 384 .len = NL80211_MAX_SUPP_RATES }, 385 [NL80211_TXRATE_HT] = { .type = NLA_BINARY, 386 .len = NL80211_MAX_SUPP_HT_RATES }, 387 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)), 388 [NL80211_TXRATE_GI] = { .type = NLA_U8 }, 389 [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)), 390 [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8, 391 NL80211_RATE_INFO_HE_GI_0_8, 392 NL80211_RATE_INFO_HE_GI_3_2), 393 [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8, 394 NL80211_RATE_INFO_HE_1XLTF, 395 NL80211_RATE_INFO_HE_4XLTF), 396}; 397 398static const struct nla_policy 399nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = { 400 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 }, 401 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 }, 402 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG }, 403 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff), 404 [NL80211_TID_CONFIG_ATTR_NOACK] = 405 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE), 406 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1), 407 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1), 408 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] = 409 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE), 410 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] = 411 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE), 412 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] = 413 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE), 414 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] = 415 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED), 416 [NL80211_TID_CONFIG_ATTR_TX_RATE] = 417 NLA_POLICY_NESTED(nl80211_txattr_policy), 418}; 419 420static const struct nla_policy 421nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = { 422 [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000), 423 [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000), 424 [NL80211_FILS_DISCOVERY_ATTR_TMPL] = 425 NLA_POLICY_RANGE(NLA_BINARY, 426 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN, 427 IEEE80211_MAX_DATA_LEN), 428}; 429 430static const struct nla_policy 431nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = { 432 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20), 433 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY, 434 .len = IEEE80211_MAX_DATA_LEN } 435}; 436 437static const struct nla_policy 438sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = { 439 [NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 }, 440 [NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 }, 441}; 442 443static const struct nla_policy 444sar_policy[NL80211_SAR_ATTR_MAX + 1] = { 445 [NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE), 446 [NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy), 447}; 448 449static const struct nla_policy 450nl80211_mbssid_config_policy[NL80211_MBSSID_CONFIG_ATTR_MAX + 1] = { 451 [NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES] = NLA_POLICY_MIN(NLA_U8, 2), 452 [NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY] = 453 NLA_POLICY_MIN(NLA_U8, 1), 454 [NL80211_MBSSID_CONFIG_ATTR_INDEX] = { .type = NLA_U8 }, 455 [NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX] = { .type = NLA_U32 }, 456 [NL80211_MBSSID_CONFIG_ATTR_EMA] = { .type = NLA_FLAG }, 457}; 458 459static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { 460 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD }, 461 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 462 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 463 .len = 20-1 }, 464 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 465 466 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 467 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 468 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8, 469 NL80211_EDMG_CHANNELS_MIN, 470 NL80211_EDMG_CHANNELS_MAX), 471 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8, 472 NL80211_EDMG_BW_CONFIG_MIN, 473 NL80211_EDMG_BW_CONFIG_MAX), 474 475 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 }, 476 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 }, 477 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999), 478 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 }, 479 480 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1), 481 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1), 482 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 483 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 484 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 485 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG }, 486 487 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX), 488 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 489 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 490 491 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 492 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 493 494 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 495 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 496 .len = WLAN_MAX_KEY_LEN }, 497 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7), 498 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 499 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 500 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 501 [NL80211_ATTR_KEY_TYPE] = 502 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES), 503 504 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 505 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 506 [NL80211_ATTR_BEACON_HEAD] = 507 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head, 508 IEEE80211_MAX_DATA_LEN), 509 [NL80211_ATTR_BEACON_TAIL] = 510 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr, 511 IEEE80211_MAX_DATA_LEN), 512 [NL80211_ATTR_STA_AID] = 513 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID), 514 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 515 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 516 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 517 .len = NL80211_MAX_SUPP_RATES }, 518 [NL80211_ATTR_STA_PLINK_ACTION] = 519 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1), 520 [NL80211_ATTR_STA_TX_POWER_SETTING] = 521 NLA_POLICY_RANGE(NLA_U8, 522 NL80211_TX_POWER_AUTOMATIC, 523 NL80211_TX_POWER_FIXED), 524 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 }, 525 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 526 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 527 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 528 .len = IEEE80211_MAX_MESH_ID_LEN }, 529 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT, 530 531 /* allow 3 for NUL-termination, we used to declare this NLA_STRING */ 532 [NL80211_ATTR_REG_ALPHA2] = NLA_POLICY_RANGE(NLA_BINARY, 2, 3), 533 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 534 535 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 536 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 537 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 538 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 539 .len = NL80211_MAX_SUPP_RATES }, 540 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 541 542 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 543 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 544 545 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN), 546 547 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 548 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY, 549 validate_ie_attr, 550 IEEE80211_MAX_DATA_LEN), 551 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 552 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 553 554 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 555 .len = IEEE80211_MAX_SSID_LEN }, 556 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 557 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 558 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 559 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 560 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32, 561 NL80211_MFP_NO, 562 NL80211_MFP_OPTIONAL), 563 [NL80211_ATTR_STA_FLAGS2] = { 564 .len = sizeof(struct nl80211_sta_flag_update), 565 }, 566 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 567 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 568 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 569 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG }, 570 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 571 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 }, 572 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 573 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 574 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 575 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 576 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN), 577 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 578 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 579 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 580 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 581 .len = IEEE80211_MAX_DATA_LEN }, 582 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 583 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32, 584 NL80211_PS_DISABLED, 585 NL80211_PS_ENABLED), 586 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 587 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 588 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 589 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 590 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 591 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 592 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 593 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 594 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 595 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 596 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 597 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 598 [NL80211_ATTR_STA_PLINK_STATE] = 599 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1), 600 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 }, 601 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG }, 602 [NL80211_ATTR_MESH_PEER_AID] = 603 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID), 604 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 605 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 606 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 607 [NL80211_ATTR_HIDDEN_SSID] = 608 NLA_POLICY_RANGE(NLA_U32, 609 NL80211_HIDDEN_SSID_NOT_IN_USE, 610 NL80211_HIDDEN_SSID_ZERO_CONTENTS), 611 [NL80211_ATTR_IE_PROBE_RESP] = 612 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr, 613 IEEE80211_MAX_DATA_LEN), 614 [NL80211_ATTR_IE_ASSOC_RESP] = 615 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr, 616 IEEE80211_MAX_DATA_LEN), 617 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 618 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 619 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 620 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 621 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 622 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 623 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 624 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 625 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG }, 626 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 627 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 628 .len = IEEE80211_MAX_DATA_LEN }, 629 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 630 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 631 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 632 .len = NL80211_HT_CAPABILITY_LEN 633 }, 634 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 635 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 636 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 637 [NL80211_ATTR_WDEV] = { .type = NLA_U64 }, 638 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 }, 639 640 /* need to include at least Auth Transaction and Status Code */ 641 [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4), 642 643 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN), 644 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 }, 645 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127), 646 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1), 647 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = 648 NLA_POLICY_RANGE(NLA_U32, 649 NL80211_MESH_POWER_UNKNOWN + 1, 650 NL80211_MESH_POWER_MAX), 651 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 }, 652 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED }, 653 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 }, 654 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, }, 655 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, }, 656 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG }, 657 [NL80211_ATTR_VHT_CAPABILITY_MASK] = { 658 .len = NL80211_VHT_CAPABILITY_LEN, 659 }, 660 [NL80211_ATTR_MDID] = { .type = NLA_U16 }, 661 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY, 662 .len = IEEE80211_MAX_DATA_LEN }, 663 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 }, 664 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = 665 NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION), 666 [NL80211_ATTR_PEER_AID] = 667 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID), 668 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 }, 669 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG }, 670 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED }, 671 [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY }, 672 [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY }, 673 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2), 674 /* 675 * The value of the Length field of the Supported Operating 676 * Classes element is between 2 and 253. 677 */ 678 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = 679 NLA_POLICY_RANGE(NLA_BINARY, 2, 253), 680 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG }, 681 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 }, 682 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 }, 683 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 }, 684 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY }, 685 [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY, 686 IEEE80211_QOS_MAP_LEN_MIN, 687 IEEE80211_QOS_MAP_LEN_MAX), 688 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 689 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 }, 690 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 }, 691 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG }, 692 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY }, 693 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG }, 694 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1), 695 [NL80211_ATTR_USER_PRIO] = 696 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1), 697 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 }, 698 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 }, 699 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 }, 700 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 701 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG }, 702 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 }, 703 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 }, 704 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG }, 705 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG }, 706 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED }, 707 [NL80211_ATTR_STA_SUPPORT_P2P_PS] = 708 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1), 709 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = { 710 .len = VHT_MUMIMO_GROUPS_DATA_LEN 711 }, 712 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 713 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1), 714 [NL80211_ATTR_BANDS] = { .type = NLA_U32 }, 715 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED }, 716 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY, 717 .len = FILS_MAX_KEK_LEN }, 718 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN), 719 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, }, 720 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 721 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 }, 722 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = { 723 .len = sizeof(struct nl80211_bss_select_rssi_adjust) 724 }, 725 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 }, 726 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY, 727 .len = FILS_ERP_MAX_USERNAME_LEN }, 728 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY, 729 .len = FILS_ERP_MAX_REALM_LEN }, 730 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 }, 731 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY, 732 .len = FILS_ERP_MAX_RRK_LEN }, 733 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2), 734 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN }, 735 [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN), 736 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG }, 737 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG }, 738 739 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 }, 740 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 }, 741 [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 }, 742 [NL80211_ATTR_HE_CAPABILITY] = 743 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_he_capa, 744 NL80211_HE_MAX_CAPABILITY_LEN), 745 [NL80211_ATTR_FTM_RESPONDER] = 746 NLA_POLICY_NESTED(nl80211_ftm_responder_policy), 747 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1), 748 [NL80211_ATTR_PEER_MEASUREMENTS] = 749 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy), 750 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1), 751 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY, 752 .len = SAE_PASSWORD_MAX_LEN }, 753 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG }, 754 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy), 755 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2), 756 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy), 757 [NL80211_ATTR_TID_CONFIG] = 758 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy), 759 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG }, 760 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1), 761 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100), 762 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG }, 763 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999), 764 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED }, 765 [NL80211_ATTR_HE_6GHZ_CAPABILITY] = 766 NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)), 767 [NL80211_ATTR_FILS_DISCOVERY] = 768 NLA_POLICY_NESTED(nl80211_fils_discovery_policy), 769 [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] = 770 NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy), 771 [NL80211_ATTR_S1G_CAPABILITY] = 772 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN), 773 [NL80211_ATTR_S1G_CAPABILITY_MASK] = 774 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN), 775 [NL80211_ATTR_SAE_PWE] = 776 NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK, 777 NL80211_SAE_PWE_BOTH), 778 [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT }, 779 [NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy), 780 [NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG }, 781 [NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 }, 782 [NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 }, 783 [NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 }, 784 [NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy), 785 [NL80211_ATTR_MBSSID_CONFIG] = 786 NLA_POLICY_NESTED(nl80211_mbssid_config_policy), 787 [NL80211_ATTR_MBSSID_ELEMS] = { .type = NLA_NESTED }, 788 [NL80211_ATTR_RADAR_BACKGROUND] = { .type = NLA_FLAG }, 789 [NL80211_ATTR_AP_SETTINGS_FLAGS] = { .type = NLA_U32 }, 790 [NL80211_ATTR_EHT_CAPABILITY] = 791 NLA_POLICY_RANGE(NLA_BINARY, 792 NL80211_EHT_MIN_CAPABILITY_LEN, 793 NL80211_EHT_MAX_CAPABILITY_LEN), 794 [NL80211_ATTR_DISABLE_EHT] = { .type = NLA_FLAG }, 795}; 796 797/* policy for the key attributes */ 798static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 799 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 800 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 801 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 802 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 803 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 804 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 805 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1), 806 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 807 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX), 808}; 809 810/* policy for the key default flags */ 811static const struct nla_policy 812nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 813 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 814 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 815}; 816 817#ifdef CONFIG_PM 818/* policy for WoWLAN attributes */ 819static const struct nla_policy 820nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 821 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 822 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 823 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 824 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 825 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 826 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 827 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 828 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 829 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED }, 830 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED }, 831}; 832 833static const struct nla_policy 834nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = { 835 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 }, 836 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 }, 837 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 838 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 }, 839 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 }, 840 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1), 841 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = { 842 .len = sizeof(struct nl80211_wowlan_tcp_data_seq) 843 }, 844 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = { 845 .len = sizeof(struct nl80211_wowlan_tcp_data_token) 846 }, 847 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 }, 848 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1), 849 [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1), 850}; 851#endif /* CONFIG_PM */ 852 853/* policy for coalesce rule attributes */ 854static const struct nla_policy 855nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = { 856 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 }, 857 [NL80211_ATTR_COALESCE_RULE_CONDITION] = 858 NLA_POLICY_RANGE(NLA_U32, 859 NL80211_COALESCE_CONDITION_MATCH, 860 NL80211_COALESCE_CONDITION_NO_MATCH), 861 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED }, 862}; 863 864/* policy for GTK rekey offload attributes */ 865static const struct nla_policy 866nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 867 [NL80211_REKEY_DATA_KEK] = { 868 .type = NLA_BINARY, 869 .len = NL80211_KEK_EXT_LEN 870 }, 871 [NL80211_REKEY_DATA_KCK] = { 872 .type = NLA_BINARY, 873 .len = NL80211_KCK_EXT_LEN 874 }, 875 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN), 876 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 }, 877}; 878 879static const struct nla_policy 880nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = { 881 [NL80211_BAND_2GHZ] = { .type = NLA_S32 }, 882 [NL80211_BAND_5GHZ] = { .type = NLA_S32 }, 883 [NL80211_BAND_6GHZ] = { .type = NLA_S32 }, 884 [NL80211_BAND_60GHZ] = { .type = NLA_S32 }, 885 [NL80211_BAND_LC] = { .type = NLA_S32 }, 886}; 887 888static const struct nla_policy 889nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 890 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY, 891 .len = IEEE80211_MAX_SSID_LEN }, 892 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 893 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 }, 894 [NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] = 895 NLA_POLICY_NESTED(nl80211_match_band_rssi_policy), 896}; 897 898static const struct nla_policy 899nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = { 900 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 }, 901 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 }, 902}; 903 904static const struct nla_policy 905nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = { 906 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG }, 907 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 }, 908 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = { 909 .len = sizeof(struct nl80211_bss_select_rssi_adjust) 910 }, 911}; 912 913/* policy for NAN function attributes */ 914static const struct nla_policy 915nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = { 916 [NL80211_NAN_FUNC_TYPE] = 917 NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE), 918 [NL80211_NAN_FUNC_SERVICE_ID] = { 919 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN }, 920 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 }, 921 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG }, 922 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG }, 923 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 }, 924 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 }, 925 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 926 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG }, 927 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 }, 928 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY, 929 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN }, 930 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED }, 931 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED }, 932 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED }, 933 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 }, 934 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 }, 935}; 936 937/* policy for Service Response Filter attributes */ 938static const struct nla_policy 939nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = { 940 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG }, 941 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY, 942 .len = NL80211_NAN_FUNC_SRF_MAX_LEN }, 943 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 }, 944 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED }, 945}; 946 947/* policy for packet pattern attributes */ 948static const struct nla_policy 949nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = { 950 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, }, 951 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, }, 952 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 }, 953}; 954 955static int nl80211_prepare_wdev_dump(struct netlink_callback *cb, 956 struct cfg80211_registered_device **rdev, 957 struct wireless_dev **wdev, 958 struct nlattr **attrbuf) 959{ 960 int err; 961 962 if (!cb->args[0]) { 963 struct nlattr **attrbuf_free = NULL; 964 965 if (!attrbuf) { 966 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), 967 GFP_KERNEL); 968 if (!attrbuf) 969 return -ENOMEM; 970 attrbuf_free = attrbuf; 971 } 972 973 err = nlmsg_parse_deprecated(cb->nlh, 974 GENL_HDRLEN + nl80211_fam.hdrsize, 975 attrbuf, nl80211_fam.maxattr, 976 nl80211_policy, NULL); 977 if (err) { 978 kfree(attrbuf_free); 979 return err; 980 } 981 982 rtnl_lock(); 983 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk), 984 attrbuf); 985 kfree(attrbuf_free); 986 if (IS_ERR(*wdev)) { 987 rtnl_unlock(); 988 return PTR_ERR(*wdev); 989 } 990 *rdev = wiphy_to_rdev((*wdev)->wiphy); 991 mutex_lock(&(*rdev)->wiphy.mtx); 992 rtnl_unlock(); 993 /* 0 is the first index - add 1 to parse only once */ 994 cb->args[0] = (*rdev)->wiphy_idx + 1; 995 cb->args[1] = (*wdev)->identifier; 996 } else { 997 /* subtract the 1 again here */ 998 struct wiphy *wiphy; 999 struct wireless_dev *tmp; 1000 1001 rtnl_lock(); 1002 wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1); 1003 if (!wiphy) { 1004 rtnl_unlock(); 1005 return -ENODEV; 1006 } 1007 *rdev = wiphy_to_rdev(wiphy); 1008 *wdev = NULL; 1009 1010 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) { 1011 if (tmp->identifier == cb->args[1]) { 1012 *wdev = tmp; 1013 break; 1014 } 1015 } 1016 1017 if (!*wdev) { 1018 rtnl_unlock(); 1019 return -ENODEV; 1020 } 1021 mutex_lock(&(*rdev)->wiphy.mtx); 1022 rtnl_unlock(); 1023 } 1024 1025 return 0; 1026} 1027 1028/* message building helper */ 1029void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq, 1030 int flags, u8 cmd) 1031{ 1032 /* since there is no private header just add the generic one */ 1033 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd); 1034} 1035 1036static int nl80211_msg_put_wmm_rules(struct sk_buff *msg, 1037 const struct ieee80211_reg_rule *rule) 1038{ 1039 int j; 1040 struct nlattr *nl_wmm_rules = 1041 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM); 1042 1043 if (!nl_wmm_rules) 1044 goto nla_put_failure; 1045 1046 for (j = 0; j < IEEE80211_NUM_ACS; j++) { 1047 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j); 1048 1049 if (!nl_wmm_rule) 1050 goto nla_put_failure; 1051 1052 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN, 1053 rule->wmm_rule.client[j].cw_min) || 1054 nla_put_u16(msg, NL80211_WMMR_CW_MAX, 1055 rule->wmm_rule.client[j].cw_max) || 1056 nla_put_u8(msg, NL80211_WMMR_AIFSN, 1057 rule->wmm_rule.client[j].aifsn) || 1058 nla_put_u16(msg, NL80211_WMMR_TXOP, 1059 rule->wmm_rule.client[j].cot)) 1060 goto nla_put_failure; 1061 1062 nla_nest_end(msg, nl_wmm_rule); 1063 } 1064 nla_nest_end(msg, nl_wmm_rules); 1065 1066 return 0; 1067 1068nla_put_failure: 1069 return -ENOBUFS; 1070} 1071 1072static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy, 1073 struct ieee80211_channel *chan, 1074 bool large) 1075{ 1076 /* Some channels must be completely excluded from the 1077 * list to protect old user-space tools from breaking 1078 */ 1079 if (!large && chan->flags & 1080 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ)) 1081 return 0; 1082 if (!large && chan->freq_offset) 1083 return 0; 1084 1085 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ, 1086 chan->center_freq)) 1087 goto nla_put_failure; 1088 1089 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset)) 1090 goto nla_put_failure; 1091 1092 if ((chan->flags & IEEE80211_CHAN_DISABLED) && 1093 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) 1094 goto nla_put_failure; 1095 if (chan->flags & IEEE80211_CHAN_NO_IR) { 1096 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR)) 1097 goto nla_put_failure; 1098 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS)) 1099 goto nla_put_failure; 1100 } 1101 if (chan->flags & IEEE80211_CHAN_RADAR) { 1102 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 1103 goto nla_put_failure; 1104 if (large) { 1105 u32 time; 1106 1107 time = elapsed_jiffies_msecs(chan->dfs_state_entered); 1108 1109 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE, 1110 chan->dfs_state)) 1111 goto nla_put_failure; 1112 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME, 1113 time)) 1114 goto nla_put_failure; 1115 if (nla_put_u32(msg, 1116 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME, 1117 chan->dfs_cac_ms)) 1118 goto nla_put_failure; 1119 } 1120 } 1121 1122 if (large) { 1123 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) && 1124 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS)) 1125 goto nla_put_failure; 1126 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) && 1127 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS)) 1128 goto nla_put_failure; 1129 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) && 1130 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ)) 1131 goto nla_put_failure; 1132 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) && 1133 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ)) 1134 goto nla_put_failure; 1135 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) && 1136 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY)) 1137 goto nla_put_failure; 1138 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) && 1139 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT)) 1140 goto nla_put_failure; 1141 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) && 1142 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ)) 1143 goto nla_put_failure; 1144 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) && 1145 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ)) 1146 goto nla_put_failure; 1147 if ((chan->flags & IEEE80211_CHAN_NO_HE) && 1148 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE)) 1149 goto nla_put_failure; 1150 if ((chan->flags & IEEE80211_CHAN_1MHZ) && 1151 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ)) 1152 goto nla_put_failure; 1153 if ((chan->flags & IEEE80211_CHAN_2MHZ) && 1154 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ)) 1155 goto nla_put_failure; 1156 if ((chan->flags & IEEE80211_CHAN_4MHZ) && 1157 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ)) 1158 goto nla_put_failure; 1159 if ((chan->flags & IEEE80211_CHAN_8MHZ) && 1160 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ)) 1161 goto nla_put_failure; 1162 if ((chan->flags & IEEE80211_CHAN_16MHZ) && 1163 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ)) 1164 goto nla_put_failure; 1165 if ((chan->flags & IEEE80211_CHAN_NO_320MHZ) && 1166 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_320MHZ)) 1167 goto nla_put_failure; 1168 if ((chan->flags & IEEE80211_CHAN_NO_EHT) && 1169 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_EHT)) 1170 goto nla_put_failure; 1171 } 1172 1173 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 1174 DBM_TO_MBM(chan->max_power))) 1175 goto nla_put_failure; 1176 1177 if (large) { 1178 const struct ieee80211_reg_rule *rule = 1179 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq)); 1180 1181 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) { 1182 if (nl80211_msg_put_wmm_rules(msg, rule)) 1183 goto nla_put_failure; 1184 } 1185 } 1186 1187 return 0; 1188 1189 nla_put_failure: 1190 return -ENOBUFS; 1191} 1192 1193static bool nl80211_put_txq_stats(struct sk_buff *msg, 1194 struct cfg80211_txq_stats *txqstats, 1195 int attrtype) 1196{ 1197 struct nlattr *txqattr; 1198 1199#define PUT_TXQVAL_U32(attr, memb) do { \ 1200 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \ 1201 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \ 1202 return false; \ 1203 } while (0) 1204 1205 txqattr = nla_nest_start_noflag(msg, attrtype); 1206 if (!txqattr) 1207 return false; 1208 1209 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes); 1210 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets); 1211 PUT_TXQVAL_U32(FLOWS, flows); 1212 PUT_TXQVAL_U32(DROPS, drops); 1213 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks); 1214 PUT_TXQVAL_U32(OVERLIMIT, overlimit); 1215 PUT_TXQVAL_U32(OVERMEMORY, overmemory); 1216 PUT_TXQVAL_U32(COLLISIONS, collisions); 1217 PUT_TXQVAL_U32(TX_BYTES, tx_bytes); 1218 PUT_TXQVAL_U32(TX_PACKETS, tx_packets); 1219 PUT_TXQVAL_U32(MAX_FLOWS, max_flows); 1220 nla_nest_end(msg, txqattr); 1221 1222#undef PUT_TXQVAL_U32 1223 return true; 1224} 1225 1226/* netlink command implementations */ 1227 1228struct key_parse { 1229 struct key_params p; 1230 int idx; 1231 int type; 1232 bool def, defmgmt, defbeacon; 1233 bool def_uni, def_multi; 1234}; 1235 1236static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key, 1237 struct key_parse *k) 1238{ 1239 struct nlattr *tb[NL80211_KEY_MAX + 1]; 1240 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key, 1241 nl80211_key_policy, 1242 info->extack); 1243 if (err) 1244 return err; 1245 1246 k->def = !!tb[NL80211_KEY_DEFAULT]; 1247 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 1248 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON]; 1249 1250 if (k->def) { 1251 k->def_uni = true; 1252 k->def_multi = true; 1253 } 1254 if (k->defmgmt || k->defbeacon) 1255 k->def_multi = true; 1256 1257 if (tb[NL80211_KEY_IDX]) 1258 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 1259 1260 if (tb[NL80211_KEY_DATA]) { 1261 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 1262 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 1263 } 1264 1265 if (tb[NL80211_KEY_SEQ]) { 1266 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 1267 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 1268 } 1269 1270 if (tb[NL80211_KEY_CIPHER]) 1271 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 1272 1273 if (tb[NL80211_KEY_TYPE]) 1274 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 1275 1276 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 1277 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 1278 1279 err = nla_parse_nested_deprecated(kdt, 1280 NUM_NL80211_KEY_DEFAULT_TYPES - 1, 1281 tb[NL80211_KEY_DEFAULT_TYPES], 1282 nl80211_key_default_policy, 1283 info->extack); 1284 if (err) 1285 return err; 1286 1287 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 1288 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 1289 } 1290 1291 if (tb[NL80211_KEY_MODE]) 1292 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]); 1293 1294 return 0; 1295} 1296 1297static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 1298{ 1299 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 1300 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 1301 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 1302 } 1303 1304 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 1305 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 1306 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 1307 } 1308 1309 if (info->attrs[NL80211_ATTR_KEY_IDX]) 1310 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 1311 1312 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 1313 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 1314 1315 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 1316 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 1317 1318 if (k->def) { 1319 k->def_uni = true; 1320 k->def_multi = true; 1321 } 1322 if (k->defmgmt) 1323 k->def_multi = true; 1324 1325 if (info->attrs[NL80211_ATTR_KEY_TYPE]) 1326 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 1327 1328 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 1329 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 1330 int err = nla_parse_nested_deprecated(kdt, 1331 NUM_NL80211_KEY_DEFAULT_TYPES - 1, 1332 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 1333 nl80211_key_default_policy, 1334 info->extack); 1335 if (err) 1336 return err; 1337 1338 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 1339 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 1340 } 1341 1342 return 0; 1343} 1344 1345static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 1346{ 1347 int err; 1348 1349 memset(k, 0, sizeof(*k)); 1350 k->idx = -1; 1351 k->type = -1; 1352 1353 if (info->attrs[NL80211_ATTR_KEY]) 1354 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k); 1355 else 1356 err = nl80211_parse_key_old(info, k); 1357 1358 if (err) 1359 return err; 1360 1361 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) + 1362 (k->defbeacon ? 1 : 0) > 1) { 1363 GENL_SET_ERR_MSG(info, 1364 "key with multiple default flags is invalid"); 1365 return -EINVAL; 1366 } 1367 1368 if (k->defmgmt || k->defbeacon) { 1369 if (k->def_uni || !k->def_multi) { 1370 GENL_SET_ERR_MSG(info, 1371 "defmgmt/defbeacon key must be mcast"); 1372 return -EINVAL; 1373 } 1374 } 1375 1376 if (k->idx != -1) { 1377 if (k->defmgmt) { 1378 if (k->idx < 4 || k->idx > 5) { 1379 GENL_SET_ERR_MSG(info, 1380 "defmgmt key idx not 4 or 5"); 1381 return -EINVAL; 1382 } 1383 } else if (k->defbeacon) { 1384 if (k->idx < 6 || k->idx > 7) { 1385 GENL_SET_ERR_MSG(info, 1386 "defbeacon key idx not 6 or 7"); 1387 return -EINVAL; 1388 } 1389 } else if (k->def) { 1390 if (k->idx < 0 || k->idx > 3) { 1391 GENL_SET_ERR_MSG(info, "def key idx not 0-3"); 1392 return -EINVAL; 1393 } 1394 } else { 1395 if (k->idx < 0 || k->idx > 7) { 1396 GENL_SET_ERR_MSG(info, "key idx not 0-7"); 1397 return -EINVAL; 1398 } 1399 } 1400 } 1401 1402 return 0; 1403} 1404 1405static struct cfg80211_cached_keys * 1406nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 1407 struct genl_info *info, bool *no_ht) 1408{ 1409 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS]; 1410 struct key_parse parse; 1411 struct nlattr *key; 1412 struct cfg80211_cached_keys *result; 1413 int rem, err, def = 0; 1414 bool have_key = false; 1415 1416 nla_for_each_nested(key, keys, rem) { 1417 have_key = true; 1418 break; 1419 } 1420 1421 if (!have_key) 1422 return NULL; 1423 1424 result = kzalloc(sizeof(*result), GFP_KERNEL); 1425 if (!result) 1426 return ERR_PTR(-ENOMEM); 1427 1428 result->def = -1; 1429 1430 nla_for_each_nested(key, keys, rem) { 1431 memset(&parse, 0, sizeof(parse)); 1432 parse.idx = -1; 1433 1434 err = nl80211_parse_key_new(info, key, &parse); 1435 if (err) 1436 goto error; 1437 err = -EINVAL; 1438 if (!parse.p.key) 1439 goto error; 1440 if (parse.idx < 0 || parse.idx > 3) { 1441 GENL_SET_ERR_MSG(info, "key index out of range [0-3]"); 1442 goto error; 1443 } 1444 if (parse.def) { 1445 if (def) { 1446 GENL_SET_ERR_MSG(info, 1447 "only one key can be default"); 1448 goto error; 1449 } 1450 def = 1; 1451 result->def = parse.idx; 1452 if (!parse.def_uni || !parse.def_multi) 1453 goto error; 1454 } else if (parse.defmgmt) 1455 goto error; 1456 err = cfg80211_validate_key_settings(rdev, &parse.p, 1457 parse.idx, false, NULL); 1458 if (err) 1459 goto error; 1460 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 && 1461 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) { 1462 GENL_SET_ERR_MSG(info, "connect key must be WEP"); 1463 err = -EINVAL; 1464 goto error; 1465 } 1466 result->params[parse.idx].cipher = parse.p.cipher; 1467 result->params[parse.idx].key_len = parse.p.key_len; 1468 result->params[parse.idx].key = result->data[parse.idx]; 1469 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 1470 1471 /* must be WEP key if we got here */ 1472 if (no_ht) 1473 *no_ht = true; 1474 } 1475 1476 if (result->def < 0) { 1477 err = -EINVAL; 1478 GENL_SET_ERR_MSG(info, "need a default/TX key"); 1479 goto error; 1480 } 1481 1482 return result; 1483 error: 1484 kfree(result); 1485 return ERR_PTR(err); 1486} 1487 1488static int nl80211_key_allowed(struct wireless_dev *wdev) 1489{ 1490 ASSERT_WDEV_LOCK(wdev); 1491 1492 switch (wdev->iftype) { 1493 case NL80211_IFTYPE_AP: 1494 case NL80211_IFTYPE_AP_VLAN: 1495 case NL80211_IFTYPE_P2P_GO: 1496 case NL80211_IFTYPE_MESH_POINT: 1497 break; 1498 case NL80211_IFTYPE_ADHOC: 1499 case NL80211_IFTYPE_STATION: 1500 case NL80211_IFTYPE_P2P_CLIENT: 1501 if (!wdev->current_bss) 1502 return -ENOLINK; 1503 break; 1504 case NL80211_IFTYPE_UNSPECIFIED: 1505 case NL80211_IFTYPE_OCB: 1506 case NL80211_IFTYPE_MONITOR: 1507 case NL80211_IFTYPE_NAN: 1508 case NL80211_IFTYPE_P2P_DEVICE: 1509 case NL80211_IFTYPE_WDS: 1510 case NUM_NL80211_IFTYPES: 1511 return -EINVAL; 1512 } 1513 1514 return 0; 1515} 1516 1517static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy, 1518 u32 freq) 1519{ 1520 struct ieee80211_channel *chan; 1521 1522 chan = ieee80211_get_channel_khz(wiphy, freq); 1523 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) 1524 return NULL; 1525 return chan; 1526} 1527 1528static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 1529{ 1530 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr); 1531 int i; 1532 1533 if (!nl_modes) 1534 goto nla_put_failure; 1535 1536 i = 0; 1537 while (ifmodes) { 1538 if ((ifmodes & 1) && nla_put_flag(msg, i)) 1539 goto nla_put_failure; 1540 ifmodes >>= 1; 1541 i++; 1542 } 1543 1544 nla_nest_end(msg, nl_modes); 1545 return 0; 1546 1547nla_put_failure: 1548 return -ENOBUFS; 1549} 1550 1551static int nl80211_put_iface_combinations(struct wiphy *wiphy, 1552 struct sk_buff *msg, 1553 bool large) 1554{ 1555 struct nlattr *nl_combis; 1556 int i, j; 1557 1558 nl_combis = nla_nest_start_noflag(msg, 1559 NL80211_ATTR_INTERFACE_COMBINATIONS); 1560 if (!nl_combis) 1561 goto nla_put_failure; 1562 1563 for (i = 0; i < wiphy->n_iface_combinations; i++) { 1564 const struct ieee80211_iface_combination *c; 1565 struct nlattr *nl_combi, *nl_limits; 1566 1567 c = &wiphy->iface_combinations[i]; 1568 1569 nl_combi = nla_nest_start_noflag(msg, i + 1); 1570 if (!nl_combi) 1571 goto nla_put_failure; 1572 1573 nl_limits = nla_nest_start_noflag(msg, 1574 NL80211_IFACE_COMB_LIMITS); 1575 if (!nl_limits) 1576 goto nla_put_failure; 1577 1578 for (j = 0; j < c->n_limits; j++) { 1579 struct nlattr *nl_limit; 1580 1581 nl_limit = nla_nest_start_noflag(msg, j + 1); 1582 if (!nl_limit) 1583 goto nla_put_failure; 1584 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, 1585 c->limits[j].max)) 1586 goto nla_put_failure; 1587 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 1588 c->limits[j].types)) 1589 goto nla_put_failure; 1590 nla_nest_end(msg, nl_limit); 1591 } 1592 1593 nla_nest_end(msg, nl_limits); 1594 1595 if (c->beacon_int_infra_match && 1596 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH)) 1597 goto nla_put_failure; 1598 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 1599 c->num_different_channels) || 1600 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM, 1601 c->max_interfaces)) 1602 goto nla_put_failure; 1603 if (large && 1604 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS, 1605 c->radar_detect_widths) || 1606 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS, 1607 c->radar_detect_regions))) 1608 goto nla_put_failure; 1609 if (c->beacon_int_min_gcd && 1610 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD, 1611 c->beacon_int_min_gcd)) 1612 goto nla_put_failure; 1613 1614 nla_nest_end(msg, nl_combi); 1615 } 1616 1617 nla_nest_end(msg, nl_combis); 1618 1619 return 0; 1620nla_put_failure: 1621 return -ENOBUFS; 1622} 1623 1624#ifdef CONFIG_PM 1625static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev, 1626 struct sk_buff *msg) 1627{ 1628 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp; 1629 struct nlattr *nl_tcp; 1630 1631 if (!tcp) 1632 return 0; 1633 1634 nl_tcp = nla_nest_start_noflag(msg, 1635 NL80211_WOWLAN_TRIG_TCP_CONNECTION); 1636 if (!nl_tcp) 1637 return -ENOBUFS; 1638 1639 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 1640 tcp->data_payload_max)) 1641 return -ENOBUFS; 1642 1643 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 1644 tcp->data_payload_max)) 1645 return -ENOBUFS; 1646 1647 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ)) 1648 return -ENOBUFS; 1649 1650 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 1651 sizeof(*tcp->tok), tcp->tok)) 1652 return -ENOBUFS; 1653 1654 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 1655 tcp->data_interval_max)) 1656 return -ENOBUFS; 1657 1658 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 1659 tcp->wake_payload_max)) 1660 return -ENOBUFS; 1661 1662 nla_nest_end(msg, nl_tcp); 1663 return 0; 1664} 1665 1666static int nl80211_send_wowlan(struct sk_buff *msg, 1667 struct cfg80211_registered_device *rdev, 1668 bool large) 1669{ 1670 struct nlattr *nl_wowlan; 1671 1672 if (!rdev->wiphy.wowlan) 1673 return 0; 1674 1675 nl_wowlan = nla_nest_start_noflag(msg, 1676 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 1677 if (!nl_wowlan) 1678 return -ENOBUFS; 1679 1680 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) && 1681 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 1682 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) && 1683 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 1684 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) && 1685 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 1686 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) && 1687 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) || 1688 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) && 1689 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 1690 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) && 1691 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 1692 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) && 1693 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 1694 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) && 1695 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 1696 return -ENOBUFS; 1697 1698 if (rdev->wiphy.wowlan->n_patterns) { 1699 struct nl80211_pattern_support pat = { 1700 .max_patterns = rdev->wiphy.wowlan->n_patterns, 1701 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len, 1702 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len, 1703 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset, 1704 }; 1705 1706 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1707 sizeof(pat), &pat)) 1708 return -ENOBUFS; 1709 } 1710 1711 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) && 1712 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT, 1713 rdev->wiphy.wowlan->max_nd_match_sets)) 1714 return -ENOBUFS; 1715 1716 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg)) 1717 return -ENOBUFS; 1718 1719 nla_nest_end(msg, nl_wowlan); 1720 1721 return 0; 1722} 1723#endif 1724 1725static int nl80211_send_coalesce(struct sk_buff *msg, 1726 struct cfg80211_registered_device *rdev) 1727{ 1728 struct nl80211_coalesce_rule_support rule; 1729 1730 if (!rdev->wiphy.coalesce) 1731 return 0; 1732 1733 rule.max_rules = rdev->wiphy.coalesce->n_rules; 1734 rule.max_delay = rdev->wiphy.coalesce->max_delay; 1735 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns; 1736 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len; 1737 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len; 1738 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset; 1739 1740 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule)) 1741 return -ENOBUFS; 1742 1743 return 0; 1744} 1745 1746static int 1747nl80211_send_iftype_data(struct sk_buff *msg, 1748 const struct ieee80211_supported_band *sband, 1749 const struct ieee80211_sband_iftype_data *iftdata) 1750{ 1751 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap; 1752 const struct ieee80211_sta_eht_cap *eht_cap = &iftdata->eht_cap; 1753 1754 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES, 1755 iftdata->types_mask)) 1756 return -ENOBUFS; 1757 1758 if (he_cap->has_he) { 1759 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC, 1760 sizeof(he_cap->he_cap_elem.mac_cap_info), 1761 he_cap->he_cap_elem.mac_cap_info) || 1762 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY, 1763 sizeof(he_cap->he_cap_elem.phy_cap_info), 1764 he_cap->he_cap_elem.phy_cap_info) || 1765 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET, 1766 sizeof(he_cap->he_mcs_nss_supp), 1767 &he_cap->he_mcs_nss_supp) || 1768 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE, 1769 sizeof(he_cap->ppe_thres), he_cap->ppe_thres)) 1770 return -ENOBUFS; 1771 } 1772 1773 if (eht_cap->has_eht && he_cap->has_he) { 1774 u8 mcs_nss_size, ppe_thresh_size; 1775 u16 ppe_thres_hdr; 1776 1777 mcs_nss_size = 1778 ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem, 1779 &eht_cap->eht_cap_elem); 1780 1781 ppe_thres_hdr = get_unaligned_le16(&eht_cap->eht_ppe_thres[0]); 1782 ppe_thresh_size = 1783 ieee80211_eht_ppe_size(ppe_thres_hdr, 1784 eht_cap->eht_cap_elem.phy_cap_info); 1785 1786 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC, 1787 sizeof(eht_cap->eht_cap_elem.mac_cap_info), 1788 eht_cap->eht_cap_elem.mac_cap_info) || 1789 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY, 1790 sizeof(eht_cap->eht_cap_elem.phy_cap_info), 1791 eht_cap->eht_cap_elem.phy_cap_info) || 1792 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET, 1793 mcs_nss_size, &eht_cap->eht_mcs_nss_supp) || 1794 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE, 1795 ppe_thresh_size, eht_cap->eht_ppe_thres)) 1796 return -ENOBUFS; 1797 } 1798 1799 if (sband->band == NL80211_BAND_6GHZ && 1800 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA, 1801 sizeof(iftdata->he_6ghz_capa), 1802 &iftdata->he_6ghz_capa)) 1803 return -ENOBUFS; 1804 1805 if (iftdata->vendor_elems.data && iftdata->vendor_elems.len && 1806 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS, 1807 iftdata->vendor_elems.len, iftdata->vendor_elems.data)) 1808 return -ENOBUFS; 1809 1810 return 0; 1811} 1812 1813static int nl80211_send_band_rateinfo(struct sk_buff *msg, 1814 struct ieee80211_supported_band *sband, 1815 bool large) 1816{ 1817 struct nlattr *nl_rates, *nl_rate; 1818 struct ieee80211_rate *rate; 1819 int i; 1820 1821 /* add HT info */ 1822 if (sband->ht_cap.ht_supported && 1823 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET, 1824 sizeof(sband->ht_cap.mcs), 1825 &sband->ht_cap.mcs) || 1826 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA, 1827 sband->ht_cap.cap) || 1828 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 1829 sband->ht_cap.ampdu_factor) || 1830 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 1831 sband->ht_cap.ampdu_density))) 1832 return -ENOBUFS; 1833 1834 /* add VHT info */ 1835 if (sband->vht_cap.vht_supported && 1836 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET, 1837 sizeof(sband->vht_cap.vht_mcs), 1838 &sband->vht_cap.vht_mcs) || 1839 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA, 1840 sband->vht_cap.cap))) 1841 return -ENOBUFS; 1842 1843 if (large && sband->n_iftype_data) { 1844 struct nlattr *nl_iftype_data = 1845 nla_nest_start_noflag(msg, 1846 NL80211_BAND_ATTR_IFTYPE_DATA); 1847 int err; 1848 1849 if (!nl_iftype_data) 1850 return -ENOBUFS; 1851 1852 for (i = 0; i < sband->n_iftype_data; i++) { 1853 struct nlattr *iftdata; 1854 1855 iftdata = nla_nest_start_noflag(msg, i + 1); 1856 if (!iftdata) 1857 return -ENOBUFS; 1858 1859 err = nl80211_send_iftype_data(msg, sband, 1860 &sband->iftype_data[i]); 1861 if (err) 1862 return err; 1863 1864 nla_nest_end(msg, iftdata); 1865 } 1866 1867 nla_nest_end(msg, nl_iftype_data); 1868 } 1869 1870 /* add EDMG info */ 1871 if (large && sband->edmg_cap.channels && 1872 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS, 1873 sband->edmg_cap.channels) || 1874 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG, 1875 sband->edmg_cap.bw_config))) 1876 1877 return -ENOBUFS; 1878 1879 /* add bitrates */ 1880 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES); 1881 if (!nl_rates) 1882 return -ENOBUFS; 1883 1884 for (i = 0; i < sband->n_bitrates; i++) { 1885 nl_rate = nla_nest_start_noflag(msg, i); 1886 if (!nl_rate) 1887 return -ENOBUFS; 1888 1889 rate = &sband->bitrates[i]; 1890 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE, 1891 rate->bitrate)) 1892 return -ENOBUFS; 1893 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) && 1894 nla_put_flag(msg, 1895 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE)) 1896 return -ENOBUFS; 1897 1898 nla_nest_end(msg, nl_rate); 1899 } 1900 1901 nla_nest_end(msg, nl_rates); 1902 1903 return 0; 1904} 1905 1906static int 1907nl80211_send_mgmt_stypes(struct sk_buff *msg, 1908 const struct ieee80211_txrx_stypes *mgmt_stypes) 1909{ 1910 u16 stypes; 1911 struct nlattr *nl_ftypes, *nl_ifs; 1912 enum nl80211_iftype ift; 1913 int i; 1914 1915 if (!mgmt_stypes) 1916 return 0; 1917 1918 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES); 1919 if (!nl_ifs) 1920 return -ENOBUFS; 1921 1922 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1923 nl_ftypes = nla_nest_start_noflag(msg, ift); 1924 if (!nl_ftypes) 1925 return -ENOBUFS; 1926 i = 0; 1927 stypes = mgmt_stypes[ift].tx; 1928 while (stypes) { 1929 if ((stypes & 1) && 1930 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1931 (i << 4) | IEEE80211_FTYPE_MGMT)) 1932 return -ENOBUFS; 1933 stypes >>= 1; 1934 i++; 1935 } 1936 nla_nest_end(msg, nl_ftypes); 1937 } 1938 1939 nla_nest_end(msg, nl_ifs); 1940 1941 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES); 1942 if (!nl_ifs) 1943 return -ENOBUFS; 1944 1945 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1946 nl_ftypes = nla_nest_start_noflag(msg, ift); 1947 if (!nl_ftypes) 1948 return -ENOBUFS; 1949 i = 0; 1950 stypes = mgmt_stypes[ift].rx; 1951 while (stypes) { 1952 if ((stypes & 1) && 1953 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1954 (i << 4) | IEEE80211_FTYPE_MGMT)) 1955 return -ENOBUFS; 1956 stypes >>= 1; 1957 i++; 1958 } 1959 nla_nest_end(msg, nl_ftypes); 1960 } 1961 nla_nest_end(msg, nl_ifs); 1962 1963 return 0; 1964} 1965 1966#define CMD(op, n) \ 1967 do { \ 1968 if (rdev->ops->op) { \ 1969 i++; \ 1970 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \ 1971 goto nla_put_failure; \ 1972 } \ 1973 } while (0) 1974 1975static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev, 1976 struct sk_buff *msg) 1977{ 1978 int i = 0; 1979 1980 /* 1981 * do *NOT* add anything into this function, new things need to be 1982 * advertised only to new versions of userspace that can deal with 1983 * the split (and they can't possibly care about new features... 1984 */ 1985 CMD(add_virtual_intf, NEW_INTERFACE); 1986 CMD(change_virtual_intf, SET_INTERFACE); 1987 CMD(add_key, NEW_KEY); 1988 CMD(start_ap, START_AP); 1989 CMD(add_station, NEW_STATION); 1990 CMD(add_mpath, NEW_MPATH); 1991 CMD(update_mesh_config, SET_MESH_CONFIG); 1992 CMD(change_bss, SET_BSS); 1993 CMD(auth, AUTHENTICATE); 1994 CMD(assoc, ASSOCIATE); 1995 CMD(deauth, DEAUTHENTICATE); 1996 CMD(disassoc, DISASSOCIATE); 1997 CMD(join_ibss, JOIN_IBSS); 1998 CMD(join_mesh, JOIN_MESH); 1999 CMD(set_pmksa, SET_PMKSA); 2000 CMD(del_pmksa, DEL_PMKSA); 2001 CMD(flush_pmksa, FLUSH_PMKSA); 2002 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 2003 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 2004 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 2005 CMD(mgmt_tx, FRAME); 2006 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 2007 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 2008 i++; 2009 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS)) 2010 goto nla_put_failure; 2011 } 2012 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap || 2013 rdev->ops->join_mesh) { 2014 i++; 2015 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL)) 2016 goto nla_put_failure; 2017 } 2018 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 2019 CMD(tdls_mgmt, TDLS_MGMT); 2020 CMD(tdls_oper, TDLS_OPER); 2021 } 2022 if (rdev->wiphy.max_sched_scan_reqs) 2023 CMD(sched_scan_start, START_SCHED_SCAN); 2024 CMD(probe_client, PROBE_CLIENT); 2025 CMD(set_noack_map, SET_NOACK_MAP); 2026 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 2027 i++; 2028 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 2029 goto nla_put_failure; 2030 } 2031 CMD(start_p2p_device, START_P2P_DEVICE); 2032 CMD(set_mcast_rate, SET_MCAST_RATE); 2033#ifdef CONFIG_NL80211_TESTMODE 2034 CMD(testmode_cmd, TESTMODE); 2035#endif 2036 2037 if (rdev->ops->connect || rdev->ops->auth) { 2038 i++; 2039 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT)) 2040 goto nla_put_failure; 2041 } 2042 2043 if (rdev->ops->disconnect || rdev->ops->deauth) { 2044 i++; 2045 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT)) 2046 goto nla_put_failure; 2047 } 2048 2049 return i; 2050 nla_put_failure: 2051 return -ENOBUFS; 2052} 2053 2054static int 2055nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap, 2056 struct sk_buff *msg) 2057{ 2058 struct nlattr *ftm; 2059 2060 if (!cap->ftm.supported) 2061 return 0; 2062 2063 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM); 2064 if (!ftm) 2065 return -ENOBUFS; 2066 2067 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP)) 2068 return -ENOBUFS; 2069 if (cap->ftm.non_asap && 2070 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP)) 2071 return -ENOBUFS; 2072 if (cap->ftm.request_lci && 2073 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI)) 2074 return -ENOBUFS; 2075 if (cap->ftm.request_civicloc && 2076 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC)) 2077 return -ENOBUFS; 2078 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES, 2079 cap->ftm.preambles)) 2080 return -ENOBUFS; 2081 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS, 2082 cap->ftm.bandwidths)) 2083 return -ENOBUFS; 2084 if (cap->ftm.max_bursts_exponent >= 0 && 2085 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT, 2086 cap->ftm.max_bursts_exponent)) 2087 return -ENOBUFS; 2088 if (cap->ftm.max_ftms_per_burst && 2089 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST, 2090 cap->ftm.max_ftms_per_burst)) 2091 return -ENOBUFS; 2092 if (cap->ftm.trigger_based && 2093 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED)) 2094 return -ENOBUFS; 2095 if (cap->ftm.non_trigger_based && 2096 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED)) 2097 return -ENOBUFS; 2098 2099 nla_nest_end(msg, ftm); 2100 return 0; 2101} 2102 2103static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev, 2104 struct sk_buff *msg) 2105{ 2106 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa; 2107 struct nlattr *pmsr, *caps; 2108 2109 if (!cap) 2110 return 0; 2111 2112 /* 2113 * we don't need to clean up anything here since the caller 2114 * will genlmsg_cancel() if we fail 2115 */ 2116 2117 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS); 2118 if (!pmsr) 2119 return -ENOBUFS; 2120 2121 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers)) 2122 return -ENOBUFS; 2123 2124 if (cap->report_ap_tsf && 2125 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF)) 2126 return -ENOBUFS; 2127 2128 if (cap->randomize_mac_addr && 2129 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR)) 2130 return -ENOBUFS; 2131 2132 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA); 2133 if (!caps) 2134 return -ENOBUFS; 2135 2136 if (nl80211_send_pmsr_ftm_capa(cap, msg)) 2137 return -ENOBUFS; 2138 2139 nla_nest_end(msg, caps); 2140 nla_nest_end(msg, pmsr); 2141 2142 return 0; 2143} 2144 2145static int 2146nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev, 2147 struct sk_buff *msg) 2148{ 2149 int i; 2150 struct nlattr *nested, *nested_akms; 2151 const struct wiphy_iftype_akm_suites *iftype_akms; 2152 2153 if (!rdev->wiphy.num_iftype_akm_suites || 2154 !rdev->wiphy.iftype_akm_suites) 2155 return 0; 2156 2157 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES); 2158 if (!nested) 2159 return -ENOBUFS; 2160 2161 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) { 2162 nested_akms = nla_nest_start(msg, i + 1); 2163 if (!nested_akms) 2164 return -ENOBUFS; 2165 2166 iftype_akms = &rdev->wiphy.iftype_akm_suites[i]; 2167 2168 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES, 2169 iftype_akms->iftypes_mask)) 2170 return -ENOBUFS; 2171 2172 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES, 2173 sizeof(u32) * iftype_akms->n_akm_suites, 2174 iftype_akms->akm_suites)) { 2175 return -ENOBUFS; 2176 } 2177 nla_nest_end(msg, nested_akms); 2178 } 2179 2180 nla_nest_end(msg, nested); 2181 2182 return 0; 2183} 2184 2185static int 2186nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev, 2187 struct sk_buff *msg) 2188{ 2189 struct nlattr *supp; 2190 2191 if (!rdev->wiphy.tid_config_support.vif && 2192 !rdev->wiphy.tid_config_support.peer) 2193 return 0; 2194 2195 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG); 2196 if (!supp) 2197 return -ENOSPC; 2198 2199 if (rdev->wiphy.tid_config_support.vif && 2200 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP, 2201 rdev->wiphy.tid_config_support.vif, 2202 NL80211_TID_CONFIG_ATTR_PAD)) 2203 goto fail; 2204 2205 if (rdev->wiphy.tid_config_support.peer && 2206 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP, 2207 rdev->wiphy.tid_config_support.peer, 2208 NL80211_TID_CONFIG_ATTR_PAD)) 2209 goto fail; 2210 2211 /* for now we just use the same value ... makes more sense */ 2212 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT, 2213 rdev->wiphy.tid_config_support.max_retry)) 2214 goto fail; 2215 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG, 2216 rdev->wiphy.tid_config_support.max_retry)) 2217 goto fail; 2218 2219 nla_nest_end(msg, supp); 2220 2221 return 0; 2222fail: 2223 nla_nest_cancel(msg, supp); 2224 return -ENOBUFS; 2225} 2226 2227static int 2228nl80211_put_sar_specs(struct cfg80211_registered_device *rdev, 2229 struct sk_buff *msg) 2230{ 2231 struct nlattr *sar_capa, *specs, *sub_freq_range; 2232 u8 num_freq_ranges; 2233 int i; 2234 2235 if (!rdev->wiphy.sar_capa) 2236 return 0; 2237 2238 num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges; 2239 2240 sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC); 2241 if (!sar_capa) 2242 return -ENOSPC; 2243 2244 if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type)) 2245 goto fail; 2246 2247 specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS); 2248 if (!specs) 2249 goto fail; 2250 2251 /* report supported freq_ranges */ 2252 for (i = 0; i < num_freq_ranges; i++) { 2253 sub_freq_range = nla_nest_start(msg, i + 1); 2254 if (!sub_freq_range) 2255 goto fail; 2256 2257 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ, 2258 rdev->wiphy.sar_capa->freq_ranges[i].start_freq)) 2259 goto fail; 2260 2261 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ, 2262 rdev->wiphy.sar_capa->freq_ranges[i].end_freq)) 2263 goto fail; 2264 2265 nla_nest_end(msg, sub_freq_range); 2266 } 2267 2268 nla_nest_end(msg, specs); 2269 nla_nest_end(msg, sar_capa); 2270 2271 return 0; 2272fail: 2273 nla_nest_cancel(msg, sar_capa); 2274 return -ENOBUFS; 2275} 2276 2277static int nl80211_put_mbssid_support(struct wiphy *wiphy, struct sk_buff *msg) 2278{ 2279 struct nlattr *config; 2280 2281 if (!wiphy->mbssid_max_interfaces) 2282 return 0; 2283 2284 config = nla_nest_start(msg, NL80211_ATTR_MBSSID_CONFIG); 2285 if (!config) 2286 return -ENOBUFS; 2287 2288 if (nla_put_u8(msg, NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES, 2289 wiphy->mbssid_max_interfaces)) 2290 goto fail; 2291 2292 if (wiphy->ema_max_profile_periodicity && 2293 nla_put_u8(msg, 2294 NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY, 2295 wiphy->ema_max_profile_periodicity)) 2296 goto fail; 2297 2298 nla_nest_end(msg, config); 2299 return 0; 2300 2301fail: 2302 nla_nest_cancel(msg, config); 2303 return -ENOBUFS; 2304} 2305 2306struct nl80211_dump_wiphy_state { 2307 s64 filter_wiphy; 2308 long start; 2309 long split_start, band_start, chan_start, capa_start; 2310 bool split; 2311}; 2312 2313static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev, 2314 enum nl80211_commands cmd, 2315 struct sk_buff *msg, u32 portid, u32 seq, 2316 int flags, struct nl80211_dump_wiphy_state *state) 2317{ 2318 void *hdr; 2319 struct nlattr *nl_bands, *nl_band; 2320 struct nlattr *nl_freqs, *nl_freq; 2321 struct nlattr *nl_cmds; 2322 enum nl80211_band band; 2323 struct ieee80211_channel *chan; 2324 int i; 2325 const struct ieee80211_txrx_stypes *mgmt_stypes = 2326 rdev->wiphy.mgmt_stypes; 2327 u32 features; 2328 2329 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 2330 if (!hdr) 2331 return -ENOBUFS; 2332 2333 if (WARN_ON(!state)) 2334 return -EINVAL; 2335 2336 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 2337 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, 2338 wiphy_name(&rdev->wiphy)) || 2339 nla_put_u32(msg, NL80211_ATTR_GENERATION, 2340 cfg80211_rdev_list_generation)) 2341 goto nla_put_failure; 2342 2343 if (cmd != NL80211_CMD_NEW_WIPHY) 2344 goto finish; 2345 2346 switch (state->split_start) { 2347 case 0: 2348 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 2349 rdev->wiphy.retry_short) || 2350 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 2351 rdev->wiphy.retry_long) || 2352 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 2353 rdev->wiphy.frag_threshold) || 2354 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 2355 rdev->wiphy.rts_threshold) || 2356 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 2357 rdev->wiphy.coverage_class) || 2358 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 2359 rdev->wiphy.max_scan_ssids) || 2360 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 2361 rdev->wiphy.max_sched_scan_ssids) || 2362 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 2363 rdev->wiphy.max_scan_ie_len) || 2364 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 2365 rdev->wiphy.max_sched_scan_ie_len) || 2366 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS, 2367 rdev->wiphy.max_match_sets)) 2368 goto nla_put_failure; 2369 2370 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) && 2371 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN)) 2372 goto nla_put_failure; 2373 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) && 2374 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH)) 2375 goto nla_put_failure; 2376 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 2377 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD)) 2378 goto nla_put_failure; 2379 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) && 2380 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT)) 2381 goto nla_put_failure; 2382 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) && 2383 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT)) 2384 goto nla_put_failure; 2385 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) && 2386 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) 2387 goto nla_put_failure; 2388 state->split_start++; 2389 if (state->split) 2390 break; 2391 fallthrough; 2392 case 1: 2393 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES, 2394 sizeof(u32) * rdev->wiphy.n_cipher_suites, 2395 rdev->wiphy.cipher_suites)) 2396 goto nla_put_failure; 2397 2398 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 2399 rdev->wiphy.max_num_pmkids)) 2400 goto nla_put_failure; 2401 2402 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 2403 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE)) 2404 goto nla_put_failure; 2405 2406 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 2407 rdev->wiphy.available_antennas_tx) || 2408 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 2409 rdev->wiphy.available_antennas_rx)) 2410 goto nla_put_failure; 2411 2412 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) && 2413 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 2414 rdev->wiphy.probe_resp_offload)) 2415 goto nla_put_failure; 2416 2417 if ((rdev->wiphy.available_antennas_tx || 2418 rdev->wiphy.available_antennas_rx) && 2419 rdev->ops->get_antenna) { 2420 u32 tx_ant = 0, rx_ant = 0; 2421 int res; 2422 2423 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant); 2424 if (!res) { 2425 if (nla_put_u32(msg, 2426 NL80211_ATTR_WIPHY_ANTENNA_TX, 2427 tx_ant) || 2428 nla_put_u32(msg, 2429 NL80211_ATTR_WIPHY_ANTENNA_RX, 2430 rx_ant)) 2431 goto nla_put_failure; 2432 } 2433 } 2434 2435 state->split_start++; 2436 if (state->split) 2437 break; 2438 fallthrough; 2439 case 2: 2440 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 2441 rdev->wiphy.interface_modes)) 2442 goto nla_put_failure; 2443 state->split_start++; 2444 if (state->split) 2445 break; 2446 fallthrough; 2447 case 3: 2448 nl_bands = nla_nest_start_noflag(msg, 2449 NL80211_ATTR_WIPHY_BANDS); 2450 if (!nl_bands) 2451 goto nla_put_failure; 2452 2453 for (band = state->band_start; 2454 band < (state->split ? 2455 NUM_NL80211_BANDS : 2456 NL80211_BAND_60GHZ + 1); 2457 band++) { 2458 struct ieee80211_supported_band *sband; 2459 2460 /* omit higher bands for ancient software */ 2461 if (band > NL80211_BAND_5GHZ && !state->split) 2462 break; 2463 2464 sband = rdev->wiphy.bands[band]; 2465 2466 if (!sband) 2467 continue; 2468 2469 nl_band = nla_nest_start_noflag(msg, band); 2470 if (!nl_band) 2471 goto nla_put_failure; 2472 2473 switch (state->chan_start) { 2474 case 0: 2475 if (nl80211_send_band_rateinfo(msg, sband, 2476 state->split)) 2477 goto nla_put_failure; 2478 state->chan_start++; 2479 if (state->split) 2480 break; 2481 fallthrough; 2482 default: 2483 /* add frequencies */ 2484 nl_freqs = nla_nest_start_noflag(msg, 2485 NL80211_BAND_ATTR_FREQS); 2486 if (!nl_freqs) 2487 goto nla_put_failure; 2488 2489 for (i = state->chan_start - 1; 2490 i < sband->n_channels; 2491 i++) { 2492 nl_freq = nla_nest_start_noflag(msg, 2493 i); 2494 if (!nl_freq) 2495 goto nla_put_failure; 2496 2497 chan = &sband->channels[i]; 2498 2499 if (nl80211_msg_put_channel( 2500 msg, &rdev->wiphy, chan, 2501 state->split)) 2502 goto nla_put_failure; 2503 2504 nla_nest_end(msg, nl_freq); 2505 if (state->split) 2506 break; 2507 } 2508 if (i < sband->n_channels) 2509 state->chan_start = i + 2; 2510 else 2511 state->chan_start = 0; 2512 nla_nest_end(msg, nl_freqs); 2513 } 2514 2515 nla_nest_end(msg, nl_band); 2516 2517 if (state->split) { 2518 /* start again here */ 2519 if (state->chan_start) 2520 band--; 2521 break; 2522 } 2523 } 2524 nla_nest_end(msg, nl_bands); 2525 2526 if (band < NUM_NL80211_BANDS) 2527 state->band_start = band + 1; 2528 else 2529 state->band_start = 0; 2530 2531 /* if bands & channels are done, continue outside */ 2532 if (state->band_start == 0 && state->chan_start == 0) 2533 state->split_start++; 2534 if (state->split) 2535 break; 2536 fallthrough; 2537 case 4: 2538 nl_cmds = nla_nest_start_noflag(msg, 2539 NL80211_ATTR_SUPPORTED_COMMANDS); 2540 if (!nl_cmds) 2541 goto nla_put_failure; 2542 2543 i = nl80211_add_commands_unsplit(rdev, msg); 2544 if (i < 0) 2545 goto nla_put_failure; 2546 if (state->split) { 2547 CMD(crit_proto_start, CRIT_PROTOCOL_START); 2548 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP); 2549 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH) 2550 CMD(channel_switch, CHANNEL_SWITCH); 2551 CMD(set_qos_map, SET_QOS_MAP); 2552 if (rdev->wiphy.features & 2553 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION) 2554 CMD(add_tx_ts, ADD_TX_TS); 2555 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST); 2556 CMD(update_connect_params, UPDATE_CONNECT_PARAMS); 2557 CMD(update_ft_ies, UPDATE_FT_IES); 2558 if (rdev->wiphy.sar_capa) 2559 CMD(set_sar_specs, SET_SAR_SPECS); 2560 } 2561#undef CMD 2562 2563 nla_nest_end(msg, nl_cmds); 2564 state->split_start++; 2565 if (state->split) 2566 break; 2567 fallthrough; 2568 case 5: 2569 if (rdev->ops->remain_on_channel && 2570 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) && 2571 nla_put_u32(msg, 2572 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 2573 rdev->wiphy.max_remain_on_channel_duration)) 2574 goto nla_put_failure; 2575 2576 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) && 2577 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) 2578 goto nla_put_failure; 2579 2580 state->split_start++; 2581 if (state->split) 2582 break; 2583 fallthrough; 2584 case 6: 2585#ifdef CONFIG_PM 2586 if (nl80211_send_wowlan(msg, rdev, state->split)) 2587 goto nla_put_failure; 2588 state->split_start++; 2589 if (state->split) 2590 break; 2591#else 2592 state->split_start++; 2593#endif 2594 fallthrough; 2595 case 7: 2596 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 2597 rdev->wiphy.software_iftypes)) 2598 goto nla_put_failure; 2599 2600 if (nl80211_put_iface_combinations(&rdev->wiphy, msg, 2601 state->split)) 2602 goto nla_put_failure; 2603 2604 state->split_start++; 2605 if (state->split) 2606 break; 2607 fallthrough; 2608 case 8: 2609 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) && 2610 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME, 2611 rdev->wiphy.ap_sme_capa)) 2612 goto nla_put_failure; 2613 2614 features = rdev->wiphy.features; 2615 /* 2616 * We can only add the per-channel limit information if the 2617 * dump is split, otherwise it makes it too big. Therefore 2618 * only advertise it in that case. 2619 */ 2620 if (state->split) 2621 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS; 2622 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features)) 2623 goto nla_put_failure; 2624 2625 if (rdev->wiphy.ht_capa_mod_mask && 2626 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 2627 sizeof(*rdev->wiphy.ht_capa_mod_mask), 2628 rdev->wiphy.ht_capa_mod_mask)) 2629 goto nla_put_failure; 2630 2631 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME && 2632 rdev->wiphy.max_acl_mac_addrs && 2633 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX, 2634 rdev->wiphy.max_acl_mac_addrs)) 2635 goto nla_put_failure; 2636 2637 /* 2638 * Any information below this point is only available to 2639 * applications that can deal with it being split. This 2640 * helps ensure that newly added capabilities don't break 2641 * older tools by overrunning their buffers. 2642 * 2643 * We still increment split_start so that in the split 2644 * case we'll continue with more data in the next round, 2645 * but break unconditionally so unsplit data stops here. 2646 */ 2647 if (state->split) 2648 state->split_start++; 2649 else 2650 state->split_start = 0; 2651 break; 2652 case 9: 2653 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes)) 2654 goto nla_put_failure; 2655 2656 if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS, 2657 rdev->wiphy.max_sched_scan_plans) || 2658 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL, 2659 rdev->wiphy.max_sched_scan_plan_interval) || 2660 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS, 2661 rdev->wiphy.max_sched_scan_plan_iterations)) 2662 goto nla_put_failure; 2663 2664 if (rdev->wiphy.extended_capabilities && 2665 (nla_put(msg, NL80211_ATTR_EXT_CAPA, 2666 rdev->wiphy.extended_capabilities_len, 2667 rdev->wiphy.extended_capabilities) || 2668 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK, 2669 rdev->wiphy.extended_capabilities_len, 2670 rdev->wiphy.extended_capabilities_mask))) 2671 goto nla_put_failure; 2672 2673 if (rdev->wiphy.vht_capa_mod_mask && 2674 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, 2675 sizeof(*rdev->wiphy.vht_capa_mod_mask), 2676 rdev->wiphy.vht_capa_mod_mask)) 2677 goto nla_put_failure; 2678 2679 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, 2680 rdev->wiphy.perm_addr)) 2681 goto nla_put_failure; 2682 2683 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) && 2684 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN, 2685 rdev->wiphy.addr_mask)) 2686 goto nla_put_failure; 2687 2688 if (rdev->wiphy.n_addresses > 1) { 2689 void *attr; 2690 2691 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS); 2692 if (!attr) 2693 goto nla_put_failure; 2694 2695 for (i = 0; i < rdev->wiphy.n_addresses; i++) 2696 if (nla_put(msg, i + 1, ETH_ALEN, 2697 rdev->wiphy.addresses[i].addr)) 2698 goto nla_put_failure; 2699 2700 nla_nest_end(msg, attr); 2701 } 2702 2703 state->split_start++; 2704 break; 2705 case 10: 2706 if (nl80211_send_coalesce(msg, rdev)) 2707 goto nla_put_failure; 2708 2709 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) && 2710 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) || 2711 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ))) 2712 goto nla_put_failure; 2713 2714 if (rdev->wiphy.max_ap_assoc_sta && 2715 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA, 2716 rdev->wiphy.max_ap_assoc_sta)) 2717 goto nla_put_failure; 2718 2719 state->split_start++; 2720 break; 2721 case 11: 2722 if (rdev->wiphy.n_vendor_commands) { 2723 const struct nl80211_vendor_cmd_info *info; 2724 struct nlattr *nested; 2725 2726 nested = nla_nest_start_noflag(msg, 2727 NL80211_ATTR_VENDOR_DATA); 2728 if (!nested) 2729 goto nla_put_failure; 2730 2731 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) { 2732 info = &rdev->wiphy.vendor_commands[i].info; 2733 if (nla_put(msg, i + 1, sizeof(*info), info)) 2734 goto nla_put_failure; 2735 } 2736 nla_nest_end(msg, nested); 2737 } 2738 2739 if (rdev->wiphy.n_vendor_events) { 2740 const struct nl80211_vendor_cmd_info *info; 2741 struct nlattr *nested; 2742 2743 nested = nla_nest_start_noflag(msg, 2744 NL80211_ATTR_VENDOR_EVENTS); 2745 if (!nested) 2746 goto nla_put_failure; 2747 2748 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) { 2749 info = &rdev->wiphy.vendor_events[i]; 2750 if (nla_put(msg, i + 1, sizeof(*info), info)) 2751 goto nla_put_failure; 2752 } 2753 nla_nest_end(msg, nested); 2754 } 2755 state->split_start++; 2756 break; 2757 case 12: 2758 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH && 2759 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS, 2760 rdev->wiphy.max_num_csa_counters)) 2761 goto nla_put_failure; 2762 2763 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 2764 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 2765 goto nla_put_failure; 2766 2767 if (rdev->wiphy.max_sched_scan_reqs && 2768 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS, 2769 rdev->wiphy.max_sched_scan_reqs)) 2770 goto nla_put_failure; 2771 2772 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES, 2773 sizeof(rdev->wiphy.ext_features), 2774 rdev->wiphy.ext_features)) 2775 goto nla_put_failure; 2776 2777 if (rdev->wiphy.bss_select_support) { 2778 struct nlattr *nested; 2779 u32 bss_select_support = rdev->wiphy.bss_select_support; 2780 2781 nested = nla_nest_start_noflag(msg, 2782 NL80211_ATTR_BSS_SELECT); 2783 if (!nested) 2784 goto nla_put_failure; 2785 2786 i = 0; 2787 while (bss_select_support) { 2788 if ((bss_select_support & 1) && 2789 nla_put_flag(msg, i)) 2790 goto nla_put_failure; 2791 i++; 2792 bss_select_support >>= 1; 2793 } 2794 nla_nest_end(msg, nested); 2795 } 2796 2797 state->split_start++; 2798 break; 2799 case 13: 2800 if (rdev->wiphy.num_iftype_ext_capab && 2801 rdev->wiphy.iftype_ext_capab) { 2802 struct nlattr *nested_ext_capab, *nested; 2803 2804 nested = nla_nest_start_noflag(msg, 2805 NL80211_ATTR_IFTYPE_EXT_CAPA); 2806 if (!nested) 2807 goto nla_put_failure; 2808 2809 for (i = state->capa_start; 2810 i < rdev->wiphy.num_iftype_ext_capab; i++) { 2811 const struct wiphy_iftype_ext_capab *capab; 2812 2813 capab = &rdev->wiphy.iftype_ext_capab[i]; 2814 2815 nested_ext_capab = nla_nest_start_noflag(msg, 2816 i); 2817 if (!nested_ext_capab || 2818 nla_put_u32(msg, NL80211_ATTR_IFTYPE, 2819 capab->iftype) || 2820 nla_put(msg, NL80211_ATTR_EXT_CAPA, 2821 capab->extended_capabilities_len, 2822 capab->extended_capabilities) || 2823 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK, 2824 capab->extended_capabilities_len, 2825 capab->extended_capabilities_mask)) 2826 goto nla_put_failure; 2827 2828 nla_nest_end(msg, nested_ext_capab); 2829 if (state->split) 2830 break; 2831 } 2832 nla_nest_end(msg, nested); 2833 if (i < rdev->wiphy.num_iftype_ext_capab) { 2834 state->capa_start = i + 1; 2835 break; 2836 } 2837 } 2838 2839 if (nla_put_u32(msg, NL80211_ATTR_BANDS, 2840 rdev->wiphy.nan_supported_bands)) 2841 goto nla_put_failure; 2842 2843 if (wiphy_ext_feature_isset(&rdev->wiphy, 2844 NL80211_EXT_FEATURE_TXQS)) { 2845 struct cfg80211_txq_stats txqstats = {}; 2846 int res; 2847 2848 res = rdev_get_txq_stats(rdev, NULL, &txqstats); 2849 if (!res && 2850 !nl80211_put_txq_stats(msg, &txqstats, 2851 NL80211_ATTR_TXQ_STATS)) 2852 goto nla_put_failure; 2853 2854 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT, 2855 rdev->wiphy.txq_limit)) 2856 goto nla_put_failure; 2857 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT, 2858 rdev->wiphy.txq_memory_limit)) 2859 goto nla_put_failure; 2860 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM, 2861 rdev->wiphy.txq_quantum)) 2862 goto nla_put_failure; 2863 } 2864 2865 state->split_start++; 2866 break; 2867 case 14: 2868 if (nl80211_send_pmsr_capa(rdev, msg)) 2869 goto nla_put_failure; 2870 2871 state->split_start++; 2872 break; 2873 case 15: 2874 if (rdev->wiphy.akm_suites && 2875 nla_put(msg, NL80211_ATTR_AKM_SUITES, 2876 sizeof(u32) * rdev->wiphy.n_akm_suites, 2877 rdev->wiphy.akm_suites)) 2878 goto nla_put_failure; 2879 2880 if (nl80211_put_iftype_akm_suites(rdev, msg)) 2881 goto nla_put_failure; 2882 2883 if (nl80211_put_tid_config_support(rdev, msg)) 2884 goto nla_put_failure; 2885 state->split_start++; 2886 break; 2887 case 16: 2888 if (nl80211_put_sar_specs(rdev, msg)) 2889 goto nla_put_failure; 2890 2891 if (nl80211_put_mbssid_support(&rdev->wiphy, msg)) 2892 goto nla_put_failure; 2893 2894 /* done */ 2895 state->split_start = 0; 2896 break; 2897 } 2898 finish: 2899 genlmsg_end(msg, hdr); 2900 return 0; 2901 2902 nla_put_failure: 2903 genlmsg_cancel(msg, hdr); 2904 return -EMSGSIZE; 2905} 2906 2907static int nl80211_dump_wiphy_parse(struct sk_buff *skb, 2908 struct netlink_callback *cb, 2909 struct nl80211_dump_wiphy_state *state) 2910{ 2911 struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL); 2912 int ret; 2913 2914 if (!tb) 2915 return -ENOMEM; 2916 2917 ret = nlmsg_parse_deprecated(cb->nlh, 2918 GENL_HDRLEN + nl80211_fam.hdrsize, 2919 tb, nl80211_fam.maxattr, 2920 nl80211_policy, NULL); 2921 /* ignore parse errors for backward compatibility */ 2922 if (ret) { 2923 ret = 0; 2924 goto out; 2925 } 2926 2927 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP]; 2928 if (tb[NL80211_ATTR_WIPHY]) 2929 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 2930 if (tb[NL80211_ATTR_WDEV]) 2931 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32; 2932 if (tb[NL80211_ATTR_IFINDEX]) { 2933 struct net_device *netdev; 2934 struct cfg80211_registered_device *rdev; 2935 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 2936 2937 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 2938 if (!netdev) { 2939 ret = -ENODEV; 2940 goto out; 2941 } 2942 if (netdev->ieee80211_ptr) { 2943 rdev = wiphy_to_rdev( 2944 netdev->ieee80211_ptr->wiphy); 2945 state->filter_wiphy = rdev->wiphy_idx; 2946 } 2947 } 2948 2949 ret = 0; 2950out: 2951 kfree(tb); 2952 return ret; 2953} 2954 2955static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 2956{ 2957 int idx = 0, ret; 2958 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0]; 2959 struct cfg80211_registered_device *rdev; 2960 2961 rtnl_lock(); 2962 if (!state) { 2963 state = kzalloc(sizeof(*state), GFP_KERNEL); 2964 if (!state) { 2965 rtnl_unlock(); 2966 return -ENOMEM; 2967 } 2968 state->filter_wiphy = -1; 2969 ret = nl80211_dump_wiphy_parse(skb, cb, state); 2970 if (ret) { 2971 kfree(state); 2972 rtnl_unlock(); 2973 return ret; 2974 } 2975 cb->args[0] = (long)state; 2976 } 2977 2978 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 2979 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 2980 continue; 2981 if (++idx <= state->start) 2982 continue; 2983 if (state->filter_wiphy != -1 && 2984 state->filter_wiphy != rdev->wiphy_idx) 2985 continue; 2986 /* attempt to fit multiple wiphy data chunks into the skb */ 2987 do { 2988 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, 2989 skb, 2990 NETLINK_CB(cb->skb).portid, 2991 cb->nlh->nlmsg_seq, 2992 NLM_F_MULTI, state); 2993 if (ret < 0) { 2994 /* 2995 * If sending the wiphy data didn't fit (ENOBUFS 2996 * or EMSGSIZE returned), this SKB is still 2997 * empty (so it's not too big because another 2998 * wiphy dataset is already in the skb) and 2999 * we've not tried to adjust the dump allocation 3000 * yet ... then adjust the alloc size to be 3001 * bigger, and return 1 but with the empty skb. 3002 * This results in an empty message being RX'ed 3003 * in userspace, but that is ignored. 3004 * 3005 * We can then retry with the larger buffer. 3006 */ 3007 if ((ret == -ENOBUFS || ret == -EMSGSIZE) && 3008 !skb->len && !state->split && 3009 cb->min_dump_alloc < 4096) { 3010 cb->min_dump_alloc = 4096; 3011 state->split_start = 0; 3012 rtnl_unlock(); 3013 return 1; 3014 } 3015 idx--; 3016 break; 3017 } 3018 } while (state->split_start > 0); 3019 break; 3020 } 3021 rtnl_unlock(); 3022 3023 state->start = idx; 3024 3025 return skb->len; 3026} 3027 3028static int nl80211_dump_wiphy_done(struct netlink_callback *cb) 3029{ 3030 kfree((void *)cb->args[0]); 3031 return 0; 3032} 3033 3034static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 3035{ 3036 struct sk_buff *msg; 3037 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3038 struct nl80211_dump_wiphy_state state = {}; 3039 3040 msg = nlmsg_new(4096, GFP_KERNEL); 3041 if (!msg) 3042 return -ENOMEM; 3043 3044 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg, 3045 info->snd_portid, info->snd_seq, 0, 3046 &state) < 0) { 3047 nlmsg_free(msg); 3048 return -ENOBUFS; 3049 } 3050 3051 return genlmsg_reply(msg, info); 3052} 3053 3054static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 3055 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 3056 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 3057 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 3058 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 3059 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 3060}; 3061 3062static int parse_txq_params(struct nlattr *tb[], 3063 struct ieee80211_txq_params *txq_params) 3064{ 3065 u8 ac; 3066 3067 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || 3068 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 3069 !tb[NL80211_TXQ_ATTR_AIFS]) 3070 return -EINVAL; 3071 3072 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); 3073 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 3074 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 3075 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 3076 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 3077 3078 if (ac >= NL80211_NUM_ACS) 3079 return -EINVAL; 3080 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS); 3081 return 0; 3082} 3083 3084static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 3085{ 3086 /* 3087 * You can only set the channel explicitly for some interfaces, 3088 * most have their channel managed via their respective 3089 * "establish a connection" command (connect, join, ...) 3090 * 3091 * For AP/GO and mesh mode, the channel can be set with the 3092 * channel userspace API, but is only stored and passed to the 3093 * low-level driver when the AP starts or the mesh is joined. 3094 * This is for backward compatibility, userspace can also give 3095 * the channel in the start-ap or join-mesh commands instead. 3096 * 3097 * Monitors are special as they are normally slaved to 3098 * whatever else is going on, so they have their own special 3099 * operation to set the monitor channel if possible. 3100 */ 3101 return !wdev || 3102 wdev->iftype == NL80211_IFTYPE_AP || 3103 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 3104 wdev->iftype == NL80211_IFTYPE_MONITOR || 3105 wdev->iftype == NL80211_IFTYPE_P2P_GO; 3106} 3107 3108int nl80211_parse_chandef(struct cfg80211_registered_device *rdev, 3109 struct genl_info *info, 3110 struct cfg80211_chan_def *chandef) 3111{ 3112 struct netlink_ext_ack *extack = info->extack; 3113 struct nlattr **attrs = info->attrs; 3114 u32 control_freq; 3115 3116 if (!attrs[NL80211_ATTR_WIPHY_FREQ]) 3117 return -EINVAL; 3118 3119 control_freq = MHZ_TO_KHZ( 3120 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3121 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]) 3122 control_freq += 3123 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]); 3124 3125 memset(chandef, 0, sizeof(*chandef)); 3126 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq); 3127 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 3128 chandef->center_freq1 = KHZ_TO_MHZ(control_freq); 3129 chandef->freq1_offset = control_freq % 1000; 3130 chandef->center_freq2 = 0; 3131 3132 /* Primary channel not allowed */ 3133 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) { 3134 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ], 3135 "Channel is disabled"); 3136 return -EINVAL; 3137 } 3138 3139 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 3140 enum nl80211_channel_type chantype; 3141 3142 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 3143 3144 switch (chantype) { 3145 case NL80211_CHAN_NO_HT: 3146 case NL80211_CHAN_HT20: 3147 case NL80211_CHAN_HT40PLUS: 3148 case NL80211_CHAN_HT40MINUS: 3149 cfg80211_chandef_create(chandef, chandef->chan, 3150 chantype); 3151 /* user input for center_freq is incorrect */ 3152 if (attrs[NL80211_ATTR_CENTER_FREQ1] && 3153 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) { 3154 NL_SET_ERR_MSG_ATTR(extack, 3155 attrs[NL80211_ATTR_CENTER_FREQ1], 3156 "bad center frequency 1"); 3157 return -EINVAL; 3158 } 3159 /* center_freq2 must be zero */ 3160 if (attrs[NL80211_ATTR_CENTER_FREQ2] && 3161 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) { 3162 NL_SET_ERR_MSG_ATTR(extack, 3163 attrs[NL80211_ATTR_CENTER_FREQ2], 3164 "center frequency 2 can't be used"); 3165 return -EINVAL; 3166 } 3167 break; 3168 default: 3169 NL_SET_ERR_MSG_ATTR(extack, 3170 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE], 3171 "invalid channel type"); 3172 return -EINVAL; 3173 } 3174 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) { 3175 chandef->width = 3176 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]); 3177 if (chandef->chan->band == NL80211_BAND_S1GHZ) { 3178 /* User input error for channel width doesn't match channel */ 3179 if (chandef->width != ieee80211_s1g_channel_width(chandef->chan)) { 3180 NL_SET_ERR_MSG_ATTR(extack, 3181 attrs[NL80211_ATTR_CHANNEL_WIDTH], 3182 "bad channel width"); 3183 return -EINVAL; 3184 } 3185 } 3186 if (attrs[NL80211_ATTR_CENTER_FREQ1]) { 3187 chandef->center_freq1 = 3188 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]); 3189 if (attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]) 3190 chandef->freq1_offset = nla_get_u32( 3191 attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]); 3192 else 3193 chandef->freq1_offset = 0; 3194 } 3195 if (attrs[NL80211_ATTR_CENTER_FREQ2]) 3196 chandef->center_freq2 = 3197 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]); 3198 } 3199 3200 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) { 3201 chandef->edmg.channels = 3202 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]); 3203 3204 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]) 3205 chandef->edmg.bw_config = 3206 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]); 3207 } else { 3208 chandef->edmg.bw_config = 0; 3209 chandef->edmg.channels = 0; 3210 } 3211 3212 if (!cfg80211_chandef_valid(chandef)) { 3213 NL_SET_ERR_MSG(extack, "invalid channel definition"); 3214 return -EINVAL; 3215 } 3216 3217 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef, 3218 IEEE80211_CHAN_DISABLED)) { 3219 NL_SET_ERR_MSG(extack, "(extension) channel is disabled"); 3220 return -EINVAL; 3221 } 3222 3223 if ((chandef->width == NL80211_CHAN_WIDTH_5 || 3224 chandef->width == NL80211_CHAN_WIDTH_10) && 3225 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) { 3226 NL_SET_ERR_MSG(extack, "5/10 MHz not supported"); 3227 return -EINVAL; 3228 } 3229 3230 return 0; 3231} 3232 3233static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 3234 struct net_device *dev, 3235 struct genl_info *info) 3236{ 3237 struct cfg80211_chan_def chandef; 3238 int result; 3239 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR; 3240 struct wireless_dev *wdev = NULL; 3241 3242 if (dev) 3243 wdev = dev->ieee80211_ptr; 3244 if (!nl80211_can_set_dev_channel(wdev)) 3245 return -EOPNOTSUPP; 3246 if (wdev) 3247 iftype = wdev->iftype; 3248 3249 result = nl80211_parse_chandef(rdev, info, &chandef); 3250 if (result) 3251 return result; 3252 3253 switch (iftype) { 3254 case NL80211_IFTYPE_AP: 3255 case NL80211_IFTYPE_P2P_GO: 3256 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef, 3257 iftype)) { 3258 result = -EINVAL; 3259 break; 3260 } 3261 if (wdev->beacon_interval) { 3262 if (!dev || !rdev->ops->set_ap_chanwidth || 3263 !(rdev->wiphy.features & 3264 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) { 3265 result = -EBUSY; 3266 break; 3267 } 3268 3269 /* Only allow dynamic channel width changes */ 3270 if (chandef.chan != wdev->preset_chandef.chan) { 3271 result = -EBUSY; 3272 break; 3273 } 3274 result = rdev_set_ap_chanwidth(rdev, dev, &chandef); 3275 if (result) 3276 break; 3277 } 3278 wdev->preset_chandef = chandef; 3279 result = 0; 3280 break; 3281 case NL80211_IFTYPE_MESH_POINT: 3282 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef); 3283 break; 3284 case NL80211_IFTYPE_MONITOR: 3285 result = cfg80211_set_monitor_channel(rdev, &chandef); 3286 break; 3287 default: 3288 result = -EINVAL; 3289 } 3290 3291 return result; 3292} 3293 3294static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 3295{ 3296 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3297 struct net_device *netdev = info->user_ptr[1]; 3298 3299 return __nl80211_set_channel(rdev, netdev, info); 3300} 3301 3302static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 3303{ 3304 struct cfg80211_registered_device *rdev = NULL; 3305 struct net_device *netdev = NULL; 3306 struct wireless_dev *wdev; 3307 int result = 0, rem_txq_params = 0; 3308 struct nlattr *nl_txq_params; 3309 u32 changed; 3310 u8 retry_short = 0, retry_long = 0; 3311 u32 frag_threshold = 0, rts_threshold = 0; 3312 u8 coverage_class = 0; 3313 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0; 3314 3315 rtnl_lock(); 3316 /* 3317 * Try to find the wiphy and netdev. Normally this 3318 * function shouldn't need the netdev, but this is 3319 * done for backward compatibility -- previously 3320 * setting the channel was done per wiphy, but now 3321 * it is per netdev. Previous userland like hostapd 3322 * also passed a netdev to set_wiphy, so that it is 3323 * possible to let that go to the right netdev! 3324 */ 3325 3326 if (info->attrs[NL80211_ATTR_IFINDEX]) { 3327 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 3328 3329 netdev = __dev_get_by_index(genl_info_net(info), ifindex); 3330 if (netdev && netdev->ieee80211_ptr) 3331 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy); 3332 else 3333 netdev = NULL; 3334 } 3335 3336 if (!netdev) { 3337 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info), 3338 info->attrs); 3339 if (IS_ERR(rdev)) { 3340 rtnl_unlock(); 3341 return PTR_ERR(rdev); 3342 } 3343 wdev = NULL; 3344 netdev = NULL; 3345 result = 0; 3346 } else 3347 wdev = netdev->ieee80211_ptr; 3348 3349 wiphy_lock(&rdev->wiphy); 3350 3351 /* 3352 * end workaround code, by now the rdev is available 3353 * and locked, and wdev may or may not be NULL. 3354 */ 3355 3356 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 3357 result = cfg80211_dev_rename( 3358 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 3359 rtnl_unlock(); 3360 3361 if (result) 3362 goto out; 3363 3364 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 3365 struct ieee80211_txq_params txq_params; 3366 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 3367 3368 if (!rdev->ops->set_txq_params) { 3369 result = -EOPNOTSUPP; 3370 goto out; 3371 } 3372 3373 if (!netdev) { 3374 result = -EINVAL; 3375 goto out; 3376 } 3377 3378 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3379 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 3380 result = -EINVAL; 3381 goto out; 3382 } 3383 3384 if (!netif_running(netdev)) { 3385 result = -ENETDOWN; 3386 goto out; 3387 } 3388 3389 nla_for_each_nested(nl_txq_params, 3390 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 3391 rem_txq_params) { 3392 result = nla_parse_nested_deprecated(tb, 3393 NL80211_TXQ_ATTR_MAX, 3394 nl_txq_params, 3395 txq_params_policy, 3396 info->extack); 3397 if (result) 3398 goto out; 3399 result = parse_txq_params(tb, &txq_params); 3400 if (result) 3401 goto out; 3402 3403 result = rdev_set_txq_params(rdev, netdev, 3404 &txq_params); 3405 if (result) 3406 goto out; 3407 } 3408 } 3409 3410 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 3411 result = __nl80211_set_channel( 3412 rdev, 3413 nl80211_can_set_dev_channel(wdev) ? netdev : NULL, 3414 info); 3415 if (result) 3416 goto out; 3417 } 3418 3419 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 3420 struct wireless_dev *txp_wdev = wdev; 3421 enum nl80211_tx_power_setting type; 3422 int idx, mbm = 0; 3423 3424 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER)) 3425 txp_wdev = NULL; 3426 3427 if (!rdev->ops->set_tx_power) { 3428 result = -EOPNOTSUPP; 3429 goto out; 3430 } 3431 3432 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 3433 type = nla_get_u32(info->attrs[idx]); 3434 3435 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 3436 (type != NL80211_TX_POWER_AUTOMATIC)) { 3437 result = -EINVAL; 3438 goto out; 3439 } 3440 3441 if (type != NL80211_TX_POWER_AUTOMATIC) { 3442 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 3443 mbm = nla_get_u32(info->attrs[idx]); 3444 } 3445 3446 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm); 3447 if (result) 3448 goto out; 3449 } 3450 3451 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 3452 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 3453 u32 tx_ant, rx_ant; 3454 3455 if ((!rdev->wiphy.available_antennas_tx && 3456 !rdev->wiphy.available_antennas_rx) || 3457 !rdev->ops->set_antenna) { 3458 result = -EOPNOTSUPP; 3459 goto out; 3460 } 3461 3462 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 3463 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 3464 3465 /* reject antenna configurations which don't match the 3466 * available antenna masks, except for the "all" mask */ 3467 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 3468 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) { 3469 result = -EINVAL; 3470 goto out; 3471 } 3472 3473 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 3474 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 3475 3476 result = rdev_set_antenna(rdev, tx_ant, rx_ant); 3477 if (result) 3478 goto out; 3479 } 3480 3481 changed = 0; 3482 3483 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 3484 retry_short = nla_get_u8( 3485 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 3486 3487 changed |= WIPHY_PARAM_RETRY_SHORT; 3488 } 3489 3490 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 3491 retry_long = nla_get_u8( 3492 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 3493 3494 changed |= WIPHY_PARAM_RETRY_LONG; 3495 } 3496 3497 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 3498 frag_threshold = nla_get_u32( 3499 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 3500 if (frag_threshold < 256) { 3501 result = -EINVAL; 3502 goto out; 3503 } 3504 3505 if (frag_threshold != (u32) -1) { 3506 /* 3507 * Fragments (apart from the last one) are required to 3508 * have even length. Make the fragmentation code 3509 * simpler by stripping LSB should someone try to use 3510 * odd threshold value. 3511 */ 3512 frag_threshold &= ~0x1; 3513 } 3514 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 3515 } 3516 3517 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 3518 rts_threshold = nla_get_u32( 3519 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 3520 changed |= WIPHY_PARAM_RTS_THRESHOLD; 3521 } 3522 3523 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 3524 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) { 3525 result = -EINVAL; 3526 goto out; 3527 } 3528 3529 coverage_class = nla_get_u8( 3530 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 3531 changed |= WIPHY_PARAM_COVERAGE_CLASS; 3532 } 3533 3534 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) { 3535 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION)) { 3536 result = -EOPNOTSUPP; 3537 goto out; 3538 } 3539 3540 changed |= WIPHY_PARAM_DYN_ACK; 3541 } 3542 3543 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) { 3544 if (!wiphy_ext_feature_isset(&rdev->wiphy, 3545 NL80211_EXT_FEATURE_TXQS)) { 3546 result = -EOPNOTSUPP; 3547 goto out; 3548 } 3549 txq_limit = nla_get_u32( 3550 info->attrs[NL80211_ATTR_TXQ_LIMIT]); 3551 changed |= WIPHY_PARAM_TXQ_LIMIT; 3552 } 3553 3554 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) { 3555 if (!wiphy_ext_feature_isset(&rdev->wiphy, 3556 NL80211_EXT_FEATURE_TXQS)) { 3557 result = -EOPNOTSUPP; 3558 goto out; 3559 } 3560 txq_memory_limit = nla_get_u32( 3561 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]); 3562 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT; 3563 } 3564 3565 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) { 3566 if (!wiphy_ext_feature_isset(&rdev->wiphy, 3567 NL80211_EXT_FEATURE_TXQS)) { 3568 result = -EOPNOTSUPP; 3569 goto out; 3570 } 3571 txq_quantum = nla_get_u32( 3572 info->attrs[NL80211_ATTR_TXQ_QUANTUM]); 3573 changed |= WIPHY_PARAM_TXQ_QUANTUM; 3574 } 3575 3576 if (changed) { 3577 u8 old_retry_short, old_retry_long; 3578 u32 old_frag_threshold, old_rts_threshold; 3579 u8 old_coverage_class; 3580 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum; 3581 3582 if (!rdev->ops->set_wiphy_params) { 3583 result = -EOPNOTSUPP; 3584 goto out; 3585 } 3586 3587 old_retry_short = rdev->wiphy.retry_short; 3588 old_retry_long = rdev->wiphy.retry_long; 3589 old_frag_threshold = rdev->wiphy.frag_threshold; 3590 old_rts_threshold = rdev->wiphy.rts_threshold; 3591 old_coverage_class = rdev->wiphy.coverage_class; 3592 old_txq_limit = rdev->wiphy.txq_limit; 3593 old_txq_memory_limit = rdev->wiphy.txq_memory_limit; 3594 old_txq_quantum = rdev->wiphy.txq_quantum; 3595 3596 if (changed & WIPHY_PARAM_RETRY_SHORT) 3597 rdev->wiphy.retry_short = retry_short; 3598 if (changed & WIPHY_PARAM_RETRY_LONG) 3599 rdev->wiphy.retry_long = retry_long; 3600 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 3601 rdev->wiphy.frag_threshold = frag_threshold; 3602 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 3603 rdev->wiphy.rts_threshold = rts_threshold; 3604 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 3605 rdev->wiphy.coverage_class = coverage_class; 3606 if (changed & WIPHY_PARAM_TXQ_LIMIT) 3607 rdev->wiphy.txq_limit = txq_limit; 3608 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT) 3609 rdev->wiphy.txq_memory_limit = txq_memory_limit; 3610 if (changed & WIPHY_PARAM_TXQ_QUANTUM) 3611 rdev->wiphy.txq_quantum = txq_quantum; 3612 3613 result = rdev_set_wiphy_params(rdev, changed); 3614 if (result) { 3615 rdev->wiphy.retry_short = old_retry_short; 3616 rdev->wiphy.retry_long = old_retry_long; 3617 rdev->wiphy.frag_threshold = old_frag_threshold; 3618 rdev->wiphy.rts_threshold = old_rts_threshold; 3619 rdev->wiphy.coverage_class = old_coverage_class; 3620 rdev->wiphy.txq_limit = old_txq_limit; 3621 rdev->wiphy.txq_memory_limit = old_txq_memory_limit; 3622 rdev->wiphy.txq_quantum = old_txq_quantum; 3623 goto out; 3624 } 3625 } 3626 3627 result = 0; 3628 3629out: 3630 wiphy_unlock(&rdev->wiphy); 3631 return result; 3632} 3633 3634static int nl80211_send_chandef(struct sk_buff *msg, 3635 const struct cfg80211_chan_def *chandef) 3636{ 3637 if (WARN_ON(!cfg80211_chandef_valid(chandef))) 3638 return -EINVAL; 3639 3640 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 3641 chandef->chan->center_freq)) 3642 return -ENOBUFS; 3643 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, 3644 chandef->chan->freq_offset)) 3645 return -ENOBUFS; 3646 switch (chandef->width) { 3647 case NL80211_CHAN_WIDTH_20_NOHT: 3648 case NL80211_CHAN_WIDTH_20: 3649 case NL80211_CHAN_WIDTH_40: 3650 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3651 cfg80211_get_chandef_type(chandef))) 3652 return -ENOBUFS; 3653 break; 3654 default: 3655 break; 3656 } 3657 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width)) 3658 return -ENOBUFS; 3659 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1)) 3660 return -ENOBUFS; 3661 if (chandef->center_freq2 && 3662 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2)) 3663 return -ENOBUFS; 3664 return 0; 3665} 3666 3667static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags, 3668 struct cfg80211_registered_device *rdev, 3669 struct wireless_dev *wdev, 3670 enum nl80211_commands cmd) 3671{ 3672 struct net_device *dev = wdev->netdev; 3673 void *hdr; 3674 3675 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE && 3676 cmd != NL80211_CMD_DEL_INTERFACE && 3677 cmd != NL80211_CMD_SET_INTERFACE); 3678 3679 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 3680 if (!hdr) 3681 return -1; 3682 3683 if (dev && 3684 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3685 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name))) 3686 goto nla_put_failure; 3687 3688 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 3689 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) || 3690 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 3691 NL80211_ATTR_PAD) || 3692 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) || 3693 nla_put_u32(msg, NL80211_ATTR_GENERATION, 3694 rdev->devlist_generation ^ 3695 (cfg80211_rdev_list_generation << 2)) || 3696 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr)) 3697 goto nla_put_failure; 3698 3699 if (rdev->ops->get_channel) { 3700 int ret; 3701 struct cfg80211_chan_def chandef = {}; 3702 3703 ret = rdev_get_channel(rdev, wdev, &chandef); 3704 if (ret == 0) { 3705 if (nl80211_send_chandef(msg, &chandef)) 3706 goto nla_put_failure; 3707 } 3708 } 3709 3710 if (rdev->ops->get_tx_power) { 3711 int dbm, ret; 3712 3713 ret = rdev_get_tx_power(rdev, wdev, &dbm); 3714 if (ret == 0 && 3715 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL, 3716 DBM_TO_MBM(dbm))) 3717 goto nla_put_failure; 3718 } 3719 3720 wdev_lock(wdev); 3721 switch (wdev->iftype) { 3722 case NL80211_IFTYPE_AP: 3723 case NL80211_IFTYPE_P2P_GO: 3724 if (wdev->ssid_len && 3725 nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid)) 3726 goto nla_put_failure_locked; 3727 break; 3728 case NL80211_IFTYPE_STATION: 3729 case NL80211_IFTYPE_P2P_CLIENT: 3730 case NL80211_IFTYPE_ADHOC: { 3731 const struct element *ssid_elem; 3732 3733 if (!wdev->current_bss) 3734 break; 3735 rcu_read_lock(); 3736 ssid_elem = ieee80211_bss_get_elem(&wdev->current_bss->pub, 3737 WLAN_EID_SSID); 3738 if (ssid_elem && 3739 nla_put(msg, NL80211_ATTR_SSID, ssid_elem->datalen, 3740 ssid_elem->data)) 3741 goto nla_put_failure_rcu_locked; 3742 rcu_read_unlock(); 3743 break; 3744 } 3745 default: 3746 /* nothing */ 3747 break; 3748 } 3749 wdev_unlock(wdev); 3750 3751 if (rdev->ops->get_txq_stats) { 3752 struct cfg80211_txq_stats txqstats = {}; 3753 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats); 3754 3755 if (ret == 0 && 3756 !nl80211_put_txq_stats(msg, &txqstats, 3757 NL80211_ATTR_TXQ_STATS)) 3758 goto nla_put_failure; 3759 } 3760 3761 genlmsg_end(msg, hdr); 3762 return 0; 3763 3764 nla_put_failure_rcu_locked: 3765 rcu_read_unlock(); 3766 nla_put_failure_locked: 3767 wdev_unlock(wdev); 3768 nla_put_failure: 3769 genlmsg_cancel(msg, hdr); 3770 return -EMSGSIZE; 3771} 3772 3773static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 3774{ 3775 int wp_idx = 0; 3776 int if_idx = 0; 3777 int wp_start = cb->args[0]; 3778 int if_start = cb->args[1]; 3779 int filter_wiphy = -1; 3780 struct cfg80211_registered_device *rdev; 3781 struct wireless_dev *wdev; 3782 int ret; 3783 3784 rtnl_lock(); 3785 if (!cb->args[2]) { 3786 struct nl80211_dump_wiphy_state state = { 3787 .filter_wiphy = -1, 3788 }; 3789 3790 ret = nl80211_dump_wiphy_parse(skb, cb, &state); 3791 if (ret) 3792 goto out_unlock; 3793 3794 filter_wiphy = state.filter_wiphy; 3795 3796 /* 3797 * if filtering, set cb->args[2] to +1 since 0 is the default 3798 * value needed to determine that parsing is necessary. 3799 */ 3800 if (filter_wiphy >= 0) 3801 cb->args[2] = filter_wiphy + 1; 3802 else 3803 cb->args[2] = -1; 3804 } else if (cb->args[2] > 0) { 3805 filter_wiphy = cb->args[2] - 1; 3806 } 3807 3808 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 3809 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 3810 continue; 3811 if (wp_idx < wp_start) { 3812 wp_idx++; 3813 continue; 3814 } 3815 3816 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx) 3817 continue; 3818 3819 if_idx = 0; 3820 3821 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 3822 if (if_idx < if_start) { 3823 if_idx++; 3824 continue; 3825 } 3826 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid, 3827 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3828 rdev, wdev, 3829 NL80211_CMD_NEW_INTERFACE) < 0) { 3830 goto out; 3831 } 3832 if_idx++; 3833 } 3834 3835 wp_idx++; 3836 } 3837 out: 3838 cb->args[0] = wp_idx; 3839 cb->args[1] = if_idx; 3840 3841 ret = skb->len; 3842 out_unlock: 3843 rtnl_unlock(); 3844 3845 return ret; 3846} 3847 3848static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 3849{ 3850 struct sk_buff *msg; 3851 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3852 struct wireless_dev *wdev = info->user_ptr[1]; 3853 3854 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3855 if (!msg) 3856 return -ENOMEM; 3857 3858 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 3859 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) { 3860 nlmsg_free(msg); 3861 return -ENOBUFS; 3862 } 3863 3864 return genlmsg_reply(msg, info); 3865} 3866 3867static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 3868 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 3869 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 3870 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 3871 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 3872 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 3873 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG }, 3874}; 3875 3876static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 3877{ 3878 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 3879 int flag; 3880 3881 *mntrflags = 0; 3882 3883 if (!nla) 3884 return -EINVAL; 3885 3886 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL)) 3887 return -EINVAL; 3888 3889 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 3890 if (flags[flag]) 3891 *mntrflags |= (1<<flag); 3892 3893 *mntrflags |= MONITOR_FLAG_CHANGED; 3894 3895 return 0; 3896} 3897 3898static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev, 3899 enum nl80211_iftype type, 3900 struct genl_info *info, 3901 struct vif_params *params) 3902{ 3903 bool change = false; 3904 int err; 3905 3906 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 3907 if (type != NL80211_IFTYPE_MONITOR) 3908 return -EINVAL; 3909 3910 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 3911 ¶ms->flags); 3912 if (err) 3913 return err; 3914 3915 change = true; 3916 } 3917 3918 if (params->flags & MONITOR_FLAG_ACTIVE && 3919 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR)) 3920 return -EOPNOTSUPP; 3921 3922 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) { 3923 const u8 *mumimo_groups; 3924 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER; 3925 3926 if (type != NL80211_IFTYPE_MONITOR) 3927 return -EINVAL; 3928 3929 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag)) 3930 return -EOPNOTSUPP; 3931 3932 mumimo_groups = 3933 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]); 3934 3935 /* bits 0 and 63 are reserved and must be zero */ 3936 if ((mumimo_groups[0] & BIT(0)) || 3937 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7))) 3938 return -EINVAL; 3939 3940 params->vht_mumimo_groups = mumimo_groups; 3941 change = true; 3942 } 3943 3944 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) { 3945 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER; 3946 3947 if (type != NL80211_IFTYPE_MONITOR) 3948 return -EINVAL; 3949 3950 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag)) 3951 return -EOPNOTSUPP; 3952 3953 params->vht_mumimo_follow_addr = 3954 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]); 3955 change = true; 3956 } 3957 3958 return change ? 1 : 0; 3959} 3960 3961static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 3962 struct net_device *netdev, u8 use_4addr, 3963 enum nl80211_iftype iftype) 3964{ 3965 if (!use_4addr) { 3966 if (netdev && netif_is_bridge_port(netdev)) 3967 return -EBUSY; 3968 return 0; 3969 } 3970 3971 switch (iftype) { 3972 case NL80211_IFTYPE_AP_VLAN: 3973 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 3974 return 0; 3975 break; 3976 case NL80211_IFTYPE_STATION: 3977 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 3978 return 0; 3979 break; 3980 default: 3981 break; 3982 } 3983 3984 return -EOPNOTSUPP; 3985} 3986 3987static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 3988{ 3989 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3990 struct vif_params params; 3991 int err; 3992 enum nl80211_iftype otype, ntype; 3993 struct net_device *dev = info->user_ptr[1]; 3994 bool change = false; 3995 3996 memset(¶ms, 0, sizeof(params)); 3997 3998 otype = ntype = dev->ieee80211_ptr->iftype; 3999 4000 if (info->attrs[NL80211_ATTR_IFTYPE]) { 4001 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 4002 if (otype != ntype) 4003 change = true; 4004 } 4005 4006 if (info->attrs[NL80211_ATTR_MESH_ID]) { 4007 struct wireless_dev *wdev = dev->ieee80211_ptr; 4008 4009 if (ntype != NL80211_IFTYPE_MESH_POINT) 4010 return -EINVAL; 4011 if (netif_running(dev)) 4012 return -EBUSY; 4013 4014 wdev_lock(wdev); 4015 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 4016 IEEE80211_MAX_MESH_ID_LEN); 4017 wdev->mesh_id_up_len = 4018 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 4019 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 4020 wdev->mesh_id_up_len); 4021 wdev_unlock(wdev); 4022 } 4023 4024 if (info->attrs[NL80211_ATTR_4ADDR]) { 4025 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 4026 change = true; 4027 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 4028 if (err) 4029 return err; 4030 } else { 4031 params.use_4addr = -1; 4032 } 4033 4034 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms); 4035 if (err < 0) 4036 return err; 4037 if (err > 0) 4038 change = true; 4039 4040 if (change) 4041 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms); 4042 else 4043 err = 0; 4044 4045 if (!err && params.use_4addr != -1) 4046 dev->ieee80211_ptr->use_4addr = params.use_4addr; 4047 4048 if (change && !err) { 4049 struct wireless_dev *wdev = dev->ieee80211_ptr; 4050 4051 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE); 4052 } 4053 4054 return err; 4055} 4056 4057static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 4058{ 4059 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4060 struct vif_params params; 4061 struct wireless_dev *wdev; 4062 struct sk_buff *msg; 4063 int err; 4064 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 4065 4066 memset(¶ms, 0, sizeof(params)); 4067 4068 if (!info->attrs[NL80211_ATTR_IFNAME]) 4069 return -EINVAL; 4070 4071 if (info->attrs[NL80211_ATTR_IFTYPE]) 4072 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 4073 4074 if (!rdev->ops->add_virtual_intf) 4075 return -EOPNOTSUPP; 4076 4077 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN || 4078 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) && 4079 info->attrs[NL80211_ATTR_MAC]) { 4080 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC], 4081 ETH_ALEN); 4082 if (!is_valid_ether_addr(params.macaddr)) 4083 return -EADDRNOTAVAIL; 4084 } 4085 4086 if (info->attrs[NL80211_ATTR_4ADDR]) { 4087 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 4088 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 4089 if (err) 4090 return err; 4091 } 4092 4093 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0)) 4094 return -EOPNOTSUPP; 4095 4096 err = nl80211_parse_mon_options(rdev, type, info, ¶ms); 4097 if (err < 0) 4098 return err; 4099 4100 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4101 if (!msg) 4102 return -ENOMEM; 4103 4104 wdev = rdev_add_virtual_intf(rdev, 4105 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 4106 NET_NAME_USER, type, ¶ms); 4107 if (WARN_ON(!wdev)) { 4108 nlmsg_free(msg); 4109 return -EPROTO; 4110 } else if (IS_ERR(wdev)) { 4111 nlmsg_free(msg); 4112 return PTR_ERR(wdev); 4113 } 4114 4115 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 4116 wdev->owner_nlportid = info->snd_portid; 4117 4118 switch (type) { 4119 case NL80211_IFTYPE_MESH_POINT: 4120 if (!info->attrs[NL80211_ATTR_MESH_ID]) 4121 break; 4122 wdev_lock(wdev); 4123 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 4124 IEEE80211_MAX_MESH_ID_LEN); 4125 wdev->mesh_id_up_len = 4126 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 4127 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 4128 wdev->mesh_id_up_len); 4129 wdev_unlock(wdev); 4130 break; 4131 case NL80211_IFTYPE_NAN: 4132 case NL80211_IFTYPE_P2P_DEVICE: 4133 /* 4134 * P2P Device and NAN do not have a netdev, so don't go 4135 * through the netdev notifier and must be added here 4136 */ 4137 cfg80211_init_wdev(wdev); 4138 cfg80211_register_wdev(rdev, wdev); 4139 break; 4140 default: 4141 break; 4142 } 4143 4144 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 4145 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) { 4146 nlmsg_free(msg); 4147 return -ENOBUFS; 4148 } 4149 4150 return genlmsg_reply(msg, info); 4151} 4152 4153static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 4154{ 4155 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4156 int ret; 4157 4158 /* to avoid failing a new interface creation due to pending removal */ 4159 cfg80211_destroy_ifaces(rdev); 4160 4161 wiphy_lock(&rdev->wiphy); 4162 ret = _nl80211_new_interface(skb, info); 4163 wiphy_unlock(&rdev->wiphy); 4164 4165 return ret; 4166} 4167 4168static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 4169{ 4170 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4171 struct wireless_dev *wdev = info->user_ptr[1]; 4172 4173 if (!rdev->ops->del_virtual_intf) 4174 return -EOPNOTSUPP; 4175 4176 /* 4177 * We hold RTNL, so this is safe, without RTNL opencount cannot 4178 * reach 0, and thus the rdev cannot be deleted. 4179 * 4180 * We need to do it for the dev_close(), since that will call 4181 * the netdev notifiers, and we need to acquire the mutex there 4182 * but don't know if we get there from here or from some other 4183 * place (e.g. "ip link set ... down"). 4184 */ 4185 mutex_unlock(&rdev->wiphy.mtx); 4186 4187 /* 4188 * If we remove a wireless device without a netdev then clear 4189 * user_ptr[1] so that nl80211_post_doit won't dereference it 4190 * to check if it needs to do dev_put(). Otherwise it crashes 4191 * since the wdev has been freed, unlike with a netdev where 4192 * we need the dev_put() for the netdev to really be freed. 4193 */ 4194 if (!wdev->netdev) 4195 info->user_ptr[1] = NULL; 4196 else 4197 dev_close(wdev->netdev); 4198 4199 mutex_lock(&rdev->wiphy.mtx); 4200 4201 return rdev_del_virtual_intf(rdev, wdev); 4202} 4203 4204static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 4205{ 4206 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4207 struct net_device *dev = info->user_ptr[1]; 4208 u16 noack_map; 4209 4210 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 4211 return -EINVAL; 4212 4213 if (!rdev->ops->set_noack_map) 4214 return -EOPNOTSUPP; 4215 4216 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 4217 4218 return rdev_set_noack_map(rdev, dev, noack_map); 4219} 4220 4221struct get_key_cookie { 4222 struct sk_buff *msg; 4223 int error; 4224 int idx; 4225}; 4226 4227static void get_key_callback(void *c, struct key_params *params) 4228{ 4229 struct nlattr *key; 4230 struct get_key_cookie *cookie = c; 4231 4232 if ((params->key && 4233 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA, 4234 params->key_len, params->key)) || 4235 (params->seq && 4236 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ, 4237 params->seq_len, params->seq)) || 4238 (params->cipher && 4239 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 4240 params->cipher))) 4241 goto nla_put_failure; 4242 4243 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY); 4244 if (!key) 4245 goto nla_put_failure; 4246 4247 if ((params->key && 4248 nla_put(cookie->msg, NL80211_KEY_DATA, 4249 params->key_len, params->key)) || 4250 (params->seq && 4251 nla_put(cookie->msg, NL80211_KEY_SEQ, 4252 params->seq_len, params->seq)) || 4253 (params->cipher && 4254 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER, 4255 params->cipher))) 4256 goto nla_put_failure; 4257 4258 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx)) 4259 goto nla_put_failure; 4260 4261 nla_nest_end(cookie->msg, key); 4262 4263 return; 4264 nla_put_failure: 4265 cookie->error = 1; 4266} 4267 4268static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 4269{ 4270 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4271 int err; 4272 struct net_device *dev = info->user_ptr[1]; 4273 u8 key_idx = 0; 4274 const u8 *mac_addr = NULL; 4275 bool pairwise; 4276 struct get_key_cookie cookie = { 4277 .error = 0, 4278 }; 4279 void *hdr; 4280 struct sk_buff *msg; 4281 bool bigtk_support = false; 4282 4283 if (wiphy_ext_feature_isset(&rdev->wiphy, 4284 NL80211_EXT_FEATURE_BEACON_PROTECTION)) 4285 bigtk_support = true; 4286 4287 if ((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_STATION || 4288 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_CLIENT) && 4289 wiphy_ext_feature_isset(&rdev->wiphy, 4290 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT)) 4291 bigtk_support = true; 4292 4293 if (info->attrs[NL80211_ATTR_KEY_IDX]) { 4294 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 4295 4296 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) { 4297 GENL_SET_ERR_MSG(info, "BIGTK not supported"); 4298 return -EINVAL; 4299 } 4300 } 4301 4302 if (info->attrs[NL80211_ATTR_MAC]) 4303 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4304 4305 pairwise = !!mac_addr; 4306 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 4307 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 4308 4309 if (kt != NL80211_KEYTYPE_GROUP && 4310 kt != NL80211_KEYTYPE_PAIRWISE) 4311 return -EINVAL; 4312 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 4313 } 4314 4315 if (!rdev->ops->get_key) 4316 return -EOPNOTSUPP; 4317 4318 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 4319 return -ENOENT; 4320 4321 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4322 if (!msg) 4323 return -ENOMEM; 4324 4325 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 4326 NL80211_CMD_NEW_KEY); 4327 if (!hdr) 4328 goto nla_put_failure; 4329 4330 cookie.msg = msg; 4331 cookie.idx = key_idx; 4332 4333 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 4334 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx)) 4335 goto nla_put_failure; 4336 if (mac_addr && 4337 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 4338 goto nla_put_failure; 4339 4340 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie, 4341 get_key_callback); 4342 4343 if (err) 4344 goto free_msg; 4345 4346 if (cookie.error) 4347 goto nla_put_failure; 4348 4349 genlmsg_end(msg, hdr); 4350 return genlmsg_reply(msg, info); 4351 4352 nla_put_failure: 4353 err = -ENOBUFS; 4354 free_msg: 4355 nlmsg_free(msg); 4356 return err; 4357} 4358 4359static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 4360{ 4361 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4362 struct key_parse key; 4363 int err; 4364 struct net_device *dev = info->user_ptr[1]; 4365 4366 err = nl80211_parse_key(info, &key); 4367 if (err) 4368 return err; 4369 4370 if (key.idx < 0) 4371 return -EINVAL; 4372 4373 /* Only support setting default key and 4374 * Extended Key ID action NL80211_KEY_SET_TX. 4375 */ 4376 if (!key.def && !key.defmgmt && !key.defbeacon && 4377 !(key.p.mode == NL80211_KEY_SET_TX)) 4378 return -EINVAL; 4379 4380 wdev_lock(dev->ieee80211_ptr); 4381 4382 if (key.def) { 4383 if (!rdev->ops->set_default_key) { 4384 err = -EOPNOTSUPP; 4385 goto out; 4386 } 4387 4388 err = nl80211_key_allowed(dev->ieee80211_ptr); 4389 if (err) 4390 goto out; 4391 4392 err = rdev_set_default_key(rdev, dev, key.idx, 4393 key.def_uni, key.def_multi); 4394 4395 if (err) 4396 goto out; 4397 4398#ifdef CONFIG_CFG80211_WEXT 4399 dev->ieee80211_ptr->wext.default_key = key.idx; 4400#endif 4401 } else if (key.defmgmt) { 4402 if (key.def_uni || !key.def_multi) { 4403 err = -EINVAL; 4404 goto out; 4405 } 4406 4407 if (!rdev->ops->set_default_mgmt_key) { 4408 err = -EOPNOTSUPP; 4409 goto out; 4410 } 4411 4412 err = nl80211_key_allowed(dev->ieee80211_ptr); 4413 if (err) 4414 goto out; 4415 4416 err = rdev_set_default_mgmt_key(rdev, dev, key.idx); 4417 if (err) 4418 goto out; 4419 4420#ifdef CONFIG_CFG80211_WEXT 4421 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 4422#endif 4423 } else if (key.defbeacon) { 4424 if (key.def_uni || !key.def_multi) { 4425 err = -EINVAL; 4426 goto out; 4427 } 4428 4429 if (!rdev->ops->set_default_beacon_key) { 4430 err = -EOPNOTSUPP; 4431 goto out; 4432 } 4433 4434 err = nl80211_key_allowed(dev->ieee80211_ptr); 4435 if (err) 4436 goto out; 4437 4438 err = rdev_set_default_beacon_key(rdev, dev, key.idx); 4439 if (err) 4440 goto out; 4441 } else if (key.p.mode == NL80211_KEY_SET_TX && 4442 wiphy_ext_feature_isset(&rdev->wiphy, 4443 NL80211_EXT_FEATURE_EXT_KEY_ID)) { 4444 u8 *mac_addr = NULL; 4445 4446 if (info->attrs[NL80211_ATTR_MAC]) 4447 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4448 4449 if (!mac_addr || key.idx < 0 || key.idx > 1) { 4450 err = -EINVAL; 4451 goto out; 4452 } 4453 4454 err = rdev_add_key(rdev, dev, key.idx, 4455 NL80211_KEYTYPE_PAIRWISE, 4456 mac_addr, &key.p); 4457 } else { 4458 err = -EINVAL; 4459 } 4460 out: 4461 wdev_unlock(dev->ieee80211_ptr); 4462 4463 return err; 4464} 4465 4466static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 4467{ 4468 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4469 int err; 4470 struct net_device *dev = info->user_ptr[1]; 4471 struct key_parse key; 4472 const u8 *mac_addr = NULL; 4473 4474 err = nl80211_parse_key(info, &key); 4475 if (err) 4476 return err; 4477 4478 if (!key.p.key) { 4479 GENL_SET_ERR_MSG(info, "no key"); 4480 return -EINVAL; 4481 } 4482 4483 if (info->attrs[NL80211_ATTR_MAC]) 4484 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4485 4486 if (key.type == -1) { 4487 if (mac_addr) 4488 key.type = NL80211_KEYTYPE_PAIRWISE; 4489 else 4490 key.type = NL80211_KEYTYPE_GROUP; 4491 } 4492 4493 /* for now */ 4494 if (key.type != NL80211_KEYTYPE_PAIRWISE && 4495 key.type != NL80211_KEYTYPE_GROUP) { 4496 GENL_SET_ERR_MSG(info, "key type not pairwise or group"); 4497 return -EINVAL; 4498 } 4499 4500 if (key.type == NL80211_KEYTYPE_GROUP && 4501 info->attrs[NL80211_ATTR_VLAN_ID]) 4502 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]); 4503 4504 if (!rdev->ops->add_key) 4505 return -EOPNOTSUPP; 4506 4507 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 4508 key.type == NL80211_KEYTYPE_PAIRWISE, 4509 mac_addr)) { 4510 GENL_SET_ERR_MSG(info, "key setting validation failed"); 4511 return -EINVAL; 4512 } 4513 4514 wdev_lock(dev->ieee80211_ptr); 4515 err = nl80211_key_allowed(dev->ieee80211_ptr); 4516 if (err) 4517 GENL_SET_ERR_MSG(info, "key not allowed"); 4518 if (!err) { 4519 err = rdev_add_key(rdev, dev, key.idx, 4520 key.type == NL80211_KEYTYPE_PAIRWISE, 4521 mac_addr, &key.p); 4522 if (err) 4523 GENL_SET_ERR_MSG(info, "key addition failed"); 4524 } 4525 wdev_unlock(dev->ieee80211_ptr); 4526 4527 return err; 4528} 4529 4530static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 4531{ 4532 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4533 int err; 4534 struct net_device *dev = info->user_ptr[1]; 4535 u8 *mac_addr = NULL; 4536 struct key_parse key; 4537 4538 err = nl80211_parse_key(info, &key); 4539 if (err) 4540 return err; 4541 4542 if (info->attrs[NL80211_ATTR_MAC]) 4543 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4544 4545 if (key.type == -1) { 4546 if (mac_addr) 4547 key.type = NL80211_KEYTYPE_PAIRWISE; 4548 else 4549 key.type = NL80211_KEYTYPE_GROUP; 4550 } 4551 4552 /* for now */ 4553 if (key.type != NL80211_KEYTYPE_PAIRWISE && 4554 key.type != NL80211_KEYTYPE_GROUP) 4555 return -EINVAL; 4556 4557 if (!cfg80211_valid_key_idx(rdev, key.idx, 4558 key.type == NL80211_KEYTYPE_PAIRWISE)) 4559 return -EINVAL; 4560 4561 if (!rdev->ops->del_key) 4562 return -EOPNOTSUPP; 4563 4564 wdev_lock(dev->ieee80211_ptr); 4565 err = nl80211_key_allowed(dev->ieee80211_ptr); 4566 4567 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr && 4568 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 4569 err = -ENOENT; 4570 4571 if (!err) 4572 err = rdev_del_key(rdev, dev, key.idx, 4573 key.type == NL80211_KEYTYPE_PAIRWISE, 4574 mac_addr); 4575 4576#ifdef CONFIG_CFG80211_WEXT 4577 if (!err) { 4578 if (key.idx == dev->ieee80211_ptr->wext.default_key) 4579 dev->ieee80211_ptr->wext.default_key = -1; 4580 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 4581 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 4582 } 4583#endif 4584 wdev_unlock(dev->ieee80211_ptr); 4585 4586 return err; 4587} 4588 4589/* This function returns an error or the number of nested attributes */ 4590static int validate_acl_mac_addrs(struct nlattr *nl_attr) 4591{ 4592 struct nlattr *attr; 4593 int n_entries = 0, tmp; 4594 4595 nla_for_each_nested(attr, nl_attr, tmp) { 4596 if (nla_len(attr) != ETH_ALEN) 4597 return -EINVAL; 4598 4599 n_entries++; 4600 } 4601 4602 return n_entries; 4603} 4604 4605/* 4606 * This function parses ACL information and allocates memory for ACL data. 4607 * On successful return, the calling function is responsible to free the 4608 * ACL buffer returned by this function. 4609 */ 4610static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy, 4611 struct genl_info *info) 4612{ 4613 enum nl80211_acl_policy acl_policy; 4614 struct nlattr *attr; 4615 struct cfg80211_acl_data *acl; 4616 int i = 0, n_entries, tmp; 4617 4618 if (!wiphy->max_acl_mac_addrs) 4619 return ERR_PTR(-EOPNOTSUPP); 4620 4621 if (!info->attrs[NL80211_ATTR_ACL_POLICY]) 4622 return ERR_PTR(-EINVAL); 4623 4624 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]); 4625 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED && 4626 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED) 4627 return ERR_PTR(-EINVAL); 4628 4629 if (!info->attrs[NL80211_ATTR_MAC_ADDRS]) 4630 return ERR_PTR(-EINVAL); 4631 4632 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]); 4633 if (n_entries < 0) 4634 return ERR_PTR(n_entries); 4635 4636 if (n_entries > wiphy->max_acl_mac_addrs) 4637 return ERR_PTR(-ENOTSUPP); 4638 4639 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL); 4640 if (!acl) 4641 return ERR_PTR(-ENOMEM); 4642 4643 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) { 4644 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN); 4645 i++; 4646 } 4647 4648 acl->n_acl_entries = n_entries; 4649 acl->acl_policy = acl_policy; 4650 4651 return acl; 4652} 4653 4654static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info) 4655{ 4656 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4657 struct net_device *dev = info->user_ptr[1]; 4658 struct cfg80211_acl_data *acl; 4659 int err; 4660 4661 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 4662 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4663 return -EOPNOTSUPP; 4664 4665 if (!dev->ieee80211_ptr->beacon_interval) 4666 return -EINVAL; 4667 4668 acl = parse_acl_data(&rdev->wiphy, info); 4669 if (IS_ERR(acl)) 4670 return PTR_ERR(acl); 4671 4672 err = rdev_set_mac_acl(rdev, dev, acl); 4673 4674 kfree(acl); 4675 4676 return err; 4677} 4678 4679static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 4680 u8 *rates, u8 rates_len) 4681{ 4682 u8 i; 4683 u32 mask = 0; 4684 4685 for (i = 0; i < rates_len; i++) { 4686 int rate = (rates[i] & 0x7f) * 5; 4687 int ridx; 4688 4689 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 4690 struct ieee80211_rate *srate = 4691 &sband->bitrates[ridx]; 4692 if (rate == srate->bitrate) { 4693 mask |= 1 << ridx; 4694 break; 4695 } 4696 } 4697 if (ridx == sband->n_bitrates) 4698 return 0; /* rate not found */ 4699 } 4700 4701 return mask; 4702} 4703 4704static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 4705 u8 *rates, u8 rates_len, 4706 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 4707{ 4708 u8 i; 4709 4710 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 4711 4712 for (i = 0; i < rates_len; i++) { 4713 int ridx, rbit; 4714 4715 ridx = rates[i] / 8; 4716 rbit = BIT(rates[i] % 8); 4717 4718 /* check validity */ 4719 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 4720 return false; 4721 4722 /* check availability */ 4723 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN); 4724 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 4725 mcs[ridx] |= rbit; 4726 else 4727 return false; 4728 } 4729 4730 return true; 4731} 4732 4733static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map) 4734{ 4735 u16 mcs_mask = 0; 4736 4737 switch (vht_mcs_map) { 4738 case IEEE80211_VHT_MCS_NOT_SUPPORTED: 4739 break; 4740 case IEEE80211_VHT_MCS_SUPPORT_0_7: 4741 mcs_mask = 0x00FF; 4742 break; 4743 case IEEE80211_VHT_MCS_SUPPORT_0_8: 4744 mcs_mask = 0x01FF; 4745 break; 4746 case IEEE80211_VHT_MCS_SUPPORT_0_9: 4747 mcs_mask = 0x03FF; 4748 break; 4749 default: 4750 break; 4751 } 4752 4753 return mcs_mask; 4754} 4755 4756static void vht_build_mcs_mask(u16 vht_mcs_map, 4757 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX]) 4758{ 4759 u8 nss; 4760 4761 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) { 4762 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03); 4763 vht_mcs_map >>= 2; 4764 } 4765} 4766 4767static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband, 4768 struct nl80211_txrate_vht *txrate, 4769 u16 mcs[NL80211_VHT_NSS_MAX]) 4770{ 4771 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map); 4772 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {}; 4773 u8 i; 4774 4775 if (!sband->vht_cap.vht_supported) 4776 return false; 4777 4778 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX); 4779 4780 /* Build vht_mcs_mask from VHT capabilities */ 4781 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask); 4782 4783 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) { 4784 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i]) 4785 mcs[i] = txrate->mcs[i]; 4786 else 4787 return false; 4788 } 4789 4790 return true; 4791} 4792 4793static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map) 4794{ 4795 switch (he_mcs_map) { 4796 case IEEE80211_HE_MCS_NOT_SUPPORTED: 4797 return 0; 4798 case IEEE80211_HE_MCS_SUPPORT_0_7: 4799 return 0x00FF; 4800 case IEEE80211_HE_MCS_SUPPORT_0_9: 4801 return 0x03FF; 4802 case IEEE80211_HE_MCS_SUPPORT_0_11: 4803 return 0xFFF; 4804 default: 4805 break; 4806 } 4807 return 0; 4808} 4809 4810static void he_build_mcs_mask(u16 he_mcs_map, 4811 u16 he_mcs_mask[NL80211_HE_NSS_MAX]) 4812{ 4813 u8 nss; 4814 4815 for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) { 4816 he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03); 4817 he_mcs_map >>= 2; 4818 } 4819} 4820 4821static u16 he_get_txmcsmap(struct genl_info *info, 4822 const struct ieee80211_sta_he_cap *he_cap) 4823{ 4824 struct net_device *dev = info->user_ptr[1]; 4825 struct wireless_dev *wdev = dev->ieee80211_ptr; 4826 __le16 tx_mcs; 4827 4828 switch (wdev->chandef.width) { 4829 case NL80211_CHAN_WIDTH_80P80: 4830 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80; 4831 break; 4832 case NL80211_CHAN_WIDTH_160: 4833 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160; 4834 break; 4835 default: 4836 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80; 4837 break; 4838 } 4839 return le16_to_cpu(tx_mcs); 4840} 4841 4842static bool he_set_mcs_mask(struct genl_info *info, 4843 struct wireless_dev *wdev, 4844 struct ieee80211_supported_band *sband, 4845 struct nl80211_txrate_he *txrate, 4846 u16 mcs[NL80211_HE_NSS_MAX]) 4847{ 4848 const struct ieee80211_sta_he_cap *he_cap; 4849 u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {}; 4850 u16 tx_mcs_map = 0; 4851 u8 i; 4852 4853 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype); 4854 if (!he_cap) 4855 return false; 4856 4857 memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX); 4858 4859 tx_mcs_map = he_get_txmcsmap(info, he_cap); 4860 4861 /* Build he_mcs_mask from HE capabilities */ 4862 he_build_mcs_mask(tx_mcs_map, tx_mcs_mask); 4863 4864 for (i = 0; i < NL80211_HE_NSS_MAX; i++) { 4865 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i]) 4866 mcs[i] = txrate->mcs[i]; 4867 else 4868 return false; 4869 } 4870 4871 return true; 4872} 4873 4874static int nl80211_parse_tx_bitrate_mask(struct genl_info *info, 4875 struct nlattr *attrs[], 4876 enum nl80211_attrs attr, 4877 struct cfg80211_bitrate_mask *mask, 4878 struct net_device *dev, 4879 bool default_all_enabled) 4880{ 4881 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 4882 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4883 struct wireless_dev *wdev = dev->ieee80211_ptr; 4884 int rem, i; 4885 struct nlattr *tx_rates; 4886 struct ieee80211_supported_band *sband; 4887 u16 vht_tx_mcs_map, he_tx_mcs_map; 4888 4889 memset(mask, 0, sizeof(*mask)); 4890 /* Default to all rates enabled */ 4891 for (i = 0; i < NUM_NL80211_BANDS; i++) { 4892 const struct ieee80211_sta_he_cap *he_cap; 4893 4894 if (!default_all_enabled) 4895 break; 4896 4897 sband = rdev->wiphy.bands[i]; 4898 4899 if (!sband) 4900 continue; 4901 4902 mask->control[i].legacy = (1 << sband->n_bitrates) - 1; 4903 memcpy(mask->control[i].ht_mcs, 4904 sband->ht_cap.mcs.rx_mask, 4905 sizeof(mask->control[i].ht_mcs)); 4906 4907 if (sband->vht_cap.vht_supported) { 4908 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map); 4909 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs); 4910 } 4911 4912 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype); 4913 if (!he_cap) 4914 continue; 4915 4916 he_tx_mcs_map = he_get_txmcsmap(info, he_cap); 4917 he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs); 4918 4919 mask->control[i].he_gi = 0xFF; 4920 mask->control[i].he_ltf = 0xFF; 4921 } 4922 4923 /* if no rates are given set it back to the defaults */ 4924 if (!attrs[attr]) 4925 goto out; 4926 4927 /* The nested attribute uses enum nl80211_band as the index. This maps 4928 * directly to the enum nl80211_band values used in cfg80211. 4929 */ 4930 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 4931 nla_for_each_nested(tx_rates, attrs[attr], rem) { 4932 enum nl80211_band band = nla_type(tx_rates); 4933 int err; 4934 4935 if (band < 0 || band >= NUM_NL80211_BANDS) 4936 return -EINVAL; 4937 sband = rdev->wiphy.bands[band]; 4938 if (sband == NULL) 4939 return -EINVAL; 4940 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX, 4941 tx_rates, 4942 nl80211_txattr_policy, 4943 info->extack); 4944 if (err) 4945 return err; 4946 if (tb[NL80211_TXRATE_LEGACY]) { 4947 mask->control[band].legacy = rateset_to_mask( 4948 sband, 4949 nla_data(tb[NL80211_TXRATE_LEGACY]), 4950 nla_len(tb[NL80211_TXRATE_LEGACY])); 4951 if ((mask->control[band].legacy == 0) && 4952 nla_len(tb[NL80211_TXRATE_LEGACY])) 4953 return -EINVAL; 4954 } 4955 if (tb[NL80211_TXRATE_HT]) { 4956 if (!ht_rateset_to_mask( 4957 sband, 4958 nla_data(tb[NL80211_TXRATE_HT]), 4959 nla_len(tb[NL80211_TXRATE_HT]), 4960 mask->control[band].ht_mcs)) 4961 return -EINVAL; 4962 } 4963 4964 if (tb[NL80211_TXRATE_VHT]) { 4965 if (!vht_set_mcs_mask( 4966 sband, 4967 nla_data(tb[NL80211_TXRATE_VHT]), 4968 mask->control[band].vht_mcs)) 4969 return -EINVAL; 4970 } 4971 4972 if (tb[NL80211_TXRATE_GI]) { 4973 mask->control[band].gi = 4974 nla_get_u8(tb[NL80211_TXRATE_GI]); 4975 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI) 4976 return -EINVAL; 4977 } 4978 if (tb[NL80211_TXRATE_HE] && 4979 !he_set_mcs_mask(info, wdev, sband, 4980 nla_data(tb[NL80211_TXRATE_HE]), 4981 mask->control[band].he_mcs)) 4982 return -EINVAL; 4983 4984 if (tb[NL80211_TXRATE_HE_GI]) 4985 mask->control[band].he_gi = 4986 nla_get_u8(tb[NL80211_TXRATE_HE_GI]); 4987 if (tb[NL80211_TXRATE_HE_LTF]) 4988 mask->control[band].he_ltf = 4989 nla_get_u8(tb[NL80211_TXRATE_HE_LTF]); 4990 4991 if (mask->control[band].legacy == 0) { 4992 /* don't allow empty legacy rates if HT, VHT or HE 4993 * are not even supported. 4994 */ 4995 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported || 4996 rdev->wiphy.bands[band]->vht_cap.vht_supported || 4997 ieee80211_get_he_iftype_cap(sband, wdev->iftype))) 4998 return -EINVAL; 4999 5000 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 5001 if (mask->control[band].ht_mcs[i]) 5002 goto out; 5003 5004 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) 5005 if (mask->control[band].vht_mcs[i]) 5006 goto out; 5007 5008 for (i = 0; i < NL80211_HE_NSS_MAX; i++) 5009 if (mask->control[band].he_mcs[i]) 5010 goto out; 5011 5012 /* legacy and mcs rates may not be both empty */ 5013 return -EINVAL; 5014 } 5015 } 5016 5017out: 5018 return 0; 5019} 5020 5021static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev, 5022 enum nl80211_band band, 5023 struct cfg80211_bitrate_mask *beacon_rate) 5024{ 5025 u32 count_ht, count_vht, count_he, i; 5026 u32 rate = beacon_rate->control[band].legacy; 5027 5028 /* Allow only one rate */ 5029 if (hweight32(rate) > 1) 5030 return -EINVAL; 5031 5032 count_ht = 0; 5033 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) { 5034 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) { 5035 return -EINVAL; 5036 } else if (beacon_rate->control[band].ht_mcs[i]) { 5037 count_ht++; 5038 if (count_ht > 1) 5039 return -EINVAL; 5040 } 5041 if (count_ht && rate) 5042 return -EINVAL; 5043 } 5044 5045 count_vht = 0; 5046 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) { 5047 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) { 5048 return -EINVAL; 5049 } else if (beacon_rate->control[band].vht_mcs[i]) { 5050 count_vht++; 5051 if (count_vht > 1) 5052 return -EINVAL; 5053 } 5054 if (count_vht && rate) 5055 return -EINVAL; 5056 } 5057 5058 count_he = 0; 5059 for (i = 0; i < NL80211_HE_NSS_MAX; i++) { 5060 if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) { 5061 return -EINVAL; 5062 } else if (beacon_rate->control[band].he_mcs[i]) { 5063 count_he++; 5064 if (count_he > 1) 5065 return -EINVAL; 5066 } 5067 if (count_he && rate) 5068 return -EINVAL; 5069 } 5070 5071 if ((count_ht && count_vht && count_he) || 5072 (!rate && !count_ht && !count_vht && !count_he)) 5073 return -EINVAL; 5074 5075 if (rate && 5076 !wiphy_ext_feature_isset(&rdev->wiphy, 5077 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY)) 5078 return -EINVAL; 5079 if (count_ht && 5080 !wiphy_ext_feature_isset(&rdev->wiphy, 5081 NL80211_EXT_FEATURE_BEACON_RATE_HT)) 5082 return -EINVAL; 5083 if (count_vht && 5084 !wiphy_ext_feature_isset(&rdev->wiphy, 5085 NL80211_EXT_FEATURE_BEACON_RATE_VHT)) 5086 return -EINVAL; 5087 if (count_he && 5088 !wiphy_ext_feature_isset(&rdev->wiphy, 5089 NL80211_EXT_FEATURE_BEACON_RATE_HE)) 5090 return -EINVAL; 5091 5092 return 0; 5093} 5094 5095static int nl80211_parse_mbssid_config(struct wiphy *wiphy, 5096 struct net_device *dev, 5097 struct nlattr *attrs, 5098 struct cfg80211_mbssid_config *config, 5099 u8 num_elems) 5100{ 5101 struct nlattr *tb[NL80211_MBSSID_CONFIG_ATTR_MAX + 1]; 5102 5103 if (!wiphy->mbssid_max_interfaces) 5104 return -EOPNOTSUPP; 5105 5106 if (nla_parse_nested(tb, NL80211_MBSSID_CONFIG_ATTR_MAX, attrs, NULL, 5107 NULL) || 5108 !tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]) 5109 return -EINVAL; 5110 5111 config->ema = nla_get_flag(tb[NL80211_MBSSID_CONFIG_ATTR_EMA]); 5112 if (config->ema) { 5113 if (!wiphy->ema_max_profile_periodicity) 5114 return -EOPNOTSUPP; 5115 5116 if (num_elems > wiphy->ema_max_profile_periodicity) 5117 return -EINVAL; 5118 } 5119 5120 config->index = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]); 5121 if (config->index >= wiphy->mbssid_max_interfaces || 5122 (!config->index && !num_elems)) 5123 return -EINVAL; 5124 5125 if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]) { 5126 u32 tx_ifindex = 5127 nla_get_u32(tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]); 5128 5129 if ((!config->index && tx_ifindex != dev->ifindex) || 5130 (config->index && tx_ifindex == dev->ifindex)) 5131 return -EINVAL; 5132 5133 if (tx_ifindex != dev->ifindex) { 5134 struct net_device *tx_netdev = 5135 dev_get_by_index(wiphy_net(wiphy), tx_ifindex); 5136 5137 if (!tx_netdev || !tx_netdev->ieee80211_ptr || 5138 tx_netdev->ieee80211_ptr->wiphy != wiphy || 5139 tx_netdev->ieee80211_ptr->iftype != 5140 NL80211_IFTYPE_AP) { 5141 dev_put(tx_netdev); 5142 return -EINVAL; 5143 } 5144 5145 config->tx_wdev = tx_netdev->ieee80211_ptr; 5146 } else { 5147 config->tx_wdev = dev->ieee80211_ptr; 5148 } 5149 } else if (!config->index) { 5150 config->tx_wdev = dev->ieee80211_ptr; 5151 } else { 5152 return -EINVAL; 5153 } 5154 5155 return 0; 5156} 5157 5158static struct cfg80211_mbssid_elems * 5159nl80211_parse_mbssid_elems(struct wiphy *wiphy, struct nlattr *attrs) 5160{ 5161 struct nlattr *nl_elems; 5162 struct cfg80211_mbssid_elems *elems; 5163 int rem_elems; 5164 u8 i = 0, num_elems = 0; 5165 5166 if (!wiphy->mbssid_max_interfaces) 5167 return ERR_PTR(-EINVAL); 5168 5169 nla_for_each_nested(nl_elems, attrs, rem_elems) 5170 num_elems++; 5171 5172 elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL); 5173 if (!elems) 5174 return ERR_PTR(-ENOMEM); 5175 5176 nla_for_each_nested(nl_elems, attrs, rem_elems) { 5177 elems->elem[i].data = nla_data(nl_elems); 5178 elems->elem[i].len = nla_len(nl_elems); 5179 i++; 5180 } 5181 elems->cnt = num_elems; 5182 return elems; 5183} 5184 5185static int nl80211_parse_he_bss_color(struct nlattr *attrs, 5186 struct cfg80211_he_bss_color *he_bss_color) 5187{ 5188 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1]; 5189 int err; 5190 5191 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs, 5192 he_bss_color_policy, NULL); 5193 if (err) 5194 return err; 5195 5196 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]) 5197 return -EINVAL; 5198 5199 he_bss_color->color = 5200 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]); 5201 he_bss_color->enabled = 5202 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]); 5203 he_bss_color->partial = 5204 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]); 5205 5206 return 0; 5207} 5208 5209static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev, 5210 struct nlattr *attrs[], 5211 struct cfg80211_beacon_data *bcn) 5212{ 5213 bool haveinfo = false; 5214 int err; 5215 5216 memset(bcn, 0, sizeof(*bcn)); 5217 5218 if (attrs[NL80211_ATTR_BEACON_HEAD]) { 5219 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]); 5220 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]); 5221 if (!bcn->head_len) 5222 return -EINVAL; 5223 haveinfo = true; 5224 } 5225 5226 if (attrs[NL80211_ATTR_BEACON_TAIL]) { 5227 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]); 5228 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]); 5229 haveinfo = true; 5230 } 5231 5232 if (!haveinfo) 5233 return -EINVAL; 5234 5235 if (attrs[NL80211_ATTR_IE]) { 5236 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]); 5237 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]); 5238 } 5239 5240 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) { 5241 bcn->proberesp_ies = 5242 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]); 5243 bcn->proberesp_ies_len = 5244 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]); 5245 } 5246 5247 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 5248 bcn->assocresp_ies = 5249 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]); 5250 bcn->assocresp_ies_len = 5251 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]); 5252 } 5253 5254 if (attrs[NL80211_ATTR_PROBE_RESP]) { 5255 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]); 5256 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]); 5257 } 5258 5259 if (attrs[NL80211_ATTR_FTM_RESPONDER]) { 5260 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1]; 5261 5262 err = nla_parse_nested_deprecated(tb, 5263 NL80211_FTM_RESP_ATTR_MAX, 5264 attrs[NL80211_ATTR_FTM_RESPONDER], 5265 NULL, NULL); 5266 if (err) 5267 return err; 5268 5269 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] && 5270 wiphy_ext_feature_isset(&rdev->wiphy, 5271 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER)) 5272 bcn->ftm_responder = 1; 5273 else 5274 return -EOPNOTSUPP; 5275 5276 if (tb[NL80211_FTM_RESP_ATTR_LCI]) { 5277 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]); 5278 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]); 5279 } 5280 5281 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) { 5282 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]); 5283 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]); 5284 } 5285 } else { 5286 bcn->ftm_responder = -1; 5287 } 5288 5289 if (attrs[NL80211_ATTR_HE_BSS_COLOR]) { 5290 err = nl80211_parse_he_bss_color(attrs[NL80211_ATTR_HE_BSS_COLOR], 5291 &bcn->he_bss_color); 5292 if (err) 5293 return err; 5294 bcn->he_bss_color_valid = true; 5295 } 5296 5297 if (attrs[NL80211_ATTR_MBSSID_ELEMS]) { 5298 struct cfg80211_mbssid_elems *mbssid = 5299 nl80211_parse_mbssid_elems(&rdev->wiphy, 5300 attrs[NL80211_ATTR_MBSSID_ELEMS]); 5301 5302 if (IS_ERR(mbssid)) 5303 return PTR_ERR(mbssid); 5304 5305 bcn->mbssid_ies = mbssid; 5306 } 5307 5308 return 0; 5309} 5310 5311static int nl80211_parse_he_obss_pd(struct nlattr *attrs, 5312 struct ieee80211_he_obss_pd *he_obss_pd) 5313{ 5314 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1]; 5315 int err; 5316 5317 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs, 5318 he_obss_pd_policy, NULL); 5319 if (err) 5320 return err; 5321 5322 if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]) 5323 return -EINVAL; 5324 5325 he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]); 5326 5327 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]) 5328 he_obss_pd->min_offset = 5329 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]); 5330 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]) 5331 he_obss_pd->max_offset = 5332 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]); 5333 if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]) 5334 he_obss_pd->non_srg_max_offset = 5335 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]); 5336 5337 if (he_obss_pd->min_offset > he_obss_pd->max_offset) 5338 return -EINVAL; 5339 5340 if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]) 5341 memcpy(he_obss_pd->bss_color_bitmap, 5342 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]), 5343 sizeof(he_obss_pd->bss_color_bitmap)); 5344 5345 if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]) 5346 memcpy(he_obss_pd->partial_bssid_bitmap, 5347 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]), 5348 sizeof(he_obss_pd->partial_bssid_bitmap)); 5349 5350 he_obss_pd->enable = true; 5351 5352 return 0; 5353} 5354 5355static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev, 5356 struct nlattr *attrs, 5357 struct cfg80211_ap_settings *params) 5358{ 5359 struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1]; 5360 int ret; 5361 struct cfg80211_fils_discovery *fd = ¶ms->fils_discovery; 5362 5363 if (!wiphy_ext_feature_isset(&rdev->wiphy, 5364 NL80211_EXT_FEATURE_FILS_DISCOVERY)) 5365 return -EINVAL; 5366 5367 ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs, 5368 NULL, NULL); 5369 if (ret) 5370 return ret; 5371 5372 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] || 5373 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] || 5374 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]) 5375 return -EINVAL; 5376 5377 fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]); 5378 fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]); 5379 fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]); 5380 fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]); 5381 5382 return 0; 5383} 5384 5385static int 5386nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev, 5387 struct nlattr *attrs, 5388 struct cfg80211_ap_settings *params) 5389{ 5390 struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1]; 5391 int ret; 5392 struct cfg80211_unsol_bcast_probe_resp *presp = 5393 ¶ms->unsol_bcast_probe_resp; 5394 5395 if (!wiphy_ext_feature_isset(&rdev->wiphy, 5396 NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP)) 5397 return -EINVAL; 5398 5399 ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX, 5400 attrs, NULL, NULL); 5401 if (ret) 5402 return ret; 5403 5404 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] || 5405 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]) 5406 return -EINVAL; 5407 5408 presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]); 5409 presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]); 5410 presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]); 5411 return 0; 5412} 5413 5414static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params, 5415 const struct element *rates) 5416{ 5417 int i; 5418 5419 if (!rates) 5420 return; 5421 5422 for (i = 0; i < rates->datalen; i++) { 5423 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 5424 params->ht_required = true; 5425 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY) 5426 params->vht_required = true; 5427 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY) 5428 params->he_required = true; 5429 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E) 5430 params->sae_h2e_required = true; 5431 } 5432} 5433 5434/* 5435 * Since the nl80211 API didn't include, from the beginning, attributes about 5436 * HT/VHT requirements/capabilities, we parse them out of the IEs for the 5437 * benefit of drivers that rebuild IEs in the firmware. 5438 */ 5439static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params) 5440{ 5441 const struct cfg80211_beacon_data *bcn = ¶ms->beacon; 5442 size_t ies_len = bcn->tail_len; 5443 const u8 *ies = bcn->tail; 5444 const struct element *rates; 5445 const struct element *cap; 5446 5447 rates = cfg80211_find_elem(WLAN_EID_SUPP_RATES, ies, ies_len); 5448 nl80211_check_ap_rate_selectors(params, rates); 5449 5450 rates = cfg80211_find_elem(WLAN_EID_EXT_SUPP_RATES, ies, ies_len); 5451 nl80211_check_ap_rate_selectors(params, rates); 5452 5453 cap = cfg80211_find_elem(WLAN_EID_HT_CAPABILITY, ies, ies_len); 5454 if (cap && cap->datalen >= sizeof(*params->ht_cap)) 5455 params->ht_cap = (void *)cap->data; 5456 cap = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY, ies, ies_len); 5457 if (cap && cap->datalen >= sizeof(*params->vht_cap)) 5458 params->vht_cap = (void *)cap->data; 5459 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len); 5460 if (cap && cap->datalen >= sizeof(*params->he_cap) + 1) 5461 params->he_cap = (void *)(cap->data + 1); 5462 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_OPERATION, ies, ies_len); 5463 if (cap && cap->datalen >= sizeof(*params->he_oper) + 1) 5464 params->he_oper = (void *)(cap->data + 1); 5465} 5466 5467static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev, 5468 struct cfg80211_ap_settings *params) 5469{ 5470 struct wireless_dev *wdev; 5471 bool ret = false; 5472 5473 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 5474 if (wdev->iftype != NL80211_IFTYPE_AP && 5475 wdev->iftype != NL80211_IFTYPE_P2P_GO) 5476 continue; 5477 5478 if (!wdev->preset_chandef.chan) 5479 continue; 5480 5481 params->chandef = wdev->preset_chandef; 5482 ret = true; 5483 break; 5484 } 5485 5486 return ret; 5487} 5488 5489static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev, 5490 enum nl80211_auth_type auth_type, 5491 enum nl80211_commands cmd) 5492{ 5493 if (auth_type > NL80211_AUTHTYPE_MAX) 5494 return false; 5495 5496 switch (cmd) { 5497 case NL80211_CMD_AUTHENTICATE: 5498 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && 5499 auth_type == NL80211_AUTHTYPE_SAE) 5500 return false; 5501 if (!wiphy_ext_feature_isset(&rdev->wiphy, 5502 NL80211_EXT_FEATURE_FILS_STA) && 5503 (auth_type == NL80211_AUTHTYPE_FILS_SK || 5504 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 5505 auth_type == NL80211_AUTHTYPE_FILS_PK)) 5506 return false; 5507 return true; 5508 case NL80211_CMD_CONNECT: 5509 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && 5510 !wiphy_ext_feature_isset(&rdev->wiphy, 5511 NL80211_EXT_FEATURE_SAE_OFFLOAD) && 5512 auth_type == NL80211_AUTHTYPE_SAE) 5513 return false; 5514 5515 /* FILS with SK PFS or PK not supported yet */ 5516 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 5517 auth_type == NL80211_AUTHTYPE_FILS_PK) 5518 return false; 5519 if (!wiphy_ext_feature_isset( 5520 &rdev->wiphy, 5521 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) && 5522 auth_type == NL80211_AUTHTYPE_FILS_SK) 5523 return false; 5524 return true; 5525 case NL80211_CMD_START_AP: 5526 if (!wiphy_ext_feature_isset(&rdev->wiphy, 5527 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) && 5528 auth_type == NL80211_AUTHTYPE_SAE) 5529 return false; 5530 /* FILS not supported yet */ 5531 if (auth_type == NL80211_AUTHTYPE_FILS_SK || 5532 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 5533 auth_type == NL80211_AUTHTYPE_FILS_PK) 5534 return false; 5535 return true; 5536 default: 5537 return false; 5538 } 5539} 5540 5541static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 5542{ 5543 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5544 struct net_device *dev = info->user_ptr[1]; 5545 struct wireless_dev *wdev = dev->ieee80211_ptr; 5546 struct cfg80211_ap_settings *params; 5547 int err; 5548 5549 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5550 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5551 return -EOPNOTSUPP; 5552 5553 if (!rdev->ops->start_ap) 5554 return -EOPNOTSUPP; 5555 5556 if (wdev->beacon_interval) 5557 return -EALREADY; 5558 5559 /* these are required for START_AP */ 5560 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 5561 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 5562 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 5563 return -EINVAL; 5564 5565 params = kzalloc(sizeof(*params), GFP_KERNEL); 5566 if (!params) 5567 return -ENOMEM; 5568 5569 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon); 5570 if (err) 5571 goto out; 5572 5573 params->beacon_interval = 5574 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 5575 params->dtim_period = 5576 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 5577 5578 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype, 5579 params->beacon_interval); 5580 if (err) 5581 goto out; 5582 5583 /* 5584 * In theory, some of these attributes should be required here 5585 * but since they were not used when the command was originally 5586 * added, keep them optional for old user space programs to let 5587 * them continue to work with drivers that do not need the 5588 * additional information -- drivers must check! 5589 */ 5590 if (info->attrs[NL80211_ATTR_SSID]) { 5591 params->ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5592 params->ssid_len = 5593 nla_len(info->attrs[NL80211_ATTR_SSID]); 5594 if (params->ssid_len == 0) { 5595 err = -EINVAL; 5596 goto out; 5597 } 5598 } 5599 5600 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) 5601 params->hidden_ssid = nla_get_u32( 5602 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 5603 5604 params->privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 5605 5606 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 5607 params->auth_type = nla_get_u32( 5608 info->attrs[NL80211_ATTR_AUTH_TYPE]); 5609 if (!nl80211_valid_auth_type(rdev, params->auth_type, 5610 NL80211_CMD_START_AP)) { 5611 err = -EINVAL; 5612 goto out; 5613 } 5614 } else 5615 params->auth_type = NL80211_AUTHTYPE_AUTOMATIC; 5616 5617 err = nl80211_crypto_settings(rdev, info, ¶ms->crypto, 5618 NL80211_MAX_NR_CIPHER_SUITES); 5619 if (err) 5620 goto out; 5621 5622 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 5623 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) { 5624 err = -EOPNOTSUPP; 5625 goto out; 5626 } 5627 params->inactivity_timeout = nla_get_u16( 5628 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 5629 } 5630 5631 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 5632 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 5633 err = -EINVAL; 5634 goto out; 5635 } 5636 params->p2p_ctwindow = 5637 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 5638 if (params->p2p_ctwindow != 0 && 5639 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) { 5640 err = -EINVAL; 5641 goto out; 5642 } 5643 } 5644 5645 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 5646 u8 tmp; 5647 5648 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 5649 err = -EINVAL; 5650 goto out; 5651 } 5652 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 5653 params->p2p_opp_ps = tmp; 5654 if (params->p2p_opp_ps != 0 && 5655 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) { 5656 err = -EINVAL; 5657 goto out; 5658 } 5659 } 5660 5661 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 5662 err = nl80211_parse_chandef(rdev, info, ¶ms->chandef); 5663 if (err) 5664 goto out; 5665 } else if (wdev->preset_chandef.chan) { 5666 params->chandef = wdev->preset_chandef; 5667 } else if (!nl80211_get_ap_channel(rdev, params)) { 5668 err = -EINVAL; 5669 goto out; 5670 } 5671 5672 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms->chandef, 5673 wdev->iftype)) { 5674 err = -EINVAL; 5675 goto out; 5676 } 5677 5678 if (info->attrs[NL80211_ATTR_TX_RATES]) { 5679 err = nl80211_parse_tx_bitrate_mask(info, info->attrs, 5680 NL80211_ATTR_TX_RATES, 5681 ¶ms->beacon_rate, 5682 dev, false); 5683 if (err) 5684 goto out; 5685 5686 err = validate_beacon_tx_rate(rdev, params->chandef.chan->band, 5687 ¶ms->beacon_rate); 5688 if (err) 5689 goto out; 5690 } 5691 5692 if (info->attrs[NL80211_ATTR_SMPS_MODE]) { 5693 params->smps_mode = 5694 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]); 5695 switch (params->smps_mode) { 5696 case NL80211_SMPS_OFF: 5697 break; 5698 case NL80211_SMPS_STATIC: 5699 if (!(rdev->wiphy.features & 5700 NL80211_FEATURE_STATIC_SMPS)) { 5701 err = -EINVAL; 5702 goto out; 5703 } 5704 break; 5705 case NL80211_SMPS_DYNAMIC: 5706 if (!(rdev->wiphy.features & 5707 NL80211_FEATURE_DYNAMIC_SMPS)) { 5708 err = -EINVAL; 5709 goto out; 5710 } 5711 break; 5712 default: 5713 err = -EINVAL; 5714 goto out; 5715 } 5716 } else { 5717 params->smps_mode = NL80211_SMPS_OFF; 5718 } 5719 5720 params->pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]); 5721 if (params->pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) { 5722 err = -EOPNOTSUPP; 5723 goto out; 5724 } 5725 5726 if (info->attrs[NL80211_ATTR_ACL_POLICY]) { 5727 params->acl = parse_acl_data(&rdev->wiphy, info); 5728 if (IS_ERR(params->acl)) { 5729 err = PTR_ERR(params->acl); 5730 params->acl = NULL; 5731 goto out; 5732 } 5733 } 5734 5735 params->twt_responder = 5736 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]); 5737 5738 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) { 5739 err = nl80211_parse_he_obss_pd( 5740 info->attrs[NL80211_ATTR_HE_OBSS_PD], 5741 ¶ms->he_obss_pd); 5742 if (err) 5743 goto out; 5744 } 5745 5746 if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) { 5747 err = nl80211_parse_fils_discovery(rdev, 5748 info->attrs[NL80211_ATTR_FILS_DISCOVERY], 5749 params); 5750 if (err) 5751 goto out; 5752 } 5753 5754 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) { 5755 err = nl80211_parse_unsol_bcast_probe_resp( 5756 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP], 5757 params); 5758 if (err) 5759 goto out; 5760 } 5761 5762 if (info->attrs[NL80211_ATTR_MBSSID_CONFIG]) { 5763 err = nl80211_parse_mbssid_config(&rdev->wiphy, dev, 5764 info->attrs[NL80211_ATTR_MBSSID_CONFIG], 5765 ¶ms->mbssid_config, 5766 params->beacon.mbssid_ies ? 5767 params->beacon.mbssid_ies->cnt : 5768 0); 5769 if (err) 5770 goto out; 5771 } 5772 5773 nl80211_calculate_ap_params(params); 5774 5775 if (info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]) 5776 params->flags = nla_get_u32( 5777 info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]); 5778 else if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT]) 5779 params->flags |= NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT; 5780 5781 wdev_lock(wdev); 5782 err = rdev_start_ap(rdev, dev, params); 5783 if (!err) { 5784 wdev->preset_chandef = params->chandef; 5785 wdev->beacon_interval = params->beacon_interval; 5786 wdev->chandef = params->chandef; 5787 wdev->ssid_len = params->ssid_len; 5788 memcpy(wdev->ssid, params->ssid, wdev->ssid_len); 5789 5790 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 5791 wdev->conn_owner_nlportid = info->snd_portid; 5792 } 5793 wdev_unlock(wdev); 5794 5795out: 5796 kfree(params->acl); 5797 kfree(params->beacon.mbssid_ies); 5798 if (params->mbssid_config.tx_wdev && 5799 params->mbssid_config.tx_wdev->netdev && 5800 params->mbssid_config.tx_wdev->netdev != dev) 5801 dev_put(params->mbssid_config.tx_wdev->netdev); 5802 kfree(params); 5803 5804 return err; 5805} 5806 5807static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 5808{ 5809 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5810 struct net_device *dev = info->user_ptr[1]; 5811 struct wireless_dev *wdev = dev->ieee80211_ptr; 5812 struct cfg80211_beacon_data params; 5813 int err; 5814 5815 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5816 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5817 return -EOPNOTSUPP; 5818 5819 if (!rdev->ops->change_beacon) 5820 return -EOPNOTSUPP; 5821 5822 if (!wdev->beacon_interval) 5823 return -EINVAL; 5824 5825 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms); 5826 if (err) 5827 goto out; 5828 5829 wdev_lock(wdev); 5830 err = rdev_change_beacon(rdev, dev, ¶ms); 5831 wdev_unlock(wdev); 5832 5833out: 5834 kfree(params.mbssid_ies); 5835 return err; 5836} 5837 5838static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 5839{ 5840 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5841 struct net_device *dev = info->user_ptr[1]; 5842 5843 return cfg80211_stop_ap(rdev, dev, false); 5844} 5845 5846static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 5847 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 5848 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 5849 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 5850 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 5851 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 5852 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 5853}; 5854 5855static int parse_station_flags(struct genl_info *info, 5856 enum nl80211_iftype iftype, 5857 struct station_parameters *params) 5858{ 5859 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 5860 struct nlattr *nla; 5861 int flag; 5862 5863 /* 5864 * Try parsing the new attribute first so userspace 5865 * can specify both for older kernels. 5866 */ 5867 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 5868 if (nla) { 5869 struct nl80211_sta_flag_update *sta_flags; 5870 5871 sta_flags = nla_data(nla); 5872 params->sta_flags_mask = sta_flags->mask; 5873 params->sta_flags_set = sta_flags->set; 5874 params->sta_flags_set &= params->sta_flags_mask; 5875 if ((params->sta_flags_mask | 5876 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 5877 return -EINVAL; 5878 return 0; 5879 } 5880 5881 /* if present, parse the old attribute */ 5882 5883 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 5884 if (!nla) 5885 return 0; 5886 5887 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack)) 5888 return -EINVAL; 5889 5890 /* 5891 * Only allow certain flags for interface types so that 5892 * other attributes are silently ignored. Remember that 5893 * this is backward compatibility code with old userspace 5894 * and shouldn't be hit in other cases anyway. 5895 */ 5896 switch (iftype) { 5897 case NL80211_IFTYPE_AP: 5898 case NL80211_IFTYPE_AP_VLAN: 5899 case NL80211_IFTYPE_P2P_GO: 5900 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 5901 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 5902 BIT(NL80211_STA_FLAG_WME) | 5903 BIT(NL80211_STA_FLAG_MFP); 5904 break; 5905 case NL80211_IFTYPE_P2P_CLIENT: 5906 case NL80211_IFTYPE_STATION: 5907 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 5908 BIT(NL80211_STA_FLAG_TDLS_PEER); 5909 break; 5910 case NL80211_IFTYPE_MESH_POINT: 5911 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 5912 BIT(NL80211_STA_FLAG_MFP) | 5913 BIT(NL80211_STA_FLAG_AUTHORIZED); 5914 break; 5915 default: 5916 return -EINVAL; 5917 } 5918 5919 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) { 5920 if (flags[flag]) { 5921 params->sta_flags_set |= (1<<flag); 5922 5923 /* no longer support new API additions in old API */ 5924 if (flag > NL80211_STA_FLAG_MAX_OLD_API) 5925 return -EINVAL; 5926 } 5927 } 5928 5929 return 0; 5930} 5931 5932bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr) 5933{ 5934 struct nlattr *rate; 5935 u32 bitrate; 5936 u16 bitrate_compat; 5937 enum nl80211_rate_info rate_flg; 5938 5939 rate = nla_nest_start_noflag(msg, attr); 5940 if (!rate) 5941 return false; 5942 5943 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 5944 bitrate = cfg80211_calculate_bitrate(info); 5945 /* report 16-bit bitrate only if we can */ 5946 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0; 5947 if (bitrate > 0 && 5948 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) 5949 return false; 5950 if (bitrate_compat > 0 && 5951 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) 5952 return false; 5953 5954 switch (info->bw) { 5955 case RATE_INFO_BW_5: 5956 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH; 5957 break; 5958 case RATE_INFO_BW_10: 5959 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH; 5960 break; 5961 default: 5962 WARN_ON(1); 5963 fallthrough; 5964 case RATE_INFO_BW_20: 5965 rate_flg = 0; 5966 break; 5967 case RATE_INFO_BW_40: 5968 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH; 5969 break; 5970 case RATE_INFO_BW_80: 5971 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH; 5972 break; 5973 case RATE_INFO_BW_160: 5974 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH; 5975 break; 5976 case RATE_INFO_BW_HE_RU: 5977 rate_flg = 0; 5978 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS)); 5979 break; 5980 case RATE_INFO_BW_320: 5981 rate_flg = NL80211_RATE_INFO_320_MHZ_WIDTH; 5982 break; 5983 case RATE_INFO_BW_EHT_RU: 5984 rate_flg = 0; 5985 WARN_ON(!(info->flags & RATE_INFO_FLAGS_EHT_MCS)); 5986 break; 5987 } 5988 5989 if (rate_flg && nla_put_flag(msg, rate_flg)) 5990 return false; 5991 5992 if (info->flags & RATE_INFO_FLAGS_MCS) { 5993 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) 5994 return false; 5995 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 5996 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 5997 return false; 5998 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) { 5999 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs)) 6000 return false; 6001 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss)) 6002 return false; 6003 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 6004 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 6005 return false; 6006 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) { 6007 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs)) 6008 return false; 6009 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss)) 6010 return false; 6011 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi)) 6012 return false; 6013 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm)) 6014 return false; 6015 if (info->bw == RATE_INFO_BW_HE_RU && 6016 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC, 6017 info->he_ru_alloc)) 6018 return false; 6019 } else if (info->flags & RATE_INFO_FLAGS_EHT_MCS) { 6020 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_MCS, info->mcs)) 6021 return false; 6022 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss)) 6023 return false; 6024 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi)) 6025 return false; 6026 if (info->bw == RATE_INFO_BW_EHT_RU && 6027 nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC, 6028 info->eht_ru_alloc)) 6029 return false; 6030 } 6031 6032 nla_nest_end(msg, rate); 6033 return true; 6034} 6035 6036static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal, 6037 int id) 6038{ 6039 void *attr; 6040 int i = 0; 6041 6042 if (!mask) 6043 return true; 6044 6045 attr = nla_nest_start_noflag(msg, id); 6046 if (!attr) 6047 return false; 6048 6049 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) { 6050 if (!(mask & BIT(i))) 6051 continue; 6052 6053 if (nla_put_u8(msg, i, signal[i])) 6054 return false; 6055 } 6056 6057 nla_nest_end(msg, attr); 6058 6059 return true; 6060} 6061 6062static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid, 6063 u32 seq, int flags, 6064 struct cfg80211_registered_device *rdev, 6065 struct net_device *dev, 6066 const u8 *mac_addr, struct station_info *sinfo) 6067{ 6068 void *hdr; 6069 struct nlattr *sinfoattr, *bss_param; 6070 6071 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 6072 if (!hdr) { 6073 cfg80211_sinfo_release_content(sinfo); 6074 return -1; 6075 } 6076 6077 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 6078 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 6079 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation)) 6080 goto nla_put_failure; 6081 6082 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO); 6083 if (!sinfoattr) 6084 goto nla_put_failure; 6085 6086#define PUT_SINFO(attr, memb, type) do { \ 6087 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \ 6088 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \ 6089 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \ 6090 sinfo->memb)) \ 6091 goto nla_put_failure; \ 6092 } while (0) 6093#define PUT_SINFO_U64(attr, memb) do { \ 6094 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \ 6095 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \ 6096 sinfo->memb, NL80211_STA_INFO_PAD)) \ 6097 goto nla_put_failure; \ 6098 } while (0) 6099 6100 PUT_SINFO(CONNECTED_TIME, connected_time, u32); 6101 PUT_SINFO(INACTIVE_TIME, inactive_time, u32); 6102 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at); 6103 6104 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) | 6105 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) && 6106 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES, 6107 (u32)sinfo->rx_bytes)) 6108 goto nla_put_failure; 6109 6110 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) | 6111 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) && 6112 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 6113 (u32)sinfo->tx_bytes)) 6114 goto nla_put_failure; 6115 6116 PUT_SINFO_U64(RX_BYTES64, rx_bytes); 6117 PUT_SINFO_U64(TX_BYTES64, tx_bytes); 6118 PUT_SINFO(LLID, llid, u16); 6119 PUT_SINFO(PLID, plid, u16); 6120 PUT_SINFO(PLINK_STATE, plink_state, u8); 6121 PUT_SINFO_U64(RX_DURATION, rx_duration); 6122 PUT_SINFO_U64(TX_DURATION, tx_duration); 6123 6124 if (wiphy_ext_feature_isset(&rdev->wiphy, 6125 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS)) 6126 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16); 6127 6128 switch (rdev->wiphy.signal_type) { 6129 case CFG80211_SIGNAL_TYPE_MBM: 6130 PUT_SINFO(SIGNAL, signal, u8); 6131 PUT_SINFO(SIGNAL_AVG, signal_avg, u8); 6132 break; 6133 default: 6134 break; 6135 } 6136 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) { 6137 if (!nl80211_put_signal(msg, sinfo->chains, 6138 sinfo->chain_signal, 6139 NL80211_STA_INFO_CHAIN_SIGNAL)) 6140 goto nla_put_failure; 6141 } 6142 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) { 6143 if (!nl80211_put_signal(msg, sinfo->chains, 6144 sinfo->chain_signal_avg, 6145 NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) 6146 goto nla_put_failure; 6147 } 6148 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) { 6149 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 6150 NL80211_STA_INFO_TX_BITRATE)) 6151 goto nla_put_failure; 6152 } 6153 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) { 6154 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 6155 NL80211_STA_INFO_RX_BITRATE)) 6156 goto nla_put_failure; 6157 } 6158 6159 PUT_SINFO(RX_PACKETS, rx_packets, u32); 6160 PUT_SINFO(TX_PACKETS, tx_packets, u32); 6161 PUT_SINFO(TX_RETRIES, tx_retries, u32); 6162 PUT_SINFO(TX_FAILED, tx_failed, u32); 6163 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32); 6164 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32); 6165 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32); 6166 PUT_SINFO(LOCAL_PM, local_pm, u32); 6167 PUT_SINFO(PEER_PM, peer_pm, u32); 6168 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32); 6169 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8); 6170 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8); 6171 6172 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) { 6173 bss_param = nla_nest_start_noflag(msg, 6174 NL80211_STA_INFO_BSS_PARAM); 6175 if (!bss_param) 6176 goto nla_put_failure; 6177 6178 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) && 6179 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) || 6180 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) && 6181 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) || 6182 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) && 6183 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) || 6184 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 6185 sinfo->bss_param.dtim_period) || 6186 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 6187 sinfo->bss_param.beacon_interval)) 6188 goto nla_put_failure; 6189 6190 nla_nest_end(msg, bss_param); 6191 } 6192 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) && 6193 nla_put(msg, NL80211_STA_INFO_STA_FLAGS, 6194 sizeof(struct nl80211_sta_flag_update), 6195 &sinfo->sta_flags)) 6196 goto nla_put_failure; 6197 6198 PUT_SINFO_U64(T_OFFSET, t_offset); 6199 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc); 6200 PUT_SINFO_U64(BEACON_RX, rx_beacon); 6201 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8); 6202 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32); 6203 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32); 6204 if (wiphy_ext_feature_isset(&rdev->wiphy, 6205 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) { 6206 PUT_SINFO(ACK_SIGNAL, ack_signal, u8); 6207 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8); 6208 } 6209 6210#undef PUT_SINFO 6211#undef PUT_SINFO_U64 6212 6213 if (sinfo->pertid) { 6214 struct nlattr *tidsattr; 6215 int tid; 6216 6217 tidsattr = nla_nest_start_noflag(msg, 6218 NL80211_STA_INFO_TID_STATS); 6219 if (!tidsattr) 6220 goto nla_put_failure; 6221 6222 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) { 6223 struct cfg80211_tid_stats *tidstats; 6224 struct nlattr *tidattr; 6225 6226 tidstats = &sinfo->pertid[tid]; 6227 6228 if (!tidstats->filled) 6229 continue; 6230 6231 tidattr = nla_nest_start_noflag(msg, tid + 1); 6232 if (!tidattr) 6233 goto nla_put_failure; 6234 6235#define PUT_TIDVAL_U64(attr, memb) do { \ 6236 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \ 6237 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \ 6238 tidstats->memb, NL80211_TID_STATS_PAD)) \ 6239 goto nla_put_failure; \ 6240 } while (0) 6241 6242 PUT_TIDVAL_U64(RX_MSDU, rx_msdu); 6243 PUT_TIDVAL_U64(TX_MSDU, tx_msdu); 6244 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries); 6245 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed); 6246 6247#undef PUT_TIDVAL_U64 6248 if ((tidstats->filled & 6249 BIT(NL80211_TID_STATS_TXQ_STATS)) && 6250 !nl80211_put_txq_stats(msg, &tidstats->txq_stats, 6251 NL80211_TID_STATS_TXQ_STATS)) 6252 goto nla_put_failure; 6253 6254 nla_nest_end(msg, tidattr); 6255 } 6256 6257 nla_nest_end(msg, tidsattr); 6258 } 6259 6260 nla_nest_end(msg, sinfoattr); 6261 6262 if (sinfo->assoc_req_ies_len && 6263 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 6264 sinfo->assoc_req_ies)) 6265 goto nla_put_failure; 6266 6267 cfg80211_sinfo_release_content(sinfo); 6268 genlmsg_end(msg, hdr); 6269 return 0; 6270 6271 nla_put_failure: 6272 cfg80211_sinfo_release_content(sinfo); 6273 genlmsg_cancel(msg, hdr); 6274 return -EMSGSIZE; 6275} 6276 6277static int nl80211_dump_station(struct sk_buff *skb, 6278 struct netlink_callback *cb) 6279{ 6280 struct station_info sinfo; 6281 struct cfg80211_registered_device *rdev; 6282 struct wireless_dev *wdev; 6283 u8 mac_addr[ETH_ALEN]; 6284 int sta_idx = cb->args[2]; 6285 int err; 6286 6287 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL); 6288 if (err) 6289 return err; 6290 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 6291 __acquire(&rdev->wiphy.mtx); 6292 6293 if (!wdev->netdev) { 6294 err = -EINVAL; 6295 goto out_err; 6296 } 6297 6298 if (!rdev->ops->dump_station) { 6299 err = -EOPNOTSUPP; 6300 goto out_err; 6301 } 6302 6303 while (1) { 6304 memset(&sinfo, 0, sizeof(sinfo)); 6305 err = rdev_dump_station(rdev, wdev->netdev, sta_idx, 6306 mac_addr, &sinfo); 6307 if (err == -ENOENT) 6308 break; 6309 if (err) 6310 goto out_err; 6311 6312 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION, 6313 NETLINK_CB(cb->skb).portid, 6314 cb->nlh->nlmsg_seq, NLM_F_MULTI, 6315 rdev, wdev->netdev, mac_addr, 6316 &sinfo) < 0) 6317 goto out; 6318 6319 sta_idx++; 6320 } 6321 6322 out: 6323 cb->args[2] = sta_idx; 6324 err = skb->len; 6325 out_err: 6326 wiphy_unlock(&rdev->wiphy); 6327 6328 return err; 6329} 6330 6331static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 6332{ 6333 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6334 struct net_device *dev = info->user_ptr[1]; 6335 struct station_info sinfo; 6336 struct sk_buff *msg; 6337 u8 *mac_addr = NULL; 6338 int err; 6339 6340 memset(&sinfo, 0, sizeof(sinfo)); 6341 6342 if (!info->attrs[NL80211_ATTR_MAC]) 6343 return -EINVAL; 6344 6345 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 6346 6347 if (!rdev->ops->get_station) 6348 return -EOPNOTSUPP; 6349 6350 err = rdev_get_station(rdev, dev, mac_addr, &sinfo); 6351 if (err) 6352 return err; 6353 6354 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6355 if (!msg) { 6356 cfg80211_sinfo_release_content(&sinfo); 6357 return -ENOMEM; 6358 } 6359 6360 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 6361 info->snd_portid, info->snd_seq, 0, 6362 rdev, dev, mac_addr, &sinfo) < 0) { 6363 nlmsg_free(msg); 6364 return -ENOBUFS; 6365 } 6366 6367 return genlmsg_reply(msg, info); 6368} 6369 6370int cfg80211_check_station_change(struct wiphy *wiphy, 6371 struct station_parameters *params, 6372 enum cfg80211_station_type statype) 6373{ 6374 if (params->listen_interval != -1 && 6375 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 6376 return -EINVAL; 6377 6378 if (params->support_p2p_ps != -1 && 6379 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 6380 return -EINVAL; 6381 6382 if (params->aid && 6383 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) && 6384 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 6385 return -EINVAL; 6386 6387 /* When you run into this, adjust the code below for the new flag */ 6388 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7); 6389 6390 switch (statype) { 6391 case CFG80211_STA_MESH_PEER_KERNEL: 6392 case CFG80211_STA_MESH_PEER_USER: 6393 /* 6394 * No ignoring the TDLS flag here -- the userspace mesh 6395 * code doesn't have the bug of including TDLS in the 6396 * mask everywhere. 6397 */ 6398 if (params->sta_flags_mask & 6399 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 6400 BIT(NL80211_STA_FLAG_MFP) | 6401 BIT(NL80211_STA_FLAG_AUTHORIZED))) 6402 return -EINVAL; 6403 break; 6404 case CFG80211_STA_TDLS_PEER_SETUP: 6405 case CFG80211_STA_TDLS_PEER_ACTIVE: 6406 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 6407 return -EINVAL; 6408 /* ignore since it can't change */ 6409 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 6410 break; 6411 default: 6412 /* disallow mesh-specific things */ 6413 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION) 6414 return -EINVAL; 6415 if (params->local_pm) 6416 return -EINVAL; 6417 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) 6418 return -EINVAL; 6419 } 6420 6421 if (statype != CFG80211_STA_TDLS_PEER_SETUP && 6422 statype != CFG80211_STA_TDLS_PEER_ACTIVE) { 6423 /* TDLS can't be set, ... */ 6424 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 6425 return -EINVAL; 6426 /* 6427 * ... but don't bother the driver with it. This works around 6428 * a hostapd/wpa_supplicant issue -- it always includes the 6429 * TLDS_PEER flag in the mask even for AP mode. 6430 */ 6431 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 6432 } 6433 6434 if (statype != CFG80211_STA_TDLS_PEER_SETUP && 6435 statype != CFG80211_STA_AP_CLIENT_UNASSOC) { 6436 /* reject other things that can't change */ 6437 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD) 6438 return -EINVAL; 6439 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY) 6440 return -EINVAL; 6441 if (params->supported_rates) 6442 return -EINVAL; 6443 if (params->ext_capab || params->ht_capa || params->vht_capa || 6444 params->he_capa || params->eht_capa) 6445 return -EINVAL; 6446 } 6447 6448 if (statype != CFG80211_STA_AP_CLIENT && 6449 statype != CFG80211_STA_AP_CLIENT_UNASSOC) { 6450 if (params->vlan) 6451 return -EINVAL; 6452 } 6453 6454 switch (statype) { 6455 case CFG80211_STA_AP_MLME_CLIENT: 6456 /* Use this only for authorizing/unauthorizing a station */ 6457 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED))) 6458 return -EOPNOTSUPP; 6459 break; 6460 case CFG80211_STA_AP_CLIENT: 6461 case CFG80211_STA_AP_CLIENT_UNASSOC: 6462 /* accept only the listed bits */ 6463 if (params->sta_flags_mask & 6464 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 6465 BIT(NL80211_STA_FLAG_AUTHENTICATED) | 6466 BIT(NL80211_STA_FLAG_ASSOCIATED) | 6467 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 6468 BIT(NL80211_STA_FLAG_WME) | 6469 BIT(NL80211_STA_FLAG_MFP))) 6470 return -EINVAL; 6471 6472 /* but authenticated/associated only if driver handles it */ 6473 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 6474 params->sta_flags_mask & 6475 (BIT(NL80211_STA_FLAG_AUTHENTICATED) | 6476 BIT(NL80211_STA_FLAG_ASSOCIATED))) 6477 return -EINVAL; 6478 break; 6479 case CFG80211_STA_IBSS: 6480 case CFG80211_STA_AP_STA: 6481 /* reject any changes other than AUTHORIZED */ 6482 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 6483 return -EINVAL; 6484 break; 6485 case CFG80211_STA_TDLS_PEER_SETUP: 6486 /* reject any changes other than AUTHORIZED or WME */ 6487 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 6488 BIT(NL80211_STA_FLAG_WME))) 6489 return -EINVAL; 6490 /* force (at least) rates when authorizing */ 6491 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) && 6492 !params->supported_rates) 6493 return -EINVAL; 6494 break; 6495 case CFG80211_STA_TDLS_PEER_ACTIVE: 6496 /* reject any changes */ 6497 return -EINVAL; 6498 case CFG80211_STA_MESH_PEER_KERNEL: 6499 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) 6500 return -EINVAL; 6501 break; 6502 case CFG80211_STA_MESH_PEER_USER: 6503 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION && 6504 params->plink_action != NL80211_PLINK_ACTION_BLOCK) 6505 return -EINVAL; 6506 break; 6507 } 6508 6509 /* 6510 * Older kernel versions ignored this attribute entirely, so don't 6511 * reject attempts to update it but mark it as unused instead so the 6512 * driver won't look at the data. 6513 */ 6514 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC && 6515 statype != CFG80211_STA_TDLS_PEER_SETUP) 6516 params->opmode_notif_used = false; 6517 6518 return 0; 6519} 6520EXPORT_SYMBOL(cfg80211_check_station_change); 6521 6522/* 6523 * Get vlan interface making sure it is running and on the right wiphy. 6524 */ 6525static struct net_device *get_vlan(struct genl_info *info, 6526 struct cfg80211_registered_device *rdev) 6527{ 6528 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 6529 struct net_device *v; 6530 int ret; 6531 6532 if (!vlanattr) 6533 return NULL; 6534 6535 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 6536 if (!v) 6537 return ERR_PTR(-ENODEV); 6538 6539 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 6540 ret = -EINVAL; 6541 goto error; 6542 } 6543 6544 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 6545 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 6546 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 6547 ret = -EINVAL; 6548 goto error; 6549 } 6550 6551 if (!netif_running(v)) { 6552 ret = -ENETDOWN; 6553 goto error; 6554 } 6555 6556 return v; 6557 error: 6558 dev_put(v); 6559 return ERR_PTR(ret); 6560} 6561 6562static const struct nla_policy 6563nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = { 6564 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 6565 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 6566}; 6567 6568static int nl80211_parse_sta_wme(struct genl_info *info, 6569 struct station_parameters *params) 6570{ 6571 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 6572 struct nlattr *nla; 6573 int err; 6574 6575 /* parse WME attributes if present */ 6576 if (!info->attrs[NL80211_ATTR_STA_WME]) 6577 return 0; 6578 6579 nla = info->attrs[NL80211_ATTR_STA_WME]; 6580 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla, 6581 nl80211_sta_wme_policy, 6582 info->extack); 6583 if (err) 6584 return err; 6585 6586 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 6587 params->uapsd_queues = nla_get_u8( 6588 tb[NL80211_STA_WME_UAPSD_QUEUES]); 6589 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 6590 return -EINVAL; 6591 6592 if (tb[NL80211_STA_WME_MAX_SP]) 6593 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 6594 6595 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 6596 return -EINVAL; 6597 6598 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 6599 6600 return 0; 6601} 6602 6603static int nl80211_parse_sta_channel_info(struct genl_info *info, 6604 struct station_parameters *params) 6605{ 6606 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) { 6607 params->supported_channels = 6608 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]); 6609 params->supported_channels_len = 6610 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]); 6611 /* 6612 * Need to include at least one (first channel, number of 6613 * channels) tuple for each subband (checked in policy), 6614 * and must have proper tuples for the rest of the data as well. 6615 */ 6616 if (params->supported_channels_len % 2) 6617 return -EINVAL; 6618 } 6619 6620 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) { 6621 params->supported_oper_classes = 6622 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]); 6623 params->supported_oper_classes_len = 6624 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]); 6625 } 6626 return 0; 6627} 6628 6629static int nl80211_set_station_tdls(struct genl_info *info, 6630 struct station_parameters *params) 6631{ 6632 int err; 6633 /* Dummy STA entry gets updated once the peer capabilities are known */ 6634 if (info->attrs[NL80211_ATTR_PEER_AID]) 6635 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]); 6636 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 6637 params->ht_capa = 6638 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 6639 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 6640 params->vht_capa = 6641 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 6642 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) { 6643 params->he_capa = 6644 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 6645 params->he_capa_len = 6646 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 6647 6648 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) { 6649 params->eht_capa = 6650 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 6651 params->eht_capa_len = 6652 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 6653 6654 if (!ieee80211_eht_capa_size_ok((const u8 *)params->he_capa, 6655 (const u8 *)params->eht_capa, 6656 params->eht_capa_len)) 6657 return -EINVAL; 6658 } 6659 } 6660 6661 err = nl80211_parse_sta_channel_info(info, params); 6662 if (err) 6663 return err; 6664 6665 return nl80211_parse_sta_wme(info, params); 6666} 6667 6668static int nl80211_parse_sta_txpower_setting(struct genl_info *info, 6669 struct station_parameters *params) 6670{ 6671 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6672 int idx; 6673 6674 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) { 6675 if (!rdev->ops->set_tx_power || 6676 !wiphy_ext_feature_isset(&rdev->wiphy, 6677 NL80211_EXT_FEATURE_STA_TX_PWR)) 6678 return -EOPNOTSUPP; 6679 6680 idx = NL80211_ATTR_STA_TX_POWER_SETTING; 6681 params->txpwr.type = nla_get_u8(info->attrs[idx]); 6682 6683 if (params->txpwr.type == NL80211_TX_POWER_LIMITED) { 6684 idx = NL80211_ATTR_STA_TX_POWER; 6685 6686 if (info->attrs[idx]) 6687 params->txpwr.power = 6688 nla_get_s16(info->attrs[idx]); 6689 else 6690 return -EINVAL; 6691 } 6692 params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER; 6693 } 6694 6695 return 0; 6696} 6697 6698static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 6699{ 6700 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6701 struct net_device *dev = info->user_ptr[1]; 6702 struct station_parameters params; 6703 u8 *mac_addr; 6704 int err; 6705 6706 memset(¶ms, 0, sizeof(params)); 6707 6708 if (!rdev->ops->change_station) 6709 return -EOPNOTSUPP; 6710 6711 /* 6712 * AID and listen_interval properties can be set only for unassociated 6713 * station. Include these parameters here and will check them in 6714 * cfg80211_check_station_change(). 6715 */ 6716 if (info->attrs[NL80211_ATTR_STA_AID]) 6717 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 6718 6719 if (info->attrs[NL80211_ATTR_VLAN_ID]) 6720 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]); 6721 6722 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 6723 params.listen_interval = 6724 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 6725 else 6726 params.listen_interval = -1; 6727 6728 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) 6729 params.support_p2p_ps = 6730 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]); 6731 else 6732 params.support_p2p_ps = -1; 6733 6734 if (!info->attrs[NL80211_ATTR_MAC]) 6735 return -EINVAL; 6736 6737 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 6738 6739 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 6740 params.supported_rates = 6741 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 6742 params.supported_rates_len = 6743 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 6744 } 6745 6746 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 6747 params.capability = 6748 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 6749 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 6750 } 6751 6752 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 6753 params.ext_capab = 6754 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 6755 params.ext_capab_len = 6756 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 6757 } 6758 6759 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 6760 return -EINVAL; 6761 6762 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 6763 params.plink_action = 6764 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 6765 6766 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) { 6767 params.plink_state = 6768 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 6769 if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) 6770 params.peer_aid = nla_get_u16( 6771 info->attrs[NL80211_ATTR_MESH_PEER_AID]); 6772 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE; 6773 } 6774 6775 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) 6776 params.local_pm = nla_get_u32( 6777 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]); 6778 6779 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) { 6780 params.opmode_notif_used = true; 6781 params.opmode_notif = 6782 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]); 6783 } 6784 6785 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]) 6786 params.he_6ghz_capa = 6787 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]); 6788 6789 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]) 6790 params.airtime_weight = 6791 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]); 6792 6793 if (params.airtime_weight && 6794 !wiphy_ext_feature_isset(&rdev->wiphy, 6795 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS)) 6796 return -EOPNOTSUPP; 6797 6798 err = nl80211_parse_sta_txpower_setting(info, ¶ms); 6799 if (err) 6800 return err; 6801 6802 /* Include parameters for TDLS peer (will check later) */ 6803 err = nl80211_set_station_tdls(info, ¶ms); 6804 if (err) 6805 return err; 6806 6807 params.vlan = get_vlan(info, rdev); 6808 if (IS_ERR(params.vlan)) 6809 return PTR_ERR(params.vlan); 6810 6811 switch (dev->ieee80211_ptr->iftype) { 6812 case NL80211_IFTYPE_AP: 6813 case NL80211_IFTYPE_AP_VLAN: 6814 case NL80211_IFTYPE_P2P_GO: 6815 case NL80211_IFTYPE_P2P_CLIENT: 6816 case NL80211_IFTYPE_STATION: 6817 case NL80211_IFTYPE_ADHOC: 6818 case NL80211_IFTYPE_MESH_POINT: 6819 break; 6820 default: 6821 err = -EOPNOTSUPP; 6822 goto out_put_vlan; 6823 } 6824 6825 /* driver will call cfg80211_check_station_change() */ 6826 err = rdev_change_station(rdev, dev, mac_addr, ¶ms); 6827 6828 out_put_vlan: 6829 dev_put(params.vlan); 6830 6831 return err; 6832} 6833 6834static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 6835{ 6836 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6837 int err; 6838 struct net_device *dev = info->user_ptr[1]; 6839 struct station_parameters params; 6840 u8 *mac_addr = NULL; 6841 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 6842 BIT(NL80211_STA_FLAG_ASSOCIATED); 6843 6844 memset(¶ms, 0, sizeof(params)); 6845 6846 if (!rdev->ops->add_station) 6847 return -EOPNOTSUPP; 6848 6849 if (!info->attrs[NL80211_ATTR_MAC]) 6850 return -EINVAL; 6851 6852 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 6853 return -EINVAL; 6854 6855 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 6856 return -EINVAL; 6857 6858 if (!info->attrs[NL80211_ATTR_STA_AID] && 6859 !info->attrs[NL80211_ATTR_PEER_AID]) 6860 return -EINVAL; 6861 6862 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 6863 params.supported_rates = 6864 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 6865 params.supported_rates_len = 6866 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 6867 params.listen_interval = 6868 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 6869 6870 if (info->attrs[NL80211_ATTR_VLAN_ID]) 6871 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]); 6872 6873 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) { 6874 params.support_p2p_ps = 6875 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]); 6876 } else { 6877 /* 6878 * if not specified, assume it's supported for P2P GO interface, 6879 * and is NOT supported for AP interface 6880 */ 6881 params.support_p2p_ps = 6882 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO; 6883 } 6884 6885 if (info->attrs[NL80211_ATTR_PEER_AID]) 6886 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]); 6887 else 6888 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 6889 6890 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 6891 params.capability = 6892 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 6893 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 6894 } 6895 6896 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 6897 params.ext_capab = 6898 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 6899 params.ext_capab_len = 6900 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 6901 } 6902 6903 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 6904 params.ht_capa = 6905 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 6906 6907 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 6908 params.vht_capa = 6909 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 6910 6911 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) { 6912 params.he_capa = 6913 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 6914 params.he_capa_len = 6915 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 6916 6917 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) { 6918 params.eht_capa = 6919 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 6920 params.eht_capa_len = 6921 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 6922 6923 if (!ieee80211_eht_capa_size_ok((const u8 *)params.he_capa, 6924 (const u8 *)params.eht_capa, 6925 params.eht_capa_len)) 6926 return -EINVAL; 6927 } 6928 } 6929 6930 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]) 6931 params.he_6ghz_capa = 6932 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]); 6933 6934 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) { 6935 params.opmode_notif_used = true; 6936 params.opmode_notif = 6937 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]); 6938 } 6939 6940 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 6941 params.plink_action = 6942 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 6943 6944 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]) 6945 params.airtime_weight = 6946 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]); 6947 6948 if (params.airtime_weight && 6949 !wiphy_ext_feature_isset(&rdev->wiphy, 6950 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS)) 6951 return -EOPNOTSUPP; 6952 6953 err = nl80211_parse_sta_txpower_setting(info, ¶ms); 6954 if (err) 6955 return err; 6956 6957 err = nl80211_parse_sta_channel_info(info, ¶ms); 6958 if (err) 6959 return err; 6960 6961 err = nl80211_parse_sta_wme(info, ¶ms); 6962 if (err) 6963 return err; 6964 6965 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 6966 return -EINVAL; 6967 6968 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT 6969 * as userspace might just pass through the capabilities from the IEs 6970 * directly, rather than enforcing this restriction and returning an 6971 * error in this case. 6972 */ 6973 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) { 6974 params.ht_capa = NULL; 6975 params.vht_capa = NULL; 6976 6977 /* HE and EHT require WME */ 6978 if (params.he_capa_len || params.he_6ghz_capa || 6979 params.eht_capa_len) 6980 return -EINVAL; 6981 } 6982 6983 /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */ 6984 if (params.he_6ghz_capa && (params.ht_capa || params.vht_capa)) 6985 return -EINVAL; 6986 6987 /* When you run into this, adjust the code below for the new flag */ 6988 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7); 6989 6990 switch (dev->ieee80211_ptr->iftype) { 6991 case NL80211_IFTYPE_AP: 6992 case NL80211_IFTYPE_AP_VLAN: 6993 case NL80211_IFTYPE_P2P_GO: 6994 /* ignore WME attributes if iface/sta is not capable */ 6995 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) || 6996 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) 6997 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 6998 6999 /* TDLS peers cannot be added */ 7000 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) || 7001 info->attrs[NL80211_ATTR_PEER_AID]) 7002 return -EINVAL; 7003 /* but don't bother the driver with it */ 7004 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 7005 7006 /* allow authenticated/associated only if driver handles it */ 7007 if (!(rdev->wiphy.features & 7008 NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 7009 params.sta_flags_mask & auth_assoc) 7010 return -EINVAL; 7011 7012 /* Older userspace, or userspace wanting to be compatible with 7013 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth 7014 * and assoc flags in the mask, but assumes the station will be 7015 * added as associated anyway since this was the required driver 7016 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was 7017 * introduced. 7018 * In order to not bother drivers with this quirk in the API 7019 * set the flags in both the mask and set for new stations in 7020 * this case. 7021 */ 7022 if (!(params.sta_flags_mask & auth_assoc)) { 7023 params.sta_flags_mask |= auth_assoc; 7024 params.sta_flags_set |= auth_assoc; 7025 } 7026 7027 /* must be last in here for error handling */ 7028 params.vlan = get_vlan(info, rdev); 7029 if (IS_ERR(params.vlan)) 7030 return PTR_ERR(params.vlan); 7031 break; 7032 case NL80211_IFTYPE_MESH_POINT: 7033 /* ignore uAPSD data */ 7034 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 7035 7036 /* associated is disallowed */ 7037 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED)) 7038 return -EINVAL; 7039 /* TDLS peers cannot be added */ 7040 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) || 7041 info->attrs[NL80211_ATTR_PEER_AID]) 7042 return -EINVAL; 7043 break; 7044 case NL80211_IFTYPE_STATION: 7045 case NL80211_IFTYPE_P2P_CLIENT: 7046 /* ignore uAPSD data */ 7047 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 7048 7049 /* these are disallowed */ 7050 if (params.sta_flags_mask & 7051 (BIT(NL80211_STA_FLAG_ASSOCIATED) | 7052 BIT(NL80211_STA_FLAG_AUTHENTICATED))) 7053 return -EINVAL; 7054 /* Only TDLS peers can be added */ 7055 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 7056 return -EINVAL; 7057 /* Can only add if TDLS ... */ 7058 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 7059 return -EOPNOTSUPP; 7060 /* ... with external setup is supported */ 7061 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 7062 return -EOPNOTSUPP; 7063 /* 7064 * Older wpa_supplicant versions always mark the TDLS peer 7065 * as authorized, but it shouldn't yet be. 7066 */ 7067 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED); 7068 break; 7069 default: 7070 return -EOPNOTSUPP; 7071 } 7072 7073 /* be aware of params.vlan when changing code here */ 7074 7075 err = rdev_add_station(rdev, dev, mac_addr, ¶ms); 7076 7077 dev_put(params.vlan); 7078 return err; 7079} 7080 7081static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 7082{ 7083 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7084 struct net_device *dev = info->user_ptr[1]; 7085 struct station_del_parameters params; 7086 7087 memset(¶ms, 0, sizeof(params)); 7088 7089 if (info->attrs[NL80211_ATTR_MAC]) 7090 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]); 7091 7092 switch (dev->ieee80211_ptr->iftype) { 7093 case NL80211_IFTYPE_AP: 7094 case NL80211_IFTYPE_AP_VLAN: 7095 case NL80211_IFTYPE_MESH_POINT: 7096 case NL80211_IFTYPE_P2P_GO: 7097 /* always accept these */ 7098 break; 7099 case NL80211_IFTYPE_ADHOC: 7100 /* conditionally accept */ 7101 if (wiphy_ext_feature_isset(&rdev->wiphy, 7102 NL80211_EXT_FEATURE_DEL_IBSS_STA)) 7103 break; 7104 return -EINVAL; 7105 default: 7106 return -EINVAL; 7107 } 7108 7109 if (!rdev->ops->del_station) 7110 return -EOPNOTSUPP; 7111 7112 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) { 7113 params.subtype = 7114 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]); 7115 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 && 7116 params.subtype != IEEE80211_STYPE_DEAUTH >> 4) 7117 return -EINVAL; 7118 } else { 7119 /* Default to Deauthentication frame */ 7120 params.subtype = IEEE80211_STYPE_DEAUTH >> 4; 7121 } 7122 7123 if (info->attrs[NL80211_ATTR_REASON_CODE]) { 7124 params.reason_code = 7125 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 7126 if (params.reason_code == 0) 7127 return -EINVAL; /* 0 is reserved */ 7128 } else { 7129 /* Default to reason code 2 */ 7130 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID; 7131 } 7132 7133 return rdev_del_station(rdev, dev, ¶ms); 7134} 7135 7136static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq, 7137 int flags, struct net_device *dev, 7138 u8 *dst, u8 *next_hop, 7139 struct mpath_info *pinfo) 7140{ 7141 void *hdr; 7142 struct nlattr *pinfoattr; 7143 7144 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH); 7145 if (!hdr) 7146 return -1; 7147 7148 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 7149 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || 7150 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) || 7151 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation)) 7152 goto nla_put_failure; 7153 7154 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO); 7155 if (!pinfoattr) 7156 goto nla_put_failure; 7157 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) && 7158 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 7159 pinfo->frame_qlen)) 7160 goto nla_put_failure; 7161 if (((pinfo->filled & MPATH_INFO_SN) && 7162 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) || 7163 ((pinfo->filled & MPATH_INFO_METRIC) && 7164 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC, 7165 pinfo->metric)) || 7166 ((pinfo->filled & MPATH_INFO_EXPTIME) && 7167 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME, 7168 pinfo->exptime)) || 7169 ((pinfo->filled & MPATH_INFO_FLAGS) && 7170 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS, 7171 pinfo->flags)) || 7172 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) && 7173 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 7174 pinfo->discovery_timeout)) || 7175 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) && 7176 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 7177 pinfo->discovery_retries)) || 7178 ((pinfo->filled & MPATH_INFO_HOP_COUNT) && 7179 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT, 7180 pinfo->hop_count)) || 7181 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) && 7182 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE, 7183 pinfo->path_change_count))) 7184 goto nla_put_failure; 7185 7186 nla_nest_end(msg, pinfoattr); 7187 7188 genlmsg_end(msg, hdr); 7189 return 0; 7190 7191 nla_put_failure: 7192 genlmsg_cancel(msg, hdr); 7193 return -EMSGSIZE; 7194} 7195 7196static int nl80211_dump_mpath(struct sk_buff *skb, 7197 struct netlink_callback *cb) 7198{ 7199 struct mpath_info pinfo; 7200 struct cfg80211_registered_device *rdev; 7201 struct wireless_dev *wdev; 7202 u8 dst[ETH_ALEN]; 7203 u8 next_hop[ETH_ALEN]; 7204 int path_idx = cb->args[2]; 7205 int err; 7206 7207 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL); 7208 if (err) 7209 return err; 7210 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 7211 __acquire(&rdev->wiphy.mtx); 7212 7213 if (!rdev->ops->dump_mpath) { 7214 err = -EOPNOTSUPP; 7215 goto out_err; 7216 } 7217 7218 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) { 7219 err = -EOPNOTSUPP; 7220 goto out_err; 7221 } 7222 7223 while (1) { 7224 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst, 7225 next_hop, &pinfo); 7226 if (err == -ENOENT) 7227 break; 7228 if (err) 7229 goto out_err; 7230 7231 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 7232 cb->nlh->nlmsg_seq, NLM_F_MULTI, 7233 wdev->netdev, dst, next_hop, 7234 &pinfo) < 0) 7235 goto out; 7236 7237 path_idx++; 7238 } 7239 7240 out: 7241 cb->args[2] = path_idx; 7242 err = skb->len; 7243 out_err: 7244 wiphy_unlock(&rdev->wiphy); 7245 return err; 7246} 7247 7248static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 7249{ 7250 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7251 int err; 7252 struct net_device *dev = info->user_ptr[1]; 7253 struct mpath_info pinfo; 7254 struct sk_buff *msg; 7255 u8 *dst = NULL; 7256 u8 next_hop[ETH_ALEN]; 7257 7258 memset(&pinfo, 0, sizeof(pinfo)); 7259 7260 if (!info->attrs[NL80211_ATTR_MAC]) 7261 return -EINVAL; 7262 7263 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 7264 7265 if (!rdev->ops->get_mpath) 7266 return -EOPNOTSUPP; 7267 7268 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 7269 return -EOPNOTSUPP; 7270 7271 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo); 7272 if (err) 7273 return err; 7274 7275 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7276 if (!msg) 7277 return -ENOMEM; 7278 7279 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 7280 dev, dst, next_hop, &pinfo) < 0) { 7281 nlmsg_free(msg); 7282 return -ENOBUFS; 7283 } 7284 7285 return genlmsg_reply(msg, info); 7286} 7287 7288static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 7289{ 7290 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7291 struct net_device *dev = info->user_ptr[1]; 7292 u8 *dst = NULL; 7293 u8 *next_hop = NULL; 7294 7295 if (!info->attrs[NL80211_ATTR_MAC]) 7296 return -EINVAL; 7297 7298 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 7299 return -EINVAL; 7300 7301 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 7302 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 7303 7304 if (!rdev->ops->change_mpath) 7305 return -EOPNOTSUPP; 7306 7307 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 7308 return -EOPNOTSUPP; 7309 7310 return rdev_change_mpath(rdev, dev, dst, next_hop); 7311} 7312 7313static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 7314{ 7315 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7316 struct net_device *dev = info->user_ptr[1]; 7317 u8 *dst = NULL; 7318 u8 *next_hop = NULL; 7319 7320 if (!info->attrs[NL80211_ATTR_MAC]) 7321 return -EINVAL; 7322 7323 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 7324 return -EINVAL; 7325 7326 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 7327 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 7328 7329 if (!rdev->ops->add_mpath) 7330 return -EOPNOTSUPP; 7331 7332 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 7333 return -EOPNOTSUPP; 7334 7335 return rdev_add_mpath(rdev, dev, dst, next_hop); 7336} 7337 7338static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 7339{ 7340 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7341 struct net_device *dev = info->user_ptr[1]; 7342 u8 *dst = NULL; 7343 7344 if (info->attrs[NL80211_ATTR_MAC]) 7345 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 7346 7347 if (!rdev->ops->del_mpath) 7348 return -EOPNOTSUPP; 7349 7350 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 7351 return -EOPNOTSUPP; 7352 7353 return rdev_del_mpath(rdev, dev, dst); 7354} 7355 7356static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info) 7357{ 7358 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7359 int err; 7360 struct net_device *dev = info->user_ptr[1]; 7361 struct mpath_info pinfo; 7362 struct sk_buff *msg; 7363 u8 *dst = NULL; 7364 u8 mpp[ETH_ALEN]; 7365 7366 memset(&pinfo, 0, sizeof(pinfo)); 7367 7368 if (!info->attrs[NL80211_ATTR_MAC]) 7369 return -EINVAL; 7370 7371 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 7372 7373 if (!rdev->ops->get_mpp) 7374 return -EOPNOTSUPP; 7375 7376 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 7377 return -EOPNOTSUPP; 7378 7379 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo); 7380 if (err) 7381 return err; 7382 7383 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7384 if (!msg) 7385 return -ENOMEM; 7386 7387 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 7388 dev, dst, mpp, &pinfo) < 0) { 7389 nlmsg_free(msg); 7390 return -ENOBUFS; 7391 } 7392 7393 return genlmsg_reply(msg, info); 7394} 7395 7396static int nl80211_dump_mpp(struct sk_buff *skb, 7397 struct netlink_callback *cb) 7398{ 7399 struct mpath_info pinfo; 7400 struct cfg80211_registered_device *rdev; 7401 struct wireless_dev *wdev; 7402 u8 dst[ETH_ALEN]; 7403 u8 mpp[ETH_ALEN]; 7404 int path_idx = cb->args[2]; 7405 int err; 7406 7407 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL); 7408 if (err) 7409 return err; 7410 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 7411 __acquire(&rdev->wiphy.mtx); 7412 7413 if (!rdev->ops->dump_mpp) { 7414 err = -EOPNOTSUPP; 7415 goto out_err; 7416 } 7417 7418 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) { 7419 err = -EOPNOTSUPP; 7420 goto out_err; 7421 } 7422 7423 while (1) { 7424 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst, 7425 mpp, &pinfo); 7426 if (err == -ENOENT) 7427 break; 7428 if (err) 7429 goto out_err; 7430 7431 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 7432 cb->nlh->nlmsg_seq, NLM_F_MULTI, 7433 wdev->netdev, dst, mpp, 7434 &pinfo) < 0) 7435 goto out; 7436 7437 path_idx++; 7438 } 7439 7440 out: 7441 cb->args[2] = path_idx; 7442 err = skb->len; 7443 out_err: 7444 wiphy_unlock(&rdev->wiphy); 7445 return err; 7446} 7447 7448static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 7449{ 7450 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7451 struct net_device *dev = info->user_ptr[1]; 7452 struct wireless_dev *wdev = dev->ieee80211_ptr; 7453 struct bss_parameters params; 7454 int err; 7455 7456 memset(¶ms, 0, sizeof(params)); 7457 /* default to not changing parameters */ 7458 params.use_cts_prot = -1; 7459 params.use_short_preamble = -1; 7460 params.use_short_slot_time = -1; 7461 params.ap_isolate = -1; 7462 params.ht_opmode = -1; 7463 params.p2p_ctwindow = -1; 7464 params.p2p_opp_ps = -1; 7465 7466 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 7467 params.use_cts_prot = 7468 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 7469 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 7470 params.use_short_preamble = 7471 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 7472 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 7473 params.use_short_slot_time = 7474 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 7475 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 7476 params.basic_rates = 7477 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 7478 params.basic_rates_len = 7479 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 7480 } 7481 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 7482 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 7483 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 7484 params.ht_opmode = 7485 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 7486 7487 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 7488 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 7489 return -EINVAL; 7490 params.p2p_ctwindow = 7491 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 7492 if (params.p2p_ctwindow != 0 && 7493 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 7494 return -EINVAL; 7495 } 7496 7497 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 7498 u8 tmp; 7499 7500 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 7501 return -EINVAL; 7502 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 7503 params.p2p_opp_ps = tmp; 7504 if (params.p2p_opp_ps && 7505 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 7506 return -EINVAL; 7507 } 7508 7509 if (!rdev->ops->change_bss) 7510 return -EOPNOTSUPP; 7511 7512 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 7513 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 7514 return -EOPNOTSUPP; 7515 7516 wdev_lock(wdev); 7517 err = rdev_change_bss(rdev, dev, ¶ms); 7518 wdev_unlock(wdev); 7519 7520 return err; 7521} 7522 7523static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 7524{ 7525 char *data = NULL; 7526 bool is_indoor; 7527 enum nl80211_user_reg_hint_type user_reg_hint_type; 7528 u32 owner_nlportid; 7529 7530 /* 7531 * You should only get this when cfg80211 hasn't yet initialized 7532 * completely when built-in to the kernel right between the time 7533 * window between nl80211_init() and regulatory_init(), if that is 7534 * even possible. 7535 */ 7536 if (unlikely(!rcu_access_pointer(cfg80211_regdomain))) 7537 return -EINPROGRESS; 7538 7539 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]) 7540 user_reg_hint_type = 7541 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]); 7542 else 7543 user_reg_hint_type = NL80211_USER_REG_HINT_USER; 7544 7545 switch (user_reg_hint_type) { 7546 case NL80211_USER_REG_HINT_USER: 7547 case NL80211_USER_REG_HINT_CELL_BASE: 7548 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 7549 return -EINVAL; 7550 7551 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 7552 return regulatory_hint_user(data, user_reg_hint_type); 7553 case NL80211_USER_REG_HINT_INDOOR: 7554 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 7555 owner_nlportid = info->snd_portid; 7556 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR]; 7557 } else { 7558 owner_nlportid = 0; 7559 is_indoor = true; 7560 } 7561 7562 return regulatory_hint_indoor(is_indoor, owner_nlportid); 7563 default: 7564 return -EINVAL; 7565 } 7566} 7567 7568static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info) 7569{ 7570 return reg_reload_regdb(); 7571} 7572 7573static int nl80211_get_mesh_config(struct sk_buff *skb, 7574 struct genl_info *info) 7575{ 7576 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7577 struct net_device *dev = info->user_ptr[1]; 7578 struct wireless_dev *wdev = dev->ieee80211_ptr; 7579 struct mesh_config cur_params; 7580 int err = 0; 7581 void *hdr; 7582 struct nlattr *pinfoattr; 7583 struct sk_buff *msg; 7584 7585 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 7586 return -EOPNOTSUPP; 7587 7588 if (!rdev->ops->get_mesh_config) 7589 return -EOPNOTSUPP; 7590 7591 wdev_lock(wdev); 7592 /* If not connected, get default parameters */ 7593 if (!wdev->mesh_id_len) 7594 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 7595 else 7596 err = rdev_get_mesh_config(rdev, dev, &cur_params); 7597 wdev_unlock(wdev); 7598 7599 if (err) 7600 return err; 7601 7602 /* Draw up a netlink message to send back */ 7603 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7604 if (!msg) 7605 return -ENOMEM; 7606 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 7607 NL80211_CMD_GET_MESH_CONFIG); 7608 if (!hdr) 7609 goto out; 7610 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG); 7611 if (!pinfoattr) 7612 goto nla_put_failure; 7613 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 7614 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 7615 cur_params.dot11MeshRetryTimeout) || 7616 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 7617 cur_params.dot11MeshConfirmTimeout) || 7618 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 7619 cur_params.dot11MeshHoldingTimeout) || 7620 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 7621 cur_params.dot11MeshMaxPeerLinks) || 7622 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES, 7623 cur_params.dot11MeshMaxRetries) || 7624 nla_put_u8(msg, NL80211_MESHCONF_TTL, 7625 cur_params.dot11MeshTTL) || 7626 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL, 7627 cur_params.element_ttl) || 7628 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 7629 cur_params.auto_open_plinks) || 7630 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 7631 cur_params.dot11MeshNbrOffsetMaxNeighbor) || 7632 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 7633 cur_params.dot11MeshHWMPmaxPREQretries) || 7634 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 7635 cur_params.path_refresh_time) || 7636 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 7637 cur_params.min_discovery_timeout) || 7638 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 7639 cur_params.dot11MeshHWMPactivePathTimeout) || 7640 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 7641 cur_params.dot11MeshHWMPpreqMinInterval) || 7642 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 7643 cur_params.dot11MeshHWMPperrMinInterval) || 7644 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 7645 cur_params.dot11MeshHWMPnetDiameterTraversalTime) || 7646 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 7647 cur_params.dot11MeshHWMPRootMode) || 7648 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 7649 cur_params.dot11MeshHWMPRannInterval) || 7650 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 7651 cur_params.dot11MeshGateAnnouncementProtocol) || 7652 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING, 7653 cur_params.dot11MeshForwarding) || 7654 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 7655 cur_params.rssi_threshold) || 7656 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE, 7657 cur_params.ht_opmode) || 7658 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 7659 cur_params.dot11MeshHWMPactivePathToRootTimeout) || 7660 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 7661 cur_params.dot11MeshHWMProotInterval) || 7662 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 7663 cur_params.dot11MeshHWMPconfirmationInterval) || 7664 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE, 7665 cur_params.power_mode) || 7666 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW, 7667 cur_params.dot11MeshAwakeWindowDuration) || 7668 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT, 7669 cur_params.plink_timeout) || 7670 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE, 7671 cur_params.dot11MeshConnectedToMeshGate) || 7672 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN, 7673 cur_params.dot11MeshNolearn) || 7674 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS, 7675 cur_params.dot11MeshConnectedToAuthServer)) 7676 goto nla_put_failure; 7677 nla_nest_end(msg, pinfoattr); 7678 genlmsg_end(msg, hdr); 7679 return genlmsg_reply(msg, info); 7680 7681 nla_put_failure: 7682 out: 7683 nlmsg_free(msg); 7684 return -ENOBUFS; 7685} 7686 7687static const struct nla_policy 7688nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 7689 [NL80211_MESHCONF_RETRY_TIMEOUT] = 7690 NLA_POLICY_RANGE(NLA_U16, 1, 255), 7691 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = 7692 NLA_POLICY_RANGE(NLA_U16, 1, 255), 7693 [NL80211_MESHCONF_HOLDING_TIMEOUT] = 7694 NLA_POLICY_RANGE(NLA_U16, 1, 255), 7695 [NL80211_MESHCONF_MAX_PEER_LINKS] = 7696 NLA_POLICY_RANGE(NLA_U16, 0, 255), 7697 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16), 7698 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1), 7699 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1), 7700 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1), 7701 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = 7702 NLA_POLICY_RANGE(NLA_U32, 1, 255), 7703 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 7704 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 7705 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1), 7706 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 7707 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = 7708 NLA_POLICY_MIN(NLA_U16, 1), 7709 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = 7710 NLA_POLICY_MIN(NLA_U16, 1), 7711 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = 7712 NLA_POLICY_MIN(NLA_U16, 1), 7713 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4), 7714 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = 7715 NLA_POLICY_MIN(NLA_U16, 1), 7716 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1), 7717 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1), 7718 [NL80211_MESHCONF_RSSI_THRESHOLD] = 7719 NLA_POLICY_RANGE(NLA_S32, -255, 0), 7720 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 }, 7721 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 }, 7722 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = 7723 NLA_POLICY_MIN(NLA_U16, 1), 7724 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = 7725 NLA_POLICY_MIN(NLA_U16, 1), 7726 [NL80211_MESHCONF_POWER_MODE] = 7727 NLA_POLICY_RANGE(NLA_U32, 7728 NL80211_MESH_POWER_ACTIVE, 7729 NL80211_MESH_POWER_MAX), 7730 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 }, 7731 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 }, 7732 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1), 7733 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1), 7734 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1), 7735}; 7736 7737static const struct nla_policy 7738 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 7739 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 }, 7740 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 7741 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 7742 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 7743 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 }, 7744 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG }, 7745 [NL80211_MESH_SETUP_IE] = 7746 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr, 7747 IEEE80211_MAX_DATA_LEN), 7748 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 7749}; 7750 7751static int nl80211_parse_mesh_config(struct genl_info *info, 7752 struct mesh_config *cfg, 7753 u32 *mask_out) 7754{ 7755 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 7756 u32 mask = 0; 7757 u16 ht_opmode; 7758 7759#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \ 7760do { \ 7761 if (tb[attr]) { \ 7762 cfg->param = fn(tb[attr]); \ 7763 mask |= BIT((attr) - 1); \ 7764 } \ 7765} while (0) 7766 7767 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 7768 return -EINVAL; 7769 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack)) 7770 return -EINVAL; 7771 7772 /* This makes sure that there aren't more than 32 mesh config 7773 * parameters (otherwise our bitfield scheme would not work.) */ 7774 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 7775 7776 /* Fill in the params struct */ 7777 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask, 7778 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16); 7779 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask, 7780 NL80211_MESHCONF_CONFIRM_TIMEOUT, 7781 nla_get_u16); 7782 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask, 7783 NL80211_MESHCONF_HOLDING_TIMEOUT, 7784 nla_get_u16); 7785 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask, 7786 NL80211_MESHCONF_MAX_PEER_LINKS, 7787 nla_get_u16); 7788 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask, 7789 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8); 7790 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask, 7791 NL80211_MESHCONF_TTL, nla_get_u8); 7792 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask, 7793 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8); 7794 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask, 7795 NL80211_MESHCONF_AUTO_OPEN_PLINKS, 7796 nla_get_u8); 7797 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, 7798 mask, 7799 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 7800 nla_get_u32); 7801 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask, 7802 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 7803 nla_get_u8); 7804 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask, 7805 NL80211_MESHCONF_PATH_REFRESH_TIME, 7806 nla_get_u32); 7807 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) && 7808 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535)) 7809 return -EINVAL; 7810 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask, 7811 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 7812 nla_get_u16); 7813 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 7814 mask, 7815 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 7816 nla_get_u32); 7817 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) && 7818 (cfg->dot11MeshHWMPactivePathTimeout < 1 || 7819 cfg->dot11MeshHWMPactivePathTimeout > 65535)) 7820 return -EINVAL; 7821 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask, 7822 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 7823 nla_get_u16); 7824 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask, 7825 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 7826 nla_get_u16); 7827 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 7828 dot11MeshHWMPnetDiameterTraversalTime, mask, 7829 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 7830 nla_get_u16); 7831 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask, 7832 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8); 7833 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask, 7834 NL80211_MESHCONF_HWMP_RANN_INTERVAL, 7835 nla_get_u16); 7836 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol, 7837 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 7838 nla_get_u8); 7839 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask, 7840 NL80211_MESHCONF_FORWARDING, nla_get_u8); 7841 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask, 7842 NL80211_MESHCONF_RSSI_THRESHOLD, 7843 nla_get_s32); 7844 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask, 7845 NL80211_MESHCONF_CONNECTED_TO_GATE, 7846 nla_get_u8); 7847 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask, 7848 NL80211_MESHCONF_CONNECTED_TO_AS, 7849 nla_get_u8); 7850 /* 7851 * Check HT operation mode based on 7852 * IEEE 802.11-2016 9.4.2.57 HT Operation element. 7853 */ 7854 if (tb[NL80211_MESHCONF_HT_OPMODE]) { 7855 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]); 7856 7857 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION | 7858 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT | 7859 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT)) 7860 return -EINVAL; 7861 7862 /* NON_HT_STA bit is reserved, but some programs set it */ 7863 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT; 7864 7865 cfg->ht_opmode = ht_opmode; 7866 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1)); 7867 } 7868 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 7869 dot11MeshHWMPactivePathToRootTimeout, mask, 7870 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 7871 nla_get_u32); 7872 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) && 7873 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 || 7874 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535)) 7875 return -EINVAL; 7876 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask, 7877 NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 7878 nla_get_u16); 7879 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval, 7880 mask, 7881 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 7882 nla_get_u16); 7883 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask, 7884 NL80211_MESHCONF_POWER_MODE, nla_get_u32); 7885 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask, 7886 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16); 7887 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask, 7888 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32); 7889 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask, 7890 NL80211_MESHCONF_NOLEARN, nla_get_u8); 7891 if (mask_out) 7892 *mask_out = mask; 7893 7894 return 0; 7895 7896#undef FILL_IN_MESH_PARAM_IF_SET 7897} 7898 7899static int nl80211_parse_mesh_setup(struct genl_info *info, 7900 struct mesh_setup *setup) 7901{ 7902 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7903 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 7904 7905 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 7906 return -EINVAL; 7907 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack)) 7908 return -EINVAL; 7909 7910 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC]) 7911 setup->sync_method = 7912 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ? 7913 IEEE80211_SYNC_METHOD_VENDOR : 7914 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET; 7915 7916 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 7917 setup->path_sel_proto = 7918 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 7919 IEEE80211_PATH_PROTOCOL_VENDOR : 7920 IEEE80211_PATH_PROTOCOL_HWMP; 7921 7922 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 7923 setup->path_metric = 7924 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 7925 IEEE80211_PATH_METRIC_VENDOR : 7926 IEEE80211_PATH_METRIC_AIRTIME; 7927 7928 if (tb[NL80211_MESH_SETUP_IE]) { 7929 struct nlattr *ieattr = 7930 tb[NL80211_MESH_SETUP_IE]; 7931 setup->ie = nla_data(ieattr); 7932 setup->ie_len = nla_len(ieattr); 7933 } 7934 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] && 7935 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM)) 7936 return -EINVAL; 7937 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]); 7938 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 7939 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 7940 if (setup->is_secure) 7941 setup->user_mpm = true; 7942 7943 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) { 7944 if (!setup->user_mpm) 7945 return -EINVAL; 7946 setup->auth_id = 7947 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]); 7948 } 7949 7950 return 0; 7951} 7952 7953static int nl80211_update_mesh_config(struct sk_buff *skb, 7954 struct genl_info *info) 7955{ 7956 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7957 struct net_device *dev = info->user_ptr[1]; 7958 struct wireless_dev *wdev = dev->ieee80211_ptr; 7959 struct mesh_config cfg; 7960 u32 mask; 7961 int err; 7962 7963 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 7964 return -EOPNOTSUPP; 7965 7966 if (!rdev->ops->update_mesh_config) 7967 return -EOPNOTSUPP; 7968 7969 err = nl80211_parse_mesh_config(info, &cfg, &mask); 7970 if (err) 7971 return err; 7972 7973 wdev_lock(wdev); 7974 if (!wdev->mesh_id_len) 7975 err = -ENOLINK; 7976 7977 if (!err) 7978 err = rdev_update_mesh_config(rdev, dev, mask, &cfg); 7979 7980 wdev_unlock(wdev); 7981 7982 return err; 7983} 7984 7985static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom, 7986 struct sk_buff *msg) 7987{ 7988 struct nlattr *nl_reg_rules; 7989 unsigned int i; 7990 7991 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) || 7992 (regdom->dfs_region && 7993 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region))) 7994 goto nla_put_failure; 7995 7996 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES); 7997 if (!nl_reg_rules) 7998 goto nla_put_failure; 7999 8000 for (i = 0; i < regdom->n_reg_rules; i++) { 8001 struct nlattr *nl_reg_rule; 8002 const struct ieee80211_reg_rule *reg_rule; 8003 const struct ieee80211_freq_range *freq_range; 8004 const struct ieee80211_power_rule *power_rule; 8005 unsigned int max_bandwidth_khz; 8006 8007 reg_rule = ®dom->reg_rules[i]; 8008 freq_range = ®_rule->freq_range; 8009 power_rule = ®_rule->power_rule; 8010 8011 nl_reg_rule = nla_nest_start_noflag(msg, i); 8012 if (!nl_reg_rule) 8013 goto nla_put_failure; 8014 8015 max_bandwidth_khz = freq_range->max_bandwidth_khz; 8016 if (!max_bandwidth_khz) 8017 max_bandwidth_khz = reg_get_max_bandwidth(regdom, 8018 reg_rule); 8019 8020 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS, 8021 reg_rule->flags) || 8022 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START, 8023 freq_range->start_freq_khz) || 8024 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END, 8025 freq_range->end_freq_khz) || 8026 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 8027 max_bandwidth_khz) || 8028 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 8029 power_rule->max_antenna_gain) || 8030 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 8031 power_rule->max_eirp) || 8032 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME, 8033 reg_rule->dfs_cac_ms)) 8034 goto nla_put_failure; 8035 8036 nla_nest_end(msg, nl_reg_rule); 8037 } 8038 8039 nla_nest_end(msg, nl_reg_rules); 8040 return 0; 8041 8042nla_put_failure: 8043 return -EMSGSIZE; 8044} 8045 8046static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info) 8047{ 8048 const struct ieee80211_regdomain *regdom = NULL; 8049 struct cfg80211_registered_device *rdev; 8050 struct wiphy *wiphy = NULL; 8051 struct sk_buff *msg; 8052 int err = -EMSGSIZE; 8053 void *hdr; 8054 8055 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8056 if (!msg) 8057 return -ENOBUFS; 8058 8059 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 8060 NL80211_CMD_GET_REG); 8061 if (!hdr) 8062 goto put_failure; 8063 8064 rtnl_lock(); 8065 8066 if (info->attrs[NL80211_ATTR_WIPHY]) { 8067 bool self_managed; 8068 8069 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 8070 if (IS_ERR(rdev)) { 8071 err = PTR_ERR(rdev); 8072 goto nla_put_failure; 8073 } 8074 8075 wiphy = &rdev->wiphy; 8076 self_managed = wiphy->regulatory_flags & 8077 REGULATORY_WIPHY_SELF_MANAGED; 8078 8079 rcu_read_lock(); 8080 8081 regdom = get_wiphy_regdom(wiphy); 8082 8083 /* a self-managed-reg device must have a private regdom */ 8084 if (WARN_ON(!regdom && self_managed)) { 8085 err = -EINVAL; 8086 goto nla_put_failure_rcu; 8087 } 8088 8089 if (regdom && 8090 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 8091 goto nla_put_failure_rcu; 8092 } else { 8093 rcu_read_lock(); 8094 } 8095 8096 if (!wiphy && reg_last_request_cell_base() && 8097 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 8098 NL80211_USER_REG_HINT_CELL_BASE)) 8099 goto nla_put_failure_rcu; 8100 8101 if (!regdom) 8102 regdom = rcu_dereference(cfg80211_regdomain); 8103 8104 if (nl80211_put_regdom(regdom, msg)) 8105 goto nla_put_failure_rcu; 8106 8107 rcu_read_unlock(); 8108 8109 genlmsg_end(msg, hdr); 8110 rtnl_unlock(); 8111 return genlmsg_reply(msg, info); 8112 8113nla_put_failure_rcu: 8114 rcu_read_unlock(); 8115nla_put_failure: 8116 rtnl_unlock(); 8117put_failure: 8118 nlmsg_free(msg); 8119 return err; 8120} 8121 8122static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb, 8123 u32 seq, int flags, struct wiphy *wiphy, 8124 const struct ieee80211_regdomain *regdom) 8125{ 8126 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 8127 NL80211_CMD_GET_REG); 8128 8129 if (!hdr) 8130 return -1; 8131 8132 genl_dump_check_consistent(cb, hdr); 8133 8134 if (nl80211_put_regdom(regdom, msg)) 8135 goto nla_put_failure; 8136 8137 if (!wiphy && reg_last_request_cell_base() && 8138 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 8139 NL80211_USER_REG_HINT_CELL_BASE)) 8140 goto nla_put_failure; 8141 8142 if (wiphy && 8143 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 8144 goto nla_put_failure; 8145 8146 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 8147 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 8148 goto nla_put_failure; 8149 8150 genlmsg_end(msg, hdr); 8151 return 0; 8152 8153nla_put_failure: 8154 genlmsg_cancel(msg, hdr); 8155 return -EMSGSIZE; 8156} 8157 8158static int nl80211_get_reg_dump(struct sk_buff *skb, 8159 struct netlink_callback *cb) 8160{ 8161 const struct ieee80211_regdomain *regdom = NULL; 8162 struct cfg80211_registered_device *rdev; 8163 int err, reg_idx, start = cb->args[2]; 8164 8165 rcu_read_lock(); 8166 8167 if (cfg80211_regdomain && start == 0) { 8168 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq, 8169 NLM_F_MULTI, NULL, 8170 rcu_dereference(cfg80211_regdomain)); 8171 if (err < 0) 8172 goto out_err; 8173 } 8174 8175 /* the global regdom is idx 0 */ 8176 reg_idx = 1; 8177 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 8178 regdom = get_wiphy_regdom(&rdev->wiphy); 8179 if (!regdom) 8180 continue; 8181 8182 if (++reg_idx <= start) 8183 continue; 8184 8185 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq, 8186 NLM_F_MULTI, &rdev->wiphy, regdom); 8187 if (err < 0) { 8188 reg_idx--; 8189 break; 8190 } 8191 } 8192 8193 cb->args[2] = reg_idx; 8194 err = skb->len; 8195out_err: 8196 rcu_read_unlock(); 8197 return err; 8198} 8199 8200#ifdef CONFIG_CFG80211_CRDA_SUPPORT 8201static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 8202 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 8203 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 8204 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 8205 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 8206 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 8207 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 8208 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 }, 8209}; 8210 8211static int parse_reg_rule(struct nlattr *tb[], 8212 struct ieee80211_reg_rule *reg_rule) 8213{ 8214 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 8215 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 8216 8217 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 8218 return -EINVAL; 8219 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 8220 return -EINVAL; 8221 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 8222 return -EINVAL; 8223 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 8224 return -EINVAL; 8225 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 8226 return -EINVAL; 8227 8228 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 8229 8230 freq_range->start_freq_khz = 8231 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 8232 freq_range->end_freq_khz = 8233 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 8234 freq_range->max_bandwidth_khz = 8235 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 8236 8237 power_rule->max_eirp = 8238 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 8239 8240 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 8241 power_rule->max_antenna_gain = 8242 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 8243 8244 if (tb[NL80211_ATTR_DFS_CAC_TIME]) 8245 reg_rule->dfs_cac_ms = 8246 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]); 8247 8248 return 0; 8249} 8250 8251static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 8252{ 8253 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 8254 struct nlattr *nl_reg_rule; 8255 char *alpha2; 8256 int rem_reg_rules, r; 8257 u32 num_rules = 0, rule_idx = 0; 8258 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET; 8259 struct ieee80211_regdomain *rd; 8260 8261 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 8262 return -EINVAL; 8263 8264 if (!info->attrs[NL80211_ATTR_REG_RULES]) 8265 return -EINVAL; 8266 8267 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 8268 8269 if (info->attrs[NL80211_ATTR_DFS_REGION]) 8270 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 8271 8272 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 8273 rem_reg_rules) { 8274 num_rules++; 8275 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 8276 return -EINVAL; 8277 } 8278 8279 rtnl_lock(); 8280 if (!reg_is_valid_request(alpha2)) { 8281 r = -EINVAL; 8282 goto out; 8283 } 8284 8285 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL); 8286 if (!rd) { 8287 r = -ENOMEM; 8288 goto out; 8289 } 8290 8291 rd->n_reg_rules = num_rules; 8292 rd->alpha2[0] = alpha2[0]; 8293 rd->alpha2[1] = alpha2[1]; 8294 8295 /* 8296 * Disable DFS master mode if the DFS region was 8297 * not supported or known on this kernel. 8298 */ 8299 if (reg_supported_dfs_region(dfs_region)) 8300 rd->dfs_region = dfs_region; 8301 8302 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 8303 rem_reg_rules) { 8304 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX, 8305 nl_reg_rule, reg_rule_policy, 8306 info->extack); 8307 if (r) 8308 goto bad_reg; 8309 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 8310 if (r) 8311 goto bad_reg; 8312 8313 rule_idx++; 8314 8315 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 8316 r = -EINVAL; 8317 goto bad_reg; 8318 } 8319 } 8320 8321 r = set_regdom(rd, REGD_SOURCE_CRDA); 8322 /* set_regdom takes ownership of rd */ 8323 rd = NULL; 8324 bad_reg: 8325 kfree(rd); 8326 out: 8327 rtnl_unlock(); 8328 return r; 8329} 8330#endif /* CONFIG_CFG80211_CRDA_SUPPORT */ 8331 8332static int validate_scan_freqs(struct nlattr *freqs) 8333{ 8334 struct nlattr *attr1, *attr2; 8335 int n_channels = 0, tmp1, tmp2; 8336 8337 nla_for_each_nested(attr1, freqs, tmp1) 8338 if (nla_len(attr1) != sizeof(u32)) 8339 return 0; 8340 8341 nla_for_each_nested(attr1, freqs, tmp1) { 8342 n_channels++; 8343 /* 8344 * Some hardware has a limited channel list for 8345 * scanning, and it is pretty much nonsensical 8346 * to scan for a channel twice, so disallow that 8347 * and don't require drivers to check that the 8348 * channel list they get isn't longer than what 8349 * they can scan, as long as they can scan all 8350 * the channels they registered at once. 8351 */ 8352 nla_for_each_nested(attr2, freqs, tmp2) 8353 if (attr1 != attr2 && 8354 nla_get_u32(attr1) == nla_get_u32(attr2)) 8355 return 0; 8356 } 8357 8358 return n_channels; 8359} 8360 8361static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b) 8362{ 8363 return b < NUM_NL80211_BANDS && wiphy->bands[b]; 8364} 8365 8366static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy, 8367 struct cfg80211_bss_selection *bss_select) 8368{ 8369 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1]; 8370 struct nlattr *nest; 8371 int err; 8372 bool found = false; 8373 int i; 8374 8375 /* only process one nested attribute */ 8376 nest = nla_data(nla); 8377 if (!nla_ok(nest, nla_len(nest))) 8378 return -EINVAL; 8379 8380 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX, 8381 nest, nl80211_bss_select_policy, 8382 NULL); 8383 if (err) 8384 return err; 8385 8386 /* only one attribute may be given */ 8387 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) { 8388 if (attr[i]) { 8389 if (found) 8390 return -EINVAL; 8391 found = true; 8392 } 8393 } 8394 8395 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID; 8396 8397 if (attr[NL80211_BSS_SELECT_ATTR_RSSI]) 8398 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI; 8399 8400 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) { 8401 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF; 8402 bss_select->param.band_pref = 8403 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]); 8404 if (!is_band_valid(wiphy, bss_select->param.band_pref)) 8405 return -EINVAL; 8406 } 8407 8408 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) { 8409 struct nl80211_bss_select_rssi_adjust *adj_param; 8410 8411 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]); 8412 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST; 8413 bss_select->param.adjust.band = adj_param->band; 8414 bss_select->param.adjust.delta = adj_param->delta; 8415 if (!is_band_valid(wiphy, bss_select->param.adjust.band)) 8416 return -EINVAL; 8417 } 8418 8419 /* user-space did not provide behaviour attribute */ 8420 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID) 8421 return -EINVAL; 8422 8423 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour))) 8424 return -EINVAL; 8425 8426 return 0; 8427} 8428 8429int nl80211_parse_random_mac(struct nlattr **attrs, 8430 u8 *mac_addr, u8 *mac_addr_mask) 8431{ 8432 int i; 8433 8434 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) { 8435 eth_zero_addr(mac_addr); 8436 eth_zero_addr(mac_addr_mask); 8437 mac_addr[0] = 0x2; 8438 mac_addr_mask[0] = 0x3; 8439 8440 return 0; 8441 } 8442 8443 /* need both or none */ 8444 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK]) 8445 return -EINVAL; 8446 8447 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN); 8448 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN); 8449 8450 /* don't allow or configure an mcast address */ 8451 if (!is_multicast_ether_addr(mac_addr_mask) || 8452 is_multicast_ether_addr(mac_addr)) 8453 return -EINVAL; 8454 8455 /* 8456 * allow users to pass a MAC address that has bits set outside 8457 * of the mask, but don't bother drivers with having to deal 8458 * with such bits 8459 */ 8460 for (i = 0; i < ETH_ALEN; i++) 8461 mac_addr[i] &= mac_addr_mask[i]; 8462 8463 return 0; 8464} 8465 8466static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev) 8467{ 8468 ASSERT_WDEV_LOCK(wdev); 8469 8470 if (!cfg80211_beaconing_iface_active(wdev)) 8471 return true; 8472 8473 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR)) 8474 return true; 8475 8476 return regulatory_pre_cac_allowed(wdev->wiphy); 8477} 8478 8479static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag, 8480 enum nl80211_ext_feature_index feat) 8481{ 8482 if (!(flags & flag)) 8483 return true; 8484 if (wiphy_ext_feature_isset(wiphy, feat)) 8485 return true; 8486 return false; 8487} 8488 8489static int 8490nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev, 8491 void *request, struct nlattr **attrs, 8492 bool is_sched_scan) 8493{ 8494 u8 *mac_addr, *mac_addr_mask; 8495 u32 *flags; 8496 enum nl80211_feature_flags randomness_flag; 8497 8498 if (!attrs[NL80211_ATTR_SCAN_FLAGS]) 8499 return 0; 8500 8501 if (is_sched_scan) { 8502 struct cfg80211_sched_scan_request *req = request; 8503 8504 randomness_flag = wdev ? 8505 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR : 8506 NL80211_FEATURE_ND_RANDOM_MAC_ADDR; 8507 flags = &req->flags; 8508 mac_addr = req->mac_addr; 8509 mac_addr_mask = req->mac_addr_mask; 8510 } else { 8511 struct cfg80211_scan_request *req = request; 8512 8513 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR; 8514 flags = &req->flags; 8515 mac_addr = req->mac_addr; 8516 mac_addr_mask = req->mac_addr_mask; 8517 } 8518 8519 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]); 8520 8521 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 8522 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) || 8523 !nl80211_check_scan_feat(wiphy, *flags, 8524 NL80211_SCAN_FLAG_LOW_SPAN, 8525 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) || 8526 !nl80211_check_scan_feat(wiphy, *flags, 8527 NL80211_SCAN_FLAG_LOW_POWER, 8528 NL80211_EXT_FEATURE_LOW_POWER_SCAN) || 8529 !nl80211_check_scan_feat(wiphy, *flags, 8530 NL80211_SCAN_FLAG_HIGH_ACCURACY, 8531 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) || 8532 !nl80211_check_scan_feat(wiphy, *flags, 8533 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME, 8534 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) || 8535 !nl80211_check_scan_feat(wiphy, *flags, 8536 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP, 8537 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) || 8538 !nl80211_check_scan_feat(wiphy, *flags, 8539 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION, 8540 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) || 8541 !nl80211_check_scan_feat(wiphy, *flags, 8542 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE, 8543 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) || 8544 !nl80211_check_scan_feat(wiphy, *flags, 8545 NL80211_SCAN_FLAG_RANDOM_SN, 8546 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) || 8547 !nl80211_check_scan_feat(wiphy, *flags, 8548 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT, 8549 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT)) 8550 return -EOPNOTSUPP; 8551 8552 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) { 8553 int err; 8554 8555 if (!(wiphy->features & randomness_flag) || 8556 (wdev && wdev->current_bss)) 8557 return -EOPNOTSUPP; 8558 8559 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask); 8560 if (err) 8561 return err; 8562 } 8563 8564 return 0; 8565} 8566 8567static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 8568{ 8569 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8570 struct wireless_dev *wdev = info->user_ptr[1]; 8571 struct cfg80211_scan_request *request; 8572 struct nlattr *scan_freqs = NULL; 8573 bool scan_freqs_khz = false; 8574 struct nlattr *attr; 8575 struct wiphy *wiphy; 8576 int err, tmp, n_ssids = 0, n_channels, i; 8577 size_t ie_len; 8578 8579 wiphy = &rdev->wiphy; 8580 8581 if (wdev->iftype == NL80211_IFTYPE_NAN) 8582 return -EOPNOTSUPP; 8583 8584 if (!rdev->ops->scan) 8585 return -EOPNOTSUPP; 8586 8587 if (rdev->scan_req || rdev->scan_msg) 8588 return -EBUSY; 8589 8590 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) { 8591 if (!wiphy_ext_feature_isset(wiphy, 8592 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ)) 8593 return -EOPNOTSUPP; 8594 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]; 8595 scan_freqs_khz = true; 8596 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) 8597 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]; 8598 8599 if (scan_freqs) { 8600 n_channels = validate_scan_freqs(scan_freqs); 8601 if (!n_channels) 8602 return -EINVAL; 8603 } else { 8604 n_channels = ieee80211_get_num_supported_channels(wiphy); 8605 } 8606 8607 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 8608 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 8609 n_ssids++; 8610 8611 if (n_ssids > wiphy->max_scan_ssids) 8612 return -EINVAL; 8613 8614 if (info->attrs[NL80211_ATTR_IE]) 8615 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 8616 else 8617 ie_len = 0; 8618 8619 if (ie_len > wiphy->max_scan_ie_len) 8620 return -EINVAL; 8621 8622 request = kzalloc(sizeof(*request) 8623 + sizeof(*request->ssids) * n_ssids 8624 + sizeof(*request->channels) * n_channels 8625 + ie_len, GFP_KERNEL); 8626 if (!request) 8627 return -ENOMEM; 8628 8629 if (n_ssids) 8630 request->ssids = (void *)&request->channels[n_channels]; 8631 request->n_ssids = n_ssids; 8632 if (ie_len) { 8633 if (n_ssids) 8634 request->ie = (void *)(request->ssids + n_ssids); 8635 else 8636 request->ie = (void *)(request->channels + n_channels); 8637 } 8638 8639 i = 0; 8640 if (scan_freqs) { 8641 /* user specified, bail out if channel not found */ 8642 nla_for_each_nested(attr, scan_freqs, tmp) { 8643 struct ieee80211_channel *chan; 8644 int freq = nla_get_u32(attr); 8645 8646 if (!scan_freqs_khz) 8647 freq = MHZ_TO_KHZ(freq); 8648 8649 chan = ieee80211_get_channel_khz(wiphy, freq); 8650 if (!chan) { 8651 err = -EINVAL; 8652 goto out_free; 8653 } 8654 8655 /* ignore disabled channels */ 8656 if (chan->flags & IEEE80211_CHAN_DISABLED) 8657 continue; 8658 8659 request->channels[i] = chan; 8660 i++; 8661 } 8662 } else { 8663 enum nl80211_band band; 8664 8665 /* all channels */ 8666 for (band = 0; band < NUM_NL80211_BANDS; band++) { 8667 int j; 8668 8669 if (!wiphy->bands[band]) 8670 continue; 8671 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 8672 struct ieee80211_channel *chan; 8673 8674 chan = &wiphy->bands[band]->channels[j]; 8675 8676 if (chan->flags & IEEE80211_CHAN_DISABLED) 8677 continue; 8678 8679 request->channels[i] = chan; 8680 i++; 8681 } 8682 } 8683 } 8684 8685 if (!i) { 8686 err = -EINVAL; 8687 goto out_free; 8688 } 8689 8690 request->n_channels = i; 8691 8692 wdev_lock(wdev); 8693 if (!cfg80211_off_channel_oper_allowed(wdev)) { 8694 struct ieee80211_channel *chan; 8695 8696 if (request->n_channels != 1) { 8697 wdev_unlock(wdev); 8698 err = -EBUSY; 8699 goto out_free; 8700 } 8701 8702 chan = request->channels[0]; 8703 if (chan->center_freq != wdev->chandef.chan->center_freq) { 8704 wdev_unlock(wdev); 8705 err = -EBUSY; 8706 goto out_free; 8707 } 8708 } 8709 wdev_unlock(wdev); 8710 8711 i = 0; 8712 if (n_ssids) { 8713 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 8714 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 8715 err = -EINVAL; 8716 goto out_free; 8717 } 8718 request->ssids[i].ssid_len = nla_len(attr); 8719 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 8720 i++; 8721 } 8722 } 8723 8724 if (info->attrs[NL80211_ATTR_IE]) { 8725 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 8726 memcpy((void *)request->ie, 8727 nla_data(info->attrs[NL80211_ATTR_IE]), 8728 request->ie_len); 8729 } 8730 8731 for (i = 0; i < NUM_NL80211_BANDS; i++) 8732 if (wiphy->bands[i]) 8733 request->rates[i] = 8734 (1 << wiphy->bands[i]->n_bitrates) - 1; 8735 8736 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 8737 nla_for_each_nested(attr, 8738 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 8739 tmp) { 8740 enum nl80211_band band = nla_type(attr); 8741 8742 if (band < 0 || band >= NUM_NL80211_BANDS) { 8743 err = -EINVAL; 8744 goto out_free; 8745 } 8746 8747 if (!wiphy->bands[band]) 8748 continue; 8749 8750 err = ieee80211_get_ratemask(wiphy->bands[band], 8751 nla_data(attr), 8752 nla_len(attr), 8753 &request->rates[band]); 8754 if (err) 8755 goto out_free; 8756 } 8757 } 8758 8759 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) { 8760 request->duration = 8761 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]); 8762 request->duration_mandatory = 8763 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]); 8764 } 8765 8766 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs, 8767 false); 8768 if (err) 8769 goto out_free; 8770 8771 request->no_cck = 8772 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 8773 8774 /* Initial implementation used NL80211_ATTR_MAC to set the specific 8775 * BSSID to scan for. This was problematic because that same attribute 8776 * was already used for another purpose (local random MAC address). The 8777 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards 8778 * compatibility with older userspace components, also use the 8779 * NL80211_ATTR_MAC value here if it can be determined to be used for 8780 * the specific BSSID use case instead of the random MAC address 8781 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use). 8782 */ 8783 if (info->attrs[NL80211_ATTR_BSSID]) 8784 memcpy(request->bssid, 8785 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN); 8786 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) && 8787 info->attrs[NL80211_ATTR_MAC]) 8788 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]), 8789 ETH_ALEN); 8790 else 8791 eth_broadcast_addr(request->bssid); 8792 8793 request->wdev = wdev; 8794 request->wiphy = &rdev->wiphy; 8795 request->scan_start = jiffies; 8796 8797 rdev->scan_req = request; 8798 err = cfg80211_scan(rdev); 8799 8800 if (err) 8801 goto out_free; 8802 8803 nl80211_send_scan_start(rdev, wdev); 8804 dev_hold(wdev->netdev); 8805 8806 return 0; 8807 8808 out_free: 8809 rdev->scan_req = NULL; 8810 kfree(request); 8811 8812 return err; 8813} 8814 8815static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info) 8816{ 8817 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8818 struct wireless_dev *wdev = info->user_ptr[1]; 8819 8820 if (!rdev->ops->abort_scan) 8821 return -EOPNOTSUPP; 8822 8823 if (rdev->scan_msg) 8824 return 0; 8825 8826 if (!rdev->scan_req) 8827 return -ENOENT; 8828 8829 rdev_abort_scan(rdev, wdev); 8830 return 0; 8831} 8832 8833static int 8834nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans, 8835 struct cfg80211_sched_scan_request *request, 8836 struct nlattr **attrs) 8837{ 8838 int tmp, err, i = 0; 8839 struct nlattr *attr; 8840 8841 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) { 8842 u32 interval; 8843 8844 /* 8845 * If scan plans are not specified, 8846 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this 8847 * case one scan plan will be set with the specified scan 8848 * interval and infinite number of iterations. 8849 */ 8850 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 8851 if (!interval) 8852 return -EINVAL; 8853 8854 request->scan_plans[0].interval = 8855 DIV_ROUND_UP(interval, MSEC_PER_SEC); 8856 if (!request->scan_plans[0].interval) 8857 return -EINVAL; 8858 8859 if (request->scan_plans[0].interval > 8860 wiphy->max_sched_scan_plan_interval) 8861 request->scan_plans[0].interval = 8862 wiphy->max_sched_scan_plan_interval; 8863 8864 return 0; 8865 } 8866 8867 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) { 8868 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1]; 8869 8870 if (WARN_ON(i >= n_plans)) 8871 return -EINVAL; 8872 8873 err = nla_parse_nested_deprecated(plan, 8874 NL80211_SCHED_SCAN_PLAN_MAX, 8875 attr, nl80211_plan_policy, 8876 NULL); 8877 if (err) 8878 return err; 8879 8880 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]) 8881 return -EINVAL; 8882 8883 request->scan_plans[i].interval = 8884 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]); 8885 if (!request->scan_plans[i].interval || 8886 request->scan_plans[i].interval > 8887 wiphy->max_sched_scan_plan_interval) 8888 return -EINVAL; 8889 8890 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) { 8891 request->scan_plans[i].iterations = 8892 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]); 8893 if (!request->scan_plans[i].iterations || 8894 (request->scan_plans[i].iterations > 8895 wiphy->max_sched_scan_plan_iterations)) 8896 return -EINVAL; 8897 } else if (i < n_plans - 1) { 8898 /* 8899 * All scan plans but the last one must specify 8900 * a finite number of iterations 8901 */ 8902 return -EINVAL; 8903 } 8904 8905 i++; 8906 } 8907 8908 /* 8909 * The last scan plan must not specify the number of 8910 * iterations, it is supposed to run infinitely 8911 */ 8912 if (request->scan_plans[n_plans - 1].iterations) 8913 return -EINVAL; 8914 8915 return 0; 8916} 8917 8918static int 8919nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy, 8920 struct cfg80211_match_set *match_sets, 8921 struct nlattr *tb_band_rssi, 8922 s32 rssi_thold) 8923{ 8924 struct nlattr *attr; 8925 int i, tmp, ret = 0; 8926 8927 if (!wiphy_ext_feature_isset(wiphy, 8928 NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) { 8929 if (tb_band_rssi) 8930 ret = -EOPNOTSUPP; 8931 else 8932 for (i = 0; i < NUM_NL80211_BANDS; i++) 8933 match_sets->per_band_rssi_thold[i] = 8934 NL80211_SCAN_RSSI_THOLD_OFF; 8935 return ret; 8936 } 8937 8938 for (i = 0; i < NUM_NL80211_BANDS; i++) 8939 match_sets->per_band_rssi_thold[i] = rssi_thold; 8940 8941 nla_for_each_nested(attr, tb_band_rssi, tmp) { 8942 enum nl80211_band band = nla_type(attr); 8943 8944 if (band < 0 || band >= NUM_NL80211_BANDS) 8945 return -EINVAL; 8946 8947 match_sets->per_band_rssi_thold[band] = nla_get_s32(attr); 8948 } 8949 8950 return 0; 8951} 8952 8953static struct cfg80211_sched_scan_request * 8954nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev, 8955 struct nlattr **attrs, int max_match_sets) 8956{ 8957 struct cfg80211_sched_scan_request *request; 8958 struct nlattr *attr; 8959 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0; 8960 enum nl80211_band band; 8961 size_t ie_len; 8962 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 8963 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF; 8964 8965 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 8966 n_channels = validate_scan_freqs( 8967 attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 8968 if (!n_channels) 8969 return ERR_PTR(-EINVAL); 8970 } else { 8971 n_channels = ieee80211_get_num_supported_channels(wiphy); 8972 } 8973 8974 if (attrs[NL80211_ATTR_SCAN_SSIDS]) 8975 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS], 8976 tmp) 8977 n_ssids++; 8978 8979 if (n_ssids > wiphy->max_sched_scan_ssids) 8980 return ERR_PTR(-EINVAL); 8981 8982 /* 8983 * First, count the number of 'real' matchsets. Due to an issue with 8984 * the old implementation, matchsets containing only the RSSI attribute 8985 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default' 8986 * RSSI for all matchsets, rather than their own matchset for reporting 8987 * all APs with a strong RSSI. This is needed to be compatible with 8988 * older userspace that treated a matchset with only the RSSI as the 8989 * global RSSI for all other matchsets - if there are other matchsets. 8990 */ 8991 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 8992 nla_for_each_nested(attr, 8993 attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 8994 tmp) { 8995 struct nlattr *rssi; 8996 8997 err = nla_parse_nested_deprecated(tb, 8998 NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 8999 attr, 9000 nl80211_match_policy, 9001 NULL); 9002 if (err) 9003 return ERR_PTR(err); 9004 9005 /* SSID and BSSID are mutually exclusive */ 9006 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] && 9007 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) 9008 return ERR_PTR(-EINVAL); 9009 9010 /* add other standalone attributes here */ 9011 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] || 9012 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) { 9013 n_match_sets++; 9014 continue; 9015 } 9016 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 9017 if (rssi) 9018 default_match_rssi = nla_get_s32(rssi); 9019 } 9020 } 9021 9022 /* However, if there's no other matchset, add the RSSI one */ 9023 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF) 9024 n_match_sets = 1; 9025 9026 if (n_match_sets > max_match_sets) 9027 return ERR_PTR(-EINVAL); 9028 9029 if (attrs[NL80211_ATTR_IE]) 9030 ie_len = nla_len(attrs[NL80211_ATTR_IE]); 9031 else 9032 ie_len = 0; 9033 9034 if (ie_len > wiphy->max_sched_scan_ie_len) 9035 return ERR_PTR(-EINVAL); 9036 9037 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) { 9038 /* 9039 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since 9040 * each scan plan already specifies its own interval 9041 */ 9042 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 9043 return ERR_PTR(-EINVAL); 9044 9045 nla_for_each_nested(attr, 9046 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) 9047 n_plans++; 9048 } else { 9049 /* 9050 * The scan interval attribute is kept for backward 9051 * compatibility. If no scan plans are specified and sched scan 9052 * interval is specified, one scan plan will be set with this 9053 * scan interval and infinite number of iterations. 9054 */ 9055 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 9056 return ERR_PTR(-EINVAL); 9057 9058 n_plans = 1; 9059 } 9060 9061 if (!n_plans || n_plans > wiphy->max_sched_scan_plans) 9062 return ERR_PTR(-EINVAL); 9063 9064 if (!wiphy_ext_feature_isset( 9065 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) && 9066 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] || 9067 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST])) 9068 return ERR_PTR(-EINVAL); 9069 9070 request = kzalloc(sizeof(*request) 9071 + sizeof(*request->ssids) * n_ssids 9072 + sizeof(*request->match_sets) * n_match_sets 9073 + sizeof(*request->scan_plans) * n_plans 9074 + sizeof(*request->channels) * n_channels 9075 + ie_len, GFP_KERNEL); 9076 if (!request) 9077 return ERR_PTR(-ENOMEM); 9078 9079 if (n_ssids) 9080 request->ssids = (void *)&request->channels[n_channels]; 9081 request->n_ssids = n_ssids; 9082 if (ie_len) { 9083 if (n_ssids) 9084 request->ie = (void *)(request->ssids + n_ssids); 9085 else 9086 request->ie = (void *)(request->channels + n_channels); 9087 } 9088 9089 if (n_match_sets) { 9090 if (request->ie) 9091 request->match_sets = (void *)(request->ie + ie_len); 9092 else if (n_ssids) 9093 request->match_sets = 9094 (void *)(request->ssids + n_ssids); 9095 else 9096 request->match_sets = 9097 (void *)(request->channels + n_channels); 9098 } 9099 request->n_match_sets = n_match_sets; 9100 9101 if (n_match_sets) 9102 request->scan_plans = (void *)(request->match_sets + 9103 n_match_sets); 9104 else if (request->ie) 9105 request->scan_plans = (void *)(request->ie + ie_len); 9106 else if (n_ssids) 9107 request->scan_plans = (void *)(request->ssids + n_ssids); 9108 else 9109 request->scan_plans = (void *)(request->channels + n_channels); 9110 9111 request->n_scan_plans = n_plans; 9112 9113 i = 0; 9114 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 9115 /* user specified, bail out if channel not found */ 9116 nla_for_each_nested(attr, 9117 attrs[NL80211_ATTR_SCAN_FREQUENCIES], 9118 tmp) { 9119 struct ieee80211_channel *chan; 9120 9121 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 9122 9123 if (!chan) { 9124 err = -EINVAL; 9125 goto out_free; 9126 } 9127 9128 /* ignore disabled channels */ 9129 if (chan->flags & IEEE80211_CHAN_DISABLED) 9130 continue; 9131 9132 request->channels[i] = chan; 9133 i++; 9134 } 9135 } else { 9136 /* all channels */ 9137 for (band = 0; band < NUM_NL80211_BANDS; band++) { 9138 int j; 9139 9140 if (!wiphy->bands[band]) 9141 continue; 9142 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 9143 struct ieee80211_channel *chan; 9144 9145 chan = &wiphy->bands[band]->channels[j]; 9146 9147 if (chan->flags & IEEE80211_CHAN_DISABLED) 9148 continue; 9149 9150 request->channels[i] = chan; 9151 i++; 9152 } 9153 } 9154 } 9155 9156 if (!i) { 9157 err = -EINVAL; 9158 goto out_free; 9159 } 9160 9161 request->n_channels = i; 9162 9163 i = 0; 9164 if (n_ssids) { 9165 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS], 9166 tmp) { 9167 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 9168 err = -EINVAL; 9169 goto out_free; 9170 } 9171 request->ssids[i].ssid_len = nla_len(attr); 9172 memcpy(request->ssids[i].ssid, nla_data(attr), 9173 nla_len(attr)); 9174 i++; 9175 } 9176 } 9177 9178 i = 0; 9179 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 9180 nla_for_each_nested(attr, 9181 attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 9182 tmp) { 9183 struct nlattr *ssid, *bssid, *rssi; 9184 9185 err = nla_parse_nested_deprecated(tb, 9186 NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 9187 attr, 9188 nl80211_match_policy, 9189 NULL); 9190 if (err) 9191 goto out_free; 9192 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]; 9193 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]; 9194 9195 if (!ssid && !bssid) { 9196 i++; 9197 continue; 9198 } 9199 9200 if (WARN_ON(i >= n_match_sets)) { 9201 /* this indicates a programming error, 9202 * the loop above should have verified 9203 * things properly 9204 */ 9205 err = -EINVAL; 9206 goto out_free; 9207 } 9208 9209 if (ssid) { 9210 memcpy(request->match_sets[i].ssid.ssid, 9211 nla_data(ssid), nla_len(ssid)); 9212 request->match_sets[i].ssid.ssid_len = 9213 nla_len(ssid); 9214 } 9215 if (bssid) 9216 memcpy(request->match_sets[i].bssid, 9217 nla_data(bssid), ETH_ALEN); 9218 9219 /* special attribute - old implementation w/a */ 9220 request->match_sets[i].rssi_thold = default_match_rssi; 9221 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 9222 if (rssi) 9223 request->match_sets[i].rssi_thold = 9224 nla_get_s32(rssi); 9225 9226 /* Parse per band RSSI attribute */ 9227 err = nl80211_parse_sched_scan_per_band_rssi(wiphy, 9228 &request->match_sets[i], 9229 tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI], 9230 request->match_sets[i].rssi_thold); 9231 if (err) 9232 goto out_free; 9233 9234 i++; 9235 } 9236 9237 /* there was no other matchset, so the RSSI one is alone */ 9238 if (i == 0 && n_match_sets) 9239 request->match_sets[0].rssi_thold = default_match_rssi; 9240 9241 request->min_rssi_thold = INT_MAX; 9242 for (i = 0; i < n_match_sets; i++) 9243 request->min_rssi_thold = 9244 min(request->match_sets[i].rssi_thold, 9245 request->min_rssi_thold); 9246 } else { 9247 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF; 9248 } 9249 9250 if (ie_len) { 9251 request->ie_len = ie_len; 9252 memcpy((void *)request->ie, 9253 nla_data(attrs[NL80211_ATTR_IE]), 9254 request->ie_len); 9255 } 9256 9257 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true); 9258 if (err) 9259 goto out_free; 9260 9261 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY]) 9262 request->delay = 9263 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]); 9264 9265 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) { 9266 request->relative_rssi = nla_get_s8( 9267 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]); 9268 request->relative_rssi_set = true; 9269 } 9270 9271 if (request->relative_rssi_set && 9272 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) { 9273 struct nl80211_bss_select_rssi_adjust *rssi_adjust; 9274 9275 rssi_adjust = nla_data( 9276 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]); 9277 request->rssi_adjust.band = rssi_adjust->band; 9278 request->rssi_adjust.delta = rssi_adjust->delta; 9279 if (!is_band_valid(wiphy, request->rssi_adjust.band)) { 9280 err = -EINVAL; 9281 goto out_free; 9282 } 9283 } 9284 9285 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs); 9286 if (err) 9287 goto out_free; 9288 9289 request->scan_start = jiffies; 9290 9291 return request; 9292 9293out_free: 9294 kfree(request); 9295 return ERR_PTR(err); 9296} 9297 9298static int nl80211_start_sched_scan(struct sk_buff *skb, 9299 struct genl_info *info) 9300{ 9301 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9302 struct net_device *dev = info->user_ptr[1]; 9303 struct wireless_dev *wdev = dev->ieee80211_ptr; 9304 struct cfg80211_sched_scan_request *sched_scan_req; 9305 bool want_multi; 9306 int err; 9307 9308 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start) 9309 return -EOPNOTSUPP; 9310 9311 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI]; 9312 err = cfg80211_sched_scan_req_possible(rdev, want_multi); 9313 if (err) 9314 return err; 9315 9316 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev, 9317 info->attrs, 9318 rdev->wiphy.max_match_sets); 9319 9320 err = PTR_ERR_OR_ZERO(sched_scan_req); 9321 if (err) 9322 goto out_err; 9323 9324 /* leave request id zero for legacy request 9325 * or if driver does not support multi-scheduled scan 9326 */ 9327 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) 9328 sched_scan_req->reqid = cfg80211_assign_cookie(rdev); 9329 9330 err = rdev_sched_scan_start(rdev, dev, sched_scan_req); 9331 if (err) 9332 goto out_free; 9333 9334 sched_scan_req->dev = dev; 9335 sched_scan_req->wiphy = &rdev->wiphy; 9336 9337 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 9338 sched_scan_req->owner_nlportid = info->snd_portid; 9339 9340 cfg80211_add_sched_scan_req(rdev, sched_scan_req); 9341 9342 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN); 9343 return 0; 9344 9345out_free: 9346 kfree(sched_scan_req); 9347out_err: 9348 return err; 9349} 9350 9351static int nl80211_stop_sched_scan(struct sk_buff *skb, 9352 struct genl_info *info) 9353{ 9354 struct cfg80211_sched_scan_request *req; 9355 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9356 u64 cookie; 9357 9358 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop) 9359 return -EOPNOTSUPP; 9360 9361 if (info->attrs[NL80211_ATTR_COOKIE]) { 9362 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 9363 return __cfg80211_stop_sched_scan(rdev, cookie, false); 9364 } 9365 9366 req = list_first_or_null_rcu(&rdev->sched_scan_req_list, 9367 struct cfg80211_sched_scan_request, 9368 list); 9369 if (!req || req->reqid || 9370 (req->owner_nlportid && 9371 req->owner_nlportid != info->snd_portid)) 9372 return -ENOENT; 9373 9374 return cfg80211_stop_sched_scan_req(rdev, req, false); 9375} 9376 9377static int nl80211_start_radar_detection(struct sk_buff *skb, 9378 struct genl_info *info) 9379{ 9380 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9381 struct net_device *dev = info->user_ptr[1]; 9382 struct wireless_dev *wdev = dev->ieee80211_ptr; 9383 struct wiphy *wiphy = wdev->wiphy; 9384 struct cfg80211_chan_def chandef; 9385 enum nl80211_dfs_regions dfs_region; 9386 unsigned int cac_time_ms; 9387 int err = -EINVAL; 9388 9389 flush_delayed_work(&rdev->dfs_update_channels_wk); 9390 9391 wiphy_lock(wiphy); 9392 9393 dfs_region = reg_get_dfs_region(wiphy); 9394 if (dfs_region == NL80211_DFS_UNSET) 9395 goto unlock; 9396 9397 err = nl80211_parse_chandef(rdev, info, &chandef); 9398 if (err) 9399 goto unlock; 9400 9401 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype); 9402 if (err < 0) 9403 goto unlock; 9404 9405 if (err == 0) { 9406 err = -EINVAL; 9407 goto unlock; 9408 } 9409 9410 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef)) { 9411 err = -EINVAL; 9412 goto unlock; 9413 } 9414 9415 if (nla_get_flag(info->attrs[NL80211_ATTR_RADAR_BACKGROUND])) { 9416 err = cfg80211_start_background_radar_detection(rdev, wdev, 9417 &chandef); 9418 goto unlock; 9419 } 9420 9421 if (netif_carrier_ok(dev)) { 9422 err = -EBUSY; 9423 goto unlock; 9424 } 9425 9426 if (wdev->cac_started) { 9427 err = -EBUSY; 9428 goto unlock; 9429 } 9430 9431 /* CAC start is offloaded to HW and can't be started manually */ 9432 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD)) { 9433 err = -EOPNOTSUPP; 9434 goto unlock; 9435 } 9436 9437 if (!rdev->ops->start_radar_detection) { 9438 err = -EOPNOTSUPP; 9439 goto unlock; 9440 } 9441 9442 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef); 9443 if (WARN_ON(!cac_time_ms)) 9444 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS; 9445 9446 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms); 9447 if (!err) { 9448 wdev->chandef = chandef; 9449 wdev->cac_started = true; 9450 wdev->cac_start_time = jiffies; 9451 wdev->cac_time_ms = cac_time_ms; 9452 } 9453unlock: 9454 wiphy_unlock(wiphy); 9455 9456 return err; 9457} 9458 9459static int nl80211_notify_radar_detection(struct sk_buff *skb, 9460 struct genl_info *info) 9461{ 9462 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9463 struct net_device *dev = info->user_ptr[1]; 9464 struct wireless_dev *wdev = dev->ieee80211_ptr; 9465 struct wiphy *wiphy = wdev->wiphy; 9466 struct cfg80211_chan_def chandef; 9467 enum nl80211_dfs_regions dfs_region; 9468 int err; 9469 9470 dfs_region = reg_get_dfs_region(wiphy); 9471 if (dfs_region == NL80211_DFS_UNSET) { 9472 GENL_SET_ERR_MSG(info, 9473 "DFS Region is not set. Unexpected Radar indication"); 9474 return -EINVAL; 9475 } 9476 9477 err = nl80211_parse_chandef(rdev, info, &chandef); 9478 if (err) { 9479 GENL_SET_ERR_MSG(info, "Unable to extract chandef info"); 9480 return err; 9481 } 9482 9483 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype); 9484 if (err < 0) { 9485 GENL_SET_ERR_MSG(info, "chandef is invalid"); 9486 return err; 9487 } 9488 9489 if (err == 0) { 9490 GENL_SET_ERR_MSG(info, 9491 "Unexpected Radar indication for chandef/iftype"); 9492 return -EINVAL; 9493 } 9494 9495 /* Do not process this notification if radar is already detected 9496 * by kernel on this channel, and return success. 9497 */ 9498 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE) 9499 return 0; 9500 9501 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE); 9502 9503 cfg80211_sched_dfs_chan_update(rdev); 9504 9505 rdev->radar_chandef = chandef; 9506 9507 /* Propagate this notification to other radios as well */ 9508 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk); 9509 9510 return 0; 9511} 9512 9513static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info) 9514{ 9515 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9516 struct net_device *dev = info->user_ptr[1]; 9517 struct wireless_dev *wdev = dev->ieee80211_ptr; 9518 struct cfg80211_csa_settings params; 9519 struct nlattr **csa_attrs = NULL; 9520 int err; 9521 bool need_new_beacon = false; 9522 bool need_handle_dfs_flag = true; 9523 int len, i; 9524 u32 cs_count; 9525 9526 if (!rdev->ops->channel_switch || 9527 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)) 9528 return -EOPNOTSUPP; 9529 9530 switch (dev->ieee80211_ptr->iftype) { 9531 case NL80211_IFTYPE_AP: 9532 case NL80211_IFTYPE_P2P_GO: 9533 need_new_beacon = true; 9534 /* For all modes except AP the handle_dfs flag needs to be 9535 * supplied to tell the kernel that userspace will handle radar 9536 * events when they happen. Otherwise a switch to a channel 9537 * requiring DFS will be rejected. 9538 */ 9539 need_handle_dfs_flag = false; 9540 9541 /* useless if AP is not running */ 9542 if (!wdev->beacon_interval) 9543 return -ENOTCONN; 9544 break; 9545 case NL80211_IFTYPE_ADHOC: 9546 if (!wdev->ssid_len) 9547 return -ENOTCONN; 9548 break; 9549 case NL80211_IFTYPE_MESH_POINT: 9550 if (!wdev->mesh_id_len) 9551 return -ENOTCONN; 9552 break; 9553 default: 9554 return -EOPNOTSUPP; 9555 } 9556 9557 memset(¶ms, 0, sizeof(params)); 9558 params.beacon_csa.ftm_responder = -1; 9559 9560 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 9561 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]) 9562 return -EINVAL; 9563 9564 /* only important for AP, IBSS and mesh create IEs internally */ 9565 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES]) 9566 return -EINVAL; 9567 9568 /* Even though the attribute is u32, the specification says 9569 * u8, so let's make sure we don't overflow. 9570 */ 9571 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]); 9572 if (cs_count > 255) 9573 return -EINVAL; 9574 9575 params.count = cs_count; 9576 9577 if (!need_new_beacon) 9578 goto skip_beacons; 9579 9580 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_after); 9581 if (err) 9582 goto free; 9583 9584 csa_attrs = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*csa_attrs), 9585 GFP_KERNEL); 9586 if (!csa_attrs) { 9587 err = -ENOMEM; 9588 goto free; 9589 } 9590 9591 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX, 9592 info->attrs[NL80211_ATTR_CSA_IES], 9593 nl80211_policy, info->extack); 9594 if (err) 9595 goto free; 9596 9597 err = nl80211_parse_beacon(rdev, csa_attrs, ¶ms.beacon_csa); 9598 if (err) 9599 goto free; 9600 9601 if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) { 9602 err = -EINVAL; 9603 goto free; 9604 } 9605 9606 len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]); 9607 if (!len || (len % sizeof(u16))) { 9608 err = -EINVAL; 9609 goto free; 9610 } 9611 9612 params.n_counter_offsets_beacon = len / sizeof(u16); 9613 if (rdev->wiphy.max_num_csa_counters && 9614 (params.n_counter_offsets_beacon > 9615 rdev->wiphy.max_num_csa_counters)) { 9616 err = -EINVAL; 9617 goto free; 9618 } 9619 9620 params.counter_offsets_beacon = 9621 nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]); 9622 9623 /* sanity checks - counters should fit and be the same */ 9624 for (i = 0; i < params.n_counter_offsets_beacon; i++) { 9625 u16 offset = params.counter_offsets_beacon[i]; 9626 9627 if (offset >= params.beacon_csa.tail_len) { 9628 err = -EINVAL; 9629 goto free; 9630 } 9631 9632 if (params.beacon_csa.tail[offset] != params.count) { 9633 err = -EINVAL; 9634 goto free; 9635 } 9636 } 9637 9638 if (csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]) { 9639 len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]); 9640 if (!len || (len % sizeof(u16))) { 9641 err = -EINVAL; 9642 goto free; 9643 } 9644 9645 params.n_counter_offsets_presp = len / sizeof(u16); 9646 if (rdev->wiphy.max_num_csa_counters && 9647 (params.n_counter_offsets_presp > 9648 rdev->wiphy.max_num_csa_counters)) { 9649 err = -EINVAL; 9650 goto free; 9651 } 9652 9653 params.counter_offsets_presp = 9654 nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]); 9655 9656 /* sanity checks - counters should fit and be the same */ 9657 for (i = 0; i < params.n_counter_offsets_presp; i++) { 9658 u16 offset = params.counter_offsets_presp[i]; 9659 9660 if (offset >= params.beacon_csa.probe_resp_len) { 9661 err = -EINVAL; 9662 goto free; 9663 } 9664 9665 if (params.beacon_csa.probe_resp[offset] != 9666 params.count) { 9667 err = -EINVAL; 9668 goto free; 9669 } 9670 } 9671 } 9672 9673skip_beacons: 9674 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef); 9675 if (err) 9676 goto free; 9677 9678 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef, 9679 wdev->iftype)) { 9680 err = -EINVAL; 9681 goto free; 9682 } 9683 9684 err = cfg80211_chandef_dfs_required(wdev->wiphy, 9685 ¶ms.chandef, 9686 wdev->iftype); 9687 if (err < 0) 9688 goto free; 9689 9690 if (err > 0) { 9691 params.radar_required = true; 9692 if (need_handle_dfs_flag && 9693 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) { 9694 err = -EINVAL; 9695 goto free; 9696 } 9697 } 9698 9699 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX]) 9700 params.block_tx = true; 9701 9702 wdev_lock(wdev); 9703 err = rdev_channel_switch(rdev, dev, ¶ms); 9704 wdev_unlock(wdev); 9705 9706free: 9707 kfree(params.beacon_after.mbssid_ies); 9708 kfree(params.beacon_csa.mbssid_ies); 9709 kfree(csa_attrs); 9710 return err; 9711} 9712 9713static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 9714 u32 seq, int flags, 9715 struct cfg80211_registered_device *rdev, 9716 struct wireless_dev *wdev, 9717 struct cfg80211_internal_bss *intbss) 9718{ 9719 struct cfg80211_bss *res = &intbss->pub; 9720 const struct cfg80211_bss_ies *ies; 9721 void *hdr; 9722 struct nlattr *bss; 9723 9724 ASSERT_WDEV_LOCK(wdev); 9725 9726 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 9727 NL80211_CMD_NEW_SCAN_RESULTS); 9728 if (!hdr) 9729 return -1; 9730 9731 genl_dump_check_consistent(cb, hdr); 9732 9733 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation)) 9734 goto nla_put_failure; 9735 if (wdev->netdev && 9736 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 9737 goto nla_put_failure; 9738 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 9739 NL80211_ATTR_PAD)) 9740 goto nla_put_failure; 9741 9742 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS); 9743 if (!bss) 9744 goto nla_put_failure; 9745 if ((!is_zero_ether_addr(res->bssid) && 9746 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid))) 9747 goto nla_put_failure; 9748 9749 rcu_read_lock(); 9750 /* indicate whether we have probe response data or not */ 9751 if (rcu_access_pointer(res->proberesp_ies) && 9752 nla_put_flag(msg, NL80211_BSS_PRESP_DATA)) 9753 goto fail_unlock_rcu; 9754 9755 /* this pointer prefers to be pointed to probe response data 9756 * but is always valid 9757 */ 9758 ies = rcu_dereference(res->ies); 9759 if (ies) { 9760 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf, 9761 NL80211_BSS_PAD)) 9762 goto fail_unlock_rcu; 9763 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS, 9764 ies->len, ies->data)) 9765 goto fail_unlock_rcu; 9766 } 9767 9768 /* and this pointer is always (unless driver didn't know) beacon data */ 9769 ies = rcu_dereference(res->beacon_ies); 9770 if (ies && ies->from_beacon) { 9771 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf, 9772 NL80211_BSS_PAD)) 9773 goto fail_unlock_rcu; 9774 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES, 9775 ies->len, ies->data)) 9776 goto fail_unlock_rcu; 9777 } 9778 rcu_read_unlock(); 9779 9780 if (res->beacon_interval && 9781 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval)) 9782 goto nla_put_failure; 9783 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) || 9784 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) || 9785 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET, 9786 res->channel->freq_offset) || 9787 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) || 9788 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO, 9789 jiffies_to_msecs(jiffies - intbss->ts))) 9790 goto nla_put_failure; 9791 9792 if (intbss->parent_tsf && 9793 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF, 9794 intbss->parent_tsf, NL80211_BSS_PAD) || 9795 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN, 9796 intbss->parent_bssid))) 9797 goto nla_put_failure; 9798 9799 if (intbss->ts_boottime && 9800 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME, 9801 intbss->ts_boottime, NL80211_BSS_PAD)) 9802 goto nla_put_failure; 9803 9804 if (!nl80211_put_signal(msg, intbss->pub.chains, 9805 intbss->pub.chain_signal, 9806 NL80211_BSS_CHAIN_SIGNAL)) 9807 goto nla_put_failure; 9808 9809 switch (rdev->wiphy.signal_type) { 9810 case CFG80211_SIGNAL_TYPE_MBM: 9811 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal)) 9812 goto nla_put_failure; 9813 break; 9814 case CFG80211_SIGNAL_TYPE_UNSPEC: 9815 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal)) 9816 goto nla_put_failure; 9817 break; 9818 default: 9819 break; 9820 } 9821 9822 switch (wdev->iftype) { 9823 case NL80211_IFTYPE_P2P_CLIENT: 9824 case NL80211_IFTYPE_STATION: 9825 if (intbss == wdev->current_bss && 9826 nla_put_u32(msg, NL80211_BSS_STATUS, 9827 NL80211_BSS_STATUS_ASSOCIATED)) 9828 goto nla_put_failure; 9829 break; 9830 case NL80211_IFTYPE_ADHOC: 9831 if (intbss == wdev->current_bss && 9832 nla_put_u32(msg, NL80211_BSS_STATUS, 9833 NL80211_BSS_STATUS_IBSS_JOINED)) 9834 goto nla_put_failure; 9835 break; 9836 default: 9837 break; 9838 } 9839 9840 nla_nest_end(msg, bss); 9841 9842 genlmsg_end(msg, hdr); 9843 return 0; 9844 9845 fail_unlock_rcu: 9846 rcu_read_unlock(); 9847 nla_put_failure: 9848 genlmsg_cancel(msg, hdr); 9849 return -EMSGSIZE; 9850} 9851 9852static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb) 9853{ 9854 struct cfg80211_registered_device *rdev; 9855 struct cfg80211_internal_bss *scan; 9856 struct wireless_dev *wdev; 9857 int start = cb->args[2], idx = 0; 9858 int err; 9859 9860 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL); 9861 if (err) 9862 return err; 9863 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 9864 __acquire(&rdev->wiphy.mtx); 9865 9866 wdev_lock(wdev); 9867 spin_lock_bh(&rdev->bss_lock); 9868 9869 /* 9870 * dump_scan will be called multiple times to break up the scan results 9871 * into multiple messages. It is unlikely that any more bss-es will be 9872 * expired after the first call, so only call only call this on the 9873 * first dump_scan invocation. 9874 */ 9875 if (start == 0) 9876 cfg80211_bss_expire(rdev); 9877 9878 cb->seq = rdev->bss_generation; 9879 9880 list_for_each_entry(scan, &rdev->bss_list, list) { 9881 if (++idx <= start) 9882 continue; 9883 if (nl80211_send_bss(skb, cb, 9884 cb->nlh->nlmsg_seq, NLM_F_MULTI, 9885 rdev, wdev, scan) < 0) { 9886 idx--; 9887 break; 9888 } 9889 } 9890 9891 spin_unlock_bh(&rdev->bss_lock); 9892 wdev_unlock(wdev); 9893 9894 cb->args[2] = idx; 9895 wiphy_unlock(&rdev->wiphy); 9896 9897 return skb->len; 9898} 9899 9900static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq, 9901 int flags, struct net_device *dev, 9902 bool allow_radio_stats, 9903 struct survey_info *survey) 9904{ 9905 void *hdr; 9906 struct nlattr *infoattr; 9907 9908 /* skip radio stats if userspace didn't request them */ 9909 if (!survey->channel && !allow_radio_stats) 9910 return 0; 9911 9912 hdr = nl80211hdr_put(msg, portid, seq, flags, 9913 NL80211_CMD_NEW_SURVEY_RESULTS); 9914 if (!hdr) 9915 return -ENOMEM; 9916 9917 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 9918 goto nla_put_failure; 9919 9920 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO); 9921 if (!infoattr) 9922 goto nla_put_failure; 9923 9924 if (survey->channel && 9925 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY, 9926 survey->channel->center_freq)) 9927 goto nla_put_failure; 9928 9929 if (survey->channel && survey->channel->freq_offset && 9930 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET, 9931 survey->channel->freq_offset)) 9932 goto nla_put_failure; 9933 9934 if ((survey->filled & SURVEY_INFO_NOISE_DBM) && 9935 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise)) 9936 goto nla_put_failure; 9937 if ((survey->filled & SURVEY_INFO_IN_USE) && 9938 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE)) 9939 goto nla_put_failure; 9940 if ((survey->filled & SURVEY_INFO_TIME) && 9941 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME, 9942 survey->time, NL80211_SURVEY_INFO_PAD)) 9943 goto nla_put_failure; 9944 if ((survey->filled & SURVEY_INFO_TIME_BUSY) && 9945 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY, 9946 survey->time_busy, NL80211_SURVEY_INFO_PAD)) 9947 goto nla_put_failure; 9948 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) && 9949 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY, 9950 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD)) 9951 goto nla_put_failure; 9952 if ((survey->filled & SURVEY_INFO_TIME_RX) && 9953 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX, 9954 survey->time_rx, NL80211_SURVEY_INFO_PAD)) 9955 goto nla_put_failure; 9956 if ((survey->filled & SURVEY_INFO_TIME_TX) && 9957 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX, 9958 survey->time_tx, NL80211_SURVEY_INFO_PAD)) 9959 goto nla_put_failure; 9960 if ((survey->filled & SURVEY_INFO_TIME_SCAN) && 9961 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN, 9962 survey->time_scan, NL80211_SURVEY_INFO_PAD)) 9963 goto nla_put_failure; 9964 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) && 9965 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX, 9966 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD)) 9967 goto nla_put_failure; 9968 9969 nla_nest_end(msg, infoattr); 9970 9971 genlmsg_end(msg, hdr); 9972 return 0; 9973 9974 nla_put_failure: 9975 genlmsg_cancel(msg, hdr); 9976 return -EMSGSIZE; 9977} 9978 9979static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb) 9980{ 9981 struct nlattr **attrbuf; 9982 struct survey_info survey; 9983 struct cfg80211_registered_device *rdev; 9984 struct wireless_dev *wdev; 9985 int survey_idx = cb->args[2]; 9986 int res; 9987 bool radio_stats; 9988 9989 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL); 9990 if (!attrbuf) 9991 return -ENOMEM; 9992 9993 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf); 9994 if (res) { 9995 kfree(attrbuf); 9996 return res; 9997 } 9998 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 9999 __acquire(&rdev->wiphy.mtx); 10000 10001 /* prepare_wdev_dump parsed the attributes */ 10002 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS]; 10003 10004 if (!wdev->netdev) { 10005 res = -EINVAL; 10006 goto out_err; 10007 } 10008 10009 if (!rdev->ops->dump_survey) { 10010 res = -EOPNOTSUPP; 10011 goto out_err; 10012 } 10013 10014 while (1) { 10015 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey); 10016 if (res == -ENOENT) 10017 break; 10018 if (res) 10019 goto out_err; 10020 10021 /* don't send disabled channels, but do send non-channel data */ 10022 if (survey.channel && 10023 survey.channel->flags & IEEE80211_CHAN_DISABLED) { 10024 survey_idx++; 10025 continue; 10026 } 10027 10028 if (nl80211_send_survey(skb, 10029 NETLINK_CB(cb->skb).portid, 10030 cb->nlh->nlmsg_seq, NLM_F_MULTI, 10031 wdev->netdev, radio_stats, &survey) < 0) 10032 goto out; 10033 survey_idx++; 10034 } 10035 10036 out: 10037 cb->args[2] = survey_idx; 10038 res = skb->len; 10039 out_err: 10040 kfree(attrbuf); 10041 wiphy_unlock(&rdev->wiphy); 10042 return res; 10043} 10044 10045static bool nl80211_valid_wpa_versions(u32 wpa_versions) 10046{ 10047 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 10048 NL80211_WPA_VERSION_2 | 10049 NL80211_WPA_VERSION_3)); 10050} 10051 10052static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 10053{ 10054 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10055 struct net_device *dev = info->user_ptr[1]; 10056 struct ieee80211_channel *chan; 10057 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL; 10058 int err, ssid_len, ie_len = 0, auth_data_len = 0; 10059 enum nl80211_auth_type auth_type; 10060 struct key_parse key; 10061 bool local_state_change; 10062 u32 freq; 10063 10064 if (!info->attrs[NL80211_ATTR_MAC]) 10065 return -EINVAL; 10066 10067 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 10068 return -EINVAL; 10069 10070 if (!info->attrs[NL80211_ATTR_SSID]) 10071 return -EINVAL; 10072 10073 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 10074 return -EINVAL; 10075 10076 err = nl80211_parse_key(info, &key); 10077 if (err) 10078 return err; 10079 10080 if (key.idx >= 0) { 10081 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 10082 return -EINVAL; 10083 if (!key.p.key || !key.p.key_len) 10084 return -EINVAL; 10085 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 10086 key.p.key_len != WLAN_KEY_LEN_WEP40) && 10087 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 10088 key.p.key_len != WLAN_KEY_LEN_WEP104)) 10089 return -EINVAL; 10090 if (key.idx > 3) 10091 return -EINVAL; 10092 } else { 10093 key.p.key_len = 0; 10094 key.p.key = NULL; 10095 } 10096 10097 if (key.idx >= 0) { 10098 int i; 10099 bool ok = false; 10100 10101 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 10102 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 10103 ok = true; 10104 break; 10105 } 10106 } 10107 if (!ok) 10108 return -EINVAL; 10109 } 10110 10111 if (!rdev->ops->auth) 10112 return -EOPNOTSUPP; 10113 10114 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 10115 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 10116 return -EOPNOTSUPP; 10117 10118 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 10119 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 10120 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]) 10121 freq += 10122 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]); 10123 10124 chan = nl80211_get_valid_chan(&rdev->wiphy, freq); 10125 if (!chan) 10126 return -EINVAL; 10127 10128 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 10129 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 10130 10131 if (info->attrs[NL80211_ATTR_IE]) { 10132 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 10133 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 10134 } 10135 10136 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 10137 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE)) 10138 return -EINVAL; 10139 10140 if ((auth_type == NL80211_AUTHTYPE_SAE || 10141 auth_type == NL80211_AUTHTYPE_FILS_SK || 10142 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 10143 auth_type == NL80211_AUTHTYPE_FILS_PK) && 10144 !info->attrs[NL80211_ATTR_AUTH_DATA]) 10145 return -EINVAL; 10146 10147 if (info->attrs[NL80211_ATTR_AUTH_DATA]) { 10148 if (auth_type != NL80211_AUTHTYPE_SAE && 10149 auth_type != NL80211_AUTHTYPE_FILS_SK && 10150 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS && 10151 auth_type != NL80211_AUTHTYPE_FILS_PK) 10152 return -EINVAL; 10153 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]); 10154 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]); 10155 } 10156 10157 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 10158 10159 /* 10160 * Since we no longer track auth state, ignore 10161 * requests to only change local state. 10162 */ 10163 if (local_state_change) 10164 return 0; 10165 10166 wdev_lock(dev->ieee80211_ptr); 10167 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 10168 ssid, ssid_len, ie, ie_len, 10169 key.p.key, key.p.key_len, key.idx, 10170 auth_data, auth_data_len); 10171 wdev_unlock(dev->ieee80211_ptr); 10172 return err; 10173} 10174 10175static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev, 10176 struct genl_info *info) 10177{ 10178 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 10179 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set"); 10180 return -EINVAL; 10181 } 10182 10183 if (!rdev->ops->tx_control_port || 10184 !wiphy_ext_feature_isset(&rdev->wiphy, 10185 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) 10186 return -EOPNOTSUPP; 10187 10188 return 0; 10189} 10190 10191static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 10192 struct genl_info *info, 10193 struct cfg80211_crypto_settings *settings, 10194 int cipher_limit) 10195{ 10196 memset(settings, 0, sizeof(*settings)); 10197 10198 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 10199 10200 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 10201 u16 proto; 10202 10203 proto = nla_get_u16( 10204 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 10205 settings->control_port_ethertype = cpu_to_be16(proto); 10206 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 10207 proto != ETH_P_PAE) 10208 return -EINVAL; 10209 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 10210 settings->control_port_no_encrypt = true; 10211 } else 10212 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 10213 10214 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { 10215 int r = validate_pae_over_nl80211(rdev, info); 10216 10217 if (r < 0) 10218 return r; 10219 10220 settings->control_port_over_nl80211 = true; 10221 10222 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH]) 10223 settings->control_port_no_preauth = true; 10224 } 10225 10226 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 10227 void *data; 10228 int len, i; 10229 10230 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 10231 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 10232 settings->n_ciphers_pairwise = len / sizeof(u32); 10233 10234 if (len % sizeof(u32)) 10235 return -EINVAL; 10236 10237 if (settings->n_ciphers_pairwise > cipher_limit) 10238 return -EINVAL; 10239 10240 memcpy(settings->ciphers_pairwise, data, len); 10241 10242 for (i = 0; i < settings->n_ciphers_pairwise; i++) 10243 if (!cfg80211_supported_cipher_suite( 10244 &rdev->wiphy, 10245 settings->ciphers_pairwise[i])) 10246 return -EINVAL; 10247 } 10248 10249 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 10250 settings->cipher_group = 10251 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 10252 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 10253 settings->cipher_group)) 10254 return -EINVAL; 10255 } 10256 10257 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 10258 settings->wpa_versions = 10259 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 10260 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 10261 return -EINVAL; 10262 } 10263 10264 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 10265 void *data; 10266 int len; 10267 10268 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 10269 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 10270 settings->n_akm_suites = len / sizeof(u32); 10271 10272 if (len % sizeof(u32)) 10273 return -EINVAL; 10274 10275 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) 10276 return -EINVAL; 10277 10278 memcpy(settings->akm_suites, data, len); 10279 } 10280 10281 if (info->attrs[NL80211_ATTR_PMK]) { 10282 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN) 10283 return -EINVAL; 10284 if (!wiphy_ext_feature_isset(&rdev->wiphy, 10285 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) && 10286 !wiphy_ext_feature_isset(&rdev->wiphy, 10287 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK)) 10288 return -EINVAL; 10289 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]); 10290 } 10291 10292 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) { 10293 if (!wiphy_ext_feature_isset(&rdev->wiphy, 10294 NL80211_EXT_FEATURE_SAE_OFFLOAD) && 10295 !wiphy_ext_feature_isset(&rdev->wiphy, 10296 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP)) 10297 return -EINVAL; 10298 settings->sae_pwd = 10299 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]); 10300 settings->sae_pwd_len = 10301 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]); 10302 } 10303 10304 if (info->attrs[NL80211_ATTR_SAE_PWE]) 10305 settings->sae_pwe = 10306 nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]); 10307 else 10308 settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED; 10309 10310 return 0; 10311} 10312 10313static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 10314{ 10315 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10316 struct net_device *dev = info->user_ptr[1]; 10317 struct ieee80211_channel *chan; 10318 struct cfg80211_assoc_request req = {}; 10319 const u8 *bssid, *ssid; 10320 int err, ssid_len = 0; 10321 u32 freq; 10322 10323 if (dev->ieee80211_ptr->conn_owner_nlportid && 10324 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 10325 return -EPERM; 10326 10327 if (!info->attrs[NL80211_ATTR_MAC] || 10328 !info->attrs[NL80211_ATTR_SSID] || 10329 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 10330 return -EINVAL; 10331 10332 if (!rdev->ops->assoc) 10333 return -EOPNOTSUPP; 10334 10335 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 10336 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 10337 return -EOPNOTSUPP; 10338 10339 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 10340 10341 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 10342 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]) 10343 freq += 10344 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]); 10345 chan = nl80211_get_valid_chan(&rdev->wiphy, freq); 10346 if (!chan) 10347 return -EINVAL; 10348 10349 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 10350 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 10351 10352 if (info->attrs[NL80211_ATTR_IE]) { 10353 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 10354 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 10355 } 10356 10357 if (info->attrs[NL80211_ATTR_USE_MFP]) { 10358 enum nl80211_mfp mfp = 10359 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 10360 if (mfp == NL80211_MFP_REQUIRED) 10361 req.use_mfp = true; 10362 else if (mfp != NL80211_MFP_NO) 10363 return -EINVAL; 10364 } 10365 10366 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 10367 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 10368 10369 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 10370 req.flags |= ASSOC_REQ_DISABLE_HT; 10371 10372 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 10373 memcpy(&req.ht_capa_mask, 10374 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 10375 sizeof(req.ht_capa_mask)); 10376 10377 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 10378 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 10379 return -EINVAL; 10380 memcpy(&req.ht_capa, 10381 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 10382 sizeof(req.ht_capa)); 10383 } 10384 10385 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT])) 10386 req.flags |= ASSOC_REQ_DISABLE_VHT; 10387 10388 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE])) 10389 req.flags |= ASSOC_REQ_DISABLE_HE; 10390 10391 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT])) 10392 req.flags |= ASSOC_REQ_DISABLE_EHT; 10393 10394 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 10395 memcpy(&req.vht_capa_mask, 10396 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]), 10397 sizeof(req.vht_capa_mask)); 10398 10399 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) { 10400 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 10401 return -EINVAL; 10402 memcpy(&req.vht_capa, 10403 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]), 10404 sizeof(req.vht_capa)); 10405 } 10406 10407 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) { 10408 if (!((rdev->wiphy.features & 10409 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) && 10410 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) && 10411 !wiphy_ext_feature_isset(&rdev->wiphy, 10412 NL80211_EXT_FEATURE_RRM)) 10413 return -EINVAL; 10414 req.flags |= ASSOC_REQ_USE_RRM; 10415 } 10416 10417 if (info->attrs[NL80211_ATTR_FILS_KEK]) { 10418 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]); 10419 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]); 10420 if (!info->attrs[NL80211_ATTR_FILS_NONCES]) 10421 return -EINVAL; 10422 req.fils_nonces = 10423 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]); 10424 } 10425 10426 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) { 10427 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY]) 10428 return -EINVAL; 10429 memcpy(&req.s1g_capa_mask, 10430 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]), 10431 sizeof(req.s1g_capa_mask)); 10432 } 10433 10434 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) { 10435 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) 10436 return -EINVAL; 10437 memcpy(&req.s1g_capa, 10438 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]), 10439 sizeof(req.s1g_capa)); 10440 } 10441 10442 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1); 10443 if (!err) { 10444 wdev_lock(dev->ieee80211_ptr); 10445 10446 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, 10447 ssid, ssid_len, &req); 10448 10449 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 10450 dev->ieee80211_ptr->conn_owner_nlportid = 10451 info->snd_portid; 10452 memcpy(dev->ieee80211_ptr->disconnect_bssid, 10453 bssid, ETH_ALEN); 10454 } 10455 10456 wdev_unlock(dev->ieee80211_ptr); 10457 } 10458 10459 return err; 10460} 10461 10462static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 10463{ 10464 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10465 struct net_device *dev = info->user_ptr[1]; 10466 const u8 *ie = NULL, *bssid; 10467 int ie_len = 0, err; 10468 u16 reason_code; 10469 bool local_state_change; 10470 10471 if (dev->ieee80211_ptr->conn_owner_nlportid && 10472 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 10473 return -EPERM; 10474 10475 if (!info->attrs[NL80211_ATTR_MAC]) 10476 return -EINVAL; 10477 10478 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 10479 return -EINVAL; 10480 10481 if (!rdev->ops->deauth) 10482 return -EOPNOTSUPP; 10483 10484 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 10485 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 10486 return -EOPNOTSUPP; 10487 10488 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 10489 10490 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 10491 if (reason_code == 0) { 10492 /* Reason Code 0 is reserved */ 10493 return -EINVAL; 10494 } 10495 10496 if (info->attrs[NL80211_ATTR_IE]) { 10497 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 10498 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 10499 } 10500 10501 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 10502 10503 wdev_lock(dev->ieee80211_ptr); 10504 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 10505 local_state_change); 10506 wdev_unlock(dev->ieee80211_ptr); 10507 return err; 10508} 10509 10510static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 10511{ 10512 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10513 struct net_device *dev = info->user_ptr[1]; 10514 const u8 *ie = NULL, *bssid; 10515 int ie_len = 0, err; 10516 u16 reason_code; 10517 bool local_state_change; 10518 10519 if (dev->ieee80211_ptr->conn_owner_nlportid && 10520 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 10521 return -EPERM; 10522 10523 if (!info->attrs[NL80211_ATTR_MAC]) 10524 return -EINVAL; 10525 10526 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 10527 return -EINVAL; 10528 10529 if (!rdev->ops->disassoc) 10530 return -EOPNOTSUPP; 10531 10532 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 10533 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 10534 return -EOPNOTSUPP; 10535 10536 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 10537 10538 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 10539 if (reason_code == 0) { 10540 /* Reason Code 0 is reserved */ 10541 return -EINVAL; 10542 } 10543 10544 if (info->attrs[NL80211_ATTR_IE]) { 10545 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 10546 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 10547 } 10548 10549 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 10550 10551 wdev_lock(dev->ieee80211_ptr); 10552 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 10553 local_state_change); 10554 wdev_unlock(dev->ieee80211_ptr); 10555 return err; 10556} 10557 10558static bool 10559nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 10560 int mcast_rate[NUM_NL80211_BANDS], 10561 int rateval) 10562{ 10563 struct wiphy *wiphy = &rdev->wiphy; 10564 bool found = false; 10565 int band, i; 10566 10567 for (band = 0; band < NUM_NL80211_BANDS; band++) { 10568 struct ieee80211_supported_band *sband; 10569 10570 sband = wiphy->bands[band]; 10571 if (!sband) 10572 continue; 10573 10574 for (i = 0; i < sband->n_bitrates; i++) { 10575 if (sband->bitrates[i].bitrate == rateval) { 10576 mcast_rate[band] = i + 1; 10577 found = true; 10578 break; 10579 } 10580 } 10581 } 10582 10583 return found; 10584} 10585 10586static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 10587{ 10588 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10589 struct net_device *dev = info->user_ptr[1]; 10590 struct cfg80211_ibss_params ibss; 10591 struct wiphy *wiphy; 10592 struct cfg80211_cached_keys *connkeys = NULL; 10593 int err; 10594 10595 memset(&ibss, 0, sizeof(ibss)); 10596 10597 if (!info->attrs[NL80211_ATTR_SSID] || 10598 !nla_len(info->attrs[NL80211_ATTR_SSID])) 10599 return -EINVAL; 10600 10601 ibss.beacon_interval = 100; 10602 10603 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) 10604 ibss.beacon_interval = 10605 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 10606 10607 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC, 10608 ibss.beacon_interval); 10609 if (err) 10610 return err; 10611 10612 if (!rdev->ops->join_ibss) 10613 return -EOPNOTSUPP; 10614 10615 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 10616 return -EOPNOTSUPP; 10617 10618 wiphy = &rdev->wiphy; 10619 10620 if (info->attrs[NL80211_ATTR_MAC]) { 10621 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 10622 10623 if (!is_valid_ether_addr(ibss.bssid)) 10624 return -EINVAL; 10625 } 10626 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 10627 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 10628 10629 if (info->attrs[NL80211_ATTR_IE]) { 10630 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 10631 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 10632 } 10633 10634 err = nl80211_parse_chandef(rdev, info, &ibss.chandef); 10635 if (err) 10636 return err; 10637 10638 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef, 10639 NL80211_IFTYPE_ADHOC)) 10640 return -EINVAL; 10641 10642 switch (ibss.chandef.width) { 10643 case NL80211_CHAN_WIDTH_5: 10644 case NL80211_CHAN_WIDTH_10: 10645 case NL80211_CHAN_WIDTH_20_NOHT: 10646 break; 10647 case NL80211_CHAN_WIDTH_20: 10648 case NL80211_CHAN_WIDTH_40: 10649 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)) 10650 return -EINVAL; 10651 break; 10652 case NL80211_CHAN_WIDTH_80: 10653 case NL80211_CHAN_WIDTH_80P80: 10654 case NL80211_CHAN_WIDTH_160: 10655 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)) 10656 return -EINVAL; 10657 if (!wiphy_ext_feature_isset(&rdev->wiphy, 10658 NL80211_EXT_FEATURE_VHT_IBSS)) 10659 return -EINVAL; 10660 break; 10661 case NL80211_CHAN_WIDTH_320: 10662 return -EINVAL; 10663 default: 10664 return -EINVAL; 10665 } 10666 10667 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 10668 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 10669 10670 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 10671 u8 *rates = 10672 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 10673 int n_rates = 10674 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 10675 struct ieee80211_supported_band *sband = 10676 wiphy->bands[ibss.chandef.chan->band]; 10677 10678 err = ieee80211_get_ratemask(sband, rates, n_rates, 10679 &ibss.basic_rates); 10680 if (err) 10681 return err; 10682 } 10683 10684 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 10685 memcpy(&ibss.ht_capa_mask, 10686 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 10687 sizeof(ibss.ht_capa_mask)); 10688 10689 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 10690 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 10691 return -EINVAL; 10692 memcpy(&ibss.ht_capa, 10693 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 10694 sizeof(ibss.ht_capa)); 10695 } 10696 10697 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 10698 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 10699 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 10700 return -EINVAL; 10701 10702 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 10703 bool no_ht = false; 10704 10705 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht); 10706 if (IS_ERR(connkeys)) 10707 return PTR_ERR(connkeys); 10708 10709 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) && 10710 no_ht) { 10711 kfree_sensitive(connkeys); 10712 return -EINVAL; 10713 } 10714 } 10715 10716 ibss.control_port = 10717 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 10718 10719 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { 10720 int r = validate_pae_over_nl80211(rdev, info); 10721 10722 if (r < 0) { 10723 kfree_sensitive(connkeys); 10724 return r; 10725 } 10726 10727 ibss.control_port_over_nl80211 = true; 10728 } 10729 10730 ibss.userspace_handles_dfs = 10731 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); 10732 10733 wdev_lock(dev->ieee80211_ptr); 10734 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 10735 if (err) 10736 kfree_sensitive(connkeys); 10737 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 10738 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; 10739 wdev_unlock(dev->ieee80211_ptr); 10740 10741 return err; 10742} 10743 10744static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 10745{ 10746 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10747 struct net_device *dev = info->user_ptr[1]; 10748 10749 if (!rdev->ops->leave_ibss) 10750 return -EOPNOTSUPP; 10751 10752 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 10753 return -EOPNOTSUPP; 10754 10755 return cfg80211_leave_ibss(rdev, dev, false); 10756} 10757 10758static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info) 10759{ 10760 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10761 struct net_device *dev = info->user_ptr[1]; 10762 int mcast_rate[NUM_NL80211_BANDS]; 10763 u32 nla_rate; 10764 int err; 10765 10766 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 10767 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 10768 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB) 10769 return -EOPNOTSUPP; 10770 10771 if (!rdev->ops->set_mcast_rate) 10772 return -EOPNOTSUPP; 10773 10774 memset(mcast_rate, 0, sizeof(mcast_rate)); 10775 10776 if (!info->attrs[NL80211_ATTR_MCAST_RATE]) 10777 return -EINVAL; 10778 10779 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]); 10780 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate)) 10781 return -EINVAL; 10782 10783 err = rdev_set_mcast_rate(rdev, dev, mcast_rate); 10784 10785 return err; 10786} 10787 10788static struct sk_buff * 10789__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev, 10790 struct wireless_dev *wdev, int approxlen, 10791 u32 portid, u32 seq, enum nl80211_commands cmd, 10792 enum nl80211_attrs attr, 10793 const struct nl80211_vendor_cmd_info *info, 10794 gfp_t gfp) 10795{ 10796 struct sk_buff *skb; 10797 void *hdr; 10798 struct nlattr *data; 10799 10800 skb = nlmsg_new(approxlen + 100, gfp); 10801 if (!skb) 10802 return NULL; 10803 10804 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd); 10805 if (!hdr) { 10806 kfree_skb(skb); 10807 return NULL; 10808 } 10809 10810 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 10811 goto nla_put_failure; 10812 10813 if (info) { 10814 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID, 10815 info->vendor_id)) 10816 goto nla_put_failure; 10817 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD, 10818 info->subcmd)) 10819 goto nla_put_failure; 10820 } 10821 10822 if (wdev) { 10823 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV, 10824 wdev_id(wdev), NL80211_ATTR_PAD)) 10825 goto nla_put_failure; 10826 if (wdev->netdev && 10827 nla_put_u32(skb, NL80211_ATTR_IFINDEX, 10828 wdev->netdev->ifindex)) 10829 goto nla_put_failure; 10830 } 10831 10832 data = nla_nest_start_noflag(skb, attr); 10833 if (!data) 10834 goto nla_put_failure; 10835 10836 ((void **)skb->cb)[0] = rdev; 10837 ((void **)skb->cb)[1] = hdr; 10838 ((void **)skb->cb)[2] = data; 10839 10840 return skb; 10841 10842 nla_put_failure: 10843 kfree_skb(skb); 10844 return NULL; 10845} 10846 10847struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy, 10848 struct wireless_dev *wdev, 10849 enum nl80211_commands cmd, 10850 enum nl80211_attrs attr, 10851 unsigned int portid, 10852 int vendor_event_idx, 10853 int approxlen, gfp_t gfp) 10854{ 10855 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 10856 const struct nl80211_vendor_cmd_info *info; 10857 10858 switch (cmd) { 10859 case NL80211_CMD_TESTMODE: 10860 if (WARN_ON(vendor_event_idx != -1)) 10861 return NULL; 10862 info = NULL; 10863 break; 10864 case NL80211_CMD_VENDOR: 10865 if (WARN_ON(vendor_event_idx < 0 || 10866 vendor_event_idx >= wiphy->n_vendor_events)) 10867 return NULL; 10868 info = &wiphy->vendor_events[vendor_event_idx]; 10869 break; 10870 default: 10871 WARN_ON(1); 10872 return NULL; 10873 } 10874 10875 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0, 10876 cmd, attr, info, gfp); 10877} 10878EXPORT_SYMBOL(__cfg80211_alloc_event_skb); 10879 10880void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp) 10881{ 10882 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 10883 void *hdr = ((void **)skb->cb)[1]; 10884 struct nlmsghdr *nlhdr = nlmsg_hdr(skb); 10885 struct nlattr *data = ((void **)skb->cb)[2]; 10886 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE; 10887 10888 /* clear CB data for netlink core to own from now on */ 10889 memset(skb->cb, 0, sizeof(skb->cb)); 10890 10891 nla_nest_end(skb, data); 10892 genlmsg_end(skb, hdr); 10893 10894 if (nlhdr->nlmsg_pid) { 10895 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb, 10896 nlhdr->nlmsg_pid); 10897 } else { 10898 if (data->nla_type == NL80211_ATTR_VENDOR_DATA) 10899 mcgrp = NL80211_MCGRP_VENDOR; 10900 10901 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 10902 skb, 0, mcgrp, gfp); 10903 } 10904} 10905EXPORT_SYMBOL(__cfg80211_send_event_skb); 10906 10907#ifdef CONFIG_NL80211_TESTMODE 10908static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 10909{ 10910 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10911 struct wireless_dev *wdev; 10912 int err; 10913 10914 lockdep_assert_held(&rdev->wiphy.mtx); 10915 10916 wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info), 10917 info->attrs); 10918 10919 if (!rdev->ops->testmode_cmd) 10920 return -EOPNOTSUPP; 10921 10922 if (IS_ERR(wdev)) { 10923 err = PTR_ERR(wdev); 10924 if (err != -EINVAL) 10925 return err; 10926 wdev = NULL; 10927 } else if (wdev->wiphy != &rdev->wiphy) { 10928 return -EINVAL; 10929 } 10930 10931 if (!info->attrs[NL80211_ATTR_TESTDATA]) 10932 return -EINVAL; 10933 10934 rdev->cur_cmd_info = info; 10935 err = rdev_testmode_cmd(rdev, wdev, 10936 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 10937 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 10938 rdev->cur_cmd_info = NULL; 10939 10940 return err; 10941} 10942 10943static int nl80211_testmode_dump(struct sk_buff *skb, 10944 struct netlink_callback *cb) 10945{ 10946 struct cfg80211_registered_device *rdev; 10947 struct nlattr **attrbuf = NULL; 10948 int err; 10949 long phy_idx; 10950 void *data = NULL; 10951 int data_len = 0; 10952 10953 rtnl_lock(); 10954 10955 if (cb->args[0]) { 10956 /* 10957 * 0 is a valid index, but not valid for args[0], 10958 * so we need to offset by 1. 10959 */ 10960 phy_idx = cb->args[0] - 1; 10961 10962 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 10963 if (!rdev) { 10964 err = -ENOENT; 10965 goto out_err; 10966 } 10967 } else { 10968 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), 10969 GFP_KERNEL); 10970 if (!attrbuf) { 10971 err = -ENOMEM; 10972 goto out_err; 10973 } 10974 10975 err = nlmsg_parse_deprecated(cb->nlh, 10976 GENL_HDRLEN + nl80211_fam.hdrsize, 10977 attrbuf, nl80211_fam.maxattr, 10978 nl80211_policy, NULL); 10979 if (err) 10980 goto out_err; 10981 10982 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf); 10983 if (IS_ERR(rdev)) { 10984 err = PTR_ERR(rdev); 10985 goto out_err; 10986 } 10987 phy_idx = rdev->wiphy_idx; 10988 10989 if (attrbuf[NL80211_ATTR_TESTDATA]) 10990 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA]; 10991 } 10992 10993 if (cb->args[1]) { 10994 data = nla_data((void *)cb->args[1]); 10995 data_len = nla_len((void *)cb->args[1]); 10996 } 10997 10998 if (!rdev->ops->testmode_dump) { 10999 err = -EOPNOTSUPP; 11000 goto out_err; 11001 } 11002 11003 while (1) { 11004 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 11005 cb->nlh->nlmsg_seq, NLM_F_MULTI, 11006 NL80211_CMD_TESTMODE); 11007 struct nlattr *tmdata; 11008 11009 if (!hdr) 11010 break; 11011 11012 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 11013 genlmsg_cancel(skb, hdr); 11014 break; 11015 } 11016 11017 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA); 11018 if (!tmdata) { 11019 genlmsg_cancel(skb, hdr); 11020 break; 11021 } 11022 err = rdev_testmode_dump(rdev, skb, cb, data, data_len); 11023 nla_nest_end(skb, tmdata); 11024 11025 if (err == -ENOBUFS || err == -ENOENT) { 11026 genlmsg_cancel(skb, hdr); 11027 break; 11028 } else if (err) { 11029 genlmsg_cancel(skb, hdr); 11030 goto out_err; 11031 } 11032 11033 genlmsg_end(skb, hdr); 11034 } 11035 11036 err = skb->len; 11037 /* see above */ 11038 cb->args[0] = phy_idx + 1; 11039 out_err: 11040 kfree(attrbuf); 11041 rtnl_unlock(); 11042 return err; 11043} 11044#endif 11045 11046static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 11047{ 11048 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11049 struct net_device *dev = info->user_ptr[1]; 11050 struct cfg80211_connect_params connect; 11051 struct wiphy *wiphy; 11052 struct cfg80211_cached_keys *connkeys = NULL; 11053 u32 freq = 0; 11054 int err; 11055 11056 memset(&connect, 0, sizeof(connect)); 11057 11058 if (!info->attrs[NL80211_ATTR_SSID] || 11059 !nla_len(info->attrs[NL80211_ATTR_SSID])) 11060 return -EINVAL; 11061 11062 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 11063 connect.auth_type = 11064 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 11065 if (!nl80211_valid_auth_type(rdev, connect.auth_type, 11066 NL80211_CMD_CONNECT)) 11067 return -EINVAL; 11068 } else 11069 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 11070 11071 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 11072 11073 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] && 11074 !wiphy_ext_feature_isset(&rdev->wiphy, 11075 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) 11076 return -EINVAL; 11077 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS]; 11078 11079 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 11080 NL80211_MAX_NR_CIPHER_SUITES); 11081 if (err) 11082 return err; 11083 11084 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 11085 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 11086 return -EOPNOTSUPP; 11087 11088 wiphy = &rdev->wiphy; 11089 11090 connect.bg_scan_period = -1; 11091 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 11092 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 11093 connect.bg_scan_period = 11094 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 11095 } 11096 11097 if (info->attrs[NL80211_ATTR_MAC]) 11098 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 11099 else if (info->attrs[NL80211_ATTR_MAC_HINT]) 11100 connect.bssid_hint = 11101 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]); 11102 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 11103 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 11104 11105 if (info->attrs[NL80211_ATTR_IE]) { 11106 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 11107 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 11108 } 11109 11110 if (info->attrs[NL80211_ATTR_USE_MFP]) { 11111 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 11112 if (connect.mfp == NL80211_MFP_OPTIONAL && 11113 !wiphy_ext_feature_isset(&rdev->wiphy, 11114 NL80211_EXT_FEATURE_MFP_OPTIONAL)) 11115 return -EOPNOTSUPP; 11116 } else { 11117 connect.mfp = NL80211_MFP_NO; 11118 } 11119 11120 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 11121 connect.prev_bssid = 11122 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 11123 11124 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) 11125 freq = MHZ_TO_KHZ(nla_get_u32( 11126 info->attrs[NL80211_ATTR_WIPHY_FREQ])); 11127 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]) 11128 freq += 11129 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]); 11130 11131 if (freq) { 11132 connect.channel = nl80211_get_valid_chan(wiphy, freq); 11133 if (!connect.channel) 11134 return -EINVAL; 11135 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) { 11136 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]); 11137 freq = MHZ_TO_KHZ(freq); 11138 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq); 11139 if (!connect.channel_hint) 11140 return -EINVAL; 11141 } 11142 11143 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) { 11144 connect.edmg.channels = 11145 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]); 11146 11147 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]) 11148 connect.edmg.bw_config = 11149 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]); 11150 } 11151 11152 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 11153 connkeys = nl80211_parse_connkeys(rdev, info, NULL); 11154 if (IS_ERR(connkeys)) 11155 return PTR_ERR(connkeys); 11156 } 11157 11158 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 11159 connect.flags |= ASSOC_REQ_DISABLE_HT; 11160 11161 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 11162 memcpy(&connect.ht_capa_mask, 11163 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 11164 sizeof(connect.ht_capa_mask)); 11165 11166 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 11167 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) { 11168 kfree_sensitive(connkeys); 11169 return -EINVAL; 11170 } 11171 memcpy(&connect.ht_capa, 11172 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 11173 sizeof(connect.ht_capa)); 11174 } 11175 11176 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT])) 11177 connect.flags |= ASSOC_REQ_DISABLE_VHT; 11178 11179 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE])) 11180 connect.flags |= ASSOC_REQ_DISABLE_HE; 11181 11182 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT])) 11183 connect.flags |= ASSOC_REQ_DISABLE_EHT; 11184 11185 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 11186 memcpy(&connect.vht_capa_mask, 11187 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]), 11188 sizeof(connect.vht_capa_mask)); 11189 11190 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) { 11191 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) { 11192 kfree_sensitive(connkeys); 11193 return -EINVAL; 11194 } 11195 memcpy(&connect.vht_capa, 11196 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]), 11197 sizeof(connect.vht_capa)); 11198 } 11199 11200 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) { 11201 if (!((rdev->wiphy.features & 11202 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) && 11203 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) && 11204 !wiphy_ext_feature_isset(&rdev->wiphy, 11205 NL80211_EXT_FEATURE_RRM)) { 11206 kfree_sensitive(connkeys); 11207 return -EINVAL; 11208 } 11209 connect.flags |= ASSOC_REQ_USE_RRM; 11210 } 11211 11212 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]); 11213 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) { 11214 kfree_sensitive(connkeys); 11215 return -EOPNOTSUPP; 11216 } 11217 11218 if (info->attrs[NL80211_ATTR_BSS_SELECT]) { 11219 /* bss selection makes no sense if bssid is set */ 11220 if (connect.bssid) { 11221 kfree_sensitive(connkeys); 11222 return -EINVAL; 11223 } 11224 11225 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT], 11226 wiphy, &connect.bss_select); 11227 if (err) { 11228 kfree_sensitive(connkeys); 11229 return err; 11230 } 11231 } 11232 11233 if (wiphy_ext_feature_isset(&rdev->wiphy, 11234 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) && 11235 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] && 11236 info->attrs[NL80211_ATTR_FILS_ERP_REALM] && 11237 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] && 11238 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 11239 connect.fils_erp_username = 11240 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 11241 connect.fils_erp_username_len = 11242 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 11243 connect.fils_erp_realm = 11244 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 11245 connect.fils_erp_realm_len = 11246 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 11247 connect.fils_erp_next_seq_num = 11248 nla_get_u16( 11249 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]); 11250 connect.fils_erp_rrk = 11251 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 11252 connect.fils_erp_rrk_len = 11253 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 11254 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] || 11255 info->attrs[NL80211_ATTR_FILS_ERP_REALM] || 11256 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] || 11257 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 11258 kfree_sensitive(connkeys); 11259 return -EINVAL; 11260 } 11261 11262 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) { 11263 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 11264 kfree_sensitive(connkeys); 11265 GENL_SET_ERR_MSG(info, 11266 "external auth requires connection ownership"); 11267 return -EINVAL; 11268 } 11269 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT; 11270 } 11271 11272 wdev_lock(dev->ieee80211_ptr); 11273 11274 err = cfg80211_connect(rdev, dev, &connect, connkeys, 11275 connect.prev_bssid); 11276 if (err) 11277 kfree_sensitive(connkeys); 11278 11279 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 11280 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; 11281 if (connect.bssid) 11282 memcpy(dev->ieee80211_ptr->disconnect_bssid, 11283 connect.bssid, ETH_ALEN); 11284 else 11285 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid); 11286 } 11287 11288 wdev_unlock(dev->ieee80211_ptr); 11289 11290 return err; 11291} 11292 11293static int nl80211_update_connect_params(struct sk_buff *skb, 11294 struct genl_info *info) 11295{ 11296 struct cfg80211_connect_params connect = {}; 11297 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11298 struct net_device *dev = info->user_ptr[1]; 11299 struct wireless_dev *wdev = dev->ieee80211_ptr; 11300 bool fils_sk_offload; 11301 u32 auth_type; 11302 u32 changed = 0; 11303 int ret; 11304 11305 if (!rdev->ops->update_connect_params) 11306 return -EOPNOTSUPP; 11307 11308 if (info->attrs[NL80211_ATTR_IE]) { 11309 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 11310 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 11311 changed |= UPDATE_ASSOC_IES; 11312 } 11313 11314 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy, 11315 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD); 11316 11317 /* 11318 * when driver supports fils-sk offload all attributes must be 11319 * provided. So the else covers "fils-sk-not-all" and 11320 * "no-fils-sk-any". 11321 */ 11322 if (fils_sk_offload && 11323 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] && 11324 info->attrs[NL80211_ATTR_FILS_ERP_REALM] && 11325 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] && 11326 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 11327 connect.fils_erp_username = 11328 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 11329 connect.fils_erp_username_len = 11330 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 11331 connect.fils_erp_realm = 11332 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 11333 connect.fils_erp_realm_len = 11334 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 11335 connect.fils_erp_next_seq_num = 11336 nla_get_u16( 11337 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]); 11338 connect.fils_erp_rrk = 11339 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 11340 connect.fils_erp_rrk_len = 11341 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 11342 changed |= UPDATE_FILS_ERP_INFO; 11343 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] || 11344 info->attrs[NL80211_ATTR_FILS_ERP_REALM] || 11345 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] || 11346 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 11347 return -EINVAL; 11348 } 11349 11350 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 11351 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 11352 if (!nl80211_valid_auth_type(rdev, auth_type, 11353 NL80211_CMD_CONNECT)) 11354 return -EINVAL; 11355 11356 if (auth_type == NL80211_AUTHTYPE_FILS_SK && 11357 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO)) 11358 return -EINVAL; 11359 11360 connect.auth_type = auth_type; 11361 changed |= UPDATE_AUTH_TYPE; 11362 } 11363 11364 wdev_lock(dev->ieee80211_ptr); 11365 if (!wdev->current_bss) 11366 ret = -ENOLINK; 11367 else 11368 ret = rdev_update_connect_params(rdev, dev, &connect, changed); 11369 wdev_unlock(dev->ieee80211_ptr); 11370 11371 return ret; 11372} 11373 11374static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 11375{ 11376 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11377 struct net_device *dev = info->user_ptr[1]; 11378 u16 reason; 11379 int ret; 11380 11381 if (dev->ieee80211_ptr->conn_owner_nlportid && 11382 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 11383 return -EPERM; 11384 11385 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 11386 reason = WLAN_REASON_DEAUTH_LEAVING; 11387 else 11388 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 11389 11390 if (reason == 0) 11391 return -EINVAL; 11392 11393 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 11394 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 11395 return -EOPNOTSUPP; 11396 11397 wdev_lock(dev->ieee80211_ptr); 11398 ret = cfg80211_disconnect(rdev, dev, reason, true); 11399 wdev_unlock(dev->ieee80211_ptr); 11400 return ret; 11401} 11402 11403static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 11404{ 11405 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11406 struct net *net; 11407 int err; 11408 11409 if (info->attrs[NL80211_ATTR_PID]) { 11410 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 11411 11412 net = get_net_ns_by_pid(pid); 11413 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) { 11414 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]); 11415 11416 net = get_net_ns_by_fd(fd); 11417 } else { 11418 return -EINVAL; 11419 } 11420 11421 if (IS_ERR(net)) 11422 return PTR_ERR(net); 11423 11424 err = 0; 11425 11426 /* check if anything to do */ 11427 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 11428 err = cfg80211_switch_netns(rdev, net); 11429 11430 put_net(net); 11431 return err; 11432} 11433 11434static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 11435{ 11436 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11437 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 11438 struct cfg80211_pmksa *pmksa) = NULL; 11439 struct net_device *dev = info->user_ptr[1]; 11440 struct cfg80211_pmksa pmksa; 11441 11442 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 11443 11444 if (!info->attrs[NL80211_ATTR_PMKID]) 11445 return -EINVAL; 11446 11447 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 11448 11449 if (info->attrs[NL80211_ATTR_MAC]) { 11450 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 11451 } else if (info->attrs[NL80211_ATTR_SSID] && 11452 info->attrs[NL80211_ATTR_FILS_CACHE_ID] && 11453 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA || 11454 info->attrs[NL80211_ATTR_PMK])) { 11455 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 11456 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 11457 pmksa.cache_id = 11458 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]); 11459 } else { 11460 return -EINVAL; 11461 } 11462 if (info->attrs[NL80211_ATTR_PMK]) { 11463 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]); 11464 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]); 11465 } 11466 11467 if (info->attrs[NL80211_ATTR_PMK_LIFETIME]) 11468 pmksa.pmk_lifetime = 11469 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]); 11470 11471 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]) 11472 pmksa.pmk_reauth_threshold = 11473 nla_get_u8( 11474 info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]); 11475 11476 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 11477 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 11478 !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP && 11479 wiphy_ext_feature_isset(&rdev->wiphy, 11480 NL80211_EXT_FEATURE_AP_PMKSA_CACHING))) 11481 return -EOPNOTSUPP; 11482 11483 switch (info->genlhdr->cmd) { 11484 case NL80211_CMD_SET_PMKSA: 11485 rdev_ops = rdev->ops->set_pmksa; 11486 break; 11487 case NL80211_CMD_DEL_PMKSA: 11488 rdev_ops = rdev->ops->del_pmksa; 11489 break; 11490 default: 11491 WARN_ON(1); 11492 break; 11493 } 11494 11495 if (!rdev_ops) 11496 return -EOPNOTSUPP; 11497 11498 return rdev_ops(&rdev->wiphy, dev, &pmksa); 11499} 11500 11501static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 11502{ 11503 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11504 struct net_device *dev = info->user_ptr[1]; 11505 11506 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 11507 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 11508 return -EOPNOTSUPP; 11509 11510 if (!rdev->ops->flush_pmksa) 11511 return -EOPNOTSUPP; 11512 11513 return rdev_flush_pmksa(rdev, dev); 11514} 11515 11516static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 11517{ 11518 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11519 struct net_device *dev = info->user_ptr[1]; 11520 u8 action_code, dialog_token; 11521 u32 peer_capability = 0; 11522 u16 status_code; 11523 u8 *peer; 11524 bool initiator; 11525 11526 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 11527 !rdev->ops->tdls_mgmt) 11528 return -EOPNOTSUPP; 11529 11530 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 11531 !info->attrs[NL80211_ATTR_STATUS_CODE] || 11532 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 11533 !info->attrs[NL80211_ATTR_IE] || 11534 !info->attrs[NL80211_ATTR_MAC]) 11535 return -EINVAL; 11536 11537 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 11538 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 11539 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 11540 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 11541 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]); 11542 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]) 11543 peer_capability = 11544 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]); 11545 11546 return rdev_tdls_mgmt(rdev, dev, peer, action_code, 11547 dialog_token, status_code, peer_capability, 11548 initiator, 11549 nla_data(info->attrs[NL80211_ATTR_IE]), 11550 nla_len(info->attrs[NL80211_ATTR_IE])); 11551} 11552 11553static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 11554{ 11555 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11556 struct net_device *dev = info->user_ptr[1]; 11557 enum nl80211_tdls_operation operation; 11558 u8 *peer; 11559 11560 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 11561 !rdev->ops->tdls_oper) 11562 return -EOPNOTSUPP; 11563 11564 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 11565 !info->attrs[NL80211_ATTR_MAC]) 11566 return -EINVAL; 11567 11568 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 11569 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 11570 11571 return rdev_tdls_oper(rdev, dev, peer, operation); 11572} 11573 11574static int nl80211_remain_on_channel(struct sk_buff *skb, 11575 struct genl_info *info) 11576{ 11577 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11578 struct wireless_dev *wdev = info->user_ptr[1]; 11579 struct cfg80211_chan_def chandef; 11580 const struct cfg80211_chan_def *compat_chandef; 11581 struct sk_buff *msg; 11582 void *hdr; 11583 u64 cookie; 11584 u32 duration; 11585 int err; 11586 11587 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 11588 !info->attrs[NL80211_ATTR_DURATION]) 11589 return -EINVAL; 11590 11591 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 11592 11593 if (!rdev->ops->remain_on_channel || 11594 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 11595 return -EOPNOTSUPP; 11596 11597 /* 11598 * We should be on that channel for at least a minimum amount of 11599 * time (10ms) but no longer than the driver supports. 11600 */ 11601 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 11602 duration > rdev->wiphy.max_remain_on_channel_duration) 11603 return -EINVAL; 11604 11605 err = nl80211_parse_chandef(rdev, info, &chandef); 11606 if (err) 11607 return err; 11608 11609 wdev_lock(wdev); 11610 if (!cfg80211_off_channel_oper_allowed(wdev) && 11611 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) { 11612 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef, 11613 &chandef); 11614 if (compat_chandef != &chandef) { 11615 wdev_unlock(wdev); 11616 return -EBUSY; 11617 } 11618 } 11619 wdev_unlock(wdev); 11620 11621 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 11622 if (!msg) 11623 return -ENOMEM; 11624 11625 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 11626 NL80211_CMD_REMAIN_ON_CHANNEL); 11627 if (!hdr) { 11628 err = -ENOBUFS; 11629 goto free_msg; 11630 } 11631 11632 err = rdev_remain_on_channel(rdev, wdev, chandef.chan, 11633 duration, &cookie); 11634 11635 if (err) 11636 goto free_msg; 11637 11638 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 11639 NL80211_ATTR_PAD)) 11640 goto nla_put_failure; 11641 11642 genlmsg_end(msg, hdr); 11643 11644 return genlmsg_reply(msg, info); 11645 11646 nla_put_failure: 11647 err = -ENOBUFS; 11648 free_msg: 11649 nlmsg_free(msg); 11650 return err; 11651} 11652 11653static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 11654 struct genl_info *info) 11655{ 11656 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11657 struct wireless_dev *wdev = info->user_ptr[1]; 11658 u64 cookie; 11659 11660 if (!info->attrs[NL80211_ATTR_COOKIE]) 11661 return -EINVAL; 11662 11663 if (!rdev->ops->cancel_remain_on_channel) 11664 return -EOPNOTSUPP; 11665 11666 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 11667 11668 return rdev_cancel_remain_on_channel(rdev, wdev, cookie); 11669} 11670 11671static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 11672 struct genl_info *info) 11673{ 11674 struct cfg80211_bitrate_mask mask; 11675 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11676 struct net_device *dev = info->user_ptr[1]; 11677 struct wireless_dev *wdev = dev->ieee80211_ptr; 11678 int err; 11679 11680 if (!rdev->ops->set_bitrate_mask) 11681 return -EOPNOTSUPP; 11682 11683 wdev_lock(wdev); 11684 err = nl80211_parse_tx_bitrate_mask(info, info->attrs, 11685 NL80211_ATTR_TX_RATES, &mask, 11686 dev, true); 11687 if (err) 11688 goto out; 11689 11690 err = rdev_set_bitrate_mask(rdev, dev, NULL, &mask); 11691out: 11692 wdev_unlock(wdev); 11693 return err; 11694} 11695 11696static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 11697{ 11698 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11699 struct wireless_dev *wdev = info->user_ptr[1]; 11700 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 11701 11702 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 11703 return -EINVAL; 11704 11705 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 11706 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 11707 11708 switch (wdev->iftype) { 11709 case NL80211_IFTYPE_STATION: 11710 case NL80211_IFTYPE_ADHOC: 11711 case NL80211_IFTYPE_P2P_CLIENT: 11712 case NL80211_IFTYPE_AP: 11713 case NL80211_IFTYPE_AP_VLAN: 11714 case NL80211_IFTYPE_MESH_POINT: 11715 case NL80211_IFTYPE_P2P_GO: 11716 case NL80211_IFTYPE_P2P_DEVICE: 11717 break; 11718 case NL80211_IFTYPE_NAN: 11719 default: 11720 return -EOPNOTSUPP; 11721 } 11722 11723 /* not much point in registering if we can't reply */ 11724 if (!rdev->ops->mgmt_tx) 11725 return -EOPNOTSUPP; 11726 11727 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] && 11728 !wiphy_ext_feature_isset(&rdev->wiphy, 11729 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) { 11730 GENL_SET_ERR_MSG(info, 11731 "multicast RX registrations are not supported"); 11732 return -EOPNOTSUPP; 11733 } 11734 11735 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type, 11736 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 11737 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]), 11738 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST], 11739 info->extack); 11740} 11741 11742static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 11743{ 11744 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11745 struct wireless_dev *wdev = info->user_ptr[1]; 11746 struct cfg80211_chan_def chandef; 11747 int err; 11748 void *hdr = NULL; 11749 u64 cookie; 11750 struct sk_buff *msg = NULL; 11751 struct cfg80211_mgmt_tx_params params = { 11752 .dont_wait_for_ack = 11753 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK], 11754 }; 11755 11756 if (!info->attrs[NL80211_ATTR_FRAME]) 11757 return -EINVAL; 11758 11759 if (!rdev->ops->mgmt_tx) 11760 return -EOPNOTSUPP; 11761 11762 switch (wdev->iftype) { 11763 case NL80211_IFTYPE_P2P_DEVICE: 11764 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 11765 return -EINVAL; 11766 break; 11767 case NL80211_IFTYPE_STATION: 11768 case NL80211_IFTYPE_ADHOC: 11769 case NL80211_IFTYPE_P2P_CLIENT: 11770 case NL80211_IFTYPE_AP: 11771 case NL80211_IFTYPE_AP_VLAN: 11772 case NL80211_IFTYPE_MESH_POINT: 11773 case NL80211_IFTYPE_P2P_GO: 11774 break; 11775 case NL80211_IFTYPE_NAN: 11776 default: 11777 return -EOPNOTSUPP; 11778 } 11779 11780 if (info->attrs[NL80211_ATTR_DURATION]) { 11781 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 11782 return -EINVAL; 11783 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 11784 11785 /* 11786 * We should wait on the channel for at least a minimum amount 11787 * of time (10ms) but no longer than the driver supports. 11788 */ 11789 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 11790 params.wait > rdev->wiphy.max_remain_on_channel_duration) 11791 return -EINVAL; 11792 } 11793 11794 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 11795 11796 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 11797 return -EINVAL; 11798 11799 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 11800 11801 /* get the channel if any has been specified, otherwise pass NULL to 11802 * the driver. The latter will use the current one 11803 */ 11804 chandef.chan = NULL; 11805 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 11806 err = nl80211_parse_chandef(rdev, info, &chandef); 11807 if (err) 11808 return err; 11809 } 11810 11811 if (!chandef.chan && params.offchan) 11812 return -EINVAL; 11813 11814 wdev_lock(wdev); 11815 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) { 11816 wdev_unlock(wdev); 11817 return -EBUSY; 11818 } 11819 wdev_unlock(wdev); 11820 11821 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); 11822 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]); 11823 11824 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) { 11825 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]); 11826 int i; 11827 11828 if (len % sizeof(u16)) 11829 return -EINVAL; 11830 11831 params.n_csa_offsets = len / sizeof(u16); 11832 params.csa_offsets = 11833 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]); 11834 11835 /* check that all the offsets fit the frame */ 11836 for (i = 0; i < params.n_csa_offsets; i++) { 11837 if (params.csa_offsets[i] >= params.len) 11838 return -EINVAL; 11839 } 11840 } 11841 11842 if (!params.dont_wait_for_ack) { 11843 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 11844 if (!msg) 11845 return -ENOMEM; 11846 11847 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 11848 NL80211_CMD_FRAME); 11849 if (!hdr) { 11850 err = -ENOBUFS; 11851 goto free_msg; 11852 } 11853 } 11854 11855 params.chan = chandef.chan; 11856 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie); 11857 if (err) 11858 goto free_msg; 11859 11860 if (msg) { 11861 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 11862 NL80211_ATTR_PAD)) 11863 goto nla_put_failure; 11864 11865 genlmsg_end(msg, hdr); 11866 return genlmsg_reply(msg, info); 11867 } 11868 11869 return 0; 11870 11871 nla_put_failure: 11872 err = -ENOBUFS; 11873 free_msg: 11874 nlmsg_free(msg); 11875 return err; 11876} 11877 11878static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 11879{ 11880 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11881 struct wireless_dev *wdev = info->user_ptr[1]; 11882 u64 cookie; 11883 11884 if (!info->attrs[NL80211_ATTR_COOKIE]) 11885 return -EINVAL; 11886 11887 if (!rdev->ops->mgmt_tx_cancel_wait) 11888 return -EOPNOTSUPP; 11889 11890 switch (wdev->iftype) { 11891 case NL80211_IFTYPE_STATION: 11892 case NL80211_IFTYPE_ADHOC: 11893 case NL80211_IFTYPE_P2P_CLIENT: 11894 case NL80211_IFTYPE_AP: 11895 case NL80211_IFTYPE_AP_VLAN: 11896 case NL80211_IFTYPE_P2P_GO: 11897 case NL80211_IFTYPE_P2P_DEVICE: 11898 break; 11899 case NL80211_IFTYPE_NAN: 11900 default: 11901 return -EOPNOTSUPP; 11902 } 11903 11904 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 11905 11906 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie); 11907} 11908 11909static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 11910{ 11911 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11912 struct wireless_dev *wdev; 11913 struct net_device *dev = info->user_ptr[1]; 11914 u8 ps_state; 11915 bool state; 11916 int err; 11917 11918 if (!info->attrs[NL80211_ATTR_PS_STATE]) 11919 return -EINVAL; 11920 11921 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 11922 11923 wdev = dev->ieee80211_ptr; 11924 11925 if (!rdev->ops->set_power_mgmt) 11926 return -EOPNOTSUPP; 11927 11928 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 11929 11930 if (state == wdev->ps) 11931 return 0; 11932 11933 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout); 11934 if (!err) 11935 wdev->ps = state; 11936 return err; 11937} 11938 11939static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 11940{ 11941 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11942 enum nl80211_ps_state ps_state; 11943 struct wireless_dev *wdev; 11944 struct net_device *dev = info->user_ptr[1]; 11945 struct sk_buff *msg; 11946 void *hdr; 11947 int err; 11948 11949 wdev = dev->ieee80211_ptr; 11950 11951 if (!rdev->ops->set_power_mgmt) 11952 return -EOPNOTSUPP; 11953 11954 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 11955 if (!msg) 11956 return -ENOMEM; 11957 11958 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 11959 NL80211_CMD_GET_POWER_SAVE); 11960 if (!hdr) { 11961 err = -ENOBUFS; 11962 goto free_msg; 11963 } 11964 11965 if (wdev->ps) 11966 ps_state = NL80211_PS_ENABLED; 11967 else 11968 ps_state = NL80211_PS_DISABLED; 11969 11970 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state)) 11971 goto nla_put_failure; 11972 11973 genlmsg_end(msg, hdr); 11974 return genlmsg_reply(msg, info); 11975 11976 nla_put_failure: 11977 err = -ENOBUFS; 11978 free_msg: 11979 nlmsg_free(msg); 11980 return err; 11981} 11982 11983static const struct nla_policy 11984nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 11985 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY }, 11986 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 11987 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 11988 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 }, 11989 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 }, 11990 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 }, 11991 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 }, 11992}; 11993 11994static int nl80211_set_cqm_txe(struct genl_info *info, 11995 u32 rate, u32 pkts, u32 intvl) 11996{ 11997 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11998 struct net_device *dev = info->user_ptr[1]; 11999 struct wireless_dev *wdev = dev->ieee80211_ptr; 12000 12001 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL) 12002 return -EINVAL; 12003 12004 if (!rdev->ops->set_cqm_txe_config) 12005 return -EOPNOTSUPP; 12006 12007 if (wdev->iftype != NL80211_IFTYPE_STATION && 12008 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 12009 return -EOPNOTSUPP; 12010 12011 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl); 12012} 12013 12014static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev, 12015 struct net_device *dev) 12016{ 12017 struct wireless_dev *wdev = dev->ieee80211_ptr; 12018 s32 last, low, high; 12019 u32 hyst; 12020 int i, n, low_index; 12021 int err; 12022 12023 /* RSSI reporting disabled? */ 12024 if (!wdev->cqm_config) 12025 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0); 12026 12027 /* 12028 * Obtain current RSSI value if possible, if not and no RSSI threshold 12029 * event has been received yet, we should receive an event after a 12030 * connection is established and enough beacons received to calculate 12031 * the average. 12032 */ 12033 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss && 12034 rdev->ops->get_station) { 12035 struct station_info sinfo = {}; 12036 u8 *mac_addr; 12037 12038 mac_addr = wdev->current_bss->pub.bssid; 12039 12040 err = rdev_get_station(rdev, dev, mac_addr, &sinfo); 12041 if (err) 12042 return err; 12043 12044 cfg80211_sinfo_release_content(&sinfo); 12045 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG)) 12046 wdev->cqm_config->last_rssi_event_value = 12047 (s8) sinfo.rx_beacon_signal_avg; 12048 } 12049 12050 last = wdev->cqm_config->last_rssi_event_value; 12051 hyst = wdev->cqm_config->rssi_hyst; 12052 n = wdev->cqm_config->n_rssi_thresholds; 12053 12054 for (i = 0; i < n; i++) { 12055 i = array_index_nospec(i, n); 12056 if (last < wdev->cqm_config->rssi_thresholds[i]) 12057 break; 12058 } 12059 12060 low_index = i - 1; 12061 if (low_index >= 0) { 12062 low_index = array_index_nospec(low_index, n); 12063 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst; 12064 } else { 12065 low = S32_MIN; 12066 } 12067 if (i < n) { 12068 i = array_index_nospec(i, n); 12069 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1; 12070 } else { 12071 high = S32_MAX; 12072 } 12073 12074 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high); 12075} 12076 12077static int nl80211_set_cqm_rssi(struct genl_info *info, 12078 const s32 *thresholds, int n_thresholds, 12079 u32 hysteresis) 12080{ 12081 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12082 struct net_device *dev = info->user_ptr[1]; 12083 struct wireless_dev *wdev = dev->ieee80211_ptr; 12084 int i, err; 12085 s32 prev = S32_MIN; 12086 12087 /* Check all values negative and sorted */ 12088 for (i = 0; i < n_thresholds; i++) { 12089 if (thresholds[i] > 0 || thresholds[i] <= prev) 12090 return -EINVAL; 12091 12092 prev = thresholds[i]; 12093 } 12094 12095 if (wdev->iftype != NL80211_IFTYPE_STATION && 12096 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 12097 return -EOPNOTSUPP; 12098 12099 wdev_lock(wdev); 12100 cfg80211_cqm_config_free(wdev); 12101 wdev_unlock(wdev); 12102 12103 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) { 12104 if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */ 12105 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0); 12106 12107 return rdev_set_cqm_rssi_config(rdev, dev, 12108 thresholds[0], hysteresis); 12109 } 12110 12111 if (!wiphy_ext_feature_isset(&rdev->wiphy, 12112 NL80211_EXT_FEATURE_CQM_RSSI_LIST)) 12113 return -EOPNOTSUPP; 12114 12115 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */ 12116 n_thresholds = 0; 12117 12118 wdev_lock(wdev); 12119 if (n_thresholds) { 12120 struct cfg80211_cqm_config *cqm_config; 12121 12122 cqm_config = kzalloc(struct_size(cqm_config, rssi_thresholds, 12123 n_thresholds), 12124 GFP_KERNEL); 12125 if (!cqm_config) { 12126 err = -ENOMEM; 12127 goto unlock; 12128 } 12129 12130 cqm_config->rssi_hyst = hysteresis; 12131 cqm_config->n_rssi_thresholds = n_thresholds; 12132 memcpy(cqm_config->rssi_thresholds, thresholds, 12133 flex_array_size(cqm_config, rssi_thresholds, 12134 n_thresholds)); 12135 12136 wdev->cqm_config = cqm_config; 12137 } 12138 12139 err = cfg80211_cqm_rssi_update(rdev, dev); 12140 12141unlock: 12142 wdev_unlock(wdev); 12143 12144 return err; 12145} 12146 12147static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 12148{ 12149 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 12150 struct nlattr *cqm; 12151 int err; 12152 12153 cqm = info->attrs[NL80211_ATTR_CQM]; 12154 if (!cqm) 12155 return -EINVAL; 12156 12157 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm, 12158 nl80211_attr_cqm_policy, 12159 info->extack); 12160 if (err) 12161 return err; 12162 12163 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 12164 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 12165 const s32 *thresholds = 12166 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 12167 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 12168 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 12169 12170 if (len % 4) 12171 return -EINVAL; 12172 12173 return nl80211_set_cqm_rssi(info, thresholds, len / 4, 12174 hysteresis); 12175 } 12176 12177 if (attrs[NL80211_ATTR_CQM_TXE_RATE] && 12178 attrs[NL80211_ATTR_CQM_TXE_PKTS] && 12179 attrs[NL80211_ATTR_CQM_TXE_INTVL]) { 12180 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]); 12181 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]); 12182 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]); 12183 12184 return nl80211_set_cqm_txe(info, rate, pkts, intvl); 12185 } 12186 12187 return -EINVAL; 12188} 12189 12190static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info) 12191{ 12192 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12193 struct net_device *dev = info->user_ptr[1]; 12194 struct ocb_setup setup = {}; 12195 int err; 12196 12197 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 12198 if (err) 12199 return err; 12200 12201 return cfg80211_join_ocb(rdev, dev, &setup); 12202} 12203 12204static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info) 12205{ 12206 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12207 struct net_device *dev = info->user_ptr[1]; 12208 12209 return cfg80211_leave_ocb(rdev, dev); 12210} 12211 12212static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 12213{ 12214 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12215 struct net_device *dev = info->user_ptr[1]; 12216 struct mesh_config cfg; 12217 struct mesh_setup setup; 12218 int err; 12219 12220 /* start with default */ 12221 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 12222 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 12223 12224 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 12225 /* and parse parameters if given */ 12226 err = nl80211_parse_mesh_config(info, &cfg, NULL); 12227 if (err) 12228 return err; 12229 } 12230 12231 if (!info->attrs[NL80211_ATTR_MESH_ID] || 12232 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 12233 return -EINVAL; 12234 12235 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 12236 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 12237 12238 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 12239 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 12240 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 12241 return -EINVAL; 12242 12243 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 12244 setup.beacon_interval = 12245 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 12246 12247 err = cfg80211_validate_beacon_int(rdev, 12248 NL80211_IFTYPE_MESH_POINT, 12249 setup.beacon_interval); 12250 if (err) 12251 return err; 12252 } 12253 12254 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) { 12255 setup.dtim_period = 12256 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 12257 if (setup.dtim_period < 1 || setup.dtim_period > 100) 12258 return -EINVAL; 12259 } 12260 12261 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 12262 /* parse additional setup parameters if given */ 12263 err = nl80211_parse_mesh_setup(info, &setup); 12264 if (err) 12265 return err; 12266 } 12267 12268 if (setup.user_mpm) 12269 cfg.auto_open_plinks = false; 12270 12271 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 12272 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 12273 if (err) 12274 return err; 12275 } else { 12276 /* __cfg80211_join_mesh() will sort it out */ 12277 setup.chandef.chan = NULL; 12278 } 12279 12280 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 12281 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 12282 int n_rates = 12283 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 12284 struct ieee80211_supported_band *sband; 12285 12286 if (!setup.chandef.chan) 12287 return -EINVAL; 12288 12289 sband = rdev->wiphy.bands[setup.chandef.chan->band]; 12290 12291 err = ieee80211_get_ratemask(sband, rates, n_rates, 12292 &setup.basic_rates); 12293 if (err) 12294 return err; 12295 } 12296 12297 if (info->attrs[NL80211_ATTR_TX_RATES]) { 12298 err = nl80211_parse_tx_bitrate_mask(info, info->attrs, 12299 NL80211_ATTR_TX_RATES, 12300 &setup.beacon_rate, 12301 dev, false); 12302 if (err) 12303 return err; 12304 12305 if (!setup.chandef.chan) 12306 return -EINVAL; 12307 12308 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band, 12309 &setup.beacon_rate); 12310 if (err) 12311 return err; 12312 } 12313 12314 setup.userspace_handles_dfs = 12315 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); 12316 12317 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { 12318 int r = validate_pae_over_nl80211(rdev, info); 12319 12320 if (r < 0) 12321 return r; 12322 12323 setup.control_port_over_nl80211 = true; 12324 } 12325 12326 wdev_lock(dev->ieee80211_ptr); 12327 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg); 12328 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) 12329 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; 12330 wdev_unlock(dev->ieee80211_ptr); 12331 12332 return err; 12333} 12334 12335static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 12336{ 12337 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12338 struct net_device *dev = info->user_ptr[1]; 12339 12340 return cfg80211_leave_mesh(rdev, dev); 12341} 12342 12343#ifdef CONFIG_PM 12344static int nl80211_send_wowlan_patterns(struct sk_buff *msg, 12345 struct cfg80211_registered_device *rdev) 12346{ 12347 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config; 12348 struct nlattr *nl_pats, *nl_pat; 12349 int i, pat_len; 12350 12351 if (!wowlan->n_patterns) 12352 return 0; 12353 12354 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN); 12355 if (!nl_pats) 12356 return -ENOBUFS; 12357 12358 for (i = 0; i < wowlan->n_patterns; i++) { 12359 nl_pat = nla_nest_start_noflag(msg, i + 1); 12360 if (!nl_pat) 12361 return -ENOBUFS; 12362 pat_len = wowlan->patterns[i].pattern_len; 12363 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8), 12364 wowlan->patterns[i].mask) || 12365 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len, 12366 wowlan->patterns[i].pattern) || 12367 nla_put_u32(msg, NL80211_PKTPAT_OFFSET, 12368 wowlan->patterns[i].pkt_offset)) 12369 return -ENOBUFS; 12370 nla_nest_end(msg, nl_pat); 12371 } 12372 nla_nest_end(msg, nl_pats); 12373 12374 return 0; 12375} 12376 12377static int nl80211_send_wowlan_tcp(struct sk_buff *msg, 12378 struct cfg80211_wowlan_tcp *tcp) 12379{ 12380 struct nlattr *nl_tcp; 12381 12382 if (!tcp) 12383 return 0; 12384 12385 nl_tcp = nla_nest_start_noflag(msg, 12386 NL80211_WOWLAN_TRIG_TCP_CONNECTION); 12387 if (!nl_tcp) 12388 return -ENOBUFS; 12389 12390 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) || 12391 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) || 12392 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) || 12393 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) || 12394 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) || 12395 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 12396 tcp->payload_len, tcp->payload) || 12397 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 12398 tcp->data_interval) || 12399 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 12400 tcp->wake_len, tcp->wake_data) || 12401 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK, 12402 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask)) 12403 return -ENOBUFS; 12404 12405 if (tcp->payload_seq.len && 12406 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ, 12407 sizeof(tcp->payload_seq), &tcp->payload_seq)) 12408 return -ENOBUFS; 12409 12410 if (tcp->payload_tok.len && 12411 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 12412 sizeof(tcp->payload_tok) + tcp->tokens_size, 12413 &tcp->payload_tok)) 12414 return -ENOBUFS; 12415 12416 nla_nest_end(msg, nl_tcp); 12417 12418 return 0; 12419} 12420 12421static int nl80211_send_wowlan_nd(struct sk_buff *msg, 12422 struct cfg80211_sched_scan_request *req) 12423{ 12424 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan; 12425 int i; 12426 12427 if (!req) 12428 return 0; 12429 12430 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT); 12431 if (!nd) 12432 return -ENOBUFS; 12433 12434 if (req->n_scan_plans == 1 && 12435 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, 12436 req->scan_plans[0].interval * 1000)) 12437 return -ENOBUFS; 12438 12439 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay)) 12440 return -ENOBUFS; 12441 12442 if (req->relative_rssi_set) { 12443 struct nl80211_bss_select_rssi_adjust rssi_adjust; 12444 12445 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI, 12446 req->relative_rssi)) 12447 return -ENOBUFS; 12448 12449 rssi_adjust.band = req->rssi_adjust.band; 12450 rssi_adjust.delta = req->rssi_adjust.delta; 12451 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST, 12452 sizeof(rssi_adjust), &rssi_adjust)) 12453 return -ENOBUFS; 12454 } 12455 12456 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES); 12457 if (!freqs) 12458 return -ENOBUFS; 12459 12460 for (i = 0; i < req->n_channels; i++) { 12461 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 12462 return -ENOBUFS; 12463 } 12464 12465 nla_nest_end(msg, freqs); 12466 12467 if (req->n_match_sets) { 12468 matches = nla_nest_start_noflag(msg, 12469 NL80211_ATTR_SCHED_SCAN_MATCH); 12470 if (!matches) 12471 return -ENOBUFS; 12472 12473 for (i = 0; i < req->n_match_sets; i++) { 12474 match = nla_nest_start_noflag(msg, i); 12475 if (!match) 12476 return -ENOBUFS; 12477 12478 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID, 12479 req->match_sets[i].ssid.ssid_len, 12480 req->match_sets[i].ssid.ssid)) 12481 return -ENOBUFS; 12482 nla_nest_end(msg, match); 12483 } 12484 nla_nest_end(msg, matches); 12485 } 12486 12487 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS); 12488 if (!scan_plans) 12489 return -ENOBUFS; 12490 12491 for (i = 0; i < req->n_scan_plans; i++) { 12492 scan_plan = nla_nest_start_noflag(msg, i + 1); 12493 if (!scan_plan) 12494 return -ENOBUFS; 12495 12496 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL, 12497 req->scan_plans[i].interval) || 12498 (req->scan_plans[i].iterations && 12499 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS, 12500 req->scan_plans[i].iterations))) 12501 return -ENOBUFS; 12502 nla_nest_end(msg, scan_plan); 12503 } 12504 nla_nest_end(msg, scan_plans); 12505 12506 nla_nest_end(msg, nd); 12507 12508 return 0; 12509} 12510 12511static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 12512{ 12513 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12514 struct sk_buff *msg; 12515 void *hdr; 12516 u32 size = NLMSG_DEFAULT_SIZE; 12517 12518 if (!rdev->wiphy.wowlan) 12519 return -EOPNOTSUPP; 12520 12521 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) { 12522 /* adjust size to have room for all the data */ 12523 size += rdev->wiphy.wowlan_config->tcp->tokens_size + 12524 rdev->wiphy.wowlan_config->tcp->payload_len + 12525 rdev->wiphy.wowlan_config->tcp->wake_len + 12526 rdev->wiphy.wowlan_config->tcp->wake_len / 8; 12527 } 12528 12529 msg = nlmsg_new(size, GFP_KERNEL); 12530 if (!msg) 12531 return -ENOMEM; 12532 12533 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 12534 NL80211_CMD_GET_WOWLAN); 12535 if (!hdr) 12536 goto nla_put_failure; 12537 12538 if (rdev->wiphy.wowlan_config) { 12539 struct nlattr *nl_wowlan; 12540 12541 nl_wowlan = nla_nest_start_noflag(msg, 12542 NL80211_ATTR_WOWLAN_TRIGGERS); 12543 if (!nl_wowlan) 12544 goto nla_put_failure; 12545 12546 if ((rdev->wiphy.wowlan_config->any && 12547 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 12548 (rdev->wiphy.wowlan_config->disconnect && 12549 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 12550 (rdev->wiphy.wowlan_config->magic_pkt && 12551 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 12552 (rdev->wiphy.wowlan_config->gtk_rekey_failure && 12553 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 12554 (rdev->wiphy.wowlan_config->eap_identity_req && 12555 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 12556 (rdev->wiphy.wowlan_config->four_way_handshake && 12557 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 12558 (rdev->wiphy.wowlan_config->rfkill_release && 12559 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 12560 goto nla_put_failure; 12561 12562 if (nl80211_send_wowlan_patterns(msg, rdev)) 12563 goto nla_put_failure; 12564 12565 if (nl80211_send_wowlan_tcp(msg, 12566 rdev->wiphy.wowlan_config->tcp)) 12567 goto nla_put_failure; 12568 12569 if (nl80211_send_wowlan_nd( 12570 msg, 12571 rdev->wiphy.wowlan_config->nd_config)) 12572 goto nla_put_failure; 12573 12574 nla_nest_end(msg, nl_wowlan); 12575 } 12576 12577 genlmsg_end(msg, hdr); 12578 return genlmsg_reply(msg, info); 12579 12580nla_put_failure: 12581 nlmsg_free(msg); 12582 return -ENOBUFS; 12583} 12584 12585static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev, 12586 struct nlattr *attr, 12587 struct cfg80211_wowlan *trig) 12588{ 12589 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP]; 12590 struct cfg80211_wowlan_tcp *cfg; 12591 struct nl80211_wowlan_tcp_data_token *tok = NULL; 12592 struct nl80211_wowlan_tcp_data_seq *seq = NULL; 12593 u32 size; 12594 u32 data_size, wake_size, tokens_size = 0, wake_mask_size; 12595 int err, port; 12596 12597 if (!rdev->wiphy.wowlan->tcp) 12598 return -EINVAL; 12599 12600 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr, 12601 nl80211_wowlan_tcp_policy, NULL); 12602 if (err) 12603 return err; 12604 12605 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] || 12606 !tb[NL80211_WOWLAN_TCP_DST_IPV4] || 12607 !tb[NL80211_WOWLAN_TCP_DST_MAC] || 12608 !tb[NL80211_WOWLAN_TCP_DST_PORT] || 12609 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] || 12610 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] || 12611 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] || 12612 !tb[NL80211_WOWLAN_TCP_WAKE_MASK]) 12613 return -EINVAL; 12614 12615 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]); 12616 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max) 12617 return -EINVAL; 12618 12619 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) > 12620 rdev->wiphy.wowlan->tcp->data_interval_max || 12621 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0) 12622 return -EINVAL; 12623 12624 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]); 12625 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max) 12626 return -EINVAL; 12627 12628 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]); 12629 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8)) 12630 return -EINVAL; 12631 12632 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) { 12633 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 12634 12635 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 12636 tokens_size = tokln - sizeof(*tok); 12637 12638 if (!tok->len || tokens_size % tok->len) 12639 return -EINVAL; 12640 if (!rdev->wiphy.wowlan->tcp->tok) 12641 return -EINVAL; 12642 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len) 12643 return -EINVAL; 12644 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len) 12645 return -EINVAL; 12646 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize) 12647 return -EINVAL; 12648 if (tok->offset + tok->len > data_size) 12649 return -EINVAL; 12650 } 12651 12652 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) { 12653 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]); 12654 if (!rdev->wiphy.wowlan->tcp->seq) 12655 return -EINVAL; 12656 if (seq->len == 0 || seq->len > 4) 12657 return -EINVAL; 12658 if (seq->len + seq->offset > data_size) 12659 return -EINVAL; 12660 } 12661 12662 size = sizeof(*cfg); 12663 size += data_size; 12664 size += wake_size + wake_mask_size; 12665 size += tokens_size; 12666 12667 cfg = kzalloc(size, GFP_KERNEL); 12668 if (!cfg) 12669 return -ENOMEM; 12670 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]); 12671 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]); 12672 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]), 12673 ETH_ALEN); 12674 if (tb[NL80211_WOWLAN_TCP_SRC_PORT]) 12675 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]); 12676 else 12677 port = 0; 12678#ifdef CONFIG_INET 12679 /* allocate a socket and port for it and use it */ 12680 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM, 12681 IPPROTO_TCP, &cfg->sock, 1); 12682 if (err) { 12683 kfree(cfg); 12684 return err; 12685 } 12686 if (inet_csk_get_port(cfg->sock->sk, port)) { 12687 sock_release(cfg->sock); 12688 kfree(cfg); 12689 return -EADDRINUSE; 12690 } 12691 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num; 12692#else 12693 if (!port) { 12694 kfree(cfg); 12695 return -EINVAL; 12696 } 12697 cfg->src_port = port; 12698#endif 12699 12700 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]); 12701 cfg->payload_len = data_size; 12702 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size; 12703 memcpy((void *)cfg->payload, 12704 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]), 12705 data_size); 12706 if (seq) 12707 cfg->payload_seq = *seq; 12708 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]); 12709 cfg->wake_len = wake_size; 12710 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size; 12711 memcpy((void *)cfg->wake_data, 12712 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]), 12713 wake_size); 12714 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size + 12715 data_size + wake_size; 12716 memcpy((void *)cfg->wake_mask, 12717 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]), 12718 wake_mask_size); 12719 if (tok) { 12720 cfg->tokens_size = tokens_size; 12721 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size); 12722 } 12723 12724 trig->tcp = cfg; 12725 12726 return 0; 12727} 12728 12729static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev, 12730 const struct wiphy_wowlan_support *wowlan, 12731 struct nlattr *attr, 12732 struct cfg80211_wowlan *trig) 12733{ 12734 struct nlattr **tb; 12735 int err; 12736 12737 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL); 12738 if (!tb) 12739 return -ENOMEM; 12740 12741 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) { 12742 err = -EOPNOTSUPP; 12743 goto out; 12744 } 12745 12746 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr, 12747 nl80211_policy, NULL); 12748 if (err) 12749 goto out; 12750 12751 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb, 12752 wowlan->max_nd_match_sets); 12753 err = PTR_ERR_OR_ZERO(trig->nd_config); 12754 if (err) 12755 trig->nd_config = NULL; 12756 12757out: 12758 kfree(tb); 12759 return err; 12760} 12761 12762static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 12763{ 12764 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12765 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 12766 struct cfg80211_wowlan new_triggers = {}; 12767 struct cfg80211_wowlan *ntrig; 12768 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan; 12769 int err, i; 12770 bool prev_enabled = rdev->wiphy.wowlan_config; 12771 bool regular = false; 12772 12773 if (!wowlan) 12774 return -EOPNOTSUPP; 12775 12776 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) { 12777 cfg80211_rdev_free_wowlan(rdev); 12778 rdev->wiphy.wowlan_config = NULL; 12779 goto set_wakeup; 12780 } 12781 12782 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG, 12783 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS], 12784 nl80211_wowlan_policy, info->extack); 12785 if (err) 12786 return err; 12787 12788 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 12789 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 12790 return -EINVAL; 12791 new_triggers.any = true; 12792 } 12793 12794 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 12795 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 12796 return -EINVAL; 12797 new_triggers.disconnect = true; 12798 regular = true; 12799 } 12800 12801 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 12802 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 12803 return -EINVAL; 12804 new_triggers.magic_pkt = true; 12805 regular = true; 12806 } 12807 12808 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 12809 return -EINVAL; 12810 12811 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 12812 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 12813 return -EINVAL; 12814 new_triggers.gtk_rekey_failure = true; 12815 regular = true; 12816 } 12817 12818 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 12819 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 12820 return -EINVAL; 12821 new_triggers.eap_identity_req = true; 12822 regular = true; 12823 } 12824 12825 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 12826 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 12827 return -EINVAL; 12828 new_triggers.four_way_handshake = true; 12829 regular = true; 12830 } 12831 12832 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 12833 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 12834 return -EINVAL; 12835 new_triggers.rfkill_release = true; 12836 regular = true; 12837 } 12838 12839 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 12840 struct nlattr *pat; 12841 int n_patterns = 0; 12842 int rem, pat_len, mask_len, pkt_offset; 12843 struct nlattr *pat_tb[NUM_NL80211_PKTPAT]; 12844 12845 regular = true; 12846 12847 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 12848 rem) 12849 n_patterns++; 12850 if (n_patterns > wowlan->n_patterns) 12851 return -EINVAL; 12852 12853 new_triggers.patterns = kcalloc(n_patterns, 12854 sizeof(new_triggers.patterns[0]), 12855 GFP_KERNEL); 12856 if (!new_triggers.patterns) 12857 return -ENOMEM; 12858 12859 new_triggers.n_patterns = n_patterns; 12860 i = 0; 12861 12862 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 12863 rem) { 12864 u8 *mask_pat; 12865 12866 err = nla_parse_nested_deprecated(pat_tb, 12867 MAX_NL80211_PKTPAT, 12868 pat, 12869 nl80211_packet_pattern_policy, 12870 info->extack); 12871 if (err) 12872 goto error; 12873 12874 err = -EINVAL; 12875 if (!pat_tb[NL80211_PKTPAT_MASK] || 12876 !pat_tb[NL80211_PKTPAT_PATTERN]) 12877 goto error; 12878 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]); 12879 mask_len = DIV_ROUND_UP(pat_len, 8); 12880 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len) 12881 goto error; 12882 if (pat_len > wowlan->pattern_max_len || 12883 pat_len < wowlan->pattern_min_len) 12884 goto error; 12885 12886 if (!pat_tb[NL80211_PKTPAT_OFFSET]) 12887 pkt_offset = 0; 12888 else 12889 pkt_offset = nla_get_u32( 12890 pat_tb[NL80211_PKTPAT_OFFSET]); 12891 if (pkt_offset > wowlan->max_pkt_offset) 12892 goto error; 12893 new_triggers.patterns[i].pkt_offset = pkt_offset; 12894 12895 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL); 12896 if (!mask_pat) { 12897 err = -ENOMEM; 12898 goto error; 12899 } 12900 new_triggers.patterns[i].mask = mask_pat; 12901 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]), 12902 mask_len); 12903 mask_pat += mask_len; 12904 new_triggers.patterns[i].pattern = mask_pat; 12905 new_triggers.patterns[i].pattern_len = pat_len; 12906 memcpy(mask_pat, 12907 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), 12908 pat_len); 12909 i++; 12910 } 12911 } 12912 12913 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) { 12914 regular = true; 12915 err = nl80211_parse_wowlan_tcp( 12916 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION], 12917 &new_triggers); 12918 if (err) 12919 goto error; 12920 } 12921 12922 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) { 12923 regular = true; 12924 err = nl80211_parse_wowlan_nd( 12925 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT], 12926 &new_triggers); 12927 if (err) 12928 goto error; 12929 } 12930 12931 /* The 'any' trigger means the device continues operating more or less 12932 * as in its normal operation mode and wakes up the host on most of the 12933 * normal interrupts (like packet RX, ...) 12934 * It therefore makes little sense to combine with the more constrained 12935 * wakeup trigger modes. 12936 */ 12937 if (new_triggers.any && regular) { 12938 err = -EINVAL; 12939 goto error; 12940 } 12941 12942 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL); 12943 if (!ntrig) { 12944 err = -ENOMEM; 12945 goto error; 12946 } 12947 cfg80211_rdev_free_wowlan(rdev); 12948 rdev->wiphy.wowlan_config = ntrig; 12949 12950 set_wakeup: 12951 if (rdev->ops->set_wakeup && 12952 prev_enabled != !!rdev->wiphy.wowlan_config) 12953 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config); 12954 12955 return 0; 12956 error: 12957 for (i = 0; i < new_triggers.n_patterns; i++) 12958 kfree(new_triggers.patterns[i].mask); 12959 kfree(new_triggers.patterns); 12960 if (new_triggers.tcp && new_triggers.tcp->sock) 12961 sock_release(new_triggers.tcp->sock); 12962 kfree(new_triggers.tcp); 12963 kfree(new_triggers.nd_config); 12964 return err; 12965} 12966#endif 12967 12968static int nl80211_send_coalesce_rules(struct sk_buff *msg, 12969 struct cfg80211_registered_device *rdev) 12970{ 12971 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules; 12972 int i, j, pat_len; 12973 struct cfg80211_coalesce_rules *rule; 12974 12975 if (!rdev->coalesce->n_rules) 12976 return 0; 12977 12978 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE); 12979 if (!nl_rules) 12980 return -ENOBUFS; 12981 12982 for (i = 0; i < rdev->coalesce->n_rules; i++) { 12983 nl_rule = nla_nest_start_noflag(msg, i + 1); 12984 if (!nl_rule) 12985 return -ENOBUFS; 12986 12987 rule = &rdev->coalesce->rules[i]; 12988 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY, 12989 rule->delay)) 12990 return -ENOBUFS; 12991 12992 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION, 12993 rule->condition)) 12994 return -ENOBUFS; 12995 12996 nl_pats = nla_nest_start_noflag(msg, 12997 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN); 12998 if (!nl_pats) 12999 return -ENOBUFS; 13000 13001 for (j = 0; j < rule->n_patterns; j++) { 13002 nl_pat = nla_nest_start_noflag(msg, j + 1); 13003 if (!nl_pat) 13004 return -ENOBUFS; 13005 pat_len = rule->patterns[j].pattern_len; 13006 if (nla_put(msg, NL80211_PKTPAT_MASK, 13007 DIV_ROUND_UP(pat_len, 8), 13008 rule->patterns[j].mask) || 13009 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len, 13010 rule->patterns[j].pattern) || 13011 nla_put_u32(msg, NL80211_PKTPAT_OFFSET, 13012 rule->patterns[j].pkt_offset)) 13013 return -ENOBUFS; 13014 nla_nest_end(msg, nl_pat); 13015 } 13016 nla_nest_end(msg, nl_pats); 13017 nla_nest_end(msg, nl_rule); 13018 } 13019 nla_nest_end(msg, nl_rules); 13020 13021 return 0; 13022} 13023 13024static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info) 13025{ 13026 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13027 struct sk_buff *msg; 13028 void *hdr; 13029 13030 if (!rdev->wiphy.coalesce) 13031 return -EOPNOTSUPP; 13032 13033 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 13034 if (!msg) 13035 return -ENOMEM; 13036 13037 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 13038 NL80211_CMD_GET_COALESCE); 13039 if (!hdr) 13040 goto nla_put_failure; 13041 13042 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev)) 13043 goto nla_put_failure; 13044 13045 genlmsg_end(msg, hdr); 13046 return genlmsg_reply(msg, info); 13047 13048nla_put_failure: 13049 nlmsg_free(msg); 13050 return -ENOBUFS; 13051} 13052 13053void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev) 13054{ 13055 struct cfg80211_coalesce *coalesce = rdev->coalesce; 13056 int i, j; 13057 struct cfg80211_coalesce_rules *rule; 13058 13059 if (!coalesce) 13060 return; 13061 13062 for (i = 0; i < coalesce->n_rules; i++) { 13063 rule = &coalesce->rules[i]; 13064 for (j = 0; j < rule->n_patterns; j++) 13065 kfree(rule->patterns[j].mask); 13066 kfree(rule->patterns); 13067 } 13068 kfree(coalesce->rules); 13069 kfree(coalesce); 13070 rdev->coalesce = NULL; 13071} 13072 13073static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev, 13074 struct nlattr *rule, 13075 struct cfg80211_coalesce_rules *new_rule) 13076{ 13077 int err, i; 13078 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce; 13079 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat; 13080 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0; 13081 struct nlattr *pat_tb[NUM_NL80211_PKTPAT]; 13082 13083 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX, 13084 rule, nl80211_coalesce_policy, NULL); 13085 if (err) 13086 return err; 13087 13088 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY]) 13089 new_rule->delay = 13090 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]); 13091 if (new_rule->delay > coalesce->max_delay) 13092 return -EINVAL; 13093 13094 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION]) 13095 new_rule->condition = 13096 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]); 13097 13098 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN]) 13099 return -EINVAL; 13100 13101 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN], 13102 rem) 13103 n_patterns++; 13104 if (n_patterns > coalesce->n_patterns) 13105 return -EINVAL; 13106 13107 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]), 13108 GFP_KERNEL); 13109 if (!new_rule->patterns) 13110 return -ENOMEM; 13111 13112 new_rule->n_patterns = n_patterns; 13113 i = 0; 13114 13115 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN], 13116 rem) { 13117 u8 *mask_pat; 13118 13119 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT, 13120 pat, 13121 nl80211_packet_pattern_policy, 13122 NULL); 13123 if (err) 13124 return err; 13125 13126 if (!pat_tb[NL80211_PKTPAT_MASK] || 13127 !pat_tb[NL80211_PKTPAT_PATTERN]) 13128 return -EINVAL; 13129 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]); 13130 mask_len = DIV_ROUND_UP(pat_len, 8); 13131 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len) 13132 return -EINVAL; 13133 if (pat_len > coalesce->pattern_max_len || 13134 pat_len < coalesce->pattern_min_len) 13135 return -EINVAL; 13136 13137 if (!pat_tb[NL80211_PKTPAT_OFFSET]) 13138 pkt_offset = 0; 13139 else 13140 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]); 13141 if (pkt_offset > coalesce->max_pkt_offset) 13142 return -EINVAL; 13143 new_rule->patterns[i].pkt_offset = pkt_offset; 13144 13145 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL); 13146 if (!mask_pat) 13147 return -ENOMEM; 13148 13149 new_rule->patterns[i].mask = mask_pat; 13150 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]), 13151 mask_len); 13152 13153 mask_pat += mask_len; 13154 new_rule->patterns[i].pattern = mask_pat; 13155 new_rule->patterns[i].pattern_len = pat_len; 13156 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), 13157 pat_len); 13158 i++; 13159 } 13160 13161 return 0; 13162} 13163 13164static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info) 13165{ 13166 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13167 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce; 13168 struct cfg80211_coalesce new_coalesce = {}; 13169 struct cfg80211_coalesce *n_coalesce; 13170 int err, rem_rule, n_rules = 0, i, j; 13171 struct nlattr *rule; 13172 struct cfg80211_coalesce_rules *tmp_rule; 13173 13174 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce) 13175 return -EOPNOTSUPP; 13176 13177 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) { 13178 cfg80211_rdev_free_coalesce(rdev); 13179 rdev_set_coalesce(rdev, NULL); 13180 return 0; 13181 } 13182 13183 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE], 13184 rem_rule) 13185 n_rules++; 13186 if (n_rules > coalesce->n_rules) 13187 return -EINVAL; 13188 13189 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]), 13190 GFP_KERNEL); 13191 if (!new_coalesce.rules) 13192 return -ENOMEM; 13193 13194 new_coalesce.n_rules = n_rules; 13195 i = 0; 13196 13197 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE], 13198 rem_rule) { 13199 err = nl80211_parse_coalesce_rule(rdev, rule, 13200 &new_coalesce.rules[i]); 13201 if (err) 13202 goto error; 13203 13204 i++; 13205 } 13206 13207 err = rdev_set_coalesce(rdev, &new_coalesce); 13208 if (err) 13209 goto error; 13210 13211 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL); 13212 if (!n_coalesce) { 13213 err = -ENOMEM; 13214 goto error; 13215 } 13216 cfg80211_rdev_free_coalesce(rdev); 13217 rdev->coalesce = n_coalesce; 13218 13219 return 0; 13220error: 13221 for (i = 0; i < new_coalesce.n_rules; i++) { 13222 tmp_rule = &new_coalesce.rules[i]; 13223 for (j = 0; j < tmp_rule->n_patterns; j++) 13224 kfree(tmp_rule->patterns[j].mask); 13225 kfree(tmp_rule->patterns); 13226 } 13227 kfree(new_coalesce.rules); 13228 13229 return err; 13230} 13231 13232static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 13233{ 13234 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13235 struct net_device *dev = info->user_ptr[1]; 13236 struct wireless_dev *wdev = dev->ieee80211_ptr; 13237 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 13238 struct cfg80211_gtk_rekey_data rekey_data = {}; 13239 int err; 13240 13241 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 13242 return -EINVAL; 13243 13244 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA, 13245 info->attrs[NL80211_ATTR_REKEY_DATA], 13246 nl80211_rekey_policy, info->extack); 13247 if (err) 13248 return err; 13249 13250 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] || 13251 !tb[NL80211_REKEY_DATA_KCK]) 13252 return -EINVAL; 13253 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN && 13254 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK && 13255 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN)) 13256 return -ERANGE; 13257 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN && 13258 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK && 13259 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KCK_EXT_LEN)) 13260 return -ERANGE; 13261 13262 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]); 13263 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]); 13264 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]); 13265 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]); 13266 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]); 13267 if (tb[NL80211_REKEY_DATA_AKM]) 13268 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]); 13269 13270 wdev_lock(wdev); 13271 if (!wdev->current_bss) { 13272 err = -ENOTCONN; 13273 goto out; 13274 } 13275 13276 if (!rdev->ops->set_rekey_data) { 13277 err = -EOPNOTSUPP; 13278 goto out; 13279 } 13280 13281 err = rdev_set_rekey_data(rdev, dev, &rekey_data); 13282 out: 13283 wdev_unlock(wdev); 13284 return err; 13285} 13286 13287static int nl80211_register_unexpected_frame(struct sk_buff *skb, 13288 struct genl_info *info) 13289{ 13290 struct net_device *dev = info->user_ptr[1]; 13291 struct wireless_dev *wdev = dev->ieee80211_ptr; 13292 13293 if (wdev->iftype != NL80211_IFTYPE_AP && 13294 wdev->iftype != NL80211_IFTYPE_P2P_GO) 13295 return -EINVAL; 13296 13297 if (wdev->ap_unexpected_nlportid) 13298 return -EBUSY; 13299 13300 wdev->ap_unexpected_nlportid = info->snd_portid; 13301 return 0; 13302} 13303 13304static int nl80211_probe_client(struct sk_buff *skb, 13305 struct genl_info *info) 13306{ 13307 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13308 struct net_device *dev = info->user_ptr[1]; 13309 struct wireless_dev *wdev = dev->ieee80211_ptr; 13310 struct sk_buff *msg; 13311 void *hdr; 13312 const u8 *addr; 13313 u64 cookie; 13314 int err; 13315 13316 if (wdev->iftype != NL80211_IFTYPE_AP && 13317 wdev->iftype != NL80211_IFTYPE_P2P_GO) 13318 return -EOPNOTSUPP; 13319 13320 if (!info->attrs[NL80211_ATTR_MAC]) 13321 return -EINVAL; 13322 13323 if (!rdev->ops->probe_client) 13324 return -EOPNOTSUPP; 13325 13326 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 13327 if (!msg) 13328 return -ENOMEM; 13329 13330 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 13331 NL80211_CMD_PROBE_CLIENT); 13332 if (!hdr) { 13333 err = -ENOBUFS; 13334 goto free_msg; 13335 } 13336 13337 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 13338 13339 err = rdev_probe_client(rdev, dev, addr, &cookie); 13340 if (err) 13341 goto free_msg; 13342 13343 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 13344 NL80211_ATTR_PAD)) 13345 goto nla_put_failure; 13346 13347 genlmsg_end(msg, hdr); 13348 13349 return genlmsg_reply(msg, info); 13350 13351 nla_put_failure: 13352 err = -ENOBUFS; 13353 free_msg: 13354 nlmsg_free(msg); 13355 return err; 13356} 13357 13358static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 13359{ 13360 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13361 struct cfg80211_beacon_registration *reg, *nreg; 13362 int rv; 13363 13364 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 13365 return -EOPNOTSUPP; 13366 13367 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL); 13368 if (!nreg) 13369 return -ENOMEM; 13370 13371 /* First, check if already registered. */ 13372 spin_lock_bh(&rdev->beacon_registrations_lock); 13373 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 13374 if (reg->nlportid == info->snd_portid) { 13375 rv = -EALREADY; 13376 goto out_err; 13377 } 13378 } 13379 /* Add it to the list */ 13380 nreg->nlportid = info->snd_portid; 13381 list_add(&nreg->list, &rdev->beacon_registrations); 13382 13383 spin_unlock_bh(&rdev->beacon_registrations_lock); 13384 13385 return 0; 13386out_err: 13387 spin_unlock_bh(&rdev->beacon_registrations_lock); 13388 kfree(nreg); 13389 return rv; 13390} 13391 13392static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info) 13393{ 13394 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13395 struct wireless_dev *wdev = info->user_ptr[1]; 13396 int err; 13397 13398 if (!rdev->ops->start_p2p_device) 13399 return -EOPNOTSUPP; 13400 13401 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 13402 return -EOPNOTSUPP; 13403 13404 if (wdev_running(wdev)) 13405 return 0; 13406 13407 if (rfkill_blocked(rdev->wiphy.rfkill)) 13408 return -ERFKILL; 13409 13410 err = rdev_start_p2p_device(rdev, wdev); 13411 if (err) 13412 return err; 13413 13414 wdev->is_running = true; 13415 rdev->opencount++; 13416 13417 return 0; 13418} 13419 13420static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info) 13421{ 13422 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13423 struct wireless_dev *wdev = info->user_ptr[1]; 13424 13425 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 13426 return -EOPNOTSUPP; 13427 13428 if (!rdev->ops->stop_p2p_device) 13429 return -EOPNOTSUPP; 13430 13431 cfg80211_stop_p2p_device(rdev, wdev); 13432 13433 return 0; 13434} 13435 13436static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info) 13437{ 13438 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13439 struct wireless_dev *wdev = info->user_ptr[1]; 13440 struct cfg80211_nan_conf conf = {}; 13441 int err; 13442 13443 if (wdev->iftype != NL80211_IFTYPE_NAN) 13444 return -EOPNOTSUPP; 13445 13446 if (wdev_running(wdev)) 13447 return -EEXIST; 13448 13449 if (rfkill_blocked(rdev->wiphy.rfkill)) 13450 return -ERFKILL; 13451 13452 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) 13453 return -EINVAL; 13454 13455 conf.master_pref = 13456 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]); 13457 13458 if (info->attrs[NL80211_ATTR_BANDS]) { 13459 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]); 13460 13461 if (bands & ~(u32)wdev->wiphy->nan_supported_bands) 13462 return -EOPNOTSUPP; 13463 13464 if (bands && !(bands & BIT(NL80211_BAND_2GHZ))) 13465 return -EINVAL; 13466 13467 conf.bands = bands; 13468 } 13469 13470 err = rdev_start_nan(rdev, wdev, &conf); 13471 if (err) 13472 return err; 13473 13474 wdev->is_running = true; 13475 rdev->opencount++; 13476 13477 return 0; 13478} 13479 13480static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info) 13481{ 13482 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13483 struct wireless_dev *wdev = info->user_ptr[1]; 13484 13485 if (wdev->iftype != NL80211_IFTYPE_NAN) 13486 return -EOPNOTSUPP; 13487 13488 cfg80211_stop_nan(rdev, wdev); 13489 13490 return 0; 13491} 13492 13493static int validate_nan_filter(struct nlattr *filter_attr) 13494{ 13495 struct nlattr *attr; 13496 int len = 0, n_entries = 0, rem; 13497 13498 nla_for_each_nested(attr, filter_attr, rem) { 13499 len += nla_len(attr); 13500 n_entries++; 13501 } 13502 13503 if (len >= U8_MAX) 13504 return -EINVAL; 13505 13506 return n_entries; 13507} 13508 13509static int handle_nan_filter(struct nlattr *attr_filter, 13510 struct cfg80211_nan_func *func, 13511 bool tx) 13512{ 13513 struct nlattr *attr; 13514 int n_entries, rem, i; 13515 struct cfg80211_nan_func_filter *filter; 13516 13517 n_entries = validate_nan_filter(attr_filter); 13518 if (n_entries < 0) 13519 return n_entries; 13520 13521 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters)); 13522 13523 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL); 13524 if (!filter) 13525 return -ENOMEM; 13526 13527 i = 0; 13528 nla_for_each_nested(attr, attr_filter, rem) { 13529 filter[i].filter = nla_memdup(attr, GFP_KERNEL); 13530 if (!filter[i].filter) 13531 goto err; 13532 13533 filter[i].len = nla_len(attr); 13534 i++; 13535 } 13536 if (tx) { 13537 func->num_tx_filters = n_entries; 13538 func->tx_filters = filter; 13539 } else { 13540 func->num_rx_filters = n_entries; 13541 func->rx_filters = filter; 13542 } 13543 13544 return 0; 13545 13546err: 13547 i = 0; 13548 nla_for_each_nested(attr, attr_filter, rem) { 13549 kfree(filter[i].filter); 13550 i++; 13551 } 13552 kfree(filter); 13553 return -ENOMEM; 13554} 13555 13556static int nl80211_nan_add_func(struct sk_buff *skb, 13557 struct genl_info *info) 13558{ 13559 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13560 struct wireless_dev *wdev = info->user_ptr[1]; 13561 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr; 13562 struct cfg80211_nan_func *func; 13563 struct sk_buff *msg = NULL; 13564 void *hdr = NULL; 13565 int err = 0; 13566 13567 if (wdev->iftype != NL80211_IFTYPE_NAN) 13568 return -EOPNOTSUPP; 13569 13570 if (!wdev_running(wdev)) 13571 return -ENOTCONN; 13572 13573 if (!info->attrs[NL80211_ATTR_NAN_FUNC]) 13574 return -EINVAL; 13575 13576 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX, 13577 info->attrs[NL80211_ATTR_NAN_FUNC], 13578 nl80211_nan_func_policy, 13579 info->extack); 13580 if (err) 13581 return err; 13582 13583 func = kzalloc(sizeof(*func), GFP_KERNEL); 13584 if (!func) 13585 return -ENOMEM; 13586 13587 func->cookie = cfg80211_assign_cookie(rdev); 13588 13589 if (!tb[NL80211_NAN_FUNC_TYPE]) { 13590 err = -EINVAL; 13591 goto out; 13592 } 13593 13594 13595 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]); 13596 13597 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) { 13598 err = -EINVAL; 13599 goto out; 13600 } 13601 13602 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]), 13603 sizeof(func->service_id)); 13604 13605 func->close_range = 13606 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]); 13607 13608 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) { 13609 func->serv_spec_info_len = 13610 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]); 13611 func->serv_spec_info = 13612 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]), 13613 func->serv_spec_info_len, 13614 GFP_KERNEL); 13615 if (!func->serv_spec_info) { 13616 err = -ENOMEM; 13617 goto out; 13618 } 13619 } 13620 13621 if (tb[NL80211_NAN_FUNC_TTL]) 13622 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]); 13623 13624 switch (func->type) { 13625 case NL80211_NAN_FUNC_PUBLISH: 13626 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) { 13627 err = -EINVAL; 13628 goto out; 13629 } 13630 13631 func->publish_type = 13632 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]); 13633 func->publish_bcast = 13634 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]); 13635 13636 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) && 13637 func->publish_bcast) { 13638 err = -EINVAL; 13639 goto out; 13640 } 13641 break; 13642 case NL80211_NAN_FUNC_SUBSCRIBE: 13643 func->subscribe_active = 13644 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]); 13645 break; 13646 case NL80211_NAN_FUNC_FOLLOW_UP: 13647 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] || 13648 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] || 13649 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) { 13650 err = -EINVAL; 13651 goto out; 13652 } 13653 13654 func->followup_id = 13655 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]); 13656 func->followup_reqid = 13657 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]); 13658 memcpy(func->followup_dest.addr, 13659 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]), 13660 sizeof(func->followup_dest.addr)); 13661 if (func->ttl) { 13662 err = -EINVAL; 13663 goto out; 13664 } 13665 break; 13666 default: 13667 err = -EINVAL; 13668 goto out; 13669 } 13670 13671 if (tb[NL80211_NAN_FUNC_SRF]) { 13672 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR]; 13673 13674 err = nla_parse_nested_deprecated(srf_tb, 13675 NL80211_NAN_SRF_ATTR_MAX, 13676 tb[NL80211_NAN_FUNC_SRF], 13677 nl80211_nan_srf_policy, 13678 info->extack); 13679 if (err) 13680 goto out; 13681 13682 func->srf_include = 13683 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]); 13684 13685 if (srf_tb[NL80211_NAN_SRF_BF]) { 13686 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] || 13687 !srf_tb[NL80211_NAN_SRF_BF_IDX]) { 13688 err = -EINVAL; 13689 goto out; 13690 } 13691 13692 func->srf_bf_len = 13693 nla_len(srf_tb[NL80211_NAN_SRF_BF]); 13694 func->srf_bf = 13695 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]), 13696 func->srf_bf_len, GFP_KERNEL); 13697 if (!func->srf_bf) { 13698 err = -ENOMEM; 13699 goto out; 13700 } 13701 13702 func->srf_bf_idx = 13703 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]); 13704 } else { 13705 struct nlattr *attr, *mac_attr = 13706 srf_tb[NL80211_NAN_SRF_MAC_ADDRS]; 13707 int n_entries, rem, i = 0; 13708 13709 if (!mac_attr) { 13710 err = -EINVAL; 13711 goto out; 13712 } 13713 13714 n_entries = validate_acl_mac_addrs(mac_attr); 13715 if (n_entries <= 0) { 13716 err = -EINVAL; 13717 goto out; 13718 } 13719 13720 func->srf_num_macs = n_entries; 13721 func->srf_macs = 13722 kcalloc(n_entries, sizeof(*func->srf_macs), 13723 GFP_KERNEL); 13724 if (!func->srf_macs) { 13725 err = -ENOMEM; 13726 goto out; 13727 } 13728 13729 nla_for_each_nested(attr, mac_attr, rem) 13730 memcpy(func->srf_macs[i++].addr, nla_data(attr), 13731 sizeof(*func->srf_macs)); 13732 } 13733 } 13734 13735 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) { 13736 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER], 13737 func, true); 13738 if (err) 13739 goto out; 13740 } 13741 13742 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) { 13743 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER], 13744 func, false); 13745 if (err) 13746 goto out; 13747 } 13748 13749 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 13750 if (!msg) { 13751 err = -ENOMEM; 13752 goto out; 13753 } 13754 13755 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 13756 NL80211_CMD_ADD_NAN_FUNCTION); 13757 /* This can't really happen - we just allocated 4KB */ 13758 if (WARN_ON(!hdr)) { 13759 err = -ENOMEM; 13760 goto out; 13761 } 13762 13763 err = rdev_add_nan_func(rdev, wdev, func); 13764out: 13765 if (err < 0) { 13766 cfg80211_free_nan_func(func); 13767 nlmsg_free(msg); 13768 return err; 13769 } 13770 13771 /* propagate the instance id and cookie to userspace */ 13772 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie, 13773 NL80211_ATTR_PAD)) 13774 goto nla_put_failure; 13775 13776 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC); 13777 if (!func_attr) 13778 goto nla_put_failure; 13779 13780 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, 13781 func->instance_id)) 13782 goto nla_put_failure; 13783 13784 nla_nest_end(msg, func_attr); 13785 13786 genlmsg_end(msg, hdr); 13787 return genlmsg_reply(msg, info); 13788 13789nla_put_failure: 13790 nlmsg_free(msg); 13791 return -ENOBUFS; 13792} 13793 13794static int nl80211_nan_del_func(struct sk_buff *skb, 13795 struct genl_info *info) 13796{ 13797 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13798 struct wireless_dev *wdev = info->user_ptr[1]; 13799 u64 cookie; 13800 13801 if (wdev->iftype != NL80211_IFTYPE_NAN) 13802 return -EOPNOTSUPP; 13803 13804 if (!wdev_running(wdev)) 13805 return -ENOTCONN; 13806 13807 if (!info->attrs[NL80211_ATTR_COOKIE]) 13808 return -EINVAL; 13809 13810 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 13811 13812 rdev_del_nan_func(rdev, wdev, cookie); 13813 13814 return 0; 13815} 13816 13817static int nl80211_nan_change_config(struct sk_buff *skb, 13818 struct genl_info *info) 13819{ 13820 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13821 struct wireless_dev *wdev = info->user_ptr[1]; 13822 struct cfg80211_nan_conf conf = {}; 13823 u32 changed = 0; 13824 13825 if (wdev->iftype != NL80211_IFTYPE_NAN) 13826 return -EOPNOTSUPP; 13827 13828 if (!wdev_running(wdev)) 13829 return -ENOTCONN; 13830 13831 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) { 13832 conf.master_pref = 13833 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]); 13834 if (conf.master_pref <= 1 || conf.master_pref == 255) 13835 return -EINVAL; 13836 13837 changed |= CFG80211_NAN_CONF_CHANGED_PREF; 13838 } 13839 13840 if (info->attrs[NL80211_ATTR_BANDS]) { 13841 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]); 13842 13843 if (bands & ~(u32)wdev->wiphy->nan_supported_bands) 13844 return -EOPNOTSUPP; 13845 13846 if (bands && !(bands & BIT(NL80211_BAND_2GHZ))) 13847 return -EINVAL; 13848 13849 conf.bands = bands; 13850 changed |= CFG80211_NAN_CONF_CHANGED_BANDS; 13851 } 13852 13853 if (!changed) 13854 return -EINVAL; 13855 13856 return rdev_nan_change_conf(rdev, wdev, &conf, changed); 13857} 13858 13859void cfg80211_nan_match(struct wireless_dev *wdev, 13860 struct cfg80211_nan_match_params *match, gfp_t gfp) 13861{ 13862 struct wiphy *wiphy = wdev->wiphy; 13863 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 13864 struct nlattr *match_attr, *local_func_attr, *peer_func_attr; 13865 struct sk_buff *msg; 13866 void *hdr; 13867 13868 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr)) 13869 return; 13870 13871 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13872 if (!msg) 13873 return; 13874 13875 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH); 13876 if (!hdr) { 13877 nlmsg_free(msg); 13878 return; 13879 } 13880 13881 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13882 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 13883 wdev->netdev->ifindex)) || 13884 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 13885 NL80211_ATTR_PAD)) 13886 goto nla_put_failure; 13887 13888 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie, 13889 NL80211_ATTR_PAD) || 13890 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr)) 13891 goto nla_put_failure; 13892 13893 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH); 13894 if (!match_attr) 13895 goto nla_put_failure; 13896 13897 local_func_attr = nla_nest_start_noflag(msg, 13898 NL80211_NAN_MATCH_FUNC_LOCAL); 13899 if (!local_func_attr) 13900 goto nla_put_failure; 13901 13902 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id)) 13903 goto nla_put_failure; 13904 13905 nla_nest_end(msg, local_func_attr); 13906 13907 peer_func_attr = nla_nest_start_noflag(msg, 13908 NL80211_NAN_MATCH_FUNC_PEER); 13909 if (!peer_func_attr) 13910 goto nla_put_failure; 13911 13912 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) || 13913 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id)) 13914 goto nla_put_failure; 13915 13916 if (match->info && match->info_len && 13917 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len, 13918 match->info)) 13919 goto nla_put_failure; 13920 13921 nla_nest_end(msg, peer_func_attr); 13922 nla_nest_end(msg, match_attr); 13923 genlmsg_end(msg, hdr); 13924 13925 if (!wdev->owner_nlportid) 13926 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 13927 msg, 0, NL80211_MCGRP_NAN, gfp); 13928 else 13929 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 13930 wdev->owner_nlportid); 13931 13932 return; 13933 13934nla_put_failure: 13935 nlmsg_free(msg); 13936} 13937EXPORT_SYMBOL(cfg80211_nan_match); 13938 13939void cfg80211_nan_func_terminated(struct wireless_dev *wdev, 13940 u8 inst_id, 13941 enum nl80211_nan_func_term_reason reason, 13942 u64 cookie, gfp_t gfp) 13943{ 13944 struct wiphy *wiphy = wdev->wiphy; 13945 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 13946 struct sk_buff *msg; 13947 struct nlattr *func_attr; 13948 void *hdr; 13949 13950 if (WARN_ON(!inst_id)) 13951 return; 13952 13953 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 13954 if (!msg) 13955 return; 13956 13957 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION); 13958 if (!hdr) { 13959 nlmsg_free(msg); 13960 return; 13961 } 13962 13963 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 13964 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 13965 wdev->netdev->ifindex)) || 13966 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 13967 NL80211_ATTR_PAD)) 13968 goto nla_put_failure; 13969 13970 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 13971 NL80211_ATTR_PAD)) 13972 goto nla_put_failure; 13973 13974 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC); 13975 if (!func_attr) 13976 goto nla_put_failure; 13977 13978 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) || 13979 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason)) 13980 goto nla_put_failure; 13981 13982 nla_nest_end(msg, func_attr); 13983 genlmsg_end(msg, hdr); 13984 13985 if (!wdev->owner_nlportid) 13986 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 13987 msg, 0, NL80211_MCGRP_NAN, gfp); 13988 else 13989 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 13990 wdev->owner_nlportid); 13991 13992 return; 13993 13994nla_put_failure: 13995 nlmsg_free(msg); 13996} 13997EXPORT_SYMBOL(cfg80211_nan_func_terminated); 13998 13999static int nl80211_get_protocol_features(struct sk_buff *skb, 14000 struct genl_info *info) 14001{ 14002 void *hdr; 14003 struct sk_buff *msg; 14004 14005 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14006 if (!msg) 14007 return -ENOMEM; 14008 14009 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 14010 NL80211_CMD_GET_PROTOCOL_FEATURES); 14011 if (!hdr) 14012 goto nla_put_failure; 14013 14014 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES, 14015 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP)) 14016 goto nla_put_failure; 14017 14018 genlmsg_end(msg, hdr); 14019 return genlmsg_reply(msg, info); 14020 14021 nla_put_failure: 14022 kfree_skb(msg); 14023 return -ENOBUFS; 14024} 14025 14026static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info) 14027{ 14028 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14029 struct cfg80211_update_ft_ies_params ft_params; 14030 struct net_device *dev = info->user_ptr[1]; 14031 14032 if (!rdev->ops->update_ft_ies) 14033 return -EOPNOTSUPP; 14034 14035 if (!info->attrs[NL80211_ATTR_MDID] || 14036 !info->attrs[NL80211_ATTR_IE]) 14037 return -EINVAL; 14038 14039 memset(&ft_params, 0, sizeof(ft_params)); 14040 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]); 14041 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 14042 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 14043 14044 return rdev_update_ft_ies(rdev, dev, &ft_params); 14045} 14046 14047static int nl80211_crit_protocol_start(struct sk_buff *skb, 14048 struct genl_info *info) 14049{ 14050 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14051 struct wireless_dev *wdev = info->user_ptr[1]; 14052 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC; 14053 u16 duration; 14054 int ret; 14055 14056 if (!rdev->ops->crit_proto_start) 14057 return -EOPNOTSUPP; 14058 14059 if (WARN_ON(!rdev->ops->crit_proto_stop)) 14060 return -EINVAL; 14061 14062 if (rdev->crit_proto_nlportid) 14063 return -EBUSY; 14064 14065 /* determine protocol if provided */ 14066 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID]) 14067 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]); 14068 14069 if (proto >= NUM_NL80211_CRIT_PROTO) 14070 return -EINVAL; 14071 14072 /* timeout must be provided */ 14073 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]) 14074 return -EINVAL; 14075 14076 duration = 14077 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]); 14078 14079 ret = rdev_crit_proto_start(rdev, wdev, proto, duration); 14080 if (!ret) 14081 rdev->crit_proto_nlportid = info->snd_portid; 14082 14083 return ret; 14084} 14085 14086static int nl80211_crit_protocol_stop(struct sk_buff *skb, 14087 struct genl_info *info) 14088{ 14089 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14090 struct wireless_dev *wdev = info->user_ptr[1]; 14091 14092 if (!rdev->ops->crit_proto_stop) 14093 return -EOPNOTSUPP; 14094 14095 if (rdev->crit_proto_nlportid) { 14096 rdev->crit_proto_nlportid = 0; 14097 rdev_crit_proto_stop(rdev, wdev); 14098 } 14099 return 0; 14100} 14101 14102static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd, 14103 struct nlattr *attr, 14104 struct netlink_ext_ack *extack) 14105{ 14106 if (vcmd->policy == VENDOR_CMD_RAW_DATA) { 14107 if (attr->nla_type & NLA_F_NESTED) { 14108 NL_SET_ERR_MSG_ATTR(extack, attr, 14109 "unexpected nested data"); 14110 return -EINVAL; 14111 } 14112 14113 return 0; 14114 } 14115 14116 if (!(attr->nla_type & NLA_F_NESTED)) { 14117 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data"); 14118 return -EINVAL; 14119 } 14120 14121 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack); 14122} 14123 14124static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info) 14125{ 14126 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14127 struct wireless_dev *wdev = 14128 __cfg80211_wdev_from_attrs(rdev, genl_info_net(info), 14129 info->attrs); 14130 int i, err; 14131 u32 vid, subcmd; 14132 14133 if (!rdev->wiphy.vendor_commands) 14134 return -EOPNOTSUPP; 14135 14136 if (IS_ERR(wdev)) { 14137 err = PTR_ERR(wdev); 14138 if (err != -EINVAL) 14139 return err; 14140 wdev = NULL; 14141 } else if (wdev->wiphy != &rdev->wiphy) { 14142 return -EINVAL; 14143 } 14144 14145 if (!info->attrs[NL80211_ATTR_VENDOR_ID] || 14146 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD]) 14147 return -EINVAL; 14148 14149 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]); 14150 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]); 14151 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) { 14152 const struct wiphy_vendor_command *vcmd; 14153 void *data = NULL; 14154 int len = 0; 14155 14156 vcmd = &rdev->wiphy.vendor_commands[i]; 14157 14158 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd) 14159 continue; 14160 14161 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV | 14162 WIPHY_VENDOR_CMD_NEED_NETDEV)) { 14163 if (!wdev) 14164 return -EINVAL; 14165 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV && 14166 !wdev->netdev) 14167 return -EINVAL; 14168 14169 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) { 14170 if (!wdev_running(wdev)) 14171 return -ENETDOWN; 14172 } 14173 } else { 14174 wdev = NULL; 14175 } 14176 14177 if (!vcmd->doit) 14178 return -EOPNOTSUPP; 14179 14180 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) { 14181 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]); 14182 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]); 14183 14184 err = nl80211_vendor_check_policy(vcmd, 14185 info->attrs[NL80211_ATTR_VENDOR_DATA], 14186 info->extack); 14187 if (err) 14188 return err; 14189 } 14190 14191 rdev->cur_cmd_info = info; 14192 err = vcmd->doit(&rdev->wiphy, wdev, data, len); 14193 rdev->cur_cmd_info = NULL; 14194 return err; 14195 } 14196 14197 return -EOPNOTSUPP; 14198} 14199 14200static int nl80211_prepare_vendor_dump(struct sk_buff *skb, 14201 struct netlink_callback *cb, 14202 struct cfg80211_registered_device **rdev, 14203 struct wireless_dev **wdev) 14204{ 14205 struct nlattr **attrbuf; 14206 u32 vid, subcmd; 14207 unsigned int i; 14208 int vcmd_idx = -1; 14209 int err; 14210 void *data = NULL; 14211 unsigned int data_len = 0; 14212 14213 if (cb->args[0]) { 14214 /* subtract the 1 again here */ 14215 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1); 14216 struct wireless_dev *tmp; 14217 14218 if (!wiphy) 14219 return -ENODEV; 14220 *rdev = wiphy_to_rdev(wiphy); 14221 *wdev = NULL; 14222 14223 if (cb->args[1]) { 14224 list_for_each_entry(tmp, &wiphy->wdev_list, list) { 14225 if (tmp->identifier == cb->args[1] - 1) { 14226 *wdev = tmp; 14227 break; 14228 } 14229 } 14230 } 14231 14232 /* keep rtnl locked in successful case */ 14233 return 0; 14234 } 14235 14236 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL); 14237 if (!attrbuf) 14238 return -ENOMEM; 14239 14240 err = nlmsg_parse_deprecated(cb->nlh, 14241 GENL_HDRLEN + nl80211_fam.hdrsize, 14242 attrbuf, nl80211_fam.maxattr, 14243 nl80211_policy, NULL); 14244 if (err) 14245 goto out; 14246 14247 if (!attrbuf[NL80211_ATTR_VENDOR_ID] || 14248 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) { 14249 err = -EINVAL; 14250 goto out; 14251 } 14252 14253 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf); 14254 if (IS_ERR(*wdev)) 14255 *wdev = NULL; 14256 14257 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf); 14258 if (IS_ERR(*rdev)) { 14259 err = PTR_ERR(*rdev); 14260 goto out; 14261 } 14262 14263 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]); 14264 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]); 14265 14266 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) { 14267 const struct wiphy_vendor_command *vcmd; 14268 14269 vcmd = &(*rdev)->wiphy.vendor_commands[i]; 14270 14271 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd) 14272 continue; 14273 14274 if (!vcmd->dumpit) { 14275 err = -EOPNOTSUPP; 14276 goto out; 14277 } 14278 14279 vcmd_idx = i; 14280 break; 14281 } 14282 14283 if (vcmd_idx < 0) { 14284 err = -EOPNOTSUPP; 14285 goto out; 14286 } 14287 14288 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) { 14289 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]); 14290 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]); 14291 14292 err = nl80211_vendor_check_policy( 14293 &(*rdev)->wiphy.vendor_commands[vcmd_idx], 14294 attrbuf[NL80211_ATTR_VENDOR_DATA], 14295 cb->extack); 14296 if (err) 14297 goto out; 14298 } 14299 14300 /* 0 is the first index - add 1 to parse only once */ 14301 cb->args[0] = (*rdev)->wiphy_idx + 1; 14302 /* add 1 to know if it was NULL */ 14303 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0; 14304 cb->args[2] = vcmd_idx; 14305 cb->args[3] = (unsigned long)data; 14306 cb->args[4] = data_len; 14307 14308 /* keep rtnl locked in successful case */ 14309 err = 0; 14310out: 14311 kfree(attrbuf); 14312 return err; 14313} 14314 14315static int nl80211_vendor_cmd_dump(struct sk_buff *skb, 14316 struct netlink_callback *cb) 14317{ 14318 struct cfg80211_registered_device *rdev; 14319 struct wireless_dev *wdev; 14320 unsigned int vcmd_idx; 14321 const struct wiphy_vendor_command *vcmd; 14322 void *data; 14323 int data_len; 14324 int err; 14325 struct nlattr *vendor_data; 14326 14327 rtnl_lock(); 14328 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev); 14329 if (err) 14330 goto out; 14331 14332 vcmd_idx = cb->args[2]; 14333 data = (void *)cb->args[3]; 14334 data_len = cb->args[4]; 14335 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx]; 14336 14337 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV | 14338 WIPHY_VENDOR_CMD_NEED_NETDEV)) { 14339 if (!wdev) { 14340 err = -EINVAL; 14341 goto out; 14342 } 14343 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV && 14344 !wdev->netdev) { 14345 err = -EINVAL; 14346 goto out; 14347 } 14348 14349 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) { 14350 if (!wdev_running(wdev)) { 14351 err = -ENETDOWN; 14352 goto out; 14353 } 14354 } 14355 } 14356 14357 while (1) { 14358 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 14359 cb->nlh->nlmsg_seq, NLM_F_MULTI, 14360 NL80211_CMD_VENDOR); 14361 if (!hdr) 14362 break; 14363 14364 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14365 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV, 14366 wdev_id(wdev), 14367 NL80211_ATTR_PAD))) { 14368 genlmsg_cancel(skb, hdr); 14369 break; 14370 } 14371 14372 vendor_data = nla_nest_start_noflag(skb, 14373 NL80211_ATTR_VENDOR_DATA); 14374 if (!vendor_data) { 14375 genlmsg_cancel(skb, hdr); 14376 break; 14377 } 14378 14379 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len, 14380 (unsigned long *)&cb->args[5]); 14381 nla_nest_end(skb, vendor_data); 14382 14383 if (err == -ENOBUFS || err == -ENOENT) { 14384 genlmsg_cancel(skb, hdr); 14385 break; 14386 } else if (err <= 0) { 14387 genlmsg_cancel(skb, hdr); 14388 goto out; 14389 } 14390 14391 genlmsg_end(skb, hdr); 14392 } 14393 14394 err = skb->len; 14395 out: 14396 rtnl_unlock(); 14397 return err; 14398} 14399 14400struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy, 14401 enum nl80211_commands cmd, 14402 enum nl80211_attrs attr, 14403 int approxlen) 14404{ 14405 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14406 14407 if (WARN_ON(!rdev->cur_cmd_info)) 14408 return NULL; 14409 14410 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen, 14411 rdev->cur_cmd_info->snd_portid, 14412 rdev->cur_cmd_info->snd_seq, 14413 cmd, attr, NULL, GFP_KERNEL); 14414} 14415EXPORT_SYMBOL(__cfg80211_alloc_reply_skb); 14416 14417int cfg80211_vendor_cmd_reply(struct sk_buff *skb) 14418{ 14419 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 14420 void *hdr = ((void **)skb->cb)[1]; 14421 struct nlattr *data = ((void **)skb->cb)[2]; 14422 14423 /* clear CB data for netlink core to own from now on */ 14424 memset(skb->cb, 0, sizeof(skb->cb)); 14425 14426 if (WARN_ON(!rdev->cur_cmd_info)) { 14427 kfree_skb(skb); 14428 return -EINVAL; 14429 } 14430 14431 nla_nest_end(skb, data); 14432 genlmsg_end(skb, hdr); 14433 return genlmsg_reply(skb, rdev->cur_cmd_info); 14434} 14435EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply); 14436 14437unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy) 14438{ 14439 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14440 14441 if (WARN_ON(!rdev->cur_cmd_info)) 14442 return 0; 14443 14444 return rdev->cur_cmd_info->snd_portid; 14445} 14446EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender); 14447 14448static int nl80211_set_qos_map(struct sk_buff *skb, 14449 struct genl_info *info) 14450{ 14451 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14452 struct cfg80211_qos_map *qos_map = NULL; 14453 struct net_device *dev = info->user_ptr[1]; 14454 u8 *pos, len, num_des, des_len, des; 14455 int ret; 14456 14457 if (!rdev->ops->set_qos_map) 14458 return -EOPNOTSUPP; 14459 14460 if (info->attrs[NL80211_ATTR_QOS_MAP]) { 14461 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]); 14462 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]); 14463 14464 if (len % 2) 14465 return -EINVAL; 14466 14467 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL); 14468 if (!qos_map) 14469 return -ENOMEM; 14470 14471 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1; 14472 if (num_des) { 14473 des_len = num_des * 14474 sizeof(struct cfg80211_dscp_exception); 14475 memcpy(qos_map->dscp_exception, pos, des_len); 14476 qos_map->num_des = num_des; 14477 for (des = 0; des < num_des; des++) { 14478 if (qos_map->dscp_exception[des].up > 7) { 14479 kfree(qos_map); 14480 return -EINVAL; 14481 } 14482 } 14483 pos += des_len; 14484 } 14485 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN); 14486 } 14487 14488 wdev_lock(dev->ieee80211_ptr); 14489 ret = nl80211_key_allowed(dev->ieee80211_ptr); 14490 if (!ret) 14491 ret = rdev_set_qos_map(rdev, dev, qos_map); 14492 wdev_unlock(dev->ieee80211_ptr); 14493 14494 kfree(qos_map); 14495 return ret; 14496} 14497 14498static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info) 14499{ 14500 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14501 struct net_device *dev = info->user_ptr[1]; 14502 struct wireless_dev *wdev = dev->ieee80211_ptr; 14503 const u8 *peer; 14504 u8 tsid, up; 14505 u16 admitted_time = 0; 14506 int err; 14507 14508 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)) 14509 return -EOPNOTSUPP; 14510 14511 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] || 14512 !info->attrs[NL80211_ATTR_USER_PRIO]) 14513 return -EINVAL; 14514 14515 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]); 14516 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]); 14517 14518 /* WMM uses TIDs 0-7 even for TSPEC */ 14519 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) { 14520 /* TODO: handle 802.11 TSPEC/admission control 14521 * need more attributes for that (e.g. BA session requirement); 14522 * change the WMM adminssion test above to allow both then 14523 */ 14524 return -EINVAL; 14525 } 14526 14527 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 14528 14529 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) { 14530 admitted_time = 14531 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]); 14532 if (!admitted_time) 14533 return -EINVAL; 14534 } 14535 14536 wdev_lock(wdev); 14537 switch (wdev->iftype) { 14538 case NL80211_IFTYPE_STATION: 14539 case NL80211_IFTYPE_P2P_CLIENT: 14540 if (wdev->current_bss) 14541 break; 14542 err = -ENOTCONN; 14543 goto out; 14544 default: 14545 err = -EOPNOTSUPP; 14546 goto out; 14547 } 14548 14549 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time); 14550 14551 out: 14552 wdev_unlock(wdev); 14553 return err; 14554} 14555 14556static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info) 14557{ 14558 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14559 struct net_device *dev = info->user_ptr[1]; 14560 struct wireless_dev *wdev = dev->ieee80211_ptr; 14561 const u8 *peer; 14562 u8 tsid; 14563 int err; 14564 14565 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC]) 14566 return -EINVAL; 14567 14568 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]); 14569 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 14570 14571 wdev_lock(wdev); 14572 err = rdev_del_tx_ts(rdev, dev, tsid, peer); 14573 wdev_unlock(wdev); 14574 14575 return err; 14576} 14577 14578static int nl80211_tdls_channel_switch(struct sk_buff *skb, 14579 struct genl_info *info) 14580{ 14581 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14582 struct net_device *dev = info->user_ptr[1]; 14583 struct wireless_dev *wdev = dev->ieee80211_ptr; 14584 struct cfg80211_chan_def chandef = {}; 14585 const u8 *addr; 14586 u8 oper_class; 14587 int err; 14588 14589 if (!rdev->ops->tdls_channel_switch || 14590 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 14591 return -EOPNOTSUPP; 14592 14593 switch (dev->ieee80211_ptr->iftype) { 14594 case NL80211_IFTYPE_STATION: 14595 case NL80211_IFTYPE_P2P_CLIENT: 14596 break; 14597 default: 14598 return -EOPNOTSUPP; 14599 } 14600 14601 if (!info->attrs[NL80211_ATTR_MAC] || 14602 !info->attrs[NL80211_ATTR_OPER_CLASS]) 14603 return -EINVAL; 14604 14605 err = nl80211_parse_chandef(rdev, info, &chandef); 14606 if (err) 14607 return err; 14608 14609 /* 14610 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012 14611 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the 14612 * specification is not defined for them. 14613 */ 14614 if (chandef.chan->band == NL80211_BAND_2GHZ && 14615 chandef.width != NL80211_CHAN_WIDTH_20_NOHT && 14616 chandef.width != NL80211_CHAN_WIDTH_20) 14617 return -EINVAL; 14618 14619 /* we will be active on the TDLS link */ 14620 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef, 14621 wdev->iftype)) 14622 return -EINVAL; 14623 14624 /* don't allow switching to DFS channels */ 14625 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype)) 14626 return -EINVAL; 14627 14628 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 14629 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]); 14630 14631 wdev_lock(wdev); 14632 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef); 14633 wdev_unlock(wdev); 14634 14635 return err; 14636} 14637 14638static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb, 14639 struct genl_info *info) 14640{ 14641 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14642 struct net_device *dev = info->user_ptr[1]; 14643 struct wireless_dev *wdev = dev->ieee80211_ptr; 14644 const u8 *addr; 14645 14646 if (!rdev->ops->tdls_channel_switch || 14647 !rdev->ops->tdls_cancel_channel_switch || 14648 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 14649 return -EOPNOTSUPP; 14650 14651 switch (dev->ieee80211_ptr->iftype) { 14652 case NL80211_IFTYPE_STATION: 14653 case NL80211_IFTYPE_P2P_CLIENT: 14654 break; 14655 default: 14656 return -EOPNOTSUPP; 14657 } 14658 14659 if (!info->attrs[NL80211_ATTR_MAC]) 14660 return -EINVAL; 14661 14662 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 14663 14664 wdev_lock(wdev); 14665 rdev_tdls_cancel_channel_switch(rdev, dev, addr); 14666 wdev_unlock(wdev); 14667 14668 return 0; 14669} 14670 14671static int nl80211_set_multicast_to_unicast(struct sk_buff *skb, 14672 struct genl_info *info) 14673{ 14674 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14675 struct net_device *dev = info->user_ptr[1]; 14676 struct wireless_dev *wdev = dev->ieee80211_ptr; 14677 const struct nlattr *nla; 14678 bool enabled; 14679 14680 if (!rdev->ops->set_multicast_to_unicast) 14681 return -EOPNOTSUPP; 14682 14683 if (wdev->iftype != NL80211_IFTYPE_AP && 14684 wdev->iftype != NL80211_IFTYPE_P2P_GO) 14685 return -EOPNOTSUPP; 14686 14687 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED]; 14688 enabled = nla_get_flag(nla); 14689 14690 return rdev_set_multicast_to_unicast(rdev, dev, enabled); 14691} 14692 14693static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info) 14694{ 14695 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14696 struct net_device *dev = info->user_ptr[1]; 14697 struct wireless_dev *wdev = dev->ieee80211_ptr; 14698 struct cfg80211_pmk_conf pmk_conf = {}; 14699 int ret; 14700 14701 if (wdev->iftype != NL80211_IFTYPE_STATION && 14702 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 14703 return -EOPNOTSUPP; 14704 14705 if (!wiphy_ext_feature_isset(&rdev->wiphy, 14706 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) 14707 return -EOPNOTSUPP; 14708 14709 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK]) 14710 return -EINVAL; 14711 14712 wdev_lock(wdev); 14713 if (!wdev->current_bss) { 14714 ret = -ENOTCONN; 14715 goto out; 14716 } 14717 14718 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]); 14719 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) { 14720 ret = -EINVAL; 14721 goto out; 14722 } 14723 14724 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]); 14725 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]); 14726 if (pmk_conf.pmk_len != WLAN_PMK_LEN && 14727 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) { 14728 ret = -EINVAL; 14729 goto out; 14730 } 14731 14732 if (info->attrs[NL80211_ATTR_PMKR0_NAME]) 14733 pmk_conf.pmk_r0_name = 14734 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]); 14735 14736 ret = rdev_set_pmk(rdev, dev, &pmk_conf); 14737out: 14738 wdev_unlock(wdev); 14739 return ret; 14740} 14741 14742static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info) 14743{ 14744 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14745 struct net_device *dev = info->user_ptr[1]; 14746 struct wireless_dev *wdev = dev->ieee80211_ptr; 14747 const u8 *aa; 14748 int ret; 14749 14750 if (wdev->iftype != NL80211_IFTYPE_STATION && 14751 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 14752 return -EOPNOTSUPP; 14753 14754 if (!wiphy_ext_feature_isset(&rdev->wiphy, 14755 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) 14756 return -EOPNOTSUPP; 14757 14758 if (!info->attrs[NL80211_ATTR_MAC]) 14759 return -EINVAL; 14760 14761 wdev_lock(wdev); 14762 aa = nla_data(info->attrs[NL80211_ATTR_MAC]); 14763 ret = rdev_del_pmk(rdev, dev, aa); 14764 wdev_unlock(wdev); 14765 14766 return ret; 14767} 14768 14769static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info) 14770{ 14771 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14772 struct net_device *dev = info->user_ptr[1]; 14773 struct cfg80211_external_auth_params params; 14774 14775 if (!rdev->ops->external_auth) 14776 return -EOPNOTSUPP; 14777 14778 if (!info->attrs[NL80211_ATTR_SSID] && 14779 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 14780 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 14781 return -EINVAL; 14782 14783 if (!info->attrs[NL80211_ATTR_BSSID]) 14784 return -EINVAL; 14785 14786 if (!info->attrs[NL80211_ATTR_STATUS_CODE]) 14787 return -EINVAL; 14788 14789 memset(¶ms, 0, sizeof(params)); 14790 14791 if (info->attrs[NL80211_ATTR_SSID]) { 14792 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 14793 if (params.ssid.ssid_len == 0) 14794 return -EINVAL; 14795 memcpy(params.ssid.ssid, 14796 nla_data(info->attrs[NL80211_ATTR_SSID]), 14797 params.ssid.ssid_len); 14798 } 14799 14800 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]), 14801 ETH_ALEN); 14802 14803 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 14804 14805 if (info->attrs[NL80211_ATTR_PMKID]) 14806 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 14807 14808 return rdev_external_auth(rdev, dev, ¶ms); 14809} 14810 14811static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info) 14812{ 14813 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK]; 14814 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14815 struct net_device *dev = info->user_ptr[1]; 14816 struct wireless_dev *wdev = dev->ieee80211_ptr; 14817 const u8 *buf; 14818 size_t len; 14819 u8 *dest; 14820 u16 proto; 14821 bool noencrypt; 14822 u64 cookie = 0; 14823 int err; 14824 14825 if (!wiphy_ext_feature_isset(&rdev->wiphy, 14826 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) 14827 return -EOPNOTSUPP; 14828 14829 if (!rdev->ops->tx_control_port) 14830 return -EOPNOTSUPP; 14831 14832 if (!info->attrs[NL80211_ATTR_FRAME] || 14833 !info->attrs[NL80211_ATTR_MAC] || 14834 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 14835 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing"); 14836 return -EINVAL; 14837 } 14838 14839 wdev_lock(wdev); 14840 14841 switch (wdev->iftype) { 14842 case NL80211_IFTYPE_AP: 14843 case NL80211_IFTYPE_P2P_GO: 14844 case NL80211_IFTYPE_MESH_POINT: 14845 break; 14846 case NL80211_IFTYPE_ADHOC: 14847 case NL80211_IFTYPE_STATION: 14848 case NL80211_IFTYPE_P2P_CLIENT: 14849 if (wdev->current_bss) 14850 break; 14851 err = -ENOTCONN; 14852 goto out; 14853 default: 14854 err = -EOPNOTSUPP; 14855 goto out; 14856 } 14857 14858 wdev_unlock(wdev); 14859 14860 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); 14861 len = nla_len(info->attrs[NL80211_ATTR_FRAME]); 14862 dest = nla_data(info->attrs[NL80211_ATTR_MAC]); 14863 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 14864 noencrypt = 14865 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]); 14866 14867 err = rdev_tx_control_port(rdev, dev, buf, len, 14868 dest, cpu_to_be16(proto), noencrypt, 14869 dont_wait_for_ack ? NULL : &cookie); 14870 if (!err && !dont_wait_for_ack) 14871 nl_set_extack_cookie_u64(info->extack, cookie); 14872 return err; 14873 out: 14874 wdev_unlock(wdev); 14875 return err; 14876} 14877 14878static int nl80211_get_ftm_responder_stats(struct sk_buff *skb, 14879 struct genl_info *info) 14880{ 14881 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14882 struct net_device *dev = info->user_ptr[1]; 14883 struct wireless_dev *wdev = dev->ieee80211_ptr; 14884 struct cfg80211_ftm_responder_stats ftm_stats = {}; 14885 struct sk_buff *msg; 14886 void *hdr; 14887 struct nlattr *ftm_stats_attr; 14888 int err; 14889 14890 if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval) 14891 return -EOPNOTSUPP; 14892 14893 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats); 14894 if (err) 14895 return err; 14896 14897 if (!ftm_stats.filled) 14898 return -ENODATA; 14899 14900 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14901 if (!msg) 14902 return -ENOMEM; 14903 14904 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 14905 NL80211_CMD_GET_FTM_RESPONDER_STATS); 14906 if (!hdr) 14907 goto nla_put_failure; 14908 14909 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 14910 goto nla_put_failure; 14911 14912 ftm_stats_attr = nla_nest_start_noflag(msg, 14913 NL80211_ATTR_FTM_RESPONDER_STATS); 14914 if (!ftm_stats_attr) 14915 goto nla_put_failure; 14916 14917#define SET_FTM(field, name, type) \ 14918 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \ 14919 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \ 14920 ftm_stats.field)) \ 14921 goto nla_put_failure; } while (0) 14922#define SET_FTM_U64(field, name) \ 14923 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \ 14924 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \ 14925 ftm_stats.field, NL80211_FTM_STATS_PAD)) \ 14926 goto nla_put_failure; } while (0) 14927 14928 SET_FTM(success_num, SUCCESS_NUM, u32); 14929 SET_FTM(partial_num, PARTIAL_NUM, u32); 14930 SET_FTM(failed_num, FAILED_NUM, u32); 14931 SET_FTM(asap_num, ASAP_NUM, u32); 14932 SET_FTM(non_asap_num, NON_ASAP_NUM, u32); 14933 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC); 14934 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32); 14935 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32); 14936 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32); 14937#undef SET_FTM 14938 14939 nla_nest_end(msg, ftm_stats_attr); 14940 14941 genlmsg_end(msg, hdr); 14942 return genlmsg_reply(msg, info); 14943 14944nla_put_failure: 14945 nlmsg_free(msg); 14946 return -ENOBUFS; 14947} 14948 14949static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info) 14950{ 14951 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14952 struct cfg80211_update_owe_info owe_info; 14953 struct net_device *dev = info->user_ptr[1]; 14954 14955 if (!rdev->ops->update_owe_info) 14956 return -EOPNOTSUPP; 14957 14958 if (!info->attrs[NL80211_ATTR_STATUS_CODE] || 14959 !info->attrs[NL80211_ATTR_MAC]) 14960 return -EINVAL; 14961 14962 memset(&owe_info, 0, sizeof(owe_info)); 14963 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 14964 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN); 14965 14966 if (info->attrs[NL80211_ATTR_IE]) { 14967 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 14968 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 14969 } 14970 14971 return rdev_update_owe_info(rdev, dev, &owe_info); 14972} 14973 14974static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info) 14975{ 14976 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14977 struct net_device *dev = info->user_ptr[1]; 14978 struct wireless_dev *wdev = dev->ieee80211_ptr; 14979 struct station_info sinfo = {}; 14980 const u8 *buf; 14981 size_t len; 14982 u8 *dest; 14983 int err; 14984 14985 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station) 14986 return -EOPNOTSUPP; 14987 14988 if (!info->attrs[NL80211_ATTR_MAC] || 14989 !info->attrs[NL80211_ATTR_FRAME]) { 14990 GENL_SET_ERR_MSG(info, "Frame or MAC missing"); 14991 return -EINVAL; 14992 } 14993 14994 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 14995 return -EOPNOTSUPP; 14996 14997 dest = nla_data(info->attrs[NL80211_ATTR_MAC]); 14998 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); 14999 len = nla_len(info->attrs[NL80211_ATTR_FRAME]); 15000 15001 if (len < sizeof(struct ethhdr)) 15002 return -EINVAL; 15003 15004 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) || 15005 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr)) 15006 return -EINVAL; 15007 15008 err = rdev_get_station(rdev, dev, dest, &sinfo); 15009 if (err) 15010 return err; 15011 15012 cfg80211_sinfo_release_content(&sinfo); 15013 15014 return rdev_probe_mesh_link(rdev, dev, dest, buf, len); 15015} 15016 15017static int parse_tid_conf(struct cfg80211_registered_device *rdev, 15018 struct nlattr *attrs[], struct net_device *dev, 15019 struct cfg80211_tid_cfg *tid_conf, 15020 struct genl_info *info, const u8 *peer) 15021{ 15022 struct netlink_ext_ack *extack = info->extack; 15023 u64 mask; 15024 int err; 15025 15026 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS]) 15027 return -EINVAL; 15028 15029 tid_conf->config_override = 15030 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]); 15031 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]); 15032 15033 if (tid_conf->config_override) { 15034 if (rdev->ops->reset_tid_config) { 15035 err = rdev_reset_tid_config(rdev, dev, peer, 15036 tid_conf->tids); 15037 if (err) 15038 return err; 15039 } else { 15040 return -EINVAL; 15041 } 15042 } 15043 15044 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) { 15045 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK); 15046 tid_conf->noack = 15047 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]); 15048 } 15049 15050 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) { 15051 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT); 15052 tid_conf->retry_short = 15053 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]); 15054 15055 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count) 15056 return -EINVAL; 15057 } 15058 15059 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) { 15060 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG); 15061 tid_conf->retry_long = 15062 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]); 15063 15064 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count) 15065 return -EINVAL; 15066 } 15067 15068 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) { 15069 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL); 15070 tid_conf->ampdu = 15071 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]); 15072 } 15073 15074 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) { 15075 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL); 15076 tid_conf->rtscts = 15077 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]); 15078 } 15079 15080 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) { 15081 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL); 15082 tid_conf->amsdu = 15083 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]); 15084 } 15085 15086 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) { 15087 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr; 15088 15089 tid_conf->txrate_type = nla_get_u8(attrs[idx]); 15090 15091 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) { 15092 attr = NL80211_TID_CONFIG_ATTR_TX_RATE; 15093 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr, 15094 &tid_conf->txrate_mask, dev, 15095 true); 15096 if (err) 15097 return err; 15098 15099 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE); 15100 } 15101 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE); 15102 } 15103 15104 if (peer) 15105 mask = rdev->wiphy.tid_config_support.peer; 15106 else 15107 mask = rdev->wiphy.tid_config_support.vif; 15108 15109 if (tid_conf->mask & ~mask) { 15110 NL_SET_ERR_MSG(extack, "unsupported TID configuration"); 15111 return -ENOTSUPP; 15112 } 15113 15114 return 0; 15115} 15116 15117static int nl80211_set_tid_config(struct sk_buff *skb, 15118 struct genl_info *info) 15119{ 15120 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15121 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1]; 15122 struct net_device *dev = info->user_ptr[1]; 15123 struct cfg80211_tid_config *tid_config; 15124 struct nlattr *tid; 15125 int conf_idx = 0, rem_conf; 15126 int ret = -EINVAL; 15127 u32 num_conf = 0; 15128 15129 if (!info->attrs[NL80211_ATTR_TID_CONFIG]) 15130 return -EINVAL; 15131 15132 if (!rdev->ops->set_tid_config) 15133 return -EOPNOTSUPP; 15134 15135 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG], 15136 rem_conf) 15137 num_conf++; 15138 15139 tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf), 15140 GFP_KERNEL); 15141 if (!tid_config) 15142 return -ENOMEM; 15143 15144 tid_config->n_tid_conf = num_conf; 15145 15146 if (info->attrs[NL80211_ATTR_MAC]) 15147 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 15148 15149 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG], 15150 rem_conf) { 15151 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX, 15152 tid, NULL, NULL); 15153 15154 if (ret) 15155 goto bad_tid_conf; 15156 15157 ret = parse_tid_conf(rdev, attrs, dev, 15158 &tid_config->tid_conf[conf_idx], 15159 info, tid_config->peer); 15160 if (ret) 15161 goto bad_tid_conf; 15162 15163 conf_idx++; 15164 } 15165 15166 ret = rdev_set_tid_config(rdev, dev, tid_config); 15167 15168bad_tid_conf: 15169 kfree(tid_config); 15170 return ret; 15171} 15172 15173static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info) 15174{ 15175 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15176 struct cfg80211_color_change_settings params = {}; 15177 struct net_device *dev = info->user_ptr[1]; 15178 struct wireless_dev *wdev = dev->ieee80211_ptr; 15179 struct nlattr **tb; 15180 u16 offset; 15181 int err; 15182 15183 if (!rdev->ops->color_change) 15184 return -EOPNOTSUPP; 15185 15186 if (!wiphy_ext_feature_isset(&rdev->wiphy, 15187 NL80211_EXT_FEATURE_BSS_COLOR)) 15188 return -EOPNOTSUPP; 15189 15190 if (wdev->iftype != NL80211_IFTYPE_AP) 15191 return -EOPNOTSUPP; 15192 15193 if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] || 15194 !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] || 15195 !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS]) 15196 return -EINVAL; 15197 15198 params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]); 15199 params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]); 15200 15201 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_next); 15202 if (err) 15203 return err; 15204 15205 tb = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*tb), GFP_KERNEL); 15206 if (!tb) 15207 return -ENOMEM; 15208 15209 err = nla_parse_nested(tb, NL80211_ATTR_MAX, 15210 info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS], 15211 nl80211_policy, info->extack); 15212 if (err) 15213 goto out; 15214 15215 err = nl80211_parse_beacon(rdev, tb, ¶ms.beacon_color_change); 15216 if (err) 15217 goto out; 15218 15219 if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) { 15220 err = -EINVAL; 15221 goto out; 15222 } 15223 15224 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) { 15225 err = -EINVAL; 15226 goto out; 15227 } 15228 15229 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]); 15230 if (offset >= params.beacon_color_change.tail_len) { 15231 err = -EINVAL; 15232 goto out; 15233 } 15234 15235 if (params.beacon_color_change.tail[offset] != params.count) { 15236 err = -EINVAL; 15237 goto out; 15238 } 15239 15240 params.counter_offset_beacon = offset; 15241 15242 if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) { 15243 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) != 15244 sizeof(u16)) { 15245 err = -EINVAL; 15246 goto out; 15247 } 15248 15249 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]); 15250 if (offset >= params.beacon_color_change.probe_resp_len) { 15251 err = -EINVAL; 15252 goto out; 15253 } 15254 15255 if (params.beacon_color_change.probe_resp[offset] != 15256 params.count) { 15257 err = -EINVAL; 15258 goto out; 15259 } 15260 15261 params.counter_offset_presp = offset; 15262 } 15263 15264 wdev_lock(wdev); 15265 err = rdev_color_change(rdev, dev, ¶ms); 15266 wdev_unlock(wdev); 15267 15268out: 15269 kfree(params.beacon_next.mbssid_ies); 15270 kfree(params.beacon_color_change.mbssid_ies); 15271 kfree(tb); 15272 return err; 15273} 15274 15275static int nl80211_set_fils_aad(struct sk_buff *skb, 15276 struct genl_info *info) 15277{ 15278 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15279 struct net_device *dev = info->user_ptr[1]; 15280 struct cfg80211_fils_aad fils_aad = {}; 15281 u8 *nonces; 15282 15283 if (!info->attrs[NL80211_ATTR_MAC] || 15284 !info->attrs[NL80211_ATTR_FILS_KEK] || 15285 !info->attrs[NL80211_ATTR_FILS_NONCES]) 15286 return -EINVAL; 15287 15288 fils_aad.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]); 15289 fils_aad.kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]); 15290 fils_aad.kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]); 15291 nonces = nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]); 15292 fils_aad.snonce = nonces; 15293 fils_aad.anonce = nonces + FILS_NONCE_LEN; 15294 15295 return rdev_set_fils_aad(rdev, dev, &fils_aad); 15296} 15297 15298#define NL80211_FLAG_NEED_WIPHY 0x01 15299#define NL80211_FLAG_NEED_NETDEV 0x02 15300#define NL80211_FLAG_NEED_RTNL 0x04 15301#define NL80211_FLAG_CHECK_NETDEV_UP 0x08 15302#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 15303 NL80211_FLAG_CHECK_NETDEV_UP) 15304#define NL80211_FLAG_NEED_WDEV 0x10 15305/* If a netdev is associated, it must be UP, P2P must be started */ 15306#define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ 15307 NL80211_FLAG_CHECK_NETDEV_UP) 15308#define NL80211_FLAG_CLEAR_SKB 0x20 15309#define NL80211_FLAG_NO_WIPHY_MTX 0x40 15310 15311#define INTERNAL_FLAG_SELECTORS(__sel) \ 15312 SELECTOR(__sel, NONE, 0) /* must be first */ \ 15313 SELECTOR(__sel, WIPHY, \ 15314 NL80211_FLAG_NEED_WIPHY) \ 15315 SELECTOR(__sel, WDEV, \ 15316 NL80211_FLAG_NEED_WDEV) \ 15317 SELECTOR(__sel, NETDEV, \ 15318 NL80211_FLAG_NEED_NETDEV) \ 15319 SELECTOR(__sel, WIPHY_RTNL, \ 15320 NL80211_FLAG_NEED_WIPHY | \ 15321 NL80211_FLAG_NEED_RTNL) \ 15322 SELECTOR(__sel, WIPHY_RTNL_NOMTX, \ 15323 NL80211_FLAG_NEED_WIPHY | \ 15324 NL80211_FLAG_NEED_RTNL | \ 15325 NL80211_FLAG_NO_WIPHY_MTX) \ 15326 SELECTOR(__sel, WDEV_RTNL, \ 15327 NL80211_FLAG_NEED_WDEV | \ 15328 NL80211_FLAG_NEED_RTNL) \ 15329 SELECTOR(__sel, NETDEV_RTNL, \ 15330 NL80211_FLAG_NEED_NETDEV | \ 15331 NL80211_FLAG_NEED_RTNL) \ 15332 SELECTOR(__sel, NETDEV_UP, \ 15333 NL80211_FLAG_NEED_NETDEV_UP) \ 15334 SELECTOR(__sel, NETDEV_UP_NOTMX, \ 15335 NL80211_FLAG_NEED_NETDEV_UP | \ 15336 NL80211_FLAG_NO_WIPHY_MTX) \ 15337 SELECTOR(__sel, NETDEV_UP_CLEAR, \ 15338 NL80211_FLAG_NEED_NETDEV_UP | \ 15339 NL80211_FLAG_CLEAR_SKB) \ 15340 SELECTOR(__sel, WDEV_UP, \ 15341 NL80211_FLAG_NEED_WDEV_UP) \ 15342 SELECTOR(__sel, WDEV_UP_RTNL, \ 15343 NL80211_FLAG_NEED_WDEV_UP | \ 15344 NL80211_FLAG_NEED_RTNL) \ 15345 SELECTOR(__sel, WIPHY_CLEAR, \ 15346 NL80211_FLAG_NEED_WIPHY | \ 15347 NL80211_FLAG_CLEAR_SKB) 15348 15349enum nl80211_internal_flags_selector { 15350#define SELECTOR(_, name, value) NL80211_IFL_SEL_##name, 15351 INTERNAL_FLAG_SELECTORS(_) 15352#undef SELECTOR 15353}; 15354 15355static u32 nl80211_internal_flags[] = { 15356#define SELECTOR(_, name, value) [NL80211_IFL_SEL_##name] = value, 15357 INTERNAL_FLAG_SELECTORS(_) 15358#undef SELECTOR 15359}; 15360 15361static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb, 15362 struct genl_info *info) 15363{ 15364 struct cfg80211_registered_device *rdev = NULL; 15365 struct wireless_dev *wdev; 15366 struct net_device *dev; 15367 u32 internal_flags; 15368 15369 if (WARN_ON(ops->internal_flags >= ARRAY_SIZE(nl80211_internal_flags))) 15370 return -EINVAL; 15371 15372 internal_flags = nl80211_internal_flags[ops->internal_flags]; 15373 15374 rtnl_lock(); 15375 if (internal_flags & NL80211_FLAG_NEED_WIPHY) { 15376 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 15377 if (IS_ERR(rdev)) { 15378 rtnl_unlock(); 15379 return PTR_ERR(rdev); 15380 } 15381 info->user_ptr[0] = rdev; 15382 } else if (internal_flags & NL80211_FLAG_NEED_NETDEV || 15383 internal_flags & NL80211_FLAG_NEED_WDEV) { 15384 wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info), 15385 info->attrs); 15386 if (IS_ERR(wdev)) { 15387 rtnl_unlock(); 15388 return PTR_ERR(wdev); 15389 } 15390 15391 dev = wdev->netdev; 15392 rdev = wiphy_to_rdev(wdev->wiphy); 15393 15394 if (internal_flags & NL80211_FLAG_NEED_NETDEV) { 15395 if (!dev) { 15396 rtnl_unlock(); 15397 return -EINVAL; 15398 } 15399 15400 info->user_ptr[1] = dev; 15401 } else { 15402 info->user_ptr[1] = wdev; 15403 } 15404 15405 if (internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 15406 !wdev_running(wdev)) { 15407 rtnl_unlock(); 15408 return -ENETDOWN; 15409 } 15410 15411 dev_hold(dev); 15412 info->user_ptr[0] = rdev; 15413 } 15414 15415 if (rdev && !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) { 15416 wiphy_lock(&rdev->wiphy); 15417 /* we keep the mutex locked until post_doit */ 15418 __release(&rdev->wiphy.mtx); 15419 } 15420 if (!(internal_flags & NL80211_FLAG_NEED_RTNL)) 15421 rtnl_unlock(); 15422 15423 return 0; 15424} 15425 15426static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb, 15427 struct genl_info *info) 15428{ 15429 u32 internal_flags = nl80211_internal_flags[ops->internal_flags]; 15430 15431 if (info->user_ptr[1]) { 15432 if (internal_flags & NL80211_FLAG_NEED_WDEV) { 15433 struct wireless_dev *wdev = info->user_ptr[1]; 15434 15435 dev_put(wdev->netdev); 15436 } else { 15437 dev_put(info->user_ptr[1]); 15438 } 15439 } 15440 15441 if (info->user_ptr[0] && 15442 !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) { 15443 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15444 15445 /* we kept the mutex locked since pre_doit */ 15446 __acquire(&rdev->wiphy.mtx); 15447 wiphy_unlock(&rdev->wiphy); 15448 } 15449 15450 if (internal_flags & NL80211_FLAG_NEED_RTNL) 15451 rtnl_unlock(); 15452 15453 /* If needed, clear the netlink message payload from the SKB 15454 * as it might contain key data that shouldn't stick around on 15455 * the heap after the SKB is freed. The netlink message header 15456 * is still needed for further processing, so leave it intact. 15457 */ 15458 if (internal_flags & NL80211_FLAG_CLEAR_SKB) { 15459 struct nlmsghdr *nlh = nlmsg_hdr(skb); 15460 15461 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh)); 15462 } 15463} 15464 15465static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev, 15466 struct cfg80211_sar_specs *sar_specs, 15467 struct nlattr *spec[], int index) 15468{ 15469 u32 range_index, i; 15470 15471 if (!sar_specs || !spec) 15472 return -EINVAL; 15473 15474 if (!spec[NL80211_SAR_ATTR_SPECS_POWER] || 15475 !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]) 15476 return -EINVAL; 15477 15478 range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]); 15479 15480 /* check if range_index exceeds num_freq_ranges */ 15481 if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges) 15482 return -EINVAL; 15483 15484 /* check if range_index duplicates */ 15485 for (i = 0; i < index; i++) { 15486 if (sar_specs->sub_specs[i].freq_range_index == range_index) 15487 return -EINVAL; 15488 } 15489 15490 sar_specs->sub_specs[index].power = 15491 nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]); 15492 15493 sar_specs->sub_specs[index].freq_range_index = range_index; 15494 15495 return 0; 15496} 15497 15498static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info) 15499{ 15500 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15501 struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1]; 15502 struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1]; 15503 struct cfg80211_sar_specs *sar_spec; 15504 enum nl80211_sar_type type; 15505 struct nlattr *spec_list; 15506 u32 specs; 15507 int rem, err; 15508 15509 if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs) 15510 return -EOPNOTSUPP; 15511 15512 if (!info->attrs[NL80211_ATTR_SAR_SPEC]) 15513 return -EINVAL; 15514 15515 nla_parse_nested(tb, NL80211_SAR_ATTR_MAX, 15516 info->attrs[NL80211_ATTR_SAR_SPEC], 15517 NULL, NULL); 15518 15519 if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS]) 15520 return -EINVAL; 15521 15522 type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]); 15523 if (type != rdev->wiphy.sar_capa->type) 15524 return -EINVAL; 15525 15526 specs = 0; 15527 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) 15528 specs++; 15529 15530 if (specs > rdev->wiphy.sar_capa->num_freq_ranges) 15531 return -EINVAL; 15532 15533 sar_spec = kzalloc(struct_size(sar_spec, sub_specs, specs), GFP_KERNEL); 15534 if (!sar_spec) 15535 return -ENOMEM; 15536 15537 sar_spec->type = type; 15538 specs = 0; 15539 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) { 15540 nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX, 15541 spec_list, NULL, NULL); 15542 15543 switch (type) { 15544 case NL80211_SAR_TYPE_POWER: 15545 if (nl80211_set_sar_sub_specs(rdev, sar_spec, 15546 spec, specs)) { 15547 err = -EINVAL; 15548 goto error; 15549 } 15550 break; 15551 default: 15552 err = -EINVAL; 15553 goto error; 15554 } 15555 specs++; 15556 } 15557 15558 sar_spec->num_sub_specs = specs; 15559 15560 rdev->cur_cmd_info = info; 15561 err = rdev_set_sar_specs(rdev, sar_spec); 15562 rdev->cur_cmd_info = NULL; 15563error: 15564 kfree(sar_spec); 15565 return err; 15566} 15567 15568#define SELECTOR(__sel, name, value) \ 15569 ((__sel) == (value)) ? NL80211_IFL_SEL_##name : 15570int __missing_selector(void); 15571#define IFLAGS(__val) INTERNAL_FLAG_SELECTORS(__val) __missing_selector() 15572 15573static const struct genl_ops nl80211_ops[] = { 15574 { 15575 .cmd = NL80211_CMD_GET_WIPHY, 15576 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15577 .doit = nl80211_get_wiphy, 15578 .dumpit = nl80211_dump_wiphy, 15579 .done = nl80211_dump_wiphy_done, 15580 /* can be retrieved by unprivileged users */ 15581 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 15582 }, 15583}; 15584 15585static const struct genl_small_ops nl80211_small_ops[] = { 15586 { 15587 .cmd = NL80211_CMD_SET_WIPHY, 15588 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15589 .doit = nl80211_set_wiphy, 15590 .flags = GENL_UNS_ADMIN_PERM, 15591 }, 15592 { 15593 .cmd = NL80211_CMD_GET_INTERFACE, 15594 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15595 .doit = nl80211_get_interface, 15596 .dumpit = nl80211_dump_interface, 15597 /* can be retrieved by unprivileged users */ 15598 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV), 15599 }, 15600 { 15601 .cmd = NL80211_CMD_SET_INTERFACE, 15602 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15603 .doit = nl80211_set_interface, 15604 .flags = GENL_UNS_ADMIN_PERM, 15605 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV | 15606 NL80211_FLAG_NEED_RTNL), 15607 }, 15608 { 15609 .cmd = NL80211_CMD_NEW_INTERFACE, 15610 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15611 .doit = nl80211_new_interface, 15612 .flags = GENL_UNS_ADMIN_PERM, 15613 .internal_flags = 15614 IFLAGS(NL80211_FLAG_NEED_WIPHY | 15615 NL80211_FLAG_NEED_RTNL | 15616 /* we take the wiphy mutex later ourselves */ 15617 NL80211_FLAG_NO_WIPHY_MTX), 15618 }, 15619 { 15620 .cmd = NL80211_CMD_DEL_INTERFACE, 15621 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15622 .doit = nl80211_del_interface, 15623 .flags = GENL_UNS_ADMIN_PERM, 15624 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV | 15625 NL80211_FLAG_NEED_RTNL), 15626 }, 15627 { 15628 .cmd = NL80211_CMD_GET_KEY, 15629 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15630 .doit = nl80211_get_key, 15631 .flags = GENL_UNS_ADMIN_PERM, 15632 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15633 }, 15634 { 15635 .cmd = NL80211_CMD_SET_KEY, 15636 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15637 .doit = nl80211_set_key, 15638 .flags = GENL_UNS_ADMIN_PERM, 15639 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 15640 NL80211_FLAG_CLEAR_SKB), 15641 }, 15642 { 15643 .cmd = NL80211_CMD_NEW_KEY, 15644 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15645 .doit = nl80211_new_key, 15646 .flags = GENL_UNS_ADMIN_PERM, 15647 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 15648 NL80211_FLAG_CLEAR_SKB), 15649 }, 15650 { 15651 .cmd = NL80211_CMD_DEL_KEY, 15652 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15653 .doit = nl80211_del_key, 15654 .flags = GENL_UNS_ADMIN_PERM, 15655 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15656 }, 15657 { 15658 .cmd = NL80211_CMD_SET_BEACON, 15659 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15660 .flags = GENL_UNS_ADMIN_PERM, 15661 .doit = nl80211_set_beacon, 15662 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15663 }, 15664 { 15665 .cmd = NL80211_CMD_START_AP, 15666 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15667 .flags = GENL_UNS_ADMIN_PERM, 15668 .doit = nl80211_start_ap, 15669 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15670 }, 15671 { 15672 .cmd = NL80211_CMD_STOP_AP, 15673 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15674 .flags = GENL_UNS_ADMIN_PERM, 15675 .doit = nl80211_stop_ap, 15676 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15677 }, 15678 { 15679 .cmd = NL80211_CMD_GET_STATION, 15680 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15681 .doit = nl80211_get_station, 15682 .dumpit = nl80211_dump_station, 15683 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 15684 }, 15685 { 15686 .cmd = NL80211_CMD_SET_STATION, 15687 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15688 .doit = nl80211_set_station, 15689 .flags = GENL_UNS_ADMIN_PERM, 15690 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15691 }, 15692 { 15693 .cmd = NL80211_CMD_NEW_STATION, 15694 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15695 .doit = nl80211_new_station, 15696 .flags = GENL_UNS_ADMIN_PERM, 15697 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15698 }, 15699 { 15700 .cmd = NL80211_CMD_DEL_STATION, 15701 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15702 .doit = nl80211_del_station, 15703 .flags = GENL_UNS_ADMIN_PERM, 15704 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15705 }, 15706 { 15707 .cmd = NL80211_CMD_GET_MPATH, 15708 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15709 .doit = nl80211_get_mpath, 15710 .dumpit = nl80211_dump_mpath, 15711 .flags = GENL_UNS_ADMIN_PERM, 15712 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15713 }, 15714 { 15715 .cmd = NL80211_CMD_GET_MPP, 15716 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15717 .doit = nl80211_get_mpp, 15718 .dumpit = nl80211_dump_mpp, 15719 .flags = GENL_UNS_ADMIN_PERM, 15720 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15721 }, 15722 { 15723 .cmd = NL80211_CMD_SET_MPATH, 15724 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15725 .doit = nl80211_set_mpath, 15726 .flags = GENL_UNS_ADMIN_PERM, 15727 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15728 }, 15729 { 15730 .cmd = NL80211_CMD_NEW_MPATH, 15731 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15732 .doit = nl80211_new_mpath, 15733 .flags = GENL_UNS_ADMIN_PERM, 15734 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15735 }, 15736 { 15737 .cmd = NL80211_CMD_DEL_MPATH, 15738 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15739 .doit = nl80211_del_mpath, 15740 .flags = GENL_UNS_ADMIN_PERM, 15741 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15742 }, 15743 { 15744 .cmd = NL80211_CMD_SET_BSS, 15745 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15746 .doit = nl80211_set_bss, 15747 .flags = GENL_UNS_ADMIN_PERM, 15748 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15749 }, 15750 { 15751 .cmd = NL80211_CMD_GET_REG, 15752 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15753 .doit = nl80211_get_reg_do, 15754 .dumpit = nl80211_get_reg_dump, 15755 /* can be retrieved by unprivileged users */ 15756 }, 15757#ifdef CONFIG_CFG80211_CRDA_SUPPORT 15758 { 15759 .cmd = NL80211_CMD_SET_REG, 15760 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15761 .doit = nl80211_set_reg, 15762 .flags = GENL_ADMIN_PERM, 15763 }, 15764#endif 15765 { 15766 .cmd = NL80211_CMD_REQ_SET_REG, 15767 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15768 .doit = nl80211_req_set_reg, 15769 .flags = GENL_ADMIN_PERM, 15770 }, 15771 { 15772 .cmd = NL80211_CMD_RELOAD_REGDB, 15773 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15774 .doit = nl80211_reload_regdb, 15775 .flags = GENL_ADMIN_PERM, 15776 }, 15777 { 15778 .cmd = NL80211_CMD_GET_MESH_CONFIG, 15779 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15780 .doit = nl80211_get_mesh_config, 15781 /* can be retrieved by unprivileged users */ 15782 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15783 }, 15784 { 15785 .cmd = NL80211_CMD_SET_MESH_CONFIG, 15786 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15787 .doit = nl80211_update_mesh_config, 15788 .flags = GENL_UNS_ADMIN_PERM, 15789 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15790 }, 15791 { 15792 .cmd = NL80211_CMD_TRIGGER_SCAN, 15793 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15794 .doit = nl80211_trigger_scan, 15795 .flags = GENL_UNS_ADMIN_PERM, 15796 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 15797 }, 15798 { 15799 .cmd = NL80211_CMD_ABORT_SCAN, 15800 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15801 .doit = nl80211_abort_scan, 15802 .flags = GENL_UNS_ADMIN_PERM, 15803 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 15804 }, 15805 { 15806 .cmd = NL80211_CMD_GET_SCAN, 15807 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15808 .dumpit = nl80211_dump_scan, 15809 }, 15810 { 15811 .cmd = NL80211_CMD_START_SCHED_SCAN, 15812 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15813 .doit = nl80211_start_sched_scan, 15814 .flags = GENL_UNS_ADMIN_PERM, 15815 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15816 }, 15817 { 15818 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 15819 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15820 .doit = nl80211_stop_sched_scan, 15821 .flags = GENL_UNS_ADMIN_PERM, 15822 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15823 }, 15824 { 15825 .cmd = NL80211_CMD_AUTHENTICATE, 15826 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15827 .doit = nl80211_authenticate, 15828 .flags = GENL_UNS_ADMIN_PERM, 15829 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 15830 NL80211_FLAG_CLEAR_SKB), 15831 }, 15832 { 15833 .cmd = NL80211_CMD_ASSOCIATE, 15834 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15835 .doit = nl80211_associate, 15836 .flags = GENL_UNS_ADMIN_PERM, 15837 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 15838 NL80211_FLAG_CLEAR_SKB), 15839 }, 15840 { 15841 .cmd = NL80211_CMD_DEAUTHENTICATE, 15842 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15843 .doit = nl80211_deauthenticate, 15844 .flags = GENL_UNS_ADMIN_PERM, 15845 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15846 }, 15847 { 15848 .cmd = NL80211_CMD_DISASSOCIATE, 15849 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15850 .doit = nl80211_disassociate, 15851 .flags = GENL_UNS_ADMIN_PERM, 15852 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15853 }, 15854 { 15855 .cmd = NL80211_CMD_JOIN_IBSS, 15856 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15857 .doit = nl80211_join_ibss, 15858 .flags = GENL_UNS_ADMIN_PERM, 15859 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15860 }, 15861 { 15862 .cmd = NL80211_CMD_LEAVE_IBSS, 15863 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15864 .doit = nl80211_leave_ibss, 15865 .flags = GENL_UNS_ADMIN_PERM, 15866 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15867 }, 15868#ifdef CONFIG_NL80211_TESTMODE 15869 { 15870 .cmd = NL80211_CMD_TESTMODE, 15871 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15872 .doit = nl80211_testmode_do, 15873 .dumpit = nl80211_testmode_dump, 15874 .flags = GENL_UNS_ADMIN_PERM, 15875 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 15876 }, 15877#endif 15878 { 15879 .cmd = NL80211_CMD_CONNECT, 15880 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15881 .doit = nl80211_connect, 15882 .flags = GENL_UNS_ADMIN_PERM, 15883 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 15884 NL80211_FLAG_CLEAR_SKB), 15885 }, 15886 { 15887 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS, 15888 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15889 .doit = nl80211_update_connect_params, 15890 .flags = GENL_ADMIN_PERM, 15891 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 15892 NL80211_FLAG_CLEAR_SKB), 15893 }, 15894 { 15895 .cmd = NL80211_CMD_DISCONNECT, 15896 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15897 .doit = nl80211_disconnect, 15898 .flags = GENL_UNS_ADMIN_PERM, 15899 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15900 }, 15901 { 15902 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 15903 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15904 .doit = nl80211_wiphy_netns, 15905 .flags = GENL_UNS_ADMIN_PERM, 15906 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY | 15907 NL80211_FLAG_NEED_RTNL | 15908 NL80211_FLAG_NO_WIPHY_MTX), 15909 }, 15910 { 15911 .cmd = NL80211_CMD_GET_SURVEY, 15912 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15913 .dumpit = nl80211_dump_survey, 15914 }, 15915 { 15916 .cmd = NL80211_CMD_SET_PMKSA, 15917 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15918 .doit = nl80211_setdel_pmksa, 15919 .flags = GENL_UNS_ADMIN_PERM, 15920 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 15921 NL80211_FLAG_CLEAR_SKB), 15922 }, 15923 { 15924 .cmd = NL80211_CMD_DEL_PMKSA, 15925 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15926 .doit = nl80211_setdel_pmksa, 15927 .flags = GENL_UNS_ADMIN_PERM, 15928 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15929 }, 15930 { 15931 .cmd = NL80211_CMD_FLUSH_PMKSA, 15932 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15933 .doit = nl80211_flush_pmksa, 15934 .flags = GENL_UNS_ADMIN_PERM, 15935 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 15936 }, 15937 { 15938 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 15939 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15940 .doit = nl80211_remain_on_channel, 15941 .flags = GENL_UNS_ADMIN_PERM, 15942 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 15943 }, 15944 { 15945 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 15946 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15947 .doit = nl80211_cancel_remain_on_channel, 15948 .flags = GENL_UNS_ADMIN_PERM, 15949 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 15950 }, 15951 { 15952 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 15953 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15954 .doit = nl80211_set_tx_bitrate_mask, 15955 .flags = GENL_UNS_ADMIN_PERM, 15956 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 15957 }, 15958 { 15959 .cmd = NL80211_CMD_REGISTER_FRAME, 15960 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15961 .doit = nl80211_register_mgmt, 15962 .flags = GENL_UNS_ADMIN_PERM, 15963 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV), 15964 }, 15965 { 15966 .cmd = NL80211_CMD_FRAME, 15967 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15968 .doit = nl80211_tx_mgmt, 15969 .flags = GENL_UNS_ADMIN_PERM, 15970 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 15971 }, 15972 { 15973 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 15974 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15975 .doit = nl80211_tx_mgmt_cancel_wait, 15976 .flags = GENL_UNS_ADMIN_PERM, 15977 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 15978 }, 15979 { 15980 .cmd = NL80211_CMD_SET_POWER_SAVE, 15981 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15982 .doit = nl80211_set_power_save, 15983 .flags = GENL_UNS_ADMIN_PERM, 15984 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 15985 }, 15986 { 15987 .cmd = NL80211_CMD_GET_POWER_SAVE, 15988 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15989 .doit = nl80211_get_power_save, 15990 /* can be retrieved by unprivileged users */ 15991 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 15992 }, 15993 { 15994 .cmd = NL80211_CMD_SET_CQM, 15995 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 15996 .doit = nl80211_set_cqm, 15997 .flags = GENL_UNS_ADMIN_PERM, 15998 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 15999 }, 16000 { 16001 .cmd = NL80211_CMD_SET_CHANNEL, 16002 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16003 .doit = nl80211_set_channel, 16004 .flags = GENL_UNS_ADMIN_PERM, 16005 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 16006 }, 16007 { 16008 .cmd = NL80211_CMD_JOIN_MESH, 16009 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16010 .doit = nl80211_join_mesh, 16011 .flags = GENL_UNS_ADMIN_PERM, 16012 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16013 }, 16014 { 16015 .cmd = NL80211_CMD_LEAVE_MESH, 16016 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16017 .doit = nl80211_leave_mesh, 16018 .flags = GENL_UNS_ADMIN_PERM, 16019 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16020 }, 16021 { 16022 .cmd = NL80211_CMD_JOIN_OCB, 16023 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16024 .doit = nl80211_join_ocb, 16025 .flags = GENL_UNS_ADMIN_PERM, 16026 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16027 }, 16028 { 16029 .cmd = NL80211_CMD_LEAVE_OCB, 16030 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16031 .doit = nl80211_leave_ocb, 16032 .flags = GENL_UNS_ADMIN_PERM, 16033 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16034 }, 16035#ifdef CONFIG_PM 16036 { 16037 .cmd = NL80211_CMD_GET_WOWLAN, 16038 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16039 .doit = nl80211_get_wowlan, 16040 /* can be retrieved by unprivileged users */ 16041 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 16042 }, 16043 { 16044 .cmd = NL80211_CMD_SET_WOWLAN, 16045 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16046 .doit = nl80211_set_wowlan, 16047 .flags = GENL_UNS_ADMIN_PERM, 16048 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 16049 }, 16050#endif 16051 { 16052 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 16053 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16054 .doit = nl80211_set_rekey_data, 16055 .flags = GENL_UNS_ADMIN_PERM, 16056 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16057 NL80211_FLAG_CLEAR_SKB), 16058 }, 16059 { 16060 .cmd = NL80211_CMD_TDLS_MGMT, 16061 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16062 .doit = nl80211_tdls_mgmt, 16063 .flags = GENL_UNS_ADMIN_PERM, 16064 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16065 }, 16066 { 16067 .cmd = NL80211_CMD_TDLS_OPER, 16068 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16069 .doit = nl80211_tdls_oper, 16070 .flags = GENL_UNS_ADMIN_PERM, 16071 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16072 }, 16073 { 16074 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 16075 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16076 .doit = nl80211_register_unexpected_frame, 16077 .flags = GENL_UNS_ADMIN_PERM, 16078 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 16079 }, 16080 { 16081 .cmd = NL80211_CMD_PROBE_CLIENT, 16082 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16083 .doit = nl80211_probe_client, 16084 .flags = GENL_UNS_ADMIN_PERM, 16085 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16086 }, 16087 { 16088 .cmd = NL80211_CMD_REGISTER_BEACONS, 16089 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16090 .doit = nl80211_register_beacons, 16091 .flags = GENL_UNS_ADMIN_PERM, 16092 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 16093 }, 16094 { 16095 .cmd = NL80211_CMD_SET_NOACK_MAP, 16096 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16097 .doit = nl80211_set_noack_map, 16098 .flags = GENL_UNS_ADMIN_PERM, 16099 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 16100 }, 16101 { 16102 .cmd = NL80211_CMD_START_P2P_DEVICE, 16103 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16104 .doit = nl80211_start_p2p_device, 16105 .flags = GENL_UNS_ADMIN_PERM, 16106 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV | 16107 NL80211_FLAG_NEED_RTNL), 16108 }, 16109 { 16110 .cmd = NL80211_CMD_STOP_P2P_DEVICE, 16111 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16112 .doit = nl80211_stop_p2p_device, 16113 .flags = GENL_UNS_ADMIN_PERM, 16114 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP | 16115 NL80211_FLAG_NEED_RTNL), 16116 }, 16117 { 16118 .cmd = NL80211_CMD_START_NAN, 16119 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16120 .doit = nl80211_start_nan, 16121 .flags = GENL_ADMIN_PERM, 16122 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV | 16123 NL80211_FLAG_NEED_RTNL), 16124 }, 16125 { 16126 .cmd = NL80211_CMD_STOP_NAN, 16127 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16128 .doit = nl80211_stop_nan, 16129 .flags = GENL_ADMIN_PERM, 16130 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP | 16131 NL80211_FLAG_NEED_RTNL), 16132 }, 16133 { 16134 .cmd = NL80211_CMD_ADD_NAN_FUNCTION, 16135 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16136 .doit = nl80211_nan_add_func, 16137 .flags = GENL_ADMIN_PERM, 16138 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 16139 }, 16140 { 16141 .cmd = NL80211_CMD_DEL_NAN_FUNCTION, 16142 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16143 .doit = nl80211_nan_del_func, 16144 .flags = GENL_ADMIN_PERM, 16145 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 16146 }, 16147 { 16148 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG, 16149 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16150 .doit = nl80211_nan_change_config, 16151 .flags = GENL_ADMIN_PERM, 16152 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 16153 }, 16154 { 16155 .cmd = NL80211_CMD_SET_MCAST_RATE, 16156 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16157 .doit = nl80211_set_mcast_rate, 16158 .flags = GENL_UNS_ADMIN_PERM, 16159 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 16160 }, 16161 { 16162 .cmd = NL80211_CMD_SET_MAC_ACL, 16163 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16164 .doit = nl80211_set_mac_acl, 16165 .flags = GENL_UNS_ADMIN_PERM, 16166 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 16167 }, 16168 { 16169 .cmd = NL80211_CMD_RADAR_DETECT, 16170 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16171 .doit = nl80211_start_radar_detection, 16172 .flags = GENL_UNS_ADMIN_PERM, 16173 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16174 NL80211_FLAG_NO_WIPHY_MTX), 16175 }, 16176 { 16177 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES, 16178 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16179 .doit = nl80211_get_protocol_features, 16180 }, 16181 { 16182 .cmd = NL80211_CMD_UPDATE_FT_IES, 16183 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16184 .doit = nl80211_update_ft_ies, 16185 .flags = GENL_UNS_ADMIN_PERM, 16186 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16187 }, 16188 { 16189 .cmd = NL80211_CMD_CRIT_PROTOCOL_START, 16190 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16191 .doit = nl80211_crit_protocol_start, 16192 .flags = GENL_UNS_ADMIN_PERM, 16193 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 16194 }, 16195 { 16196 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP, 16197 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16198 .doit = nl80211_crit_protocol_stop, 16199 .flags = GENL_UNS_ADMIN_PERM, 16200 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 16201 }, 16202 { 16203 .cmd = NL80211_CMD_GET_COALESCE, 16204 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16205 .doit = nl80211_get_coalesce, 16206 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 16207 }, 16208 { 16209 .cmd = NL80211_CMD_SET_COALESCE, 16210 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16211 .doit = nl80211_set_coalesce, 16212 .flags = GENL_UNS_ADMIN_PERM, 16213 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 16214 }, 16215 { 16216 .cmd = NL80211_CMD_CHANNEL_SWITCH, 16217 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16218 .doit = nl80211_channel_switch, 16219 .flags = GENL_UNS_ADMIN_PERM, 16220 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16221 }, 16222 { 16223 .cmd = NL80211_CMD_VENDOR, 16224 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16225 .doit = nl80211_vendor_cmd, 16226 .dumpit = nl80211_vendor_cmd_dump, 16227 .flags = GENL_UNS_ADMIN_PERM, 16228 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY | 16229 NL80211_FLAG_CLEAR_SKB), 16230 }, 16231 { 16232 .cmd = NL80211_CMD_SET_QOS_MAP, 16233 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16234 .doit = nl80211_set_qos_map, 16235 .flags = GENL_UNS_ADMIN_PERM, 16236 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16237 }, 16238 { 16239 .cmd = NL80211_CMD_ADD_TX_TS, 16240 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16241 .doit = nl80211_add_tx_ts, 16242 .flags = GENL_UNS_ADMIN_PERM, 16243 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16244 }, 16245 { 16246 .cmd = NL80211_CMD_DEL_TX_TS, 16247 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16248 .doit = nl80211_del_tx_ts, 16249 .flags = GENL_UNS_ADMIN_PERM, 16250 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16251 }, 16252 { 16253 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH, 16254 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16255 .doit = nl80211_tdls_channel_switch, 16256 .flags = GENL_UNS_ADMIN_PERM, 16257 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16258 }, 16259 { 16260 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH, 16261 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16262 .doit = nl80211_tdls_cancel_channel_switch, 16263 .flags = GENL_UNS_ADMIN_PERM, 16264 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16265 }, 16266 { 16267 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST, 16268 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16269 .doit = nl80211_set_multicast_to_unicast, 16270 .flags = GENL_UNS_ADMIN_PERM, 16271 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 16272 }, 16273 { 16274 .cmd = NL80211_CMD_SET_PMK, 16275 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16276 .doit = nl80211_set_pmk, 16277 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16278 NL80211_FLAG_CLEAR_SKB), 16279 }, 16280 { 16281 .cmd = NL80211_CMD_DEL_PMK, 16282 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16283 .doit = nl80211_del_pmk, 16284 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16285 }, 16286 { 16287 .cmd = NL80211_CMD_EXTERNAL_AUTH, 16288 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16289 .doit = nl80211_external_auth, 16290 .flags = GENL_ADMIN_PERM, 16291 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16292 }, 16293 { 16294 .cmd = NL80211_CMD_CONTROL_PORT_FRAME, 16295 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16296 .doit = nl80211_tx_control_port, 16297 .flags = GENL_UNS_ADMIN_PERM, 16298 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16299 }, 16300 { 16301 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS, 16302 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16303 .doit = nl80211_get_ftm_responder_stats, 16304 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 16305 }, 16306 { 16307 .cmd = NL80211_CMD_PEER_MEASUREMENT_START, 16308 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16309 .doit = nl80211_pmsr_start, 16310 .flags = GENL_UNS_ADMIN_PERM, 16311 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 16312 }, 16313 { 16314 .cmd = NL80211_CMD_NOTIFY_RADAR, 16315 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16316 .doit = nl80211_notify_radar_detection, 16317 .flags = GENL_UNS_ADMIN_PERM, 16318 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16319 }, 16320 { 16321 .cmd = NL80211_CMD_UPDATE_OWE_INFO, 16322 .doit = nl80211_update_owe_info, 16323 .flags = GENL_ADMIN_PERM, 16324 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16325 }, 16326 { 16327 .cmd = NL80211_CMD_PROBE_MESH_LINK, 16328 .doit = nl80211_probe_mesh_link, 16329 .flags = GENL_UNS_ADMIN_PERM, 16330 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16331 }, 16332 { 16333 .cmd = NL80211_CMD_SET_TID_CONFIG, 16334 .doit = nl80211_set_tid_config, 16335 .flags = GENL_UNS_ADMIN_PERM, 16336 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 16337 }, 16338 { 16339 .cmd = NL80211_CMD_SET_SAR_SPECS, 16340 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16341 .doit = nl80211_set_sar_specs, 16342 .flags = GENL_UNS_ADMIN_PERM, 16343 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY | 16344 NL80211_FLAG_NEED_RTNL), 16345 }, 16346 { 16347 .cmd = NL80211_CMD_COLOR_CHANGE_REQUEST, 16348 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16349 .doit = nl80211_color_change, 16350 .flags = GENL_UNS_ADMIN_PERM, 16351 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16352 }, 16353 { 16354 .cmd = NL80211_CMD_SET_FILS_AAD, 16355 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16356 .doit = nl80211_set_fils_aad, 16357 .flags = GENL_UNS_ADMIN_PERM, 16358 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16359 }, 16360}; 16361 16362static struct genl_family nl80211_fam __ro_after_init = { 16363 .name = NL80211_GENL_NAME, /* have users key off the name instead */ 16364 .hdrsize = 0, /* no private header */ 16365 .version = 1, /* no particular meaning now */ 16366 .maxattr = NL80211_ATTR_MAX, 16367 .policy = nl80211_policy, 16368 .netnsok = true, 16369 .pre_doit = nl80211_pre_doit, 16370 .post_doit = nl80211_post_doit, 16371 .module = THIS_MODULE, 16372 .ops = nl80211_ops, 16373 .n_ops = ARRAY_SIZE(nl80211_ops), 16374 .small_ops = nl80211_small_ops, 16375 .n_small_ops = ARRAY_SIZE(nl80211_small_ops), 16376 .mcgrps = nl80211_mcgrps, 16377 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps), 16378 .parallel_ops = true, 16379}; 16380 16381/* notification functions */ 16382 16383void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev, 16384 enum nl80211_commands cmd) 16385{ 16386 struct sk_buff *msg; 16387 struct nl80211_dump_wiphy_state state = {}; 16388 16389 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY && 16390 cmd != NL80211_CMD_DEL_WIPHY); 16391 16392 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 16393 if (!msg) 16394 return; 16395 16396 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) { 16397 nlmsg_free(msg); 16398 return; 16399 } 16400 16401 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 16402 NL80211_MCGRP_CONFIG, GFP_KERNEL); 16403} 16404 16405void nl80211_notify_iface(struct cfg80211_registered_device *rdev, 16406 struct wireless_dev *wdev, 16407 enum nl80211_commands cmd) 16408{ 16409 struct sk_buff *msg; 16410 16411 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 16412 if (!msg) 16413 return; 16414 16415 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) { 16416 nlmsg_free(msg); 16417 return; 16418 } 16419 16420 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 16421 NL80211_MCGRP_CONFIG, GFP_KERNEL); 16422} 16423 16424static int nl80211_add_scan_req(struct sk_buff *msg, 16425 struct cfg80211_registered_device *rdev) 16426{ 16427 struct cfg80211_scan_request *req = rdev->scan_req; 16428 struct nlattr *nest; 16429 int i; 16430 struct cfg80211_scan_info *info; 16431 16432 if (WARN_ON(!req)) 16433 return 0; 16434 16435 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS); 16436 if (!nest) 16437 goto nla_put_failure; 16438 for (i = 0; i < req->n_ssids; i++) { 16439 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid)) 16440 goto nla_put_failure; 16441 } 16442 nla_nest_end(msg, nest); 16443 16444 if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) { 16445 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ); 16446 if (!nest) 16447 goto nla_put_failure; 16448 for (i = 0; i < req->n_channels; i++) { 16449 if (nla_put_u32(msg, i, 16450 ieee80211_channel_to_khz(req->channels[i]))) 16451 goto nla_put_failure; 16452 } 16453 nla_nest_end(msg, nest); 16454 } else { 16455 nest = nla_nest_start_noflag(msg, 16456 NL80211_ATTR_SCAN_FREQUENCIES); 16457 if (!nest) 16458 goto nla_put_failure; 16459 for (i = 0; i < req->n_channels; i++) { 16460 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 16461 goto nla_put_failure; 16462 } 16463 nla_nest_end(msg, nest); 16464 } 16465 16466 if (req->ie && 16467 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie)) 16468 goto nla_put_failure; 16469 16470 if (req->flags && 16471 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags)) 16472 goto nla_put_failure; 16473 16474 info = rdev->int_scan_req ? &rdev->int_scan_req->info : 16475 &rdev->scan_req->info; 16476 if (info->scan_start_tsf && 16477 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF, 16478 info->scan_start_tsf, NL80211_BSS_PAD) || 16479 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN, 16480 info->tsf_bssid))) 16481 goto nla_put_failure; 16482 16483 return 0; 16484 nla_put_failure: 16485 return -ENOBUFS; 16486} 16487 16488static int nl80211_prep_scan_msg(struct sk_buff *msg, 16489 struct cfg80211_registered_device *rdev, 16490 struct wireless_dev *wdev, 16491 u32 portid, u32 seq, int flags, 16492 u32 cmd) 16493{ 16494 void *hdr; 16495 16496 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 16497 if (!hdr) 16498 return -1; 16499 16500 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 16501 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 16502 wdev->netdev->ifindex)) || 16503 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 16504 NL80211_ATTR_PAD)) 16505 goto nla_put_failure; 16506 16507 /* ignore errors and send incomplete event anyway */ 16508 nl80211_add_scan_req(msg, rdev); 16509 16510 genlmsg_end(msg, hdr); 16511 return 0; 16512 16513 nla_put_failure: 16514 genlmsg_cancel(msg, hdr); 16515 return -EMSGSIZE; 16516} 16517 16518static int 16519nl80211_prep_sched_scan_msg(struct sk_buff *msg, 16520 struct cfg80211_sched_scan_request *req, u32 cmd) 16521{ 16522 void *hdr; 16523 16524 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 16525 if (!hdr) 16526 return -1; 16527 16528 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, 16529 wiphy_to_rdev(req->wiphy)->wiphy_idx) || 16530 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) || 16531 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid, 16532 NL80211_ATTR_PAD)) 16533 goto nla_put_failure; 16534 16535 genlmsg_end(msg, hdr); 16536 return 0; 16537 16538 nla_put_failure: 16539 genlmsg_cancel(msg, hdr); 16540 return -EMSGSIZE; 16541} 16542 16543void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 16544 struct wireless_dev *wdev) 16545{ 16546 struct sk_buff *msg; 16547 16548 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 16549 if (!msg) 16550 return; 16551 16552 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0, 16553 NL80211_CMD_TRIGGER_SCAN) < 0) { 16554 nlmsg_free(msg); 16555 return; 16556 } 16557 16558 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 16559 NL80211_MCGRP_SCAN, GFP_KERNEL); 16560} 16561 16562struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev, 16563 struct wireless_dev *wdev, bool aborted) 16564{ 16565 struct sk_buff *msg; 16566 16567 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 16568 if (!msg) 16569 return NULL; 16570 16571 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0, 16572 aborted ? NL80211_CMD_SCAN_ABORTED : 16573 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 16574 nlmsg_free(msg); 16575 return NULL; 16576 } 16577 16578 return msg; 16579} 16580 16581/* send message created by nl80211_build_scan_msg() */ 16582void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev, 16583 struct sk_buff *msg) 16584{ 16585 if (!msg) 16586 return; 16587 16588 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 16589 NL80211_MCGRP_SCAN, GFP_KERNEL); 16590} 16591 16592void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd) 16593{ 16594 struct sk_buff *msg; 16595 16596 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 16597 if (!msg) 16598 return; 16599 16600 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) { 16601 nlmsg_free(msg); 16602 return; 16603 } 16604 16605 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0, 16606 NL80211_MCGRP_SCAN, GFP_KERNEL); 16607} 16608 16609static bool nl80211_reg_change_event_fill(struct sk_buff *msg, 16610 struct regulatory_request *request) 16611{ 16612 /* Userspace can always count this one always being set */ 16613 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator)) 16614 goto nla_put_failure; 16615 16616 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') { 16617 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 16618 NL80211_REGDOM_TYPE_WORLD)) 16619 goto nla_put_failure; 16620 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') { 16621 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 16622 NL80211_REGDOM_TYPE_CUSTOM_WORLD)) 16623 goto nla_put_failure; 16624 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 16625 request->intersect) { 16626 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 16627 NL80211_REGDOM_TYPE_INTERSECTION)) 16628 goto nla_put_failure; 16629 } else { 16630 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 16631 NL80211_REGDOM_TYPE_COUNTRY) || 16632 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 16633 request->alpha2)) 16634 goto nla_put_failure; 16635 } 16636 16637 if (request->wiphy_idx != WIPHY_IDX_INVALID) { 16638 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx); 16639 16640 if (wiphy && 16641 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx)) 16642 goto nla_put_failure; 16643 16644 if (wiphy && 16645 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 16646 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 16647 goto nla_put_failure; 16648 } 16649 16650 return true; 16651 16652nla_put_failure: 16653 return false; 16654} 16655 16656/* 16657 * This can happen on global regulatory changes or device specific settings 16658 * based on custom regulatory domains. 16659 */ 16660void nl80211_common_reg_change_event(enum nl80211_commands cmd_id, 16661 struct regulatory_request *request) 16662{ 16663 struct sk_buff *msg; 16664 void *hdr; 16665 16666 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 16667 if (!msg) 16668 return; 16669 16670 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id); 16671 if (!hdr) 16672 goto nla_put_failure; 16673 16674 if (!nl80211_reg_change_event_fill(msg, request)) 16675 goto nla_put_failure; 16676 16677 genlmsg_end(msg, hdr); 16678 16679 rcu_read_lock(); 16680 genlmsg_multicast_allns(&nl80211_fam, msg, 0, 16681 NL80211_MCGRP_REGULATORY, GFP_ATOMIC); 16682 rcu_read_unlock(); 16683 16684 return; 16685 16686nla_put_failure: 16687 nlmsg_free(msg); 16688} 16689 16690static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 16691 struct net_device *netdev, 16692 const u8 *buf, size_t len, 16693 enum nl80211_commands cmd, gfp_t gfp, 16694 int uapsd_queues, const u8 *req_ies, 16695 size_t req_ies_len, bool reconnect) 16696{ 16697 struct sk_buff *msg; 16698 void *hdr; 16699 16700 msg = nlmsg_new(100 + len + req_ies_len, gfp); 16701 if (!msg) 16702 return; 16703 16704 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 16705 if (!hdr) { 16706 nlmsg_free(msg); 16707 return; 16708 } 16709 16710 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 16711 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 16712 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 16713 (req_ies && 16714 nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies))) 16715 goto nla_put_failure; 16716 16717 if (reconnect && nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED)) 16718 goto nla_put_failure; 16719 16720 if (uapsd_queues >= 0) { 16721 struct nlattr *nla_wmm = 16722 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME); 16723 if (!nla_wmm) 16724 goto nla_put_failure; 16725 16726 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES, 16727 uapsd_queues)) 16728 goto nla_put_failure; 16729 16730 nla_nest_end(msg, nla_wmm); 16731 } 16732 16733 genlmsg_end(msg, hdr); 16734 16735 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 16736 NL80211_MCGRP_MLME, gfp); 16737 return; 16738 16739 nla_put_failure: 16740 nlmsg_free(msg); 16741} 16742 16743void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 16744 struct net_device *netdev, const u8 *buf, 16745 size_t len, gfp_t gfp) 16746{ 16747 nl80211_send_mlme_event(rdev, netdev, buf, len, 16748 NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0, 16749 false); 16750} 16751 16752void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 16753 struct net_device *netdev, const u8 *buf, 16754 size_t len, gfp_t gfp, int uapsd_queues, 16755 const u8 *req_ies, size_t req_ies_len) 16756{ 16757 nl80211_send_mlme_event(rdev, netdev, buf, len, 16758 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues, 16759 req_ies, req_ies_len, false); 16760} 16761 16762void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 16763 struct net_device *netdev, const u8 *buf, 16764 size_t len, bool reconnect, gfp_t gfp) 16765{ 16766 nl80211_send_mlme_event(rdev, netdev, buf, len, 16767 NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0, 16768 reconnect); 16769} 16770 16771void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 16772 struct net_device *netdev, const u8 *buf, 16773 size_t len, bool reconnect, gfp_t gfp) 16774{ 16775 nl80211_send_mlme_event(rdev, netdev, buf, len, 16776 NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0, 16777 reconnect); 16778} 16779 16780void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf, 16781 size_t len) 16782{ 16783 struct wireless_dev *wdev = dev->ieee80211_ptr; 16784 struct wiphy *wiphy = wdev->wiphy; 16785 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 16786 const struct ieee80211_mgmt *mgmt = (void *)buf; 16787 u32 cmd; 16788 16789 if (WARN_ON(len < 2)) 16790 return; 16791 16792 if (ieee80211_is_deauth(mgmt->frame_control)) { 16793 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE; 16794 } else if (ieee80211_is_disassoc(mgmt->frame_control)) { 16795 cmd = NL80211_CMD_UNPROT_DISASSOCIATE; 16796 } else if (ieee80211_is_beacon(mgmt->frame_control)) { 16797 if (wdev->unprot_beacon_reported && 16798 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000) 16799 return; 16800 cmd = NL80211_CMD_UNPROT_BEACON; 16801 wdev->unprot_beacon_reported = jiffies; 16802 } else { 16803 return; 16804 } 16805 16806 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len); 16807 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1, 16808 NULL, 0, false); 16809} 16810EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt); 16811 16812static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 16813 struct net_device *netdev, int cmd, 16814 const u8 *addr, gfp_t gfp) 16815{ 16816 struct sk_buff *msg; 16817 void *hdr; 16818 16819 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 16820 if (!msg) 16821 return; 16822 16823 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 16824 if (!hdr) { 16825 nlmsg_free(msg); 16826 return; 16827 } 16828 16829 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 16830 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 16831 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 16832 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 16833 goto nla_put_failure; 16834 16835 genlmsg_end(msg, hdr); 16836 16837 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 16838 NL80211_MCGRP_MLME, gfp); 16839 return; 16840 16841 nla_put_failure: 16842 nlmsg_free(msg); 16843} 16844 16845void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 16846 struct net_device *netdev, const u8 *addr, 16847 gfp_t gfp) 16848{ 16849 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 16850 addr, gfp); 16851} 16852 16853void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 16854 struct net_device *netdev, const u8 *addr, 16855 gfp_t gfp) 16856{ 16857 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 16858 addr, gfp); 16859} 16860 16861void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 16862 struct net_device *netdev, 16863 struct cfg80211_connect_resp_params *cr, 16864 gfp_t gfp) 16865{ 16866 struct sk_buff *msg; 16867 void *hdr; 16868 16869 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len + 16870 cr->fils.kek_len + cr->fils.pmk_len + 16871 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp); 16872 if (!msg) 16873 return; 16874 16875 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 16876 if (!hdr) { 16877 nlmsg_free(msg); 16878 return; 16879 } 16880 16881 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 16882 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 16883 (cr->bssid && 16884 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) || 16885 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, 16886 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE : 16887 cr->status) || 16888 (cr->status < 0 && 16889 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 16890 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON, 16891 cr->timeout_reason))) || 16892 (cr->req_ie && 16893 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) || 16894 (cr->resp_ie && 16895 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len, 16896 cr->resp_ie)) || 16897 (cr->fils.update_erp_next_seq_num && 16898 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM, 16899 cr->fils.erp_next_seq_num)) || 16900 (cr->status == WLAN_STATUS_SUCCESS && 16901 ((cr->fils.kek && 16902 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len, 16903 cr->fils.kek)) || 16904 (cr->fils.pmk && 16905 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) || 16906 (cr->fils.pmkid && 16907 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid))))) 16908 goto nla_put_failure; 16909 16910 genlmsg_end(msg, hdr); 16911 16912 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 16913 NL80211_MCGRP_MLME, gfp); 16914 return; 16915 16916 nla_put_failure: 16917 nlmsg_free(msg); 16918} 16919 16920void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 16921 struct net_device *netdev, 16922 struct cfg80211_roam_info *info, gfp_t gfp) 16923{ 16924 struct sk_buff *msg; 16925 void *hdr; 16926 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid; 16927 16928 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len + 16929 info->fils.kek_len + info->fils.pmk_len + 16930 (info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp); 16931 if (!msg) 16932 return; 16933 16934 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 16935 if (!hdr) { 16936 nlmsg_free(msg); 16937 return; 16938 } 16939 16940 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 16941 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 16942 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) || 16943 (info->req_ie && 16944 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len, 16945 info->req_ie)) || 16946 (info->resp_ie && 16947 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len, 16948 info->resp_ie)) || 16949 (info->fils.update_erp_next_seq_num && 16950 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM, 16951 info->fils.erp_next_seq_num)) || 16952 (info->fils.kek && 16953 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len, 16954 info->fils.kek)) || 16955 (info->fils.pmk && 16956 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) || 16957 (info->fils.pmkid && 16958 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid))) 16959 goto nla_put_failure; 16960 16961 genlmsg_end(msg, hdr); 16962 16963 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 16964 NL80211_MCGRP_MLME, gfp); 16965 return; 16966 16967 nla_put_failure: 16968 nlmsg_free(msg); 16969} 16970 16971void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev, 16972 struct net_device *netdev, const u8 *bssid) 16973{ 16974 struct sk_buff *msg; 16975 void *hdr; 16976 16977 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 16978 if (!msg) 16979 return; 16980 16981 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED); 16982 if (!hdr) { 16983 nlmsg_free(msg); 16984 return; 16985 } 16986 16987 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 16988 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 16989 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 16990 goto nla_put_failure; 16991 16992 genlmsg_end(msg, hdr); 16993 16994 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 16995 NL80211_MCGRP_MLME, GFP_KERNEL); 16996 return; 16997 16998 nla_put_failure: 16999 nlmsg_free(msg); 17000} 17001 17002void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 17003 struct net_device *netdev, u16 reason, 17004 const u8 *ie, size_t ie_len, bool from_ap) 17005{ 17006 struct sk_buff *msg; 17007 void *hdr; 17008 17009 msg = nlmsg_new(100 + ie_len, GFP_KERNEL); 17010 if (!msg) 17011 return; 17012 17013 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 17014 if (!hdr) { 17015 nlmsg_free(msg); 17016 return; 17017 } 17018 17019 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17020 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 17021 (reason && 17022 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) || 17023 (from_ap && 17024 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) || 17025 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) 17026 goto nla_put_failure; 17027 17028 genlmsg_end(msg, hdr); 17029 17030 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17031 NL80211_MCGRP_MLME, GFP_KERNEL); 17032 return; 17033 17034 nla_put_failure: 17035 nlmsg_free(msg); 17036} 17037 17038void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 17039 struct net_device *netdev, const u8 *bssid, 17040 gfp_t gfp) 17041{ 17042 struct sk_buff *msg; 17043 void *hdr; 17044 17045 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 17046 if (!msg) 17047 return; 17048 17049 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 17050 if (!hdr) { 17051 nlmsg_free(msg); 17052 return; 17053 } 17054 17055 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17056 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 17057 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 17058 goto nla_put_failure; 17059 17060 genlmsg_end(msg, hdr); 17061 17062 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17063 NL80211_MCGRP_MLME, gfp); 17064 return; 17065 17066 nla_put_failure: 17067 nlmsg_free(msg); 17068} 17069 17070void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr, 17071 const u8 *ie, u8 ie_len, 17072 int sig_dbm, gfp_t gfp) 17073{ 17074 struct wireless_dev *wdev = dev->ieee80211_ptr; 17075 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 17076 struct sk_buff *msg; 17077 void *hdr; 17078 17079 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT)) 17080 return; 17081 17082 trace_cfg80211_notify_new_peer_candidate(dev, addr); 17083 17084 msg = nlmsg_new(100 + ie_len, gfp); 17085 if (!msg) 17086 return; 17087 17088 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 17089 if (!hdr) { 17090 nlmsg_free(msg); 17091 return; 17092 } 17093 17094 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17095 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 17096 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 17097 (ie_len && ie && 17098 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) || 17099 (sig_dbm && 17100 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm))) 17101 goto nla_put_failure; 17102 17103 genlmsg_end(msg, hdr); 17104 17105 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17106 NL80211_MCGRP_MLME, gfp); 17107 return; 17108 17109 nla_put_failure: 17110 nlmsg_free(msg); 17111} 17112EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate); 17113 17114void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 17115 struct net_device *netdev, const u8 *addr, 17116 enum nl80211_key_type key_type, int key_id, 17117 const u8 *tsc, gfp_t gfp) 17118{ 17119 struct sk_buff *msg; 17120 void *hdr; 17121 17122 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 17123 if (!msg) 17124 return; 17125 17126 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 17127 if (!hdr) { 17128 nlmsg_free(msg); 17129 return; 17130 } 17131 17132 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17133 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 17134 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) || 17135 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) || 17136 (key_id != -1 && 17137 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) || 17138 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc))) 17139 goto nla_put_failure; 17140 17141 genlmsg_end(msg, hdr); 17142 17143 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17144 NL80211_MCGRP_MLME, gfp); 17145 return; 17146 17147 nla_put_failure: 17148 nlmsg_free(msg); 17149} 17150 17151void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 17152 struct ieee80211_channel *channel_before, 17153 struct ieee80211_channel *channel_after) 17154{ 17155 struct sk_buff *msg; 17156 void *hdr; 17157 struct nlattr *nl_freq; 17158 17159 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 17160 if (!msg) 17161 return; 17162 17163 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 17164 if (!hdr) { 17165 nlmsg_free(msg); 17166 return; 17167 } 17168 17169 /* 17170 * Since we are applying the beacon hint to a wiphy we know its 17171 * wiphy_idx is valid 17172 */ 17173 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 17174 goto nla_put_failure; 17175 17176 /* Before */ 17177 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE); 17178 if (!nl_freq) 17179 goto nla_put_failure; 17180 17181 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false)) 17182 goto nla_put_failure; 17183 nla_nest_end(msg, nl_freq); 17184 17185 /* After */ 17186 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER); 17187 if (!nl_freq) 17188 goto nla_put_failure; 17189 17190 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false)) 17191 goto nla_put_failure; 17192 nla_nest_end(msg, nl_freq); 17193 17194 genlmsg_end(msg, hdr); 17195 17196 rcu_read_lock(); 17197 genlmsg_multicast_allns(&nl80211_fam, msg, 0, 17198 NL80211_MCGRP_REGULATORY, GFP_ATOMIC); 17199 rcu_read_unlock(); 17200 17201 return; 17202 17203nla_put_failure: 17204 nlmsg_free(msg); 17205} 17206 17207static void nl80211_send_remain_on_chan_event( 17208 int cmd, struct cfg80211_registered_device *rdev, 17209 struct wireless_dev *wdev, u64 cookie, 17210 struct ieee80211_channel *chan, 17211 unsigned int duration, gfp_t gfp) 17212{ 17213 struct sk_buff *msg; 17214 void *hdr; 17215 17216 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 17217 if (!msg) 17218 return; 17219 17220 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 17221 if (!hdr) { 17222 nlmsg_free(msg); 17223 return; 17224 } 17225 17226 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17227 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 17228 wdev->netdev->ifindex)) || 17229 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 17230 NL80211_ATTR_PAD) || 17231 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 17232 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 17233 NL80211_CHAN_NO_HT) || 17234 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 17235 NL80211_ATTR_PAD)) 17236 goto nla_put_failure; 17237 17238 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL && 17239 nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) 17240 goto nla_put_failure; 17241 17242 genlmsg_end(msg, hdr); 17243 17244 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17245 NL80211_MCGRP_MLME, gfp); 17246 return; 17247 17248 nla_put_failure: 17249 nlmsg_free(msg); 17250} 17251 17252void cfg80211_assoc_comeback(struct net_device *netdev, 17253 struct cfg80211_bss *bss, u32 timeout) 17254{ 17255 struct wireless_dev *wdev = netdev->ieee80211_ptr; 17256 struct wiphy *wiphy = wdev->wiphy; 17257 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 17258 struct sk_buff *msg; 17259 void *hdr; 17260 17261 trace_cfg80211_assoc_comeback(wdev, bss->bssid, timeout); 17262 17263 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 17264 if (!msg) 17265 return; 17266 17267 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ASSOC_COMEBACK); 17268 if (!hdr) { 17269 nlmsg_free(msg); 17270 return; 17271 } 17272 17273 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17274 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 17275 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bss->bssid) || 17276 nla_put_u32(msg, NL80211_ATTR_TIMEOUT, timeout)) 17277 goto nla_put_failure; 17278 17279 genlmsg_end(msg, hdr); 17280 17281 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17282 NL80211_MCGRP_MLME, GFP_KERNEL); 17283 return; 17284 17285 nla_put_failure: 17286 nlmsg_free(msg); 17287} 17288EXPORT_SYMBOL(cfg80211_assoc_comeback); 17289 17290void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie, 17291 struct ieee80211_channel *chan, 17292 unsigned int duration, gfp_t gfp) 17293{ 17294 struct wiphy *wiphy = wdev->wiphy; 17295 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 17296 17297 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration); 17298 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 17299 rdev, wdev, cookie, chan, 17300 duration, gfp); 17301} 17302EXPORT_SYMBOL(cfg80211_ready_on_channel); 17303 17304void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie, 17305 struct ieee80211_channel *chan, 17306 gfp_t gfp) 17307{ 17308 struct wiphy *wiphy = wdev->wiphy; 17309 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 17310 17311 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan); 17312 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 17313 rdev, wdev, cookie, chan, 0, gfp); 17314} 17315EXPORT_SYMBOL(cfg80211_remain_on_channel_expired); 17316 17317void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie, 17318 struct ieee80211_channel *chan, 17319 gfp_t gfp) 17320{ 17321 struct wiphy *wiphy = wdev->wiphy; 17322 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 17323 17324 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan); 17325 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL, 17326 rdev, wdev, cookie, chan, 0, gfp); 17327} 17328EXPORT_SYMBOL(cfg80211_tx_mgmt_expired); 17329 17330void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr, 17331 struct station_info *sinfo, gfp_t gfp) 17332{ 17333 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 17334 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 17335 struct sk_buff *msg; 17336 17337 trace_cfg80211_new_sta(dev, mac_addr, sinfo); 17338 17339 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 17340 if (!msg) 17341 return; 17342 17343 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0, 17344 rdev, dev, mac_addr, sinfo) < 0) { 17345 nlmsg_free(msg); 17346 return; 17347 } 17348 17349 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17350 NL80211_MCGRP_MLME, gfp); 17351} 17352EXPORT_SYMBOL(cfg80211_new_sta); 17353 17354void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr, 17355 struct station_info *sinfo, gfp_t gfp) 17356{ 17357 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 17358 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 17359 struct sk_buff *msg; 17360 struct station_info empty_sinfo = {}; 17361 17362 if (!sinfo) 17363 sinfo = &empty_sinfo; 17364 17365 trace_cfg80211_del_sta(dev, mac_addr); 17366 17367 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 17368 if (!msg) { 17369 cfg80211_sinfo_release_content(sinfo); 17370 return; 17371 } 17372 17373 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0, 17374 rdev, dev, mac_addr, sinfo) < 0) { 17375 nlmsg_free(msg); 17376 return; 17377 } 17378 17379 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17380 NL80211_MCGRP_MLME, gfp); 17381} 17382EXPORT_SYMBOL(cfg80211_del_sta_sinfo); 17383 17384void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr, 17385 enum nl80211_connect_failed_reason reason, 17386 gfp_t gfp) 17387{ 17388 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 17389 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 17390 struct sk_buff *msg; 17391 void *hdr; 17392 17393 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 17394 if (!msg) 17395 return; 17396 17397 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED); 17398 if (!hdr) { 17399 nlmsg_free(msg); 17400 return; 17401 } 17402 17403 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 17404 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 17405 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason)) 17406 goto nla_put_failure; 17407 17408 genlmsg_end(msg, hdr); 17409 17410 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17411 NL80211_MCGRP_MLME, gfp); 17412 return; 17413 17414 nla_put_failure: 17415 nlmsg_free(msg); 17416} 17417EXPORT_SYMBOL(cfg80211_conn_failed); 17418 17419static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 17420 const u8 *addr, gfp_t gfp) 17421{ 17422 struct wireless_dev *wdev = dev->ieee80211_ptr; 17423 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 17424 struct sk_buff *msg; 17425 void *hdr; 17426 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid); 17427 17428 if (!nlportid) 17429 return false; 17430 17431 msg = nlmsg_new(100, gfp); 17432 if (!msg) 17433 return true; 17434 17435 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 17436 if (!hdr) { 17437 nlmsg_free(msg); 17438 return true; 17439 } 17440 17441 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17442 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 17443 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 17444 goto nla_put_failure; 17445 17446 genlmsg_end(msg, hdr); 17447 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 17448 return true; 17449 17450 nla_put_failure: 17451 nlmsg_free(msg); 17452 return true; 17453} 17454 17455bool cfg80211_rx_spurious_frame(struct net_device *dev, 17456 const u8 *addr, gfp_t gfp) 17457{ 17458 struct wireless_dev *wdev = dev->ieee80211_ptr; 17459 bool ret; 17460 17461 trace_cfg80211_rx_spurious_frame(dev, addr); 17462 17463 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 17464 wdev->iftype != NL80211_IFTYPE_P2P_GO)) { 17465 trace_cfg80211_return_bool(false); 17466 return false; 17467 } 17468 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 17469 addr, gfp); 17470 trace_cfg80211_return_bool(ret); 17471 return ret; 17472} 17473EXPORT_SYMBOL(cfg80211_rx_spurious_frame); 17474 17475bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev, 17476 const u8 *addr, gfp_t gfp) 17477{ 17478 struct wireless_dev *wdev = dev->ieee80211_ptr; 17479 bool ret; 17480 17481 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr); 17482 17483 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 17484 wdev->iftype != NL80211_IFTYPE_P2P_GO && 17485 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) { 17486 trace_cfg80211_return_bool(false); 17487 return false; 17488 } 17489 ret = __nl80211_unexpected_frame(dev, 17490 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 17491 addr, gfp); 17492 trace_cfg80211_return_bool(ret); 17493 return ret; 17494} 17495EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame); 17496 17497int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 17498 struct wireless_dev *wdev, u32 nlportid, 17499 int freq, int sig_dbm, 17500 const u8 *buf, size_t len, u32 flags, gfp_t gfp) 17501{ 17502 struct net_device *netdev = wdev->netdev; 17503 struct sk_buff *msg; 17504 void *hdr; 17505 17506 msg = nlmsg_new(100 + len, gfp); 17507 if (!msg) 17508 return -ENOMEM; 17509 17510 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 17511 if (!hdr) { 17512 nlmsg_free(msg); 17513 return -ENOMEM; 17514 } 17515 17516 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17517 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 17518 netdev->ifindex)) || 17519 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 17520 NL80211_ATTR_PAD) || 17521 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(freq)) || 17522 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, freq % 1000) || 17523 (sig_dbm && 17524 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 17525 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 17526 (flags && 17527 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags))) 17528 goto nla_put_failure; 17529 17530 genlmsg_end(msg, hdr); 17531 17532 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 17533 17534 nla_put_failure: 17535 nlmsg_free(msg); 17536 return -ENOBUFS; 17537} 17538 17539static void nl80211_frame_tx_status(struct wireless_dev *wdev, u64 cookie, 17540 const u8 *buf, size_t len, bool ack, 17541 gfp_t gfp, enum nl80211_commands command) 17542{ 17543 struct wiphy *wiphy = wdev->wiphy; 17544 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 17545 struct net_device *netdev = wdev->netdev; 17546 struct sk_buff *msg; 17547 void *hdr; 17548 17549 if (command == NL80211_CMD_FRAME_TX_STATUS) 17550 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack); 17551 else 17552 trace_cfg80211_control_port_tx_status(wdev, cookie, ack); 17553 17554 msg = nlmsg_new(100 + len, gfp); 17555 if (!msg) 17556 return; 17557 17558 hdr = nl80211hdr_put(msg, 0, 0, 0, command); 17559 if (!hdr) { 17560 nlmsg_free(msg); 17561 return; 17562 } 17563 17564 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17565 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 17566 netdev->ifindex)) || 17567 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 17568 NL80211_ATTR_PAD) || 17569 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 17570 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 17571 NL80211_ATTR_PAD) || 17572 (ack && nla_put_flag(msg, NL80211_ATTR_ACK))) 17573 goto nla_put_failure; 17574 17575 genlmsg_end(msg, hdr); 17576 17577 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17578 NL80211_MCGRP_MLME, gfp); 17579 return; 17580 17581nla_put_failure: 17582 nlmsg_free(msg); 17583} 17584 17585void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie, 17586 const u8 *buf, size_t len, bool ack, 17587 gfp_t gfp) 17588{ 17589 nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp, 17590 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS); 17591} 17592EXPORT_SYMBOL(cfg80211_control_port_tx_status); 17593 17594void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie, 17595 const u8 *buf, size_t len, bool ack, gfp_t gfp) 17596{ 17597 nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp, 17598 NL80211_CMD_FRAME_TX_STATUS); 17599} 17600EXPORT_SYMBOL(cfg80211_mgmt_tx_status); 17601 17602static int __nl80211_rx_control_port(struct net_device *dev, 17603 struct sk_buff *skb, 17604 bool unencrypted, gfp_t gfp) 17605{ 17606 struct wireless_dev *wdev = dev->ieee80211_ptr; 17607 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 17608 struct ethhdr *ehdr = eth_hdr(skb); 17609 const u8 *addr = ehdr->h_source; 17610 u16 proto = be16_to_cpu(skb->protocol); 17611 struct sk_buff *msg; 17612 void *hdr; 17613 struct nlattr *frame; 17614 17615 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid); 17616 17617 if (!nlportid) 17618 return -ENOENT; 17619 17620 msg = nlmsg_new(100 + skb->len, gfp); 17621 if (!msg) 17622 return -ENOMEM; 17623 17624 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME); 17625 if (!hdr) { 17626 nlmsg_free(msg); 17627 return -ENOBUFS; 17628 } 17629 17630 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17631 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 17632 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 17633 NL80211_ATTR_PAD) || 17634 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 17635 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) || 17636 (unencrypted && nla_put_flag(msg, 17637 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))) 17638 goto nla_put_failure; 17639 17640 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len); 17641 if (!frame) 17642 goto nla_put_failure; 17643 17644 skb_copy_bits(skb, 0, nla_data(frame), skb->len); 17645 genlmsg_end(msg, hdr); 17646 17647 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 17648 17649 nla_put_failure: 17650 nlmsg_free(msg); 17651 return -ENOBUFS; 17652} 17653 17654bool cfg80211_rx_control_port(struct net_device *dev, 17655 struct sk_buff *skb, bool unencrypted) 17656{ 17657 int ret; 17658 17659 trace_cfg80211_rx_control_port(dev, skb, unencrypted); 17660 ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC); 17661 trace_cfg80211_return_bool(ret == 0); 17662 return ret == 0; 17663} 17664EXPORT_SYMBOL(cfg80211_rx_control_port); 17665 17666static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev, 17667 const char *mac, gfp_t gfp) 17668{ 17669 struct wireless_dev *wdev = dev->ieee80211_ptr; 17670 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 17671 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 17672 void **cb; 17673 17674 if (!msg) 17675 return NULL; 17676 17677 cb = (void **)msg->cb; 17678 17679 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 17680 if (!cb[0]) { 17681 nlmsg_free(msg); 17682 return NULL; 17683 } 17684 17685 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17686 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 17687 goto nla_put_failure; 17688 17689 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac)) 17690 goto nla_put_failure; 17691 17692 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM); 17693 if (!cb[1]) 17694 goto nla_put_failure; 17695 17696 cb[2] = rdev; 17697 17698 return msg; 17699 nla_put_failure: 17700 nlmsg_free(msg); 17701 return NULL; 17702} 17703 17704static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp) 17705{ 17706 void **cb = (void **)msg->cb; 17707 struct cfg80211_registered_device *rdev = cb[2]; 17708 17709 nla_nest_end(msg, cb[1]); 17710 genlmsg_end(msg, cb[0]); 17711 17712 memset(msg->cb, 0, sizeof(msg->cb)); 17713 17714 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17715 NL80211_MCGRP_MLME, gfp); 17716} 17717 17718void cfg80211_cqm_rssi_notify(struct net_device *dev, 17719 enum nl80211_cqm_rssi_threshold_event rssi_event, 17720 s32 rssi_level, gfp_t gfp) 17721{ 17722 struct sk_buff *msg; 17723 struct wireless_dev *wdev = dev->ieee80211_ptr; 17724 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 17725 17726 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level); 17727 17728 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW && 17729 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH)) 17730 return; 17731 17732 if (wdev->cqm_config) { 17733 wdev->cqm_config->last_rssi_event_value = rssi_level; 17734 17735 cfg80211_cqm_rssi_update(rdev, dev); 17736 17737 if (rssi_level == 0) 17738 rssi_level = wdev->cqm_config->last_rssi_event_value; 17739 } 17740 17741 msg = cfg80211_prepare_cqm(dev, NULL, gfp); 17742 if (!msg) 17743 return; 17744 17745 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 17746 rssi_event)) 17747 goto nla_put_failure; 17748 17749 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL, 17750 rssi_level)) 17751 goto nla_put_failure; 17752 17753 cfg80211_send_cqm(msg, gfp); 17754 17755 return; 17756 17757 nla_put_failure: 17758 nlmsg_free(msg); 17759} 17760EXPORT_SYMBOL(cfg80211_cqm_rssi_notify); 17761 17762void cfg80211_cqm_txe_notify(struct net_device *dev, 17763 const u8 *peer, u32 num_packets, 17764 u32 rate, u32 intvl, gfp_t gfp) 17765{ 17766 struct sk_buff *msg; 17767 17768 msg = cfg80211_prepare_cqm(dev, peer, gfp); 17769 if (!msg) 17770 return; 17771 17772 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets)) 17773 goto nla_put_failure; 17774 17775 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate)) 17776 goto nla_put_failure; 17777 17778 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl)) 17779 goto nla_put_failure; 17780 17781 cfg80211_send_cqm(msg, gfp); 17782 return; 17783 17784 nla_put_failure: 17785 nlmsg_free(msg); 17786} 17787EXPORT_SYMBOL(cfg80211_cqm_txe_notify); 17788 17789void cfg80211_cqm_pktloss_notify(struct net_device *dev, 17790 const u8 *peer, u32 num_packets, gfp_t gfp) 17791{ 17792 struct sk_buff *msg; 17793 17794 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets); 17795 17796 msg = cfg80211_prepare_cqm(dev, peer, gfp); 17797 if (!msg) 17798 return; 17799 17800 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets)) 17801 goto nla_put_failure; 17802 17803 cfg80211_send_cqm(msg, gfp); 17804 return; 17805 17806 nla_put_failure: 17807 nlmsg_free(msg); 17808} 17809EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify); 17810 17811void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp) 17812{ 17813 struct sk_buff *msg; 17814 17815 msg = cfg80211_prepare_cqm(dev, NULL, gfp); 17816 if (!msg) 17817 return; 17818 17819 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT)) 17820 goto nla_put_failure; 17821 17822 cfg80211_send_cqm(msg, gfp); 17823 return; 17824 17825 nla_put_failure: 17826 nlmsg_free(msg); 17827} 17828EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify); 17829 17830static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 17831 struct net_device *netdev, const u8 *bssid, 17832 const u8 *replay_ctr, gfp_t gfp) 17833{ 17834 struct sk_buff *msg; 17835 struct nlattr *rekey_attr; 17836 void *hdr; 17837 17838 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 17839 if (!msg) 17840 return; 17841 17842 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 17843 if (!hdr) { 17844 nlmsg_free(msg); 17845 return; 17846 } 17847 17848 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17849 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 17850 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 17851 goto nla_put_failure; 17852 17853 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA); 17854 if (!rekey_attr) 17855 goto nla_put_failure; 17856 17857 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, 17858 NL80211_REPLAY_CTR_LEN, replay_ctr)) 17859 goto nla_put_failure; 17860 17861 nla_nest_end(msg, rekey_attr); 17862 17863 genlmsg_end(msg, hdr); 17864 17865 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17866 NL80211_MCGRP_MLME, gfp); 17867 return; 17868 17869 nla_put_failure: 17870 nlmsg_free(msg); 17871} 17872 17873void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid, 17874 const u8 *replay_ctr, gfp_t gfp) 17875{ 17876 struct wireless_dev *wdev = dev->ieee80211_ptr; 17877 struct wiphy *wiphy = wdev->wiphy; 17878 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 17879 17880 trace_cfg80211_gtk_rekey_notify(dev, bssid); 17881 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp); 17882} 17883EXPORT_SYMBOL(cfg80211_gtk_rekey_notify); 17884 17885static void 17886nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 17887 struct net_device *netdev, int index, 17888 const u8 *bssid, bool preauth, gfp_t gfp) 17889{ 17890 struct sk_buff *msg; 17891 struct nlattr *attr; 17892 void *hdr; 17893 17894 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 17895 if (!msg) 17896 return; 17897 17898 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 17899 if (!hdr) { 17900 nlmsg_free(msg); 17901 return; 17902 } 17903 17904 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17905 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 17906 goto nla_put_failure; 17907 17908 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE); 17909 if (!attr) 17910 goto nla_put_failure; 17911 17912 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) || 17913 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) || 17914 (preauth && 17915 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH))) 17916 goto nla_put_failure; 17917 17918 nla_nest_end(msg, attr); 17919 17920 genlmsg_end(msg, hdr); 17921 17922 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17923 NL80211_MCGRP_MLME, gfp); 17924 return; 17925 17926 nla_put_failure: 17927 nlmsg_free(msg); 17928} 17929 17930void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index, 17931 const u8 *bssid, bool preauth, gfp_t gfp) 17932{ 17933 struct wireless_dev *wdev = dev->ieee80211_ptr; 17934 struct wiphy *wiphy = wdev->wiphy; 17935 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 17936 17937 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth); 17938 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp); 17939} 17940EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify); 17941 17942static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev, 17943 struct net_device *netdev, 17944 struct cfg80211_chan_def *chandef, 17945 gfp_t gfp, 17946 enum nl80211_commands notif, 17947 u8 count, bool quiet) 17948{ 17949 struct sk_buff *msg; 17950 void *hdr; 17951 17952 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 17953 if (!msg) 17954 return; 17955 17956 hdr = nl80211hdr_put(msg, 0, 0, 0, notif); 17957 if (!hdr) { 17958 nlmsg_free(msg); 17959 return; 17960 } 17961 17962 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 17963 goto nla_put_failure; 17964 17965 if (nl80211_send_chandef(msg, chandef)) 17966 goto nla_put_failure; 17967 17968 if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) { 17969 if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)) 17970 goto nla_put_failure; 17971 if (quiet && 17972 nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX)) 17973 goto nla_put_failure; 17974 } 17975 17976 genlmsg_end(msg, hdr); 17977 17978 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17979 NL80211_MCGRP_MLME, gfp); 17980 return; 17981 17982 nla_put_failure: 17983 nlmsg_free(msg); 17984} 17985 17986void cfg80211_ch_switch_notify(struct net_device *dev, 17987 struct cfg80211_chan_def *chandef) 17988{ 17989 struct wireless_dev *wdev = dev->ieee80211_ptr; 17990 struct wiphy *wiphy = wdev->wiphy; 17991 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 17992 17993 ASSERT_WDEV_LOCK(wdev); 17994 17995 trace_cfg80211_ch_switch_notify(dev, chandef); 17996 17997 wdev->chandef = *chandef; 17998 wdev->preset_chandef = *chandef; 17999 18000 if ((wdev->iftype == NL80211_IFTYPE_STATION || 18001 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) && 18002 !WARN_ON(!wdev->current_bss)) 18003 cfg80211_update_assoc_bss_entry(wdev, chandef->chan); 18004 18005 cfg80211_sched_dfs_chan_update(rdev); 18006 18007 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL, 18008 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false); 18009} 18010EXPORT_SYMBOL(cfg80211_ch_switch_notify); 18011 18012void cfg80211_ch_switch_started_notify(struct net_device *dev, 18013 struct cfg80211_chan_def *chandef, 18014 u8 count, bool quiet) 18015{ 18016 struct wireless_dev *wdev = dev->ieee80211_ptr; 18017 struct wiphy *wiphy = wdev->wiphy; 18018 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18019 18020 trace_cfg80211_ch_switch_started_notify(dev, chandef); 18021 18022 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL, 18023 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, 18024 count, quiet); 18025} 18026EXPORT_SYMBOL(cfg80211_ch_switch_started_notify); 18027 18028int cfg80211_bss_color_notify(struct net_device *dev, gfp_t gfp, 18029 enum nl80211_commands cmd, u8 count, 18030 u64 color_bitmap) 18031{ 18032 struct wireless_dev *wdev = dev->ieee80211_ptr; 18033 struct wiphy *wiphy = wdev->wiphy; 18034 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18035 struct sk_buff *msg; 18036 void *hdr; 18037 18038 ASSERT_WDEV_LOCK(wdev); 18039 18040 trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap); 18041 18042 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18043 if (!msg) 18044 return -ENOMEM; 18045 18046 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 18047 if (!hdr) 18048 goto nla_put_failure; 18049 18050 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 18051 goto nla_put_failure; 18052 18053 if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED && 18054 nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count)) 18055 goto nla_put_failure; 18056 18057 if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION && 18058 nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP, 18059 color_bitmap, NL80211_ATTR_PAD)) 18060 goto nla_put_failure; 18061 18062 genlmsg_end(msg, hdr); 18063 18064 return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 18065 msg, 0, NL80211_MCGRP_MLME, gfp); 18066 18067nla_put_failure: 18068 nlmsg_free(msg); 18069 return -EINVAL; 18070} 18071EXPORT_SYMBOL(cfg80211_bss_color_notify); 18072 18073void 18074nl80211_radar_notify(struct cfg80211_registered_device *rdev, 18075 const struct cfg80211_chan_def *chandef, 18076 enum nl80211_radar_event event, 18077 struct net_device *netdev, gfp_t gfp) 18078{ 18079 struct sk_buff *msg; 18080 void *hdr; 18081 18082 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18083 if (!msg) 18084 return; 18085 18086 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT); 18087 if (!hdr) { 18088 nlmsg_free(msg); 18089 return; 18090 } 18091 18092 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 18093 goto nla_put_failure; 18094 18095 /* NOP and radar events don't need a netdev parameter */ 18096 if (netdev) { 18097 struct wireless_dev *wdev = netdev->ieee80211_ptr; 18098 18099 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18100 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 18101 NL80211_ATTR_PAD)) 18102 goto nla_put_failure; 18103 } 18104 18105 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event)) 18106 goto nla_put_failure; 18107 18108 if (nl80211_send_chandef(msg, chandef)) 18109 goto nla_put_failure; 18110 18111 genlmsg_end(msg, hdr); 18112 18113 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18114 NL80211_MCGRP_MLME, gfp); 18115 return; 18116 18117 nla_put_failure: 18118 nlmsg_free(msg); 18119} 18120 18121void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac, 18122 struct sta_opmode_info *sta_opmode, 18123 gfp_t gfp) 18124{ 18125 struct sk_buff *msg; 18126 struct wireless_dev *wdev = dev->ieee80211_ptr; 18127 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 18128 void *hdr; 18129 18130 if (WARN_ON(!mac)) 18131 return; 18132 18133 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18134 if (!msg) 18135 return; 18136 18137 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED); 18138 if (!hdr) { 18139 nlmsg_free(msg); 18140 return; 18141 } 18142 18143 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 18144 goto nla_put_failure; 18145 18146 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 18147 goto nla_put_failure; 18148 18149 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac)) 18150 goto nla_put_failure; 18151 18152 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) && 18153 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode)) 18154 goto nla_put_failure; 18155 18156 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) && 18157 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw)) 18158 goto nla_put_failure; 18159 18160 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) && 18161 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss)) 18162 goto nla_put_failure; 18163 18164 genlmsg_end(msg, hdr); 18165 18166 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18167 NL80211_MCGRP_MLME, gfp); 18168 18169 return; 18170 18171nla_put_failure: 18172 nlmsg_free(msg); 18173} 18174EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify); 18175 18176void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 18177 u64 cookie, bool acked, s32 ack_signal, 18178 bool is_valid_ack_signal, gfp_t gfp) 18179{ 18180 struct wireless_dev *wdev = dev->ieee80211_ptr; 18181 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 18182 struct sk_buff *msg; 18183 void *hdr; 18184 18185 trace_cfg80211_probe_status(dev, addr, cookie, acked); 18186 18187 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18188 18189 if (!msg) 18190 return; 18191 18192 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 18193 if (!hdr) { 18194 nlmsg_free(msg); 18195 return; 18196 } 18197 18198 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18199 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 18200 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 18201 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 18202 NL80211_ATTR_PAD) || 18203 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) || 18204 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL, 18205 ack_signal))) 18206 goto nla_put_failure; 18207 18208 genlmsg_end(msg, hdr); 18209 18210 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18211 NL80211_MCGRP_MLME, gfp); 18212 return; 18213 18214 nla_put_failure: 18215 nlmsg_free(msg); 18216} 18217EXPORT_SYMBOL(cfg80211_probe_status); 18218 18219void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame, 18220 size_t len, int freq, int sig_dbm) 18221{ 18222 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18223 struct sk_buff *msg; 18224 void *hdr; 18225 struct cfg80211_beacon_registration *reg; 18226 18227 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm); 18228 18229 spin_lock_bh(&rdev->beacon_registrations_lock); 18230 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 18231 msg = nlmsg_new(len + 100, GFP_ATOMIC); 18232 if (!msg) { 18233 spin_unlock_bh(&rdev->beacon_registrations_lock); 18234 return; 18235 } 18236 18237 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 18238 if (!hdr) 18239 goto nla_put_failure; 18240 18241 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18242 (freq && 18243 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 18244 KHZ_TO_MHZ(freq)) || 18245 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, 18246 freq % 1000))) || 18247 (sig_dbm && 18248 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 18249 nla_put(msg, NL80211_ATTR_FRAME, len, frame)) 18250 goto nla_put_failure; 18251 18252 genlmsg_end(msg, hdr); 18253 18254 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid); 18255 } 18256 spin_unlock_bh(&rdev->beacon_registrations_lock); 18257 return; 18258 18259 nla_put_failure: 18260 spin_unlock_bh(&rdev->beacon_registrations_lock); 18261 nlmsg_free(msg); 18262} 18263EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz); 18264 18265#ifdef CONFIG_PM 18266static int cfg80211_net_detect_results(struct sk_buff *msg, 18267 struct cfg80211_wowlan_wakeup *wakeup) 18268{ 18269 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect; 18270 struct nlattr *nl_results, *nl_match, *nl_freqs; 18271 int i, j; 18272 18273 nl_results = nla_nest_start_noflag(msg, 18274 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS); 18275 if (!nl_results) 18276 return -EMSGSIZE; 18277 18278 for (i = 0; i < nd->n_matches; i++) { 18279 struct cfg80211_wowlan_nd_match *match = nd->matches[i]; 18280 18281 nl_match = nla_nest_start_noflag(msg, i); 18282 if (!nl_match) 18283 break; 18284 18285 /* The SSID attribute is optional in nl80211, but for 18286 * simplicity reasons it's always present in the 18287 * cfg80211 structure. If a driver can't pass the 18288 * SSID, that needs to be changed. A zero length SSID 18289 * is still a valid SSID (wildcard), so it cannot be 18290 * used for this purpose. 18291 */ 18292 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len, 18293 match->ssid.ssid)) { 18294 nla_nest_cancel(msg, nl_match); 18295 goto out; 18296 } 18297 18298 if (match->n_channels) { 18299 nl_freqs = nla_nest_start_noflag(msg, 18300 NL80211_ATTR_SCAN_FREQUENCIES); 18301 if (!nl_freqs) { 18302 nla_nest_cancel(msg, nl_match); 18303 goto out; 18304 } 18305 18306 for (j = 0; j < match->n_channels; j++) { 18307 if (nla_put_u32(msg, j, match->channels[j])) { 18308 nla_nest_cancel(msg, nl_freqs); 18309 nla_nest_cancel(msg, nl_match); 18310 goto out; 18311 } 18312 } 18313 18314 nla_nest_end(msg, nl_freqs); 18315 } 18316 18317 nla_nest_end(msg, nl_match); 18318 } 18319 18320out: 18321 nla_nest_end(msg, nl_results); 18322 return 0; 18323} 18324 18325void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev, 18326 struct cfg80211_wowlan_wakeup *wakeup, 18327 gfp_t gfp) 18328{ 18329 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 18330 struct sk_buff *msg; 18331 void *hdr; 18332 int size = 200; 18333 18334 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup); 18335 18336 if (wakeup) 18337 size += wakeup->packet_present_len; 18338 18339 msg = nlmsg_new(size, gfp); 18340 if (!msg) 18341 return; 18342 18343 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN); 18344 if (!hdr) 18345 goto free_msg; 18346 18347 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18348 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 18349 NL80211_ATTR_PAD)) 18350 goto free_msg; 18351 18352 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 18353 wdev->netdev->ifindex)) 18354 goto free_msg; 18355 18356 if (wakeup) { 18357 struct nlattr *reasons; 18358 18359 reasons = nla_nest_start_noflag(msg, 18360 NL80211_ATTR_WOWLAN_TRIGGERS); 18361 if (!reasons) 18362 goto free_msg; 18363 18364 if (wakeup->disconnect && 18365 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) 18366 goto free_msg; 18367 if (wakeup->magic_pkt && 18368 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) 18369 goto free_msg; 18370 if (wakeup->gtk_rekey_failure && 18371 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) 18372 goto free_msg; 18373 if (wakeup->eap_identity_req && 18374 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) 18375 goto free_msg; 18376 if (wakeup->four_way_handshake && 18377 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) 18378 goto free_msg; 18379 if (wakeup->rfkill_release && 18380 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)) 18381 goto free_msg; 18382 18383 if (wakeup->pattern_idx >= 0 && 18384 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 18385 wakeup->pattern_idx)) 18386 goto free_msg; 18387 18388 if (wakeup->tcp_match && 18389 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH)) 18390 goto free_msg; 18391 18392 if (wakeup->tcp_connlost && 18393 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST)) 18394 goto free_msg; 18395 18396 if (wakeup->tcp_nomoretokens && 18397 nla_put_flag(msg, 18398 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS)) 18399 goto free_msg; 18400 18401 if (wakeup->packet) { 18402 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211; 18403 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN; 18404 18405 if (!wakeup->packet_80211) { 18406 pkt_attr = 18407 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023; 18408 len_attr = 18409 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN; 18410 } 18411 18412 if (wakeup->packet_len && 18413 nla_put_u32(msg, len_attr, wakeup->packet_len)) 18414 goto free_msg; 18415 18416 if (nla_put(msg, pkt_attr, wakeup->packet_present_len, 18417 wakeup->packet)) 18418 goto free_msg; 18419 } 18420 18421 if (wakeup->net_detect && 18422 cfg80211_net_detect_results(msg, wakeup)) 18423 goto free_msg; 18424 18425 nla_nest_end(msg, reasons); 18426 } 18427 18428 genlmsg_end(msg, hdr); 18429 18430 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18431 NL80211_MCGRP_MLME, gfp); 18432 return; 18433 18434 free_msg: 18435 nlmsg_free(msg); 18436} 18437EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup); 18438#endif 18439 18440void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer, 18441 enum nl80211_tdls_operation oper, 18442 u16 reason_code, gfp_t gfp) 18443{ 18444 struct wireless_dev *wdev = dev->ieee80211_ptr; 18445 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 18446 struct sk_buff *msg; 18447 void *hdr; 18448 18449 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper, 18450 reason_code); 18451 18452 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18453 if (!msg) 18454 return; 18455 18456 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER); 18457 if (!hdr) { 18458 nlmsg_free(msg); 18459 return; 18460 } 18461 18462 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18463 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 18464 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) || 18465 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) || 18466 (reason_code > 0 && 18467 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code))) 18468 goto nla_put_failure; 18469 18470 genlmsg_end(msg, hdr); 18471 18472 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18473 NL80211_MCGRP_MLME, gfp); 18474 return; 18475 18476 nla_put_failure: 18477 nlmsg_free(msg); 18478} 18479EXPORT_SYMBOL(cfg80211_tdls_oper_request); 18480 18481static int nl80211_netlink_notify(struct notifier_block * nb, 18482 unsigned long state, 18483 void *_notify) 18484{ 18485 struct netlink_notify *notify = _notify; 18486 struct cfg80211_registered_device *rdev; 18487 struct wireless_dev *wdev; 18488 struct cfg80211_beacon_registration *reg, *tmp; 18489 18490 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC) 18491 return NOTIFY_DONE; 18492 18493 rcu_read_lock(); 18494 18495 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 18496 struct cfg80211_sched_scan_request *sched_scan_req; 18497 18498 list_for_each_entry_rcu(sched_scan_req, 18499 &rdev->sched_scan_req_list, 18500 list) { 18501 if (sched_scan_req->owner_nlportid == notify->portid) { 18502 sched_scan_req->nl_owner_dead = true; 18503 schedule_work(&rdev->sched_scan_stop_wk); 18504 } 18505 } 18506 18507 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) { 18508 cfg80211_mlme_unregister_socket(wdev, notify->portid); 18509 18510 if (wdev->owner_nlportid == notify->portid) { 18511 wdev->nl_owner_dead = true; 18512 schedule_work(&rdev->destroy_work); 18513 } else if (wdev->conn_owner_nlportid == notify->portid) { 18514 schedule_work(&wdev->disconnect_wk); 18515 } 18516 18517 cfg80211_release_pmsr(wdev, notify->portid); 18518 } 18519 18520 spin_lock_bh(&rdev->beacon_registrations_lock); 18521 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations, 18522 list) { 18523 if (reg->nlportid == notify->portid) { 18524 list_del(®->list); 18525 kfree(reg); 18526 break; 18527 } 18528 } 18529 spin_unlock_bh(&rdev->beacon_registrations_lock); 18530 } 18531 18532 rcu_read_unlock(); 18533 18534 /* 18535 * It is possible that the user space process that is controlling the 18536 * indoor setting disappeared, so notify the regulatory core. 18537 */ 18538 regulatory_netlink_notify(notify->portid); 18539 return NOTIFY_OK; 18540} 18541 18542static struct notifier_block nl80211_netlink_notifier = { 18543 .notifier_call = nl80211_netlink_notify, 18544}; 18545 18546void cfg80211_ft_event(struct net_device *netdev, 18547 struct cfg80211_ft_event_params *ft_event) 18548{ 18549 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy; 18550 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18551 struct sk_buff *msg; 18552 void *hdr; 18553 18554 trace_cfg80211_ft_event(wiphy, netdev, ft_event); 18555 18556 if (!ft_event->target_ap) 18557 return; 18558 18559 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len, 18560 GFP_KERNEL); 18561 if (!msg) 18562 return; 18563 18564 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT); 18565 if (!hdr) 18566 goto out; 18567 18568 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18569 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18570 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap)) 18571 goto out; 18572 18573 if (ft_event->ies && 18574 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies)) 18575 goto out; 18576 if (ft_event->ric_ies && 18577 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len, 18578 ft_event->ric_ies)) 18579 goto out; 18580 18581 genlmsg_end(msg, hdr); 18582 18583 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18584 NL80211_MCGRP_MLME, GFP_KERNEL); 18585 return; 18586 out: 18587 nlmsg_free(msg); 18588} 18589EXPORT_SYMBOL(cfg80211_ft_event); 18590 18591void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp) 18592{ 18593 struct cfg80211_registered_device *rdev; 18594 struct sk_buff *msg; 18595 void *hdr; 18596 u32 nlportid; 18597 18598 rdev = wiphy_to_rdev(wdev->wiphy); 18599 if (!rdev->crit_proto_nlportid) 18600 return; 18601 18602 nlportid = rdev->crit_proto_nlportid; 18603 rdev->crit_proto_nlportid = 0; 18604 18605 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18606 if (!msg) 18607 return; 18608 18609 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP); 18610 if (!hdr) 18611 goto nla_put_failure; 18612 18613 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18614 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 18615 NL80211_ATTR_PAD)) 18616 goto nla_put_failure; 18617 18618 genlmsg_end(msg, hdr); 18619 18620 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 18621 return; 18622 18623 nla_put_failure: 18624 nlmsg_free(msg); 18625} 18626EXPORT_SYMBOL(cfg80211_crit_proto_stopped); 18627 18628void nl80211_send_ap_stopped(struct wireless_dev *wdev) 18629{ 18630 struct wiphy *wiphy = wdev->wiphy; 18631 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18632 struct sk_buff *msg; 18633 void *hdr; 18634 18635 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 18636 if (!msg) 18637 return; 18638 18639 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP); 18640 if (!hdr) 18641 goto out; 18642 18643 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18644 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) || 18645 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 18646 NL80211_ATTR_PAD)) 18647 goto out; 18648 18649 genlmsg_end(msg, hdr); 18650 18651 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0, 18652 NL80211_MCGRP_MLME, GFP_KERNEL); 18653 return; 18654 out: 18655 nlmsg_free(msg); 18656} 18657 18658int cfg80211_external_auth_request(struct net_device *dev, 18659 struct cfg80211_external_auth_params *params, 18660 gfp_t gfp) 18661{ 18662 struct wireless_dev *wdev = dev->ieee80211_ptr; 18663 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 18664 struct sk_buff *msg; 18665 void *hdr; 18666 18667 if (!wdev->conn_owner_nlportid) 18668 return -EINVAL; 18669 18670 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18671 if (!msg) 18672 return -ENOMEM; 18673 18674 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH); 18675 if (!hdr) 18676 goto nla_put_failure; 18677 18678 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18679 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 18680 nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) || 18681 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION, 18682 params->action) || 18683 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) || 18684 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len, 18685 params->ssid.ssid)) 18686 goto nla_put_failure; 18687 18688 genlmsg_end(msg, hdr); 18689 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 18690 wdev->conn_owner_nlportid); 18691 return 0; 18692 18693 nla_put_failure: 18694 nlmsg_free(msg); 18695 return -ENOBUFS; 18696} 18697EXPORT_SYMBOL(cfg80211_external_auth_request); 18698 18699void cfg80211_update_owe_info_event(struct net_device *netdev, 18700 struct cfg80211_update_owe_info *owe_info, 18701 gfp_t gfp) 18702{ 18703 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy; 18704 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18705 struct sk_buff *msg; 18706 void *hdr; 18707 18708 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info); 18709 18710 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18711 if (!msg) 18712 return; 18713 18714 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO); 18715 if (!hdr) 18716 goto nla_put_failure; 18717 18718 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18719 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18720 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer)) 18721 goto nla_put_failure; 18722 18723 if (!owe_info->ie_len || 18724 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie)) 18725 goto nla_put_failure; 18726 18727 genlmsg_end(msg, hdr); 18728 18729 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18730 NL80211_MCGRP_MLME, gfp); 18731 return; 18732 18733nla_put_failure: 18734 genlmsg_cancel(msg, hdr); 18735 nlmsg_free(msg); 18736} 18737EXPORT_SYMBOL(cfg80211_update_owe_info_event); 18738 18739/* initialisation/exit functions */ 18740 18741int __init nl80211_init(void) 18742{ 18743 int err; 18744 18745 err = genl_register_family(&nl80211_fam); 18746 if (err) 18747 return err; 18748 18749 err = netlink_register_notifier(&nl80211_netlink_notifier); 18750 if (err) 18751 goto err_out; 18752 18753 return 0; 18754 err_out: 18755 genl_unregister_family(&nl80211_fam); 18756 return err; 18757} 18758 18759void nl80211_exit(void) 18760{ 18761 netlink_unregister_notifier(&nl80211_netlink_notifier); 18762 genl_unregister_family(&nl80211_fam); 18763}