aboutsummaryrefslogtreecommitdiffstats
path: root/net/wireless/nl80211.c
diff options
context:
space:
mode:
authorWe-unite <3205135446@qq.com>2025-03-08 22:04:20 +0800
committerWe-unite <3205135446@qq.com>2025-03-08 22:04:20 +0800
commita07bb8fd1299070229f0e8f3dcb57ffd5ef9870a (patch)
tree84f21bd0bf7071bc5fc7dd989e77d7ceb5476682 /net/wireless/nl80211.c
downloadohosKernel-a07bb8fd1299070229f0e8f3dcb57ffd5ef9870a.tar.gz
ohosKernel-a07bb8fd1299070229f0e8f3dcb57ffd5ef9870a.zip
Initial commit: OpenHarmony-v4.0-ReleaseOpenHarmony-v4.0-Release
Diffstat (limited to 'net/wireless/nl80211.c')
-rw-r--r--net/wireless/nl80211.c17863
1 files changed, 17863 insertions, 0 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
new file mode 100644
index 000000000..8a7f0c8fb
--- /dev/null
+++ b/net/wireless/nl80211.c
@@ -0,0 +1,17863 @@
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * This is the new netlink-based wireless configuration interface.
4 *
5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 * Copyright 2015-2017 Intel Deutschland GmbH
8 * Copyright (C) 2018-2021 Intel Corporation
9 */
10
11#include <linux/if.h>
12#include <linux/module.h>
13#include <linux/err.h>
14#include <linux/slab.h>
15#include <linux/list.h>
16#include <linux/if_ether.h>
17#include <linux/ieee80211.h>
18#include <linux/nl80211.h>
19#include <linux/rtnetlink.h>
20#include <linux/netlink.h>
21#include <linux/nospec.h>
22#include <linux/etherdevice.h>
23#include <linux/if_vlan.h>
24#include <net/net_namespace.h>
25#include <net/genetlink.h>
26#include <net/cfg80211.h>
27#include <net/sock.h>
28#include <net/inet_connection_sock.h>
29#include "core.h"
30#include "nl80211.h"
31#include "reg.h"
32#include "rdev-ops.h"
33
34static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
35 struct genl_info *info,
36 struct cfg80211_crypto_settings *settings,
37 int cipher_limit);
38
39/* the netlink family */
40static struct genl_family nl80211_fam;
41
42/* multicast groups */
43enum nl80211_multicast_groups {
44 NL80211_MCGRP_CONFIG,
45 NL80211_MCGRP_SCAN,
46 NL80211_MCGRP_REGULATORY,
47 NL80211_MCGRP_MLME,
48 NL80211_MCGRP_VENDOR,
49 NL80211_MCGRP_NAN,
50 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
51};
52
53static const struct genl_multicast_group nl80211_mcgrps[] = {
54 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
55 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
56 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
57 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
58 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
59 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
60#ifdef CONFIG_NL80211_TESTMODE
61 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
62#endif
63};
64
65/* returns ERR_PTR values */
66static struct wireless_dev *
67__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
68{
69 struct cfg80211_registered_device *rdev;
70 struct wireless_dev *result = NULL;
71 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
72 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
73 u64 wdev_id;
74 int wiphy_idx = -1;
75 int ifidx = -1;
76
77 ASSERT_RTNL();
78
79 if (!have_ifidx && !have_wdev_id)
80 return ERR_PTR(-EINVAL);
81
82 if (have_ifidx)
83 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
84 if (have_wdev_id) {
85 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
86 wiphy_idx = wdev_id >> 32;
87 }
88
89 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
90 struct wireless_dev *wdev;
91
92 if (wiphy_net(&rdev->wiphy) != netns)
93 continue;
94
95 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
96 continue;
97
98 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
99 if (have_ifidx && wdev->netdev &&
100 wdev->netdev->ifindex == ifidx) {
101 result = wdev;
102 break;
103 }
104 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
105 result = wdev;
106 break;
107 }
108 }
109
110 if (result)
111 break;
112 }
113
114 if (result)
115 return result;
116 return ERR_PTR(-ENODEV);
117}
118
119static struct cfg80211_registered_device *
120__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
121{
122 struct cfg80211_registered_device *rdev = NULL, *tmp;
123 struct net_device *netdev;
124
125 ASSERT_RTNL();
126
127 if (!attrs[NL80211_ATTR_WIPHY] &&
128 !attrs[NL80211_ATTR_IFINDEX] &&
129 !attrs[NL80211_ATTR_WDEV])
130 return ERR_PTR(-EINVAL);
131
132 if (attrs[NL80211_ATTR_WIPHY])
133 rdev = cfg80211_rdev_by_wiphy_idx(
134 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
135
136 if (attrs[NL80211_ATTR_WDEV]) {
137 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
138 struct wireless_dev *wdev;
139 bool found = false;
140
141 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
142 if (tmp) {
143 /* make sure wdev exists */
144 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
145 if (wdev->identifier != (u32)wdev_id)
146 continue;
147 found = true;
148 break;
149 }
150
151 if (!found)
152 tmp = NULL;
153
154 if (rdev && tmp != rdev)
155 return ERR_PTR(-EINVAL);
156 rdev = tmp;
157 }
158 }
159
160 if (attrs[NL80211_ATTR_IFINDEX]) {
161 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
162
163 netdev = __dev_get_by_index(netns, ifindex);
164 if (netdev) {
165 if (netdev->ieee80211_ptr)
166 tmp = wiphy_to_rdev(
167 netdev->ieee80211_ptr->wiphy);
168 else
169 tmp = NULL;
170
171 /* not wireless device -- return error */
172 if (!tmp)
173 return ERR_PTR(-EINVAL);
174
175 /* mismatch -- return error */
176 if (rdev && tmp != rdev)
177 return ERR_PTR(-EINVAL);
178
179 rdev = tmp;
180 }
181 }
182
183 if (!rdev)
184 return ERR_PTR(-ENODEV);
185
186 if (netns != wiphy_net(&rdev->wiphy))
187 return ERR_PTR(-ENODEV);
188
189 return rdev;
190}
191
192/*
193 * This function returns a pointer to the driver
194 * that the genl_info item that is passed refers to.
195 *
196 * The result of this can be a PTR_ERR and hence must
197 * be checked with IS_ERR() for errors.
198 */
199static struct cfg80211_registered_device *
200cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
201{
202 return __cfg80211_rdev_from_attrs(netns, info->attrs);
203}
204
205static int validate_beacon_head(const struct nlattr *attr,
206 struct netlink_ext_ack *extack)
207{
208 const u8 *data = nla_data(attr);
209 unsigned int len = nla_len(attr);
210 const struct element *elem;
211 const struct ieee80211_mgmt *mgmt = (void *)data;
212 unsigned int fixedlen, hdrlen;
213 bool s1g_bcn;
214
215 if (len < offsetofend(typeof(*mgmt), frame_control))
216 goto err;
217
218 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
219 if (s1g_bcn) {
220 fixedlen = offsetof(struct ieee80211_ext,
221 u.s1g_beacon.variable);
222 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
223 } else {
224 fixedlen = offsetof(struct ieee80211_mgmt,
225 u.beacon.variable);
226 hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
227 }
228
229 if (len < fixedlen)
230 goto err;
231
232 if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
233 goto err;
234
235 data += fixedlen;
236 len -= fixedlen;
237
238 for_each_element(elem, data, len) {
239 /* nothing */
240 }
241
242 if (for_each_element_completed(elem, data, len))
243 return 0;
244
245err:
246 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
247 return -EINVAL;
248}
249
250static int validate_ie_attr(const struct nlattr *attr,
251 struct netlink_ext_ack *extack)
252{
253 const u8 *data = nla_data(attr);
254 unsigned int len = nla_len(attr);
255 const struct element *elem;
256
257 for_each_element(elem, data, len) {
258 /* nothing */
259 }
260
261 if (for_each_element_completed(elem, data, len))
262 return 0;
263
264 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
265 return -EINVAL;
266}
267
268/* policy for the attributes */
269static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
270
271static const struct nla_policy
272nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
273 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
274 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
275 .len = U8_MAX },
276 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
277 .len = U8_MAX },
278};
279
280static const struct nla_policy
281nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
282 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
283 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
284 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
285 NLA_POLICY_MAX(NLA_U8, 15),
286 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
287 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
288 NLA_POLICY_MAX(NLA_U8, 15),
289 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
290 NLA_POLICY_MAX(NLA_U8, 31),
291 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
292 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
293 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
294 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
295 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
296};
297
298static const struct nla_policy
299nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
300 [NL80211_PMSR_TYPE_FTM] =
301 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
302};
303
304static const struct nla_policy
305nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
306 [NL80211_PMSR_REQ_ATTR_DATA] =
307 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
308 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
309};
310
311static const struct nla_policy
312nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
313 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
314 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
315 [NL80211_PMSR_PEER_ATTR_REQ] =
316 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
317 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
318};
319
320static const struct nla_policy
321nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
322 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
323 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
324 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
325 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
326 [NL80211_PMSR_ATTR_PEERS] =
327 NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
328};
329
330static const struct nla_policy
331he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
332 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
333 NLA_POLICY_RANGE(NLA_U8, 1, 20),
334 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
335 NLA_POLICY_RANGE(NLA_U8, 1, 20),
336 [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
337 NLA_POLICY_RANGE(NLA_U8, 1, 20),
338 [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
339 NLA_POLICY_EXACT_LEN(8),
340 [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
341 NLA_POLICY_EXACT_LEN(8),
342 [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
343};
344
345static const struct nla_policy
346he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
347 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
348 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
349 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
350};
351
352static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
353 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
354 .len = NL80211_MAX_SUPP_RATES },
355 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
356 .len = NL80211_MAX_SUPP_HT_RATES },
357 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
358 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
359 [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
360 [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8,
361 NL80211_RATE_INFO_HE_GI_0_8,
362 NL80211_RATE_INFO_HE_GI_3_2),
363 [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
364 NL80211_RATE_INFO_HE_1XLTF,
365 NL80211_RATE_INFO_HE_4XLTF),
366};
367
368static const struct nla_policy
369nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
370 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
371 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
372 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
373 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
374 [NL80211_TID_CONFIG_ATTR_NOACK] =
375 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
376 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
377 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
378 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
379 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
380 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
381 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
382 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
383 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
384 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
385 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
386 [NL80211_TID_CONFIG_ATTR_TX_RATE] =
387 NLA_POLICY_NESTED(nl80211_txattr_policy),
388};
389
390static const struct nla_policy
391nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
392 [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
393 [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
394 NLA_POLICY_RANGE(NLA_BINARY,
395 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
396 IEEE80211_MAX_DATA_LEN),
397};
398
399static const struct nla_policy
400nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
401 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
402 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
403 .len = IEEE80211_MAX_DATA_LEN }
404};
405
406static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
407 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
408 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
409 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
410 .len = 20-1 },
411 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
412
413 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
414 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
415 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
416 NL80211_EDMG_CHANNELS_MIN,
417 NL80211_EDMG_CHANNELS_MAX),
418 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
419 NL80211_EDMG_BW_CONFIG_MIN,
420 NL80211_EDMG_BW_CONFIG_MAX),
421
422 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
423 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
424 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
425 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
426
427 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
428 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
429 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
430 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
431 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
432 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
433
434 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
435 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
436 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
437
438 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
439 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
440
441 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
442 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
443 .len = WLAN_MAX_KEY_LEN },
444 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
445 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
446 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
447 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
448 [NL80211_ATTR_KEY_TYPE] =
449 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
450
451 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
452 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
453 [NL80211_ATTR_BEACON_HEAD] =
454 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
455 IEEE80211_MAX_DATA_LEN),
456 [NL80211_ATTR_BEACON_TAIL] =
457 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
458 IEEE80211_MAX_DATA_LEN),
459 [NL80211_ATTR_STA_AID] =
460 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
461 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
462 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
463 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
464 .len = NL80211_MAX_SUPP_RATES },
465 [NL80211_ATTR_STA_PLINK_ACTION] =
466 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
467 [NL80211_ATTR_STA_TX_POWER_SETTING] =
468 NLA_POLICY_RANGE(NLA_U8,
469 NL80211_TX_POWER_AUTOMATIC,
470 NL80211_TX_POWER_FIXED),
471 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
472 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
473 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
474 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
475 .len = IEEE80211_MAX_MESH_ID_LEN },
476 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
477
478 /* allow 3 for NUL-termination, we used to declare this NLA_STRING */
479 [NL80211_ATTR_REG_ALPHA2] = NLA_POLICY_RANGE(NLA_BINARY, 2, 3),
480 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
481
482 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
483 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
484 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
485 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
486 .len = NL80211_MAX_SUPP_RATES },
487 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
488
489 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
490 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
491
492 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
493
494 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
495 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
496 validate_ie_attr,
497 IEEE80211_MAX_DATA_LEN),
498 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
499 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
500
501 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
502 .len = IEEE80211_MAX_SSID_LEN },
503 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
504 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
505 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
506 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
507 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
508 NL80211_MFP_NO,
509 NL80211_MFP_OPTIONAL),
510 [NL80211_ATTR_STA_FLAGS2] = {
511 .len = sizeof(struct nl80211_sta_flag_update),
512 },
513 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
514 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
515 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
516 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
517 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
518 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
519 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
520 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
521 [NL80211_ATTR_PID] = { .type = NLA_U32 },
522 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
523 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
524 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
525 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
526 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
527 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
528 .len = IEEE80211_MAX_DATA_LEN },
529 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
530 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
531 NL80211_PS_DISABLED,
532 NL80211_PS_ENABLED),
533 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
534 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
535 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
536 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
537 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
538 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
539 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
540 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
541 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
542 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
543 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
544 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
545 [NL80211_ATTR_STA_PLINK_STATE] =
546 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
547 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
548 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
549 [NL80211_ATTR_MESH_PEER_AID] =
550 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
551 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
552 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
553 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
554 [NL80211_ATTR_HIDDEN_SSID] =
555 NLA_POLICY_RANGE(NLA_U32,
556 NL80211_HIDDEN_SSID_NOT_IN_USE,
557 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
558 [NL80211_ATTR_IE_PROBE_RESP] =
559 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
560 IEEE80211_MAX_DATA_LEN),
561 [NL80211_ATTR_IE_ASSOC_RESP] =
562 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
563 IEEE80211_MAX_DATA_LEN),
564 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
565 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
566 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
567 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
568 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
569 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
570 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
571 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
572 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
573 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
574 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
575 .len = IEEE80211_MAX_DATA_LEN },
576 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
577 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
578 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
579 .len = NL80211_HT_CAPABILITY_LEN
580 },
581 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
582 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
583 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
584 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
585 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
586
587 /* need to include at least Auth Transaction and Status Code */
588 [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
589
590 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
591 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
592 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
593 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
594 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
595 NLA_POLICY_RANGE(NLA_U32,
596 NL80211_MESH_POWER_UNKNOWN + 1,
597 NL80211_MESH_POWER_MAX),
598 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
599 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
600 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
601 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
602 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
603 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
604 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
605 .len = NL80211_VHT_CAPABILITY_LEN,
606 },
607 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
608 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
609 .len = IEEE80211_MAX_DATA_LEN },
610 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
611 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
612 NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
613 [NL80211_ATTR_PEER_AID] =
614 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
615 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
616 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
617 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
618 [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
619 [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
620 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
621 /*
622 * The value of the Length field of the Supported Operating
623 * Classes element is between 2 and 253.
624 */
625 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
626 NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
627 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
628 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
629 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
630 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
631 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
632 [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
633 IEEE80211_QOS_MAP_LEN_MIN,
634 IEEE80211_QOS_MAP_LEN_MAX),
635 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
636 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
637 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
638 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
639 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
640 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
641 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
642 [NL80211_ATTR_USER_PRIO] =
643 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
644 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
645 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
646 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
647 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
648 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
649 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
650 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
651 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
652 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
653 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
654 [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
655 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
656 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
657 .len = VHT_MUMIMO_GROUPS_DATA_LEN
658 },
659 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
660 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
661 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
662 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
663 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
664 .len = FILS_MAX_KEK_LEN },
665 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
666 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
667 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
668 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
669 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
670 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
671 },
672 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
673 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
674 .len = FILS_ERP_MAX_USERNAME_LEN },
675 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
676 .len = FILS_ERP_MAX_REALM_LEN },
677 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
678 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
679 .len = FILS_ERP_MAX_RRK_LEN },
680 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
681 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
682 [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
683 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
684 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
685
686 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
687 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
688 [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
689 [NL80211_ATTR_HE_CAPABILITY] =
690 NLA_POLICY_RANGE(NLA_BINARY,
691 NL80211_HE_MIN_CAPABILITY_LEN,
692 NL80211_HE_MAX_CAPABILITY_LEN),
693 [NL80211_ATTR_FTM_RESPONDER] =
694 NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
695 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
696 [NL80211_ATTR_PEER_MEASUREMENTS] =
697 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
698 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
699 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
700 .len = SAE_PASSWORD_MAX_LEN },
701 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
702 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
703 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
704 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
705 [NL80211_ATTR_TID_CONFIG] =
706 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
707 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
708 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
709 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
710 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
711 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
712 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
713 [NL80211_ATTR_HE_6GHZ_CAPABILITY] =
714 NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
715 [NL80211_ATTR_FILS_DISCOVERY] =
716 NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
717 [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
718 NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
719 [NL80211_ATTR_S1G_CAPABILITY] =
720 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
721 [NL80211_ATTR_S1G_CAPABILITY_MASK] =
722 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
723};
724
725/* policy for the key attributes */
726static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
727 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
728 [NL80211_KEY_IDX] = { .type = NLA_U8 },
729 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
730 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
731 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
732 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
733 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
734 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
735 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
736};
737
738/* policy for the key default flags */
739static const struct nla_policy
740nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
741 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
742 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
743};
744
745#ifdef CONFIG_PM
746/* policy for WoWLAN attributes */
747static const struct nla_policy
748nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
749 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
750 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
751 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
752 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
753 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
754 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
755 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
756 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
757 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
758 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
759};
760
761static const struct nla_policy
762nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
763 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
764 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
765 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
766 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
767 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
768 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
769 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
770 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
771 },
772 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
773 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
774 },
775 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
776 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
777 [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
778};
779#endif /* CONFIG_PM */
780
781/* policy for coalesce rule attributes */
782static const struct nla_policy
783nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
784 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
785 [NL80211_ATTR_COALESCE_RULE_CONDITION] =
786 NLA_POLICY_RANGE(NLA_U32,
787 NL80211_COALESCE_CONDITION_MATCH,
788 NL80211_COALESCE_CONDITION_NO_MATCH),
789 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
790};
791
792/* policy for GTK rekey offload attributes */
793static const struct nla_policy
794nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
795 [NL80211_REKEY_DATA_KEK] = {
796 .type = NLA_BINARY,
797 .len = NL80211_KEK_EXT_LEN
798 },
799 [NL80211_REKEY_DATA_KCK] = {
800 .type = NLA_BINARY,
801 .len = NL80211_KCK_EXT_LEN
802 },
803 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
804 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
805};
806
807static const struct nla_policy
808nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
809 [NL80211_BAND_2GHZ] = { .type = NLA_S32 },
810 [NL80211_BAND_5GHZ] = { .type = NLA_S32 },
811 [NL80211_BAND_6GHZ] = { .type = NLA_S32 },
812 [NL80211_BAND_60GHZ] = { .type = NLA_S32 },
813};
814
815static const struct nla_policy
816nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
817 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
818 .len = IEEE80211_MAX_SSID_LEN },
819 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
820 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
821 [NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
822 NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
823};
824
825static const struct nla_policy
826nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
827 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
828 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
829};
830
831static const struct nla_policy
832nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
833 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
834 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
835 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
836 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
837 },
838};
839
840/* policy for NAN function attributes */
841static const struct nla_policy
842nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
843 [NL80211_NAN_FUNC_TYPE] =
844 NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
845 [NL80211_NAN_FUNC_SERVICE_ID] = {
846 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
847 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
848 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
849 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
850 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
851 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
852 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
853 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
854 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
855 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
856 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
857 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
858 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
859 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
860 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
861 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
862};
863
864/* policy for Service Response Filter attributes */
865static const struct nla_policy
866nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
867 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
868 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
869 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
870 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
871 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
872};
873
874/* policy for packet pattern attributes */
875static const struct nla_policy
876nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
877 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
878 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
879 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
880};
881
882int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
883 struct cfg80211_registered_device **rdev,
884 struct wireless_dev **wdev)
885{
886 int err;
887
888 if (!cb->args[0]) {
889 struct nlattr **attrbuf;
890
891 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
892 GFP_KERNEL);
893 if (!attrbuf)
894 return -ENOMEM;
895
896 err = nlmsg_parse_deprecated(cb->nlh,
897 GENL_HDRLEN + nl80211_fam.hdrsize,
898 attrbuf, nl80211_fam.maxattr,
899 nl80211_policy, NULL);
900 if (err) {
901 kfree(attrbuf);
902 return err;
903 }
904
905 *wdev = __cfg80211_wdev_from_attrs(sock_net(cb->skb->sk),
906 attrbuf);
907 kfree(attrbuf);
908 if (IS_ERR(*wdev))
909 return PTR_ERR(*wdev);
910 *rdev = wiphy_to_rdev((*wdev)->wiphy);
911 /* 0 is the first index - add 1 to parse only once */
912 cb->args[0] = (*rdev)->wiphy_idx + 1;
913 cb->args[1] = (*wdev)->identifier;
914 } else {
915 /* subtract the 1 again here */
916 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
917 struct wireless_dev *tmp;
918
919 if (!wiphy)
920 return -ENODEV;
921 *rdev = wiphy_to_rdev(wiphy);
922 *wdev = NULL;
923
924 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
925 if (tmp->identifier == cb->args[1]) {
926 *wdev = tmp;
927 break;
928 }
929 }
930
931 if (!*wdev)
932 return -ENODEV;
933 }
934
935 return 0;
936}
937
938/* message building helper */
939void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
940 int flags, u8 cmd)
941{
942 /* since there is no private header just add the generic one */
943 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
944}
945
946static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
947 const struct ieee80211_reg_rule *rule)
948{
949 int j;
950 struct nlattr *nl_wmm_rules =
951 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
952
953 if (!nl_wmm_rules)
954 goto nla_put_failure;
955
956 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
957 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
958
959 if (!nl_wmm_rule)
960 goto nla_put_failure;
961
962 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
963 rule->wmm_rule.client[j].cw_min) ||
964 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
965 rule->wmm_rule.client[j].cw_max) ||
966 nla_put_u8(msg, NL80211_WMMR_AIFSN,
967 rule->wmm_rule.client[j].aifsn) ||
968 nla_put_u16(msg, NL80211_WMMR_TXOP,
969 rule->wmm_rule.client[j].cot))
970 goto nla_put_failure;
971
972 nla_nest_end(msg, nl_wmm_rule);
973 }
974 nla_nest_end(msg, nl_wmm_rules);
975
976 return 0;
977
978nla_put_failure:
979 return -ENOBUFS;
980}
981
982static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
983 struct ieee80211_channel *chan,
984 bool large)
985{
986 /* Some channels must be completely excluded from the
987 * list to protect old user-space tools from breaking
988 */
989 if (!large && chan->flags &
990 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
991 return 0;
992 if (!large && chan->freq_offset)
993 return 0;
994
995 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
996 chan->center_freq))
997 goto nla_put_failure;
998
999 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
1000 goto nla_put_failure;
1001
1002 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
1003 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
1004 goto nla_put_failure;
1005 if (chan->flags & IEEE80211_CHAN_NO_IR) {
1006 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
1007 goto nla_put_failure;
1008 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
1009 goto nla_put_failure;
1010 }
1011 if (chan->flags & IEEE80211_CHAN_RADAR) {
1012 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
1013 goto nla_put_failure;
1014 if (large) {
1015 u32 time;
1016
1017 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
1018
1019 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
1020 chan->dfs_state))
1021 goto nla_put_failure;
1022 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
1023 time))
1024 goto nla_put_failure;
1025 if (nla_put_u32(msg,
1026 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
1027 chan->dfs_cac_ms))
1028 goto nla_put_failure;
1029 }
1030 }
1031
1032 if (large) {
1033 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
1034 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
1035 goto nla_put_failure;
1036 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
1037 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
1038 goto nla_put_failure;
1039 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
1040 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
1041 goto nla_put_failure;
1042 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
1043 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
1044 goto nla_put_failure;
1045 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
1046 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
1047 goto nla_put_failure;
1048 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
1049 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
1050 goto nla_put_failure;
1051 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
1052 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
1053 goto nla_put_failure;
1054 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
1055 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
1056 goto nla_put_failure;
1057 if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1058 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1059 goto nla_put_failure;
1060 if ((chan->flags & IEEE80211_CHAN_1MHZ) &&
1061 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ))
1062 goto nla_put_failure;
1063 if ((chan->flags & IEEE80211_CHAN_2MHZ) &&
1064 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ))
1065 goto nla_put_failure;
1066 if ((chan->flags & IEEE80211_CHAN_4MHZ) &&
1067 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ))
1068 goto nla_put_failure;
1069 if ((chan->flags & IEEE80211_CHAN_8MHZ) &&
1070 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ))
1071 goto nla_put_failure;
1072 if ((chan->flags & IEEE80211_CHAN_16MHZ) &&
1073 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ))
1074 goto nla_put_failure;
1075 }
1076
1077 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1078 DBM_TO_MBM(chan->max_power)))
1079 goto nla_put_failure;
1080
1081 if (large) {
1082 const struct ieee80211_reg_rule *rule =
1083 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1084
1085 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1086 if (nl80211_msg_put_wmm_rules(msg, rule))
1087 goto nla_put_failure;
1088 }
1089 }
1090
1091 return 0;
1092
1093 nla_put_failure:
1094 return -ENOBUFS;
1095}
1096
1097static bool nl80211_put_txq_stats(struct sk_buff *msg,
1098 struct cfg80211_txq_stats *txqstats,
1099 int attrtype)
1100{
1101 struct nlattr *txqattr;
1102
1103#define PUT_TXQVAL_U32(attr, memb) do { \
1104 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
1105 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1106 return false; \
1107 } while (0)
1108
1109 txqattr = nla_nest_start_noflag(msg, attrtype);
1110 if (!txqattr)
1111 return false;
1112
1113 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1114 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1115 PUT_TXQVAL_U32(FLOWS, flows);
1116 PUT_TXQVAL_U32(DROPS, drops);
1117 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1118 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1119 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1120 PUT_TXQVAL_U32(COLLISIONS, collisions);
1121 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1122 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1123 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1124 nla_nest_end(msg, txqattr);
1125
1126#undef PUT_TXQVAL_U32
1127 return true;
1128}
1129
1130/* netlink command implementations */
1131
1132struct key_parse {
1133 struct key_params p;
1134 int idx;
1135 int type;
1136 bool def, defmgmt, defbeacon;
1137 bool def_uni, def_multi;
1138};
1139
1140static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1141 struct key_parse *k)
1142{
1143 struct nlattr *tb[NL80211_KEY_MAX + 1];
1144 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1145 nl80211_key_policy,
1146 info->extack);
1147 if (err)
1148 return err;
1149
1150 k->def = !!tb[NL80211_KEY_DEFAULT];
1151 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1152 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1153
1154 if (k->def) {
1155 k->def_uni = true;
1156 k->def_multi = true;
1157 }
1158 if (k->defmgmt || k->defbeacon)
1159 k->def_multi = true;
1160
1161 if (tb[NL80211_KEY_IDX])
1162 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1163
1164 if (tb[NL80211_KEY_DATA]) {
1165 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1166 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1167 }
1168
1169 if (tb[NL80211_KEY_SEQ]) {
1170 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1171 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1172 }
1173
1174 if (tb[NL80211_KEY_CIPHER])
1175 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1176
1177 if (tb[NL80211_KEY_TYPE])
1178 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1179
1180 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1181 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1182
1183 err = nla_parse_nested_deprecated(kdt,
1184 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1185 tb[NL80211_KEY_DEFAULT_TYPES],
1186 nl80211_key_default_policy,
1187 info->extack);
1188 if (err)
1189 return err;
1190
1191 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1192 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1193 }
1194
1195 if (tb[NL80211_KEY_MODE])
1196 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1197
1198 return 0;
1199}
1200
1201static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1202{
1203 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1204 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1205 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1206 }
1207
1208 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1209 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1210 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1211 }
1212
1213 if (info->attrs[NL80211_ATTR_KEY_IDX])
1214 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1215
1216 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1217 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1218
1219 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1220 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1221
1222 if (k->def) {
1223 k->def_uni = true;
1224 k->def_multi = true;
1225 }
1226 if (k->defmgmt)
1227 k->def_multi = true;
1228
1229 if (info->attrs[NL80211_ATTR_KEY_TYPE])
1230 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1231
1232 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1233 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1234 int err = nla_parse_nested_deprecated(kdt,
1235 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1236 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1237 nl80211_key_default_policy,
1238 info->extack);
1239 if (err)
1240 return err;
1241
1242 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1243 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1244 }
1245
1246 return 0;
1247}
1248
1249static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1250{
1251 int err;
1252
1253 memset(k, 0, sizeof(*k));
1254 k->idx = -1;
1255 k->type = -1;
1256
1257 if (info->attrs[NL80211_ATTR_KEY])
1258 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1259 else
1260 err = nl80211_parse_key_old(info, k);
1261
1262 if (err)
1263 return err;
1264
1265 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1266 (k->defbeacon ? 1 : 0) > 1) {
1267 GENL_SET_ERR_MSG(info,
1268 "key with multiple default flags is invalid");
1269 return -EINVAL;
1270 }
1271
1272 if (k->defmgmt || k->defbeacon) {
1273 if (k->def_uni || !k->def_multi) {
1274 GENL_SET_ERR_MSG(info,
1275 "defmgmt/defbeacon key must be mcast");
1276 return -EINVAL;
1277 }
1278 }
1279
1280 if (k->idx != -1) {
1281 if (k->defmgmt) {
1282 if (k->idx < 4 || k->idx > 5) {
1283 GENL_SET_ERR_MSG(info,
1284 "defmgmt key idx not 4 or 5");
1285 return -EINVAL;
1286 }
1287 } else if (k->defbeacon) {
1288 if (k->idx < 6 || k->idx > 7) {
1289 GENL_SET_ERR_MSG(info,
1290 "defbeacon key idx not 6 or 7");
1291 return -EINVAL;
1292 }
1293 } else if (k->def) {
1294 if (k->idx < 0 || k->idx > 3) {
1295 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1296 return -EINVAL;
1297 }
1298 } else {
1299 if (k->idx < 0 || k->idx > 7) {
1300 GENL_SET_ERR_MSG(info, "key idx not 0-7");
1301 return -EINVAL;
1302 }
1303 }
1304 }
1305
1306 return 0;
1307}
1308
1309static struct cfg80211_cached_keys *
1310nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1311 struct genl_info *info, bool *no_ht)
1312{
1313 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1314 struct key_parse parse;
1315 struct nlattr *key;
1316 struct cfg80211_cached_keys *result;
1317 int rem, err, def = 0;
1318 bool have_key = false;
1319
1320 nla_for_each_nested(key, keys, rem) {
1321 have_key = true;
1322 break;
1323 }
1324
1325 if (!have_key)
1326 return NULL;
1327
1328 result = kzalloc(sizeof(*result), GFP_KERNEL);
1329 if (!result)
1330 return ERR_PTR(-ENOMEM);
1331
1332 result->def = -1;
1333
1334 nla_for_each_nested(key, keys, rem) {
1335 memset(&parse, 0, sizeof(parse));
1336 parse.idx = -1;
1337
1338 err = nl80211_parse_key_new(info, key, &parse);
1339 if (err)
1340 goto error;
1341 err = -EINVAL;
1342 if (!parse.p.key)
1343 goto error;
1344 if (parse.idx < 0 || parse.idx > 3) {
1345 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1346 goto error;
1347 }
1348 if (parse.def) {
1349 if (def) {
1350 GENL_SET_ERR_MSG(info,
1351 "only one key can be default");
1352 goto error;
1353 }
1354 def = 1;
1355 result->def = parse.idx;
1356 if (!parse.def_uni || !parse.def_multi)
1357 goto error;
1358 } else if (parse.defmgmt)
1359 goto error;
1360 err = cfg80211_validate_key_settings(rdev, &parse.p,
1361 parse.idx, false, NULL);
1362 if (err)
1363 goto error;
1364 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1365 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1366 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1367 err = -EINVAL;
1368 goto error;
1369 }
1370 result->params[parse.idx].cipher = parse.p.cipher;
1371 result->params[parse.idx].key_len = parse.p.key_len;
1372 result->params[parse.idx].key = result->data[parse.idx];
1373 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1374
1375 /* must be WEP key if we got here */
1376 if (no_ht)
1377 *no_ht = true;
1378 }
1379
1380 if (result->def < 0) {
1381 err = -EINVAL;
1382 GENL_SET_ERR_MSG(info, "need a default/TX key");
1383 goto error;
1384 }
1385
1386 return result;
1387 error:
1388 kfree(result);
1389 return ERR_PTR(err);
1390}
1391
1392static int nl80211_key_allowed(struct wireless_dev *wdev)
1393{
1394 ASSERT_WDEV_LOCK(wdev);
1395
1396 switch (wdev->iftype) {
1397 case NL80211_IFTYPE_AP:
1398 case NL80211_IFTYPE_AP_VLAN:
1399 case NL80211_IFTYPE_P2P_GO:
1400 case NL80211_IFTYPE_MESH_POINT:
1401 break;
1402 case NL80211_IFTYPE_ADHOC:
1403 case NL80211_IFTYPE_STATION:
1404 case NL80211_IFTYPE_P2P_CLIENT:
1405 if (!wdev->current_bss)
1406 return -ENOLINK;
1407 break;
1408 case NL80211_IFTYPE_UNSPECIFIED:
1409 case NL80211_IFTYPE_OCB:
1410 case NL80211_IFTYPE_MONITOR:
1411 case NL80211_IFTYPE_NAN:
1412 case NL80211_IFTYPE_P2P_DEVICE:
1413 case NL80211_IFTYPE_WDS:
1414 case NUM_NL80211_IFTYPES:
1415 return -EINVAL;
1416 }
1417
1418 return 0;
1419}
1420
1421static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1422 u32 freq)
1423{
1424 struct ieee80211_channel *chan;
1425
1426 chan = ieee80211_get_channel_khz(wiphy, freq);
1427 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1428 return NULL;
1429 return chan;
1430}
1431
1432static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1433{
1434 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1435 int i;
1436
1437 if (!nl_modes)
1438 goto nla_put_failure;
1439
1440 i = 0;
1441 while (ifmodes) {
1442 if ((ifmodes & 1) && nla_put_flag(msg, i))
1443 goto nla_put_failure;
1444 ifmodes >>= 1;
1445 i++;
1446 }
1447
1448 nla_nest_end(msg, nl_modes);
1449 return 0;
1450
1451nla_put_failure:
1452 return -ENOBUFS;
1453}
1454
1455static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1456 struct sk_buff *msg,
1457 bool large)
1458{
1459 struct nlattr *nl_combis;
1460 int i, j;
1461
1462 nl_combis = nla_nest_start_noflag(msg,
1463 NL80211_ATTR_INTERFACE_COMBINATIONS);
1464 if (!nl_combis)
1465 goto nla_put_failure;
1466
1467 for (i = 0; i < wiphy->n_iface_combinations; i++) {
1468 const struct ieee80211_iface_combination *c;
1469 struct nlattr *nl_combi, *nl_limits;
1470
1471 c = &wiphy->iface_combinations[i];
1472
1473 nl_combi = nla_nest_start_noflag(msg, i + 1);
1474 if (!nl_combi)
1475 goto nla_put_failure;
1476
1477 nl_limits = nla_nest_start_noflag(msg,
1478 NL80211_IFACE_COMB_LIMITS);
1479 if (!nl_limits)
1480 goto nla_put_failure;
1481
1482 for (j = 0; j < c->n_limits; j++) {
1483 struct nlattr *nl_limit;
1484
1485 nl_limit = nla_nest_start_noflag(msg, j + 1);
1486 if (!nl_limit)
1487 goto nla_put_failure;
1488 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1489 c->limits[j].max))
1490 goto nla_put_failure;
1491 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1492 c->limits[j].types))
1493 goto nla_put_failure;
1494 nla_nest_end(msg, nl_limit);
1495 }
1496
1497 nla_nest_end(msg, nl_limits);
1498
1499 if (c->beacon_int_infra_match &&
1500 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1501 goto nla_put_failure;
1502 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1503 c->num_different_channels) ||
1504 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1505 c->max_interfaces))
1506 goto nla_put_failure;
1507 if (large &&
1508 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1509 c->radar_detect_widths) ||
1510 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1511 c->radar_detect_regions)))
1512 goto nla_put_failure;
1513 if (c->beacon_int_min_gcd &&
1514 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1515 c->beacon_int_min_gcd))
1516 goto nla_put_failure;
1517
1518 nla_nest_end(msg, nl_combi);
1519 }
1520
1521 nla_nest_end(msg, nl_combis);
1522
1523 return 0;
1524nla_put_failure:
1525 return -ENOBUFS;
1526}
1527
1528#ifdef CONFIG_PM
1529static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1530 struct sk_buff *msg)
1531{
1532 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1533 struct nlattr *nl_tcp;
1534
1535 if (!tcp)
1536 return 0;
1537
1538 nl_tcp = nla_nest_start_noflag(msg,
1539 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1540 if (!nl_tcp)
1541 return -ENOBUFS;
1542
1543 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1544 tcp->data_payload_max))
1545 return -ENOBUFS;
1546
1547 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1548 tcp->data_payload_max))
1549 return -ENOBUFS;
1550
1551 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1552 return -ENOBUFS;
1553
1554 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1555 sizeof(*tcp->tok), tcp->tok))
1556 return -ENOBUFS;
1557
1558 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1559 tcp->data_interval_max))
1560 return -ENOBUFS;
1561
1562 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1563 tcp->wake_payload_max))
1564 return -ENOBUFS;
1565
1566 nla_nest_end(msg, nl_tcp);
1567 return 0;
1568}
1569
1570static int nl80211_send_wowlan(struct sk_buff *msg,
1571 struct cfg80211_registered_device *rdev,
1572 bool large)
1573{
1574 struct nlattr *nl_wowlan;
1575
1576 if (!rdev->wiphy.wowlan)
1577 return 0;
1578
1579 nl_wowlan = nla_nest_start_noflag(msg,
1580 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1581 if (!nl_wowlan)
1582 return -ENOBUFS;
1583
1584 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1585 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1586 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1587 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1588 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1589 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1590 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1591 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1592 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1593 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1594 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1595 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1596 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1597 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1598 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1599 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1600 return -ENOBUFS;
1601
1602 if (rdev->wiphy.wowlan->n_patterns) {
1603 struct nl80211_pattern_support pat = {
1604 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1605 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1606 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1607 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1608 };
1609
1610 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1611 sizeof(pat), &pat))
1612 return -ENOBUFS;
1613 }
1614
1615 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1616 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1617 rdev->wiphy.wowlan->max_nd_match_sets))
1618 return -ENOBUFS;
1619
1620 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1621 return -ENOBUFS;
1622
1623 nla_nest_end(msg, nl_wowlan);
1624
1625 return 0;
1626}
1627#endif
1628
1629static int nl80211_send_coalesce(struct sk_buff *msg,
1630 struct cfg80211_registered_device *rdev)
1631{
1632 struct nl80211_coalesce_rule_support rule;
1633
1634 if (!rdev->wiphy.coalesce)
1635 return 0;
1636
1637 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1638 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1639 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1640 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1641 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1642 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1643
1644 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1645 return -ENOBUFS;
1646
1647 return 0;
1648}
1649
1650static int
1651nl80211_send_iftype_data(struct sk_buff *msg,
1652 const struct ieee80211_supported_band *sband,
1653 const struct ieee80211_sband_iftype_data *iftdata)
1654{
1655 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1656
1657 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1658 iftdata->types_mask))
1659 return -ENOBUFS;
1660
1661 if (he_cap->has_he) {
1662 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1663 sizeof(he_cap->he_cap_elem.mac_cap_info),
1664 he_cap->he_cap_elem.mac_cap_info) ||
1665 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1666 sizeof(he_cap->he_cap_elem.phy_cap_info),
1667 he_cap->he_cap_elem.phy_cap_info) ||
1668 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1669 sizeof(he_cap->he_mcs_nss_supp),
1670 &he_cap->he_mcs_nss_supp) ||
1671 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1672 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1673 return -ENOBUFS;
1674 }
1675
1676 if (sband->band == NL80211_BAND_6GHZ &&
1677 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
1678 sizeof(iftdata->he_6ghz_capa),
1679 &iftdata->he_6ghz_capa))
1680 return -ENOBUFS;
1681
1682 return 0;
1683}
1684
1685static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1686 struct ieee80211_supported_band *sband,
1687 bool large)
1688{
1689 struct nlattr *nl_rates, *nl_rate;
1690 struct ieee80211_rate *rate;
1691 int i;
1692
1693 /* add HT info */
1694 if (sband->ht_cap.ht_supported &&
1695 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1696 sizeof(sband->ht_cap.mcs),
1697 &sband->ht_cap.mcs) ||
1698 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1699 sband->ht_cap.cap) ||
1700 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1701 sband->ht_cap.ampdu_factor) ||
1702 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1703 sband->ht_cap.ampdu_density)))
1704 return -ENOBUFS;
1705
1706 /* add VHT info */
1707 if (sband->vht_cap.vht_supported &&
1708 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1709 sizeof(sband->vht_cap.vht_mcs),
1710 &sband->vht_cap.vht_mcs) ||
1711 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1712 sband->vht_cap.cap)))
1713 return -ENOBUFS;
1714
1715 if (large && sband->n_iftype_data) {
1716 struct nlattr *nl_iftype_data =
1717 nla_nest_start_noflag(msg,
1718 NL80211_BAND_ATTR_IFTYPE_DATA);
1719 int err;
1720
1721 if (!nl_iftype_data)
1722 return -ENOBUFS;
1723
1724 for (i = 0; i < sband->n_iftype_data; i++) {
1725 struct nlattr *iftdata;
1726
1727 iftdata = nla_nest_start_noflag(msg, i + 1);
1728 if (!iftdata)
1729 return -ENOBUFS;
1730
1731 err = nl80211_send_iftype_data(msg, sband,
1732 &sband->iftype_data[i]);
1733 if (err)
1734 return err;
1735
1736 nla_nest_end(msg, iftdata);
1737 }
1738
1739 nla_nest_end(msg, nl_iftype_data);
1740 }
1741
1742 /* add EDMG info */
1743 if (large && sband->edmg_cap.channels &&
1744 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1745 sband->edmg_cap.channels) ||
1746 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1747 sband->edmg_cap.bw_config)))
1748
1749 return -ENOBUFS;
1750
1751 /* add bitrates */
1752 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1753 if (!nl_rates)
1754 return -ENOBUFS;
1755
1756 for (i = 0; i < sband->n_bitrates; i++) {
1757 nl_rate = nla_nest_start_noflag(msg, i);
1758 if (!nl_rate)
1759 return -ENOBUFS;
1760
1761 rate = &sband->bitrates[i];
1762 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1763 rate->bitrate))
1764 return -ENOBUFS;
1765 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1766 nla_put_flag(msg,
1767 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1768 return -ENOBUFS;
1769
1770 nla_nest_end(msg, nl_rate);
1771 }
1772
1773 nla_nest_end(msg, nl_rates);
1774
1775 return 0;
1776}
1777
1778static int
1779nl80211_send_mgmt_stypes(struct sk_buff *msg,
1780 const struct ieee80211_txrx_stypes *mgmt_stypes)
1781{
1782 u16 stypes;
1783 struct nlattr *nl_ftypes, *nl_ifs;
1784 enum nl80211_iftype ift;
1785 int i;
1786
1787 if (!mgmt_stypes)
1788 return 0;
1789
1790 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1791 if (!nl_ifs)
1792 return -ENOBUFS;
1793
1794 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1795 nl_ftypes = nla_nest_start_noflag(msg, ift);
1796 if (!nl_ftypes)
1797 return -ENOBUFS;
1798 i = 0;
1799 stypes = mgmt_stypes[ift].tx;
1800 while (stypes) {
1801 if ((stypes & 1) &&
1802 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1803 (i << 4) | IEEE80211_FTYPE_MGMT))
1804 return -ENOBUFS;
1805 stypes >>= 1;
1806 i++;
1807 }
1808 nla_nest_end(msg, nl_ftypes);
1809 }
1810
1811 nla_nest_end(msg, nl_ifs);
1812
1813 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1814 if (!nl_ifs)
1815 return -ENOBUFS;
1816
1817 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1818 nl_ftypes = nla_nest_start_noflag(msg, ift);
1819 if (!nl_ftypes)
1820 return -ENOBUFS;
1821 i = 0;
1822 stypes = mgmt_stypes[ift].rx;
1823 while (stypes) {
1824 if ((stypes & 1) &&
1825 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1826 (i << 4) | IEEE80211_FTYPE_MGMT))
1827 return -ENOBUFS;
1828 stypes >>= 1;
1829 i++;
1830 }
1831 nla_nest_end(msg, nl_ftypes);
1832 }
1833 nla_nest_end(msg, nl_ifs);
1834
1835 return 0;
1836}
1837
1838#define CMD(op, n) \
1839 do { \
1840 if (rdev->ops->op) { \
1841 i++; \
1842 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1843 goto nla_put_failure; \
1844 } \
1845 } while (0)
1846
1847static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1848 struct sk_buff *msg)
1849{
1850 int i = 0;
1851
1852 /*
1853 * do *NOT* add anything into this function, new things need to be
1854 * advertised only to new versions of userspace that can deal with
1855 * the split (and they can't possibly care about new features...
1856 */
1857 CMD(add_virtual_intf, NEW_INTERFACE);
1858 CMD(change_virtual_intf, SET_INTERFACE);
1859 CMD(add_key, NEW_KEY);
1860 CMD(start_ap, START_AP);
1861 CMD(add_station, NEW_STATION);
1862 CMD(add_mpath, NEW_MPATH);
1863 CMD(update_mesh_config, SET_MESH_CONFIG);
1864 CMD(change_bss, SET_BSS);
1865 CMD(auth, AUTHENTICATE);
1866 CMD(assoc, ASSOCIATE);
1867 CMD(deauth, DEAUTHENTICATE);
1868 CMD(disassoc, DISASSOCIATE);
1869 CMD(join_ibss, JOIN_IBSS);
1870 CMD(join_mesh, JOIN_MESH);
1871 CMD(set_pmksa, SET_PMKSA);
1872 CMD(del_pmksa, DEL_PMKSA);
1873 CMD(flush_pmksa, FLUSH_PMKSA);
1874 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1875 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1876 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1877 CMD(mgmt_tx, FRAME);
1878 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1879 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1880 i++;
1881 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1882 goto nla_put_failure;
1883 }
1884 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1885 rdev->ops->join_mesh) {
1886 i++;
1887 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1888 goto nla_put_failure;
1889 }
1890 CMD(set_wds_peer, SET_WDS_PEER);
1891 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1892 CMD(tdls_mgmt, TDLS_MGMT);
1893 CMD(tdls_oper, TDLS_OPER);
1894 }
1895 if (rdev->wiphy.max_sched_scan_reqs)
1896 CMD(sched_scan_start, START_SCHED_SCAN);
1897 CMD(probe_client, PROBE_CLIENT);
1898 CMD(set_noack_map, SET_NOACK_MAP);
1899 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1900 i++;
1901 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1902 goto nla_put_failure;
1903 }
1904 CMD(start_p2p_device, START_P2P_DEVICE);
1905 CMD(set_mcast_rate, SET_MCAST_RATE);
1906#ifdef CONFIG_NL80211_TESTMODE
1907 CMD(testmode_cmd, TESTMODE);
1908#endif
1909
1910 if (rdev->ops->connect || rdev->ops->auth) {
1911 i++;
1912 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1913 goto nla_put_failure;
1914 }
1915
1916 if (rdev->ops->disconnect || rdev->ops->deauth) {
1917 i++;
1918 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1919 goto nla_put_failure;
1920 }
1921
1922 return i;
1923 nla_put_failure:
1924 return -ENOBUFS;
1925}
1926
1927static int
1928nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1929 struct sk_buff *msg)
1930{
1931 struct nlattr *ftm;
1932
1933 if (!cap->ftm.supported)
1934 return 0;
1935
1936 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1937 if (!ftm)
1938 return -ENOBUFS;
1939
1940 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1941 return -ENOBUFS;
1942 if (cap->ftm.non_asap &&
1943 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
1944 return -ENOBUFS;
1945 if (cap->ftm.request_lci &&
1946 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
1947 return -ENOBUFS;
1948 if (cap->ftm.request_civicloc &&
1949 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
1950 return -ENOBUFS;
1951 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
1952 cap->ftm.preambles))
1953 return -ENOBUFS;
1954 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
1955 cap->ftm.bandwidths))
1956 return -ENOBUFS;
1957 if (cap->ftm.max_bursts_exponent >= 0 &&
1958 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
1959 cap->ftm.max_bursts_exponent))
1960 return -ENOBUFS;
1961 if (cap->ftm.max_ftms_per_burst &&
1962 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
1963 cap->ftm.max_ftms_per_burst))
1964 return -ENOBUFS;
1965 if (cap->ftm.trigger_based &&
1966 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
1967 return -ENOBUFS;
1968 if (cap->ftm.non_trigger_based &&
1969 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
1970 return -ENOBUFS;
1971
1972 nla_nest_end(msg, ftm);
1973 return 0;
1974}
1975
1976static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
1977 struct sk_buff *msg)
1978{
1979 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
1980 struct nlattr *pmsr, *caps;
1981
1982 if (!cap)
1983 return 0;
1984
1985 /*
1986 * we don't need to clean up anything here since the caller
1987 * will genlmsg_cancel() if we fail
1988 */
1989
1990 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
1991 if (!pmsr)
1992 return -ENOBUFS;
1993
1994 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
1995 return -ENOBUFS;
1996
1997 if (cap->report_ap_tsf &&
1998 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
1999 return -ENOBUFS;
2000
2001 if (cap->randomize_mac_addr &&
2002 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
2003 return -ENOBUFS;
2004
2005 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
2006 if (!caps)
2007 return -ENOBUFS;
2008
2009 if (nl80211_send_pmsr_ftm_capa(cap, msg))
2010 return -ENOBUFS;
2011
2012 nla_nest_end(msg, caps);
2013 nla_nest_end(msg, pmsr);
2014
2015 return 0;
2016}
2017
2018static int
2019nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
2020 struct sk_buff *msg)
2021{
2022 int i;
2023 struct nlattr *nested, *nested_akms;
2024 const struct wiphy_iftype_akm_suites *iftype_akms;
2025
2026 if (!rdev->wiphy.num_iftype_akm_suites ||
2027 !rdev->wiphy.iftype_akm_suites)
2028 return 0;
2029
2030 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
2031 if (!nested)
2032 return -ENOBUFS;
2033
2034 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
2035 nested_akms = nla_nest_start(msg, i + 1);
2036 if (!nested_akms)
2037 return -ENOBUFS;
2038
2039 iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
2040
2041 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
2042 iftype_akms->iftypes_mask))
2043 return -ENOBUFS;
2044
2045 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
2046 sizeof(u32) * iftype_akms->n_akm_suites,
2047 iftype_akms->akm_suites)) {
2048 return -ENOBUFS;
2049 }
2050 nla_nest_end(msg, nested_akms);
2051 }
2052
2053 nla_nest_end(msg, nested);
2054
2055 return 0;
2056}
2057
2058static int
2059nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
2060 struct sk_buff *msg)
2061{
2062 struct nlattr *supp;
2063
2064 if (!rdev->wiphy.tid_config_support.vif &&
2065 !rdev->wiphy.tid_config_support.peer)
2066 return 0;
2067
2068 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
2069 if (!supp)
2070 return -ENOSPC;
2071
2072 if (rdev->wiphy.tid_config_support.vif &&
2073 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
2074 rdev->wiphy.tid_config_support.vif,
2075 NL80211_TID_CONFIG_ATTR_PAD))
2076 goto fail;
2077
2078 if (rdev->wiphy.tid_config_support.peer &&
2079 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
2080 rdev->wiphy.tid_config_support.peer,
2081 NL80211_TID_CONFIG_ATTR_PAD))
2082 goto fail;
2083
2084 /* for now we just use the same value ... makes more sense */
2085 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2086 rdev->wiphy.tid_config_support.max_retry))
2087 goto fail;
2088 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2089 rdev->wiphy.tid_config_support.max_retry))
2090 goto fail;
2091
2092 nla_nest_end(msg, supp);
2093
2094 return 0;
2095fail:
2096 nla_nest_cancel(msg, supp);
2097 return -ENOBUFS;
2098}
2099
2100struct nl80211_dump_wiphy_state {
2101 s64 filter_wiphy;
2102 long start;
2103 long split_start, band_start, chan_start, capa_start;
2104 bool split;
2105};
2106
2107static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2108 enum nl80211_commands cmd,
2109 struct sk_buff *msg, u32 portid, u32 seq,
2110 int flags, struct nl80211_dump_wiphy_state *state)
2111{
2112 void *hdr;
2113 struct nlattr *nl_bands, *nl_band;
2114 struct nlattr *nl_freqs, *nl_freq;
2115 struct nlattr *nl_cmds;
2116 enum nl80211_band band;
2117 struct ieee80211_channel *chan;
2118 int i;
2119 const struct ieee80211_txrx_stypes *mgmt_stypes =
2120 rdev->wiphy.mgmt_stypes;
2121 u32 features;
2122
2123 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2124 if (!hdr)
2125 return -ENOBUFS;
2126
2127 if (WARN_ON(!state))
2128 return -EINVAL;
2129
2130 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2131 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2132 wiphy_name(&rdev->wiphy)) ||
2133 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2134 cfg80211_rdev_list_generation))
2135 goto nla_put_failure;
2136
2137 if (cmd != NL80211_CMD_NEW_WIPHY)
2138 goto finish;
2139
2140 switch (state->split_start) {
2141 case 0:
2142 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2143 rdev->wiphy.retry_short) ||
2144 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2145 rdev->wiphy.retry_long) ||
2146 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2147 rdev->wiphy.frag_threshold) ||
2148 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2149 rdev->wiphy.rts_threshold) ||
2150 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2151 rdev->wiphy.coverage_class) ||
2152 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2153 rdev->wiphy.max_scan_ssids) ||
2154 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2155 rdev->wiphy.max_sched_scan_ssids) ||
2156 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2157 rdev->wiphy.max_scan_ie_len) ||
2158 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2159 rdev->wiphy.max_sched_scan_ie_len) ||
2160 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2161 rdev->wiphy.max_match_sets))
2162 goto nla_put_failure;
2163
2164 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2165 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2166 goto nla_put_failure;
2167 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2168 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2169 goto nla_put_failure;
2170 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2171 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2172 goto nla_put_failure;
2173 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2174 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2175 goto nla_put_failure;
2176 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2177 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2178 goto nla_put_failure;
2179 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2180 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2181 goto nla_put_failure;
2182 state->split_start++;
2183 if (state->split)
2184 break;
2185 fallthrough;
2186 case 1:
2187 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2188 sizeof(u32) * rdev->wiphy.n_cipher_suites,
2189 rdev->wiphy.cipher_suites))
2190 goto nla_put_failure;
2191
2192 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2193 rdev->wiphy.max_num_pmkids))
2194 goto nla_put_failure;
2195
2196 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2197 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2198 goto nla_put_failure;
2199
2200 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2201 rdev->wiphy.available_antennas_tx) ||
2202 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2203 rdev->wiphy.available_antennas_rx))
2204 goto nla_put_failure;
2205
2206 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2207 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2208 rdev->wiphy.probe_resp_offload))
2209 goto nla_put_failure;
2210
2211 if ((rdev->wiphy.available_antennas_tx ||
2212 rdev->wiphy.available_antennas_rx) &&
2213 rdev->ops->get_antenna) {
2214 u32 tx_ant = 0, rx_ant = 0;
2215 int res;
2216
2217 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2218 if (!res) {
2219 if (nla_put_u32(msg,
2220 NL80211_ATTR_WIPHY_ANTENNA_TX,
2221 tx_ant) ||
2222 nla_put_u32(msg,
2223 NL80211_ATTR_WIPHY_ANTENNA_RX,
2224 rx_ant))
2225 goto nla_put_failure;
2226 }
2227 }
2228
2229 state->split_start++;
2230 if (state->split)
2231 break;
2232 fallthrough;
2233 case 2:
2234 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2235 rdev->wiphy.interface_modes))
2236 goto nla_put_failure;
2237 state->split_start++;
2238 if (state->split)
2239 break;
2240 fallthrough;
2241 case 3:
2242 nl_bands = nla_nest_start_noflag(msg,
2243 NL80211_ATTR_WIPHY_BANDS);
2244 if (!nl_bands)
2245 goto nla_put_failure;
2246
2247 for (band = state->band_start;
2248 band < NUM_NL80211_BANDS; band++) {
2249 struct ieee80211_supported_band *sband;
2250
2251 /* omit higher bands for ancient software */
2252 if (band > NL80211_BAND_5GHZ && !state->split)
2253 break;
2254
2255 sband = rdev->wiphy.bands[band];
2256
2257 if (!sband)
2258 continue;
2259
2260 nl_band = nla_nest_start_noflag(msg, band);
2261 if (!nl_band)
2262 goto nla_put_failure;
2263
2264 switch (state->chan_start) {
2265 case 0:
2266 if (nl80211_send_band_rateinfo(msg, sband,
2267 state->split))
2268 goto nla_put_failure;
2269 state->chan_start++;
2270 if (state->split)
2271 break;
2272 fallthrough;
2273 default:
2274 /* add frequencies */
2275 nl_freqs = nla_nest_start_noflag(msg,
2276 NL80211_BAND_ATTR_FREQS);
2277 if (!nl_freqs)
2278 goto nla_put_failure;
2279
2280 for (i = state->chan_start - 1;
2281 i < sband->n_channels;
2282 i++) {
2283 nl_freq = nla_nest_start_noflag(msg,
2284 i);
2285 if (!nl_freq)
2286 goto nla_put_failure;
2287
2288 chan = &sband->channels[i];
2289
2290 if (nl80211_msg_put_channel(
2291 msg, &rdev->wiphy, chan,
2292 state->split))
2293 goto nla_put_failure;
2294
2295 nla_nest_end(msg, nl_freq);
2296 if (state->split)
2297 break;
2298 }
2299 if (i < sband->n_channels)
2300 state->chan_start = i + 2;
2301 else
2302 state->chan_start = 0;
2303 nla_nest_end(msg, nl_freqs);
2304 }
2305
2306 nla_nest_end(msg, nl_band);
2307
2308 if (state->split) {
2309 /* start again here */
2310 if (state->chan_start)
2311 band--;
2312 break;
2313 }
2314 }
2315 nla_nest_end(msg, nl_bands);
2316
2317 if (band < NUM_NL80211_BANDS)
2318 state->band_start = band + 1;
2319 else
2320 state->band_start = 0;
2321
2322 /* if bands & channels are done, continue outside */
2323 if (state->band_start == 0 && state->chan_start == 0)
2324 state->split_start++;
2325 if (state->split)
2326 break;
2327 fallthrough;
2328 case 4:
2329 nl_cmds = nla_nest_start_noflag(msg,
2330 NL80211_ATTR_SUPPORTED_COMMANDS);
2331 if (!nl_cmds)
2332 goto nla_put_failure;
2333
2334 i = nl80211_add_commands_unsplit(rdev, msg);
2335 if (i < 0)
2336 goto nla_put_failure;
2337 if (state->split) {
2338 CMD(crit_proto_start, CRIT_PROTOCOL_START);
2339 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2340 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2341 CMD(channel_switch, CHANNEL_SWITCH);
2342 CMD(set_qos_map, SET_QOS_MAP);
2343 if (rdev->wiphy.features &
2344 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2345 CMD(add_tx_ts, ADD_TX_TS);
2346 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2347 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2348 CMD(update_ft_ies, UPDATE_FT_IES);
2349 }
2350#undef CMD
2351
2352 nla_nest_end(msg, nl_cmds);
2353 state->split_start++;
2354 if (state->split)
2355 break;
2356 fallthrough;
2357 case 5:
2358 if (rdev->ops->remain_on_channel &&
2359 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2360 nla_put_u32(msg,
2361 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2362 rdev->wiphy.max_remain_on_channel_duration))
2363 goto nla_put_failure;
2364
2365 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2366 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2367 goto nla_put_failure;
2368
2369 state->split_start++;
2370 if (state->split)
2371 break;
2372 fallthrough;
2373 case 6:
2374#ifdef CONFIG_PM
2375 if (nl80211_send_wowlan(msg, rdev, state->split))
2376 goto nla_put_failure;
2377 state->split_start++;
2378 if (state->split)
2379 break;
2380#else
2381 state->split_start++;
2382#endif
2383 fallthrough;
2384 case 7:
2385 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2386 rdev->wiphy.software_iftypes))
2387 goto nla_put_failure;
2388
2389 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2390 state->split))
2391 goto nla_put_failure;
2392
2393 state->split_start++;
2394 if (state->split)
2395 break;
2396 fallthrough;
2397 case 8:
2398 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2399 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2400 rdev->wiphy.ap_sme_capa))
2401 goto nla_put_failure;
2402
2403 features = rdev->wiphy.features;
2404 /*
2405 * We can only add the per-channel limit information if the
2406 * dump is split, otherwise it makes it too big. Therefore
2407 * only advertise it in that case.
2408 */
2409 if (state->split)
2410 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2411 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2412 goto nla_put_failure;
2413
2414 if (rdev->wiphy.ht_capa_mod_mask &&
2415 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2416 sizeof(*rdev->wiphy.ht_capa_mod_mask),
2417 rdev->wiphy.ht_capa_mod_mask))
2418 goto nla_put_failure;
2419
2420 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2421 rdev->wiphy.max_acl_mac_addrs &&
2422 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2423 rdev->wiphy.max_acl_mac_addrs))
2424 goto nla_put_failure;
2425
2426 /*
2427 * Any information below this point is only available to
2428 * applications that can deal with it being split. This
2429 * helps ensure that newly added capabilities don't break
2430 * older tools by overrunning their buffers.
2431 *
2432 * We still increment split_start so that in the split
2433 * case we'll continue with more data in the next round,
2434 * but break unconditionally so unsplit data stops here.
2435 */
2436 if (state->split)
2437 state->split_start++;
2438 else
2439 state->split_start = 0;
2440 break;
2441 case 9:
2442 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2443 goto nla_put_failure;
2444
2445 if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
2446 rdev->wiphy.max_sched_scan_plans) ||
2447 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
2448 rdev->wiphy.max_sched_scan_plan_interval) ||
2449 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
2450 rdev->wiphy.max_sched_scan_plan_iterations))
2451 goto nla_put_failure;
2452
2453 if (rdev->wiphy.extended_capabilities &&
2454 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2455 rdev->wiphy.extended_capabilities_len,
2456 rdev->wiphy.extended_capabilities) ||
2457 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2458 rdev->wiphy.extended_capabilities_len,
2459 rdev->wiphy.extended_capabilities_mask)))
2460 goto nla_put_failure;
2461
2462 if (rdev->wiphy.vht_capa_mod_mask &&
2463 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2464 sizeof(*rdev->wiphy.vht_capa_mod_mask),
2465 rdev->wiphy.vht_capa_mod_mask))
2466 goto nla_put_failure;
2467
2468 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2469 rdev->wiphy.perm_addr))
2470 goto nla_put_failure;
2471
2472 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2473 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2474 rdev->wiphy.addr_mask))
2475 goto nla_put_failure;
2476
2477 if (rdev->wiphy.n_addresses > 1) {
2478 void *attr;
2479
2480 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2481 if (!attr)
2482 goto nla_put_failure;
2483
2484 for (i = 0; i < rdev->wiphy.n_addresses; i++)
2485 if (nla_put(msg, i + 1, ETH_ALEN,
2486 rdev->wiphy.addresses[i].addr))
2487 goto nla_put_failure;
2488
2489 nla_nest_end(msg, attr);
2490 }
2491
2492 state->split_start++;
2493 break;
2494 case 10:
2495 if (nl80211_send_coalesce(msg, rdev))
2496 goto nla_put_failure;
2497
2498 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2499 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2500 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2501 goto nla_put_failure;
2502
2503 if (rdev->wiphy.max_ap_assoc_sta &&
2504 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2505 rdev->wiphy.max_ap_assoc_sta))
2506 goto nla_put_failure;
2507
2508 state->split_start++;
2509 break;
2510 case 11:
2511 if (rdev->wiphy.n_vendor_commands) {
2512 const struct nl80211_vendor_cmd_info *info;
2513 struct nlattr *nested;
2514
2515 nested = nla_nest_start_noflag(msg,
2516 NL80211_ATTR_VENDOR_DATA);
2517 if (!nested)
2518 goto nla_put_failure;
2519
2520 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2521 info = &rdev->wiphy.vendor_commands[i].info;
2522 if (nla_put(msg, i + 1, sizeof(*info), info))
2523 goto nla_put_failure;
2524 }
2525 nla_nest_end(msg, nested);
2526 }
2527
2528 if (rdev->wiphy.n_vendor_events) {
2529 const struct nl80211_vendor_cmd_info *info;
2530 struct nlattr *nested;
2531
2532 nested = nla_nest_start_noflag(msg,
2533 NL80211_ATTR_VENDOR_EVENTS);
2534 if (!nested)
2535 goto nla_put_failure;
2536
2537 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2538 info = &rdev->wiphy.vendor_events[i];
2539 if (nla_put(msg, i + 1, sizeof(*info), info))
2540 goto nla_put_failure;
2541 }
2542 nla_nest_end(msg, nested);
2543 }
2544 state->split_start++;
2545 break;
2546 case 12:
2547 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2548 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2549 rdev->wiphy.max_num_csa_counters))
2550 goto nla_put_failure;
2551
2552 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2553 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2554 goto nla_put_failure;
2555
2556 if (rdev->wiphy.max_sched_scan_reqs &&
2557 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2558 rdev->wiphy.max_sched_scan_reqs))
2559 goto nla_put_failure;
2560
2561 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2562 sizeof(rdev->wiphy.ext_features),
2563 rdev->wiphy.ext_features))
2564 goto nla_put_failure;
2565
2566 if (rdev->wiphy.bss_select_support) {
2567 struct nlattr *nested;
2568 u32 bss_select_support = rdev->wiphy.bss_select_support;
2569
2570 nested = nla_nest_start_noflag(msg,
2571 NL80211_ATTR_BSS_SELECT);
2572 if (!nested)
2573 goto nla_put_failure;
2574
2575 i = 0;
2576 while (bss_select_support) {
2577 if ((bss_select_support & 1) &&
2578 nla_put_flag(msg, i))
2579 goto nla_put_failure;
2580 i++;
2581 bss_select_support >>= 1;
2582 }
2583 nla_nest_end(msg, nested);
2584 }
2585
2586 state->split_start++;
2587 break;
2588 case 13:
2589 if (rdev->wiphy.num_iftype_ext_capab &&
2590 rdev->wiphy.iftype_ext_capab) {
2591 struct nlattr *nested_ext_capab, *nested;
2592
2593 nested = nla_nest_start_noflag(msg,
2594 NL80211_ATTR_IFTYPE_EXT_CAPA);
2595 if (!nested)
2596 goto nla_put_failure;
2597
2598 for (i = state->capa_start;
2599 i < rdev->wiphy.num_iftype_ext_capab; i++) {
2600 const struct wiphy_iftype_ext_capab *capab;
2601
2602 capab = &rdev->wiphy.iftype_ext_capab[i];
2603
2604 nested_ext_capab = nla_nest_start_noflag(msg,
2605 i);
2606 if (!nested_ext_capab ||
2607 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2608 capab->iftype) ||
2609 nla_put(msg, NL80211_ATTR_EXT_CAPA,
2610 capab->extended_capabilities_len,
2611 capab->extended_capabilities) ||
2612 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2613 capab->extended_capabilities_len,
2614 capab->extended_capabilities_mask))
2615 goto nla_put_failure;
2616
2617 nla_nest_end(msg, nested_ext_capab);
2618 if (state->split)
2619 break;
2620 }
2621 nla_nest_end(msg, nested);
2622 if (i < rdev->wiphy.num_iftype_ext_capab) {
2623 state->capa_start = i + 1;
2624 break;
2625 }
2626 }
2627
2628 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2629 rdev->wiphy.nan_supported_bands))
2630 goto nla_put_failure;
2631
2632 if (wiphy_ext_feature_isset(&rdev->wiphy,
2633 NL80211_EXT_FEATURE_TXQS)) {
2634 struct cfg80211_txq_stats txqstats = {};
2635 int res;
2636
2637 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2638 if (!res &&
2639 !nl80211_put_txq_stats(msg, &txqstats,
2640 NL80211_ATTR_TXQ_STATS))
2641 goto nla_put_failure;
2642
2643 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2644 rdev->wiphy.txq_limit))
2645 goto nla_put_failure;
2646 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2647 rdev->wiphy.txq_memory_limit))
2648 goto nla_put_failure;
2649 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2650 rdev->wiphy.txq_quantum))
2651 goto nla_put_failure;
2652 }
2653
2654 state->split_start++;
2655 break;
2656 case 14:
2657 if (nl80211_send_pmsr_capa(rdev, msg))
2658 goto nla_put_failure;
2659
2660 state->split_start++;
2661 break;
2662 case 15:
2663 if (rdev->wiphy.akm_suites &&
2664 nla_put(msg, NL80211_ATTR_AKM_SUITES,
2665 sizeof(u32) * rdev->wiphy.n_akm_suites,
2666 rdev->wiphy.akm_suites))
2667 goto nla_put_failure;
2668
2669 if (nl80211_put_iftype_akm_suites(rdev, msg))
2670 goto nla_put_failure;
2671
2672 if (nl80211_put_tid_config_support(rdev, msg))
2673 goto nla_put_failure;
2674
2675 /* done */
2676 state->split_start = 0;
2677 break;
2678 }
2679 finish:
2680 genlmsg_end(msg, hdr);
2681 return 0;
2682
2683 nla_put_failure:
2684 genlmsg_cancel(msg, hdr);
2685 return -EMSGSIZE;
2686}
2687
2688static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2689 struct netlink_callback *cb,
2690 struct nl80211_dump_wiphy_state *state)
2691{
2692 struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
2693 int ret;
2694
2695 if (!tb)
2696 return -ENOMEM;
2697
2698 ret = nlmsg_parse_deprecated(cb->nlh,
2699 GENL_HDRLEN + nl80211_fam.hdrsize,
2700 tb, nl80211_fam.maxattr,
2701 nl80211_policy, NULL);
2702 /* ignore parse errors for backward compatibility */
2703 if (ret) {
2704 ret = 0;
2705 goto out;
2706 }
2707
2708 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2709 if (tb[NL80211_ATTR_WIPHY])
2710 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2711 if (tb[NL80211_ATTR_WDEV])
2712 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2713 if (tb[NL80211_ATTR_IFINDEX]) {
2714 struct net_device *netdev;
2715 struct cfg80211_registered_device *rdev;
2716 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2717
2718 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2719 if (!netdev) {
2720 ret = -ENODEV;
2721 goto out;
2722 }
2723 if (netdev->ieee80211_ptr) {
2724 rdev = wiphy_to_rdev(
2725 netdev->ieee80211_ptr->wiphy);
2726 state->filter_wiphy = rdev->wiphy_idx;
2727 }
2728 }
2729
2730 ret = 0;
2731out:
2732 kfree(tb);
2733 return ret;
2734}
2735
2736static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2737{
2738 int idx = 0, ret;
2739 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2740 struct cfg80211_registered_device *rdev;
2741
2742 rtnl_lock();
2743 if (!state) {
2744 state = kzalloc(sizeof(*state), GFP_KERNEL);
2745 if (!state) {
2746 rtnl_unlock();
2747 return -ENOMEM;
2748 }
2749 state->filter_wiphy = -1;
2750 ret = nl80211_dump_wiphy_parse(skb, cb, state);
2751 if (ret) {
2752 kfree(state);
2753 rtnl_unlock();
2754 return ret;
2755 }
2756 cb->args[0] = (long)state;
2757 }
2758
2759 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2760 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2761 continue;
2762 if (++idx <= state->start)
2763 continue;
2764 if (state->filter_wiphy != -1 &&
2765 state->filter_wiphy != rdev->wiphy_idx)
2766 continue;
2767 /* attempt to fit multiple wiphy data chunks into the skb */
2768 do {
2769 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2770 skb,
2771 NETLINK_CB(cb->skb).portid,
2772 cb->nlh->nlmsg_seq,
2773 NLM_F_MULTI, state);
2774 if (ret < 0) {
2775 /*
2776 * If sending the wiphy data didn't fit (ENOBUFS
2777 * or EMSGSIZE returned), this SKB is still
2778 * empty (so it's not too big because another
2779 * wiphy dataset is already in the skb) and
2780 * we've not tried to adjust the dump allocation
2781 * yet ... then adjust the alloc size to be
2782 * bigger, and return 1 but with the empty skb.
2783 * This results in an empty message being RX'ed
2784 * in userspace, but that is ignored.
2785 *
2786 * We can then retry with the larger buffer.
2787 */
2788 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2789 !skb->len && !state->split &&
2790 cb->min_dump_alloc < 4096) {
2791 cb->min_dump_alloc = 4096;
2792 state->split_start = 0;
2793 rtnl_unlock();
2794 return 1;
2795 }
2796 idx--;
2797 break;
2798 }
2799 } while (state->split_start > 0);
2800 break;
2801 }
2802 rtnl_unlock();
2803
2804 state->start = idx;
2805
2806 return skb->len;
2807}
2808
2809static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2810{
2811 kfree((void *)cb->args[0]);
2812 return 0;
2813}
2814
2815static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2816{
2817 struct sk_buff *msg;
2818 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2819 struct nl80211_dump_wiphy_state state = {};
2820
2821 msg = nlmsg_new(4096, GFP_KERNEL);
2822 if (!msg)
2823 return -ENOMEM;
2824
2825 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2826 info->snd_portid, info->snd_seq, 0,
2827 &state) < 0) {
2828 nlmsg_free(msg);
2829 return -ENOBUFS;
2830 }
2831
2832 return genlmsg_reply(msg, info);
2833}
2834
2835static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2836 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
2837 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
2838 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
2839 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
2840 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
2841};
2842
2843static int parse_txq_params(struct nlattr *tb[],
2844 struct ieee80211_txq_params *txq_params)
2845{
2846 u8 ac;
2847
2848 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2849 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2850 !tb[NL80211_TXQ_ATTR_AIFS])
2851 return -EINVAL;
2852
2853 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2854 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2855 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2856 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2857 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2858
2859 if (ac >= NL80211_NUM_ACS)
2860 return -EINVAL;
2861 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2862 return 0;
2863}
2864
2865static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2866{
2867 /*
2868 * You can only set the channel explicitly for WDS interfaces,
2869 * all others have their channel managed via their respective
2870 * "establish a connection" command (connect, join, ...)
2871 *
2872 * For AP/GO and mesh mode, the channel can be set with the
2873 * channel userspace API, but is only stored and passed to the
2874 * low-level driver when the AP starts or the mesh is joined.
2875 * This is for backward compatibility, userspace can also give
2876 * the channel in the start-ap or join-mesh commands instead.
2877 *
2878 * Monitors are special as they are normally slaved to
2879 * whatever else is going on, so they have their own special
2880 * operation to set the monitor channel if possible.
2881 */
2882 return !wdev ||
2883 wdev->iftype == NL80211_IFTYPE_AP ||
2884 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2885 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2886 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2887}
2888
2889int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2890 struct genl_info *info,
2891 struct cfg80211_chan_def *chandef)
2892{
2893 struct netlink_ext_ack *extack = info->extack;
2894 struct nlattr **attrs = info->attrs;
2895 u32 control_freq;
2896
2897 if (!attrs[NL80211_ATTR_WIPHY_FREQ])
2898 return -EINVAL;
2899
2900 control_freq = MHZ_TO_KHZ(
2901 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
2902 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
2903 control_freq +=
2904 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
2905
2906 memset(chandef, 0, sizeof(*chandef));
2907 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
2908 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2909 chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
2910 chandef->freq1_offset = control_freq % 1000;
2911 chandef->center_freq2 = 0;
2912
2913 /* Primary channel not allowed */
2914 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
2915 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
2916 "Channel is disabled");
2917 return -EINVAL;
2918 }
2919
2920 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2921 enum nl80211_channel_type chantype;
2922
2923 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2924
2925 switch (chantype) {
2926 case NL80211_CHAN_NO_HT:
2927 case NL80211_CHAN_HT20:
2928 case NL80211_CHAN_HT40PLUS:
2929 case NL80211_CHAN_HT40MINUS:
2930 cfg80211_chandef_create(chandef, chandef->chan,
2931 chantype);
2932 /* user input for center_freq is incorrect */
2933 if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
2934 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
2935 NL_SET_ERR_MSG_ATTR(extack,
2936 attrs[NL80211_ATTR_CENTER_FREQ1],
2937 "bad center frequency 1");
2938 return -EINVAL;
2939 }
2940 /* center_freq2 must be zero */
2941 if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
2942 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
2943 NL_SET_ERR_MSG_ATTR(extack,
2944 attrs[NL80211_ATTR_CENTER_FREQ2],
2945 "center frequency 2 can't be used");
2946 return -EINVAL;
2947 }
2948 break;
2949 default:
2950 NL_SET_ERR_MSG_ATTR(extack,
2951 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
2952 "invalid channel type");
2953 return -EINVAL;
2954 }
2955 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2956 chandef->width =
2957 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2958 if (chandef->chan->band == NL80211_BAND_S1GHZ) {
2959 /* User input error for channel width doesn't match channel */
2960 if (chandef->width != ieee80211_s1g_channel_width(chandef->chan)) {
2961 NL_SET_ERR_MSG_ATTR(extack,
2962 attrs[NL80211_ATTR_CHANNEL_WIDTH],
2963 "bad channel width");
2964 return -EINVAL;
2965 }
2966 }
2967 if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
2968 chandef->center_freq1 =
2969 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
2970 if (attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET])
2971 chandef->freq1_offset = nla_get_u32(
2972 attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]);
2973 else
2974 chandef->freq1_offset = 0;
2975 }
2976 if (attrs[NL80211_ATTR_CENTER_FREQ2])
2977 chandef->center_freq2 =
2978 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
2979 }
2980
2981 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
2982 chandef->edmg.channels =
2983 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
2984
2985 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
2986 chandef->edmg.bw_config =
2987 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
2988 } else {
2989 chandef->edmg.bw_config = 0;
2990 chandef->edmg.channels = 0;
2991 }
2992
2993 if (!cfg80211_chandef_valid(chandef)) {
2994 NL_SET_ERR_MSG(extack, "invalid channel definition");
2995 return -EINVAL;
2996 }
2997
2998 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2999 IEEE80211_CHAN_DISABLED)) {
3000 NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
3001 return -EINVAL;
3002 }
3003
3004 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
3005 chandef->width == NL80211_CHAN_WIDTH_10) &&
3006 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
3007 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
3008 return -EINVAL;
3009 }
3010
3011 return 0;
3012}
3013
3014static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
3015 struct net_device *dev,
3016 struct genl_info *info)
3017{
3018 struct cfg80211_chan_def chandef;
3019 int result;
3020 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
3021 struct wireless_dev *wdev = NULL;
3022
3023 if (dev)
3024 wdev = dev->ieee80211_ptr;
3025 if (!nl80211_can_set_dev_channel(wdev))
3026 return -EOPNOTSUPP;
3027 if (wdev)
3028 iftype = wdev->iftype;
3029
3030 result = nl80211_parse_chandef(rdev, info, &chandef);
3031 if (result)
3032 return result;
3033
3034 switch (iftype) {
3035 case NL80211_IFTYPE_AP:
3036 case NL80211_IFTYPE_P2P_GO:
3037 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
3038 iftype)) {
3039 result = -EINVAL;
3040 break;
3041 }
3042 if (wdev->beacon_interval) {
3043 if (!dev || !rdev->ops->set_ap_chanwidth ||
3044 !(rdev->wiphy.features &
3045 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
3046 result = -EBUSY;
3047 break;
3048 }
3049
3050 /* Only allow dynamic channel width changes */
3051 if (chandef.chan != wdev->preset_chandef.chan) {
3052 result = -EBUSY;
3053 break;
3054 }
3055 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
3056 if (result)
3057 break;
3058 }
3059 wdev->preset_chandef = chandef;
3060 result = 0;
3061 break;
3062 case NL80211_IFTYPE_MESH_POINT:
3063 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
3064 break;
3065 case NL80211_IFTYPE_MONITOR:
3066 result = cfg80211_set_monitor_channel(rdev, &chandef);
3067 break;
3068 default:
3069 result = -EINVAL;
3070 }
3071
3072 return result;
3073}
3074
3075static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
3076{
3077 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3078 struct net_device *netdev = info->user_ptr[1];
3079
3080 return __nl80211_set_channel(rdev, netdev, info);
3081}
3082
3083static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
3084{
3085 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3086 struct net_device *dev = info->user_ptr[1];
3087 struct wireless_dev *wdev = dev->ieee80211_ptr;
3088 const u8 *bssid;
3089
3090 if (!info->attrs[NL80211_ATTR_MAC])
3091 return -EINVAL;
3092
3093 if (netif_running(dev))
3094 return -EBUSY;
3095
3096 if (!rdev->ops->set_wds_peer)
3097 return -EOPNOTSUPP;
3098
3099 if (wdev->iftype != NL80211_IFTYPE_WDS)
3100 return -EOPNOTSUPP;
3101
3102 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3103 return rdev_set_wds_peer(rdev, dev, bssid);
3104}
3105
3106static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
3107{
3108 struct cfg80211_registered_device *rdev;
3109 struct net_device *netdev = NULL;
3110 struct wireless_dev *wdev;
3111 int result = 0, rem_txq_params = 0;
3112 struct nlattr *nl_txq_params;
3113 u32 changed;
3114 u8 retry_short = 0, retry_long = 0;
3115 u32 frag_threshold = 0, rts_threshold = 0;
3116 u8 coverage_class = 0;
3117 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3118
3119 ASSERT_RTNL();
3120
3121 /*
3122 * Try to find the wiphy and netdev. Normally this
3123 * function shouldn't need the netdev, but this is
3124 * done for backward compatibility -- previously
3125 * setting the channel was done per wiphy, but now
3126 * it is per netdev. Previous userland like hostapd
3127 * also passed a netdev to set_wiphy, so that it is
3128 * possible to let that go to the right netdev!
3129 */
3130
3131 if (info->attrs[NL80211_ATTR_IFINDEX]) {
3132 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3133
3134 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3135 if (netdev && netdev->ieee80211_ptr)
3136 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3137 else
3138 netdev = NULL;
3139 }
3140
3141 if (!netdev) {
3142 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3143 info->attrs);
3144 if (IS_ERR(rdev))
3145 return PTR_ERR(rdev);
3146 wdev = NULL;
3147 netdev = NULL;
3148 result = 0;
3149 } else
3150 wdev = netdev->ieee80211_ptr;
3151
3152 /*
3153 * end workaround code, by now the rdev is available
3154 * and locked, and wdev may or may not be NULL.
3155 */
3156
3157 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3158 result = cfg80211_dev_rename(
3159 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3160
3161 if (result)
3162 return result;
3163
3164 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3165 struct ieee80211_txq_params txq_params;
3166 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3167
3168 if (!rdev->ops->set_txq_params)
3169 return -EOPNOTSUPP;
3170
3171 if (!netdev)
3172 return -EINVAL;
3173
3174 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3175 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3176 return -EINVAL;
3177
3178 if (!netif_running(netdev))
3179 return -ENETDOWN;
3180
3181 nla_for_each_nested(nl_txq_params,
3182 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3183 rem_txq_params) {
3184 result = nla_parse_nested_deprecated(tb,
3185 NL80211_TXQ_ATTR_MAX,
3186 nl_txq_params,
3187 txq_params_policy,
3188 info->extack);
3189 if (result)
3190 return result;
3191 result = parse_txq_params(tb, &txq_params);
3192 if (result)
3193 return result;
3194
3195 result = rdev_set_txq_params(rdev, netdev,
3196 &txq_params);
3197 if (result)
3198 return result;
3199 }
3200 }
3201
3202 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3203 result = __nl80211_set_channel(
3204 rdev,
3205 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3206 info);
3207 if (result)
3208 return result;
3209 }
3210
3211 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3212 struct wireless_dev *txp_wdev = wdev;
3213 enum nl80211_tx_power_setting type;
3214 int idx, mbm = 0;
3215
3216 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3217 txp_wdev = NULL;
3218
3219 if (!rdev->ops->set_tx_power)
3220 return -EOPNOTSUPP;
3221
3222 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3223 type = nla_get_u32(info->attrs[idx]);
3224
3225 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
3226 (type != NL80211_TX_POWER_AUTOMATIC))
3227 return -EINVAL;
3228
3229 if (type != NL80211_TX_POWER_AUTOMATIC) {
3230 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
3231 mbm = nla_get_u32(info->attrs[idx]);
3232 }
3233
3234 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
3235 if (result)
3236 return result;
3237 }
3238
3239 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
3240 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
3241 u32 tx_ant, rx_ant;
3242
3243 if ((!rdev->wiphy.available_antennas_tx &&
3244 !rdev->wiphy.available_antennas_rx) ||
3245 !rdev->ops->set_antenna)
3246 return -EOPNOTSUPP;
3247
3248 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3249 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3250
3251 /* reject antenna configurations which don't match the
3252 * available antenna masks, except for the "all" mask */
3253 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3254 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
3255 return -EINVAL;
3256
3257 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3258 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3259
3260 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3261 if (result)
3262 return result;
3263 }
3264
3265 changed = 0;
3266
3267 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3268 retry_short = nla_get_u8(
3269 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3270
3271 changed |= WIPHY_PARAM_RETRY_SHORT;
3272 }
3273
3274 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3275 retry_long = nla_get_u8(
3276 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3277
3278 changed |= WIPHY_PARAM_RETRY_LONG;
3279 }
3280
3281 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3282 frag_threshold = nla_get_u32(
3283 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3284 if (frag_threshold < 256)
3285 return -EINVAL;
3286
3287 if (frag_threshold != (u32) -1) {
3288 /*
3289 * Fragments (apart from the last one) are required to
3290 * have even length. Make the fragmentation code
3291 * simpler by stripping LSB should someone try to use
3292 * odd threshold value.
3293 */
3294 frag_threshold &= ~0x1;
3295 }
3296 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3297 }
3298
3299 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3300 rts_threshold = nla_get_u32(
3301 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3302 changed |= WIPHY_PARAM_RTS_THRESHOLD;
3303 }
3304
3305 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3306 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
3307 return -EINVAL;
3308
3309 coverage_class = nla_get_u8(
3310 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3311 changed |= WIPHY_PARAM_COVERAGE_CLASS;
3312 }
3313
3314 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3315 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
3316 return -EOPNOTSUPP;
3317
3318 changed |= WIPHY_PARAM_DYN_ACK;
3319 }
3320
3321 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3322 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3323 NL80211_EXT_FEATURE_TXQS))
3324 return -EOPNOTSUPP;
3325 txq_limit = nla_get_u32(
3326 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3327 changed |= WIPHY_PARAM_TXQ_LIMIT;
3328 }
3329
3330 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3331 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3332 NL80211_EXT_FEATURE_TXQS))
3333 return -EOPNOTSUPP;
3334 txq_memory_limit = nla_get_u32(
3335 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3336 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3337 }
3338
3339 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3340 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3341 NL80211_EXT_FEATURE_TXQS))
3342 return -EOPNOTSUPP;
3343 txq_quantum = nla_get_u32(
3344 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3345 changed |= WIPHY_PARAM_TXQ_QUANTUM;
3346 }
3347
3348 if (changed) {
3349 u8 old_retry_short, old_retry_long;
3350 u32 old_frag_threshold, old_rts_threshold;
3351 u8 old_coverage_class;
3352 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3353
3354 if (!rdev->ops->set_wiphy_params)
3355 return -EOPNOTSUPP;
3356
3357 old_retry_short = rdev->wiphy.retry_short;
3358 old_retry_long = rdev->wiphy.retry_long;
3359 old_frag_threshold = rdev->wiphy.frag_threshold;
3360 old_rts_threshold = rdev->wiphy.rts_threshold;
3361 old_coverage_class = rdev->wiphy.coverage_class;
3362 old_txq_limit = rdev->wiphy.txq_limit;
3363 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3364 old_txq_quantum = rdev->wiphy.txq_quantum;
3365
3366 if (changed & WIPHY_PARAM_RETRY_SHORT)
3367 rdev->wiphy.retry_short = retry_short;
3368 if (changed & WIPHY_PARAM_RETRY_LONG)
3369 rdev->wiphy.retry_long = retry_long;
3370 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3371 rdev->wiphy.frag_threshold = frag_threshold;
3372 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3373 rdev->wiphy.rts_threshold = rts_threshold;
3374 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3375 rdev->wiphy.coverage_class = coverage_class;
3376 if (changed & WIPHY_PARAM_TXQ_LIMIT)
3377 rdev->wiphy.txq_limit = txq_limit;
3378 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3379 rdev->wiphy.txq_memory_limit = txq_memory_limit;
3380 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3381 rdev->wiphy.txq_quantum = txq_quantum;
3382
3383 result = rdev_set_wiphy_params(rdev, changed);
3384 if (result) {
3385 rdev->wiphy.retry_short = old_retry_short;
3386 rdev->wiphy.retry_long = old_retry_long;
3387 rdev->wiphy.frag_threshold = old_frag_threshold;
3388 rdev->wiphy.rts_threshold = old_rts_threshold;
3389 rdev->wiphy.coverage_class = old_coverage_class;
3390 rdev->wiphy.txq_limit = old_txq_limit;
3391 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3392 rdev->wiphy.txq_quantum = old_txq_quantum;
3393 return result;
3394 }
3395 }
3396 return 0;
3397}
3398
3399static int nl80211_send_chandef(struct sk_buff *msg,
3400 const struct cfg80211_chan_def *chandef)
3401{
3402 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3403 return -EINVAL;
3404
3405 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3406 chandef->chan->center_freq))
3407 return -ENOBUFS;
3408 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
3409 chandef->chan->freq_offset))
3410 return -ENOBUFS;
3411 switch (chandef->width) {
3412 case NL80211_CHAN_WIDTH_20_NOHT:
3413 case NL80211_CHAN_WIDTH_20:
3414 case NL80211_CHAN_WIDTH_40:
3415 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3416 cfg80211_get_chandef_type(chandef)))
3417 return -ENOBUFS;
3418 break;
3419 default:
3420 break;
3421 }
3422 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3423 return -ENOBUFS;
3424 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3425 return -ENOBUFS;
3426 if (chandef->center_freq2 &&
3427 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3428 return -ENOBUFS;
3429 return 0;
3430}
3431
3432static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3433 struct cfg80211_registered_device *rdev,
3434 struct wireless_dev *wdev,
3435 enum nl80211_commands cmd)
3436{
3437 struct net_device *dev = wdev->netdev;
3438 void *hdr;
3439
3440 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3441 cmd != NL80211_CMD_DEL_INTERFACE &&
3442 cmd != NL80211_CMD_SET_INTERFACE);
3443
3444 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3445 if (!hdr)
3446 return -1;
3447
3448 if (dev &&
3449 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3450 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3451 goto nla_put_failure;
3452
3453 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3454 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3455 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3456 NL80211_ATTR_PAD) ||
3457 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3458 nla_put_u32(msg, NL80211_ATTR_GENERATION,
3459 rdev->devlist_generation ^
3460 (cfg80211_rdev_list_generation << 2)) ||
3461 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3462 goto nla_put_failure;
3463
3464 if (rdev->ops->get_channel) {
3465 int ret;
3466 struct cfg80211_chan_def chandef = {};
3467
3468 ret = rdev_get_channel(rdev, wdev, &chandef);
3469 if (ret == 0) {
3470 if (nl80211_send_chandef(msg, &chandef))
3471 goto nla_put_failure;
3472 }
3473 }
3474
3475 if (rdev->ops->get_tx_power) {
3476 int dbm, ret;
3477
3478 ret = rdev_get_tx_power(rdev, wdev, &dbm);
3479 if (ret == 0 &&
3480 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3481 DBM_TO_MBM(dbm)))
3482 goto nla_put_failure;
3483 }
3484
3485 wdev_lock(wdev);
3486 switch (wdev->iftype) {
3487 case NL80211_IFTYPE_AP:
3488 case NL80211_IFTYPE_P2P_GO:
3489 if (wdev->ssid_len &&
3490 nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3491 goto nla_put_failure_locked;
3492 break;
3493 case NL80211_IFTYPE_STATION:
3494 case NL80211_IFTYPE_P2P_CLIENT:
3495 case NL80211_IFTYPE_ADHOC: {
3496 const u8 *ssid_ie;
3497 if (!wdev->current_bss)
3498 break;
3499 rcu_read_lock();
3500 ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3501 WLAN_EID_SSID);
3502 if (ssid_ie &&
3503 nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3504 goto nla_put_failure_rcu_locked;
3505 rcu_read_unlock();
3506 break;
3507 }
3508 default:
3509 /* nothing */
3510 break;
3511 }
3512 wdev_unlock(wdev);
3513
3514 if (rdev->ops->get_txq_stats) {
3515 struct cfg80211_txq_stats txqstats = {};
3516 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3517
3518 if (ret == 0 &&
3519 !nl80211_put_txq_stats(msg, &txqstats,
3520 NL80211_ATTR_TXQ_STATS))
3521 goto nla_put_failure;
3522 }
3523
3524 genlmsg_end(msg, hdr);
3525 return 0;
3526
3527 nla_put_failure_rcu_locked:
3528 rcu_read_unlock();
3529 nla_put_failure_locked:
3530 wdev_unlock(wdev);
3531 nla_put_failure:
3532 genlmsg_cancel(msg, hdr);
3533 return -EMSGSIZE;
3534}
3535
3536static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3537{
3538 int wp_idx = 0;
3539 int if_idx = 0;
3540 int wp_start = cb->args[0];
3541 int if_start = cb->args[1];
3542 int filter_wiphy = -1;
3543 struct cfg80211_registered_device *rdev;
3544 struct wireless_dev *wdev;
3545 int ret;
3546
3547 rtnl_lock();
3548 if (!cb->args[2]) {
3549 struct nl80211_dump_wiphy_state state = {
3550 .filter_wiphy = -1,
3551 };
3552
3553 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3554 if (ret)
3555 goto out_unlock;
3556
3557 filter_wiphy = state.filter_wiphy;
3558
3559 /*
3560 * if filtering, set cb->args[2] to +1 since 0 is the default
3561 * value needed to determine that parsing is necessary.
3562 */
3563 if (filter_wiphy >= 0)
3564 cb->args[2] = filter_wiphy + 1;
3565 else
3566 cb->args[2] = -1;
3567 } else if (cb->args[2] > 0) {
3568 filter_wiphy = cb->args[2] - 1;
3569 }
3570
3571 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3572 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3573 continue;
3574 if (wp_idx < wp_start) {
3575 wp_idx++;
3576 continue;
3577 }
3578
3579 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3580 continue;
3581
3582 if_idx = 0;
3583
3584 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3585 if (if_idx < if_start) {
3586 if_idx++;
3587 continue;
3588 }
3589 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3590 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3591 rdev, wdev,
3592 NL80211_CMD_NEW_INTERFACE) < 0) {
3593 goto out;
3594 }
3595 if_idx++;
3596 }
3597
3598 wp_idx++;
3599 }
3600 out:
3601 cb->args[0] = wp_idx;
3602 cb->args[1] = if_idx;
3603
3604 ret = skb->len;
3605 out_unlock:
3606 rtnl_unlock();
3607
3608 return ret;
3609}
3610
3611static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3612{
3613 struct sk_buff *msg;
3614 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3615 struct wireless_dev *wdev = info->user_ptr[1];
3616
3617 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3618 if (!msg)
3619 return -ENOMEM;
3620
3621 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3622 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3623 nlmsg_free(msg);
3624 return -ENOBUFS;
3625 }
3626
3627 return genlmsg_reply(msg, info);
3628}
3629
3630static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3631 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3632 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3633 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3634 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3635 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3636 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3637};
3638
3639static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3640{
3641 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3642 int flag;
3643
3644 *mntrflags = 0;
3645
3646 if (!nla)
3647 return -EINVAL;
3648
3649 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3650 return -EINVAL;
3651
3652 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3653 if (flags[flag])
3654 *mntrflags |= (1<<flag);
3655
3656 *mntrflags |= MONITOR_FLAG_CHANGED;
3657
3658 return 0;
3659}
3660
3661static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3662 enum nl80211_iftype type,
3663 struct genl_info *info,
3664 struct vif_params *params)
3665{
3666 bool change = false;
3667 int err;
3668
3669 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3670 if (type != NL80211_IFTYPE_MONITOR)
3671 return -EINVAL;
3672
3673 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3674 &params->flags);
3675 if (err)
3676 return err;
3677
3678 change = true;
3679 }
3680
3681 if (params->flags & MONITOR_FLAG_ACTIVE &&
3682 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3683 return -EOPNOTSUPP;
3684
3685 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3686 const u8 *mumimo_groups;
3687 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3688
3689 if (type != NL80211_IFTYPE_MONITOR)
3690 return -EINVAL;
3691
3692 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3693 return -EOPNOTSUPP;
3694
3695 mumimo_groups =
3696 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3697
3698 /* bits 0 and 63 are reserved and must be zero */
3699 if ((mumimo_groups[0] & BIT(0)) ||
3700 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3701 return -EINVAL;
3702
3703 params->vht_mumimo_groups = mumimo_groups;
3704 change = true;
3705 }
3706
3707 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3708 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3709
3710 if (type != NL80211_IFTYPE_MONITOR)
3711 return -EINVAL;
3712
3713 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3714 return -EOPNOTSUPP;
3715
3716 params->vht_mumimo_follow_addr =
3717 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3718 change = true;
3719 }
3720
3721 return change ? 1 : 0;
3722}
3723
3724static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3725 struct net_device *netdev, u8 use_4addr,
3726 enum nl80211_iftype iftype)
3727{
3728 if (!use_4addr) {
3729 if (netdev && netif_is_bridge_port(netdev))
3730 return -EBUSY;
3731 return 0;
3732 }
3733
3734 switch (iftype) {
3735 case NL80211_IFTYPE_AP_VLAN:
3736 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3737 return 0;
3738 break;
3739 case NL80211_IFTYPE_STATION:
3740 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3741 return 0;
3742 break;
3743 default:
3744 break;
3745 }
3746
3747 return -EOPNOTSUPP;
3748}
3749
3750static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3751{
3752 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3753 struct vif_params params;
3754 int err;
3755 enum nl80211_iftype otype, ntype;
3756 struct net_device *dev = info->user_ptr[1];
3757 bool change = false;
3758
3759 memset(&params, 0, sizeof(params));
3760
3761 otype = ntype = dev->ieee80211_ptr->iftype;
3762
3763 if (info->attrs[NL80211_ATTR_IFTYPE]) {
3764 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3765 if (otype != ntype)
3766 change = true;
3767 }
3768
3769 if (info->attrs[NL80211_ATTR_MESH_ID]) {
3770 struct wireless_dev *wdev = dev->ieee80211_ptr;
3771
3772 if (ntype != NL80211_IFTYPE_MESH_POINT)
3773 return -EINVAL;
3774 if (netif_running(dev))
3775 return -EBUSY;
3776
3777 wdev_lock(wdev);
3778 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3779 IEEE80211_MAX_MESH_ID_LEN);
3780 wdev->mesh_id_up_len =
3781 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3782 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3783 wdev->mesh_id_up_len);
3784 wdev_unlock(wdev);
3785 }
3786
3787 if (info->attrs[NL80211_ATTR_4ADDR]) {
3788 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3789 change = true;
3790 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3791 if (err)
3792 return err;
3793 } else {
3794 params.use_4addr = -1;
3795 }
3796
3797 err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3798 if (err < 0)
3799 return err;
3800 if (err > 0)
3801 change = true;
3802
3803 if (change)
3804 err = cfg80211_change_iface(rdev, dev, ntype, &params);
3805 else
3806 err = 0;
3807
3808 if (!err && params.use_4addr != -1)
3809 dev->ieee80211_ptr->use_4addr = params.use_4addr;
3810
3811 if (change && !err) {
3812 struct wireless_dev *wdev = dev->ieee80211_ptr;
3813
3814 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3815 }
3816
3817 return err;
3818}
3819
3820static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3821{
3822 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3823 struct vif_params params;
3824 struct wireless_dev *wdev;
3825 struct sk_buff *msg;
3826 int err;
3827 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3828
3829 /* to avoid failing a new interface creation due to pending removal */
3830 cfg80211_destroy_ifaces(rdev);
3831
3832 memset(&params, 0, sizeof(params));
3833
3834 if (!info->attrs[NL80211_ATTR_IFNAME])
3835 return -EINVAL;
3836
3837 if (info->attrs[NL80211_ATTR_IFTYPE])
3838 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3839
3840 if (!rdev->ops->add_virtual_intf)
3841 return -EOPNOTSUPP;
3842
3843 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3844 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3845 info->attrs[NL80211_ATTR_MAC]) {
3846 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3847 ETH_ALEN);
3848 if (!is_valid_ether_addr(params.macaddr))
3849 return -EADDRNOTAVAIL;
3850 }
3851
3852 if (info->attrs[NL80211_ATTR_4ADDR]) {
3853 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3854 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3855 if (err)
3856 return err;
3857 }
3858
3859 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3860 return -EOPNOTSUPP;
3861
3862 err = nl80211_parse_mon_options(rdev, type, info, &params);
3863 if (err < 0)
3864 return err;
3865
3866 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3867 if (!msg)
3868 return -ENOMEM;
3869
3870 wdev = rdev_add_virtual_intf(rdev,
3871 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3872 NET_NAME_USER, type, &params);
3873 if (WARN_ON(!wdev)) {
3874 nlmsg_free(msg);
3875 return -EPROTO;
3876 } else if (IS_ERR(wdev)) {
3877 nlmsg_free(msg);
3878 return PTR_ERR(wdev);
3879 }
3880
3881 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3882 wdev->owner_nlportid = info->snd_portid;
3883
3884 switch (type) {
3885 case NL80211_IFTYPE_MESH_POINT:
3886 if (!info->attrs[NL80211_ATTR_MESH_ID])
3887 break;
3888 wdev_lock(wdev);
3889 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3890 IEEE80211_MAX_MESH_ID_LEN);
3891 wdev->mesh_id_up_len =
3892 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3893 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3894 wdev->mesh_id_up_len);
3895 wdev_unlock(wdev);
3896 break;
3897 case NL80211_IFTYPE_NAN:
3898 case NL80211_IFTYPE_P2P_DEVICE:
3899 /*
3900 * P2P Device and NAN do not have a netdev, so don't go
3901 * through the netdev notifier and must be added here
3902 */
3903 cfg80211_init_wdev(wdev);
3904 cfg80211_register_wdev(rdev, wdev);
3905 break;
3906 default:
3907 break;
3908 }
3909
3910 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3911 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3912 nlmsg_free(msg);
3913 return -ENOBUFS;
3914 }
3915
3916 return genlmsg_reply(msg, info);
3917}
3918
3919static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3920{
3921 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3922 struct wireless_dev *wdev = info->user_ptr[1];
3923
3924 if (!rdev->ops->del_virtual_intf)
3925 return -EOPNOTSUPP;
3926
3927 /*
3928 * If we remove a wireless device without a netdev then clear
3929 * user_ptr[1] so that nl80211_post_doit won't dereference it
3930 * to check if it needs to do dev_put(). Otherwise it crashes
3931 * since the wdev has been freed, unlike with a netdev where
3932 * we need the dev_put() for the netdev to really be freed.
3933 */
3934 if (!wdev->netdev)
3935 info->user_ptr[1] = NULL;
3936
3937 return rdev_del_virtual_intf(rdev, wdev);
3938}
3939
3940static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3941{
3942 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3943 struct net_device *dev = info->user_ptr[1];
3944 u16 noack_map;
3945
3946 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3947 return -EINVAL;
3948
3949 if (!rdev->ops->set_noack_map)
3950 return -EOPNOTSUPP;
3951
3952 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3953
3954 return rdev_set_noack_map(rdev, dev, noack_map);
3955}
3956
3957struct get_key_cookie {
3958 struct sk_buff *msg;
3959 int error;
3960 int idx;
3961};
3962
3963static void get_key_callback(void *c, struct key_params *params)
3964{
3965 struct nlattr *key;
3966 struct get_key_cookie *cookie = c;
3967
3968 if ((params->key &&
3969 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3970 params->key_len, params->key)) ||
3971 (params->seq &&
3972 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3973 params->seq_len, params->seq)) ||
3974 (params->cipher &&
3975 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3976 params->cipher)))
3977 goto nla_put_failure;
3978
3979 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
3980 if (!key)
3981 goto nla_put_failure;
3982
3983 if ((params->key &&
3984 nla_put(cookie->msg, NL80211_KEY_DATA,
3985 params->key_len, params->key)) ||
3986 (params->seq &&
3987 nla_put(cookie->msg, NL80211_KEY_SEQ,
3988 params->seq_len, params->seq)) ||
3989 (params->cipher &&
3990 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3991 params->cipher)))
3992 goto nla_put_failure;
3993
3994 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
3995 goto nla_put_failure;
3996
3997 nla_nest_end(cookie->msg, key);
3998
3999 return;
4000 nla_put_failure:
4001 cookie->error = 1;
4002}
4003
4004static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
4005{
4006 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4007 int err;
4008 struct net_device *dev = info->user_ptr[1];
4009 u8 key_idx = 0;
4010 const u8 *mac_addr = NULL;
4011 bool pairwise;
4012 struct get_key_cookie cookie = {
4013 .error = 0,
4014 };
4015 void *hdr;
4016 struct sk_buff *msg;
4017 bool bigtk_support = false;
4018
4019 if (wiphy_ext_feature_isset(&rdev->wiphy,
4020 NL80211_EXT_FEATURE_BEACON_PROTECTION))
4021 bigtk_support = true;
4022
4023 if ((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_STATION ||
4024 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
4025 wiphy_ext_feature_isset(&rdev->wiphy,
4026 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
4027 bigtk_support = true;
4028
4029 if (info->attrs[NL80211_ATTR_KEY_IDX]) {
4030 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
4031
4032 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
4033 GENL_SET_ERR_MSG(info, "BIGTK not supported");
4034 return -EINVAL;
4035 }
4036 }
4037
4038 if (info->attrs[NL80211_ATTR_MAC])
4039 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4040
4041 pairwise = !!mac_addr;
4042 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
4043 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
4044
4045 if (kt != NL80211_KEYTYPE_GROUP &&
4046 kt != NL80211_KEYTYPE_PAIRWISE)
4047 return -EINVAL;
4048 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
4049 }
4050
4051 if (!rdev->ops->get_key)
4052 return -EOPNOTSUPP;
4053
4054 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4055 return -ENOENT;
4056
4057 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4058 if (!msg)
4059 return -ENOMEM;
4060
4061 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4062 NL80211_CMD_NEW_KEY);
4063 if (!hdr)
4064 goto nla_put_failure;
4065
4066 cookie.msg = msg;
4067 cookie.idx = key_idx;
4068
4069 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4070 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
4071 goto nla_put_failure;
4072 if (mac_addr &&
4073 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
4074 goto nla_put_failure;
4075
4076 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
4077 get_key_callback);
4078
4079 if (err)
4080 goto free_msg;
4081
4082 if (cookie.error)
4083 goto nla_put_failure;
4084
4085 genlmsg_end(msg, hdr);
4086 return genlmsg_reply(msg, info);
4087
4088 nla_put_failure:
4089 err = -ENOBUFS;
4090 free_msg:
4091 nlmsg_free(msg);
4092 return err;
4093}
4094
4095static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
4096{
4097 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4098 struct key_parse key;
4099 int err;
4100 struct net_device *dev = info->user_ptr[1];
4101
4102 err = nl80211_parse_key(info, &key);
4103 if (err)
4104 return err;
4105
4106 if (key.idx < 0)
4107 return -EINVAL;
4108
4109 /* Only support setting default key and
4110 * Extended Key ID action NL80211_KEY_SET_TX.
4111 */
4112 if (!key.def && !key.defmgmt && !key.defbeacon &&
4113 !(key.p.mode == NL80211_KEY_SET_TX))
4114 return -EINVAL;
4115
4116 wdev_lock(dev->ieee80211_ptr);
4117
4118 if (key.def) {
4119 if (!rdev->ops->set_default_key) {
4120 err = -EOPNOTSUPP;
4121 goto out;
4122 }
4123
4124 err = nl80211_key_allowed(dev->ieee80211_ptr);
4125 if (err)
4126 goto out;
4127
4128 err = rdev_set_default_key(rdev, dev, key.idx,
4129 key.def_uni, key.def_multi);
4130
4131 if (err)
4132 goto out;
4133
4134#ifdef CONFIG_CFG80211_WEXT
4135 dev->ieee80211_ptr->wext.default_key = key.idx;
4136#endif
4137 } else if (key.defmgmt) {
4138 if (key.def_uni || !key.def_multi) {
4139 err = -EINVAL;
4140 goto out;
4141 }
4142
4143 if (!rdev->ops->set_default_mgmt_key) {
4144 err = -EOPNOTSUPP;
4145 goto out;
4146 }
4147
4148 err = nl80211_key_allowed(dev->ieee80211_ptr);
4149 if (err)
4150 goto out;
4151
4152 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
4153 if (err)
4154 goto out;
4155
4156#ifdef CONFIG_CFG80211_WEXT
4157 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
4158#endif
4159 } else if (key.defbeacon) {
4160 if (key.def_uni || !key.def_multi) {
4161 err = -EINVAL;
4162 goto out;
4163 }
4164
4165 if (!rdev->ops->set_default_beacon_key) {
4166 err = -EOPNOTSUPP;
4167 goto out;
4168 }
4169
4170 err = nl80211_key_allowed(dev->ieee80211_ptr);
4171 if (err)
4172 goto out;
4173
4174 err = rdev_set_default_beacon_key(rdev, dev, key.idx);
4175 if (err)
4176 goto out;
4177 } else if (key.p.mode == NL80211_KEY_SET_TX &&
4178 wiphy_ext_feature_isset(&rdev->wiphy,
4179 NL80211_EXT_FEATURE_EXT_KEY_ID)) {
4180 u8 *mac_addr = NULL;
4181
4182 if (info->attrs[NL80211_ATTR_MAC])
4183 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4184
4185 if (!mac_addr || key.idx < 0 || key.idx > 1) {
4186 err = -EINVAL;
4187 goto out;
4188 }
4189
4190 err = rdev_add_key(rdev, dev, key.idx,
4191 NL80211_KEYTYPE_PAIRWISE,
4192 mac_addr, &key.p);
4193 } else {
4194 err = -EINVAL;
4195 }
4196 out:
4197 wdev_unlock(dev->ieee80211_ptr);
4198
4199 return err;
4200}
4201
4202static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
4203{
4204 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4205 int err;
4206 struct net_device *dev = info->user_ptr[1];
4207 struct key_parse key;
4208 const u8 *mac_addr = NULL;
4209
4210 err = nl80211_parse_key(info, &key);
4211 if (err)
4212 return err;
4213
4214 if (!key.p.key) {
4215 GENL_SET_ERR_MSG(info, "no key");
4216 return -EINVAL;
4217 }
4218
4219 if (info->attrs[NL80211_ATTR_MAC])
4220 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4221
4222 if (key.type == -1) {
4223 if (mac_addr)
4224 key.type = NL80211_KEYTYPE_PAIRWISE;
4225 else
4226 key.type = NL80211_KEYTYPE_GROUP;
4227 }
4228
4229 /* for now */
4230 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4231 key.type != NL80211_KEYTYPE_GROUP) {
4232 GENL_SET_ERR_MSG(info, "key type not pairwise or group");
4233 return -EINVAL;
4234 }
4235
4236 if (key.type == NL80211_KEYTYPE_GROUP &&
4237 info->attrs[NL80211_ATTR_VLAN_ID])
4238 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
4239
4240 if (!rdev->ops->add_key)
4241 return -EOPNOTSUPP;
4242
4243 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
4244 key.type == NL80211_KEYTYPE_PAIRWISE,
4245 mac_addr)) {
4246 GENL_SET_ERR_MSG(info, "key setting validation failed");
4247 return -EINVAL;
4248 }
4249
4250 wdev_lock(dev->ieee80211_ptr);
4251 err = nl80211_key_allowed(dev->ieee80211_ptr);
4252 if (err)
4253 GENL_SET_ERR_MSG(info, "key not allowed");
4254 if (!err) {
4255 err = rdev_add_key(rdev, dev, key.idx,
4256 key.type == NL80211_KEYTYPE_PAIRWISE,
4257 mac_addr, &key.p);
4258 if (err)
4259 GENL_SET_ERR_MSG(info, "key addition failed");
4260 }
4261 wdev_unlock(dev->ieee80211_ptr);
4262
4263 return err;
4264}
4265
4266static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
4267{
4268 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4269 int err;
4270 struct net_device *dev = info->user_ptr[1];
4271 u8 *mac_addr = NULL;
4272 struct key_parse key;
4273
4274 err = nl80211_parse_key(info, &key);
4275 if (err)
4276 return err;
4277
4278 if (info->attrs[NL80211_ATTR_MAC])
4279 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4280
4281 if (key.type == -1) {
4282 if (mac_addr)
4283 key.type = NL80211_KEYTYPE_PAIRWISE;
4284 else
4285 key.type = NL80211_KEYTYPE_GROUP;
4286 }
4287
4288 /* for now */
4289 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4290 key.type != NL80211_KEYTYPE_GROUP)
4291 return -EINVAL;
4292
4293 if (!cfg80211_valid_key_idx(rdev, key.idx,
4294 key.type == NL80211_KEYTYPE_PAIRWISE))
4295 return -EINVAL;
4296
4297 if (!rdev->ops->del_key)
4298 return -EOPNOTSUPP;
4299
4300 wdev_lock(dev->ieee80211_ptr);
4301 err = nl80211_key_allowed(dev->ieee80211_ptr);
4302
4303 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4304 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4305 err = -ENOENT;
4306
4307 if (!err)
4308 err = rdev_del_key(rdev, dev, key.idx,
4309 key.type == NL80211_KEYTYPE_PAIRWISE,
4310 mac_addr);
4311
4312#ifdef CONFIG_CFG80211_WEXT
4313 if (!err) {
4314 if (key.idx == dev->ieee80211_ptr->wext.default_key)
4315 dev->ieee80211_ptr->wext.default_key = -1;
4316 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
4317 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
4318 }
4319#endif
4320 wdev_unlock(dev->ieee80211_ptr);
4321
4322 return err;
4323}
4324
4325/* This function returns an error or the number of nested attributes */
4326static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4327{
4328 struct nlattr *attr;
4329 int n_entries = 0, tmp;
4330
4331 nla_for_each_nested(attr, nl_attr, tmp) {
4332 if (nla_len(attr) != ETH_ALEN)
4333 return -EINVAL;
4334
4335 n_entries++;
4336 }
4337
4338 return n_entries;
4339}
4340
4341/*
4342 * This function parses ACL information and allocates memory for ACL data.
4343 * On successful return, the calling function is responsible to free the
4344 * ACL buffer returned by this function.
4345 */
4346static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
4347 struct genl_info *info)
4348{
4349 enum nl80211_acl_policy acl_policy;
4350 struct nlattr *attr;
4351 struct cfg80211_acl_data *acl;
4352 int i = 0, n_entries, tmp;
4353
4354 if (!wiphy->max_acl_mac_addrs)
4355 return ERR_PTR(-EOPNOTSUPP);
4356
4357 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
4358 return ERR_PTR(-EINVAL);
4359
4360 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
4361 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
4362 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
4363 return ERR_PTR(-EINVAL);
4364
4365 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
4366 return ERR_PTR(-EINVAL);
4367
4368 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
4369 if (n_entries < 0)
4370 return ERR_PTR(n_entries);
4371
4372 if (n_entries > wiphy->max_acl_mac_addrs)
4373 return ERR_PTR(-ENOTSUPP);
4374
4375 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
4376 if (!acl)
4377 return ERR_PTR(-ENOMEM);
4378
4379 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
4380 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
4381 i++;
4382 }
4383
4384 acl->n_acl_entries = n_entries;
4385 acl->acl_policy = acl_policy;
4386
4387 return acl;
4388}
4389
4390static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
4391{
4392 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4393 struct net_device *dev = info->user_ptr[1];
4394 struct cfg80211_acl_data *acl;
4395 int err;
4396
4397 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4398 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4399 return -EOPNOTSUPP;
4400
4401 if (!dev->ieee80211_ptr->beacon_interval)
4402 return -EINVAL;
4403
4404 acl = parse_acl_data(&rdev->wiphy, info);
4405 if (IS_ERR(acl))
4406 return PTR_ERR(acl);
4407
4408 err = rdev_set_mac_acl(rdev, dev, acl);
4409
4410 kfree(acl);
4411
4412 return err;
4413}
4414
4415static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4416 u8 *rates, u8 rates_len)
4417{
4418 u8 i;
4419 u32 mask = 0;
4420
4421 for (i = 0; i < rates_len; i++) {
4422 int rate = (rates[i] & 0x7f) * 5;
4423 int ridx;
4424
4425 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4426 struct ieee80211_rate *srate =
4427 &sband->bitrates[ridx];
4428 if (rate == srate->bitrate) {
4429 mask |= 1 << ridx;
4430 break;
4431 }
4432 }
4433 if (ridx == sband->n_bitrates)
4434 return 0; /* rate not found */
4435 }
4436
4437 return mask;
4438}
4439
4440static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4441 u8 *rates, u8 rates_len,
4442 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4443{
4444 u8 i;
4445
4446 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4447
4448 for (i = 0; i < rates_len; i++) {
4449 int ridx, rbit;
4450
4451 ridx = rates[i] / 8;
4452 rbit = BIT(rates[i] % 8);
4453
4454 /* check validity */
4455 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4456 return false;
4457
4458 /* check availability */
4459 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4460 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4461 mcs[ridx] |= rbit;
4462 else
4463 return false;
4464 }
4465
4466 return true;
4467}
4468
4469static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4470{
4471 u16 mcs_mask = 0;
4472
4473 switch (vht_mcs_map) {
4474 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4475 break;
4476 case IEEE80211_VHT_MCS_SUPPORT_0_7:
4477 mcs_mask = 0x00FF;
4478 break;
4479 case IEEE80211_VHT_MCS_SUPPORT_0_8:
4480 mcs_mask = 0x01FF;
4481 break;
4482 case IEEE80211_VHT_MCS_SUPPORT_0_9:
4483 mcs_mask = 0x03FF;
4484 break;
4485 default:
4486 break;
4487 }
4488
4489 return mcs_mask;
4490}
4491
4492static void vht_build_mcs_mask(u16 vht_mcs_map,
4493 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4494{
4495 u8 nss;
4496
4497 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4498 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4499 vht_mcs_map >>= 2;
4500 }
4501}
4502
4503static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4504 struct nl80211_txrate_vht *txrate,
4505 u16 mcs[NL80211_VHT_NSS_MAX])
4506{
4507 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4508 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4509 u8 i;
4510
4511 if (!sband->vht_cap.vht_supported)
4512 return false;
4513
4514 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4515
4516 /* Build vht_mcs_mask from VHT capabilities */
4517 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4518
4519 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4520 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4521 mcs[i] = txrate->mcs[i];
4522 else
4523 return false;
4524 }
4525
4526 return true;
4527}
4528
4529static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
4530{
4531 switch (he_mcs_map) {
4532 case IEEE80211_HE_MCS_NOT_SUPPORTED:
4533 return 0;
4534 case IEEE80211_HE_MCS_SUPPORT_0_7:
4535 return 0x00FF;
4536 case IEEE80211_HE_MCS_SUPPORT_0_9:
4537 return 0x03FF;
4538 case IEEE80211_HE_MCS_SUPPORT_0_11:
4539 return 0xFFF;
4540 default:
4541 break;
4542 }
4543 return 0;
4544}
4545
4546static void he_build_mcs_mask(u16 he_mcs_map,
4547 u16 he_mcs_mask[NL80211_HE_NSS_MAX])
4548{
4549 u8 nss;
4550
4551 for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
4552 he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
4553 he_mcs_map >>= 2;
4554 }
4555}
4556
4557static u16 he_get_txmcsmap(struct genl_info *info,
4558 const struct ieee80211_sta_he_cap *he_cap)
4559{
4560 struct net_device *dev = info->user_ptr[1];
4561 struct wireless_dev *wdev = dev->ieee80211_ptr;
4562 __le16 tx_mcs;
4563
4564 switch (wdev->chandef.width) {
4565 case NL80211_CHAN_WIDTH_80P80:
4566 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
4567 break;
4568 case NL80211_CHAN_WIDTH_160:
4569 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
4570 break;
4571 default:
4572 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
4573 break;
4574 }
4575 return le16_to_cpu(tx_mcs);
4576}
4577
4578static bool he_set_mcs_mask(struct genl_info *info,
4579 struct wireless_dev *wdev,
4580 struct ieee80211_supported_band *sband,
4581 struct nl80211_txrate_he *txrate,
4582 u16 mcs[NL80211_HE_NSS_MAX])
4583{
4584 const struct ieee80211_sta_he_cap *he_cap;
4585 u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
4586 u16 tx_mcs_map = 0;
4587 u8 i;
4588
4589 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
4590 if (!he_cap)
4591 return false;
4592
4593 memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
4594
4595 tx_mcs_map = he_get_txmcsmap(info, he_cap);
4596
4597 /* Build he_mcs_mask from HE capabilities */
4598 he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4599
4600 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
4601 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4602 mcs[i] = txrate->mcs[i];
4603 else
4604 return false;
4605 }
4606
4607 return true;
4608}
4609
4610static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4611 struct nlattr *attrs[],
4612 enum nl80211_attrs attr,
4613 struct cfg80211_bitrate_mask *mask,
4614 struct net_device *dev)
4615{
4616 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4617 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4618 struct wireless_dev *wdev = dev->ieee80211_ptr;
4619 int rem, i;
4620 struct nlattr *tx_rates;
4621 struct ieee80211_supported_band *sband;
4622 u16 vht_tx_mcs_map, he_tx_mcs_map;
4623
4624 memset(mask, 0, sizeof(*mask));
4625 /* Default to all rates enabled */
4626 for (i = 0; i < NUM_NL80211_BANDS; i++) {
4627 const struct ieee80211_sta_he_cap *he_cap;
4628
4629 sband = rdev->wiphy.bands[i];
4630
4631 if (!sband)
4632 continue;
4633
4634 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4635 memcpy(mask->control[i].ht_mcs,
4636 sband->ht_cap.mcs.rx_mask,
4637 sizeof(mask->control[i].ht_mcs));
4638
4639 if (sband->vht_cap.vht_supported) {
4640 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4641 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4642 }
4643
4644 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
4645 if (!he_cap)
4646 continue;
4647
4648 he_tx_mcs_map = he_get_txmcsmap(info, he_cap);
4649 he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
4650
4651 mask->control[i].he_gi = 0xFF;
4652 mask->control[i].he_ltf = 0xFF;
4653 }
4654
4655 /* if no rates are given set it back to the defaults */
4656 if (!attrs[attr])
4657 goto out;
4658
4659 /* The nested attribute uses enum nl80211_band as the index. This maps
4660 * directly to the enum nl80211_band values used in cfg80211.
4661 */
4662 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4663 nla_for_each_nested(tx_rates, attrs[attr], rem) {
4664 enum nl80211_band band = nla_type(tx_rates);
4665 int err;
4666
4667 if (band < 0 || band >= NUM_NL80211_BANDS)
4668 return -EINVAL;
4669 sband = rdev->wiphy.bands[band];
4670 if (sband == NULL)
4671 return -EINVAL;
4672 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4673 tx_rates,
4674 nl80211_txattr_policy,
4675 info->extack);
4676 if (err)
4677 return err;
4678 if (tb[NL80211_TXRATE_LEGACY]) {
4679 mask->control[band].legacy = rateset_to_mask(
4680 sband,
4681 nla_data(tb[NL80211_TXRATE_LEGACY]),
4682 nla_len(tb[NL80211_TXRATE_LEGACY]));
4683 if ((mask->control[band].legacy == 0) &&
4684 nla_len(tb[NL80211_TXRATE_LEGACY]))
4685 return -EINVAL;
4686 }
4687 if (tb[NL80211_TXRATE_HT]) {
4688 if (!ht_rateset_to_mask(
4689 sband,
4690 nla_data(tb[NL80211_TXRATE_HT]),
4691 nla_len(tb[NL80211_TXRATE_HT]),
4692 mask->control[band].ht_mcs))
4693 return -EINVAL;
4694 }
4695 if (tb[NL80211_TXRATE_VHT]) {
4696 if (!vht_set_mcs_mask(
4697 sband,
4698 nla_data(tb[NL80211_TXRATE_VHT]),
4699 mask->control[band].vht_mcs))
4700 return -EINVAL;
4701 }
4702 if (tb[NL80211_TXRATE_GI]) {
4703 mask->control[band].gi =
4704 nla_get_u8(tb[NL80211_TXRATE_GI]);
4705 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4706 return -EINVAL;
4707 }
4708 if (tb[NL80211_TXRATE_HE] &&
4709 !he_set_mcs_mask(info, wdev, sband,
4710 nla_data(tb[NL80211_TXRATE_HE]),
4711 mask->control[band].he_mcs))
4712 return -EINVAL;
4713 if (tb[NL80211_TXRATE_HE_GI])
4714 mask->control[band].he_gi =
4715 nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
4716 if (tb[NL80211_TXRATE_HE_LTF])
4717 mask->control[band].he_ltf =
4718 nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
4719
4720 if (mask->control[band].legacy == 0) {
4721 /* don't allow empty legacy rates if HT, VHT or HE
4722 * are not even supported.
4723 */
4724 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4725 rdev->wiphy.bands[band]->vht_cap.vht_supported ||
4726 ieee80211_get_he_iftype_cap(sband, wdev->iftype)))
4727 return -EINVAL;
4728
4729 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4730 if (mask->control[band].ht_mcs[i])
4731 goto out;
4732
4733 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4734 if (mask->control[band].vht_mcs[i])
4735 goto out;
4736
4737 for (i = 0; i < NL80211_HE_NSS_MAX; i++)
4738 if (mask->control[band].he_mcs[i])
4739 goto out;
4740
4741 /* legacy and mcs rates may not be both empty */
4742 return -EINVAL;
4743 }
4744 }
4745
4746out:
4747 return 0;
4748}
4749
4750static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4751 enum nl80211_band band,
4752 struct cfg80211_bitrate_mask *beacon_rate)
4753{
4754 u32 count_ht, count_vht, i;
4755 u32 rate = beacon_rate->control[band].legacy;
4756
4757 /* Allow only one rate */
4758 if (hweight32(rate) > 1)
4759 return -EINVAL;
4760
4761 count_ht = 0;
4762 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4763 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4764 return -EINVAL;
4765 } else if (beacon_rate->control[band].ht_mcs[i]) {
4766 count_ht++;
4767 if (count_ht > 1)
4768 return -EINVAL;
4769 }
4770 if (count_ht && rate)
4771 return -EINVAL;
4772 }
4773
4774 count_vht = 0;
4775 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4776 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4777 return -EINVAL;
4778 } else if (beacon_rate->control[band].vht_mcs[i]) {
4779 count_vht++;
4780 if (count_vht > 1)
4781 return -EINVAL;
4782 }
4783 if (count_vht && rate)
4784 return -EINVAL;
4785 }
4786
4787 if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
4788 return -EINVAL;
4789
4790 if (rate &&
4791 !wiphy_ext_feature_isset(&rdev->wiphy,
4792 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4793 return -EINVAL;
4794 if (count_ht &&
4795 !wiphy_ext_feature_isset(&rdev->wiphy,
4796 NL80211_EXT_FEATURE_BEACON_RATE_HT))
4797 return -EINVAL;
4798 if (count_vht &&
4799 !wiphy_ext_feature_isset(&rdev->wiphy,
4800 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4801 return -EINVAL;
4802
4803 return 0;
4804}
4805
4806static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4807 struct nlattr *attrs[],
4808 struct cfg80211_beacon_data *bcn)
4809{
4810 bool haveinfo = false;
4811 int err;
4812
4813 memset(bcn, 0, sizeof(*bcn));
4814
4815 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4816 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4817 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4818 if (!bcn->head_len)
4819 return -EINVAL;
4820 haveinfo = true;
4821 }
4822
4823 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4824 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4825 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4826 haveinfo = true;
4827 }
4828
4829 if (!haveinfo)
4830 return -EINVAL;
4831
4832 if (attrs[NL80211_ATTR_IE]) {
4833 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
4834 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
4835 }
4836
4837 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
4838 bcn->proberesp_ies =
4839 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4840 bcn->proberesp_ies_len =
4841 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4842 }
4843
4844 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
4845 bcn->assocresp_ies =
4846 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4847 bcn->assocresp_ies_len =
4848 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4849 }
4850
4851 if (attrs[NL80211_ATTR_PROBE_RESP]) {
4852 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
4853 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
4854 }
4855
4856 if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
4857 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
4858
4859 err = nla_parse_nested_deprecated(tb,
4860 NL80211_FTM_RESP_ATTR_MAX,
4861 attrs[NL80211_ATTR_FTM_RESPONDER],
4862 NULL, NULL);
4863 if (err)
4864 return err;
4865
4866 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
4867 wiphy_ext_feature_isset(&rdev->wiphy,
4868 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
4869 bcn->ftm_responder = 1;
4870 else
4871 return -EOPNOTSUPP;
4872
4873 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
4874 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
4875 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
4876 }
4877
4878 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
4879 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4880 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4881 }
4882 } else {
4883 bcn->ftm_responder = -1;
4884 }
4885
4886 return 0;
4887}
4888
4889static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
4890 struct ieee80211_he_obss_pd *he_obss_pd)
4891{
4892 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
4893 int err;
4894
4895 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
4896 he_obss_pd_policy, NULL);
4897 if (err)
4898 return err;
4899
4900 if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
4901 return -EINVAL;
4902
4903 he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
4904
4905 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
4906 he_obss_pd->min_offset =
4907 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
4908 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
4909 he_obss_pd->max_offset =
4910 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
4911 if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
4912 he_obss_pd->non_srg_max_offset =
4913 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
4914
4915 if (he_obss_pd->min_offset > he_obss_pd->max_offset)
4916 return -EINVAL;
4917
4918 if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
4919 memcpy(he_obss_pd->bss_color_bitmap,
4920 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
4921 sizeof(he_obss_pd->bss_color_bitmap));
4922
4923 if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
4924 memcpy(he_obss_pd->partial_bssid_bitmap,
4925 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
4926 sizeof(he_obss_pd->partial_bssid_bitmap));
4927
4928 he_obss_pd->enable = true;
4929
4930 return 0;
4931}
4932
4933static int nl80211_parse_he_bss_color(struct nlattr *attrs,
4934 struct cfg80211_he_bss_color *he_bss_color)
4935{
4936 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
4937 int err;
4938
4939 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
4940 he_bss_color_policy, NULL);
4941 if (err)
4942 return err;
4943
4944 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
4945 return -EINVAL;
4946
4947 he_bss_color->color =
4948 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
4949 he_bss_color->enabled =
4950 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
4951 he_bss_color->partial =
4952 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
4953
4954 return 0;
4955}
4956
4957static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
4958 struct nlattr *attrs,
4959 struct cfg80211_ap_settings *params)
4960{
4961 struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
4962 int ret;
4963 struct cfg80211_fils_discovery *fd = &params->fils_discovery;
4964
4965 if (!wiphy_ext_feature_isset(&rdev->wiphy,
4966 NL80211_EXT_FEATURE_FILS_DISCOVERY))
4967 return -EINVAL;
4968
4969 ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
4970 NULL, NULL);
4971 if (ret)
4972 return ret;
4973
4974 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] ||
4975 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] ||
4976 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
4977 return -EINVAL;
4978
4979 fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
4980 fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
4981 fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
4982 fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
4983
4984 return 0;
4985}
4986
4987static int
4988nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
4989 struct nlattr *attrs,
4990 struct cfg80211_ap_settings *params)
4991{
4992 struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
4993 int ret;
4994 struct cfg80211_unsol_bcast_probe_resp *presp =
4995 &params->unsol_bcast_probe_resp;
4996
4997 if (!wiphy_ext_feature_isset(&rdev->wiphy,
4998 NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
4999 return -EINVAL;
5000
5001 ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
5002 attrs, NULL, NULL);
5003 if (ret)
5004 return ret;
5005
5006 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] ||
5007 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
5008 return -EINVAL;
5009
5010 presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5011 presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5012 presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
5013 return 0;
5014}
5015
5016static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
5017 const u8 *rates)
5018{
5019 int i;
5020
5021 if (!rates)
5022 return;
5023
5024 for (i = 0; i < rates[1]; i++) {
5025 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
5026 params->ht_required = true;
5027 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
5028 params->vht_required = true;
5029 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
5030 params->he_required = true;
5031 }
5032}
5033
5034/*
5035 * Since the nl80211 API didn't include, from the beginning, attributes about
5036 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
5037 * benefit of drivers that rebuild IEs in the firmware.
5038 */
5039static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
5040{
5041 const struct cfg80211_beacon_data *bcn = &params->beacon;
5042 size_t ies_len = bcn->tail_len;
5043 const u8 *ies = bcn->tail;
5044 const u8 *rates;
5045 const u8 *cap;
5046
5047 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
5048 nl80211_check_ap_rate_selectors(params, rates);
5049
5050 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
5051 nl80211_check_ap_rate_selectors(params, rates);
5052
5053 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
5054 if (cap && cap[1] >= sizeof(*params->ht_cap))
5055 params->ht_cap = (void *)(cap + 2);
5056 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
5057 if (cap && cap[1] >= sizeof(*params->vht_cap))
5058 params->vht_cap = (void *)(cap + 2);
5059 cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
5060 if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
5061 params->he_cap = (void *)(cap + 3);
5062 cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
5063 if (cap && cap[1] >= sizeof(*params->he_oper) + 1)
5064 params->he_oper = (void *)(cap + 3);
5065}
5066
5067static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
5068 struct cfg80211_ap_settings *params)
5069{
5070 struct wireless_dev *wdev;
5071 bool ret = false;
5072
5073 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
5074 if (wdev->iftype != NL80211_IFTYPE_AP &&
5075 wdev->iftype != NL80211_IFTYPE_P2P_GO)
5076 continue;
5077
5078 if (!wdev->preset_chandef.chan)
5079 continue;
5080
5081 params->chandef = wdev->preset_chandef;
5082 ret = true;
5083 break;
5084 }
5085
5086 return ret;
5087}
5088
5089static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
5090 enum nl80211_auth_type auth_type,
5091 enum nl80211_commands cmd)
5092{
5093 if (auth_type > NL80211_AUTHTYPE_MAX)
5094 return false;
5095
5096 switch (cmd) {
5097 case NL80211_CMD_AUTHENTICATE:
5098 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5099 auth_type == NL80211_AUTHTYPE_SAE)
5100 return false;
5101 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5102 NL80211_EXT_FEATURE_FILS_STA) &&
5103 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5104 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5105 auth_type == NL80211_AUTHTYPE_FILS_PK))
5106 return false;
5107 return true;
5108 case NL80211_CMD_CONNECT:
5109 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5110 !wiphy_ext_feature_isset(&rdev->wiphy,
5111 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
5112 auth_type == NL80211_AUTHTYPE_SAE)
5113 return false;
5114
5115 /* FILS with SK PFS or PK not supported yet */
5116 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5117 auth_type == NL80211_AUTHTYPE_FILS_PK)
5118 return false;
5119 if (!wiphy_ext_feature_isset(
5120 &rdev->wiphy,
5121 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
5122 auth_type == NL80211_AUTHTYPE_FILS_SK)
5123 return false;
5124 return true;
5125 case NL80211_CMD_START_AP:
5126 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5127 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
5128 auth_type == NL80211_AUTHTYPE_SAE)
5129 return false;
5130 /* FILS not supported yet */
5131 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5132 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5133 auth_type == NL80211_AUTHTYPE_FILS_PK)
5134 return false;
5135 return true;
5136 default:
5137 return false;
5138 }
5139}
5140
5141static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
5142{
5143 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5144 struct net_device *dev = info->user_ptr[1];
5145 struct wireless_dev *wdev = dev->ieee80211_ptr;
5146 struct cfg80211_ap_settings params;
5147 int err;
5148
5149 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5150 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5151 return -EOPNOTSUPP;
5152
5153 if (!rdev->ops->start_ap)
5154 return -EOPNOTSUPP;
5155
5156 if (wdev->beacon_interval)
5157 return -EALREADY;
5158
5159 memset(&params, 0, sizeof(params));
5160
5161 /* these are required for START_AP */
5162 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
5163 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
5164 !info->attrs[NL80211_ATTR_BEACON_HEAD])
5165 return -EINVAL;
5166
5167 err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon);
5168 if (err)
5169 return err;
5170
5171 params.beacon_interval =
5172 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
5173 params.dtim_period =
5174 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
5175
5176 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
5177 params.beacon_interval);
5178 if (err)
5179 return err;
5180
5181 /*
5182 * In theory, some of these attributes should be required here
5183 * but since they were not used when the command was originally
5184 * added, keep them optional for old user space programs to let
5185 * them continue to work with drivers that do not need the
5186 * additional information -- drivers must check!
5187 */
5188 if (info->attrs[NL80211_ATTR_SSID]) {
5189 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5190 params.ssid_len =
5191 nla_len(info->attrs[NL80211_ATTR_SSID]);
5192 if (params.ssid_len == 0)
5193 return -EINVAL;
5194 }
5195
5196 if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
5197 params.hidden_ssid = nla_get_u32(
5198 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
5199
5200 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
5201
5202 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
5203 params.auth_type = nla_get_u32(
5204 info->attrs[NL80211_ATTR_AUTH_TYPE]);
5205 if (!nl80211_valid_auth_type(rdev, params.auth_type,
5206 NL80211_CMD_START_AP))
5207 return -EINVAL;
5208 } else
5209 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
5210
5211 err = nl80211_crypto_settings(rdev, info, &params.crypto,
5212 NL80211_MAX_NR_CIPHER_SUITES);
5213 if (err)
5214 return err;
5215
5216 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
5217 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
5218 return -EOPNOTSUPP;
5219 params.inactivity_timeout = nla_get_u16(
5220 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
5221 }
5222
5223 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
5224 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5225 return -EINVAL;
5226 params.p2p_ctwindow =
5227 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
5228 if (params.p2p_ctwindow != 0 &&
5229 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
5230 return -EINVAL;
5231 }
5232
5233 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
5234 u8 tmp;
5235
5236 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5237 return -EINVAL;
5238 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
5239 params.p2p_opp_ps = tmp;
5240 if (params.p2p_opp_ps != 0 &&
5241 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
5242 return -EINVAL;
5243 }
5244
5245 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
5246 err = nl80211_parse_chandef(rdev, info, &params.chandef);
5247 if (err)
5248 return err;
5249 } else if (wdev->preset_chandef.chan) {
5250 params.chandef = wdev->preset_chandef;
5251 } else if (!nl80211_get_ap_channel(rdev, &params))
5252 return -EINVAL;
5253
5254 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
5255 wdev->iftype))
5256 return -EINVAL;
5257
5258 if (info->attrs[NL80211_ATTR_TX_RATES]) {
5259 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
5260 NL80211_ATTR_TX_RATES,
5261 &params.beacon_rate,
5262 dev);
5263 if (err)
5264 return err;
5265
5266 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
5267 &params.beacon_rate);
5268 if (err)
5269 return err;
5270 }
5271
5272 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
5273 params.smps_mode =
5274 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
5275 switch (params.smps_mode) {
5276 case NL80211_SMPS_OFF:
5277 break;
5278 case NL80211_SMPS_STATIC:
5279 if (!(rdev->wiphy.features &
5280 NL80211_FEATURE_STATIC_SMPS))
5281 return -EINVAL;
5282 break;
5283 case NL80211_SMPS_DYNAMIC:
5284 if (!(rdev->wiphy.features &
5285 NL80211_FEATURE_DYNAMIC_SMPS))
5286 return -EINVAL;
5287 break;
5288 default:
5289 return -EINVAL;
5290 }
5291 } else {
5292 params.smps_mode = NL80211_SMPS_OFF;
5293 }
5294
5295 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
5296 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
5297 return -EOPNOTSUPP;
5298
5299 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
5300 params.acl = parse_acl_data(&rdev->wiphy, info);
5301 if (IS_ERR(params.acl))
5302 return PTR_ERR(params.acl);
5303 }
5304
5305 params.twt_responder =
5306 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
5307
5308 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
5309 err = nl80211_parse_he_obss_pd(
5310 info->attrs[NL80211_ATTR_HE_OBSS_PD],
5311 &params.he_obss_pd);
5312 if (err)
5313 goto out;
5314 }
5315
5316 if (info->attrs[NL80211_ATTR_HE_BSS_COLOR]) {
5317 err = nl80211_parse_he_bss_color(
5318 info->attrs[NL80211_ATTR_HE_BSS_COLOR],
5319 &params.he_bss_color);
5320 if (err)
5321 goto out;
5322 }
5323
5324 if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
5325 err = nl80211_parse_fils_discovery(rdev,
5326 info->attrs[NL80211_ATTR_FILS_DISCOVERY],
5327 &params);
5328 if (err)
5329 goto out;
5330 }
5331
5332 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
5333 err = nl80211_parse_unsol_bcast_probe_resp(
5334 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
5335 &params);
5336 if (err)
5337 goto out;
5338 }
5339
5340 nl80211_calculate_ap_params(&params);
5341
5342 if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
5343 params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
5344
5345 wdev_lock(wdev);
5346 err = rdev_start_ap(rdev, dev, &params);
5347 if (!err) {
5348 wdev->preset_chandef = params.chandef;
5349 wdev->beacon_interval = params.beacon_interval;
5350 wdev->chandef = params.chandef;
5351 wdev->ssid_len = params.ssid_len;
5352 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
5353
5354 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
5355 wdev->conn_owner_nlportid = info->snd_portid;
5356 }
5357 wdev_unlock(wdev);
5358
5359out:
5360 kfree(params.acl);
5361
5362 return err;
5363}
5364
5365static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
5366{
5367 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5368 struct net_device *dev = info->user_ptr[1];
5369 struct wireless_dev *wdev = dev->ieee80211_ptr;
5370 struct cfg80211_beacon_data params;
5371 int err;
5372
5373 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5374 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5375 return -EOPNOTSUPP;
5376
5377 if (!rdev->ops->change_beacon)
5378 return -EOPNOTSUPP;
5379
5380 if (!wdev->beacon_interval)
5381 return -EINVAL;
5382
5383 err = nl80211_parse_beacon(rdev, info->attrs, &params);
5384 if (err)
5385 return err;
5386
5387 wdev_lock(wdev);
5388 err = rdev_change_beacon(rdev, dev, &params);
5389 wdev_unlock(wdev);
5390
5391 return err;
5392}
5393
5394static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
5395{
5396 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5397 struct net_device *dev = info->user_ptr[1];
5398
5399 return cfg80211_stop_ap(rdev, dev, false);
5400}
5401
5402static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
5403 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
5404 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
5405 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
5406 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
5407 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
5408 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
5409};
5410
5411static int parse_station_flags(struct genl_info *info,
5412 enum nl80211_iftype iftype,
5413 struct station_parameters *params)
5414{
5415 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
5416 struct nlattr *nla;
5417 int flag;
5418
5419 /*
5420 * Try parsing the new attribute first so userspace
5421 * can specify both for older kernels.
5422 */
5423 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
5424 if (nla) {
5425 struct nl80211_sta_flag_update *sta_flags;
5426
5427 sta_flags = nla_data(nla);
5428 params->sta_flags_mask = sta_flags->mask;
5429 params->sta_flags_set = sta_flags->set;
5430 params->sta_flags_set &= params->sta_flags_mask;
5431 if ((params->sta_flags_mask |
5432 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
5433 return -EINVAL;
5434 return 0;
5435 }
5436
5437 /* if present, parse the old attribute */
5438
5439 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
5440 if (!nla)
5441 return 0;
5442
5443 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
5444 return -EINVAL;
5445
5446 /*
5447 * Only allow certain flags for interface types so that
5448 * other attributes are silently ignored. Remember that
5449 * this is backward compatibility code with old userspace
5450 * and shouldn't be hit in other cases anyway.
5451 */
5452 switch (iftype) {
5453 case NL80211_IFTYPE_AP:
5454 case NL80211_IFTYPE_AP_VLAN:
5455 case NL80211_IFTYPE_P2P_GO:
5456 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5457 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5458 BIT(NL80211_STA_FLAG_WME) |
5459 BIT(NL80211_STA_FLAG_MFP);
5460 break;
5461 case NL80211_IFTYPE_P2P_CLIENT:
5462 case NL80211_IFTYPE_STATION:
5463 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5464 BIT(NL80211_STA_FLAG_TDLS_PEER);
5465 break;
5466 case NL80211_IFTYPE_MESH_POINT:
5467 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5468 BIT(NL80211_STA_FLAG_MFP) |
5469 BIT(NL80211_STA_FLAG_AUTHORIZED);
5470 break;
5471 default:
5472 return -EINVAL;
5473 }
5474
5475 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
5476 if (flags[flag]) {
5477 params->sta_flags_set |= (1<<flag);
5478
5479 /* no longer support new API additions in old API */
5480 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
5481 return -EINVAL;
5482 }
5483 }
5484
5485 return 0;
5486}
5487
5488bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
5489{
5490 struct nlattr *rate;
5491 u32 bitrate;
5492 u16 bitrate_compat;
5493 enum nl80211_rate_info rate_flg;
5494
5495 rate = nla_nest_start_noflag(msg, attr);
5496 if (!rate)
5497 return false;
5498
5499 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
5500 bitrate = cfg80211_calculate_bitrate(info);
5501 /* report 16-bit bitrate only if we can */
5502 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
5503 if (bitrate > 0 &&
5504 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
5505 return false;
5506 if (bitrate_compat > 0 &&
5507 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
5508 return false;
5509
5510 switch (info->bw) {
5511 case RATE_INFO_BW_5:
5512 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
5513 break;
5514 case RATE_INFO_BW_10:
5515 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
5516 break;
5517 default:
5518 WARN_ON(1);
5519 fallthrough;
5520 case RATE_INFO_BW_20:
5521 rate_flg = 0;
5522 break;
5523 case RATE_INFO_BW_40:
5524 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
5525 break;
5526 case RATE_INFO_BW_80:
5527 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
5528 break;
5529 case RATE_INFO_BW_160:
5530 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
5531 break;
5532 case RATE_INFO_BW_HE_RU:
5533 rate_flg = 0;
5534 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
5535 }
5536
5537 if (rate_flg && nla_put_flag(msg, rate_flg))
5538 return false;
5539
5540 if (info->flags & RATE_INFO_FLAGS_MCS) {
5541 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
5542 return false;
5543 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5544 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5545 return false;
5546 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
5547 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
5548 return false;
5549 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
5550 return false;
5551 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5552 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5553 return false;
5554 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
5555 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
5556 return false;
5557 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
5558 return false;
5559 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
5560 return false;
5561 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
5562 return false;
5563 if (info->bw == RATE_INFO_BW_HE_RU &&
5564 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
5565 info->he_ru_alloc))
5566 return false;
5567 }
5568
5569 nla_nest_end(msg, rate);
5570 return true;
5571}
5572
5573static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
5574 int id)
5575{
5576 void *attr;
5577 int i = 0;
5578
5579 if (!mask)
5580 return true;
5581
5582 attr = nla_nest_start_noflag(msg, id);
5583 if (!attr)
5584 return false;
5585
5586 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
5587 if (!(mask & BIT(i)))
5588 continue;
5589
5590 if (nla_put_u8(msg, i, signal[i]))
5591 return false;
5592 }
5593
5594 nla_nest_end(msg, attr);
5595
5596 return true;
5597}
5598
5599static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
5600 u32 seq, int flags,
5601 struct cfg80211_registered_device *rdev,
5602 struct net_device *dev,
5603 const u8 *mac_addr, struct station_info *sinfo)
5604{
5605 void *hdr;
5606 struct nlattr *sinfoattr, *bss_param;
5607
5608 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
5609 if (!hdr) {
5610 cfg80211_sinfo_release_content(sinfo);
5611 return -1;
5612 }
5613
5614 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5615 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
5616 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
5617 goto nla_put_failure;
5618
5619 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
5620 if (!sinfoattr)
5621 goto nla_put_failure;
5622
5623#define PUT_SINFO(attr, memb, type) do { \
5624 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
5625 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
5626 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
5627 sinfo->memb)) \
5628 goto nla_put_failure; \
5629 } while (0)
5630#define PUT_SINFO_U64(attr, memb) do { \
5631 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
5632 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
5633 sinfo->memb, NL80211_STA_INFO_PAD)) \
5634 goto nla_put_failure; \
5635 } while (0)
5636
5637 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
5638 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
5639 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
5640
5641 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
5642 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
5643 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
5644 (u32)sinfo->rx_bytes))
5645 goto nla_put_failure;
5646
5647 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
5648 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
5649 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
5650 (u32)sinfo->tx_bytes))
5651 goto nla_put_failure;
5652
5653 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
5654 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
5655 PUT_SINFO(LLID, llid, u16);
5656 PUT_SINFO(PLID, plid, u16);
5657 PUT_SINFO(PLINK_STATE, plink_state, u8);
5658 PUT_SINFO_U64(RX_DURATION, rx_duration);
5659 PUT_SINFO_U64(TX_DURATION, tx_duration);
5660
5661 if (wiphy_ext_feature_isset(&rdev->wiphy,
5662 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5663 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
5664
5665 switch (rdev->wiphy.signal_type) {
5666 case CFG80211_SIGNAL_TYPE_MBM:
5667 PUT_SINFO(SIGNAL, signal, u8);
5668 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
5669 break;
5670 default:
5671 break;
5672 }
5673 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
5674 if (!nl80211_put_signal(msg, sinfo->chains,
5675 sinfo->chain_signal,
5676 NL80211_STA_INFO_CHAIN_SIGNAL))
5677 goto nla_put_failure;
5678 }
5679 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
5680 if (!nl80211_put_signal(msg, sinfo->chains,
5681 sinfo->chain_signal_avg,
5682 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
5683 goto nla_put_failure;
5684 }
5685 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
5686 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
5687 NL80211_STA_INFO_TX_BITRATE))
5688 goto nla_put_failure;
5689 }
5690 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
5691 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
5692 NL80211_STA_INFO_RX_BITRATE))
5693 goto nla_put_failure;
5694 }
5695
5696 PUT_SINFO(RX_PACKETS, rx_packets, u32);
5697 PUT_SINFO(TX_PACKETS, tx_packets, u32);
5698 PUT_SINFO(TX_RETRIES, tx_retries, u32);
5699 PUT_SINFO(TX_FAILED, tx_failed, u32);
5700 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
5701 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
5702 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
5703 PUT_SINFO(LOCAL_PM, local_pm, u32);
5704 PUT_SINFO(PEER_PM, peer_pm, u32);
5705 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
5706 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
5707 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
5708
5709 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5710 bss_param = nla_nest_start_noflag(msg,
5711 NL80211_STA_INFO_BSS_PARAM);
5712 if (!bss_param)
5713 goto nla_put_failure;
5714
5715 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5716 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5717 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5718 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5719 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5720 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5721 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5722 sinfo->bss_param.dtim_period) ||
5723 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5724 sinfo->bss_param.beacon_interval))
5725 goto nla_put_failure;
5726
5727 nla_nest_end(msg, bss_param);
5728 }
5729 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5730 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5731 sizeof(struct nl80211_sta_flag_update),
5732 &sinfo->sta_flags))
5733 goto nla_put_failure;
5734
5735 PUT_SINFO_U64(T_OFFSET, t_offset);
5736 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5737 PUT_SINFO_U64(BEACON_RX, rx_beacon);
5738 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5739 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5740 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5741 if (wiphy_ext_feature_isset(&rdev->wiphy,
5742 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5743 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5744 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5745 }
5746
5747#undef PUT_SINFO
5748#undef PUT_SINFO_U64
5749
5750 if (sinfo->pertid) {
5751 struct nlattr *tidsattr;
5752 int tid;
5753
5754 tidsattr = nla_nest_start_noflag(msg,
5755 NL80211_STA_INFO_TID_STATS);
5756 if (!tidsattr)
5757 goto nla_put_failure;
5758
5759 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5760 struct cfg80211_tid_stats *tidstats;
5761 struct nlattr *tidattr;
5762
5763 tidstats = &sinfo->pertid[tid];
5764
5765 if (!tidstats->filled)
5766 continue;
5767
5768 tidattr = nla_nest_start_noflag(msg, tid + 1);
5769 if (!tidattr)
5770 goto nla_put_failure;
5771
5772#define PUT_TIDVAL_U64(attr, memb) do { \
5773 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
5774 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
5775 tidstats->memb, NL80211_TID_STATS_PAD)) \
5776 goto nla_put_failure; \
5777 } while (0)
5778
5779 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5780 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5781 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5782 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5783
5784#undef PUT_TIDVAL_U64
5785 if ((tidstats->filled &
5786 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5787 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5788 NL80211_TID_STATS_TXQ_STATS))
5789 goto nla_put_failure;
5790
5791 nla_nest_end(msg, tidattr);
5792 }
5793
5794 nla_nest_end(msg, tidsattr);
5795 }
5796
5797 nla_nest_end(msg, sinfoattr);
5798
5799 if (sinfo->assoc_req_ies_len &&
5800 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5801 sinfo->assoc_req_ies))
5802 goto nla_put_failure;
5803
5804 cfg80211_sinfo_release_content(sinfo);
5805 genlmsg_end(msg, hdr);
5806 return 0;
5807
5808 nla_put_failure:
5809 cfg80211_sinfo_release_content(sinfo);
5810 genlmsg_cancel(msg, hdr);
5811 return -EMSGSIZE;
5812}
5813
5814static int nl80211_dump_station(struct sk_buff *skb,
5815 struct netlink_callback *cb)
5816{
5817 struct station_info sinfo;
5818 struct cfg80211_registered_device *rdev;
5819 struct wireless_dev *wdev;
5820 u8 mac_addr[ETH_ALEN];
5821 int sta_idx = cb->args[2];
5822 int err;
5823
5824 rtnl_lock();
5825 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5826 if (err)
5827 goto out_err;
5828
5829 if (!wdev->netdev) {
5830 err = -EINVAL;
5831 goto out_err;
5832 }
5833
5834 if (!rdev->ops->dump_station) {
5835 err = -EOPNOTSUPP;
5836 goto out_err;
5837 }
5838
5839 while (1) {
5840 memset(&sinfo, 0, sizeof(sinfo));
5841 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
5842 mac_addr, &sinfo);
5843 if (err == -ENOENT)
5844 break;
5845 if (err)
5846 goto out_err;
5847
5848 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
5849 NETLINK_CB(cb->skb).portid,
5850 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5851 rdev, wdev->netdev, mac_addr,
5852 &sinfo) < 0)
5853 goto out;
5854
5855 sta_idx++;
5856 }
5857
5858 out:
5859 cb->args[2] = sta_idx;
5860 err = skb->len;
5861 out_err:
5862 rtnl_unlock();
5863
5864 return err;
5865}
5866
5867static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
5868{
5869 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5870 struct net_device *dev = info->user_ptr[1];
5871 struct station_info sinfo;
5872 struct sk_buff *msg;
5873 u8 *mac_addr = NULL;
5874 int err;
5875
5876 memset(&sinfo, 0, sizeof(sinfo));
5877
5878 if (!info->attrs[NL80211_ATTR_MAC])
5879 return -EINVAL;
5880
5881 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5882
5883 if (!rdev->ops->get_station)
5884 return -EOPNOTSUPP;
5885
5886 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
5887 if (err)
5888 return err;
5889
5890 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5891 if (!msg) {
5892 cfg80211_sinfo_release_content(&sinfo);
5893 return -ENOMEM;
5894 }
5895
5896 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
5897 info->snd_portid, info->snd_seq, 0,
5898 rdev, dev, mac_addr, &sinfo) < 0) {
5899 nlmsg_free(msg);
5900 return -ENOBUFS;
5901 }
5902
5903 return genlmsg_reply(msg, info);
5904}
5905
5906int cfg80211_check_station_change(struct wiphy *wiphy,
5907 struct station_parameters *params,
5908 enum cfg80211_station_type statype)
5909{
5910 if (params->listen_interval != -1 &&
5911 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5912 return -EINVAL;
5913
5914 if (params->support_p2p_ps != -1 &&
5915 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5916 return -EINVAL;
5917
5918 if (params->aid &&
5919 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
5920 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5921 return -EINVAL;
5922
5923 /* When you run into this, adjust the code below for the new flag */
5924 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5925
5926 switch (statype) {
5927 case CFG80211_STA_MESH_PEER_KERNEL:
5928 case CFG80211_STA_MESH_PEER_USER:
5929 /*
5930 * No ignoring the TDLS flag here -- the userspace mesh
5931 * code doesn't have the bug of including TDLS in the
5932 * mask everywhere.
5933 */
5934 if (params->sta_flags_mask &
5935 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5936 BIT(NL80211_STA_FLAG_MFP) |
5937 BIT(NL80211_STA_FLAG_AUTHORIZED)))
5938 return -EINVAL;
5939 break;
5940 case CFG80211_STA_TDLS_PEER_SETUP:
5941 case CFG80211_STA_TDLS_PEER_ACTIVE:
5942 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5943 return -EINVAL;
5944 /* ignore since it can't change */
5945 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5946 break;
5947 default:
5948 /* disallow mesh-specific things */
5949 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
5950 return -EINVAL;
5951 if (params->local_pm)
5952 return -EINVAL;
5953 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5954 return -EINVAL;
5955 }
5956
5957 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5958 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
5959 /* TDLS can't be set, ... */
5960 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
5961 return -EINVAL;
5962 /*
5963 * ... but don't bother the driver with it. This works around
5964 * a hostapd/wpa_supplicant issue -- it always includes the
5965 * TLDS_PEER flag in the mask even for AP mode.
5966 */
5967 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5968 }
5969
5970 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5971 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5972 /* reject other things that can't change */
5973 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
5974 return -EINVAL;
5975 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
5976 return -EINVAL;
5977 if (params->supported_rates)
5978 return -EINVAL;
5979 if (params->ext_capab || params->ht_capa || params->vht_capa ||
5980 params->he_capa)
5981 return -EINVAL;
5982 }
5983
5984 if (statype != CFG80211_STA_AP_CLIENT &&
5985 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5986 if (params->vlan)
5987 return -EINVAL;
5988 }
5989
5990 switch (statype) {
5991 case CFG80211_STA_AP_MLME_CLIENT:
5992 /* Use this only for authorizing/unauthorizing a station */
5993 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5994 return -EOPNOTSUPP;
5995 break;
5996 case CFG80211_STA_AP_CLIENT:
5997 case CFG80211_STA_AP_CLIENT_UNASSOC:
5998 /* accept only the listed bits */
5999 if (params->sta_flags_mask &
6000 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
6001 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6002 BIT(NL80211_STA_FLAG_ASSOCIATED) |
6003 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
6004 BIT(NL80211_STA_FLAG_WME) |
6005 BIT(NL80211_STA_FLAG_MFP)))
6006 return -EINVAL;
6007
6008 /* but authenticated/associated only if driver handles it */
6009 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6010 params->sta_flags_mask &
6011 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6012 BIT(NL80211_STA_FLAG_ASSOCIATED)))
6013 return -EINVAL;
6014 break;
6015 case CFG80211_STA_IBSS:
6016 case CFG80211_STA_AP_STA:
6017 /* reject any changes other than AUTHORIZED */
6018 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
6019 return -EINVAL;
6020 break;
6021 case CFG80211_STA_TDLS_PEER_SETUP:
6022 /* reject any changes other than AUTHORIZED or WME */
6023 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
6024 BIT(NL80211_STA_FLAG_WME)))
6025 return -EINVAL;
6026 /* force (at least) rates when authorizing */
6027 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
6028 !params->supported_rates)
6029 return -EINVAL;
6030 break;
6031 case CFG80211_STA_TDLS_PEER_ACTIVE:
6032 /* reject any changes */
6033 return -EINVAL;
6034 case CFG80211_STA_MESH_PEER_KERNEL:
6035 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
6036 return -EINVAL;
6037 break;
6038 case CFG80211_STA_MESH_PEER_USER:
6039 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
6040 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
6041 return -EINVAL;
6042 break;
6043 }
6044
6045 /*
6046 * Older kernel versions ignored this attribute entirely, so don't
6047 * reject attempts to update it but mark it as unused instead so the
6048 * driver won't look at the data.
6049 */
6050 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
6051 statype != CFG80211_STA_TDLS_PEER_SETUP)
6052 params->opmode_notif_used = false;
6053
6054 return 0;
6055}
6056EXPORT_SYMBOL(cfg80211_check_station_change);
6057
6058/*
6059 * Get vlan interface making sure it is running and on the right wiphy.
6060 */
6061static struct net_device *get_vlan(struct genl_info *info,
6062 struct cfg80211_registered_device *rdev)
6063{
6064 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
6065 struct net_device *v;
6066 int ret;
6067
6068 if (!vlanattr)
6069 return NULL;
6070
6071 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
6072 if (!v)
6073 return ERR_PTR(-ENODEV);
6074
6075 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
6076 ret = -EINVAL;
6077 goto error;
6078 }
6079
6080 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
6081 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6082 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6083 ret = -EINVAL;
6084 goto error;
6085 }
6086
6087 if (!netif_running(v)) {
6088 ret = -ENETDOWN;
6089 goto error;
6090 }
6091
6092 return v;
6093 error:
6094 dev_put(v);
6095 return ERR_PTR(ret);
6096}
6097
6098static const struct nla_policy
6099nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
6100 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
6101 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
6102};
6103
6104static int nl80211_parse_sta_wme(struct genl_info *info,
6105 struct station_parameters *params)
6106{
6107 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
6108 struct nlattr *nla;
6109 int err;
6110
6111 /* parse WME attributes if present */
6112 if (!info->attrs[NL80211_ATTR_STA_WME])
6113 return 0;
6114
6115 nla = info->attrs[NL80211_ATTR_STA_WME];
6116 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
6117 nl80211_sta_wme_policy,
6118 info->extack);
6119 if (err)
6120 return err;
6121
6122 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
6123 params->uapsd_queues = nla_get_u8(
6124 tb[NL80211_STA_WME_UAPSD_QUEUES]);
6125 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
6126 return -EINVAL;
6127
6128 if (tb[NL80211_STA_WME_MAX_SP])
6129 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
6130
6131 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
6132 return -EINVAL;
6133
6134 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
6135
6136 return 0;
6137}
6138
6139static int nl80211_parse_sta_channel_info(struct genl_info *info,
6140 struct station_parameters *params)
6141{
6142 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
6143 params->supported_channels =
6144 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
6145 params->supported_channels_len =
6146 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
6147 /*
6148 * Need to include at least one (first channel, number of
6149 * channels) tuple for each subband (checked in policy),
6150 * and must have proper tuples for the rest of the data as well.
6151 */
6152 if (params->supported_channels_len % 2)
6153 return -EINVAL;
6154 }
6155
6156 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
6157 params->supported_oper_classes =
6158 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
6159 params->supported_oper_classes_len =
6160 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
6161 }
6162 return 0;
6163}
6164
6165static int nl80211_set_station_tdls(struct genl_info *info,
6166 struct station_parameters *params)
6167{
6168 int err;
6169 /* Dummy STA entry gets updated once the peer capabilities are known */
6170 if (info->attrs[NL80211_ATTR_PEER_AID])
6171 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
6172 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
6173 params->ht_capa =
6174 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
6175 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
6176 params->vht_capa =
6177 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
6178 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
6179 params->he_capa =
6180 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6181 params->he_capa_len =
6182 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6183 }
6184
6185 err = nl80211_parse_sta_channel_info(info, params);
6186 if (err)
6187 return err;
6188
6189 return nl80211_parse_sta_wme(info, params);
6190}
6191
6192static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
6193 struct station_parameters *params)
6194{
6195 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6196 int idx;
6197
6198 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
6199 if (!rdev->ops->set_tx_power ||
6200 !wiphy_ext_feature_isset(&rdev->wiphy,
6201 NL80211_EXT_FEATURE_STA_TX_PWR))
6202 return -EOPNOTSUPP;
6203
6204 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
6205 params->txpwr.type = nla_get_u8(info->attrs[idx]);
6206
6207 if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
6208 idx = NL80211_ATTR_STA_TX_POWER;
6209
6210 if (info->attrs[idx])
6211 params->txpwr.power =
6212 nla_get_s16(info->attrs[idx]);
6213 else
6214 return -EINVAL;
6215 }
6216 params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
6217 }
6218
6219 return 0;
6220}
6221
6222static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
6223{
6224 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6225 struct net_device *dev = info->user_ptr[1];
6226 struct station_parameters params;
6227 u8 *mac_addr;
6228 int err;
6229
6230 memset(&params, 0, sizeof(params));
6231
6232 if (!rdev->ops->change_station)
6233 return -EOPNOTSUPP;
6234
6235 /*
6236 * AID and listen_interval properties can be set only for unassociated
6237 * station. Include these parameters here and will check them in
6238 * cfg80211_check_station_change().
6239 */
6240 if (info->attrs[NL80211_ATTR_STA_AID])
6241 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
6242
6243 if (info->attrs[NL80211_ATTR_VLAN_ID])
6244 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
6245
6246 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
6247 params.listen_interval =
6248 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
6249 else
6250 params.listen_interval = -1;
6251
6252 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
6253 params.support_p2p_ps =
6254 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
6255 else
6256 params.support_p2p_ps = -1;
6257
6258 if (!info->attrs[NL80211_ATTR_MAC])
6259 return -EINVAL;
6260
6261 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6262
6263 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
6264 params.supported_rates =
6265 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6266 params.supported_rates_len =
6267 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6268 }
6269
6270 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
6271 params.capability =
6272 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
6273 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
6274 }
6275
6276 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
6277 params.ext_capab =
6278 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6279 params.ext_capab_len =
6280 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6281 }
6282
6283 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
6284 return -EINVAL;
6285
6286 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
6287 params.plink_action =
6288 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
6289
6290 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
6291 params.plink_state =
6292 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
6293 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
6294 params.peer_aid = nla_get_u16(
6295 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
6296 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
6297 }
6298
6299 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
6300 params.local_pm = nla_get_u32(
6301 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
6302
6303 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6304 params.opmode_notif_used = true;
6305 params.opmode_notif =
6306 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6307 }
6308
6309 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
6310 params.he_6ghz_capa =
6311 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
6312
6313 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6314 params.airtime_weight =
6315 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6316
6317 if (params.airtime_weight &&
6318 !wiphy_ext_feature_isset(&rdev->wiphy,
6319 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6320 return -EOPNOTSUPP;
6321
6322 err = nl80211_parse_sta_txpower_setting(info, &params);
6323 if (err)
6324 return err;
6325
6326 /* Include parameters for TDLS peer (will check later) */
6327 err = nl80211_set_station_tdls(info, &params);
6328 if (err)
6329 return err;
6330
6331 params.vlan = get_vlan(info, rdev);
6332 if (IS_ERR(params.vlan))
6333 return PTR_ERR(params.vlan);
6334
6335 switch (dev->ieee80211_ptr->iftype) {
6336 case NL80211_IFTYPE_AP:
6337 case NL80211_IFTYPE_AP_VLAN:
6338 case NL80211_IFTYPE_P2P_GO:
6339 case NL80211_IFTYPE_P2P_CLIENT:
6340 case NL80211_IFTYPE_STATION:
6341 case NL80211_IFTYPE_ADHOC:
6342 case NL80211_IFTYPE_MESH_POINT:
6343 break;
6344 default:
6345 err = -EOPNOTSUPP;
6346 goto out_put_vlan;
6347 }
6348
6349 /* driver will call cfg80211_check_station_change() */
6350 err = rdev_change_station(rdev, dev, mac_addr, &params);
6351
6352 out_put_vlan:
6353 if (params.vlan)
6354 dev_put(params.vlan);
6355
6356 return err;
6357}
6358
6359static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
6360{
6361 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6362 int err;
6363 struct net_device *dev = info->user_ptr[1];
6364 struct station_parameters params;
6365 u8 *mac_addr = NULL;
6366 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6367 BIT(NL80211_STA_FLAG_ASSOCIATED);
6368
6369 memset(&params, 0, sizeof(params));
6370
6371 if (!rdev->ops->add_station)
6372 return -EOPNOTSUPP;
6373
6374 if (!info->attrs[NL80211_ATTR_MAC])
6375 return -EINVAL;
6376
6377 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
6378 return -EINVAL;
6379
6380 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
6381 return -EINVAL;
6382
6383 if (!info->attrs[NL80211_ATTR_STA_AID] &&
6384 !info->attrs[NL80211_ATTR_PEER_AID])
6385 return -EINVAL;
6386
6387 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6388 params.supported_rates =
6389 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6390 params.supported_rates_len =
6391 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6392 params.listen_interval =
6393 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
6394
6395 if (info->attrs[NL80211_ATTR_VLAN_ID])
6396 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
6397
6398 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
6399 params.support_p2p_ps =
6400 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
6401 } else {
6402 /*
6403 * if not specified, assume it's supported for P2P GO interface,
6404 * and is NOT supported for AP interface
6405 */
6406 params.support_p2p_ps =
6407 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
6408 }
6409
6410 if (info->attrs[NL80211_ATTR_PEER_AID])
6411 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
6412 else
6413 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
6414
6415 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
6416 params.capability =
6417 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
6418 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
6419 }
6420
6421 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
6422 params.ext_capab =
6423 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6424 params.ext_capab_len =
6425 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6426 }
6427
6428 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
6429 params.ht_capa =
6430 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
6431
6432 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
6433 params.vht_capa =
6434 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
6435
6436 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
6437 params.he_capa =
6438 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6439 params.he_capa_len =
6440 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6441 }
6442
6443 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
6444 params.he_6ghz_capa =
6445 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
6446
6447 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6448 params.opmode_notif_used = true;
6449 params.opmode_notif =
6450 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6451 }
6452
6453 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
6454 params.plink_action =
6455 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
6456
6457 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6458 params.airtime_weight =
6459 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6460
6461 if (params.airtime_weight &&
6462 !wiphy_ext_feature_isset(&rdev->wiphy,
6463 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6464 return -EOPNOTSUPP;
6465
6466 err = nl80211_parse_sta_txpower_setting(info, &params);
6467 if (err)
6468 return err;
6469
6470 err = nl80211_parse_sta_channel_info(info, &params);
6471 if (err)
6472 return err;
6473
6474 err = nl80211_parse_sta_wme(info, &params);
6475 if (err)
6476 return err;
6477
6478 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
6479 return -EINVAL;
6480
6481 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
6482 * as userspace might just pass through the capabilities from the IEs
6483 * directly, rather than enforcing this restriction and returning an
6484 * error in this case.
6485 */
6486 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
6487 params.ht_capa = NULL;
6488 params.vht_capa = NULL;
6489
6490 /* HE requires WME */
6491 if (params.he_capa_len || params.he_6ghz_capa)
6492 return -EINVAL;
6493 }
6494
6495 /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
6496 if (params.he_6ghz_capa && (params.ht_capa || params.vht_capa))
6497 return -EINVAL;
6498
6499 /* When you run into this, adjust the code below for the new flag */
6500 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
6501
6502 switch (dev->ieee80211_ptr->iftype) {
6503 case NL80211_IFTYPE_AP:
6504 case NL80211_IFTYPE_AP_VLAN:
6505 case NL80211_IFTYPE_P2P_GO:
6506 /* ignore WME attributes if iface/sta is not capable */
6507 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
6508 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
6509 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6510
6511 /* TDLS peers cannot be added */
6512 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6513 info->attrs[NL80211_ATTR_PEER_AID])
6514 return -EINVAL;
6515 /* but don't bother the driver with it */
6516 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6517
6518 /* allow authenticated/associated only if driver handles it */
6519 if (!(rdev->wiphy.features &
6520 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6521 params.sta_flags_mask & auth_assoc)
6522 return -EINVAL;
6523
6524 /* Older userspace, or userspace wanting to be compatible with
6525 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
6526 * and assoc flags in the mask, but assumes the station will be
6527 * added as associated anyway since this was the required driver
6528 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
6529 * introduced.
6530 * In order to not bother drivers with this quirk in the API
6531 * set the flags in both the mask and set for new stations in
6532 * this case.
6533 */
6534 if (!(params.sta_flags_mask & auth_assoc)) {
6535 params.sta_flags_mask |= auth_assoc;
6536 params.sta_flags_set |= auth_assoc;
6537 }
6538
6539 /* must be last in here for error handling */
6540 params.vlan = get_vlan(info, rdev);
6541 if (IS_ERR(params.vlan))
6542 return PTR_ERR(params.vlan);
6543 break;
6544 case NL80211_IFTYPE_MESH_POINT:
6545 /* ignore uAPSD data */
6546 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6547
6548 /* associated is disallowed */
6549 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
6550 return -EINVAL;
6551 /* TDLS peers cannot be added */
6552 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6553 info->attrs[NL80211_ATTR_PEER_AID])
6554 return -EINVAL;
6555 break;
6556 case NL80211_IFTYPE_STATION:
6557 case NL80211_IFTYPE_P2P_CLIENT:
6558 /* ignore uAPSD data */
6559 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6560
6561 /* these are disallowed */
6562 if (params.sta_flags_mask &
6563 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
6564 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
6565 return -EINVAL;
6566 /* Only TDLS peers can be added */
6567 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6568 return -EINVAL;
6569 /* Can only add if TDLS ... */
6570 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
6571 return -EOPNOTSUPP;
6572 /* ... with external setup is supported */
6573 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
6574 return -EOPNOTSUPP;
6575 /*
6576 * Older wpa_supplicant versions always mark the TDLS peer
6577 * as authorized, but it shouldn't yet be.
6578 */
6579 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
6580 break;
6581 default:
6582 return -EOPNOTSUPP;
6583 }
6584
6585 /* be aware of params.vlan when changing code here */
6586
6587 err = rdev_add_station(rdev, dev, mac_addr, &params);
6588
6589 if (params.vlan)
6590 dev_put(params.vlan);
6591 return err;
6592}
6593
6594static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
6595{
6596 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6597 struct net_device *dev = info->user_ptr[1];
6598 struct station_del_parameters params;
6599
6600 memset(&params, 0, sizeof(params));
6601
6602 if (info->attrs[NL80211_ATTR_MAC])
6603 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
6604
6605 switch (dev->ieee80211_ptr->iftype) {
6606 case NL80211_IFTYPE_AP:
6607 case NL80211_IFTYPE_AP_VLAN:
6608 case NL80211_IFTYPE_MESH_POINT:
6609 case NL80211_IFTYPE_P2P_GO:
6610 /* always accept these */
6611 break;
6612 case NL80211_IFTYPE_ADHOC:
6613 /* conditionally accept */
6614 if (wiphy_ext_feature_isset(&rdev->wiphy,
6615 NL80211_EXT_FEATURE_DEL_IBSS_STA))
6616 break;
6617 return -EINVAL;
6618 default:
6619 return -EINVAL;
6620 }
6621
6622 if (!rdev->ops->del_station)
6623 return -EOPNOTSUPP;
6624
6625 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
6626 params.subtype =
6627 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
6628 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
6629 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
6630 return -EINVAL;
6631 } else {
6632 /* Default to Deauthentication frame */
6633 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
6634 }
6635
6636 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
6637 params.reason_code =
6638 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6639 if (params.reason_code == 0)
6640 return -EINVAL; /* 0 is reserved */
6641 } else {
6642 /* Default to reason code 2 */
6643 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
6644 }
6645
6646 return rdev_del_station(rdev, dev, &params);
6647}
6648
6649static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
6650 int flags, struct net_device *dev,
6651 u8 *dst, u8 *next_hop,
6652 struct mpath_info *pinfo)
6653{
6654 void *hdr;
6655 struct nlattr *pinfoattr;
6656
6657 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
6658 if (!hdr)
6659 return -1;
6660
6661 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6662 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
6663 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
6664 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
6665 goto nla_put_failure;
6666
6667 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
6668 if (!pinfoattr)
6669 goto nla_put_failure;
6670 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
6671 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
6672 pinfo->frame_qlen))
6673 goto nla_put_failure;
6674 if (((pinfo->filled & MPATH_INFO_SN) &&
6675 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
6676 ((pinfo->filled & MPATH_INFO_METRIC) &&
6677 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
6678 pinfo->metric)) ||
6679 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
6680 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
6681 pinfo->exptime)) ||
6682 ((pinfo->filled & MPATH_INFO_FLAGS) &&
6683 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
6684 pinfo->flags)) ||
6685 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
6686 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
6687 pinfo->discovery_timeout)) ||
6688 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
6689 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
6690 pinfo->discovery_retries)) ||
6691 ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
6692 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
6693 pinfo->hop_count)) ||
6694 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
6695 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
6696 pinfo->path_change_count)))
6697 goto nla_put_failure;
6698
6699 nla_nest_end(msg, pinfoattr);
6700
6701 genlmsg_end(msg, hdr);
6702 return 0;
6703
6704 nla_put_failure:
6705 genlmsg_cancel(msg, hdr);
6706 return -EMSGSIZE;
6707}
6708
6709static int nl80211_dump_mpath(struct sk_buff *skb,
6710 struct netlink_callback *cb)
6711{
6712 struct mpath_info pinfo;
6713 struct cfg80211_registered_device *rdev;
6714 struct wireless_dev *wdev;
6715 u8 dst[ETH_ALEN];
6716 u8 next_hop[ETH_ALEN];
6717 int path_idx = cb->args[2];
6718 int err;
6719
6720 rtnl_lock();
6721 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6722 if (err)
6723 goto out_err;
6724
6725 if (!rdev->ops->dump_mpath) {
6726 err = -EOPNOTSUPP;
6727 goto out_err;
6728 }
6729
6730 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6731 err = -EOPNOTSUPP;
6732 goto out_err;
6733 }
6734
6735 while (1) {
6736 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6737 next_hop, &pinfo);
6738 if (err == -ENOENT)
6739 break;
6740 if (err)
6741 goto out_err;
6742
6743 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6744 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6745 wdev->netdev, dst, next_hop,
6746 &pinfo) < 0)
6747 goto out;
6748
6749 path_idx++;
6750 }
6751
6752 out:
6753 cb->args[2] = path_idx;
6754 err = skb->len;
6755 out_err:
6756 rtnl_unlock();
6757 return err;
6758}
6759
6760static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6761{
6762 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6763 int err;
6764 struct net_device *dev = info->user_ptr[1];
6765 struct mpath_info pinfo;
6766 struct sk_buff *msg;
6767 u8 *dst = NULL;
6768 u8 next_hop[ETH_ALEN];
6769
6770 memset(&pinfo, 0, sizeof(pinfo));
6771
6772 if (!info->attrs[NL80211_ATTR_MAC])
6773 return -EINVAL;
6774
6775 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6776
6777 if (!rdev->ops->get_mpath)
6778 return -EOPNOTSUPP;
6779
6780 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6781 return -EOPNOTSUPP;
6782
6783 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6784 if (err)
6785 return err;
6786
6787 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6788 if (!msg)
6789 return -ENOMEM;
6790
6791 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6792 dev, dst, next_hop, &pinfo) < 0) {
6793 nlmsg_free(msg);
6794 return -ENOBUFS;
6795 }
6796
6797 return genlmsg_reply(msg, info);
6798}
6799
6800static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6801{
6802 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6803 struct net_device *dev = info->user_ptr[1];
6804 u8 *dst = NULL;
6805 u8 *next_hop = NULL;
6806
6807 if (!info->attrs[NL80211_ATTR_MAC])
6808 return -EINVAL;
6809
6810 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6811 return -EINVAL;
6812
6813 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6814 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6815
6816 if (!rdev->ops->change_mpath)
6817 return -EOPNOTSUPP;
6818
6819 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6820 return -EOPNOTSUPP;
6821
6822 return rdev_change_mpath(rdev, dev, dst, next_hop);
6823}
6824
6825static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
6826{
6827 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6828 struct net_device *dev = info->user_ptr[1];
6829 u8 *dst = NULL;
6830 u8 *next_hop = NULL;
6831
6832 if (!info->attrs[NL80211_ATTR_MAC])
6833 return -EINVAL;
6834
6835 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6836 return -EINVAL;
6837
6838 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6839 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6840
6841 if (!rdev->ops->add_mpath)
6842 return -EOPNOTSUPP;
6843
6844 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6845 return -EOPNOTSUPP;
6846
6847 return rdev_add_mpath(rdev, dev, dst, next_hop);
6848}
6849
6850static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
6851{
6852 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6853 struct net_device *dev = info->user_ptr[1];
6854 u8 *dst = NULL;
6855
6856 if (info->attrs[NL80211_ATTR_MAC])
6857 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6858
6859 if (!rdev->ops->del_mpath)
6860 return -EOPNOTSUPP;
6861
6862 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6863 return -EOPNOTSUPP;
6864
6865 return rdev_del_mpath(rdev, dev, dst);
6866}
6867
6868static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
6869{
6870 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6871 int err;
6872 struct net_device *dev = info->user_ptr[1];
6873 struct mpath_info pinfo;
6874 struct sk_buff *msg;
6875 u8 *dst = NULL;
6876 u8 mpp[ETH_ALEN];
6877
6878 memset(&pinfo, 0, sizeof(pinfo));
6879
6880 if (!info->attrs[NL80211_ATTR_MAC])
6881 return -EINVAL;
6882
6883 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6884
6885 if (!rdev->ops->get_mpp)
6886 return -EOPNOTSUPP;
6887
6888 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6889 return -EOPNOTSUPP;
6890
6891 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
6892 if (err)
6893 return err;
6894
6895 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6896 if (!msg)
6897 return -ENOMEM;
6898
6899 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6900 dev, dst, mpp, &pinfo) < 0) {
6901 nlmsg_free(msg);
6902 return -ENOBUFS;
6903 }
6904
6905 return genlmsg_reply(msg, info);
6906}
6907
6908static int nl80211_dump_mpp(struct sk_buff *skb,
6909 struct netlink_callback *cb)
6910{
6911 struct mpath_info pinfo;
6912 struct cfg80211_registered_device *rdev;
6913 struct wireless_dev *wdev;
6914 u8 dst[ETH_ALEN];
6915 u8 mpp[ETH_ALEN];
6916 int path_idx = cb->args[2];
6917 int err;
6918
6919 rtnl_lock();
6920 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6921 if (err)
6922 goto out_err;
6923
6924 if (!rdev->ops->dump_mpp) {
6925 err = -EOPNOTSUPP;
6926 goto out_err;
6927 }
6928
6929 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6930 err = -EOPNOTSUPP;
6931 goto out_err;
6932 }
6933
6934 while (1) {
6935 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
6936 mpp, &pinfo);
6937 if (err == -ENOENT)
6938 break;
6939 if (err)
6940 goto out_err;
6941
6942 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6943 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6944 wdev->netdev, dst, mpp,
6945 &pinfo) < 0)
6946 goto out;
6947
6948 path_idx++;
6949 }
6950
6951 out:
6952 cb->args[2] = path_idx;
6953 err = skb->len;
6954 out_err:
6955 rtnl_unlock();
6956 return err;
6957}
6958
6959static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
6960{
6961 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6962 struct net_device *dev = info->user_ptr[1];
6963 struct wireless_dev *wdev = dev->ieee80211_ptr;
6964 struct bss_parameters params;
6965 int err;
6966
6967 memset(&params, 0, sizeof(params));
6968 /* default to not changing parameters */
6969 params.use_cts_prot = -1;
6970 params.use_short_preamble = -1;
6971 params.use_short_slot_time = -1;
6972 params.ap_isolate = -1;
6973 params.ht_opmode = -1;
6974 params.p2p_ctwindow = -1;
6975 params.p2p_opp_ps = -1;
6976
6977 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
6978 params.use_cts_prot =
6979 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
6980 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
6981 params.use_short_preamble =
6982 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
6983 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
6984 params.use_short_slot_time =
6985 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
6986 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6987 params.basic_rates =
6988 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6989 params.basic_rates_len =
6990 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6991 }
6992 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
6993 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
6994 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
6995 params.ht_opmode =
6996 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
6997
6998 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6999 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7000 return -EINVAL;
7001 params.p2p_ctwindow =
7002 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
7003 if (params.p2p_ctwindow != 0 &&
7004 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
7005 return -EINVAL;
7006 }
7007
7008 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
7009 u8 tmp;
7010
7011 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7012 return -EINVAL;
7013 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
7014 params.p2p_opp_ps = tmp;
7015 if (params.p2p_opp_ps &&
7016 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
7017 return -EINVAL;
7018 }
7019
7020 if (!rdev->ops->change_bss)
7021 return -EOPNOTSUPP;
7022
7023 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
7024 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7025 return -EOPNOTSUPP;
7026
7027 wdev_lock(wdev);
7028 err = rdev_change_bss(rdev, dev, &params);
7029 wdev_unlock(wdev);
7030
7031 return err;
7032}
7033
7034static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
7035{
7036 char *data = NULL;
7037 bool is_indoor;
7038 enum nl80211_user_reg_hint_type user_reg_hint_type;
7039 u32 owner_nlportid;
7040
7041 /*
7042 * You should only get this when cfg80211 hasn't yet initialized
7043 * completely when built-in to the kernel right between the time
7044 * window between nl80211_init() and regulatory_init(), if that is
7045 * even possible.
7046 */
7047 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
7048 return -EINPROGRESS;
7049
7050 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
7051 user_reg_hint_type =
7052 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
7053 else
7054 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
7055
7056 switch (user_reg_hint_type) {
7057 case NL80211_USER_REG_HINT_USER:
7058 case NL80211_USER_REG_HINT_CELL_BASE:
7059 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7060 return -EINVAL;
7061
7062 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7063 return regulatory_hint_user(data, user_reg_hint_type);
7064 case NL80211_USER_REG_HINT_INDOOR:
7065 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
7066 owner_nlportid = info->snd_portid;
7067 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
7068 } else {
7069 owner_nlportid = 0;
7070 is_indoor = true;
7071 }
7072
7073 return regulatory_hint_indoor(is_indoor, owner_nlportid);
7074 default:
7075 return -EINVAL;
7076 }
7077}
7078
7079static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
7080{
7081 return reg_reload_regdb();
7082}
7083
7084static int nl80211_get_mesh_config(struct sk_buff *skb,
7085 struct genl_info *info)
7086{
7087 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7088 struct net_device *dev = info->user_ptr[1];
7089 struct wireless_dev *wdev = dev->ieee80211_ptr;
7090 struct mesh_config cur_params;
7091 int err = 0;
7092 void *hdr;
7093 struct nlattr *pinfoattr;
7094 struct sk_buff *msg;
7095
7096 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
7097 return -EOPNOTSUPP;
7098
7099 if (!rdev->ops->get_mesh_config)
7100 return -EOPNOTSUPP;
7101
7102 wdev_lock(wdev);
7103 /* If not connected, get default parameters */
7104 if (!wdev->mesh_id_len)
7105 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
7106 else
7107 err = rdev_get_mesh_config(rdev, dev, &cur_params);
7108 wdev_unlock(wdev);
7109
7110 if (err)
7111 return err;
7112
7113 /* Draw up a netlink message to send back */
7114 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7115 if (!msg)
7116 return -ENOMEM;
7117 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7118 NL80211_CMD_GET_MESH_CONFIG);
7119 if (!hdr)
7120 goto out;
7121 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
7122 if (!pinfoattr)
7123 goto nla_put_failure;
7124 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7125 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
7126 cur_params.dot11MeshRetryTimeout) ||
7127 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
7128 cur_params.dot11MeshConfirmTimeout) ||
7129 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
7130 cur_params.dot11MeshHoldingTimeout) ||
7131 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
7132 cur_params.dot11MeshMaxPeerLinks) ||
7133 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
7134 cur_params.dot11MeshMaxRetries) ||
7135 nla_put_u8(msg, NL80211_MESHCONF_TTL,
7136 cur_params.dot11MeshTTL) ||
7137 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
7138 cur_params.element_ttl) ||
7139 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
7140 cur_params.auto_open_plinks) ||
7141 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
7142 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
7143 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
7144 cur_params.dot11MeshHWMPmaxPREQretries) ||
7145 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
7146 cur_params.path_refresh_time) ||
7147 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
7148 cur_params.min_discovery_timeout) ||
7149 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
7150 cur_params.dot11MeshHWMPactivePathTimeout) ||
7151 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
7152 cur_params.dot11MeshHWMPpreqMinInterval) ||
7153 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
7154 cur_params.dot11MeshHWMPperrMinInterval) ||
7155 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
7156 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
7157 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
7158 cur_params.dot11MeshHWMPRootMode) ||
7159 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
7160 cur_params.dot11MeshHWMPRannInterval) ||
7161 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
7162 cur_params.dot11MeshGateAnnouncementProtocol) ||
7163 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
7164 cur_params.dot11MeshForwarding) ||
7165 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
7166 cur_params.rssi_threshold) ||
7167 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
7168 cur_params.ht_opmode) ||
7169 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
7170 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
7171 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
7172 cur_params.dot11MeshHWMProotInterval) ||
7173 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
7174 cur_params.dot11MeshHWMPconfirmationInterval) ||
7175 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
7176 cur_params.power_mode) ||
7177 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
7178 cur_params.dot11MeshAwakeWindowDuration) ||
7179 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
7180 cur_params.plink_timeout) ||
7181 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
7182 cur_params.dot11MeshConnectedToMeshGate) ||
7183 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
7184 cur_params.dot11MeshNolearn) ||
7185 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
7186 cur_params.dot11MeshConnectedToAuthServer))
7187 goto nla_put_failure;
7188 nla_nest_end(msg, pinfoattr);
7189 genlmsg_end(msg, hdr);
7190 return genlmsg_reply(msg, info);
7191
7192 nla_put_failure:
7193 out:
7194 nlmsg_free(msg);
7195 return -ENOBUFS;
7196}
7197
7198static const struct nla_policy
7199nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
7200 [NL80211_MESHCONF_RETRY_TIMEOUT] =
7201 NLA_POLICY_RANGE(NLA_U16, 1, 255),
7202 [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
7203 NLA_POLICY_RANGE(NLA_U16, 1, 255),
7204 [NL80211_MESHCONF_HOLDING_TIMEOUT] =
7205 NLA_POLICY_RANGE(NLA_U16, 1, 255),
7206 [NL80211_MESHCONF_MAX_PEER_LINKS] =
7207 NLA_POLICY_RANGE(NLA_U16, 0, 255),
7208 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
7209 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
7210 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
7211 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
7212 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
7213 NLA_POLICY_RANGE(NLA_U32, 1, 255),
7214 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
7215 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
7216 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
7217 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
7218 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
7219 NLA_POLICY_MIN(NLA_U16, 1),
7220 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
7221 NLA_POLICY_MIN(NLA_U16, 1),
7222 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
7223 NLA_POLICY_MIN(NLA_U16, 1),
7224 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
7225 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
7226 NLA_POLICY_MIN(NLA_U16, 1),
7227 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
7228 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
7229 [NL80211_MESHCONF_RSSI_THRESHOLD] =
7230 NLA_POLICY_RANGE(NLA_S32, -255, 0),
7231 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
7232 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
7233 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
7234 NLA_POLICY_MIN(NLA_U16, 1),
7235 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
7236 NLA_POLICY_MIN(NLA_U16, 1),
7237 [NL80211_MESHCONF_POWER_MODE] =
7238 NLA_POLICY_RANGE(NLA_U32,
7239 NL80211_MESH_POWER_ACTIVE,
7240 NL80211_MESH_POWER_MAX),
7241 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
7242 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
7243 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7244 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7245 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7246};
7247
7248static const struct nla_policy
7249 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
7250 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
7251 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
7252 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
7253 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
7254 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
7255 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
7256 [NL80211_MESH_SETUP_IE] =
7257 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
7258 IEEE80211_MAX_DATA_LEN),
7259 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
7260};
7261
7262static int nl80211_parse_mesh_config(struct genl_info *info,
7263 struct mesh_config *cfg,
7264 u32 *mask_out)
7265{
7266 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
7267 u32 mask = 0;
7268 u16 ht_opmode;
7269
7270#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
7271do { \
7272 if (tb[attr]) { \
7273 cfg->param = fn(tb[attr]); \
7274 mask |= BIT((attr) - 1); \
7275 } \
7276} while (0)
7277
7278 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
7279 return -EINVAL;
7280 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
7281 return -EINVAL;
7282
7283 /* This makes sure that there aren't more than 32 mesh config
7284 * parameters (otherwise our bitfield scheme would not work.) */
7285 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
7286
7287 /* Fill in the params struct */
7288 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
7289 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
7290 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
7291 NL80211_MESHCONF_CONFIRM_TIMEOUT,
7292 nla_get_u16);
7293 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
7294 NL80211_MESHCONF_HOLDING_TIMEOUT,
7295 nla_get_u16);
7296 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
7297 NL80211_MESHCONF_MAX_PEER_LINKS,
7298 nla_get_u16);
7299 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
7300 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
7301 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
7302 NL80211_MESHCONF_TTL, nla_get_u8);
7303 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
7304 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
7305 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
7306 NL80211_MESHCONF_AUTO_OPEN_PLINKS,
7307 nla_get_u8);
7308 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
7309 mask,
7310 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
7311 nla_get_u32);
7312 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
7313 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
7314 nla_get_u8);
7315 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
7316 NL80211_MESHCONF_PATH_REFRESH_TIME,
7317 nla_get_u32);
7318 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
7319 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
7320 return -EINVAL;
7321 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
7322 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
7323 nla_get_u16);
7324 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
7325 mask,
7326 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
7327 nla_get_u32);
7328 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
7329 (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
7330 cfg->dot11MeshHWMPactivePathTimeout > 65535))
7331 return -EINVAL;
7332 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
7333 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
7334 nla_get_u16);
7335 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
7336 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
7337 nla_get_u16);
7338 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7339 dot11MeshHWMPnetDiameterTraversalTime, mask,
7340 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
7341 nla_get_u16);
7342 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
7343 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
7344 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
7345 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
7346 nla_get_u16);
7347 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
7348 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
7349 nla_get_u8);
7350 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
7351 NL80211_MESHCONF_FORWARDING, nla_get_u8);
7352 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
7353 NL80211_MESHCONF_RSSI_THRESHOLD,
7354 nla_get_s32);
7355 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
7356 NL80211_MESHCONF_CONNECTED_TO_GATE,
7357 nla_get_u8);
7358 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
7359 NL80211_MESHCONF_CONNECTED_TO_AS,
7360 nla_get_u8);
7361 /*
7362 * Check HT operation mode based on
7363 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
7364 */
7365 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
7366 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
7367
7368 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
7369 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
7370 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
7371 return -EINVAL;
7372
7373 /* NON_HT_STA bit is reserved, but some programs set it */
7374 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
7375
7376 cfg->ht_opmode = ht_opmode;
7377 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
7378 }
7379 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7380 dot11MeshHWMPactivePathToRootTimeout, mask,
7381 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
7382 nla_get_u32);
7383 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
7384 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
7385 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
7386 return -EINVAL;
7387 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
7388 NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
7389 nla_get_u16);
7390 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
7391 mask,
7392 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
7393 nla_get_u16);
7394 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
7395 NL80211_MESHCONF_POWER_MODE, nla_get_u32);
7396 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
7397 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
7398 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
7399 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
7400 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
7401 NL80211_MESHCONF_NOLEARN, nla_get_u8);
7402 if (mask_out)
7403 *mask_out = mask;
7404
7405 return 0;
7406
7407#undef FILL_IN_MESH_PARAM_IF_SET
7408}
7409
7410static int nl80211_parse_mesh_setup(struct genl_info *info,
7411 struct mesh_setup *setup)
7412{
7413 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7414 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
7415
7416 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
7417 return -EINVAL;
7418 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
7419 return -EINVAL;
7420
7421 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
7422 setup->sync_method =
7423 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
7424 IEEE80211_SYNC_METHOD_VENDOR :
7425 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
7426
7427 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
7428 setup->path_sel_proto =
7429 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
7430 IEEE80211_PATH_PROTOCOL_VENDOR :
7431 IEEE80211_PATH_PROTOCOL_HWMP;
7432
7433 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
7434 setup->path_metric =
7435 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
7436 IEEE80211_PATH_METRIC_VENDOR :
7437 IEEE80211_PATH_METRIC_AIRTIME;
7438
7439 if (tb[NL80211_MESH_SETUP_IE]) {
7440 struct nlattr *ieattr =
7441 tb[NL80211_MESH_SETUP_IE];
7442 setup->ie = nla_data(ieattr);
7443 setup->ie_len = nla_len(ieattr);
7444 }
7445 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
7446 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
7447 return -EINVAL;
7448 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
7449 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
7450 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
7451 if (setup->is_secure)
7452 setup->user_mpm = true;
7453
7454 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
7455 if (!setup->user_mpm)
7456 return -EINVAL;
7457 setup->auth_id =
7458 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
7459 }
7460
7461 return 0;
7462}
7463
7464static int nl80211_update_mesh_config(struct sk_buff *skb,
7465 struct genl_info *info)
7466{
7467 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7468 struct net_device *dev = info->user_ptr[1];
7469 struct wireless_dev *wdev = dev->ieee80211_ptr;
7470 struct mesh_config cfg;
7471 u32 mask;
7472 int err;
7473
7474 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
7475 return -EOPNOTSUPP;
7476
7477 if (!rdev->ops->update_mesh_config)
7478 return -EOPNOTSUPP;
7479
7480 err = nl80211_parse_mesh_config(info, &cfg, &mask);
7481 if (err)
7482 return err;
7483
7484 wdev_lock(wdev);
7485 if (!wdev->mesh_id_len)
7486 err = -ENOLINK;
7487
7488 if (!err)
7489 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
7490
7491 wdev_unlock(wdev);
7492
7493 return err;
7494}
7495
7496static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
7497 struct sk_buff *msg)
7498{
7499 struct nlattr *nl_reg_rules;
7500 unsigned int i;
7501
7502 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
7503 (regdom->dfs_region &&
7504 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
7505 goto nla_put_failure;
7506
7507 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
7508 if (!nl_reg_rules)
7509 goto nla_put_failure;
7510
7511 for (i = 0; i < regdom->n_reg_rules; i++) {
7512 struct nlattr *nl_reg_rule;
7513 const struct ieee80211_reg_rule *reg_rule;
7514 const struct ieee80211_freq_range *freq_range;
7515 const struct ieee80211_power_rule *power_rule;
7516 unsigned int max_bandwidth_khz;
7517
7518 reg_rule = &regdom->reg_rules[i];
7519 freq_range = &reg_rule->freq_range;
7520 power_rule = &reg_rule->power_rule;
7521
7522 nl_reg_rule = nla_nest_start_noflag(msg, i);
7523 if (!nl_reg_rule)
7524 goto nla_put_failure;
7525
7526 max_bandwidth_khz = freq_range->max_bandwidth_khz;
7527 if (!max_bandwidth_khz)
7528 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
7529 reg_rule);
7530
7531 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
7532 reg_rule->flags) ||
7533 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
7534 freq_range->start_freq_khz) ||
7535 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
7536 freq_range->end_freq_khz) ||
7537 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
7538 max_bandwidth_khz) ||
7539 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
7540 power_rule->max_antenna_gain) ||
7541 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
7542 power_rule->max_eirp) ||
7543 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
7544 reg_rule->dfs_cac_ms))
7545 goto nla_put_failure;
7546
7547 nla_nest_end(msg, nl_reg_rule);
7548 }
7549
7550 nla_nest_end(msg, nl_reg_rules);
7551 return 0;
7552
7553nla_put_failure:
7554 return -EMSGSIZE;
7555}
7556
7557static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
7558{
7559 const struct ieee80211_regdomain *regdom = NULL;
7560 struct cfg80211_registered_device *rdev;
7561 struct wiphy *wiphy = NULL;
7562 struct sk_buff *msg;
7563 void *hdr;
7564
7565 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7566 if (!msg)
7567 return -ENOBUFS;
7568
7569 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7570 NL80211_CMD_GET_REG);
7571 if (!hdr)
7572 goto put_failure;
7573
7574 if (info->attrs[NL80211_ATTR_WIPHY]) {
7575 bool self_managed;
7576
7577 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
7578 if (IS_ERR(rdev)) {
7579 nlmsg_free(msg);
7580 return PTR_ERR(rdev);
7581 }
7582
7583 wiphy = &rdev->wiphy;
7584 self_managed = wiphy->regulatory_flags &
7585 REGULATORY_WIPHY_SELF_MANAGED;
7586 regdom = get_wiphy_regdom(wiphy);
7587
7588 /* a self-managed-reg device must have a private regdom */
7589 if (WARN_ON(!regdom && self_managed)) {
7590 nlmsg_free(msg);
7591 return -EINVAL;
7592 }
7593
7594 if (regdom &&
7595 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7596 goto nla_put_failure;
7597 }
7598
7599 if (!wiphy && reg_last_request_cell_base() &&
7600 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7601 NL80211_USER_REG_HINT_CELL_BASE))
7602 goto nla_put_failure;
7603
7604 rcu_read_lock();
7605
7606 if (!regdom)
7607 regdom = rcu_dereference(cfg80211_regdomain);
7608
7609 if (nl80211_put_regdom(regdom, msg))
7610 goto nla_put_failure_rcu;
7611
7612 rcu_read_unlock();
7613
7614 genlmsg_end(msg, hdr);
7615 return genlmsg_reply(msg, info);
7616
7617nla_put_failure_rcu:
7618 rcu_read_unlock();
7619nla_put_failure:
7620put_failure:
7621 nlmsg_free(msg);
7622 return -EMSGSIZE;
7623}
7624
7625static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
7626 u32 seq, int flags, struct wiphy *wiphy,
7627 const struct ieee80211_regdomain *regdom)
7628{
7629 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7630 NL80211_CMD_GET_REG);
7631
7632 if (!hdr)
7633 return -1;
7634
7635 genl_dump_check_consistent(cb, hdr);
7636
7637 if (nl80211_put_regdom(regdom, msg))
7638 goto nla_put_failure;
7639
7640 if (!wiphy && reg_last_request_cell_base() &&
7641 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7642 NL80211_USER_REG_HINT_CELL_BASE))
7643 goto nla_put_failure;
7644
7645 if (wiphy &&
7646 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7647 goto nla_put_failure;
7648
7649 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
7650 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
7651 goto nla_put_failure;
7652
7653 genlmsg_end(msg, hdr);
7654 return 0;
7655
7656nla_put_failure:
7657 genlmsg_cancel(msg, hdr);
7658 return -EMSGSIZE;
7659}
7660
7661static int nl80211_get_reg_dump(struct sk_buff *skb,
7662 struct netlink_callback *cb)
7663{
7664 const struct ieee80211_regdomain *regdom = NULL;
7665 struct cfg80211_registered_device *rdev;
7666 int err, reg_idx, start = cb->args[2];
7667
7668 rtnl_lock();
7669
7670 if (cfg80211_regdomain && start == 0) {
7671 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7672 NLM_F_MULTI, NULL,
7673 rtnl_dereference(cfg80211_regdomain));
7674 if (err < 0)
7675 goto out_err;
7676 }
7677
7678 /* the global regdom is idx 0 */
7679 reg_idx = 1;
7680 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
7681 regdom = get_wiphy_regdom(&rdev->wiphy);
7682 if (!regdom)
7683 continue;
7684
7685 if (++reg_idx <= start)
7686 continue;
7687
7688 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7689 NLM_F_MULTI, &rdev->wiphy, regdom);
7690 if (err < 0) {
7691 reg_idx--;
7692 break;
7693 }
7694 }
7695
7696 cb->args[2] = reg_idx;
7697 err = skb->len;
7698out_err:
7699 rtnl_unlock();
7700 return err;
7701}
7702
7703#ifdef CONFIG_CFG80211_CRDA_SUPPORT
7704static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
7705 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
7706 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
7707 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
7708 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
7709 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
7710 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
7711 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
7712};
7713
7714static int parse_reg_rule(struct nlattr *tb[],
7715 struct ieee80211_reg_rule *reg_rule)
7716{
7717 struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
7718 struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
7719
7720 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
7721 return -EINVAL;
7722 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
7723 return -EINVAL;
7724 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
7725 return -EINVAL;
7726 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
7727 return -EINVAL;
7728 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
7729 return -EINVAL;
7730
7731 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
7732
7733 freq_range->start_freq_khz =
7734 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
7735 freq_range->end_freq_khz =
7736 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7737 freq_range->max_bandwidth_khz =
7738 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7739
7740 power_rule->max_eirp =
7741 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7742
7743 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7744 power_rule->max_antenna_gain =
7745 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7746
7747 if (tb[NL80211_ATTR_DFS_CAC_TIME])
7748 reg_rule->dfs_cac_ms =
7749 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7750
7751 return 0;
7752}
7753
7754static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7755{
7756 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7757 struct nlattr *nl_reg_rule;
7758 char *alpha2;
7759 int rem_reg_rules, r;
7760 u32 num_rules = 0, rule_idx = 0;
7761 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7762 struct ieee80211_regdomain *rd;
7763
7764 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7765 return -EINVAL;
7766
7767 if (!info->attrs[NL80211_ATTR_REG_RULES])
7768 return -EINVAL;
7769
7770 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7771
7772 if (info->attrs[NL80211_ATTR_DFS_REGION])
7773 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7774
7775 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7776 rem_reg_rules) {
7777 num_rules++;
7778 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7779 return -EINVAL;
7780 }
7781
7782 if (!reg_is_valid_request(alpha2))
7783 return -EINVAL;
7784
7785 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7786 if (!rd)
7787 return -ENOMEM;
7788
7789 rd->n_reg_rules = num_rules;
7790 rd->alpha2[0] = alpha2[0];
7791 rd->alpha2[1] = alpha2[1];
7792
7793 /*
7794 * Disable DFS master mode if the DFS region was
7795 * not supported or known on this kernel.
7796 */
7797 if (reg_supported_dfs_region(dfs_region))
7798 rd->dfs_region = dfs_region;
7799
7800 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7801 rem_reg_rules) {
7802 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7803 nl_reg_rule, reg_rule_policy,
7804 info->extack);
7805 if (r)
7806 goto bad_reg;
7807 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
7808 if (r)
7809 goto bad_reg;
7810
7811 rule_idx++;
7812
7813 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
7814 r = -EINVAL;
7815 goto bad_reg;
7816 }
7817 }
7818
7819 /* set_regdom takes ownership of rd */
7820 return set_regdom(rd, REGD_SOURCE_CRDA);
7821 bad_reg:
7822 kfree(rd);
7823 return r;
7824}
7825#endif /* CONFIG_CFG80211_CRDA_SUPPORT */
7826
7827static int validate_scan_freqs(struct nlattr *freqs)
7828{
7829 struct nlattr *attr1, *attr2;
7830 int n_channels = 0, tmp1, tmp2;
7831
7832 nla_for_each_nested(attr1, freqs, tmp1)
7833 if (nla_len(attr1) != sizeof(u32))
7834 return 0;
7835
7836 nla_for_each_nested(attr1, freqs, tmp1) {
7837 n_channels++;
7838 /*
7839 * Some hardware has a limited channel list for
7840 * scanning, and it is pretty much nonsensical
7841 * to scan for a channel twice, so disallow that
7842 * and don't require drivers to check that the
7843 * channel list they get isn't longer than what
7844 * they can scan, as long as they can scan all
7845 * the channels they registered at once.
7846 */
7847 nla_for_each_nested(attr2, freqs, tmp2)
7848 if (attr1 != attr2 &&
7849 nla_get_u32(attr1) == nla_get_u32(attr2))
7850 return 0;
7851 }
7852
7853 return n_channels;
7854}
7855
7856static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
7857{
7858 return b < NUM_NL80211_BANDS && wiphy->bands[b];
7859}
7860
7861static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
7862 struct cfg80211_bss_selection *bss_select)
7863{
7864 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
7865 struct nlattr *nest;
7866 int err;
7867 bool found = false;
7868 int i;
7869
7870 /* only process one nested attribute */
7871 nest = nla_data(nla);
7872 if (!nla_ok(nest, nla_len(nest)))
7873 return -EINVAL;
7874
7875 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
7876 nest, nl80211_bss_select_policy,
7877 NULL);
7878 if (err)
7879 return err;
7880
7881 /* only one attribute may be given */
7882 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
7883 if (attr[i]) {
7884 if (found)
7885 return -EINVAL;
7886 found = true;
7887 }
7888 }
7889
7890 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
7891
7892 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
7893 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
7894
7895 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
7896 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
7897 bss_select->param.band_pref =
7898 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
7899 if (!is_band_valid(wiphy, bss_select->param.band_pref))
7900 return -EINVAL;
7901 }
7902
7903 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
7904 struct nl80211_bss_select_rssi_adjust *adj_param;
7905
7906 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
7907 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
7908 bss_select->param.adjust.band = adj_param->band;
7909 bss_select->param.adjust.delta = adj_param->delta;
7910 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
7911 return -EINVAL;
7912 }
7913
7914 /* user-space did not provide behaviour attribute */
7915 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
7916 return -EINVAL;
7917
7918 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
7919 return -EINVAL;
7920
7921 return 0;
7922}
7923
7924int nl80211_parse_random_mac(struct nlattr **attrs,
7925 u8 *mac_addr, u8 *mac_addr_mask)
7926{
7927 int i;
7928
7929 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
7930 eth_zero_addr(mac_addr);
7931 eth_zero_addr(mac_addr_mask);
7932 mac_addr[0] = 0x2;
7933 mac_addr_mask[0] = 0x3;
7934
7935 return 0;
7936 }
7937
7938 /* need both or none */
7939 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
7940 return -EINVAL;
7941
7942 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
7943 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
7944
7945 /* don't allow or configure an mcast address */
7946 if (!is_multicast_ether_addr(mac_addr_mask) ||
7947 is_multicast_ether_addr(mac_addr))
7948 return -EINVAL;
7949
7950 /*
7951 * allow users to pass a MAC address that has bits set outside
7952 * of the mask, but don't bother drivers with having to deal
7953 * with such bits
7954 */
7955 for (i = 0; i < ETH_ALEN; i++)
7956 mac_addr[i] &= mac_addr_mask[i];
7957
7958 return 0;
7959}
7960
7961static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
7962{
7963 ASSERT_WDEV_LOCK(wdev);
7964
7965 if (!cfg80211_beaconing_iface_active(wdev))
7966 return true;
7967
7968 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
7969 return true;
7970
7971 return regulatory_pre_cac_allowed(wdev->wiphy);
7972}
7973
7974static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
7975 enum nl80211_ext_feature_index feat)
7976{
7977 if (!(flags & flag))
7978 return true;
7979 if (wiphy_ext_feature_isset(wiphy, feat))
7980 return true;
7981 return false;
7982}
7983
7984static int
7985nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
7986 void *request, struct nlattr **attrs,
7987 bool is_sched_scan)
7988{
7989 u8 *mac_addr, *mac_addr_mask;
7990 u32 *flags;
7991 enum nl80211_feature_flags randomness_flag;
7992
7993 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
7994 return 0;
7995
7996 if (is_sched_scan) {
7997 struct cfg80211_sched_scan_request *req = request;
7998
7999 randomness_flag = wdev ?
8000 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
8001 NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
8002 flags = &req->flags;
8003 mac_addr = req->mac_addr;
8004 mac_addr_mask = req->mac_addr_mask;
8005 } else {
8006 struct cfg80211_scan_request *req = request;
8007
8008 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
8009 flags = &req->flags;
8010 mac_addr = req->mac_addr;
8011 mac_addr_mask = req->mac_addr_mask;
8012 }
8013
8014 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
8015
8016 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
8017 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
8018 !nl80211_check_scan_feat(wiphy, *flags,
8019 NL80211_SCAN_FLAG_LOW_SPAN,
8020 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
8021 !nl80211_check_scan_feat(wiphy, *flags,
8022 NL80211_SCAN_FLAG_LOW_POWER,
8023 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
8024 !nl80211_check_scan_feat(wiphy, *flags,
8025 NL80211_SCAN_FLAG_HIGH_ACCURACY,
8026 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
8027 !nl80211_check_scan_feat(wiphy, *flags,
8028 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
8029 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
8030 !nl80211_check_scan_feat(wiphy, *flags,
8031 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
8032 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
8033 !nl80211_check_scan_feat(wiphy, *flags,
8034 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
8035 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
8036 !nl80211_check_scan_feat(wiphy, *flags,
8037 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
8038 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
8039 !nl80211_check_scan_feat(wiphy, *flags,
8040 NL80211_SCAN_FLAG_RANDOM_SN,
8041 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
8042 !nl80211_check_scan_feat(wiphy, *flags,
8043 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
8044 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
8045 return -EOPNOTSUPP;
8046
8047 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
8048 int err;
8049
8050 if (!(wiphy->features & randomness_flag) ||
8051 (wdev && wdev->current_bss))
8052 return -EOPNOTSUPP;
8053
8054 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
8055 if (err)
8056 return err;
8057 }
8058
8059 return 0;
8060}
8061
8062static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
8063{
8064 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8065 struct wireless_dev *wdev = info->user_ptr[1];
8066 struct cfg80211_scan_request *request;
8067 struct nlattr *scan_freqs = NULL;
8068 bool scan_freqs_khz = false;
8069 struct nlattr *attr;
8070 struct wiphy *wiphy;
8071 int err, tmp, n_ssids = 0, n_channels, i;
8072 size_t ie_len;
8073
8074 wiphy = &rdev->wiphy;
8075
8076 if (wdev->iftype == NL80211_IFTYPE_NAN)
8077 return -EOPNOTSUPP;
8078
8079 if (!rdev->ops->scan)
8080 return -EOPNOTSUPP;
8081
8082 if (rdev->scan_req || rdev->scan_msg)
8083 return -EBUSY;
8084
8085 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
8086 if (!wiphy_ext_feature_isset(wiphy,
8087 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
8088 return -EOPNOTSUPP;
8089 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
8090 scan_freqs_khz = true;
8091 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
8092 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
8093
8094 if (scan_freqs) {
8095 n_channels = validate_scan_freqs(scan_freqs);
8096 if (!n_channels)
8097 return -EINVAL;
8098 } else {
8099 n_channels = ieee80211_get_num_supported_channels(wiphy);
8100 }
8101
8102 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
8103 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
8104 n_ssids++;
8105
8106 if (n_ssids > wiphy->max_scan_ssids)
8107 return -EINVAL;
8108
8109 if (info->attrs[NL80211_ATTR_IE])
8110 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8111 else
8112 ie_len = 0;
8113
8114 if (ie_len > wiphy->max_scan_ie_len)
8115 return -EINVAL;
8116
8117 request = kzalloc(sizeof(*request)
8118 + sizeof(*request->ssids) * n_ssids
8119 + sizeof(*request->channels) * n_channels
8120 + ie_len, GFP_KERNEL);
8121 if (!request)
8122 return -ENOMEM;
8123
8124 if (n_ssids)
8125 request->ssids = (void *)&request->channels[n_channels];
8126 request->n_ssids = n_ssids;
8127 if (ie_len) {
8128 if (n_ssids)
8129 request->ie = (void *)(request->ssids + n_ssids);
8130 else
8131 request->ie = (void *)(request->channels + n_channels);
8132 }
8133
8134 i = 0;
8135 if (scan_freqs) {
8136 /* user specified, bail out if channel not found */
8137 nla_for_each_nested(attr, scan_freqs, tmp) {
8138 struct ieee80211_channel *chan;
8139 int freq = nla_get_u32(attr);
8140
8141 if (!scan_freqs_khz)
8142 freq = MHZ_TO_KHZ(freq);
8143
8144 chan = ieee80211_get_channel_khz(wiphy, freq);
8145 if (!chan) {
8146 err = -EINVAL;
8147 goto out_free;
8148 }
8149
8150 /* ignore disabled channels */
8151 if (chan->flags & IEEE80211_CHAN_DISABLED)
8152 continue;
8153
8154 request->channels[i] = chan;
8155 i++;
8156 }
8157 } else {
8158 enum nl80211_band band;
8159
8160 /* all channels */
8161 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8162 int j;
8163
8164 if (!wiphy->bands[band])
8165 continue;
8166 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8167 struct ieee80211_channel *chan;
8168
8169 chan = &wiphy->bands[band]->channels[j];
8170
8171 if (chan->flags & IEEE80211_CHAN_DISABLED)
8172 continue;
8173
8174 request->channels[i] = chan;
8175 i++;
8176 }
8177 }
8178 }
8179
8180 if (!i) {
8181 err = -EINVAL;
8182 goto out_free;
8183 }
8184
8185 request->n_channels = i;
8186
8187 wdev_lock(wdev);
8188 if (!cfg80211_off_channel_oper_allowed(wdev)) {
8189 struct ieee80211_channel *chan;
8190
8191 if (request->n_channels != 1) {
8192 wdev_unlock(wdev);
8193 err = -EBUSY;
8194 goto out_free;
8195 }
8196
8197 chan = request->channels[0];
8198 if (chan->center_freq != wdev->chandef.chan->center_freq) {
8199 wdev_unlock(wdev);
8200 err = -EBUSY;
8201 goto out_free;
8202 }
8203 }
8204 wdev_unlock(wdev);
8205
8206 i = 0;
8207 if (n_ssids) {
8208 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
8209 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8210 err = -EINVAL;
8211 goto out_free;
8212 }
8213 request->ssids[i].ssid_len = nla_len(attr);
8214 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
8215 i++;
8216 }
8217 }
8218
8219 if (info->attrs[NL80211_ATTR_IE]) {
8220 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8221 memcpy((void *)request->ie,
8222 nla_data(info->attrs[NL80211_ATTR_IE]),
8223 request->ie_len);
8224 }
8225
8226 for (i = 0; i < NUM_NL80211_BANDS; i++)
8227 if (wiphy->bands[i])
8228 request->rates[i] =
8229 (1 << wiphy->bands[i]->n_bitrates) - 1;
8230
8231 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
8232 nla_for_each_nested(attr,
8233 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
8234 tmp) {
8235 enum nl80211_band band = nla_type(attr);
8236
8237 if (band < 0 || band >= NUM_NL80211_BANDS) {
8238 err = -EINVAL;
8239 goto out_free;
8240 }
8241
8242 if (!wiphy->bands[band])
8243 continue;
8244
8245 err = ieee80211_get_ratemask(wiphy->bands[band],
8246 nla_data(attr),
8247 nla_len(attr),
8248 &request->rates[band]);
8249 if (err)
8250 goto out_free;
8251 }
8252 }
8253
8254 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
8255 if (!wiphy_ext_feature_isset(wiphy,
8256 NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
8257 err = -EOPNOTSUPP;
8258 goto out_free;
8259 }
8260
8261 request->duration =
8262 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
8263 request->duration_mandatory =
8264 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
8265 }
8266
8267 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
8268 false);
8269 if (err)
8270 goto out_free;
8271
8272 request->no_cck =
8273 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
8274
8275 /* Initial implementation used NL80211_ATTR_MAC to set the specific
8276 * BSSID to scan for. This was problematic because that same attribute
8277 * was already used for another purpose (local random MAC address). The
8278 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
8279 * compatibility with older userspace components, also use the
8280 * NL80211_ATTR_MAC value here if it can be determined to be used for
8281 * the specific BSSID use case instead of the random MAC address
8282 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
8283 */
8284 if (info->attrs[NL80211_ATTR_BSSID])
8285 memcpy(request->bssid,
8286 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
8287 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
8288 info->attrs[NL80211_ATTR_MAC])
8289 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
8290 ETH_ALEN);
8291 else
8292 eth_broadcast_addr(request->bssid);
8293
8294 request->wdev = wdev;
8295 request->wiphy = &rdev->wiphy;
8296 request->scan_start = jiffies;
8297
8298 rdev->scan_req = request;
8299 err = cfg80211_scan(rdev);
8300
8301 if (err)
8302 goto out_free;
8303
8304 nl80211_send_scan_start(rdev, wdev);
8305 if (wdev->netdev)
8306 dev_hold(wdev->netdev);
8307
8308 return 0;
8309
8310 out_free:
8311 rdev->scan_req = NULL;
8312 kfree(request);
8313
8314 return err;
8315}
8316
8317static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
8318{
8319 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8320 struct wireless_dev *wdev = info->user_ptr[1];
8321
8322 if (!rdev->ops->abort_scan)
8323 return -EOPNOTSUPP;
8324
8325 if (rdev->scan_msg)
8326 return 0;
8327
8328 if (!rdev->scan_req)
8329 return -ENOENT;
8330
8331 rdev_abort_scan(rdev, wdev);
8332 return 0;
8333}
8334
8335static int
8336nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
8337 struct cfg80211_sched_scan_request *request,
8338 struct nlattr **attrs)
8339{
8340 int tmp, err, i = 0;
8341 struct nlattr *attr;
8342
8343 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8344 u32 interval;
8345
8346 /*
8347 * If scan plans are not specified,
8348 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
8349 * case one scan plan will be set with the specified scan
8350 * interval and infinite number of iterations.
8351 */
8352 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
8353 if (!interval)
8354 return -EINVAL;
8355
8356 request->scan_plans[0].interval =
8357 DIV_ROUND_UP(interval, MSEC_PER_SEC);
8358 if (!request->scan_plans[0].interval)
8359 return -EINVAL;
8360
8361 if (request->scan_plans[0].interval >
8362 wiphy->max_sched_scan_plan_interval)
8363 request->scan_plans[0].interval =
8364 wiphy->max_sched_scan_plan_interval;
8365
8366 return 0;
8367 }
8368
8369 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
8370 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
8371
8372 if (WARN_ON(i >= n_plans))
8373 return -EINVAL;
8374
8375 err = nla_parse_nested_deprecated(plan,
8376 NL80211_SCHED_SCAN_PLAN_MAX,
8377 attr, nl80211_plan_policy,
8378 NULL);
8379 if (err)
8380 return err;
8381
8382 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
8383 return -EINVAL;
8384
8385 request->scan_plans[i].interval =
8386 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
8387 if (!request->scan_plans[i].interval ||
8388 request->scan_plans[i].interval >
8389 wiphy->max_sched_scan_plan_interval)
8390 return -EINVAL;
8391
8392 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
8393 request->scan_plans[i].iterations =
8394 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
8395 if (!request->scan_plans[i].iterations ||
8396 (request->scan_plans[i].iterations >
8397 wiphy->max_sched_scan_plan_iterations))
8398 return -EINVAL;
8399 } else if (i < n_plans - 1) {
8400 /*
8401 * All scan plans but the last one must specify
8402 * a finite number of iterations
8403 */
8404 return -EINVAL;
8405 }
8406
8407 i++;
8408 }
8409
8410 /*
8411 * The last scan plan must not specify the number of
8412 * iterations, it is supposed to run infinitely
8413 */
8414 if (request->scan_plans[n_plans - 1].iterations)
8415 return -EINVAL;
8416
8417 return 0;
8418}
8419
8420static int
8421nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
8422 struct cfg80211_match_set *match_sets,
8423 struct nlattr *tb_band_rssi,
8424 s32 rssi_thold)
8425{
8426 struct nlattr *attr;
8427 int i, tmp, ret = 0;
8428
8429 if (!wiphy_ext_feature_isset(wiphy,
8430 NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
8431 if (tb_band_rssi)
8432 ret = -EOPNOTSUPP;
8433 else
8434 for (i = 0; i < NUM_NL80211_BANDS; i++)
8435 match_sets->per_band_rssi_thold[i] =
8436 NL80211_SCAN_RSSI_THOLD_OFF;
8437 return ret;
8438 }
8439
8440 for (i = 0; i < NUM_NL80211_BANDS; i++)
8441 match_sets->per_band_rssi_thold[i] = rssi_thold;
8442
8443 nla_for_each_nested(attr, tb_band_rssi, tmp) {
8444 enum nl80211_band band = nla_type(attr);
8445
8446 if (band < 0 || band >= NUM_NL80211_BANDS)
8447 return -EINVAL;
8448
8449 match_sets->per_band_rssi_thold[band] = nla_get_s32(attr);
8450 }
8451
8452 return 0;
8453}
8454
8455static struct cfg80211_sched_scan_request *
8456nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
8457 struct nlattr **attrs, int max_match_sets)
8458{
8459 struct cfg80211_sched_scan_request *request;
8460 struct nlattr *attr;
8461 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
8462 enum nl80211_band band;
8463 size_t ie_len;
8464 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
8465 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
8466
8467 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8468 n_channels = validate_scan_freqs(
8469 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
8470 if (!n_channels)
8471 return ERR_PTR(-EINVAL);
8472 } else {
8473 n_channels = ieee80211_get_num_supported_channels(wiphy);
8474 }
8475
8476 if (attrs[NL80211_ATTR_SCAN_SSIDS])
8477 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8478 tmp)
8479 n_ssids++;
8480
8481 if (n_ssids > wiphy->max_sched_scan_ssids)
8482 return ERR_PTR(-EINVAL);
8483
8484 /*
8485 * First, count the number of 'real' matchsets. Due to an issue with
8486 * the old implementation, matchsets containing only the RSSI attribute
8487 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
8488 * RSSI for all matchsets, rather than their own matchset for reporting
8489 * all APs with a strong RSSI. This is needed to be compatible with
8490 * older userspace that treated a matchset with only the RSSI as the
8491 * global RSSI for all other matchsets - if there are other matchsets.
8492 */
8493 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8494 nla_for_each_nested(attr,
8495 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8496 tmp) {
8497 struct nlattr *rssi;
8498
8499 err = nla_parse_nested_deprecated(tb,
8500 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8501 attr,
8502 nl80211_match_policy,
8503 NULL);
8504 if (err)
8505 return ERR_PTR(err);
8506
8507 /* SSID and BSSID are mutually exclusive */
8508 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
8509 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
8510 return ERR_PTR(-EINVAL);
8511
8512 /* add other standalone attributes here */
8513 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
8514 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
8515 n_match_sets++;
8516 continue;
8517 }
8518 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8519 if (rssi)
8520 default_match_rssi = nla_get_s32(rssi);
8521 }
8522 }
8523
8524 /* However, if there's no other matchset, add the RSSI one */
8525 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
8526 n_match_sets = 1;
8527
8528 if (n_match_sets > max_match_sets)
8529 return ERR_PTR(-EINVAL);
8530
8531 if (attrs[NL80211_ATTR_IE])
8532 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
8533 else
8534 ie_len = 0;
8535
8536 if (ie_len > wiphy->max_sched_scan_ie_len)
8537 return ERR_PTR(-EINVAL);
8538
8539 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8540 /*
8541 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
8542 * each scan plan already specifies its own interval
8543 */
8544 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8545 return ERR_PTR(-EINVAL);
8546
8547 nla_for_each_nested(attr,
8548 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
8549 n_plans++;
8550 } else {
8551 /*
8552 * The scan interval attribute is kept for backward
8553 * compatibility. If no scan plans are specified and sched scan
8554 * interval is specified, one scan plan will be set with this
8555 * scan interval and infinite number of iterations.
8556 */
8557 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8558 return ERR_PTR(-EINVAL);
8559
8560 n_plans = 1;
8561 }
8562
8563 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
8564 return ERR_PTR(-EINVAL);
8565
8566 if (!wiphy_ext_feature_isset(
8567 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
8568 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
8569 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
8570 return ERR_PTR(-EINVAL);
8571
8572 request = kzalloc(sizeof(*request)
8573 + sizeof(*request->ssids) * n_ssids
8574 + sizeof(*request->match_sets) * n_match_sets
8575 + sizeof(*request->scan_plans) * n_plans
8576 + sizeof(*request->channels) * n_channels
8577 + ie_len, GFP_KERNEL);
8578 if (!request)
8579 return ERR_PTR(-ENOMEM);
8580
8581 if (n_ssids)
8582 request->ssids = (void *)&request->channels[n_channels];
8583 request->n_ssids = n_ssids;
8584 if (ie_len) {
8585 if (n_ssids)
8586 request->ie = (void *)(request->ssids + n_ssids);
8587 else
8588 request->ie = (void *)(request->channels + n_channels);
8589 }
8590
8591 if (n_match_sets) {
8592 if (request->ie)
8593 request->match_sets = (void *)(request->ie + ie_len);
8594 else if (n_ssids)
8595 request->match_sets =
8596 (void *)(request->ssids + n_ssids);
8597 else
8598 request->match_sets =
8599 (void *)(request->channels + n_channels);
8600 }
8601 request->n_match_sets = n_match_sets;
8602
8603 if (n_match_sets)
8604 request->scan_plans = (void *)(request->match_sets +
8605 n_match_sets);
8606 else if (request->ie)
8607 request->scan_plans = (void *)(request->ie + ie_len);
8608 else if (n_ssids)
8609 request->scan_plans = (void *)(request->ssids + n_ssids);
8610 else
8611 request->scan_plans = (void *)(request->channels + n_channels);
8612
8613 request->n_scan_plans = n_plans;
8614
8615 i = 0;
8616 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8617 /* user specified, bail out if channel not found */
8618 nla_for_each_nested(attr,
8619 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
8620 tmp) {
8621 struct ieee80211_channel *chan;
8622
8623 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
8624
8625 if (!chan) {
8626 err = -EINVAL;
8627 goto out_free;
8628 }
8629
8630 /* ignore disabled channels */
8631 if (chan->flags & IEEE80211_CHAN_DISABLED)
8632 continue;
8633
8634 request->channels[i] = chan;
8635 i++;
8636 }
8637 } else {
8638 /* all channels */
8639 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8640 int j;
8641
8642 if (!wiphy->bands[band])
8643 continue;
8644 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8645 struct ieee80211_channel *chan;
8646
8647 chan = &wiphy->bands[band]->channels[j];
8648
8649 if (chan->flags & IEEE80211_CHAN_DISABLED)
8650 continue;
8651
8652 request->channels[i] = chan;
8653 i++;
8654 }
8655 }
8656 }
8657
8658 if (!i) {
8659 err = -EINVAL;
8660 goto out_free;
8661 }
8662
8663 request->n_channels = i;
8664
8665 i = 0;
8666 if (n_ssids) {
8667 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8668 tmp) {
8669 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8670 err = -EINVAL;
8671 goto out_free;
8672 }
8673 request->ssids[i].ssid_len = nla_len(attr);
8674 memcpy(request->ssids[i].ssid, nla_data(attr),
8675 nla_len(attr));
8676 i++;
8677 }
8678 }
8679
8680 i = 0;
8681 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8682 nla_for_each_nested(attr,
8683 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8684 tmp) {
8685 struct nlattr *ssid, *bssid, *rssi;
8686
8687 err = nla_parse_nested_deprecated(tb,
8688 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8689 attr,
8690 nl80211_match_policy,
8691 NULL);
8692 if (err)
8693 goto out_free;
8694 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
8695 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
8696
8697 if (!ssid && !bssid) {
8698 i++;
8699 continue;
8700 }
8701
8702 if (WARN_ON(i >= n_match_sets)) {
8703 /* this indicates a programming error,
8704 * the loop above should have verified
8705 * things properly
8706 */
8707 err = -EINVAL;
8708 goto out_free;
8709 }
8710
8711 if (ssid) {
8712 memcpy(request->match_sets[i].ssid.ssid,
8713 nla_data(ssid), nla_len(ssid));
8714 request->match_sets[i].ssid.ssid_len =
8715 nla_len(ssid);
8716 }
8717 if (bssid)
8718 memcpy(request->match_sets[i].bssid,
8719 nla_data(bssid), ETH_ALEN);
8720
8721 /* special attribute - old implementation w/a */
8722 request->match_sets[i].rssi_thold = default_match_rssi;
8723 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8724 if (rssi)
8725 request->match_sets[i].rssi_thold =
8726 nla_get_s32(rssi);
8727
8728 /* Parse per band RSSI attribute */
8729 err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
8730 &request->match_sets[i],
8731 tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
8732 request->match_sets[i].rssi_thold);
8733 if (err)
8734 goto out_free;
8735
8736 i++;
8737 }
8738
8739 /* there was no other matchset, so the RSSI one is alone */
8740 if (i == 0 && n_match_sets)
8741 request->match_sets[0].rssi_thold = default_match_rssi;
8742
8743 request->min_rssi_thold = INT_MAX;
8744 for (i = 0; i < n_match_sets; i++)
8745 request->min_rssi_thold =
8746 min(request->match_sets[i].rssi_thold,
8747 request->min_rssi_thold);
8748 } else {
8749 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8750 }
8751
8752 if (ie_len) {
8753 request->ie_len = ie_len;
8754 memcpy((void *)request->ie,
8755 nla_data(attrs[NL80211_ATTR_IE]),
8756 request->ie_len);
8757 }
8758
8759 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8760 if (err)
8761 goto out_free;
8762
8763 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8764 request->delay =
8765 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8766
8767 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8768 request->relative_rssi = nla_get_s8(
8769 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8770 request->relative_rssi_set = true;
8771 }
8772
8773 if (request->relative_rssi_set &&
8774 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8775 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8776
8777 rssi_adjust = nla_data(
8778 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8779 request->rssi_adjust.band = rssi_adjust->band;
8780 request->rssi_adjust.delta = rssi_adjust->delta;
8781 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8782 err = -EINVAL;
8783 goto out_free;
8784 }
8785 }
8786
8787 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8788 if (err)
8789 goto out_free;
8790
8791 request->scan_start = jiffies;
8792
8793 return request;
8794
8795out_free:
8796 kfree(request);
8797 return ERR_PTR(err);
8798}
8799
8800static int nl80211_start_sched_scan(struct sk_buff *skb,
8801 struct genl_info *info)
8802{
8803 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8804 struct net_device *dev = info->user_ptr[1];
8805 struct wireless_dev *wdev = dev->ieee80211_ptr;
8806 struct cfg80211_sched_scan_request *sched_scan_req;
8807 bool want_multi;
8808 int err;
8809
8810 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8811 return -EOPNOTSUPP;
8812
8813 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
8814 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
8815 if (err)
8816 return err;
8817
8818 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
8819 info->attrs,
8820 rdev->wiphy.max_match_sets);
8821
8822 err = PTR_ERR_OR_ZERO(sched_scan_req);
8823 if (err)
8824 goto out_err;
8825
8826 /* leave request id zero for legacy request
8827 * or if driver does not support multi-scheduled scan
8828 */
8829 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
8830 sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
8831
8832 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
8833 if (err)
8834 goto out_free;
8835
8836 sched_scan_req->dev = dev;
8837 sched_scan_req->wiphy = &rdev->wiphy;
8838
8839 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
8840 sched_scan_req->owner_nlportid = info->snd_portid;
8841
8842 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
8843
8844 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
8845 return 0;
8846
8847out_free:
8848 kfree(sched_scan_req);
8849out_err:
8850 return err;
8851}
8852
8853static int nl80211_stop_sched_scan(struct sk_buff *skb,
8854 struct genl_info *info)
8855{
8856 struct cfg80211_sched_scan_request *req;
8857 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8858 u64 cookie;
8859
8860 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
8861 return -EOPNOTSUPP;
8862
8863 if (info->attrs[NL80211_ATTR_COOKIE]) {
8864 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8865 return __cfg80211_stop_sched_scan(rdev, cookie, false);
8866 }
8867
8868 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
8869 struct cfg80211_sched_scan_request,
8870 list);
8871 if (!req || req->reqid ||
8872 (req->owner_nlportid &&
8873 req->owner_nlportid != info->snd_portid))
8874 return -ENOENT;
8875
8876 return cfg80211_stop_sched_scan_req(rdev, req, false);
8877}
8878
8879static int nl80211_start_radar_detection(struct sk_buff *skb,
8880 struct genl_info *info)
8881{
8882 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8883 struct net_device *dev = info->user_ptr[1];
8884 struct wireless_dev *wdev = dev->ieee80211_ptr;
8885 struct wiphy *wiphy = wdev->wiphy;
8886 struct cfg80211_chan_def chandef;
8887 enum nl80211_dfs_regions dfs_region;
8888 unsigned int cac_time_ms;
8889 int err;
8890
8891 dfs_region = reg_get_dfs_region(wiphy);
8892 if (dfs_region == NL80211_DFS_UNSET)
8893 return -EINVAL;
8894
8895 err = nl80211_parse_chandef(rdev, info, &chandef);
8896 if (err)
8897 return err;
8898
8899 if (netif_carrier_ok(dev))
8900 return -EBUSY;
8901
8902 if (wdev->cac_started)
8903 return -EBUSY;
8904
8905 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8906 if (err < 0)
8907 return err;
8908
8909 if (err == 0)
8910 return -EINVAL;
8911
8912 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
8913 return -EINVAL;
8914
8915 /* CAC start is offloaded to HW and can't be started manually */
8916 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
8917 return -EOPNOTSUPP;
8918
8919 if (!rdev->ops->start_radar_detection)
8920 return -EOPNOTSUPP;
8921
8922 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
8923 if (WARN_ON(!cac_time_ms))
8924 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
8925
8926 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
8927 if (!err) {
8928 wdev->chandef = chandef;
8929 wdev->cac_started = true;
8930 wdev->cac_start_time = jiffies;
8931 wdev->cac_time_ms = cac_time_ms;
8932 }
8933 return err;
8934}
8935
8936static int nl80211_notify_radar_detection(struct sk_buff *skb,
8937 struct genl_info *info)
8938{
8939 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8940 struct net_device *dev = info->user_ptr[1];
8941 struct wireless_dev *wdev = dev->ieee80211_ptr;
8942 struct wiphy *wiphy = wdev->wiphy;
8943 struct cfg80211_chan_def chandef;
8944 enum nl80211_dfs_regions dfs_region;
8945 int err;
8946
8947 dfs_region = reg_get_dfs_region(wiphy);
8948 if (dfs_region == NL80211_DFS_UNSET) {
8949 GENL_SET_ERR_MSG(info,
8950 "DFS Region is not set. Unexpected Radar indication");
8951 return -EINVAL;
8952 }
8953
8954 err = nl80211_parse_chandef(rdev, info, &chandef);
8955 if (err) {
8956 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
8957 return err;
8958 }
8959
8960 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8961 if (err < 0) {
8962 GENL_SET_ERR_MSG(info, "chandef is invalid");
8963 return err;
8964 }
8965
8966 if (err == 0) {
8967 GENL_SET_ERR_MSG(info,
8968 "Unexpected Radar indication for chandef/iftype");
8969 return -EINVAL;
8970 }
8971
8972 /* Do not process this notification if radar is already detected
8973 * by kernel on this channel, and return success.
8974 */
8975 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
8976 return 0;
8977
8978 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
8979
8980 cfg80211_sched_dfs_chan_update(rdev);
8981
8982 rdev->radar_chandef = chandef;
8983
8984 /* Propagate this notification to other radios as well */
8985 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
8986
8987 return 0;
8988}
8989
8990static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
8991{
8992 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8993 struct net_device *dev = info->user_ptr[1];
8994 struct wireless_dev *wdev = dev->ieee80211_ptr;
8995 struct cfg80211_csa_settings params;
8996 /* csa_attrs is defined static to avoid waste of stack size - this
8997 * function is called under RTNL lock, so this should not be a problem.
8998 */
8999 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
9000 int err;
9001 bool need_new_beacon = false;
9002 bool need_handle_dfs_flag = true;
9003 int len, i;
9004 u32 cs_count;
9005
9006 if (!rdev->ops->channel_switch ||
9007 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
9008 return -EOPNOTSUPP;
9009
9010 switch (dev->ieee80211_ptr->iftype) {
9011 case NL80211_IFTYPE_AP:
9012 case NL80211_IFTYPE_P2P_GO:
9013 need_new_beacon = true;
9014 /* For all modes except AP the handle_dfs flag needs to be
9015 * supplied to tell the kernel that userspace will handle radar
9016 * events when they happen. Otherwise a switch to a channel
9017 * requiring DFS will be rejected.
9018 */
9019 need_handle_dfs_flag = false;
9020
9021 /* useless if AP is not running */
9022 if (!wdev->beacon_interval)
9023 return -ENOTCONN;
9024 break;
9025 case NL80211_IFTYPE_ADHOC:
9026 if (!wdev->ssid_len)
9027 return -ENOTCONN;
9028 break;
9029 case NL80211_IFTYPE_MESH_POINT:
9030 if (!wdev->mesh_id_len)
9031 return -ENOTCONN;
9032 break;
9033 default:
9034 return -EOPNOTSUPP;
9035 }
9036
9037 memset(&params, 0, sizeof(params));
9038 params.beacon_csa.ftm_responder = -1;
9039
9040 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
9041 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
9042 return -EINVAL;
9043
9044 /* only important for AP, IBSS and mesh create IEs internally */
9045 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
9046 return -EINVAL;
9047
9048 /* Even though the attribute is u32, the specification says
9049 * u8, so let's make sure we don't overflow.
9050 */
9051 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
9052 if (cs_count > 255)
9053 return -EINVAL;
9054
9055 params.count = cs_count;
9056
9057 if (!need_new_beacon)
9058 goto skip_beacons;
9059
9060 err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after);
9061 if (err)
9062 return err;
9063
9064 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
9065 info->attrs[NL80211_ATTR_CSA_IES],
9066 nl80211_policy, info->extack);
9067 if (err)
9068 return err;
9069
9070 err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa);
9071 if (err)
9072 return err;
9073
9074 if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON])
9075 return -EINVAL;
9076
9077 len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
9078 if (!len || (len % sizeof(u16)))
9079 return -EINVAL;
9080
9081 params.n_counter_offsets_beacon = len / sizeof(u16);
9082 if (rdev->wiphy.max_num_csa_counters &&
9083 (params.n_counter_offsets_beacon >
9084 rdev->wiphy.max_num_csa_counters))
9085 return -EINVAL;
9086
9087 params.counter_offsets_beacon =
9088 nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
9089
9090 /* sanity checks - counters should fit and be the same */
9091 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
9092 u16 offset = params.counter_offsets_beacon[i];
9093
9094 if (offset >= params.beacon_csa.tail_len)
9095 return -EINVAL;
9096
9097 if (params.beacon_csa.tail[offset] != params.count)
9098 return -EINVAL;
9099 }
9100
9101 if (csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
9102 len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
9103 if (!len || (len % sizeof(u16)))
9104 return -EINVAL;
9105
9106 params.n_counter_offsets_presp = len / sizeof(u16);
9107 if (rdev->wiphy.max_num_csa_counters &&
9108 (params.n_counter_offsets_presp >
9109 rdev->wiphy.max_num_csa_counters))
9110 return -EINVAL;
9111
9112 params.counter_offsets_presp =
9113 nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
9114
9115 /* sanity checks - counters should fit and be the same */
9116 for (i = 0; i < params.n_counter_offsets_presp; i++) {
9117 u16 offset = params.counter_offsets_presp[i];
9118
9119 if (offset >= params.beacon_csa.probe_resp_len)
9120 return -EINVAL;
9121
9122 if (params.beacon_csa.probe_resp[offset] !=
9123 params.count)
9124 return -EINVAL;
9125 }
9126 }
9127
9128skip_beacons:
9129 err = nl80211_parse_chandef(rdev, info, &params.chandef);
9130 if (err)
9131 return err;
9132
9133 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
9134 wdev->iftype))
9135 return -EINVAL;
9136
9137 err = cfg80211_chandef_dfs_required(wdev->wiphy,
9138 &params.chandef,
9139 wdev->iftype);
9140 if (err < 0)
9141 return err;
9142
9143 if (err > 0) {
9144 params.radar_required = true;
9145 if (need_handle_dfs_flag &&
9146 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
9147 return -EINVAL;
9148 }
9149 }
9150
9151 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
9152 params.block_tx = true;
9153
9154 wdev_lock(wdev);
9155 err = rdev_channel_switch(rdev, dev, &params);
9156 wdev_unlock(wdev);
9157
9158 return err;
9159}
9160
9161static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
9162 u32 seq, int flags,
9163 struct cfg80211_registered_device *rdev,
9164 struct wireless_dev *wdev,
9165 struct cfg80211_internal_bss *intbss)
9166{
9167 struct cfg80211_bss *res = &intbss->pub;
9168 const struct cfg80211_bss_ies *ies;
9169 void *hdr;
9170 struct nlattr *bss;
9171
9172 ASSERT_WDEV_LOCK(wdev);
9173
9174 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
9175 NL80211_CMD_NEW_SCAN_RESULTS);
9176 if (!hdr)
9177 return -1;
9178
9179 genl_dump_check_consistent(cb, hdr);
9180
9181 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
9182 goto nla_put_failure;
9183 if (wdev->netdev &&
9184 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
9185 goto nla_put_failure;
9186 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
9187 NL80211_ATTR_PAD))
9188 goto nla_put_failure;
9189
9190 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
9191 if (!bss)
9192 goto nla_put_failure;
9193 if ((!is_zero_ether_addr(res->bssid) &&
9194 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
9195 goto nla_put_failure;
9196
9197 rcu_read_lock();
9198 /* indicate whether we have probe response data or not */
9199 if (rcu_access_pointer(res->proberesp_ies) &&
9200 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
9201 goto fail_unlock_rcu;
9202
9203 /* this pointer prefers to be pointed to probe response data
9204 * but is always valid
9205 */
9206 ies = rcu_dereference(res->ies);
9207 if (ies) {
9208 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
9209 NL80211_BSS_PAD))
9210 goto fail_unlock_rcu;
9211 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
9212 ies->len, ies->data))
9213 goto fail_unlock_rcu;
9214 }
9215
9216 /* and this pointer is always (unless driver didn't know) beacon data */
9217 ies = rcu_dereference(res->beacon_ies);
9218 if (ies && ies->from_beacon) {
9219 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
9220 NL80211_BSS_PAD))
9221 goto fail_unlock_rcu;
9222 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
9223 ies->len, ies->data))
9224 goto fail_unlock_rcu;
9225 }
9226 rcu_read_unlock();
9227
9228 if (res->beacon_interval &&
9229 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
9230 goto nla_put_failure;
9231 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
9232 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
9233 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
9234 res->channel->freq_offset) ||
9235 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
9236 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
9237 jiffies_to_msecs(jiffies - intbss->ts)))
9238 goto nla_put_failure;
9239
9240 if (intbss->parent_tsf &&
9241 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
9242 intbss->parent_tsf, NL80211_BSS_PAD) ||
9243 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
9244 intbss->parent_bssid)))
9245 goto nla_put_failure;
9246
9247 if (intbss->ts_boottime &&
9248 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
9249 intbss->ts_boottime, NL80211_BSS_PAD))
9250 goto nla_put_failure;
9251
9252 if (!nl80211_put_signal(msg, intbss->pub.chains,
9253 intbss->pub.chain_signal,
9254 NL80211_BSS_CHAIN_SIGNAL))
9255 goto nla_put_failure;
9256
9257 switch (rdev->wiphy.signal_type) {
9258 case CFG80211_SIGNAL_TYPE_MBM:
9259 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
9260 goto nla_put_failure;
9261 break;
9262 case CFG80211_SIGNAL_TYPE_UNSPEC:
9263 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
9264 goto nla_put_failure;
9265 break;
9266 default:
9267 break;
9268 }
9269
9270 switch (wdev->iftype) {
9271 case NL80211_IFTYPE_P2P_CLIENT:
9272 case NL80211_IFTYPE_STATION:
9273 if (intbss == wdev->current_bss &&
9274 nla_put_u32(msg, NL80211_BSS_STATUS,
9275 NL80211_BSS_STATUS_ASSOCIATED))
9276 goto nla_put_failure;
9277 break;
9278 case NL80211_IFTYPE_ADHOC:
9279 if (intbss == wdev->current_bss &&
9280 nla_put_u32(msg, NL80211_BSS_STATUS,
9281 NL80211_BSS_STATUS_IBSS_JOINED))
9282 goto nla_put_failure;
9283 break;
9284 default:
9285 break;
9286 }
9287
9288 nla_nest_end(msg, bss);
9289
9290 genlmsg_end(msg, hdr);
9291 return 0;
9292
9293 fail_unlock_rcu:
9294 rcu_read_unlock();
9295 nla_put_failure:
9296 genlmsg_cancel(msg, hdr);
9297 return -EMSGSIZE;
9298}
9299
9300static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
9301{
9302 struct cfg80211_registered_device *rdev;
9303 struct cfg80211_internal_bss *scan;
9304 struct wireless_dev *wdev;
9305 int start = cb->args[2], idx = 0;
9306 int err;
9307
9308 rtnl_lock();
9309 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9310 if (err) {
9311 rtnl_unlock();
9312 return err;
9313 }
9314
9315 wdev_lock(wdev);
9316 spin_lock_bh(&rdev->bss_lock);
9317
9318 /*
9319 * dump_scan will be called multiple times to break up the scan results
9320 * into multiple messages. It is unlikely that any more bss-es will be
9321 * expired after the first call, so only call only call this on the
9322 * first dump_scan invocation.
9323 */
9324 if (start == 0)
9325 cfg80211_bss_expire(rdev);
9326
9327 cb->seq = rdev->bss_generation;
9328
9329 list_for_each_entry(scan, &rdev->bss_list, list) {
9330 if (++idx <= start)
9331 continue;
9332 if (nl80211_send_bss(skb, cb,
9333 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9334 rdev, wdev, scan) < 0) {
9335 idx--;
9336 break;
9337 }
9338 }
9339
9340 spin_unlock_bh(&rdev->bss_lock);
9341 wdev_unlock(wdev);
9342
9343 cb->args[2] = idx;
9344 rtnl_unlock();
9345
9346 return skb->len;
9347}
9348
9349static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
9350 int flags, struct net_device *dev,
9351 bool allow_radio_stats,
9352 struct survey_info *survey)
9353{
9354 void *hdr;
9355 struct nlattr *infoattr;
9356
9357 /* skip radio stats if userspace didn't request them */
9358 if (!survey->channel && !allow_radio_stats)
9359 return 0;
9360
9361 hdr = nl80211hdr_put(msg, portid, seq, flags,
9362 NL80211_CMD_NEW_SURVEY_RESULTS);
9363 if (!hdr)
9364 return -ENOMEM;
9365
9366 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
9367 goto nla_put_failure;
9368
9369 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
9370 if (!infoattr)
9371 goto nla_put_failure;
9372
9373 if (survey->channel &&
9374 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
9375 survey->channel->center_freq))
9376 goto nla_put_failure;
9377
9378 if (survey->channel && survey->channel->freq_offset &&
9379 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
9380 survey->channel->freq_offset))
9381 goto nla_put_failure;
9382
9383 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
9384 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
9385 goto nla_put_failure;
9386 if ((survey->filled & SURVEY_INFO_IN_USE) &&
9387 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
9388 goto nla_put_failure;
9389 if ((survey->filled & SURVEY_INFO_TIME) &&
9390 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
9391 survey->time, NL80211_SURVEY_INFO_PAD))
9392 goto nla_put_failure;
9393 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
9394 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
9395 survey->time_busy, NL80211_SURVEY_INFO_PAD))
9396 goto nla_put_failure;
9397 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
9398 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
9399 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
9400 goto nla_put_failure;
9401 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
9402 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
9403 survey->time_rx, NL80211_SURVEY_INFO_PAD))
9404 goto nla_put_failure;
9405 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
9406 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
9407 survey->time_tx, NL80211_SURVEY_INFO_PAD))
9408 goto nla_put_failure;
9409 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
9410 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
9411 survey->time_scan, NL80211_SURVEY_INFO_PAD))
9412 goto nla_put_failure;
9413 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
9414 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
9415 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
9416 goto nla_put_failure;
9417
9418 nla_nest_end(msg, infoattr);
9419
9420 genlmsg_end(msg, hdr);
9421 return 0;
9422
9423 nla_put_failure:
9424 genlmsg_cancel(msg, hdr);
9425 return -EMSGSIZE;
9426}
9427
9428static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
9429{
9430 struct nlattr **attrbuf;
9431 struct survey_info survey;
9432 struct cfg80211_registered_device *rdev;
9433 struct wireless_dev *wdev;
9434 int survey_idx = cb->args[2];
9435 int res;
9436 bool radio_stats;
9437
9438 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
9439 if (!attrbuf)
9440 return -ENOMEM;
9441
9442 rtnl_lock();
9443 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9444 if (res)
9445 goto out_err;
9446
9447 /* prepare_wdev_dump parsed the attributes */
9448 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
9449
9450 if (!wdev->netdev) {
9451 res = -EINVAL;
9452 goto out_err;
9453 }
9454
9455 if (!rdev->ops->dump_survey) {
9456 res = -EOPNOTSUPP;
9457 goto out_err;
9458 }
9459
9460 while (1) {
9461 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
9462 if (res == -ENOENT)
9463 break;
9464 if (res)
9465 goto out_err;
9466
9467 /* don't send disabled channels, but do send non-channel data */
9468 if (survey.channel &&
9469 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
9470 survey_idx++;
9471 continue;
9472 }
9473
9474 if (nl80211_send_survey(skb,
9475 NETLINK_CB(cb->skb).portid,
9476 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9477 wdev->netdev, radio_stats, &survey) < 0)
9478 goto out;
9479 survey_idx++;
9480 }
9481
9482 out:
9483 cb->args[2] = survey_idx;
9484 res = skb->len;
9485 out_err:
9486 kfree(attrbuf);
9487 rtnl_unlock();
9488 return res;
9489}
9490
9491static bool nl80211_valid_wpa_versions(u32 wpa_versions)
9492{
9493 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
9494 NL80211_WPA_VERSION_2 |
9495 NL80211_WPA_VERSION_3));
9496}
9497
9498static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
9499{
9500 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9501 struct net_device *dev = info->user_ptr[1];
9502 struct ieee80211_channel *chan;
9503 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
9504 int err, ssid_len, ie_len = 0, auth_data_len = 0;
9505 enum nl80211_auth_type auth_type;
9506 struct key_parse key;
9507 bool local_state_change;
9508 u32 freq;
9509
9510 if (!info->attrs[NL80211_ATTR_MAC])
9511 return -EINVAL;
9512
9513 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
9514 return -EINVAL;
9515
9516 if (!info->attrs[NL80211_ATTR_SSID])
9517 return -EINVAL;
9518
9519 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9520 return -EINVAL;
9521
9522 err = nl80211_parse_key(info, &key);
9523 if (err)
9524 return err;
9525
9526 if (key.idx >= 0) {
9527 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
9528 return -EINVAL;
9529 if (!key.p.key || !key.p.key_len)
9530 return -EINVAL;
9531 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
9532 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
9533 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
9534 key.p.key_len != WLAN_KEY_LEN_WEP104))
9535 return -EINVAL;
9536 if (key.idx > 3)
9537 return -EINVAL;
9538 } else {
9539 key.p.key_len = 0;
9540 key.p.key = NULL;
9541 }
9542
9543 if (key.idx >= 0) {
9544 int i;
9545 bool ok = false;
9546
9547 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
9548 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
9549 ok = true;
9550 break;
9551 }
9552 }
9553 if (!ok)
9554 return -EINVAL;
9555 }
9556
9557 if (!rdev->ops->auth)
9558 return -EOPNOTSUPP;
9559
9560 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9561 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9562 return -EOPNOTSUPP;
9563
9564 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9565 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
9566 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
9567 freq +=
9568 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
9569
9570 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
9571 if (!chan)
9572 return -EINVAL;
9573
9574 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9575 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9576
9577 if (info->attrs[NL80211_ATTR_IE]) {
9578 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9579 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9580 }
9581
9582 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9583 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
9584 return -EINVAL;
9585
9586 if ((auth_type == NL80211_AUTHTYPE_SAE ||
9587 auth_type == NL80211_AUTHTYPE_FILS_SK ||
9588 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
9589 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
9590 !info->attrs[NL80211_ATTR_AUTH_DATA])
9591 return -EINVAL;
9592
9593 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
9594 if (auth_type != NL80211_AUTHTYPE_SAE &&
9595 auth_type != NL80211_AUTHTYPE_FILS_SK &&
9596 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
9597 auth_type != NL80211_AUTHTYPE_FILS_PK)
9598 return -EINVAL;
9599 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
9600 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
9601 }
9602
9603 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9604
9605 /*
9606 * Since we no longer track auth state, ignore
9607 * requests to only change local state.
9608 */
9609 if (local_state_change)
9610 return 0;
9611
9612 wdev_lock(dev->ieee80211_ptr);
9613 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
9614 ssid, ssid_len, ie, ie_len,
9615 key.p.key, key.p.key_len, key.idx,
9616 auth_data, auth_data_len);
9617 wdev_unlock(dev->ieee80211_ptr);
9618 return err;
9619}
9620
9621static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
9622 struct genl_info *info)
9623{
9624 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9625 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
9626 return -EINVAL;
9627 }
9628
9629 if (!rdev->ops->tx_control_port ||
9630 !wiphy_ext_feature_isset(&rdev->wiphy,
9631 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
9632 return -EOPNOTSUPP;
9633
9634 return 0;
9635}
9636
9637static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
9638 struct genl_info *info,
9639 struct cfg80211_crypto_settings *settings,
9640 int cipher_limit)
9641{
9642 memset(settings, 0, sizeof(*settings));
9643
9644 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
9645
9646 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
9647 u16 proto;
9648
9649 proto = nla_get_u16(
9650 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
9651 settings->control_port_ethertype = cpu_to_be16(proto);
9652 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
9653 proto != ETH_P_PAE)
9654 return -EINVAL;
9655 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
9656 settings->control_port_no_encrypt = true;
9657 } else
9658 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
9659
9660 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9661 int r = validate_pae_over_nl80211(rdev, info);
9662
9663 if (r < 0)
9664 return r;
9665
9666 settings->control_port_over_nl80211 = true;
9667
9668 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
9669 settings->control_port_no_preauth = true;
9670 }
9671
9672 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
9673 void *data;
9674 int len, i;
9675
9676 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9677 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9678 settings->n_ciphers_pairwise = len / sizeof(u32);
9679
9680 if (len % sizeof(u32))
9681 return -EINVAL;
9682
9683 if (settings->n_ciphers_pairwise > cipher_limit)
9684 return -EINVAL;
9685
9686 memcpy(settings->ciphers_pairwise, data, len);
9687
9688 for (i = 0; i < settings->n_ciphers_pairwise; i++)
9689 if (!cfg80211_supported_cipher_suite(
9690 &rdev->wiphy,
9691 settings->ciphers_pairwise[i]))
9692 return -EINVAL;
9693 }
9694
9695 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
9696 settings->cipher_group =
9697 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
9698 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
9699 settings->cipher_group))
9700 return -EINVAL;
9701 }
9702
9703 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
9704 settings->wpa_versions =
9705 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
9706 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
9707 return -EINVAL;
9708 }
9709
9710 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
9711 void *data;
9712 int len;
9713
9714 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
9715 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
9716 settings->n_akm_suites = len / sizeof(u32);
9717
9718 if (len % sizeof(u32))
9719 return -EINVAL;
9720
9721 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
9722 return -EINVAL;
9723
9724 memcpy(settings->akm_suites, data, len);
9725 }
9726
9727 if (info->attrs[NL80211_ATTR_PMK]) {
9728 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
9729 return -EINVAL;
9730 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9731 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
9732 !wiphy_ext_feature_isset(&rdev->wiphy,
9733 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
9734 return -EINVAL;
9735 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9736 }
9737
9738 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
9739 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9740 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
9741 !wiphy_ext_feature_isset(&rdev->wiphy,
9742 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
9743 return -EINVAL;
9744 settings->sae_pwd =
9745 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9746 settings->sae_pwd_len =
9747 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9748 }
9749
9750 return 0;
9751}
9752
9753static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
9754{
9755 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9756 struct net_device *dev = info->user_ptr[1];
9757 struct ieee80211_channel *chan;
9758 struct cfg80211_assoc_request req = {};
9759 const u8 *bssid, *ssid;
9760 int err, ssid_len = 0;
9761 u32 freq;
9762
9763 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9764 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9765 return -EPERM;
9766
9767 if (!info->attrs[NL80211_ATTR_MAC] ||
9768 !info->attrs[NL80211_ATTR_SSID] ||
9769 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9770 return -EINVAL;
9771
9772 if (!rdev->ops->assoc)
9773 return -EOPNOTSUPP;
9774
9775 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9776 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9777 return -EOPNOTSUPP;
9778
9779 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9780
9781 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
9782 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
9783 freq +=
9784 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
9785 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
9786 if (!chan)
9787 return -EINVAL;
9788
9789 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9790 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9791
9792 if (info->attrs[NL80211_ATTR_IE]) {
9793 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9794 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9795 }
9796
9797 if (info->attrs[NL80211_ATTR_USE_MFP]) {
9798 enum nl80211_mfp mfp =
9799 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9800 if (mfp == NL80211_MFP_REQUIRED)
9801 req.use_mfp = true;
9802 else if (mfp != NL80211_MFP_NO)
9803 return -EINVAL;
9804 }
9805
9806 if (info->attrs[NL80211_ATTR_PREV_BSSID])
9807 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9808
9809 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9810 req.flags |= ASSOC_REQ_DISABLE_HT;
9811
9812 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9813 memcpy(&req.ht_capa_mask,
9814 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9815 sizeof(req.ht_capa_mask));
9816
9817 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9818 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9819 return -EINVAL;
9820 memcpy(&req.ht_capa,
9821 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9822 sizeof(req.ht_capa));
9823 }
9824
9825 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9826 req.flags |= ASSOC_REQ_DISABLE_VHT;
9827
9828 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9829 memcpy(&req.vht_capa_mask,
9830 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9831 sizeof(req.vht_capa_mask));
9832
9833 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9834 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9835 return -EINVAL;
9836 memcpy(&req.vht_capa,
9837 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9838 sizeof(req.vht_capa));
9839 }
9840
9841 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9842 if (!((rdev->wiphy.features &
9843 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9844 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9845 !wiphy_ext_feature_isset(&rdev->wiphy,
9846 NL80211_EXT_FEATURE_RRM))
9847 return -EINVAL;
9848 req.flags |= ASSOC_REQ_USE_RRM;
9849 }
9850
9851 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
9852 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
9853 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
9854 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
9855 return -EINVAL;
9856 req.fils_nonces =
9857 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
9858 }
9859
9860 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
9861 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
9862 return -EINVAL;
9863 memcpy(&req.s1g_capa_mask,
9864 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
9865 sizeof(req.s1g_capa_mask));
9866 }
9867
9868 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
9869 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
9870 return -EINVAL;
9871 memcpy(&req.s1g_capa,
9872 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
9873 sizeof(req.s1g_capa));
9874 }
9875
9876 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
9877 if (!err) {
9878 wdev_lock(dev->ieee80211_ptr);
9879
9880 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
9881 ssid, ssid_len, &req);
9882
9883 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9884 dev->ieee80211_ptr->conn_owner_nlportid =
9885 info->snd_portid;
9886 memcpy(dev->ieee80211_ptr->disconnect_bssid,
9887 bssid, ETH_ALEN);
9888 }
9889
9890 wdev_unlock(dev->ieee80211_ptr);
9891 }
9892
9893 return err;
9894}
9895
9896static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
9897{
9898 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9899 struct net_device *dev = info->user_ptr[1];
9900 const u8 *ie = NULL, *bssid;
9901 int ie_len = 0, err;
9902 u16 reason_code;
9903 bool local_state_change;
9904
9905 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9906 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9907 return -EPERM;
9908
9909 if (!info->attrs[NL80211_ATTR_MAC])
9910 return -EINVAL;
9911
9912 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9913 return -EINVAL;
9914
9915 if (!rdev->ops->deauth)
9916 return -EOPNOTSUPP;
9917
9918 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9919 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9920 return -EOPNOTSUPP;
9921
9922 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9923
9924 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9925 if (reason_code == 0) {
9926 /* Reason Code 0 is reserved */
9927 return -EINVAL;
9928 }
9929
9930 if (info->attrs[NL80211_ATTR_IE]) {
9931 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9932 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9933 }
9934
9935 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9936
9937 wdev_lock(dev->ieee80211_ptr);
9938 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
9939 local_state_change);
9940 wdev_unlock(dev->ieee80211_ptr);
9941 return err;
9942}
9943
9944static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
9945{
9946 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9947 struct net_device *dev = info->user_ptr[1];
9948 const u8 *ie = NULL, *bssid;
9949 int ie_len = 0, err;
9950 u16 reason_code;
9951 bool local_state_change;
9952
9953 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9954 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9955 return -EPERM;
9956
9957 if (!info->attrs[NL80211_ATTR_MAC])
9958 return -EINVAL;
9959
9960 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9961 return -EINVAL;
9962
9963 if (!rdev->ops->disassoc)
9964 return -EOPNOTSUPP;
9965
9966 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9967 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9968 return -EOPNOTSUPP;
9969
9970 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9971
9972 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9973 if (reason_code == 0) {
9974 /* Reason Code 0 is reserved */
9975 return -EINVAL;
9976 }
9977
9978 if (info->attrs[NL80211_ATTR_IE]) {
9979 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9980 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9981 }
9982
9983 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9984
9985 wdev_lock(dev->ieee80211_ptr);
9986 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
9987 local_state_change);
9988 wdev_unlock(dev->ieee80211_ptr);
9989 return err;
9990}
9991
9992static bool
9993nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
9994 int mcast_rate[NUM_NL80211_BANDS],
9995 int rateval)
9996{
9997 struct wiphy *wiphy = &rdev->wiphy;
9998 bool found = false;
9999 int band, i;
10000
10001 for (band = 0; band < NUM_NL80211_BANDS; band++) {
10002 struct ieee80211_supported_band *sband;
10003
10004 sband = wiphy->bands[band];
10005 if (!sband)
10006 continue;
10007
10008 for (i = 0; i < sband->n_bitrates; i++) {
10009 if (sband->bitrates[i].bitrate == rateval) {
10010 mcast_rate[band] = i + 1;
10011 found = true;
10012 break;
10013 }
10014 }
10015 }
10016
10017 return found;
10018}
10019
10020static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
10021{
10022 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10023 struct net_device *dev = info->user_ptr[1];
10024 struct cfg80211_ibss_params ibss;
10025 struct wiphy *wiphy;
10026 struct cfg80211_cached_keys *connkeys = NULL;
10027 int err;
10028
10029 memset(&ibss, 0, sizeof(ibss));
10030
10031 if (!info->attrs[NL80211_ATTR_SSID] ||
10032 !nla_len(info->attrs[NL80211_ATTR_SSID]))
10033 return -EINVAL;
10034
10035 ibss.beacon_interval = 100;
10036
10037 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
10038 ibss.beacon_interval =
10039 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10040
10041 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
10042 ibss.beacon_interval);
10043 if (err)
10044 return err;
10045
10046 if (!rdev->ops->join_ibss)
10047 return -EOPNOTSUPP;
10048
10049 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
10050 return -EOPNOTSUPP;
10051
10052 wiphy = &rdev->wiphy;
10053
10054 if (info->attrs[NL80211_ATTR_MAC]) {
10055 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10056
10057 if (!is_valid_ether_addr(ibss.bssid))
10058 return -EINVAL;
10059 }
10060 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10061 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10062
10063 if (info->attrs[NL80211_ATTR_IE]) {
10064 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10065 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10066 }
10067
10068 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
10069 if (err)
10070 return err;
10071
10072 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
10073 NL80211_IFTYPE_ADHOC))
10074 return -EINVAL;
10075
10076 switch (ibss.chandef.width) {
10077 case NL80211_CHAN_WIDTH_5:
10078 case NL80211_CHAN_WIDTH_10:
10079 case NL80211_CHAN_WIDTH_20_NOHT:
10080 break;
10081 case NL80211_CHAN_WIDTH_20:
10082 case NL80211_CHAN_WIDTH_40:
10083 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
10084 return -EINVAL;
10085 break;
10086 case NL80211_CHAN_WIDTH_80:
10087 case NL80211_CHAN_WIDTH_80P80:
10088 case NL80211_CHAN_WIDTH_160:
10089 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
10090 return -EINVAL;
10091 if (!wiphy_ext_feature_isset(&rdev->wiphy,
10092 NL80211_EXT_FEATURE_VHT_IBSS))
10093 return -EINVAL;
10094 break;
10095 default:
10096 return -EINVAL;
10097 }
10098
10099 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
10100 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
10101
10102 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10103 u8 *rates =
10104 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10105 int n_rates =
10106 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10107 struct ieee80211_supported_band *sband =
10108 wiphy->bands[ibss.chandef.chan->band];
10109
10110 err = ieee80211_get_ratemask(sband, rates, n_rates,
10111 &ibss.basic_rates);
10112 if (err)
10113 return err;
10114 }
10115
10116 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10117 memcpy(&ibss.ht_capa_mask,
10118 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10119 sizeof(ibss.ht_capa_mask));
10120
10121 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10122 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10123 return -EINVAL;
10124 memcpy(&ibss.ht_capa,
10125 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10126 sizeof(ibss.ht_capa));
10127 }
10128
10129 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
10130 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
10131 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10132 return -EINVAL;
10133
10134 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
10135 bool no_ht = false;
10136
10137 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
10138 if (IS_ERR(connkeys))
10139 return PTR_ERR(connkeys);
10140
10141 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
10142 no_ht) {
10143 kfree_sensitive(connkeys);
10144 return -EINVAL;
10145 }
10146 }
10147
10148 ibss.control_port =
10149 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
10150
10151 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10152 int r = validate_pae_over_nl80211(rdev, info);
10153
10154 if (r < 0) {
10155 kfree_sensitive(connkeys);
10156 return r;
10157 }
10158
10159 ibss.control_port_over_nl80211 = true;
10160 }
10161
10162 ibss.userspace_handles_dfs =
10163 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10164
10165 wdev_lock(dev->ieee80211_ptr);
10166 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
10167 if (err)
10168 kfree_sensitive(connkeys);
10169 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
10170 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10171 wdev_unlock(dev->ieee80211_ptr);
10172
10173 return err;
10174}
10175
10176static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
10177{
10178 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10179 struct net_device *dev = info->user_ptr[1];
10180
10181 if (!rdev->ops->leave_ibss)
10182 return -EOPNOTSUPP;
10183
10184 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
10185 return -EOPNOTSUPP;
10186
10187 return cfg80211_leave_ibss(rdev, dev, false);
10188}
10189
10190static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
10191{
10192 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10193 struct net_device *dev = info->user_ptr[1];
10194 int mcast_rate[NUM_NL80211_BANDS];
10195 u32 nla_rate;
10196 int err;
10197
10198 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
10199 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
10200 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
10201 return -EOPNOTSUPP;
10202
10203 if (!rdev->ops->set_mcast_rate)
10204 return -EOPNOTSUPP;
10205
10206 memset(mcast_rate, 0, sizeof(mcast_rate));
10207
10208 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
10209 return -EINVAL;
10210
10211 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
10212 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
10213 return -EINVAL;
10214
10215 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
10216
10217 return err;
10218}
10219
10220static struct sk_buff *
10221__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
10222 struct wireless_dev *wdev, int approxlen,
10223 u32 portid, u32 seq, enum nl80211_commands cmd,
10224 enum nl80211_attrs attr,
10225 const struct nl80211_vendor_cmd_info *info,
10226 gfp_t gfp)
10227{
10228 struct sk_buff *skb;
10229 void *hdr;
10230 struct nlattr *data;
10231
10232 skb = nlmsg_new(approxlen + 100, gfp);
10233 if (!skb)
10234 return NULL;
10235
10236 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
10237 if (!hdr) {
10238 kfree_skb(skb);
10239 return NULL;
10240 }
10241
10242 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
10243 goto nla_put_failure;
10244
10245 if (info) {
10246 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
10247 info->vendor_id))
10248 goto nla_put_failure;
10249 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
10250 info->subcmd))
10251 goto nla_put_failure;
10252 }
10253
10254 if (wdev) {
10255 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
10256 wdev_id(wdev), NL80211_ATTR_PAD))
10257 goto nla_put_failure;
10258 if (wdev->netdev &&
10259 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
10260 wdev->netdev->ifindex))
10261 goto nla_put_failure;
10262 }
10263
10264 data = nla_nest_start_noflag(skb, attr);
10265 if (!data)
10266 goto nla_put_failure;
10267
10268 ((void **)skb->cb)[0] = rdev;
10269 ((void **)skb->cb)[1] = hdr;
10270 ((void **)skb->cb)[2] = data;
10271
10272 return skb;
10273
10274 nla_put_failure:
10275 kfree_skb(skb);
10276 return NULL;
10277}
10278
10279struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
10280 struct wireless_dev *wdev,
10281 enum nl80211_commands cmd,
10282 enum nl80211_attrs attr,
10283 unsigned int portid,
10284 int vendor_event_idx,
10285 int approxlen, gfp_t gfp)
10286{
10287 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10288 const struct nl80211_vendor_cmd_info *info;
10289
10290 switch (cmd) {
10291 case NL80211_CMD_TESTMODE:
10292 if (WARN_ON(vendor_event_idx != -1))
10293 return NULL;
10294 info = NULL;
10295 break;
10296 case NL80211_CMD_VENDOR:
10297 if (WARN_ON(vendor_event_idx < 0 ||
10298 vendor_event_idx >= wiphy->n_vendor_events))
10299 return NULL;
10300 info = &wiphy->vendor_events[vendor_event_idx];
10301 break;
10302 default:
10303 WARN_ON(1);
10304 return NULL;
10305 }
10306
10307 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
10308 cmd, attr, info, gfp);
10309}
10310EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
10311
10312void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
10313{
10314 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
10315 void *hdr = ((void **)skb->cb)[1];
10316 struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
10317 struct nlattr *data = ((void **)skb->cb)[2];
10318 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
10319
10320 /* clear CB data for netlink core to own from now on */
10321 memset(skb->cb, 0, sizeof(skb->cb));
10322
10323 nla_nest_end(skb, data);
10324 genlmsg_end(skb, hdr);
10325
10326 if (nlhdr->nlmsg_pid) {
10327 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
10328 nlhdr->nlmsg_pid);
10329 } else {
10330 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
10331 mcgrp = NL80211_MCGRP_VENDOR;
10332
10333 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
10334 skb, 0, mcgrp, gfp);
10335 }
10336}
10337EXPORT_SYMBOL(__cfg80211_send_event_skb);
10338
10339#ifdef CONFIG_NL80211_TESTMODE
10340static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
10341{
10342 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10343 struct wireless_dev *wdev =
10344 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
10345 int err;
10346
10347 if (!rdev->ops->testmode_cmd)
10348 return -EOPNOTSUPP;
10349
10350 if (IS_ERR(wdev)) {
10351 err = PTR_ERR(wdev);
10352 if (err != -EINVAL)
10353 return err;
10354 wdev = NULL;
10355 } else if (wdev->wiphy != &rdev->wiphy) {
10356 return -EINVAL;
10357 }
10358
10359 if (!info->attrs[NL80211_ATTR_TESTDATA])
10360 return -EINVAL;
10361
10362 rdev->cur_cmd_info = info;
10363 err = rdev_testmode_cmd(rdev, wdev,
10364 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
10365 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
10366 rdev->cur_cmd_info = NULL;
10367
10368 return err;
10369}
10370
10371static int nl80211_testmode_dump(struct sk_buff *skb,
10372 struct netlink_callback *cb)
10373{
10374 struct cfg80211_registered_device *rdev;
10375 struct nlattr **attrbuf = NULL;
10376 int err;
10377 long phy_idx;
10378 void *data = NULL;
10379 int data_len = 0;
10380
10381 rtnl_lock();
10382
10383 if (cb->args[0]) {
10384 /*
10385 * 0 is a valid index, but not valid for args[0],
10386 * so we need to offset by 1.
10387 */
10388 phy_idx = cb->args[0] - 1;
10389
10390 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
10391 if (!rdev) {
10392 err = -ENOENT;
10393 goto out_err;
10394 }
10395 } else {
10396 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
10397 GFP_KERNEL);
10398 if (!attrbuf) {
10399 err = -ENOMEM;
10400 goto out_err;
10401 }
10402
10403 err = nlmsg_parse_deprecated(cb->nlh,
10404 GENL_HDRLEN + nl80211_fam.hdrsize,
10405 attrbuf, nl80211_fam.maxattr,
10406 nl80211_policy, NULL);
10407 if (err)
10408 goto out_err;
10409
10410 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
10411 if (IS_ERR(rdev)) {
10412 err = PTR_ERR(rdev);
10413 goto out_err;
10414 }
10415 phy_idx = rdev->wiphy_idx;
10416
10417 if (attrbuf[NL80211_ATTR_TESTDATA])
10418 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
10419 }
10420
10421 if (cb->args[1]) {
10422 data = nla_data((void *)cb->args[1]);
10423 data_len = nla_len((void *)cb->args[1]);
10424 }
10425
10426 if (!rdev->ops->testmode_dump) {
10427 err = -EOPNOTSUPP;
10428 goto out_err;
10429 }
10430
10431 while (1) {
10432 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
10433 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10434 NL80211_CMD_TESTMODE);
10435 struct nlattr *tmdata;
10436
10437 if (!hdr)
10438 break;
10439
10440 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
10441 genlmsg_cancel(skb, hdr);
10442 break;
10443 }
10444
10445 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
10446 if (!tmdata) {
10447 genlmsg_cancel(skb, hdr);
10448 break;
10449 }
10450 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
10451 nla_nest_end(skb, tmdata);
10452
10453 if (err == -ENOBUFS || err == -ENOENT) {
10454 genlmsg_cancel(skb, hdr);
10455 break;
10456 } else if (err) {
10457 genlmsg_cancel(skb, hdr);
10458 goto out_err;
10459 }
10460
10461 genlmsg_end(skb, hdr);
10462 }
10463
10464 err = skb->len;
10465 /* see above */
10466 cb->args[0] = phy_idx + 1;
10467 out_err:
10468 kfree(attrbuf);
10469 rtnl_unlock();
10470 return err;
10471}
10472#endif
10473
10474static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
10475{
10476 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10477 struct net_device *dev = info->user_ptr[1];
10478 struct cfg80211_connect_params connect;
10479 struct wiphy *wiphy;
10480 struct cfg80211_cached_keys *connkeys = NULL;
10481 u32 freq = 0;
10482 int err;
10483
10484 memset(&connect, 0, sizeof(connect));
10485
10486 if (!info->attrs[NL80211_ATTR_SSID] ||
10487 !nla_len(info->attrs[NL80211_ATTR_SSID]))
10488 return -EINVAL;
10489
10490 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10491 connect.auth_type =
10492 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10493 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
10494 NL80211_CMD_CONNECT))
10495 return -EINVAL;
10496 } else
10497 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
10498
10499 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
10500
10501 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
10502 !wiphy_ext_feature_isset(&rdev->wiphy,
10503 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
10504 return -EINVAL;
10505 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
10506
10507 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
10508 NL80211_MAX_NR_CIPHER_SUITES);
10509 if (err)
10510 return err;
10511
10512 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10513 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10514 return -EOPNOTSUPP;
10515
10516 wiphy = &rdev->wiphy;
10517
10518 connect.bg_scan_period = -1;
10519 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
10520 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
10521 connect.bg_scan_period =
10522 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
10523 }
10524
10525 if (info->attrs[NL80211_ATTR_MAC])
10526 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10527 else if (info->attrs[NL80211_ATTR_MAC_HINT])
10528 connect.bssid_hint =
10529 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
10530 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10531 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10532
10533 if (info->attrs[NL80211_ATTR_IE]) {
10534 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10535 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10536 }
10537
10538 if (info->attrs[NL80211_ATTR_USE_MFP]) {
10539 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
10540 if (connect.mfp == NL80211_MFP_OPTIONAL &&
10541 !wiphy_ext_feature_isset(&rdev->wiphy,
10542 NL80211_EXT_FEATURE_MFP_OPTIONAL))
10543 return -EOPNOTSUPP;
10544 } else {
10545 connect.mfp = NL80211_MFP_NO;
10546 }
10547
10548 if (info->attrs[NL80211_ATTR_PREV_BSSID])
10549 connect.prev_bssid =
10550 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
10551
10552 if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
10553 freq = MHZ_TO_KHZ(nla_get_u32(
10554 info->attrs[NL80211_ATTR_WIPHY_FREQ]));
10555 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
10556 freq +=
10557 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
10558
10559 if (freq) {
10560 connect.channel = nl80211_get_valid_chan(wiphy, freq);
10561 if (!connect.channel)
10562 return -EINVAL;
10563 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
10564 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
10565 freq = MHZ_TO_KHZ(freq);
10566 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
10567 if (!connect.channel_hint)
10568 return -EINVAL;
10569 }
10570
10571 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
10572 connect.edmg.channels =
10573 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
10574
10575 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
10576 connect.edmg.bw_config =
10577 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
10578 }
10579
10580 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
10581 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
10582 if (IS_ERR(connkeys))
10583 return PTR_ERR(connkeys);
10584 }
10585
10586 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
10587 connect.flags |= ASSOC_REQ_DISABLE_HT;
10588
10589 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10590 memcpy(&connect.ht_capa_mask,
10591 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10592 sizeof(connect.ht_capa_mask));
10593
10594 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10595 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
10596 kfree_sensitive(connkeys);
10597 return -EINVAL;
10598 }
10599 memcpy(&connect.ht_capa,
10600 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10601 sizeof(connect.ht_capa));
10602 }
10603
10604 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10605 connect.flags |= ASSOC_REQ_DISABLE_VHT;
10606
10607 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10608 memcpy(&connect.vht_capa_mask,
10609 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10610 sizeof(connect.vht_capa_mask));
10611
10612 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10613 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
10614 kfree_sensitive(connkeys);
10615 return -EINVAL;
10616 }
10617 memcpy(&connect.vht_capa,
10618 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10619 sizeof(connect.vht_capa));
10620 }
10621
10622 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10623 if (!((rdev->wiphy.features &
10624 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10625 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10626 !wiphy_ext_feature_isset(&rdev->wiphy,
10627 NL80211_EXT_FEATURE_RRM)) {
10628 kfree_sensitive(connkeys);
10629 return -EINVAL;
10630 }
10631 connect.flags |= ASSOC_REQ_USE_RRM;
10632 }
10633
10634 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
10635 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
10636 kfree_sensitive(connkeys);
10637 return -EOPNOTSUPP;
10638 }
10639
10640 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
10641 /* bss selection makes no sense if bssid is set */
10642 if (connect.bssid) {
10643 kfree_sensitive(connkeys);
10644 return -EINVAL;
10645 }
10646
10647 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
10648 wiphy, &connect.bss_select);
10649 if (err) {
10650 kfree_sensitive(connkeys);
10651 return err;
10652 }
10653 }
10654
10655 if (wiphy_ext_feature_isset(&rdev->wiphy,
10656 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
10657 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10658 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10659 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10660 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10661 connect.fils_erp_username =
10662 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10663 connect.fils_erp_username_len =
10664 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10665 connect.fils_erp_realm =
10666 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10667 connect.fils_erp_realm_len =
10668 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10669 connect.fils_erp_next_seq_num =
10670 nla_get_u16(
10671 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10672 connect.fils_erp_rrk =
10673 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10674 connect.fils_erp_rrk_len =
10675 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10676 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10677 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10678 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10679 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10680 kfree_sensitive(connkeys);
10681 return -EINVAL;
10682 }
10683
10684 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
10685 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10686 kfree_sensitive(connkeys);
10687 GENL_SET_ERR_MSG(info,
10688 "external auth requires connection ownership");
10689 return -EINVAL;
10690 }
10691 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
10692 }
10693
10694 wdev_lock(dev->ieee80211_ptr);
10695
10696 err = cfg80211_connect(rdev, dev, &connect, connkeys,
10697 connect.prev_bssid);
10698 if (err)
10699 kfree_sensitive(connkeys);
10700
10701 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10702 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10703 if (connect.bssid)
10704 memcpy(dev->ieee80211_ptr->disconnect_bssid,
10705 connect.bssid, ETH_ALEN);
10706 else
10707 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
10708 }
10709
10710 wdev_unlock(dev->ieee80211_ptr);
10711
10712 return err;
10713}
10714
10715static int nl80211_update_connect_params(struct sk_buff *skb,
10716 struct genl_info *info)
10717{
10718 struct cfg80211_connect_params connect = {};
10719 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10720 struct net_device *dev = info->user_ptr[1];
10721 struct wireless_dev *wdev = dev->ieee80211_ptr;
10722 bool fils_sk_offload;
10723 u32 auth_type;
10724 u32 changed = 0;
10725 int ret;
10726
10727 if (!rdev->ops->update_connect_params)
10728 return -EOPNOTSUPP;
10729
10730 if (info->attrs[NL80211_ATTR_IE]) {
10731 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10732 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10733 changed |= UPDATE_ASSOC_IES;
10734 }
10735
10736 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
10737 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
10738
10739 /*
10740 * when driver supports fils-sk offload all attributes must be
10741 * provided. So the else covers "fils-sk-not-all" and
10742 * "no-fils-sk-any".
10743 */
10744 if (fils_sk_offload &&
10745 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10746 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10747 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10748 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10749 connect.fils_erp_username =
10750 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10751 connect.fils_erp_username_len =
10752 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10753 connect.fils_erp_realm =
10754 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10755 connect.fils_erp_realm_len =
10756 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10757 connect.fils_erp_next_seq_num =
10758 nla_get_u16(
10759 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10760 connect.fils_erp_rrk =
10761 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10762 connect.fils_erp_rrk_len =
10763 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10764 changed |= UPDATE_FILS_ERP_INFO;
10765 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10766 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10767 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10768 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10769 return -EINVAL;
10770 }
10771
10772 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10773 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10774 if (!nl80211_valid_auth_type(rdev, auth_type,
10775 NL80211_CMD_CONNECT))
10776 return -EINVAL;
10777
10778 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
10779 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
10780 return -EINVAL;
10781
10782 connect.auth_type = auth_type;
10783 changed |= UPDATE_AUTH_TYPE;
10784 }
10785
10786 wdev_lock(dev->ieee80211_ptr);
10787 if (!wdev->current_bss)
10788 ret = -ENOLINK;
10789 else
10790 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
10791 wdev_unlock(dev->ieee80211_ptr);
10792
10793 return ret;
10794}
10795
10796static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
10797{
10798 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10799 struct net_device *dev = info->user_ptr[1];
10800 u16 reason;
10801 int ret;
10802
10803 if (dev->ieee80211_ptr->conn_owner_nlportid &&
10804 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10805 return -EPERM;
10806
10807 if (!info->attrs[NL80211_ATTR_REASON_CODE])
10808 reason = WLAN_REASON_DEAUTH_LEAVING;
10809 else
10810 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10811
10812 if (reason == 0)
10813 return -EINVAL;
10814
10815 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10816 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10817 return -EOPNOTSUPP;
10818
10819 wdev_lock(dev->ieee80211_ptr);
10820 ret = cfg80211_disconnect(rdev, dev, reason, true);
10821 wdev_unlock(dev->ieee80211_ptr);
10822 return ret;
10823}
10824
10825static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
10826{
10827 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10828 struct net *net;
10829 int err;
10830
10831 if (info->attrs[NL80211_ATTR_PID]) {
10832 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
10833
10834 net = get_net_ns_by_pid(pid);
10835 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
10836 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
10837
10838 net = get_net_ns_by_fd(fd);
10839 } else {
10840 return -EINVAL;
10841 }
10842
10843 if (IS_ERR(net))
10844 return PTR_ERR(net);
10845
10846 err = 0;
10847
10848 /* check if anything to do */
10849 if (!net_eq(wiphy_net(&rdev->wiphy), net))
10850 err = cfg80211_switch_netns(rdev, net);
10851
10852 put_net(net);
10853 return err;
10854}
10855
10856static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
10857{
10858 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10859 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
10860 struct cfg80211_pmksa *pmksa) = NULL;
10861 struct net_device *dev = info->user_ptr[1];
10862 struct cfg80211_pmksa pmksa;
10863
10864 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
10865
10866 if (!info->attrs[NL80211_ATTR_PMKID])
10867 return -EINVAL;
10868
10869 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
10870
10871 if (info->attrs[NL80211_ATTR_MAC]) {
10872 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10873 } else if (info->attrs[NL80211_ATTR_SSID] &&
10874 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
10875 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
10876 info->attrs[NL80211_ATTR_PMK])) {
10877 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10878 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10879 pmksa.cache_id =
10880 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
10881 } else {
10882 return -EINVAL;
10883 }
10884 if (info->attrs[NL80211_ATTR_PMK]) {
10885 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
10886 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
10887 }
10888
10889 if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
10890 pmksa.pmk_lifetime =
10891 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
10892
10893 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
10894 pmksa.pmk_reauth_threshold =
10895 nla_get_u8(
10896 info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
10897
10898 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10899 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
10900 !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
10901 wiphy_ext_feature_isset(&rdev->wiphy,
10902 NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
10903 return -EOPNOTSUPP;
10904
10905 switch (info->genlhdr->cmd) {
10906 case NL80211_CMD_SET_PMKSA:
10907 rdev_ops = rdev->ops->set_pmksa;
10908 break;
10909 case NL80211_CMD_DEL_PMKSA:
10910 rdev_ops = rdev->ops->del_pmksa;
10911 break;
10912 default:
10913 WARN_ON(1);
10914 break;
10915 }
10916
10917 if (!rdev_ops)
10918 return -EOPNOTSUPP;
10919
10920 return rdev_ops(&rdev->wiphy, dev, &pmksa);
10921}
10922
10923static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
10924{
10925 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10926 struct net_device *dev = info->user_ptr[1];
10927
10928 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10929 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10930 return -EOPNOTSUPP;
10931
10932 if (!rdev->ops->flush_pmksa)
10933 return -EOPNOTSUPP;
10934
10935 return rdev_flush_pmksa(rdev, dev);
10936}
10937
10938static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
10939{
10940 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10941 struct net_device *dev = info->user_ptr[1];
10942 u8 action_code, dialog_token;
10943 u32 peer_capability = 0;
10944 u16 status_code;
10945 u8 *peer;
10946 bool initiator;
10947
10948 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10949 !rdev->ops->tdls_mgmt)
10950 return -EOPNOTSUPP;
10951
10952 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
10953 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
10954 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
10955 !info->attrs[NL80211_ATTR_IE] ||
10956 !info->attrs[NL80211_ATTR_MAC])
10957 return -EINVAL;
10958
10959 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10960 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
10961 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
10962 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
10963 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
10964 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
10965 peer_capability =
10966 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
10967
10968 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
10969 dialog_token, status_code, peer_capability,
10970 initiator,
10971 nla_data(info->attrs[NL80211_ATTR_IE]),
10972 nla_len(info->attrs[NL80211_ATTR_IE]));
10973}
10974
10975static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
10976{
10977 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10978 struct net_device *dev = info->user_ptr[1];
10979 enum nl80211_tdls_operation operation;
10980 u8 *peer;
10981
10982 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10983 !rdev->ops->tdls_oper)
10984 return -EOPNOTSUPP;
10985
10986 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
10987 !info->attrs[NL80211_ATTR_MAC])
10988 return -EINVAL;
10989
10990 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
10991 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10992
10993 return rdev_tdls_oper(rdev, dev, peer, operation);
10994}
10995
10996static int nl80211_remain_on_channel(struct sk_buff *skb,
10997 struct genl_info *info)
10998{
10999 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11000 struct wireless_dev *wdev = info->user_ptr[1];
11001 struct cfg80211_chan_def chandef;
11002 const struct cfg80211_chan_def *compat_chandef;
11003 struct sk_buff *msg;
11004 void *hdr;
11005 u64 cookie;
11006 u32 duration;
11007 int err;
11008
11009 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
11010 !info->attrs[NL80211_ATTR_DURATION])
11011 return -EINVAL;
11012
11013 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
11014
11015 if (!rdev->ops->remain_on_channel ||
11016 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
11017 return -EOPNOTSUPP;
11018
11019 /*
11020 * We should be on that channel for at least a minimum amount of
11021 * time (10ms) but no longer than the driver supports.
11022 */
11023 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
11024 duration > rdev->wiphy.max_remain_on_channel_duration)
11025 return -EINVAL;
11026
11027 err = nl80211_parse_chandef(rdev, info, &chandef);
11028 if (err)
11029 return err;
11030
11031 wdev_lock(wdev);
11032 if (!cfg80211_off_channel_oper_allowed(wdev) &&
11033 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
11034 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
11035 &chandef);
11036 if (compat_chandef != &chandef) {
11037 wdev_unlock(wdev);
11038 return -EBUSY;
11039 }
11040 }
11041 wdev_unlock(wdev);
11042
11043 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11044 if (!msg)
11045 return -ENOMEM;
11046
11047 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11048 NL80211_CMD_REMAIN_ON_CHANNEL);
11049 if (!hdr) {
11050 err = -ENOBUFS;
11051 goto free_msg;
11052 }
11053
11054 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
11055 duration, &cookie);
11056
11057 if (err)
11058 goto free_msg;
11059
11060 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11061 NL80211_ATTR_PAD))
11062 goto nla_put_failure;
11063
11064 genlmsg_end(msg, hdr);
11065
11066 return genlmsg_reply(msg, info);
11067
11068 nla_put_failure:
11069 err = -ENOBUFS;
11070 free_msg:
11071 nlmsg_free(msg);
11072 return err;
11073}
11074
11075static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
11076 struct genl_info *info)
11077{
11078 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11079 struct wireless_dev *wdev = info->user_ptr[1];
11080 u64 cookie;
11081
11082 if (!info->attrs[NL80211_ATTR_COOKIE])
11083 return -EINVAL;
11084
11085 if (!rdev->ops->cancel_remain_on_channel)
11086 return -EOPNOTSUPP;
11087
11088 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11089
11090 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
11091}
11092
11093static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
11094 struct genl_info *info)
11095{
11096 struct cfg80211_bitrate_mask mask;
11097 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11098 struct net_device *dev = info->user_ptr[1];
11099 struct wireless_dev *wdev = dev->ieee80211_ptr;
11100 int err;
11101
11102 if (!rdev->ops->set_bitrate_mask)
11103 return -EOPNOTSUPP;
11104
11105 wdev_lock(wdev);
11106 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
11107 NL80211_ATTR_TX_RATES, &mask,
11108 dev);
11109 if (err)
11110 goto out;
11111
11112 err = rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
11113out:
11114 wdev_unlock(wdev);
11115 return err;
11116}
11117
11118static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
11119{
11120 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11121 struct wireless_dev *wdev = info->user_ptr[1];
11122 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
11123
11124 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
11125 return -EINVAL;
11126
11127 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
11128 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
11129
11130 switch (wdev->iftype) {
11131 case NL80211_IFTYPE_STATION:
11132 case NL80211_IFTYPE_ADHOC:
11133 case NL80211_IFTYPE_P2P_CLIENT:
11134 case NL80211_IFTYPE_AP:
11135 case NL80211_IFTYPE_AP_VLAN:
11136 case NL80211_IFTYPE_MESH_POINT:
11137 case NL80211_IFTYPE_P2P_GO:
11138 case NL80211_IFTYPE_P2P_DEVICE:
11139 break;
11140 case NL80211_IFTYPE_NAN:
11141 default:
11142 return -EOPNOTSUPP;
11143 }
11144
11145 /* not much point in registering if we can't reply */
11146 if (!rdev->ops->mgmt_tx)
11147 return -EOPNOTSUPP;
11148
11149 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
11150 !wiphy_ext_feature_isset(&rdev->wiphy,
11151 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
11152 GENL_SET_ERR_MSG(info,
11153 "multicast RX registrations are not supported");
11154 return -EOPNOTSUPP;
11155 }
11156
11157 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
11158 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
11159 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
11160 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
11161 info->extack);
11162}
11163
11164static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
11165{
11166 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11167 struct wireless_dev *wdev = info->user_ptr[1];
11168 struct cfg80211_chan_def chandef;
11169 int err;
11170 void *hdr = NULL;
11171 u64 cookie;
11172 struct sk_buff *msg = NULL;
11173 struct cfg80211_mgmt_tx_params params = {
11174 .dont_wait_for_ack =
11175 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
11176 };
11177
11178 if (!info->attrs[NL80211_ATTR_FRAME])
11179 return -EINVAL;
11180
11181 if (!rdev->ops->mgmt_tx)
11182 return -EOPNOTSUPP;
11183
11184 switch (wdev->iftype) {
11185 case NL80211_IFTYPE_P2P_DEVICE:
11186 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
11187 return -EINVAL;
11188 case NL80211_IFTYPE_STATION:
11189 case NL80211_IFTYPE_ADHOC:
11190 case NL80211_IFTYPE_P2P_CLIENT:
11191 case NL80211_IFTYPE_AP:
11192 case NL80211_IFTYPE_AP_VLAN:
11193 case NL80211_IFTYPE_MESH_POINT:
11194 case NL80211_IFTYPE_P2P_GO:
11195 break;
11196 case NL80211_IFTYPE_NAN:
11197 default:
11198 return -EOPNOTSUPP;
11199 }
11200
11201 if (info->attrs[NL80211_ATTR_DURATION]) {
11202 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
11203 return -EINVAL;
11204 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
11205
11206 /*
11207 * We should wait on the channel for at least a minimum amount
11208 * of time (10ms) but no longer than the driver supports.
11209 */
11210 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
11211 params.wait > rdev->wiphy.max_remain_on_channel_duration)
11212 return -EINVAL;
11213 }
11214
11215 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
11216
11217 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
11218 return -EINVAL;
11219
11220 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
11221
11222 /* get the channel if any has been specified, otherwise pass NULL to
11223 * the driver. The latter will use the current one
11224 */
11225 chandef.chan = NULL;
11226 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11227 err = nl80211_parse_chandef(rdev, info, &chandef);
11228 if (err)
11229 return err;
11230 }
11231
11232 if (!chandef.chan && params.offchan)
11233 return -EINVAL;
11234
11235 wdev_lock(wdev);
11236 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
11237 wdev_unlock(wdev);
11238 return -EBUSY;
11239 }
11240 wdev_unlock(wdev);
11241
11242 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
11243 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
11244
11245 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
11246 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
11247 int i;
11248
11249 if (len % sizeof(u16))
11250 return -EINVAL;
11251
11252 params.n_csa_offsets = len / sizeof(u16);
11253 params.csa_offsets =
11254 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
11255
11256 /* check that all the offsets fit the frame */
11257 for (i = 0; i < params.n_csa_offsets; i++) {
11258 if (params.csa_offsets[i] >= params.len)
11259 return -EINVAL;
11260 }
11261 }
11262
11263 if (!params.dont_wait_for_ack) {
11264 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11265 if (!msg)
11266 return -ENOMEM;
11267
11268 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11269 NL80211_CMD_FRAME);
11270 if (!hdr) {
11271 err = -ENOBUFS;
11272 goto free_msg;
11273 }
11274 }
11275
11276 params.chan = chandef.chan;
11277 err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
11278 if (err)
11279 goto free_msg;
11280
11281 if (msg) {
11282 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11283 NL80211_ATTR_PAD))
11284 goto nla_put_failure;
11285
11286 genlmsg_end(msg, hdr);
11287 return genlmsg_reply(msg, info);
11288 }
11289
11290 return 0;
11291
11292 nla_put_failure:
11293 err = -ENOBUFS;
11294 free_msg:
11295 nlmsg_free(msg);
11296 return err;
11297}
11298
11299static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
11300{
11301 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11302 struct wireless_dev *wdev = info->user_ptr[1];
11303 u64 cookie;
11304
11305 if (!info->attrs[NL80211_ATTR_COOKIE])
11306 return -EINVAL;
11307
11308 if (!rdev->ops->mgmt_tx_cancel_wait)
11309 return -EOPNOTSUPP;
11310
11311 switch (wdev->iftype) {
11312 case NL80211_IFTYPE_STATION:
11313 case NL80211_IFTYPE_ADHOC:
11314 case NL80211_IFTYPE_P2P_CLIENT:
11315 case NL80211_IFTYPE_AP:
11316 case NL80211_IFTYPE_AP_VLAN:
11317 case NL80211_IFTYPE_P2P_GO:
11318 case NL80211_IFTYPE_P2P_DEVICE:
11319 break;
11320 case NL80211_IFTYPE_NAN:
11321 default:
11322 return -EOPNOTSUPP;
11323 }
11324
11325 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11326
11327 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
11328}
11329
11330static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
11331{
11332 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11333 struct wireless_dev *wdev;
11334 struct net_device *dev = info->user_ptr[1];
11335 u8 ps_state;
11336 bool state;
11337 int err;
11338
11339 if (!info->attrs[NL80211_ATTR_PS_STATE])
11340 return -EINVAL;
11341
11342 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
11343
11344 wdev = dev->ieee80211_ptr;
11345
11346 if (!rdev->ops->set_power_mgmt)
11347 return -EOPNOTSUPP;
11348
11349 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
11350
11351 if (state == wdev->ps)
11352 return 0;
11353
11354 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
11355 if (!err)
11356 wdev->ps = state;
11357 return err;
11358}
11359
11360static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
11361{
11362 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11363 enum nl80211_ps_state ps_state;
11364 struct wireless_dev *wdev;
11365 struct net_device *dev = info->user_ptr[1];
11366 struct sk_buff *msg;
11367 void *hdr;
11368 int err;
11369
11370 wdev = dev->ieee80211_ptr;
11371
11372 if (!rdev->ops->set_power_mgmt)
11373 return -EOPNOTSUPP;
11374
11375 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11376 if (!msg)
11377 return -ENOMEM;
11378
11379 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11380 NL80211_CMD_GET_POWER_SAVE);
11381 if (!hdr) {
11382 err = -ENOBUFS;
11383 goto free_msg;
11384 }
11385
11386 if (wdev->ps)
11387 ps_state = NL80211_PS_ENABLED;
11388 else
11389 ps_state = NL80211_PS_DISABLED;
11390
11391 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
11392 goto nla_put_failure;
11393
11394 genlmsg_end(msg, hdr);
11395 return genlmsg_reply(msg, info);
11396
11397 nla_put_failure:
11398 err = -ENOBUFS;
11399 free_msg:
11400 nlmsg_free(msg);
11401 return err;
11402}
11403
11404static const struct nla_policy
11405nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
11406 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
11407 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
11408 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
11409 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
11410 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
11411 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
11412 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
11413};
11414
11415static int nl80211_set_cqm_txe(struct genl_info *info,
11416 u32 rate, u32 pkts, u32 intvl)
11417{
11418 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11419 struct net_device *dev = info->user_ptr[1];
11420 struct wireless_dev *wdev = dev->ieee80211_ptr;
11421
11422 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
11423 return -EINVAL;
11424
11425 if (!rdev->ops->set_cqm_txe_config)
11426 return -EOPNOTSUPP;
11427
11428 if (wdev->iftype != NL80211_IFTYPE_STATION &&
11429 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11430 return -EOPNOTSUPP;
11431
11432 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
11433}
11434
11435static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
11436 struct net_device *dev)
11437{
11438 struct wireless_dev *wdev = dev->ieee80211_ptr;
11439 s32 last, low, high;
11440 u32 hyst;
11441 int i, n, low_index;
11442 int err;
11443
11444 /* RSSI reporting disabled? */
11445 if (!wdev->cqm_config)
11446 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
11447
11448 /*
11449 * Obtain current RSSI value if possible, if not and no RSSI threshold
11450 * event has been received yet, we should receive an event after a
11451 * connection is established and enough beacons received to calculate
11452 * the average.
11453 */
11454 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
11455 rdev->ops->get_station) {
11456 struct station_info sinfo = {};
11457 u8 *mac_addr;
11458
11459 mac_addr = wdev->current_bss->pub.bssid;
11460
11461 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
11462 if (err)
11463 return err;
11464
11465 cfg80211_sinfo_release_content(&sinfo);
11466 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
11467 wdev->cqm_config->last_rssi_event_value =
11468 (s8) sinfo.rx_beacon_signal_avg;
11469 }
11470
11471 last = wdev->cqm_config->last_rssi_event_value;
11472 hyst = wdev->cqm_config->rssi_hyst;
11473 n = wdev->cqm_config->n_rssi_thresholds;
11474
11475 for (i = 0; i < n; i++) {
11476 i = array_index_nospec(i, n);
11477 if (last < wdev->cqm_config->rssi_thresholds[i])
11478 break;
11479 }
11480
11481 low_index = i - 1;
11482 if (low_index >= 0) {
11483 low_index = array_index_nospec(low_index, n);
11484 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
11485 } else {
11486 low = S32_MIN;
11487 }
11488 if (i < n) {
11489 i = array_index_nospec(i, n);
11490 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
11491 } else {
11492 high = S32_MAX;
11493 }
11494
11495 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
11496}
11497
11498static int nl80211_set_cqm_rssi(struct genl_info *info,
11499 const s32 *thresholds, int n_thresholds,
11500 u32 hysteresis)
11501{
11502 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11503 struct net_device *dev = info->user_ptr[1];
11504 struct wireless_dev *wdev = dev->ieee80211_ptr;
11505 int i, err;
11506 s32 prev = S32_MIN;
11507
11508 /* Check all values negative and sorted */
11509 for (i = 0; i < n_thresholds; i++) {
11510 if (thresholds[i] > 0 || thresholds[i] <= prev)
11511 return -EINVAL;
11512
11513 prev = thresholds[i];
11514 }
11515
11516 if (wdev->iftype != NL80211_IFTYPE_STATION &&
11517 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11518 return -EOPNOTSUPP;
11519
11520 wdev_lock(wdev);
11521 cfg80211_cqm_config_free(wdev);
11522 wdev_unlock(wdev);
11523
11524 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
11525 if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
11526 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
11527
11528 return rdev_set_cqm_rssi_config(rdev, dev,
11529 thresholds[0], hysteresis);
11530 }
11531
11532 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11533 NL80211_EXT_FEATURE_CQM_RSSI_LIST))
11534 return -EOPNOTSUPP;
11535
11536 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
11537 n_thresholds = 0;
11538
11539 wdev_lock(wdev);
11540 if (n_thresholds) {
11541 struct cfg80211_cqm_config *cqm_config;
11542
11543 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
11544 n_thresholds * sizeof(s32), GFP_KERNEL);
11545 if (!cqm_config) {
11546 err = -ENOMEM;
11547 goto unlock;
11548 }
11549
11550 cqm_config->rssi_hyst = hysteresis;
11551 cqm_config->n_rssi_thresholds = n_thresholds;
11552 memcpy(cqm_config->rssi_thresholds, thresholds,
11553 n_thresholds * sizeof(s32));
11554
11555 wdev->cqm_config = cqm_config;
11556 }
11557
11558 err = cfg80211_cqm_rssi_update(rdev, dev);
11559
11560unlock:
11561 wdev_unlock(wdev);
11562
11563 return err;
11564}
11565
11566static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
11567{
11568 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
11569 struct nlattr *cqm;
11570 int err;
11571
11572 cqm = info->attrs[NL80211_ATTR_CQM];
11573 if (!cqm)
11574 return -EINVAL;
11575
11576 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
11577 nl80211_attr_cqm_policy,
11578 info->extack);
11579 if (err)
11580 return err;
11581
11582 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
11583 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
11584 const s32 *thresholds =
11585 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11586 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11587 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
11588
11589 if (len % 4)
11590 return -EINVAL;
11591
11592 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
11593 hysteresis);
11594 }
11595
11596 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
11597 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
11598 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
11599 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
11600 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
11601 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
11602
11603 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
11604 }
11605
11606 return -EINVAL;
11607}
11608
11609static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
11610{
11611 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11612 struct net_device *dev = info->user_ptr[1];
11613 struct ocb_setup setup = {};
11614 int err;
11615
11616 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11617 if (err)
11618 return err;
11619
11620 return cfg80211_join_ocb(rdev, dev, &setup);
11621}
11622
11623static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
11624{
11625 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11626 struct net_device *dev = info->user_ptr[1];
11627
11628 return cfg80211_leave_ocb(rdev, dev);
11629}
11630
11631static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
11632{
11633 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11634 struct net_device *dev = info->user_ptr[1];
11635 struct mesh_config cfg;
11636 struct mesh_setup setup;
11637 int err;
11638
11639 /* start with default */
11640 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
11641 memcpy(&setup, &default_mesh_setup, sizeof(setup));
11642
11643 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
11644 /* and parse parameters if given */
11645 err = nl80211_parse_mesh_config(info, &cfg, NULL);
11646 if (err)
11647 return err;
11648 }
11649
11650 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
11651 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
11652 return -EINVAL;
11653
11654 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
11655 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
11656
11657 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11658 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
11659 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11660 return -EINVAL;
11661
11662 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
11663 setup.beacon_interval =
11664 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11665
11666 err = cfg80211_validate_beacon_int(rdev,
11667 NL80211_IFTYPE_MESH_POINT,
11668 setup.beacon_interval);
11669 if (err)
11670 return err;
11671 }
11672
11673 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
11674 setup.dtim_period =
11675 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
11676 if (setup.dtim_period < 1 || setup.dtim_period > 100)
11677 return -EINVAL;
11678 }
11679
11680 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
11681 /* parse additional setup parameters if given */
11682 err = nl80211_parse_mesh_setup(info, &setup);
11683 if (err)
11684 return err;
11685 }
11686
11687 if (setup.user_mpm)
11688 cfg.auto_open_plinks = false;
11689
11690 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11691 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11692 if (err)
11693 return err;
11694 } else {
11695 /* __cfg80211_join_mesh() will sort it out */
11696 setup.chandef.chan = NULL;
11697 }
11698
11699 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11700 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11701 int n_rates =
11702 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11703 struct ieee80211_supported_band *sband;
11704
11705 if (!setup.chandef.chan)
11706 return -EINVAL;
11707
11708 sband = rdev->wiphy.bands[setup.chandef.chan->band];
11709
11710 err = ieee80211_get_ratemask(sband, rates, n_rates,
11711 &setup.basic_rates);
11712 if (err)
11713 return err;
11714 }
11715
11716 if (info->attrs[NL80211_ATTR_TX_RATES]) {
11717 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
11718 NL80211_ATTR_TX_RATES,
11719 &setup.beacon_rate,
11720 dev);
11721 if (err)
11722 return err;
11723
11724 if (!setup.chandef.chan)
11725 return -EINVAL;
11726
11727 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
11728 &setup.beacon_rate);
11729 if (err)
11730 return err;
11731 }
11732
11733 setup.userspace_handles_dfs =
11734 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11735
11736 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11737 int r = validate_pae_over_nl80211(rdev, info);
11738
11739 if (r < 0)
11740 return r;
11741
11742 setup.control_port_over_nl80211 = true;
11743 }
11744
11745 wdev_lock(dev->ieee80211_ptr);
11746 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
11747 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
11748 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11749 wdev_unlock(dev->ieee80211_ptr);
11750
11751 return err;
11752}
11753
11754static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
11755{
11756 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11757 struct net_device *dev = info->user_ptr[1];
11758
11759 return cfg80211_leave_mesh(rdev, dev);
11760}
11761
11762#ifdef CONFIG_PM
11763static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
11764 struct cfg80211_registered_device *rdev)
11765{
11766 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
11767 struct nlattr *nl_pats, *nl_pat;
11768 int i, pat_len;
11769
11770 if (!wowlan->n_patterns)
11771 return 0;
11772
11773 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
11774 if (!nl_pats)
11775 return -ENOBUFS;
11776
11777 for (i = 0; i < wowlan->n_patterns; i++) {
11778 nl_pat = nla_nest_start_noflag(msg, i + 1);
11779 if (!nl_pat)
11780 return -ENOBUFS;
11781 pat_len = wowlan->patterns[i].pattern_len;
11782 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
11783 wowlan->patterns[i].mask) ||
11784 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11785 wowlan->patterns[i].pattern) ||
11786 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11787 wowlan->patterns[i].pkt_offset))
11788 return -ENOBUFS;
11789 nla_nest_end(msg, nl_pat);
11790 }
11791 nla_nest_end(msg, nl_pats);
11792
11793 return 0;
11794}
11795
11796static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
11797 struct cfg80211_wowlan_tcp *tcp)
11798{
11799 struct nlattr *nl_tcp;
11800
11801 if (!tcp)
11802 return 0;
11803
11804 nl_tcp = nla_nest_start_noflag(msg,
11805 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
11806 if (!nl_tcp)
11807 return -ENOBUFS;
11808
11809 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
11810 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
11811 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
11812 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
11813 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
11814 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
11815 tcp->payload_len, tcp->payload) ||
11816 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
11817 tcp->data_interval) ||
11818 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
11819 tcp->wake_len, tcp->wake_data) ||
11820 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
11821 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
11822 return -ENOBUFS;
11823
11824 if (tcp->payload_seq.len &&
11825 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
11826 sizeof(tcp->payload_seq), &tcp->payload_seq))
11827 return -ENOBUFS;
11828
11829 if (tcp->payload_tok.len &&
11830 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
11831 sizeof(tcp->payload_tok) + tcp->tokens_size,
11832 &tcp->payload_tok))
11833 return -ENOBUFS;
11834
11835 nla_nest_end(msg, nl_tcp);
11836
11837 return 0;
11838}
11839
11840static int nl80211_send_wowlan_nd(struct sk_buff *msg,
11841 struct cfg80211_sched_scan_request *req)
11842{
11843 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
11844 int i;
11845
11846 if (!req)
11847 return 0;
11848
11849 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
11850 if (!nd)
11851 return -ENOBUFS;
11852
11853 if (req->n_scan_plans == 1 &&
11854 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
11855 req->scan_plans[0].interval * 1000))
11856 return -ENOBUFS;
11857
11858 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
11859 return -ENOBUFS;
11860
11861 if (req->relative_rssi_set) {
11862 struct nl80211_bss_select_rssi_adjust rssi_adjust;
11863
11864 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
11865 req->relative_rssi))
11866 return -ENOBUFS;
11867
11868 rssi_adjust.band = req->rssi_adjust.band;
11869 rssi_adjust.delta = req->rssi_adjust.delta;
11870 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
11871 sizeof(rssi_adjust), &rssi_adjust))
11872 return -ENOBUFS;
11873 }
11874
11875 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11876 if (!freqs)
11877 return -ENOBUFS;
11878
11879 for (i = 0; i < req->n_channels; i++) {
11880 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11881 return -ENOBUFS;
11882 }
11883
11884 nla_nest_end(msg, freqs);
11885
11886 if (req->n_match_sets) {
11887 matches = nla_nest_start_noflag(msg,
11888 NL80211_ATTR_SCHED_SCAN_MATCH);
11889 if (!matches)
11890 return -ENOBUFS;
11891
11892 for (i = 0; i < req->n_match_sets; i++) {
11893 match = nla_nest_start_noflag(msg, i);
11894 if (!match)
11895 return -ENOBUFS;
11896
11897 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
11898 req->match_sets[i].ssid.ssid_len,
11899 req->match_sets[i].ssid.ssid))
11900 return -ENOBUFS;
11901 nla_nest_end(msg, match);
11902 }
11903 nla_nest_end(msg, matches);
11904 }
11905
11906 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
11907 if (!scan_plans)
11908 return -ENOBUFS;
11909
11910 for (i = 0; i < req->n_scan_plans; i++) {
11911 scan_plan = nla_nest_start_noflag(msg, i + 1);
11912 if (!scan_plan)
11913 return -ENOBUFS;
11914
11915 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
11916 req->scan_plans[i].interval) ||
11917 (req->scan_plans[i].iterations &&
11918 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
11919 req->scan_plans[i].iterations)))
11920 return -ENOBUFS;
11921 nla_nest_end(msg, scan_plan);
11922 }
11923 nla_nest_end(msg, scan_plans);
11924
11925 nla_nest_end(msg, nd);
11926
11927 return 0;
11928}
11929
11930static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
11931{
11932 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11933 struct sk_buff *msg;
11934 void *hdr;
11935 u32 size = NLMSG_DEFAULT_SIZE;
11936
11937 if (!rdev->wiphy.wowlan)
11938 return -EOPNOTSUPP;
11939
11940 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
11941 /* adjust size to have room for all the data */
11942 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
11943 rdev->wiphy.wowlan_config->tcp->payload_len +
11944 rdev->wiphy.wowlan_config->tcp->wake_len +
11945 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
11946 }
11947
11948 msg = nlmsg_new(size, GFP_KERNEL);
11949 if (!msg)
11950 return -ENOMEM;
11951
11952 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11953 NL80211_CMD_GET_WOWLAN);
11954 if (!hdr)
11955 goto nla_put_failure;
11956
11957 if (rdev->wiphy.wowlan_config) {
11958 struct nlattr *nl_wowlan;
11959
11960 nl_wowlan = nla_nest_start_noflag(msg,
11961 NL80211_ATTR_WOWLAN_TRIGGERS);
11962 if (!nl_wowlan)
11963 goto nla_put_failure;
11964
11965 if ((rdev->wiphy.wowlan_config->any &&
11966 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
11967 (rdev->wiphy.wowlan_config->disconnect &&
11968 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
11969 (rdev->wiphy.wowlan_config->magic_pkt &&
11970 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
11971 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
11972 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
11973 (rdev->wiphy.wowlan_config->eap_identity_req &&
11974 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
11975 (rdev->wiphy.wowlan_config->four_way_handshake &&
11976 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
11977 (rdev->wiphy.wowlan_config->rfkill_release &&
11978 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
11979 goto nla_put_failure;
11980
11981 if (nl80211_send_wowlan_patterns(msg, rdev))
11982 goto nla_put_failure;
11983
11984 if (nl80211_send_wowlan_tcp(msg,
11985 rdev->wiphy.wowlan_config->tcp))
11986 goto nla_put_failure;
11987
11988 if (nl80211_send_wowlan_nd(
11989 msg,
11990 rdev->wiphy.wowlan_config->nd_config))
11991 goto nla_put_failure;
11992
11993 nla_nest_end(msg, nl_wowlan);
11994 }
11995
11996 genlmsg_end(msg, hdr);
11997 return genlmsg_reply(msg, info);
11998
11999nla_put_failure:
12000 nlmsg_free(msg);
12001 return -ENOBUFS;
12002}
12003
12004static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
12005 struct nlattr *attr,
12006 struct cfg80211_wowlan *trig)
12007{
12008 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
12009 struct cfg80211_wowlan_tcp *cfg;
12010 struct nl80211_wowlan_tcp_data_token *tok = NULL;
12011 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
12012 u32 size;
12013 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
12014 int err, port;
12015
12016 if (!rdev->wiphy.wowlan->tcp)
12017 return -EINVAL;
12018
12019 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
12020 nl80211_wowlan_tcp_policy, NULL);
12021 if (err)
12022 return err;
12023
12024 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
12025 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
12026 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
12027 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
12028 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
12029 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
12030 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
12031 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
12032 return -EINVAL;
12033
12034 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
12035 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
12036 return -EINVAL;
12037
12038 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
12039 rdev->wiphy.wowlan->tcp->data_interval_max ||
12040 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
12041 return -EINVAL;
12042
12043 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
12044 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
12045 return -EINVAL;
12046
12047 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
12048 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
12049 return -EINVAL;
12050
12051 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
12052 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
12053
12054 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
12055 tokens_size = tokln - sizeof(*tok);
12056
12057 if (!tok->len || tokens_size % tok->len)
12058 return -EINVAL;
12059 if (!rdev->wiphy.wowlan->tcp->tok)
12060 return -EINVAL;
12061 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
12062 return -EINVAL;
12063 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
12064 return -EINVAL;
12065 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
12066 return -EINVAL;
12067 if (tok->offset + tok->len > data_size)
12068 return -EINVAL;
12069 }
12070
12071 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
12072 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
12073 if (!rdev->wiphy.wowlan->tcp->seq)
12074 return -EINVAL;
12075 if (seq->len == 0 || seq->len > 4)
12076 return -EINVAL;
12077 if (seq->len + seq->offset > data_size)
12078 return -EINVAL;
12079 }
12080
12081 size = sizeof(*cfg);
12082 size += data_size;
12083 size += wake_size + wake_mask_size;
12084 size += tokens_size;
12085
12086 cfg = kzalloc(size, GFP_KERNEL);
12087 if (!cfg)
12088 return -ENOMEM;
12089 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
12090 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
12091 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
12092 ETH_ALEN);
12093 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
12094 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
12095 else
12096 port = 0;
12097#ifdef CONFIG_INET
12098 /* allocate a socket and port for it and use it */
12099 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
12100 IPPROTO_TCP, &cfg->sock, 1);
12101 if (err) {
12102 kfree(cfg);
12103 return err;
12104 }
12105 if (inet_csk_get_port(cfg->sock->sk, port)) {
12106 sock_release(cfg->sock);
12107 kfree(cfg);
12108 return -EADDRINUSE;
12109 }
12110 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
12111#else
12112 if (!port) {
12113 kfree(cfg);
12114 return -EINVAL;
12115 }
12116 cfg->src_port = port;
12117#endif
12118
12119 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
12120 cfg->payload_len = data_size;
12121 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
12122 memcpy((void *)cfg->payload,
12123 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
12124 data_size);
12125 if (seq)
12126 cfg->payload_seq = *seq;
12127 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
12128 cfg->wake_len = wake_size;
12129 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
12130 memcpy((void *)cfg->wake_data,
12131 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
12132 wake_size);
12133 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
12134 data_size + wake_size;
12135 memcpy((void *)cfg->wake_mask,
12136 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
12137 wake_mask_size);
12138 if (tok) {
12139 cfg->tokens_size = tokens_size;
12140 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
12141 }
12142
12143 trig->tcp = cfg;
12144
12145 return 0;
12146}
12147
12148static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
12149 const struct wiphy_wowlan_support *wowlan,
12150 struct nlattr *attr,
12151 struct cfg80211_wowlan *trig)
12152{
12153 struct nlattr **tb;
12154 int err;
12155
12156 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
12157 if (!tb)
12158 return -ENOMEM;
12159
12160 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
12161 err = -EOPNOTSUPP;
12162 goto out;
12163 }
12164
12165 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
12166 nl80211_policy, NULL);
12167 if (err)
12168 goto out;
12169
12170 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
12171 wowlan->max_nd_match_sets);
12172 err = PTR_ERR_OR_ZERO(trig->nd_config);
12173 if (err)
12174 trig->nd_config = NULL;
12175
12176out:
12177 kfree(tb);
12178 return err;
12179}
12180
12181static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
12182{
12183 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12184 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
12185 struct cfg80211_wowlan new_triggers = {};
12186 struct cfg80211_wowlan *ntrig;
12187 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
12188 int err, i;
12189 bool prev_enabled = rdev->wiphy.wowlan_config;
12190 bool regular = false;
12191
12192 if (!wowlan)
12193 return -EOPNOTSUPP;
12194
12195 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
12196 cfg80211_rdev_free_wowlan(rdev);
12197 rdev->wiphy.wowlan_config = NULL;
12198 goto set_wakeup;
12199 }
12200
12201 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
12202 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
12203 nl80211_wowlan_policy, info->extack);
12204 if (err)
12205 return err;
12206
12207 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
12208 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
12209 return -EINVAL;
12210 new_triggers.any = true;
12211 }
12212
12213 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
12214 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
12215 return -EINVAL;
12216 new_triggers.disconnect = true;
12217 regular = true;
12218 }
12219
12220 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
12221 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
12222 return -EINVAL;
12223 new_triggers.magic_pkt = true;
12224 regular = true;
12225 }
12226
12227 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
12228 return -EINVAL;
12229
12230 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
12231 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
12232 return -EINVAL;
12233 new_triggers.gtk_rekey_failure = true;
12234 regular = true;
12235 }
12236
12237 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
12238 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
12239 return -EINVAL;
12240 new_triggers.eap_identity_req = true;
12241 regular = true;
12242 }
12243
12244 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
12245 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
12246 return -EINVAL;
12247 new_triggers.four_way_handshake = true;
12248 regular = true;
12249 }
12250
12251 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
12252 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
12253 return -EINVAL;
12254 new_triggers.rfkill_release = true;
12255 regular = true;
12256 }
12257
12258 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
12259 struct nlattr *pat;
12260 int n_patterns = 0;
12261 int rem, pat_len, mask_len, pkt_offset;
12262 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
12263
12264 regular = true;
12265
12266 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
12267 rem)
12268 n_patterns++;
12269 if (n_patterns > wowlan->n_patterns)
12270 return -EINVAL;
12271
12272 new_triggers.patterns = kcalloc(n_patterns,
12273 sizeof(new_triggers.patterns[0]),
12274 GFP_KERNEL);
12275 if (!new_triggers.patterns)
12276 return -ENOMEM;
12277
12278 new_triggers.n_patterns = n_patterns;
12279 i = 0;
12280
12281 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
12282 rem) {
12283 u8 *mask_pat;
12284
12285 err = nla_parse_nested_deprecated(pat_tb,
12286 MAX_NL80211_PKTPAT,
12287 pat,
12288 nl80211_packet_pattern_policy,
12289 info->extack);
12290 if (err)
12291 goto error;
12292
12293 err = -EINVAL;
12294 if (!pat_tb[NL80211_PKTPAT_MASK] ||
12295 !pat_tb[NL80211_PKTPAT_PATTERN])
12296 goto error;
12297 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
12298 mask_len = DIV_ROUND_UP(pat_len, 8);
12299 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
12300 goto error;
12301 if (pat_len > wowlan->pattern_max_len ||
12302 pat_len < wowlan->pattern_min_len)
12303 goto error;
12304
12305 if (!pat_tb[NL80211_PKTPAT_OFFSET])
12306 pkt_offset = 0;
12307 else
12308 pkt_offset = nla_get_u32(
12309 pat_tb[NL80211_PKTPAT_OFFSET]);
12310 if (pkt_offset > wowlan->max_pkt_offset)
12311 goto error;
12312 new_triggers.patterns[i].pkt_offset = pkt_offset;
12313
12314 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12315 if (!mask_pat) {
12316 err = -ENOMEM;
12317 goto error;
12318 }
12319 new_triggers.patterns[i].mask = mask_pat;
12320 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12321 mask_len);
12322 mask_pat += mask_len;
12323 new_triggers.patterns[i].pattern = mask_pat;
12324 new_triggers.patterns[i].pattern_len = pat_len;
12325 memcpy(mask_pat,
12326 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12327 pat_len);
12328 i++;
12329 }
12330 }
12331
12332 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
12333 regular = true;
12334 err = nl80211_parse_wowlan_tcp(
12335 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
12336 &new_triggers);
12337 if (err)
12338 goto error;
12339 }
12340
12341 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
12342 regular = true;
12343 err = nl80211_parse_wowlan_nd(
12344 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
12345 &new_triggers);
12346 if (err)
12347 goto error;
12348 }
12349
12350 /* The 'any' trigger means the device continues operating more or less
12351 * as in its normal operation mode and wakes up the host on most of the
12352 * normal interrupts (like packet RX, ...)
12353 * It therefore makes little sense to combine with the more constrained
12354 * wakeup trigger modes.
12355 */
12356 if (new_triggers.any && regular) {
12357 err = -EINVAL;
12358 goto error;
12359 }
12360
12361 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
12362 if (!ntrig) {
12363 err = -ENOMEM;
12364 goto error;
12365 }
12366 cfg80211_rdev_free_wowlan(rdev);
12367 rdev->wiphy.wowlan_config = ntrig;
12368
12369 set_wakeup:
12370 if (rdev->ops->set_wakeup &&
12371 prev_enabled != !!rdev->wiphy.wowlan_config)
12372 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
12373
12374 return 0;
12375 error:
12376 for (i = 0; i < new_triggers.n_patterns; i++)
12377 kfree(new_triggers.patterns[i].mask);
12378 kfree(new_triggers.patterns);
12379 if (new_triggers.tcp && new_triggers.tcp->sock)
12380 sock_release(new_triggers.tcp->sock);
12381 kfree(new_triggers.tcp);
12382 kfree(new_triggers.nd_config);
12383 return err;
12384}
12385#endif
12386
12387static int nl80211_send_coalesce_rules(struct sk_buff *msg,
12388 struct cfg80211_registered_device *rdev)
12389{
12390 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
12391 int i, j, pat_len;
12392 struct cfg80211_coalesce_rules *rule;
12393
12394 if (!rdev->coalesce->n_rules)
12395 return 0;
12396
12397 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
12398 if (!nl_rules)
12399 return -ENOBUFS;
12400
12401 for (i = 0; i < rdev->coalesce->n_rules; i++) {
12402 nl_rule = nla_nest_start_noflag(msg, i + 1);
12403 if (!nl_rule)
12404 return -ENOBUFS;
12405
12406 rule = &rdev->coalesce->rules[i];
12407 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
12408 rule->delay))
12409 return -ENOBUFS;
12410
12411 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
12412 rule->condition))
12413 return -ENOBUFS;
12414
12415 nl_pats = nla_nest_start_noflag(msg,
12416 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
12417 if (!nl_pats)
12418 return -ENOBUFS;
12419
12420 for (j = 0; j < rule->n_patterns; j++) {
12421 nl_pat = nla_nest_start_noflag(msg, j + 1);
12422 if (!nl_pat)
12423 return -ENOBUFS;
12424 pat_len = rule->patterns[j].pattern_len;
12425 if (nla_put(msg, NL80211_PKTPAT_MASK,
12426 DIV_ROUND_UP(pat_len, 8),
12427 rule->patterns[j].mask) ||
12428 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
12429 rule->patterns[j].pattern) ||
12430 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
12431 rule->patterns[j].pkt_offset))
12432 return -ENOBUFS;
12433 nla_nest_end(msg, nl_pat);
12434 }
12435 nla_nest_end(msg, nl_pats);
12436 nla_nest_end(msg, nl_rule);
12437 }
12438 nla_nest_end(msg, nl_rules);
12439
12440 return 0;
12441}
12442
12443static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
12444{
12445 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12446 struct sk_buff *msg;
12447 void *hdr;
12448
12449 if (!rdev->wiphy.coalesce)
12450 return -EOPNOTSUPP;
12451
12452 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12453 if (!msg)
12454 return -ENOMEM;
12455
12456 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12457 NL80211_CMD_GET_COALESCE);
12458 if (!hdr)
12459 goto nla_put_failure;
12460
12461 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
12462 goto nla_put_failure;
12463
12464 genlmsg_end(msg, hdr);
12465 return genlmsg_reply(msg, info);
12466
12467nla_put_failure:
12468 nlmsg_free(msg);
12469 return -ENOBUFS;
12470}
12471
12472void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
12473{
12474 struct cfg80211_coalesce *coalesce = rdev->coalesce;
12475 int i, j;
12476 struct cfg80211_coalesce_rules *rule;
12477
12478 if (!coalesce)
12479 return;
12480
12481 for (i = 0; i < coalesce->n_rules; i++) {
12482 rule = &coalesce->rules[i];
12483 for (j = 0; j < rule->n_patterns; j++)
12484 kfree(rule->patterns[j].mask);
12485 kfree(rule->patterns);
12486 }
12487 kfree(coalesce->rules);
12488 kfree(coalesce);
12489 rdev->coalesce = NULL;
12490}
12491
12492static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
12493 struct nlattr *rule,
12494 struct cfg80211_coalesce_rules *new_rule)
12495{
12496 int err, i;
12497 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12498 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
12499 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
12500 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
12501
12502 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
12503 rule, nl80211_coalesce_policy, NULL);
12504 if (err)
12505 return err;
12506
12507 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
12508 new_rule->delay =
12509 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
12510 if (new_rule->delay > coalesce->max_delay)
12511 return -EINVAL;
12512
12513 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
12514 new_rule->condition =
12515 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
12516
12517 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
12518 return -EINVAL;
12519
12520 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12521 rem)
12522 n_patterns++;
12523 if (n_patterns > coalesce->n_patterns)
12524 return -EINVAL;
12525
12526 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
12527 GFP_KERNEL);
12528 if (!new_rule->patterns)
12529 return -ENOMEM;
12530
12531 new_rule->n_patterns = n_patterns;
12532 i = 0;
12533
12534 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12535 rem) {
12536 u8 *mask_pat;
12537
12538 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
12539 pat,
12540 nl80211_packet_pattern_policy,
12541 NULL);
12542 if (err)
12543 return err;
12544
12545 if (!pat_tb[NL80211_PKTPAT_MASK] ||
12546 !pat_tb[NL80211_PKTPAT_PATTERN])
12547 return -EINVAL;
12548 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
12549 mask_len = DIV_ROUND_UP(pat_len, 8);
12550 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
12551 return -EINVAL;
12552 if (pat_len > coalesce->pattern_max_len ||
12553 pat_len < coalesce->pattern_min_len)
12554 return -EINVAL;
12555
12556 if (!pat_tb[NL80211_PKTPAT_OFFSET])
12557 pkt_offset = 0;
12558 else
12559 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
12560 if (pkt_offset > coalesce->max_pkt_offset)
12561 return -EINVAL;
12562 new_rule->patterns[i].pkt_offset = pkt_offset;
12563
12564 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12565 if (!mask_pat)
12566 return -ENOMEM;
12567
12568 new_rule->patterns[i].mask = mask_pat;
12569 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12570 mask_len);
12571
12572 mask_pat += mask_len;
12573 new_rule->patterns[i].pattern = mask_pat;
12574 new_rule->patterns[i].pattern_len = pat_len;
12575 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12576 pat_len);
12577 i++;
12578 }
12579
12580 return 0;
12581}
12582
12583static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
12584{
12585 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12586 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12587 struct cfg80211_coalesce new_coalesce = {};
12588 struct cfg80211_coalesce *n_coalesce;
12589 int err, rem_rule, n_rules = 0, i, j;
12590 struct nlattr *rule;
12591 struct cfg80211_coalesce_rules *tmp_rule;
12592
12593 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
12594 return -EOPNOTSUPP;
12595
12596 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
12597 cfg80211_rdev_free_coalesce(rdev);
12598 rdev_set_coalesce(rdev, NULL);
12599 return 0;
12600 }
12601
12602 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12603 rem_rule)
12604 n_rules++;
12605 if (n_rules > coalesce->n_rules)
12606 return -EINVAL;
12607
12608 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
12609 GFP_KERNEL);
12610 if (!new_coalesce.rules)
12611 return -ENOMEM;
12612
12613 new_coalesce.n_rules = n_rules;
12614 i = 0;
12615
12616 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12617 rem_rule) {
12618 err = nl80211_parse_coalesce_rule(rdev, rule,
12619 &new_coalesce.rules[i]);
12620 if (err)
12621 goto error;
12622
12623 i++;
12624 }
12625
12626 err = rdev_set_coalesce(rdev, &new_coalesce);
12627 if (err)
12628 goto error;
12629
12630 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
12631 if (!n_coalesce) {
12632 err = -ENOMEM;
12633 goto error;
12634 }
12635 cfg80211_rdev_free_coalesce(rdev);
12636 rdev->coalesce = n_coalesce;
12637
12638 return 0;
12639error:
12640 for (i = 0; i < new_coalesce.n_rules; i++) {
12641 tmp_rule = &new_coalesce.rules[i];
12642 for (j = 0; j < tmp_rule->n_patterns; j++)
12643 kfree(tmp_rule->patterns[j].mask);
12644 kfree(tmp_rule->patterns);
12645 }
12646 kfree(new_coalesce.rules);
12647
12648 return err;
12649}
12650
12651static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
12652{
12653 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12654 struct net_device *dev = info->user_ptr[1];
12655 struct wireless_dev *wdev = dev->ieee80211_ptr;
12656 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
12657 struct cfg80211_gtk_rekey_data rekey_data = {};
12658 int err;
12659
12660 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
12661 return -EINVAL;
12662
12663 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
12664 info->attrs[NL80211_ATTR_REKEY_DATA],
12665 nl80211_rekey_policy, info->extack);
12666 if (err)
12667 return err;
12668
12669 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
12670 !tb[NL80211_REKEY_DATA_KCK])
12671 return -EINVAL;
12672 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
12673 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
12674 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
12675 return -ERANGE;
12676 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
12677 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
12678 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KCK_EXT_LEN))
12679 return -ERANGE;
12680
12681 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
12682 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
12683 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
12684 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
12685 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
12686 if (tb[NL80211_REKEY_DATA_AKM])
12687 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
12688
12689 wdev_lock(wdev);
12690 if (!wdev->current_bss) {
12691 err = -ENOTCONN;
12692 goto out;
12693 }
12694
12695 if (!rdev->ops->set_rekey_data) {
12696 err = -EOPNOTSUPP;
12697 goto out;
12698 }
12699
12700 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
12701 out:
12702 wdev_unlock(wdev);
12703 return err;
12704}
12705
12706static int nl80211_register_unexpected_frame(struct sk_buff *skb,
12707 struct genl_info *info)
12708{
12709 struct net_device *dev = info->user_ptr[1];
12710 struct wireless_dev *wdev = dev->ieee80211_ptr;
12711
12712 if (wdev->iftype != NL80211_IFTYPE_AP &&
12713 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12714 return -EINVAL;
12715
12716 if (wdev->ap_unexpected_nlportid)
12717 return -EBUSY;
12718
12719 wdev->ap_unexpected_nlportid = info->snd_portid;
12720 return 0;
12721}
12722
12723static int nl80211_probe_client(struct sk_buff *skb,
12724 struct genl_info *info)
12725{
12726 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12727 struct net_device *dev = info->user_ptr[1];
12728 struct wireless_dev *wdev = dev->ieee80211_ptr;
12729 struct sk_buff *msg;
12730 void *hdr;
12731 const u8 *addr;
12732 u64 cookie;
12733 int err;
12734
12735 if (wdev->iftype != NL80211_IFTYPE_AP &&
12736 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12737 return -EOPNOTSUPP;
12738
12739 if (!info->attrs[NL80211_ATTR_MAC])
12740 return -EINVAL;
12741
12742 if (!rdev->ops->probe_client)
12743 return -EOPNOTSUPP;
12744
12745 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12746 if (!msg)
12747 return -ENOMEM;
12748
12749 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12750 NL80211_CMD_PROBE_CLIENT);
12751 if (!hdr) {
12752 err = -ENOBUFS;
12753 goto free_msg;
12754 }
12755
12756 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12757
12758 err = rdev_probe_client(rdev, dev, addr, &cookie);
12759 if (err)
12760 goto free_msg;
12761
12762 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12763 NL80211_ATTR_PAD))
12764 goto nla_put_failure;
12765
12766 genlmsg_end(msg, hdr);
12767
12768 return genlmsg_reply(msg, info);
12769
12770 nla_put_failure:
12771 err = -ENOBUFS;
12772 free_msg:
12773 nlmsg_free(msg);
12774 return err;
12775}
12776
12777static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
12778{
12779 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12780 struct cfg80211_beacon_registration *reg, *nreg;
12781 int rv;
12782
12783 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
12784 return -EOPNOTSUPP;
12785
12786 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
12787 if (!nreg)
12788 return -ENOMEM;
12789
12790 /* First, check if already registered. */
12791 spin_lock_bh(&rdev->beacon_registrations_lock);
12792 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
12793 if (reg->nlportid == info->snd_portid) {
12794 rv = -EALREADY;
12795 goto out_err;
12796 }
12797 }
12798 /* Add it to the list */
12799 nreg->nlportid = info->snd_portid;
12800 list_add(&nreg->list, &rdev->beacon_registrations);
12801
12802 spin_unlock_bh(&rdev->beacon_registrations_lock);
12803
12804 return 0;
12805out_err:
12806 spin_unlock_bh(&rdev->beacon_registrations_lock);
12807 kfree(nreg);
12808 return rv;
12809}
12810
12811static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
12812{
12813 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12814 struct wireless_dev *wdev = info->user_ptr[1];
12815 int err;
12816
12817 if (!rdev->ops->start_p2p_device)
12818 return -EOPNOTSUPP;
12819
12820 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12821 return -EOPNOTSUPP;
12822
12823 if (wdev_running(wdev))
12824 return 0;
12825
12826 if (rfkill_blocked(rdev->rfkill))
12827 return -ERFKILL;
12828
12829 err = rdev_start_p2p_device(rdev, wdev);
12830 if (err)
12831 return err;
12832
12833 wdev->is_running = true;
12834 rdev->opencount++;
12835
12836 return 0;
12837}
12838
12839static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
12840{
12841 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12842 struct wireless_dev *wdev = info->user_ptr[1];
12843
12844 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12845 return -EOPNOTSUPP;
12846
12847 if (!rdev->ops->stop_p2p_device)
12848 return -EOPNOTSUPP;
12849
12850 cfg80211_stop_p2p_device(rdev, wdev);
12851
12852 return 0;
12853}
12854
12855static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
12856{
12857 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12858 struct wireless_dev *wdev = info->user_ptr[1];
12859 struct cfg80211_nan_conf conf = {};
12860 int err;
12861
12862 if (wdev->iftype != NL80211_IFTYPE_NAN)
12863 return -EOPNOTSUPP;
12864
12865 if (wdev_running(wdev))
12866 return -EEXIST;
12867
12868 if (rfkill_blocked(rdev->rfkill))
12869 return -ERFKILL;
12870
12871 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
12872 return -EINVAL;
12873
12874 conf.master_pref =
12875 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12876
12877 if (info->attrs[NL80211_ATTR_BANDS]) {
12878 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12879
12880 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12881 return -EOPNOTSUPP;
12882
12883 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12884 return -EINVAL;
12885
12886 conf.bands = bands;
12887 }
12888
12889 err = rdev_start_nan(rdev, wdev, &conf);
12890 if (err)
12891 return err;
12892
12893 wdev->is_running = true;
12894 rdev->opencount++;
12895
12896 return 0;
12897}
12898
12899static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
12900{
12901 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12902 struct wireless_dev *wdev = info->user_ptr[1];
12903
12904 if (wdev->iftype != NL80211_IFTYPE_NAN)
12905 return -EOPNOTSUPP;
12906
12907 cfg80211_stop_nan(rdev, wdev);
12908
12909 return 0;
12910}
12911
12912static int validate_nan_filter(struct nlattr *filter_attr)
12913{
12914 struct nlattr *attr;
12915 int len = 0, n_entries = 0, rem;
12916
12917 nla_for_each_nested(attr, filter_attr, rem) {
12918 len += nla_len(attr);
12919 n_entries++;
12920 }
12921
12922 if (len >= U8_MAX)
12923 return -EINVAL;
12924
12925 return n_entries;
12926}
12927
12928static int handle_nan_filter(struct nlattr *attr_filter,
12929 struct cfg80211_nan_func *func,
12930 bool tx)
12931{
12932 struct nlattr *attr;
12933 int n_entries, rem, i;
12934 struct cfg80211_nan_func_filter *filter;
12935
12936 n_entries = validate_nan_filter(attr_filter);
12937 if (n_entries < 0)
12938 return n_entries;
12939
12940 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
12941
12942 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
12943 if (!filter)
12944 return -ENOMEM;
12945
12946 i = 0;
12947 nla_for_each_nested(attr, attr_filter, rem) {
12948 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
12949 if (!filter[i].filter)
12950 goto err;
12951
12952 filter[i].len = nla_len(attr);
12953 i++;
12954 }
12955 if (tx) {
12956 func->num_tx_filters = n_entries;
12957 func->tx_filters = filter;
12958 } else {
12959 func->num_rx_filters = n_entries;
12960 func->rx_filters = filter;
12961 }
12962
12963 return 0;
12964
12965err:
12966 i = 0;
12967 nla_for_each_nested(attr, attr_filter, rem) {
12968 kfree(filter[i].filter);
12969 i++;
12970 }
12971 kfree(filter);
12972 return -ENOMEM;
12973}
12974
12975static int nl80211_nan_add_func(struct sk_buff *skb,
12976 struct genl_info *info)
12977{
12978 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12979 struct wireless_dev *wdev = info->user_ptr[1];
12980 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
12981 struct cfg80211_nan_func *func;
12982 struct sk_buff *msg = NULL;
12983 void *hdr = NULL;
12984 int err = 0;
12985
12986 if (wdev->iftype != NL80211_IFTYPE_NAN)
12987 return -EOPNOTSUPP;
12988
12989 if (!wdev_running(wdev))
12990 return -ENOTCONN;
12991
12992 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
12993 return -EINVAL;
12994
12995 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
12996 info->attrs[NL80211_ATTR_NAN_FUNC],
12997 nl80211_nan_func_policy,
12998 info->extack);
12999 if (err)
13000 return err;
13001
13002 func = kzalloc(sizeof(*func), GFP_KERNEL);
13003 if (!func)
13004 return -ENOMEM;
13005
13006 func->cookie = cfg80211_assign_cookie(rdev);
13007
13008 if (!tb[NL80211_NAN_FUNC_TYPE]) {
13009 err = -EINVAL;
13010 goto out;
13011 }
13012
13013
13014 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
13015
13016 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
13017 err = -EINVAL;
13018 goto out;
13019 }
13020
13021 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
13022 sizeof(func->service_id));
13023
13024 func->close_range =
13025 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
13026
13027 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
13028 func->serv_spec_info_len =
13029 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
13030 func->serv_spec_info =
13031 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
13032 func->serv_spec_info_len,
13033 GFP_KERNEL);
13034 if (!func->serv_spec_info) {
13035 err = -ENOMEM;
13036 goto out;
13037 }
13038 }
13039
13040 if (tb[NL80211_NAN_FUNC_TTL])
13041 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
13042
13043 switch (func->type) {
13044 case NL80211_NAN_FUNC_PUBLISH:
13045 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
13046 err = -EINVAL;
13047 goto out;
13048 }
13049
13050 func->publish_type =
13051 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
13052 func->publish_bcast =
13053 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
13054
13055 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
13056 func->publish_bcast) {
13057 err = -EINVAL;
13058 goto out;
13059 }
13060 break;
13061 case NL80211_NAN_FUNC_SUBSCRIBE:
13062 func->subscribe_active =
13063 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
13064 break;
13065 case NL80211_NAN_FUNC_FOLLOW_UP:
13066 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
13067 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
13068 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
13069 err = -EINVAL;
13070 goto out;
13071 }
13072
13073 func->followup_id =
13074 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
13075 func->followup_reqid =
13076 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
13077 memcpy(func->followup_dest.addr,
13078 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
13079 sizeof(func->followup_dest.addr));
13080 if (func->ttl) {
13081 err = -EINVAL;
13082 goto out;
13083 }
13084 break;
13085 default:
13086 err = -EINVAL;
13087 goto out;
13088 }
13089
13090 if (tb[NL80211_NAN_FUNC_SRF]) {
13091 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
13092
13093 err = nla_parse_nested_deprecated(srf_tb,
13094 NL80211_NAN_SRF_ATTR_MAX,
13095 tb[NL80211_NAN_FUNC_SRF],
13096 nl80211_nan_srf_policy,
13097 info->extack);
13098 if (err)
13099 goto out;
13100
13101 func->srf_include =
13102 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
13103
13104 if (srf_tb[NL80211_NAN_SRF_BF]) {
13105 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
13106 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
13107 err = -EINVAL;
13108 goto out;
13109 }
13110
13111 func->srf_bf_len =
13112 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
13113 func->srf_bf =
13114 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
13115 func->srf_bf_len, GFP_KERNEL);
13116 if (!func->srf_bf) {
13117 err = -ENOMEM;
13118 goto out;
13119 }
13120
13121 func->srf_bf_idx =
13122 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
13123 } else {
13124 struct nlattr *attr, *mac_attr =
13125 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
13126 int n_entries, rem, i = 0;
13127
13128 if (!mac_attr) {
13129 err = -EINVAL;
13130 goto out;
13131 }
13132
13133 n_entries = validate_acl_mac_addrs(mac_attr);
13134 if (n_entries <= 0) {
13135 err = -EINVAL;
13136 goto out;
13137 }
13138
13139 func->srf_num_macs = n_entries;
13140 func->srf_macs =
13141 kcalloc(n_entries, sizeof(*func->srf_macs),
13142 GFP_KERNEL);
13143 if (!func->srf_macs) {
13144 err = -ENOMEM;
13145 goto out;
13146 }
13147
13148 nla_for_each_nested(attr, mac_attr, rem)
13149 memcpy(func->srf_macs[i++].addr, nla_data(attr),
13150 sizeof(*func->srf_macs));
13151 }
13152 }
13153
13154 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
13155 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
13156 func, true);
13157 if (err)
13158 goto out;
13159 }
13160
13161 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
13162 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
13163 func, false);
13164 if (err)
13165 goto out;
13166 }
13167
13168 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13169 if (!msg) {
13170 err = -ENOMEM;
13171 goto out;
13172 }
13173
13174 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13175 NL80211_CMD_ADD_NAN_FUNCTION);
13176 /* This can't really happen - we just allocated 4KB */
13177 if (WARN_ON(!hdr)) {
13178 err = -ENOMEM;
13179 goto out;
13180 }
13181
13182 err = rdev_add_nan_func(rdev, wdev, func);
13183out:
13184 if (err < 0) {
13185 cfg80211_free_nan_func(func);
13186 nlmsg_free(msg);
13187 return err;
13188 }
13189
13190 /* propagate the instance id and cookie to userspace */
13191 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
13192 NL80211_ATTR_PAD))
13193 goto nla_put_failure;
13194
13195 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
13196 if (!func_attr)
13197 goto nla_put_failure;
13198
13199 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
13200 func->instance_id))
13201 goto nla_put_failure;
13202
13203 nla_nest_end(msg, func_attr);
13204
13205 genlmsg_end(msg, hdr);
13206 return genlmsg_reply(msg, info);
13207
13208nla_put_failure:
13209 nlmsg_free(msg);
13210 return -ENOBUFS;
13211}
13212
13213static int nl80211_nan_del_func(struct sk_buff *skb,
13214 struct genl_info *info)
13215{
13216 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13217 struct wireless_dev *wdev = info->user_ptr[1];
13218 u64 cookie;
13219
13220 if (wdev->iftype != NL80211_IFTYPE_NAN)
13221 return -EOPNOTSUPP;
13222
13223 if (!wdev_running(wdev))
13224 return -ENOTCONN;
13225
13226 if (!info->attrs[NL80211_ATTR_COOKIE])
13227 return -EINVAL;
13228
13229 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
13230
13231 rdev_del_nan_func(rdev, wdev, cookie);
13232
13233 return 0;
13234}
13235
13236static int nl80211_nan_change_config(struct sk_buff *skb,
13237 struct genl_info *info)
13238{
13239 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13240 struct wireless_dev *wdev = info->user_ptr[1];
13241 struct cfg80211_nan_conf conf = {};
13242 u32 changed = 0;
13243
13244 if (wdev->iftype != NL80211_IFTYPE_NAN)
13245 return -EOPNOTSUPP;
13246
13247 if (!wdev_running(wdev))
13248 return -ENOTCONN;
13249
13250 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
13251 conf.master_pref =
13252 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
13253 if (conf.master_pref <= 1 || conf.master_pref == 255)
13254 return -EINVAL;
13255
13256 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
13257 }
13258
13259 if (info->attrs[NL80211_ATTR_BANDS]) {
13260 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
13261
13262 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
13263 return -EOPNOTSUPP;
13264
13265 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
13266 return -EINVAL;
13267
13268 conf.bands = bands;
13269 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
13270 }
13271
13272 if (!changed)
13273 return -EINVAL;
13274
13275 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
13276}
13277
13278void cfg80211_nan_match(struct wireless_dev *wdev,
13279 struct cfg80211_nan_match_params *match, gfp_t gfp)
13280{
13281 struct wiphy *wiphy = wdev->wiphy;
13282 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13283 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
13284 struct sk_buff *msg;
13285 void *hdr;
13286
13287 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
13288 return;
13289
13290 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13291 if (!msg)
13292 return;
13293
13294 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
13295 if (!hdr) {
13296 nlmsg_free(msg);
13297 return;
13298 }
13299
13300 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13301 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13302 wdev->netdev->ifindex)) ||
13303 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13304 NL80211_ATTR_PAD))
13305 goto nla_put_failure;
13306
13307 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
13308 NL80211_ATTR_PAD) ||
13309 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
13310 goto nla_put_failure;
13311
13312 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
13313 if (!match_attr)
13314 goto nla_put_failure;
13315
13316 local_func_attr = nla_nest_start_noflag(msg,
13317 NL80211_NAN_MATCH_FUNC_LOCAL);
13318 if (!local_func_attr)
13319 goto nla_put_failure;
13320
13321 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
13322 goto nla_put_failure;
13323
13324 nla_nest_end(msg, local_func_attr);
13325
13326 peer_func_attr = nla_nest_start_noflag(msg,
13327 NL80211_NAN_MATCH_FUNC_PEER);
13328 if (!peer_func_attr)
13329 goto nla_put_failure;
13330
13331 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
13332 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
13333 goto nla_put_failure;
13334
13335 if (match->info && match->info_len &&
13336 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
13337 match->info))
13338 goto nla_put_failure;
13339
13340 nla_nest_end(msg, peer_func_attr);
13341 nla_nest_end(msg, match_attr);
13342 genlmsg_end(msg, hdr);
13343
13344 if (!wdev->owner_nlportid)
13345 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13346 msg, 0, NL80211_MCGRP_NAN, gfp);
13347 else
13348 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
13349 wdev->owner_nlportid);
13350
13351 return;
13352
13353nla_put_failure:
13354 nlmsg_free(msg);
13355}
13356EXPORT_SYMBOL(cfg80211_nan_match);
13357
13358void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
13359 u8 inst_id,
13360 enum nl80211_nan_func_term_reason reason,
13361 u64 cookie, gfp_t gfp)
13362{
13363 struct wiphy *wiphy = wdev->wiphy;
13364 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13365 struct sk_buff *msg;
13366 struct nlattr *func_attr;
13367 void *hdr;
13368
13369 if (WARN_ON(!inst_id))
13370 return;
13371
13372 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13373 if (!msg)
13374 return;
13375
13376 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
13377 if (!hdr) {
13378 nlmsg_free(msg);
13379 return;
13380 }
13381
13382 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13383 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13384 wdev->netdev->ifindex)) ||
13385 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13386 NL80211_ATTR_PAD))
13387 goto nla_put_failure;
13388
13389 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
13390 NL80211_ATTR_PAD))
13391 goto nla_put_failure;
13392
13393 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
13394 if (!func_attr)
13395 goto nla_put_failure;
13396
13397 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
13398 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
13399 goto nla_put_failure;
13400
13401 nla_nest_end(msg, func_attr);
13402 genlmsg_end(msg, hdr);
13403
13404 if (!wdev->owner_nlportid)
13405 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13406 msg, 0, NL80211_MCGRP_NAN, gfp);
13407 else
13408 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
13409 wdev->owner_nlportid);
13410
13411 return;
13412
13413nla_put_failure:
13414 nlmsg_free(msg);
13415}
13416EXPORT_SYMBOL(cfg80211_nan_func_terminated);
13417
13418static int nl80211_get_protocol_features(struct sk_buff *skb,
13419 struct genl_info *info)
13420{
13421 void *hdr;
13422 struct sk_buff *msg;
13423
13424 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13425 if (!msg)
13426 return -ENOMEM;
13427
13428 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13429 NL80211_CMD_GET_PROTOCOL_FEATURES);
13430 if (!hdr)
13431 goto nla_put_failure;
13432
13433 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
13434 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
13435 goto nla_put_failure;
13436
13437 genlmsg_end(msg, hdr);
13438 return genlmsg_reply(msg, info);
13439
13440 nla_put_failure:
13441 kfree_skb(msg);
13442 return -ENOBUFS;
13443}
13444
13445static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
13446{
13447 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13448 struct cfg80211_update_ft_ies_params ft_params;
13449 struct net_device *dev = info->user_ptr[1];
13450
13451 if (!rdev->ops->update_ft_ies)
13452 return -EOPNOTSUPP;
13453
13454 if (!info->attrs[NL80211_ATTR_MDID] ||
13455 !info->attrs[NL80211_ATTR_IE])
13456 return -EINVAL;
13457
13458 memset(&ft_params, 0, sizeof(ft_params));
13459 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
13460 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13461 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13462
13463 return rdev_update_ft_ies(rdev, dev, &ft_params);
13464}
13465
13466static int nl80211_crit_protocol_start(struct sk_buff *skb,
13467 struct genl_info *info)
13468{
13469 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13470 struct wireless_dev *wdev = info->user_ptr[1];
13471 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
13472 u16 duration;
13473 int ret;
13474
13475 if (!rdev->ops->crit_proto_start)
13476 return -EOPNOTSUPP;
13477
13478 if (WARN_ON(!rdev->ops->crit_proto_stop))
13479 return -EINVAL;
13480
13481 if (rdev->crit_proto_nlportid)
13482 return -EBUSY;
13483
13484 /* determine protocol if provided */
13485 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
13486 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
13487
13488 if (proto >= NUM_NL80211_CRIT_PROTO)
13489 return -EINVAL;
13490
13491 /* timeout must be provided */
13492 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
13493 return -EINVAL;
13494
13495 duration =
13496 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
13497
13498 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
13499 if (!ret)
13500 rdev->crit_proto_nlportid = info->snd_portid;
13501
13502 return ret;
13503}
13504
13505static int nl80211_crit_protocol_stop(struct sk_buff *skb,
13506 struct genl_info *info)
13507{
13508 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13509 struct wireless_dev *wdev = info->user_ptr[1];
13510
13511 if (!rdev->ops->crit_proto_stop)
13512 return -EOPNOTSUPP;
13513
13514 if (rdev->crit_proto_nlportid) {
13515 rdev->crit_proto_nlportid = 0;
13516 rdev_crit_proto_stop(rdev, wdev);
13517 }
13518 return 0;
13519}
13520
13521static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
13522 struct nlattr *attr,
13523 struct netlink_ext_ack *extack)
13524{
13525 if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
13526 if (attr->nla_type & NLA_F_NESTED) {
13527 NL_SET_ERR_MSG_ATTR(extack, attr,
13528 "unexpected nested data");
13529 return -EINVAL;
13530 }
13531
13532 return 0;
13533 }
13534
13535 if (!(attr->nla_type & NLA_F_NESTED)) {
13536 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
13537 return -EINVAL;
13538 }
13539
13540 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
13541}
13542
13543static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
13544{
13545 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13546 struct wireless_dev *wdev =
13547 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
13548 int i, err;
13549 u32 vid, subcmd;
13550
13551 if (!rdev->wiphy.vendor_commands)
13552 return -EOPNOTSUPP;
13553
13554 if (IS_ERR(wdev)) {
13555 err = PTR_ERR(wdev);
13556 if (err != -EINVAL)
13557 return err;
13558 wdev = NULL;
13559 } else if (wdev->wiphy != &rdev->wiphy) {
13560 return -EINVAL;
13561 }
13562
13563 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
13564 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
13565 return -EINVAL;
13566
13567 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
13568 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
13569 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
13570 const struct wiphy_vendor_command *vcmd;
13571 void *data = NULL;
13572 int len = 0;
13573
13574 vcmd = &rdev->wiphy.vendor_commands[i];
13575
13576 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13577 continue;
13578
13579 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13580 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13581 if (!wdev)
13582 return -EINVAL;
13583 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13584 !wdev->netdev)
13585 return -EINVAL;
13586
13587 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13588 if (!wdev_running(wdev))
13589 return -ENETDOWN;
13590 }
13591 } else {
13592 wdev = NULL;
13593 }
13594
13595 if (!vcmd->doit)
13596 return -EOPNOTSUPP;
13597
13598 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
13599 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13600 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13601
13602 err = nl80211_vendor_check_policy(vcmd,
13603 info->attrs[NL80211_ATTR_VENDOR_DATA],
13604 info->extack);
13605 if (err)
13606 return err;
13607 }
13608
13609 rdev->cur_cmd_info = info;
13610 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
13611 rdev->cur_cmd_info = NULL;
13612 return err;
13613 }
13614
13615 return -EOPNOTSUPP;
13616}
13617
13618static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
13619 struct netlink_callback *cb,
13620 struct cfg80211_registered_device **rdev,
13621 struct wireless_dev **wdev)
13622{
13623 struct nlattr **attrbuf;
13624 u32 vid, subcmd;
13625 unsigned int i;
13626 int vcmd_idx = -1;
13627 int err;
13628 void *data = NULL;
13629 unsigned int data_len = 0;
13630
13631 if (cb->args[0]) {
13632 /* subtract the 1 again here */
13633 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
13634 struct wireless_dev *tmp;
13635
13636 if (!wiphy)
13637 return -ENODEV;
13638 *rdev = wiphy_to_rdev(wiphy);
13639 *wdev = NULL;
13640
13641 if (cb->args[1]) {
13642 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
13643 if (tmp->identifier == cb->args[1] - 1) {
13644 *wdev = tmp;
13645 break;
13646 }
13647 }
13648 }
13649
13650 /* keep rtnl locked in successful case */
13651 return 0;
13652 }
13653
13654 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
13655 if (!attrbuf)
13656 return -ENOMEM;
13657
13658 err = nlmsg_parse_deprecated(cb->nlh,
13659 GENL_HDRLEN + nl80211_fam.hdrsize,
13660 attrbuf, nl80211_fam.maxattr,
13661 nl80211_policy, NULL);
13662 if (err)
13663 goto out;
13664
13665 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
13666 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
13667 err = -EINVAL;
13668 goto out;
13669 }
13670
13671 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
13672 if (IS_ERR(*wdev))
13673 *wdev = NULL;
13674
13675 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
13676 if (IS_ERR(*rdev)) {
13677 err = PTR_ERR(*rdev);
13678 goto out;
13679 }
13680
13681 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
13682 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
13683
13684 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
13685 const struct wiphy_vendor_command *vcmd;
13686
13687 vcmd = &(*rdev)->wiphy.vendor_commands[i];
13688
13689 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13690 continue;
13691
13692 if (!vcmd->dumpit) {
13693 err = -EOPNOTSUPP;
13694 goto out;
13695 }
13696
13697 vcmd_idx = i;
13698 break;
13699 }
13700
13701 if (vcmd_idx < 0) {
13702 err = -EOPNOTSUPP;
13703 goto out;
13704 }
13705
13706 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
13707 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13708 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13709
13710 err = nl80211_vendor_check_policy(
13711 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
13712 attrbuf[NL80211_ATTR_VENDOR_DATA],
13713 cb->extack);
13714 if (err)
13715 goto out;
13716 }
13717
13718 /* 0 is the first index - add 1 to parse only once */
13719 cb->args[0] = (*rdev)->wiphy_idx + 1;
13720 /* add 1 to know if it was NULL */
13721 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
13722 cb->args[2] = vcmd_idx;
13723 cb->args[3] = (unsigned long)data;
13724 cb->args[4] = data_len;
13725
13726 /* keep rtnl locked in successful case */
13727 err = 0;
13728out:
13729 kfree(attrbuf);
13730 return err;
13731}
13732
13733static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
13734 struct netlink_callback *cb)
13735{
13736 struct cfg80211_registered_device *rdev;
13737 struct wireless_dev *wdev;
13738 unsigned int vcmd_idx;
13739 const struct wiphy_vendor_command *vcmd;
13740 void *data;
13741 int data_len;
13742 int err;
13743 struct nlattr *vendor_data;
13744
13745 rtnl_lock();
13746 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
13747 if (err)
13748 goto out;
13749
13750 vcmd_idx = cb->args[2];
13751 data = (void *)cb->args[3];
13752 data_len = cb->args[4];
13753 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
13754
13755 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13756 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13757 if (!wdev) {
13758 err = -EINVAL;
13759 goto out;
13760 }
13761 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13762 !wdev->netdev) {
13763 err = -EINVAL;
13764 goto out;
13765 }
13766
13767 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13768 if (!wdev_running(wdev)) {
13769 err = -ENETDOWN;
13770 goto out;
13771 }
13772 }
13773 }
13774
13775 while (1) {
13776 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13777 cb->nlh->nlmsg_seq, NLM_F_MULTI,
13778 NL80211_CMD_VENDOR);
13779 if (!hdr)
13780 break;
13781
13782 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13783 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
13784 wdev_id(wdev),
13785 NL80211_ATTR_PAD))) {
13786 genlmsg_cancel(skb, hdr);
13787 break;
13788 }
13789
13790 vendor_data = nla_nest_start_noflag(skb,
13791 NL80211_ATTR_VENDOR_DATA);
13792 if (!vendor_data) {
13793 genlmsg_cancel(skb, hdr);
13794 break;
13795 }
13796
13797 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
13798 (unsigned long *)&cb->args[5]);
13799 nla_nest_end(skb, vendor_data);
13800
13801 if (err == -ENOBUFS || err == -ENOENT) {
13802 genlmsg_cancel(skb, hdr);
13803 break;
13804 } else if (err <= 0) {
13805 genlmsg_cancel(skb, hdr);
13806 goto out;
13807 }
13808
13809 genlmsg_end(skb, hdr);
13810 }
13811
13812 err = skb->len;
13813 out:
13814 rtnl_unlock();
13815 return err;
13816}
13817
13818struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
13819 enum nl80211_commands cmd,
13820 enum nl80211_attrs attr,
13821 int approxlen)
13822{
13823 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13824
13825 if (WARN_ON(!rdev->cur_cmd_info))
13826 return NULL;
13827
13828 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
13829 rdev->cur_cmd_info->snd_portid,
13830 rdev->cur_cmd_info->snd_seq,
13831 cmd, attr, NULL, GFP_KERNEL);
13832}
13833EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
13834
13835int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
13836{
13837 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
13838 void *hdr = ((void **)skb->cb)[1];
13839 struct nlattr *data = ((void **)skb->cb)[2];
13840
13841 /* clear CB data for netlink core to own from now on */
13842 memset(skb->cb, 0, sizeof(skb->cb));
13843
13844 if (WARN_ON(!rdev->cur_cmd_info)) {
13845 kfree_skb(skb);
13846 return -EINVAL;
13847 }
13848
13849 nla_nest_end(skb, data);
13850 genlmsg_end(skb, hdr);
13851 return genlmsg_reply(skb, rdev->cur_cmd_info);
13852}
13853EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
13854
13855unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
13856{
13857 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13858
13859 if (WARN_ON(!rdev->cur_cmd_info))
13860 return 0;
13861
13862 return rdev->cur_cmd_info->snd_portid;
13863}
13864EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
13865
13866static int nl80211_set_qos_map(struct sk_buff *skb,
13867 struct genl_info *info)
13868{
13869 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13870 struct cfg80211_qos_map *qos_map = NULL;
13871 struct net_device *dev = info->user_ptr[1];
13872 u8 *pos, len, num_des, des_len, des;
13873 int ret;
13874
13875 if (!rdev->ops->set_qos_map)
13876 return -EOPNOTSUPP;
13877
13878 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
13879 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
13880 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
13881
13882 if (len % 2)
13883 return -EINVAL;
13884
13885 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
13886 if (!qos_map)
13887 return -ENOMEM;
13888
13889 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
13890 if (num_des) {
13891 des_len = num_des *
13892 sizeof(struct cfg80211_dscp_exception);
13893 memcpy(qos_map->dscp_exception, pos, des_len);
13894 qos_map->num_des = num_des;
13895 for (des = 0; des < num_des; des++) {
13896 if (qos_map->dscp_exception[des].up > 7) {
13897 kfree(qos_map);
13898 return -EINVAL;
13899 }
13900 }
13901 pos += des_len;
13902 }
13903 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
13904 }
13905
13906 wdev_lock(dev->ieee80211_ptr);
13907 ret = nl80211_key_allowed(dev->ieee80211_ptr);
13908 if (!ret)
13909 ret = rdev_set_qos_map(rdev, dev, qos_map);
13910 wdev_unlock(dev->ieee80211_ptr);
13911
13912 kfree(qos_map);
13913 return ret;
13914}
13915
13916static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
13917{
13918 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13919 struct net_device *dev = info->user_ptr[1];
13920 struct wireless_dev *wdev = dev->ieee80211_ptr;
13921 const u8 *peer;
13922 u8 tsid, up;
13923 u16 admitted_time = 0;
13924 int err;
13925
13926 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
13927 return -EOPNOTSUPP;
13928
13929 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
13930 !info->attrs[NL80211_ATTR_USER_PRIO])
13931 return -EINVAL;
13932
13933 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13934 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
13935
13936 /* WMM uses TIDs 0-7 even for TSPEC */
13937 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
13938 /* TODO: handle 802.11 TSPEC/admission control
13939 * need more attributes for that (e.g. BA session requirement);
13940 * change the WMM adminssion test above to allow both then
13941 */
13942 return -EINVAL;
13943 }
13944
13945 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13946
13947 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
13948 admitted_time =
13949 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
13950 if (!admitted_time)
13951 return -EINVAL;
13952 }
13953
13954 wdev_lock(wdev);
13955 switch (wdev->iftype) {
13956 case NL80211_IFTYPE_STATION:
13957 case NL80211_IFTYPE_P2P_CLIENT:
13958 if (wdev->current_bss)
13959 break;
13960 err = -ENOTCONN;
13961 goto out;
13962 default:
13963 err = -EOPNOTSUPP;
13964 goto out;
13965 }
13966
13967 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
13968
13969 out:
13970 wdev_unlock(wdev);
13971 return err;
13972}
13973
13974static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
13975{
13976 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13977 struct net_device *dev = info->user_ptr[1];
13978 struct wireless_dev *wdev = dev->ieee80211_ptr;
13979 const u8 *peer;
13980 u8 tsid;
13981 int err;
13982
13983 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
13984 return -EINVAL;
13985
13986 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13987 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13988
13989 wdev_lock(wdev);
13990 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
13991 wdev_unlock(wdev);
13992
13993 return err;
13994}
13995
13996static int nl80211_tdls_channel_switch(struct sk_buff *skb,
13997 struct genl_info *info)
13998{
13999 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14000 struct net_device *dev = info->user_ptr[1];
14001 struct wireless_dev *wdev = dev->ieee80211_ptr;
14002 struct cfg80211_chan_def chandef = {};
14003 const u8 *addr;
14004 u8 oper_class;
14005 int err;
14006
14007 if (!rdev->ops->tdls_channel_switch ||
14008 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
14009 return -EOPNOTSUPP;
14010
14011 switch (dev->ieee80211_ptr->iftype) {
14012 case NL80211_IFTYPE_STATION:
14013 case NL80211_IFTYPE_P2P_CLIENT:
14014 break;
14015 default:
14016 return -EOPNOTSUPP;
14017 }
14018
14019 if (!info->attrs[NL80211_ATTR_MAC] ||
14020 !info->attrs[NL80211_ATTR_OPER_CLASS])
14021 return -EINVAL;
14022
14023 err = nl80211_parse_chandef(rdev, info, &chandef);
14024 if (err)
14025 return err;
14026
14027 /*
14028 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
14029 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
14030 * specification is not defined for them.
14031 */
14032 if (chandef.chan->band == NL80211_BAND_2GHZ &&
14033 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
14034 chandef.width != NL80211_CHAN_WIDTH_20)
14035 return -EINVAL;
14036
14037 /* we will be active on the TDLS link */
14038 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
14039 wdev->iftype))
14040 return -EINVAL;
14041
14042 /* don't allow switching to DFS channels */
14043 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
14044 return -EINVAL;
14045
14046 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14047 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
14048
14049 wdev_lock(wdev);
14050 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
14051 wdev_unlock(wdev);
14052
14053 return err;
14054}
14055
14056static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
14057 struct genl_info *info)
14058{
14059 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14060 struct net_device *dev = info->user_ptr[1];
14061 struct wireless_dev *wdev = dev->ieee80211_ptr;
14062 const u8 *addr;
14063
14064 if (!rdev->ops->tdls_channel_switch ||
14065 !rdev->ops->tdls_cancel_channel_switch ||
14066 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
14067 return -EOPNOTSUPP;
14068
14069 switch (dev->ieee80211_ptr->iftype) {
14070 case NL80211_IFTYPE_STATION:
14071 case NL80211_IFTYPE_P2P_CLIENT:
14072 break;
14073 default:
14074 return -EOPNOTSUPP;
14075 }
14076
14077 if (!info->attrs[NL80211_ATTR_MAC])
14078 return -EINVAL;
14079
14080 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14081
14082 wdev_lock(wdev);
14083 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
14084 wdev_unlock(wdev);
14085
14086 return 0;
14087}
14088
14089static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
14090 struct genl_info *info)
14091{
14092 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14093 struct net_device *dev = info->user_ptr[1];
14094 struct wireless_dev *wdev = dev->ieee80211_ptr;
14095 const struct nlattr *nla;
14096 bool enabled;
14097
14098 if (!rdev->ops->set_multicast_to_unicast)
14099 return -EOPNOTSUPP;
14100
14101 if (wdev->iftype != NL80211_IFTYPE_AP &&
14102 wdev->iftype != NL80211_IFTYPE_P2P_GO)
14103 return -EOPNOTSUPP;
14104
14105 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
14106 enabled = nla_get_flag(nla);
14107
14108 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
14109}
14110
14111static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
14112{
14113 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14114 struct net_device *dev = info->user_ptr[1];
14115 struct wireless_dev *wdev = dev->ieee80211_ptr;
14116 struct cfg80211_pmk_conf pmk_conf = {};
14117 int ret;
14118
14119 if (wdev->iftype != NL80211_IFTYPE_STATION &&
14120 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14121 return -EOPNOTSUPP;
14122
14123 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14124 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
14125 return -EOPNOTSUPP;
14126
14127 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
14128 return -EINVAL;
14129
14130 wdev_lock(wdev);
14131 if (!wdev->current_bss) {
14132 ret = -ENOTCONN;
14133 goto out;
14134 }
14135
14136 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
14137 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
14138 ret = -EINVAL;
14139 goto out;
14140 }
14141
14142 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
14143 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
14144 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
14145 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
14146 ret = -EINVAL;
14147 goto out;
14148 }
14149
14150 if (info->attrs[NL80211_ATTR_PMKR0_NAME])
14151 pmk_conf.pmk_r0_name =
14152 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
14153
14154 ret = rdev_set_pmk(rdev, dev, &pmk_conf);
14155out:
14156 wdev_unlock(wdev);
14157 return ret;
14158}
14159
14160static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
14161{
14162 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14163 struct net_device *dev = info->user_ptr[1];
14164 struct wireless_dev *wdev = dev->ieee80211_ptr;
14165 const u8 *aa;
14166 int ret;
14167
14168 if (wdev->iftype != NL80211_IFTYPE_STATION &&
14169 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14170 return -EOPNOTSUPP;
14171
14172 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14173 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
14174 return -EOPNOTSUPP;
14175
14176 if (!info->attrs[NL80211_ATTR_MAC])
14177 return -EINVAL;
14178
14179 wdev_lock(wdev);
14180 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
14181 ret = rdev_del_pmk(rdev, dev, aa);
14182 wdev_unlock(wdev);
14183
14184 return ret;
14185}
14186
14187static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
14188{
14189 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14190 struct net_device *dev = info->user_ptr[1];
14191 struct cfg80211_external_auth_params params;
14192
14193 if (!rdev->ops->external_auth)
14194 return -EOPNOTSUPP;
14195
14196 if (!info->attrs[NL80211_ATTR_SSID] &&
14197 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
14198 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
14199 return -EINVAL;
14200
14201 if (!info->attrs[NL80211_ATTR_BSSID])
14202 return -EINVAL;
14203
14204 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
14205 return -EINVAL;
14206
14207 memset(&params, 0, sizeof(params));
14208
14209 if (info->attrs[NL80211_ATTR_SSID]) {
14210 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
14211 if (params.ssid.ssid_len == 0)
14212 return -EINVAL;
14213 memcpy(params.ssid.ssid,
14214 nla_data(info->attrs[NL80211_ATTR_SSID]),
14215 params.ssid.ssid_len);
14216 }
14217
14218 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
14219 ETH_ALEN);
14220
14221 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
14222
14223 if (info->attrs[NL80211_ATTR_PMKID])
14224 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
14225
14226 return rdev_external_auth(rdev, dev, &params);
14227}
14228
14229static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
14230{
14231 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
14232 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14233 struct net_device *dev = info->user_ptr[1];
14234 struct wireless_dev *wdev = dev->ieee80211_ptr;
14235 const u8 *buf;
14236 size_t len;
14237 u8 *dest;
14238 u16 proto;
14239 bool noencrypt;
14240 u64 cookie = 0;
14241 int err;
14242
14243 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14244 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
14245 return -EOPNOTSUPP;
14246
14247 if (!rdev->ops->tx_control_port)
14248 return -EOPNOTSUPP;
14249
14250 if (!info->attrs[NL80211_ATTR_FRAME] ||
14251 !info->attrs[NL80211_ATTR_MAC] ||
14252 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
14253 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
14254 return -EINVAL;
14255 }
14256
14257 wdev_lock(wdev);
14258
14259 switch (wdev->iftype) {
14260 case NL80211_IFTYPE_AP:
14261 case NL80211_IFTYPE_P2P_GO:
14262 case NL80211_IFTYPE_MESH_POINT:
14263 break;
14264 case NL80211_IFTYPE_ADHOC:
14265 case NL80211_IFTYPE_STATION:
14266 case NL80211_IFTYPE_P2P_CLIENT:
14267 if (wdev->current_bss)
14268 break;
14269 err = -ENOTCONN;
14270 goto out;
14271 default:
14272 err = -EOPNOTSUPP;
14273 goto out;
14274 }
14275
14276 wdev_unlock(wdev);
14277
14278 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14279 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14280 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
14281 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
14282 noencrypt =
14283 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
14284
14285 err = rdev_tx_control_port(rdev, dev, buf, len,
14286 dest, cpu_to_be16(proto), noencrypt,
14287 dont_wait_for_ack ? NULL : &cookie);
14288 if (!err && !dont_wait_for_ack)
14289 nl_set_extack_cookie_u64(info->extack, cookie);
14290 return err;
14291 out:
14292 wdev_unlock(wdev);
14293 return err;
14294}
14295
14296static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
14297 struct genl_info *info)
14298{
14299 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14300 struct net_device *dev = info->user_ptr[1];
14301 struct wireless_dev *wdev = dev->ieee80211_ptr;
14302 struct cfg80211_ftm_responder_stats ftm_stats = {};
14303 struct sk_buff *msg;
14304 void *hdr;
14305 struct nlattr *ftm_stats_attr;
14306 int err;
14307
14308 if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
14309 return -EOPNOTSUPP;
14310
14311 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
14312 if (err)
14313 return err;
14314
14315 if (!ftm_stats.filled)
14316 return -ENODATA;
14317
14318 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14319 if (!msg)
14320 return -ENOMEM;
14321
14322 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14323 NL80211_CMD_GET_FTM_RESPONDER_STATS);
14324 if (!hdr)
14325 goto nla_put_failure;
14326
14327 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
14328 goto nla_put_failure;
14329
14330 ftm_stats_attr = nla_nest_start_noflag(msg,
14331 NL80211_ATTR_FTM_RESPONDER_STATS);
14332 if (!ftm_stats_attr)
14333 goto nla_put_failure;
14334
14335#define SET_FTM(field, name, type) \
14336 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
14337 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
14338 ftm_stats.field)) \
14339 goto nla_put_failure; } while (0)
14340#define SET_FTM_U64(field, name) \
14341 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
14342 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
14343 ftm_stats.field, NL80211_FTM_STATS_PAD)) \
14344 goto nla_put_failure; } while (0)
14345
14346 SET_FTM(success_num, SUCCESS_NUM, u32);
14347 SET_FTM(partial_num, PARTIAL_NUM, u32);
14348 SET_FTM(failed_num, FAILED_NUM, u32);
14349 SET_FTM(asap_num, ASAP_NUM, u32);
14350 SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
14351 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
14352 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
14353 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
14354 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
14355#undef SET_FTM
14356
14357 nla_nest_end(msg, ftm_stats_attr);
14358
14359 genlmsg_end(msg, hdr);
14360 return genlmsg_reply(msg, info);
14361
14362nla_put_failure:
14363 nlmsg_free(msg);
14364 return -ENOBUFS;
14365}
14366
14367static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
14368{
14369 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14370 struct cfg80211_update_owe_info owe_info;
14371 struct net_device *dev = info->user_ptr[1];
14372
14373 if (!rdev->ops->update_owe_info)
14374 return -EOPNOTSUPP;
14375
14376 if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
14377 !info->attrs[NL80211_ATTR_MAC])
14378 return -EINVAL;
14379
14380 memset(&owe_info, 0, sizeof(owe_info));
14381 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
14382 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
14383
14384 if (info->attrs[NL80211_ATTR_IE]) {
14385 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
14386 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
14387 }
14388
14389 return rdev_update_owe_info(rdev, dev, &owe_info);
14390}
14391
14392static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
14393{
14394 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14395 struct net_device *dev = info->user_ptr[1];
14396 struct wireless_dev *wdev = dev->ieee80211_ptr;
14397 struct station_info sinfo = {};
14398 const u8 *buf;
14399 size_t len;
14400 u8 *dest;
14401 int err;
14402
14403 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
14404 return -EOPNOTSUPP;
14405
14406 if (!info->attrs[NL80211_ATTR_MAC] ||
14407 !info->attrs[NL80211_ATTR_FRAME]) {
14408 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
14409 return -EINVAL;
14410 }
14411
14412 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
14413 return -EOPNOTSUPP;
14414
14415 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
14416 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14417 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14418
14419 if (len < sizeof(struct ethhdr))
14420 return -EINVAL;
14421
14422 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
14423 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
14424 return -EINVAL;
14425
14426 err = rdev_get_station(rdev, dev, dest, &sinfo);
14427 if (err)
14428 return err;
14429
14430 cfg80211_sinfo_release_content(&sinfo);
14431
14432 return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
14433}
14434
14435static int parse_tid_conf(struct cfg80211_registered_device *rdev,
14436 struct nlattr *attrs[], struct net_device *dev,
14437 struct cfg80211_tid_cfg *tid_conf,
14438 struct genl_info *info, const u8 *peer)
14439{
14440 struct netlink_ext_ack *extack = info->extack;
14441 u64 mask;
14442 int err;
14443
14444 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
14445 return -EINVAL;
14446
14447 tid_conf->config_override =
14448 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
14449 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
14450
14451 if (tid_conf->config_override) {
14452 if (rdev->ops->reset_tid_config) {
14453 err = rdev_reset_tid_config(rdev, dev, peer,
14454 tid_conf->tids);
14455 if (err)
14456 return err;
14457 } else {
14458 return -EINVAL;
14459 }
14460 }
14461
14462 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
14463 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
14464 tid_conf->noack =
14465 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
14466 }
14467
14468 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
14469 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
14470 tid_conf->retry_short =
14471 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
14472
14473 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
14474 return -EINVAL;
14475 }
14476
14477 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
14478 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
14479 tid_conf->retry_long =
14480 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
14481
14482 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
14483 return -EINVAL;
14484 }
14485
14486 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
14487 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
14488 tid_conf->ampdu =
14489 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
14490 }
14491
14492 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
14493 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
14494 tid_conf->rtscts =
14495 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
14496 }
14497
14498 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
14499 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
14500 tid_conf->amsdu =
14501 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
14502 }
14503
14504 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
14505 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
14506
14507 tid_conf->txrate_type = nla_get_u8(attrs[idx]);
14508
14509 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
14510 attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
14511 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
14512 &tid_conf->txrate_mask, dev);
14513 if (err)
14514 return err;
14515
14516 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
14517 }
14518 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
14519 }
14520
14521 if (peer)
14522 mask = rdev->wiphy.tid_config_support.peer;
14523 else
14524 mask = rdev->wiphy.tid_config_support.vif;
14525
14526 if (tid_conf->mask & ~mask) {
14527 NL_SET_ERR_MSG(extack, "unsupported TID configuration");
14528 return -ENOTSUPP;
14529 }
14530
14531 return 0;
14532}
14533
14534static int nl80211_set_tid_config(struct sk_buff *skb,
14535 struct genl_info *info)
14536{
14537 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14538 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
14539 struct net_device *dev = info->user_ptr[1];
14540 struct cfg80211_tid_config *tid_config;
14541 struct nlattr *tid;
14542 int conf_idx = 0, rem_conf;
14543 int ret = -EINVAL;
14544 u32 num_conf = 0;
14545
14546 if (!info->attrs[NL80211_ATTR_TID_CONFIG])
14547 return -EINVAL;
14548
14549 if (!rdev->ops->set_tid_config)
14550 return -EOPNOTSUPP;
14551
14552 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14553 rem_conf)
14554 num_conf++;
14555
14556 tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
14557 GFP_KERNEL);
14558 if (!tid_config)
14559 return -ENOMEM;
14560
14561 tid_config->n_tid_conf = num_conf;
14562
14563 if (info->attrs[NL80211_ATTR_MAC])
14564 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14565
14566 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14567 rem_conf) {
14568 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
14569 tid, NULL, NULL);
14570
14571 if (ret)
14572 goto bad_tid_conf;
14573
14574 ret = parse_tid_conf(rdev, attrs, dev,
14575 &tid_config->tid_conf[conf_idx],
14576 info, tid_config->peer);
14577 if (ret)
14578 goto bad_tid_conf;
14579
14580 conf_idx++;
14581 }
14582
14583 ret = rdev_set_tid_config(rdev, dev, tid_config);
14584
14585bad_tid_conf:
14586 kfree(tid_config);
14587 return ret;
14588}
14589
14590#define NL80211_FLAG_NEED_WIPHY 0x01
14591#define NL80211_FLAG_NEED_NETDEV 0x02
14592#define NL80211_FLAG_NEED_RTNL 0x04
14593#define NL80211_FLAG_CHECK_NETDEV_UP 0x08
14594#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
14595 NL80211_FLAG_CHECK_NETDEV_UP)
14596#define NL80211_FLAG_NEED_WDEV 0x10
14597/* If a netdev is associated, it must be UP, P2P must be started */
14598#define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
14599 NL80211_FLAG_CHECK_NETDEV_UP)
14600#define NL80211_FLAG_CLEAR_SKB 0x20
14601
14602static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
14603 struct genl_info *info)
14604{
14605 struct cfg80211_registered_device *rdev;
14606 struct wireless_dev *wdev;
14607 struct net_device *dev;
14608 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
14609
14610 if (rtnl)
14611 rtnl_lock();
14612
14613 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
14614 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
14615 if (IS_ERR(rdev)) {
14616 if (rtnl)
14617 rtnl_unlock();
14618 return PTR_ERR(rdev);
14619 }
14620 info->user_ptr[0] = rdev;
14621 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
14622 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14623 ASSERT_RTNL();
14624
14625 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
14626 info->attrs);
14627 if (IS_ERR(wdev)) {
14628 if (rtnl)
14629 rtnl_unlock();
14630 return PTR_ERR(wdev);
14631 }
14632
14633 dev = wdev->netdev;
14634 rdev = wiphy_to_rdev(wdev->wiphy);
14635
14636 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
14637 if (!dev) {
14638 if (rtnl)
14639 rtnl_unlock();
14640 return -EINVAL;
14641 }
14642
14643 info->user_ptr[1] = dev;
14644 } else {
14645 info->user_ptr[1] = wdev;
14646 }
14647
14648 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
14649 !wdev_running(wdev)) {
14650 if (rtnl)
14651 rtnl_unlock();
14652 return -ENETDOWN;
14653 }
14654
14655 if (dev)
14656 dev_hold(dev);
14657
14658 info->user_ptr[0] = rdev;
14659 }
14660
14661 return 0;
14662}
14663
14664static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
14665 struct genl_info *info)
14666{
14667 if (info->user_ptr[1]) {
14668 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14669 struct wireless_dev *wdev = info->user_ptr[1];
14670
14671 if (wdev->netdev)
14672 dev_put(wdev->netdev);
14673 } else {
14674 dev_put(info->user_ptr[1]);
14675 }
14676 }
14677
14678 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
14679 rtnl_unlock();
14680
14681 /* If needed, clear the netlink message payload from the SKB
14682 * as it might contain key data that shouldn't stick around on
14683 * the heap after the SKB is freed. The netlink message header
14684 * is still needed for further processing, so leave it intact.
14685 */
14686 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
14687 struct nlmsghdr *nlh = nlmsg_hdr(skb);
14688
14689 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
14690 }
14691}
14692
14693static const struct genl_ops nl80211_ops[] = {
14694 {
14695 .cmd = NL80211_CMD_GET_WIPHY,
14696 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14697 .doit = nl80211_get_wiphy,
14698 .dumpit = nl80211_dump_wiphy,
14699 .done = nl80211_dump_wiphy_done,
14700 /* can be retrieved by unprivileged users */
14701 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14702 NL80211_FLAG_NEED_RTNL,
14703 },
14704};
14705
14706static const struct genl_small_ops nl80211_small_ops[] = {
14707 {
14708 .cmd = NL80211_CMD_SET_WIPHY,
14709 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14710 .doit = nl80211_set_wiphy,
14711 .flags = GENL_UNS_ADMIN_PERM,
14712 .internal_flags = NL80211_FLAG_NEED_RTNL,
14713 },
14714 {
14715 .cmd = NL80211_CMD_GET_INTERFACE,
14716 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14717 .doit = nl80211_get_interface,
14718 .dumpit = nl80211_dump_interface,
14719 /* can be retrieved by unprivileged users */
14720 .internal_flags = NL80211_FLAG_NEED_WDEV |
14721 NL80211_FLAG_NEED_RTNL,
14722 },
14723 {
14724 .cmd = NL80211_CMD_SET_INTERFACE,
14725 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14726 .doit = nl80211_set_interface,
14727 .flags = GENL_UNS_ADMIN_PERM,
14728 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14729 NL80211_FLAG_NEED_RTNL,
14730 },
14731 {
14732 .cmd = NL80211_CMD_NEW_INTERFACE,
14733 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14734 .doit = nl80211_new_interface,
14735 .flags = GENL_UNS_ADMIN_PERM,
14736 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14737 NL80211_FLAG_NEED_RTNL,
14738 },
14739 {
14740 .cmd = NL80211_CMD_DEL_INTERFACE,
14741 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14742 .doit = nl80211_del_interface,
14743 .flags = GENL_UNS_ADMIN_PERM,
14744 .internal_flags = NL80211_FLAG_NEED_WDEV |
14745 NL80211_FLAG_NEED_RTNL,
14746 },
14747 {
14748 .cmd = NL80211_CMD_GET_KEY,
14749 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14750 .doit = nl80211_get_key,
14751 .flags = GENL_UNS_ADMIN_PERM,
14752 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14753 NL80211_FLAG_NEED_RTNL,
14754 },
14755 {
14756 .cmd = NL80211_CMD_SET_KEY,
14757 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14758 .doit = nl80211_set_key,
14759 .flags = GENL_UNS_ADMIN_PERM,
14760 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14761 NL80211_FLAG_NEED_RTNL |
14762 NL80211_FLAG_CLEAR_SKB,
14763 },
14764 {
14765 .cmd = NL80211_CMD_NEW_KEY,
14766 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14767 .doit = nl80211_new_key,
14768 .flags = GENL_UNS_ADMIN_PERM,
14769 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14770 NL80211_FLAG_NEED_RTNL |
14771 NL80211_FLAG_CLEAR_SKB,
14772 },
14773 {
14774 .cmd = NL80211_CMD_DEL_KEY,
14775 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14776 .doit = nl80211_del_key,
14777 .flags = GENL_UNS_ADMIN_PERM,
14778 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14779 NL80211_FLAG_NEED_RTNL,
14780 },
14781 {
14782 .cmd = NL80211_CMD_SET_BEACON,
14783 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14784 .flags = GENL_UNS_ADMIN_PERM,
14785 .doit = nl80211_set_beacon,
14786 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14787 NL80211_FLAG_NEED_RTNL,
14788 },
14789 {
14790 .cmd = NL80211_CMD_START_AP,
14791 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14792 .flags = GENL_UNS_ADMIN_PERM,
14793 .doit = nl80211_start_ap,
14794 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14795 NL80211_FLAG_NEED_RTNL,
14796 },
14797 {
14798 .cmd = NL80211_CMD_STOP_AP,
14799 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14800 .flags = GENL_UNS_ADMIN_PERM,
14801 .doit = nl80211_stop_ap,
14802 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14803 NL80211_FLAG_NEED_RTNL,
14804 },
14805 {
14806 .cmd = NL80211_CMD_GET_STATION,
14807 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14808 .doit = nl80211_get_station,
14809 .dumpit = nl80211_dump_station,
14810 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14811 NL80211_FLAG_NEED_RTNL,
14812 },
14813 {
14814 .cmd = NL80211_CMD_SET_STATION,
14815 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14816 .doit = nl80211_set_station,
14817 .flags = GENL_UNS_ADMIN_PERM,
14818 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14819 NL80211_FLAG_NEED_RTNL,
14820 },
14821 {
14822 .cmd = NL80211_CMD_NEW_STATION,
14823 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14824 .doit = nl80211_new_station,
14825 .flags = GENL_UNS_ADMIN_PERM,
14826 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14827 NL80211_FLAG_NEED_RTNL,
14828 },
14829 {
14830 .cmd = NL80211_CMD_DEL_STATION,
14831 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14832 .doit = nl80211_del_station,
14833 .flags = GENL_UNS_ADMIN_PERM,
14834 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14835 NL80211_FLAG_NEED_RTNL,
14836 },
14837 {
14838 .cmd = NL80211_CMD_GET_MPATH,
14839 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14840 .doit = nl80211_get_mpath,
14841 .dumpit = nl80211_dump_mpath,
14842 .flags = GENL_UNS_ADMIN_PERM,
14843 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14844 NL80211_FLAG_NEED_RTNL,
14845 },
14846 {
14847 .cmd = NL80211_CMD_GET_MPP,
14848 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14849 .doit = nl80211_get_mpp,
14850 .dumpit = nl80211_dump_mpp,
14851 .flags = GENL_UNS_ADMIN_PERM,
14852 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14853 NL80211_FLAG_NEED_RTNL,
14854 },
14855 {
14856 .cmd = NL80211_CMD_SET_MPATH,
14857 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14858 .doit = nl80211_set_mpath,
14859 .flags = GENL_UNS_ADMIN_PERM,
14860 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14861 NL80211_FLAG_NEED_RTNL,
14862 },
14863 {
14864 .cmd = NL80211_CMD_NEW_MPATH,
14865 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14866 .doit = nl80211_new_mpath,
14867 .flags = GENL_UNS_ADMIN_PERM,
14868 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14869 NL80211_FLAG_NEED_RTNL,
14870 },
14871 {
14872 .cmd = NL80211_CMD_DEL_MPATH,
14873 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14874 .doit = nl80211_del_mpath,
14875 .flags = GENL_UNS_ADMIN_PERM,
14876 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14877 NL80211_FLAG_NEED_RTNL,
14878 },
14879 {
14880 .cmd = NL80211_CMD_SET_BSS,
14881 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14882 .doit = nl80211_set_bss,
14883 .flags = GENL_UNS_ADMIN_PERM,
14884 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14885 NL80211_FLAG_NEED_RTNL,
14886 },
14887 {
14888 .cmd = NL80211_CMD_GET_REG,
14889 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14890 .doit = nl80211_get_reg_do,
14891 .dumpit = nl80211_get_reg_dump,
14892 .internal_flags = NL80211_FLAG_NEED_RTNL,
14893 /* can be retrieved by unprivileged users */
14894 },
14895#ifdef CONFIG_CFG80211_CRDA_SUPPORT
14896 {
14897 .cmd = NL80211_CMD_SET_REG,
14898 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14899 .doit = nl80211_set_reg,
14900 .flags = GENL_ADMIN_PERM,
14901 .internal_flags = NL80211_FLAG_NEED_RTNL,
14902 },
14903#endif
14904 {
14905 .cmd = NL80211_CMD_REQ_SET_REG,
14906 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14907 .doit = nl80211_req_set_reg,
14908 .flags = GENL_ADMIN_PERM,
14909 },
14910 {
14911 .cmd = NL80211_CMD_RELOAD_REGDB,
14912 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14913 .doit = nl80211_reload_regdb,
14914 .flags = GENL_ADMIN_PERM,
14915 },
14916 {
14917 .cmd = NL80211_CMD_GET_MESH_CONFIG,
14918 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14919 .doit = nl80211_get_mesh_config,
14920 /* can be retrieved by unprivileged users */
14921 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14922 NL80211_FLAG_NEED_RTNL,
14923 },
14924 {
14925 .cmd = NL80211_CMD_SET_MESH_CONFIG,
14926 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14927 .doit = nl80211_update_mesh_config,
14928 .flags = GENL_UNS_ADMIN_PERM,
14929 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14930 NL80211_FLAG_NEED_RTNL,
14931 },
14932 {
14933 .cmd = NL80211_CMD_TRIGGER_SCAN,
14934 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14935 .doit = nl80211_trigger_scan,
14936 .flags = GENL_UNS_ADMIN_PERM,
14937 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14938 NL80211_FLAG_NEED_RTNL,
14939 },
14940 {
14941 .cmd = NL80211_CMD_ABORT_SCAN,
14942 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14943 .doit = nl80211_abort_scan,
14944 .flags = GENL_UNS_ADMIN_PERM,
14945 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14946 NL80211_FLAG_NEED_RTNL,
14947 },
14948 {
14949 .cmd = NL80211_CMD_GET_SCAN,
14950 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14951 .dumpit = nl80211_dump_scan,
14952 },
14953 {
14954 .cmd = NL80211_CMD_START_SCHED_SCAN,
14955 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14956 .doit = nl80211_start_sched_scan,
14957 .flags = GENL_UNS_ADMIN_PERM,
14958 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14959 NL80211_FLAG_NEED_RTNL,
14960 },
14961 {
14962 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
14963 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14964 .doit = nl80211_stop_sched_scan,
14965 .flags = GENL_UNS_ADMIN_PERM,
14966 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14967 NL80211_FLAG_NEED_RTNL,
14968 },
14969 {
14970 .cmd = NL80211_CMD_AUTHENTICATE,
14971 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14972 .doit = nl80211_authenticate,
14973 .flags = GENL_UNS_ADMIN_PERM,
14974 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14975 NL80211_FLAG_NEED_RTNL |
14976 NL80211_FLAG_CLEAR_SKB,
14977 },
14978 {
14979 .cmd = NL80211_CMD_ASSOCIATE,
14980 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14981 .doit = nl80211_associate,
14982 .flags = GENL_UNS_ADMIN_PERM,
14983 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14984 NL80211_FLAG_NEED_RTNL |
14985 NL80211_FLAG_CLEAR_SKB,
14986 },
14987 {
14988 .cmd = NL80211_CMD_DEAUTHENTICATE,
14989 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14990 .doit = nl80211_deauthenticate,
14991 .flags = GENL_UNS_ADMIN_PERM,
14992 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14993 NL80211_FLAG_NEED_RTNL,
14994 },
14995 {
14996 .cmd = NL80211_CMD_DISASSOCIATE,
14997 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14998 .doit = nl80211_disassociate,
14999 .flags = GENL_UNS_ADMIN_PERM,
15000 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15001 NL80211_FLAG_NEED_RTNL,
15002 },
15003 {
15004 .cmd = NL80211_CMD_JOIN_IBSS,
15005 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15006 .doit = nl80211_join_ibss,
15007 .flags = GENL_UNS_ADMIN_PERM,
15008 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15009 NL80211_FLAG_NEED_RTNL,
15010 },
15011 {
15012 .cmd = NL80211_CMD_LEAVE_IBSS,
15013 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15014 .doit = nl80211_leave_ibss,
15015 .flags = GENL_UNS_ADMIN_PERM,
15016 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15017 NL80211_FLAG_NEED_RTNL,
15018 },
15019#ifdef CONFIG_NL80211_TESTMODE
15020 {
15021 .cmd = NL80211_CMD_TESTMODE,
15022 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15023 .doit = nl80211_testmode_do,
15024 .dumpit = nl80211_testmode_dump,
15025 .flags = GENL_UNS_ADMIN_PERM,
15026 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15027 NL80211_FLAG_NEED_RTNL,
15028 },
15029#endif
15030 {
15031 .cmd = NL80211_CMD_CONNECT,
15032 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15033 .doit = nl80211_connect,
15034 .flags = GENL_UNS_ADMIN_PERM,
15035 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15036 NL80211_FLAG_NEED_RTNL |
15037 NL80211_FLAG_CLEAR_SKB,
15038 },
15039 {
15040 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
15041 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15042 .doit = nl80211_update_connect_params,
15043 .flags = GENL_ADMIN_PERM,
15044 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15045 NL80211_FLAG_NEED_RTNL |
15046 NL80211_FLAG_CLEAR_SKB,
15047 },
15048 {
15049 .cmd = NL80211_CMD_DISCONNECT,
15050 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15051 .doit = nl80211_disconnect,
15052 .flags = GENL_UNS_ADMIN_PERM,
15053 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15054 NL80211_FLAG_NEED_RTNL,
15055 },
15056 {
15057 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
15058 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15059 .doit = nl80211_wiphy_netns,
15060 .flags = GENL_UNS_ADMIN_PERM,
15061 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15062 NL80211_FLAG_NEED_RTNL,
15063 },
15064 {
15065 .cmd = NL80211_CMD_GET_SURVEY,
15066 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15067 .dumpit = nl80211_dump_survey,
15068 },
15069 {
15070 .cmd = NL80211_CMD_SET_PMKSA,
15071 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15072 .doit = nl80211_setdel_pmksa,
15073 .flags = GENL_UNS_ADMIN_PERM,
15074 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15075 NL80211_FLAG_NEED_RTNL |
15076 NL80211_FLAG_CLEAR_SKB,
15077 },
15078 {
15079 .cmd = NL80211_CMD_DEL_PMKSA,
15080 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15081 .doit = nl80211_setdel_pmksa,
15082 .flags = GENL_UNS_ADMIN_PERM,
15083 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15084 NL80211_FLAG_NEED_RTNL,
15085 },
15086 {
15087 .cmd = NL80211_CMD_FLUSH_PMKSA,
15088 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15089 .doit = nl80211_flush_pmksa,
15090 .flags = GENL_UNS_ADMIN_PERM,
15091 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15092 NL80211_FLAG_NEED_RTNL,
15093 },
15094 {
15095 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
15096 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15097 .doit = nl80211_remain_on_channel,
15098 .flags = GENL_UNS_ADMIN_PERM,
15099 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15100 NL80211_FLAG_NEED_RTNL,
15101 },
15102 {
15103 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15104 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15105 .doit = nl80211_cancel_remain_on_channel,
15106 .flags = GENL_UNS_ADMIN_PERM,
15107 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15108 NL80211_FLAG_NEED_RTNL,
15109 },
15110 {
15111 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
15112 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15113 .doit = nl80211_set_tx_bitrate_mask,
15114 .flags = GENL_UNS_ADMIN_PERM,
15115 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15116 NL80211_FLAG_NEED_RTNL,
15117 },
15118 {
15119 .cmd = NL80211_CMD_REGISTER_FRAME,
15120 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15121 .doit = nl80211_register_mgmt,
15122 .flags = GENL_UNS_ADMIN_PERM,
15123 .internal_flags = NL80211_FLAG_NEED_WDEV |
15124 NL80211_FLAG_NEED_RTNL,
15125 },
15126 {
15127 .cmd = NL80211_CMD_FRAME,
15128 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15129 .doit = nl80211_tx_mgmt,
15130 .flags = GENL_UNS_ADMIN_PERM,
15131 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15132 NL80211_FLAG_NEED_RTNL,
15133 },
15134 {
15135 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
15136 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15137 .doit = nl80211_tx_mgmt_cancel_wait,
15138 .flags = GENL_UNS_ADMIN_PERM,
15139 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15140 NL80211_FLAG_NEED_RTNL,
15141 },
15142 {
15143 .cmd = NL80211_CMD_SET_POWER_SAVE,
15144 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15145 .doit = nl80211_set_power_save,
15146 .flags = GENL_UNS_ADMIN_PERM,
15147 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15148 NL80211_FLAG_NEED_RTNL,
15149 },
15150 {
15151 .cmd = NL80211_CMD_GET_POWER_SAVE,
15152 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15153 .doit = nl80211_get_power_save,
15154 /* can be retrieved by unprivileged users */
15155 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15156 NL80211_FLAG_NEED_RTNL,
15157 },
15158 {
15159 .cmd = NL80211_CMD_SET_CQM,
15160 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15161 .doit = nl80211_set_cqm,
15162 .flags = GENL_UNS_ADMIN_PERM,
15163 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15164 NL80211_FLAG_NEED_RTNL,
15165 },
15166 {
15167 .cmd = NL80211_CMD_SET_CHANNEL,
15168 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15169 .doit = nl80211_set_channel,
15170 .flags = GENL_UNS_ADMIN_PERM,
15171 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15172 NL80211_FLAG_NEED_RTNL,
15173 },
15174 {
15175 .cmd = NL80211_CMD_SET_WDS_PEER,
15176 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15177 .doit = nl80211_set_wds_peer,
15178 .flags = GENL_UNS_ADMIN_PERM,
15179 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15180 NL80211_FLAG_NEED_RTNL,
15181 },
15182 {
15183 .cmd = NL80211_CMD_JOIN_MESH,
15184 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15185 .doit = nl80211_join_mesh,
15186 .flags = GENL_UNS_ADMIN_PERM,
15187 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15188 NL80211_FLAG_NEED_RTNL,
15189 },
15190 {
15191 .cmd = NL80211_CMD_LEAVE_MESH,
15192 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15193 .doit = nl80211_leave_mesh,
15194 .flags = GENL_UNS_ADMIN_PERM,
15195 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15196 NL80211_FLAG_NEED_RTNL,
15197 },
15198 {
15199 .cmd = NL80211_CMD_JOIN_OCB,
15200 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15201 .doit = nl80211_join_ocb,
15202 .flags = GENL_UNS_ADMIN_PERM,
15203 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15204 NL80211_FLAG_NEED_RTNL,
15205 },
15206 {
15207 .cmd = NL80211_CMD_LEAVE_OCB,
15208 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15209 .doit = nl80211_leave_ocb,
15210 .flags = GENL_UNS_ADMIN_PERM,
15211 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15212 NL80211_FLAG_NEED_RTNL,
15213 },
15214#ifdef CONFIG_PM
15215 {
15216 .cmd = NL80211_CMD_GET_WOWLAN,
15217 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15218 .doit = nl80211_get_wowlan,
15219 /* can be retrieved by unprivileged users */
15220 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15221 NL80211_FLAG_NEED_RTNL,
15222 },
15223 {
15224 .cmd = NL80211_CMD_SET_WOWLAN,
15225 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15226 .doit = nl80211_set_wowlan,
15227 .flags = GENL_UNS_ADMIN_PERM,
15228 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15229 NL80211_FLAG_NEED_RTNL,
15230 },
15231#endif
15232 {
15233 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
15234 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15235 .doit = nl80211_set_rekey_data,
15236 .flags = GENL_UNS_ADMIN_PERM,
15237 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15238 NL80211_FLAG_NEED_RTNL |
15239 NL80211_FLAG_CLEAR_SKB,
15240 },
15241 {
15242 .cmd = NL80211_CMD_TDLS_MGMT,
15243 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15244 .doit = nl80211_tdls_mgmt,
15245 .flags = GENL_UNS_ADMIN_PERM,
15246 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15247 NL80211_FLAG_NEED_RTNL,
15248 },
15249 {
15250 .cmd = NL80211_CMD_TDLS_OPER,
15251 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15252 .doit = nl80211_tdls_oper,
15253 .flags = GENL_UNS_ADMIN_PERM,
15254 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15255 NL80211_FLAG_NEED_RTNL,
15256 },
15257 {
15258 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
15259 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15260 .doit = nl80211_register_unexpected_frame,
15261 .flags = GENL_UNS_ADMIN_PERM,
15262 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15263 NL80211_FLAG_NEED_RTNL,
15264 },
15265 {
15266 .cmd = NL80211_CMD_PROBE_CLIENT,
15267 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15268 .doit = nl80211_probe_client,
15269 .flags = GENL_UNS_ADMIN_PERM,
15270 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15271 NL80211_FLAG_NEED_RTNL,
15272 },
15273 {
15274 .cmd = NL80211_CMD_REGISTER_BEACONS,
15275 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15276 .doit = nl80211_register_beacons,
15277 .flags = GENL_UNS_ADMIN_PERM,
15278 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15279 NL80211_FLAG_NEED_RTNL,
15280 },
15281 {
15282 .cmd = NL80211_CMD_SET_NOACK_MAP,
15283 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15284 .doit = nl80211_set_noack_map,
15285 .flags = GENL_UNS_ADMIN_PERM,
15286 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15287 NL80211_FLAG_NEED_RTNL,
15288 },
15289 {
15290 .cmd = NL80211_CMD_START_P2P_DEVICE,
15291 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15292 .doit = nl80211_start_p2p_device,
15293 .flags = GENL_UNS_ADMIN_PERM,
15294 .internal_flags = NL80211_FLAG_NEED_WDEV |
15295 NL80211_FLAG_NEED_RTNL,
15296 },
15297 {
15298 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
15299 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15300 .doit = nl80211_stop_p2p_device,
15301 .flags = GENL_UNS_ADMIN_PERM,
15302 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15303 NL80211_FLAG_NEED_RTNL,
15304 },
15305 {
15306 .cmd = NL80211_CMD_START_NAN,
15307 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15308 .doit = nl80211_start_nan,
15309 .flags = GENL_ADMIN_PERM,
15310 .internal_flags = NL80211_FLAG_NEED_WDEV |
15311 NL80211_FLAG_NEED_RTNL,
15312 },
15313 {
15314 .cmd = NL80211_CMD_STOP_NAN,
15315 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15316 .doit = nl80211_stop_nan,
15317 .flags = GENL_ADMIN_PERM,
15318 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15319 NL80211_FLAG_NEED_RTNL,
15320 },
15321 {
15322 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
15323 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15324 .doit = nl80211_nan_add_func,
15325 .flags = GENL_ADMIN_PERM,
15326 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15327 NL80211_FLAG_NEED_RTNL,
15328 },
15329 {
15330 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
15331 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15332 .doit = nl80211_nan_del_func,
15333 .flags = GENL_ADMIN_PERM,
15334 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15335 NL80211_FLAG_NEED_RTNL,
15336 },
15337 {
15338 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
15339 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15340 .doit = nl80211_nan_change_config,
15341 .flags = GENL_ADMIN_PERM,
15342 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15343 NL80211_FLAG_NEED_RTNL,
15344 },
15345 {
15346 .cmd = NL80211_CMD_SET_MCAST_RATE,
15347 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15348 .doit = nl80211_set_mcast_rate,
15349 .flags = GENL_UNS_ADMIN_PERM,
15350 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15351 NL80211_FLAG_NEED_RTNL,
15352 },
15353 {
15354 .cmd = NL80211_CMD_SET_MAC_ACL,
15355 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15356 .doit = nl80211_set_mac_acl,
15357 .flags = GENL_UNS_ADMIN_PERM,
15358 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15359 NL80211_FLAG_NEED_RTNL,
15360 },
15361 {
15362 .cmd = NL80211_CMD_RADAR_DETECT,
15363 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15364 .doit = nl80211_start_radar_detection,
15365 .flags = GENL_UNS_ADMIN_PERM,
15366 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15367 NL80211_FLAG_NEED_RTNL,
15368 },
15369 {
15370 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
15371 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15372 .doit = nl80211_get_protocol_features,
15373 },
15374 {
15375 .cmd = NL80211_CMD_UPDATE_FT_IES,
15376 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15377 .doit = nl80211_update_ft_ies,
15378 .flags = GENL_UNS_ADMIN_PERM,
15379 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15380 NL80211_FLAG_NEED_RTNL,
15381 },
15382 {
15383 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
15384 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15385 .doit = nl80211_crit_protocol_start,
15386 .flags = GENL_UNS_ADMIN_PERM,
15387 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15388 NL80211_FLAG_NEED_RTNL,
15389 },
15390 {
15391 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
15392 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15393 .doit = nl80211_crit_protocol_stop,
15394 .flags = GENL_UNS_ADMIN_PERM,
15395 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15396 NL80211_FLAG_NEED_RTNL,
15397 },
15398 {
15399 .cmd = NL80211_CMD_GET_COALESCE,
15400 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15401 .doit = nl80211_get_coalesce,
15402 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15403 NL80211_FLAG_NEED_RTNL,
15404 },
15405 {
15406 .cmd = NL80211_CMD_SET_COALESCE,
15407 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15408 .doit = nl80211_set_coalesce,
15409 .flags = GENL_UNS_ADMIN_PERM,
15410 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15411 NL80211_FLAG_NEED_RTNL,
15412 },
15413 {
15414 .cmd = NL80211_CMD_CHANNEL_SWITCH,
15415 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15416 .doit = nl80211_channel_switch,
15417 .flags = GENL_UNS_ADMIN_PERM,
15418 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15419 NL80211_FLAG_NEED_RTNL,
15420 },
15421 {
15422 .cmd = NL80211_CMD_VENDOR,
15423 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15424 .doit = nl80211_vendor_cmd,
15425 .dumpit = nl80211_vendor_cmd_dump,
15426 .flags = GENL_UNS_ADMIN_PERM,
15427 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15428 NL80211_FLAG_NEED_RTNL |
15429 NL80211_FLAG_CLEAR_SKB,
15430 },
15431 {
15432 .cmd = NL80211_CMD_SET_QOS_MAP,
15433 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15434 .doit = nl80211_set_qos_map,
15435 .flags = GENL_UNS_ADMIN_PERM,
15436 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15437 NL80211_FLAG_NEED_RTNL,
15438 },
15439 {
15440 .cmd = NL80211_CMD_ADD_TX_TS,
15441 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15442 .doit = nl80211_add_tx_ts,
15443 .flags = GENL_UNS_ADMIN_PERM,
15444 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15445 NL80211_FLAG_NEED_RTNL,
15446 },
15447 {
15448 .cmd = NL80211_CMD_DEL_TX_TS,
15449 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15450 .doit = nl80211_del_tx_ts,
15451 .flags = GENL_UNS_ADMIN_PERM,
15452 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15453 NL80211_FLAG_NEED_RTNL,
15454 },
15455 {
15456 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
15457 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15458 .doit = nl80211_tdls_channel_switch,
15459 .flags = GENL_UNS_ADMIN_PERM,
15460 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15461 NL80211_FLAG_NEED_RTNL,
15462 },
15463 {
15464 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
15465 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15466 .doit = nl80211_tdls_cancel_channel_switch,
15467 .flags = GENL_UNS_ADMIN_PERM,
15468 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15469 NL80211_FLAG_NEED_RTNL,
15470 },
15471 {
15472 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
15473 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15474 .doit = nl80211_set_multicast_to_unicast,
15475 .flags = GENL_UNS_ADMIN_PERM,
15476 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15477 NL80211_FLAG_NEED_RTNL,
15478 },
15479 {
15480 .cmd = NL80211_CMD_SET_PMK,
15481 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15482 .doit = nl80211_set_pmk,
15483 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15484 NL80211_FLAG_NEED_RTNL |
15485 NL80211_FLAG_CLEAR_SKB,
15486 },
15487 {
15488 .cmd = NL80211_CMD_DEL_PMK,
15489 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15490 .doit = nl80211_del_pmk,
15491 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15492 NL80211_FLAG_NEED_RTNL,
15493 },
15494 {
15495 .cmd = NL80211_CMD_EXTERNAL_AUTH,
15496 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15497 .doit = nl80211_external_auth,
15498 .flags = GENL_ADMIN_PERM,
15499 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15500 NL80211_FLAG_NEED_RTNL,
15501 },
15502 {
15503 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
15504 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15505 .doit = nl80211_tx_control_port,
15506 .flags = GENL_UNS_ADMIN_PERM,
15507 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15508 NL80211_FLAG_NEED_RTNL,
15509 },
15510 {
15511 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
15512 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15513 .doit = nl80211_get_ftm_responder_stats,
15514 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15515 NL80211_FLAG_NEED_RTNL,
15516 },
15517 {
15518 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
15519 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15520 .doit = nl80211_pmsr_start,
15521 .flags = GENL_UNS_ADMIN_PERM,
15522 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15523 NL80211_FLAG_NEED_RTNL,
15524 },
15525 {
15526 .cmd = NL80211_CMD_NOTIFY_RADAR,
15527 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15528 .doit = nl80211_notify_radar_detection,
15529 .flags = GENL_UNS_ADMIN_PERM,
15530 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15531 NL80211_FLAG_NEED_RTNL,
15532 },
15533 {
15534 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
15535 .doit = nl80211_update_owe_info,
15536 .flags = GENL_ADMIN_PERM,
15537 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15538 NL80211_FLAG_NEED_RTNL,
15539 },
15540 {
15541 .cmd = NL80211_CMD_PROBE_MESH_LINK,
15542 .doit = nl80211_probe_mesh_link,
15543 .flags = GENL_UNS_ADMIN_PERM,
15544 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15545 NL80211_FLAG_NEED_RTNL,
15546 },
15547 {
15548 .cmd = NL80211_CMD_SET_TID_CONFIG,
15549 .doit = nl80211_set_tid_config,
15550 .flags = GENL_UNS_ADMIN_PERM,
15551 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15552 NL80211_FLAG_NEED_RTNL,
15553 },
15554};
15555
15556static struct genl_family nl80211_fam __ro_after_init = {
15557 .name = NL80211_GENL_NAME, /* have users key off the name instead */
15558 .hdrsize = 0, /* no private header */
15559 .version = 1, /* no particular meaning now */
15560 .maxattr = NL80211_ATTR_MAX,
15561 .policy = nl80211_policy,
15562 .netnsok = true,
15563 .pre_doit = nl80211_pre_doit,
15564 .post_doit = nl80211_post_doit,
15565 .module = THIS_MODULE,
15566 .ops = nl80211_ops,
15567 .n_ops = ARRAY_SIZE(nl80211_ops),
15568 .small_ops = nl80211_small_ops,
15569 .n_small_ops = ARRAY_SIZE(nl80211_small_ops),
15570 .mcgrps = nl80211_mcgrps,
15571 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
15572 .parallel_ops = true,
15573};
15574
15575/* notification functions */
15576
15577void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
15578 enum nl80211_commands cmd)
15579{
15580 struct sk_buff *msg;
15581 struct nl80211_dump_wiphy_state state = {};
15582
15583 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
15584 cmd != NL80211_CMD_DEL_WIPHY);
15585
15586 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15587 if (!msg)
15588 return;
15589
15590 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
15591 nlmsg_free(msg);
15592 return;
15593 }
15594
15595 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15596 NL80211_MCGRP_CONFIG, GFP_KERNEL);
15597}
15598
15599void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
15600 struct wireless_dev *wdev,
15601 enum nl80211_commands cmd)
15602{
15603 struct sk_buff *msg;
15604
15605 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15606 if (!msg)
15607 return;
15608
15609 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
15610 nlmsg_free(msg);
15611 return;
15612 }
15613
15614 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15615 NL80211_MCGRP_CONFIG, GFP_KERNEL);
15616}
15617
15618static int nl80211_add_scan_req(struct sk_buff *msg,
15619 struct cfg80211_registered_device *rdev)
15620{
15621 struct cfg80211_scan_request *req = rdev->scan_req;
15622 struct nlattr *nest;
15623 int i;
15624 struct cfg80211_scan_info *info;
15625
15626 if (WARN_ON(!req))
15627 return 0;
15628
15629 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
15630 if (!nest)
15631 goto nla_put_failure;
15632 for (i = 0; i < req->n_ssids; i++) {
15633 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
15634 goto nla_put_failure;
15635 }
15636 nla_nest_end(msg, nest);
15637
15638 if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
15639 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
15640 if (!nest)
15641 goto nla_put_failure;
15642 for (i = 0; i < req->n_channels; i++) {
15643 if (nla_put_u32(msg, i,
15644 ieee80211_channel_to_khz(req->channels[i])))
15645 goto nla_put_failure;
15646 }
15647 nla_nest_end(msg, nest);
15648 } else {
15649 nest = nla_nest_start_noflag(msg,
15650 NL80211_ATTR_SCAN_FREQUENCIES);
15651 if (!nest)
15652 goto nla_put_failure;
15653 for (i = 0; i < req->n_channels; i++) {
15654 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
15655 goto nla_put_failure;
15656 }
15657 nla_nest_end(msg, nest);
15658 }
15659
15660 if (req->ie &&
15661 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
15662 goto nla_put_failure;
15663
15664 if (req->flags &&
15665 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
15666 goto nla_put_failure;
15667
15668 info = rdev->int_scan_req ? &rdev->int_scan_req->info :
15669 &rdev->scan_req->info;
15670 if (info->scan_start_tsf &&
15671 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
15672 info->scan_start_tsf, NL80211_BSS_PAD) ||
15673 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
15674 info->tsf_bssid)))
15675 goto nla_put_failure;
15676
15677 return 0;
15678 nla_put_failure:
15679 return -ENOBUFS;
15680}
15681
15682static int nl80211_prep_scan_msg(struct sk_buff *msg,
15683 struct cfg80211_registered_device *rdev,
15684 struct wireless_dev *wdev,
15685 u32 portid, u32 seq, int flags,
15686 u32 cmd)
15687{
15688 void *hdr;
15689
15690 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
15691 if (!hdr)
15692 return -1;
15693
15694 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15695 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15696 wdev->netdev->ifindex)) ||
15697 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15698 NL80211_ATTR_PAD))
15699 goto nla_put_failure;
15700
15701 /* ignore errors and send incomplete event anyway */
15702 nl80211_add_scan_req(msg, rdev);
15703
15704 genlmsg_end(msg, hdr);
15705 return 0;
15706
15707 nla_put_failure:
15708 genlmsg_cancel(msg, hdr);
15709 return -EMSGSIZE;
15710}
15711
15712static int
15713nl80211_prep_sched_scan_msg(struct sk_buff *msg,
15714 struct cfg80211_sched_scan_request *req, u32 cmd)
15715{
15716 void *hdr;
15717
15718 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15719 if (!hdr)
15720 return -1;
15721
15722 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
15723 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
15724 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
15725 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
15726 NL80211_ATTR_PAD))
15727 goto nla_put_failure;
15728
15729 genlmsg_end(msg, hdr);
15730 return 0;
15731
15732 nla_put_failure:
15733 genlmsg_cancel(msg, hdr);
15734 return -EMSGSIZE;
15735}
15736
15737void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
15738 struct wireless_dev *wdev)
15739{
15740 struct sk_buff *msg;
15741
15742 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15743 if (!msg)
15744 return;
15745
15746 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
15747 NL80211_CMD_TRIGGER_SCAN) < 0) {
15748 nlmsg_free(msg);
15749 return;
15750 }
15751
15752 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15753 NL80211_MCGRP_SCAN, GFP_KERNEL);
15754}
15755
15756struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
15757 struct wireless_dev *wdev, bool aborted)
15758{
15759 struct sk_buff *msg;
15760
15761 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15762 if (!msg)
15763 return NULL;
15764
15765 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
15766 aborted ? NL80211_CMD_SCAN_ABORTED :
15767 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
15768 nlmsg_free(msg);
15769 return NULL;
15770 }
15771
15772 return msg;
15773}
15774
15775/* send message created by nl80211_build_scan_msg() */
15776void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
15777 struct sk_buff *msg)
15778{
15779 if (!msg)
15780 return;
15781
15782 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15783 NL80211_MCGRP_SCAN, GFP_KERNEL);
15784}
15785
15786void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
15787{
15788 struct sk_buff *msg;
15789
15790 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15791 if (!msg)
15792 return;
15793
15794 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
15795 nlmsg_free(msg);
15796 return;
15797 }
15798
15799 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
15800 NL80211_MCGRP_SCAN, GFP_KERNEL);
15801}
15802
15803static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
15804 struct regulatory_request *request)
15805{
15806 /* Userspace can always count this one always being set */
15807 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
15808 goto nla_put_failure;
15809
15810 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
15811 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15812 NL80211_REGDOM_TYPE_WORLD))
15813 goto nla_put_failure;
15814 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
15815 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15816 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
15817 goto nla_put_failure;
15818 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
15819 request->intersect) {
15820 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15821 NL80211_REGDOM_TYPE_INTERSECTION))
15822 goto nla_put_failure;
15823 } else {
15824 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15825 NL80211_REGDOM_TYPE_COUNTRY) ||
15826 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
15827 request->alpha2))
15828 goto nla_put_failure;
15829 }
15830
15831 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
15832 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
15833
15834 if (wiphy &&
15835 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
15836 goto nla_put_failure;
15837
15838 if (wiphy &&
15839 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
15840 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
15841 goto nla_put_failure;
15842 }
15843
15844 return true;
15845
15846nla_put_failure:
15847 return false;
15848}
15849
15850/*
15851 * This can happen on global regulatory changes or device specific settings
15852 * based on custom regulatory domains.
15853 */
15854void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
15855 struct regulatory_request *request)
15856{
15857 struct sk_buff *msg;
15858 void *hdr;
15859
15860 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15861 if (!msg)
15862 return;
15863
15864 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
15865 if (!hdr)
15866 goto nla_put_failure;
15867
15868 if (!nl80211_reg_change_event_fill(msg, request))
15869 goto nla_put_failure;
15870
15871 genlmsg_end(msg, hdr);
15872
15873 rcu_read_lock();
15874 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15875 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15876 rcu_read_unlock();
15877
15878 return;
15879
15880nla_put_failure:
15881 nlmsg_free(msg);
15882}
15883
15884static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
15885 struct net_device *netdev,
15886 const u8 *buf, size_t len,
15887 enum nl80211_commands cmd, gfp_t gfp,
15888 int uapsd_queues, const u8 *req_ies,
15889 size_t req_ies_len)
15890{
15891 struct sk_buff *msg;
15892 void *hdr;
15893
15894 msg = nlmsg_new(100 + len + req_ies_len, gfp);
15895 if (!msg)
15896 return;
15897
15898 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15899 if (!hdr) {
15900 nlmsg_free(msg);
15901 return;
15902 }
15903
15904 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15905 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15906 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15907 (req_ies &&
15908 nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
15909 goto nla_put_failure;
15910
15911 if (uapsd_queues >= 0) {
15912 struct nlattr *nla_wmm =
15913 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
15914 if (!nla_wmm)
15915 goto nla_put_failure;
15916
15917 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
15918 uapsd_queues))
15919 goto nla_put_failure;
15920
15921 nla_nest_end(msg, nla_wmm);
15922 }
15923
15924 genlmsg_end(msg, hdr);
15925
15926 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15927 NL80211_MCGRP_MLME, gfp);
15928 return;
15929
15930 nla_put_failure:
15931 nlmsg_free(msg);
15932}
15933
15934void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
15935 struct net_device *netdev, const u8 *buf,
15936 size_t len, gfp_t gfp)
15937{
15938 nl80211_send_mlme_event(rdev, netdev, buf, len,
15939 NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0);
15940}
15941
15942void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
15943 struct net_device *netdev, const u8 *buf,
15944 size_t len, gfp_t gfp, int uapsd_queues,
15945 const u8 *req_ies, size_t req_ies_len)
15946{
15947 nl80211_send_mlme_event(rdev, netdev, buf, len,
15948 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
15949 req_ies, req_ies_len);
15950}
15951
15952void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
15953 struct net_device *netdev, const u8 *buf,
15954 size_t len, gfp_t gfp)
15955{
15956 nl80211_send_mlme_event(rdev, netdev, buf, len,
15957 NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0);
15958}
15959
15960void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
15961 struct net_device *netdev, const u8 *buf,
15962 size_t len, gfp_t gfp)
15963{
15964 nl80211_send_mlme_event(rdev, netdev, buf, len,
15965 NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0);
15966}
15967
15968void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
15969 size_t len)
15970{
15971 struct wireless_dev *wdev = dev->ieee80211_ptr;
15972 struct wiphy *wiphy = wdev->wiphy;
15973 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15974 const struct ieee80211_mgmt *mgmt = (void *)buf;
15975 u32 cmd;
15976
15977 if (WARN_ON(len < 2))
15978 return;
15979
15980 if (ieee80211_is_deauth(mgmt->frame_control)) {
15981 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
15982 } else if (ieee80211_is_disassoc(mgmt->frame_control)) {
15983 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
15984 } else if (ieee80211_is_beacon(mgmt->frame_control)) {
15985 if (wdev->unprot_beacon_reported &&
15986 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
15987 return;
15988 cmd = NL80211_CMD_UNPROT_BEACON;
15989 wdev->unprot_beacon_reported = jiffies;
15990 } else {
15991 return;
15992 }
15993
15994 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
15995 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
15996 NULL, 0);
15997}
15998EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
15999
16000static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
16001 struct net_device *netdev, int cmd,
16002 const u8 *addr, gfp_t gfp)
16003{
16004 struct sk_buff *msg;
16005 void *hdr;
16006
16007 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16008 if (!msg)
16009 return;
16010
16011 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16012 if (!hdr) {
16013 nlmsg_free(msg);
16014 return;
16015 }
16016
16017 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16018 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16019 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
16020 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
16021 goto nla_put_failure;
16022
16023 genlmsg_end(msg, hdr);
16024
16025 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16026 NL80211_MCGRP_MLME, gfp);
16027 return;
16028
16029 nla_put_failure:
16030 nlmsg_free(msg);
16031}
16032
16033void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
16034 struct net_device *netdev, const u8 *addr,
16035 gfp_t gfp)
16036{
16037 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
16038 addr, gfp);
16039}
16040
16041void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
16042 struct net_device *netdev, const u8 *addr,
16043 gfp_t gfp)
16044{
16045 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
16046 addr, gfp);
16047}
16048
16049void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
16050 struct net_device *netdev,
16051 struct cfg80211_connect_resp_params *cr,
16052 gfp_t gfp)
16053{
16054 struct sk_buff *msg;
16055 void *hdr;
16056
16057 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
16058 cr->fils.kek_len + cr->fils.pmk_len +
16059 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
16060 if (!msg)
16061 return;
16062
16063 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
16064 if (!hdr) {
16065 nlmsg_free(msg);
16066 return;
16067 }
16068
16069 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16070 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16071 (cr->bssid &&
16072 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
16073 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
16074 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
16075 cr->status) ||
16076 (cr->status < 0 &&
16077 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
16078 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
16079 cr->timeout_reason))) ||
16080 (cr->req_ie &&
16081 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
16082 (cr->resp_ie &&
16083 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
16084 cr->resp_ie)) ||
16085 (cr->fils.update_erp_next_seq_num &&
16086 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
16087 cr->fils.erp_next_seq_num)) ||
16088 (cr->status == WLAN_STATUS_SUCCESS &&
16089 ((cr->fils.kek &&
16090 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
16091 cr->fils.kek)) ||
16092 (cr->fils.pmk &&
16093 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
16094 (cr->fils.pmkid &&
16095 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
16096 goto nla_put_failure;
16097
16098 genlmsg_end(msg, hdr);
16099
16100 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16101 NL80211_MCGRP_MLME, gfp);
16102 return;
16103
16104 nla_put_failure:
16105 nlmsg_free(msg);
16106}
16107
16108void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
16109 struct net_device *netdev,
16110 struct cfg80211_roam_info *info, gfp_t gfp)
16111{
16112 struct sk_buff *msg;
16113 void *hdr;
16114 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
16115
16116 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
16117 info->fils.kek_len + info->fils.pmk_len +
16118 (info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
16119 if (!msg)
16120 return;
16121
16122 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
16123 if (!hdr) {
16124 nlmsg_free(msg);
16125 return;
16126 }
16127
16128 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16129 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16130 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
16131 (info->req_ie &&
16132 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
16133 info->req_ie)) ||
16134 (info->resp_ie &&
16135 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
16136 info->resp_ie)) ||
16137 (info->fils.update_erp_next_seq_num &&
16138 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
16139 info->fils.erp_next_seq_num)) ||
16140 (info->fils.kek &&
16141 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
16142 info->fils.kek)) ||
16143 (info->fils.pmk &&
16144 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
16145 (info->fils.pmkid &&
16146 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
16147 goto nla_put_failure;
16148
16149 genlmsg_end(msg, hdr);
16150
16151 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16152 NL80211_MCGRP_MLME, gfp);
16153 return;
16154
16155 nla_put_failure:
16156 nlmsg_free(msg);
16157}
16158
16159void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
16160 struct net_device *netdev, const u8 *bssid)
16161{
16162 struct sk_buff *msg;
16163 void *hdr;
16164
16165 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16166 if (!msg)
16167 return;
16168
16169 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
16170 if (!hdr) {
16171 nlmsg_free(msg);
16172 return;
16173 }
16174
16175 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16176 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16177 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16178 goto nla_put_failure;
16179
16180 genlmsg_end(msg, hdr);
16181
16182 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16183 NL80211_MCGRP_MLME, GFP_KERNEL);
16184 return;
16185
16186 nla_put_failure:
16187 nlmsg_free(msg);
16188}
16189
16190void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
16191 struct net_device *netdev, u16 reason,
16192 const u8 *ie, size_t ie_len, bool from_ap)
16193{
16194 struct sk_buff *msg;
16195 void *hdr;
16196
16197 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
16198 if (!msg)
16199 return;
16200
16201 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
16202 if (!hdr) {
16203 nlmsg_free(msg);
16204 return;
16205 }
16206
16207 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16208 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16209 (reason &&
16210 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
16211 (from_ap &&
16212 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
16213 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
16214 goto nla_put_failure;
16215
16216 genlmsg_end(msg, hdr);
16217
16218 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16219 NL80211_MCGRP_MLME, GFP_KERNEL);
16220 return;
16221
16222 nla_put_failure:
16223 nlmsg_free(msg);
16224}
16225
16226void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
16227 struct net_device *netdev, const u8 *bssid,
16228 gfp_t gfp)
16229{
16230 struct sk_buff *msg;
16231 void *hdr;
16232
16233 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16234 if (!msg)
16235 return;
16236
16237 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
16238 if (!hdr) {
16239 nlmsg_free(msg);
16240 return;
16241 }
16242
16243 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16244 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16245 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16246 goto nla_put_failure;
16247
16248 genlmsg_end(msg, hdr);
16249
16250 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16251 NL80211_MCGRP_MLME, gfp);
16252 return;
16253
16254 nla_put_failure:
16255 nlmsg_free(msg);
16256}
16257
16258void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
16259 const u8 *ie, u8 ie_len,
16260 int sig_dbm, gfp_t gfp)
16261{
16262 struct wireless_dev *wdev = dev->ieee80211_ptr;
16263 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16264 struct sk_buff *msg;
16265 void *hdr;
16266
16267 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
16268 return;
16269
16270 trace_cfg80211_notify_new_peer_candidate(dev, addr);
16271
16272 msg = nlmsg_new(100 + ie_len, gfp);
16273 if (!msg)
16274 return;
16275
16276 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
16277 if (!hdr) {
16278 nlmsg_free(msg);
16279 return;
16280 }
16281
16282 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16283 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16284 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16285 (ie_len && ie &&
16286 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
16287 (sig_dbm &&
16288 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
16289 goto nla_put_failure;
16290
16291 genlmsg_end(msg, hdr);
16292
16293 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16294 NL80211_MCGRP_MLME, gfp);
16295 return;
16296
16297 nla_put_failure:
16298 nlmsg_free(msg);
16299}
16300EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
16301
16302void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
16303 struct net_device *netdev, const u8 *addr,
16304 enum nl80211_key_type key_type, int key_id,
16305 const u8 *tsc, gfp_t gfp)
16306{
16307 struct sk_buff *msg;
16308 void *hdr;
16309
16310 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16311 if (!msg)
16312 return;
16313
16314 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
16315 if (!hdr) {
16316 nlmsg_free(msg);
16317 return;
16318 }
16319
16320 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16321 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16322 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
16323 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
16324 (key_id != -1 &&
16325 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
16326 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
16327 goto nla_put_failure;
16328
16329 genlmsg_end(msg, hdr);
16330
16331 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16332 NL80211_MCGRP_MLME, gfp);
16333 return;
16334
16335 nla_put_failure:
16336 nlmsg_free(msg);
16337}
16338
16339void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
16340 struct ieee80211_channel *channel_before,
16341 struct ieee80211_channel *channel_after)
16342{
16343 struct sk_buff *msg;
16344 void *hdr;
16345 struct nlattr *nl_freq;
16346
16347 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
16348 if (!msg)
16349 return;
16350
16351 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
16352 if (!hdr) {
16353 nlmsg_free(msg);
16354 return;
16355 }
16356
16357 /*
16358 * Since we are applying the beacon hint to a wiphy we know its
16359 * wiphy_idx is valid
16360 */
16361 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
16362 goto nla_put_failure;
16363
16364 /* Before */
16365 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
16366 if (!nl_freq)
16367 goto nla_put_failure;
16368
16369 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
16370 goto nla_put_failure;
16371 nla_nest_end(msg, nl_freq);
16372
16373 /* After */
16374 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
16375 if (!nl_freq)
16376 goto nla_put_failure;
16377
16378 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
16379 goto nla_put_failure;
16380 nla_nest_end(msg, nl_freq);
16381
16382 genlmsg_end(msg, hdr);
16383
16384 rcu_read_lock();
16385 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
16386 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
16387 rcu_read_unlock();
16388
16389 return;
16390
16391nla_put_failure:
16392 nlmsg_free(msg);
16393}
16394
16395static void nl80211_send_remain_on_chan_event(
16396 int cmd, struct cfg80211_registered_device *rdev,
16397 struct wireless_dev *wdev, u64 cookie,
16398 struct ieee80211_channel *chan,
16399 unsigned int duration, gfp_t gfp)
16400{
16401 struct sk_buff *msg;
16402 void *hdr;
16403
16404 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16405 if (!msg)
16406 return;
16407
16408 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16409 if (!hdr) {
16410 nlmsg_free(msg);
16411 return;
16412 }
16413
16414 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16415 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16416 wdev->netdev->ifindex)) ||
16417 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16418 NL80211_ATTR_PAD) ||
16419 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
16420 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
16421 NL80211_CHAN_NO_HT) ||
16422 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16423 NL80211_ATTR_PAD))
16424 goto nla_put_failure;
16425
16426 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
16427 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
16428 goto nla_put_failure;
16429
16430 genlmsg_end(msg, hdr);
16431
16432 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16433 NL80211_MCGRP_MLME, gfp);
16434 return;
16435
16436 nla_put_failure:
16437 nlmsg_free(msg);
16438}
16439
16440void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
16441 struct ieee80211_channel *chan,
16442 unsigned int duration, gfp_t gfp)
16443{
16444 struct wiphy *wiphy = wdev->wiphy;
16445 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16446
16447 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
16448 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
16449 rdev, wdev, cookie, chan,
16450 duration, gfp);
16451}
16452EXPORT_SYMBOL(cfg80211_ready_on_channel);
16453
16454void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
16455 struct ieee80211_channel *chan,
16456 gfp_t gfp)
16457{
16458 struct wiphy *wiphy = wdev->wiphy;
16459 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16460
16461 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
16462 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
16463 rdev, wdev, cookie, chan, 0, gfp);
16464}
16465EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
16466
16467void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
16468 struct ieee80211_channel *chan,
16469 gfp_t gfp)
16470{
16471 struct wiphy *wiphy = wdev->wiphy;
16472 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16473
16474 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
16475 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
16476 rdev, wdev, cookie, chan, 0, gfp);
16477}
16478EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
16479
16480void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
16481 struct station_info *sinfo, gfp_t gfp)
16482{
16483 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16484 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16485 struct sk_buff *msg;
16486
16487 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
16488
16489 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16490 if (!msg)
16491 return;
16492
16493 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
16494 rdev, dev, mac_addr, sinfo) < 0) {
16495 nlmsg_free(msg);
16496 return;
16497 }
16498
16499 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16500 NL80211_MCGRP_MLME, gfp);
16501}
16502EXPORT_SYMBOL(cfg80211_new_sta);
16503
16504void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
16505 struct station_info *sinfo, gfp_t gfp)
16506{
16507 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16508 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16509 struct sk_buff *msg;
16510 struct station_info empty_sinfo = {};
16511
16512 if (!sinfo)
16513 sinfo = &empty_sinfo;
16514
16515 trace_cfg80211_del_sta(dev, mac_addr);
16516
16517 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16518 if (!msg) {
16519 cfg80211_sinfo_release_content(sinfo);
16520 return;
16521 }
16522
16523 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
16524 rdev, dev, mac_addr, sinfo) < 0) {
16525 nlmsg_free(msg);
16526 return;
16527 }
16528
16529 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16530 NL80211_MCGRP_MLME, gfp);
16531}
16532EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
16533
16534void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
16535 enum nl80211_connect_failed_reason reason,
16536 gfp_t gfp)
16537{
16538 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16539 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16540 struct sk_buff *msg;
16541 void *hdr;
16542
16543 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
16544 if (!msg)
16545 return;
16546
16547 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
16548 if (!hdr) {
16549 nlmsg_free(msg);
16550 return;
16551 }
16552
16553 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16554 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
16555 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
16556 goto nla_put_failure;
16557
16558 genlmsg_end(msg, hdr);
16559
16560 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16561 NL80211_MCGRP_MLME, gfp);
16562 return;
16563
16564 nla_put_failure:
16565 nlmsg_free(msg);
16566}
16567EXPORT_SYMBOL(cfg80211_conn_failed);
16568
16569static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
16570 const u8 *addr, gfp_t gfp)
16571{
16572 struct wireless_dev *wdev = dev->ieee80211_ptr;
16573 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16574 struct sk_buff *msg;
16575 void *hdr;
16576 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
16577
16578 if (!nlportid)
16579 return false;
16580
16581 msg = nlmsg_new(100, gfp);
16582 if (!msg)
16583 return true;
16584
16585 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16586 if (!hdr) {
16587 nlmsg_free(msg);
16588 return true;
16589 }
16590
16591 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16592 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16593 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
16594 goto nla_put_failure;
16595
16596 genlmsg_end(msg, hdr);
16597 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16598 return true;
16599
16600 nla_put_failure:
16601 nlmsg_free(msg);
16602 return true;
16603}
16604
16605bool cfg80211_rx_spurious_frame(struct net_device *dev,
16606 const u8 *addr, gfp_t gfp)
16607{
16608 struct wireless_dev *wdev = dev->ieee80211_ptr;
16609 bool ret;
16610
16611 trace_cfg80211_rx_spurious_frame(dev, addr);
16612
16613 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16614 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
16615 trace_cfg80211_return_bool(false);
16616 return false;
16617 }
16618 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
16619 addr, gfp);
16620 trace_cfg80211_return_bool(ret);
16621 return ret;
16622}
16623EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
16624
16625bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
16626 const u8 *addr, gfp_t gfp)
16627{
16628 struct wireless_dev *wdev = dev->ieee80211_ptr;
16629 bool ret;
16630
16631 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
16632
16633 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16634 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
16635 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
16636 trace_cfg80211_return_bool(false);
16637 return false;
16638 }
16639 ret = __nl80211_unexpected_frame(dev,
16640 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
16641 addr, gfp);
16642 trace_cfg80211_return_bool(ret);
16643 return ret;
16644}
16645EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
16646
16647int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
16648 struct wireless_dev *wdev, u32 nlportid,
16649 int freq, int sig_dbm,
16650 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
16651{
16652 struct net_device *netdev = wdev->netdev;
16653 struct sk_buff *msg;
16654 void *hdr;
16655
16656 msg = nlmsg_new(100 + len, gfp);
16657 if (!msg)
16658 return -ENOMEM;
16659
16660 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16661 if (!hdr) {
16662 nlmsg_free(msg);
16663 return -ENOMEM;
16664 }
16665
16666 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16667 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16668 netdev->ifindex)) ||
16669 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16670 NL80211_ATTR_PAD) ||
16671 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(freq)) ||
16672 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, freq % 1000) ||
16673 (sig_dbm &&
16674 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16675 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16676 (flags &&
16677 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
16678 goto nla_put_failure;
16679
16680 genlmsg_end(msg, hdr);
16681
16682 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16683
16684 nla_put_failure:
16685 nlmsg_free(msg);
16686 return -ENOBUFS;
16687}
16688
16689static void nl80211_frame_tx_status(struct wireless_dev *wdev, u64 cookie,
16690 const u8 *buf, size_t len, bool ack,
16691 gfp_t gfp, enum nl80211_commands command)
16692{
16693 struct wiphy *wiphy = wdev->wiphy;
16694 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16695 struct net_device *netdev = wdev->netdev;
16696 struct sk_buff *msg;
16697 void *hdr;
16698
16699 if (command == NL80211_CMD_FRAME_TX_STATUS)
16700 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
16701 else
16702 trace_cfg80211_control_port_tx_status(wdev, cookie, ack);
16703
16704 msg = nlmsg_new(100 + len, gfp);
16705 if (!msg)
16706 return;
16707
16708 hdr = nl80211hdr_put(msg, 0, 0, 0, command);
16709 if (!hdr) {
16710 nlmsg_free(msg);
16711 return;
16712 }
16713
16714 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16715 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16716 netdev->ifindex)) ||
16717 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16718 NL80211_ATTR_PAD) ||
16719 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16720 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16721 NL80211_ATTR_PAD) ||
16722 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
16723 goto nla_put_failure;
16724
16725 genlmsg_end(msg, hdr);
16726
16727 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16728 NL80211_MCGRP_MLME, gfp);
16729 return;
16730
16731nla_put_failure:
16732 nlmsg_free(msg);
16733}
16734
16735void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
16736 const u8 *buf, size_t len, bool ack,
16737 gfp_t gfp)
16738{
16739 nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
16740 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
16741}
16742EXPORT_SYMBOL(cfg80211_control_port_tx_status);
16743
16744void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
16745 const u8 *buf, size_t len, bool ack, gfp_t gfp)
16746{
16747 nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
16748 NL80211_CMD_FRAME_TX_STATUS);
16749}
16750EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
16751
16752static int __nl80211_rx_control_port(struct net_device *dev,
16753 struct sk_buff *skb,
16754 bool unencrypted, gfp_t gfp)
16755{
16756 struct wireless_dev *wdev = dev->ieee80211_ptr;
16757 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16758 struct ethhdr *ehdr = eth_hdr(skb);
16759 const u8 *addr = ehdr->h_source;
16760 u16 proto = be16_to_cpu(skb->protocol);
16761 struct sk_buff *msg;
16762 void *hdr;
16763 struct nlattr *frame;
16764
16765 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
16766
16767 if (!nlportid)
16768 return -ENOENT;
16769
16770 msg = nlmsg_new(100 + skb->len, gfp);
16771 if (!msg)
16772 return -ENOMEM;
16773
16774 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
16775 if (!hdr) {
16776 nlmsg_free(msg);
16777 return -ENOBUFS;
16778 }
16779
16780 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16781 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16782 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16783 NL80211_ATTR_PAD) ||
16784 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16785 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
16786 (unencrypted && nla_put_flag(msg,
16787 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
16788 goto nla_put_failure;
16789
16790 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
16791 if (!frame)
16792 goto nla_put_failure;
16793
16794 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
16795 genlmsg_end(msg, hdr);
16796
16797 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16798
16799 nla_put_failure:
16800 nlmsg_free(msg);
16801 return -ENOBUFS;
16802}
16803
16804bool cfg80211_rx_control_port(struct net_device *dev,
16805 struct sk_buff *skb, bool unencrypted)
16806{
16807 int ret;
16808
16809 trace_cfg80211_rx_control_port(dev, skb, unencrypted);
16810 ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
16811 trace_cfg80211_return_bool(ret == 0);
16812 return ret == 0;
16813}
16814EXPORT_SYMBOL(cfg80211_rx_control_port);
16815
16816static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
16817 const char *mac, gfp_t gfp)
16818{
16819 struct wireless_dev *wdev = dev->ieee80211_ptr;
16820 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16821 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16822 void **cb;
16823
16824 if (!msg)
16825 return NULL;
16826
16827 cb = (void **)msg->cb;
16828
16829 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
16830 if (!cb[0]) {
16831 nlmsg_free(msg);
16832 return NULL;
16833 }
16834
16835 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16836 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16837 goto nla_put_failure;
16838
16839 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
16840 goto nla_put_failure;
16841
16842 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
16843 if (!cb[1])
16844 goto nla_put_failure;
16845
16846 cb[2] = rdev;
16847
16848 return msg;
16849 nla_put_failure:
16850 nlmsg_free(msg);
16851 return NULL;
16852}
16853
16854static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
16855{
16856 void **cb = (void **)msg->cb;
16857 struct cfg80211_registered_device *rdev = cb[2];
16858
16859 nla_nest_end(msg, cb[1]);
16860 genlmsg_end(msg, cb[0]);
16861
16862 memset(msg->cb, 0, sizeof(msg->cb));
16863
16864 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16865 NL80211_MCGRP_MLME, gfp);
16866}
16867
16868void cfg80211_cqm_rssi_notify(struct net_device *dev,
16869 enum nl80211_cqm_rssi_threshold_event rssi_event,
16870 s32 rssi_level, gfp_t gfp)
16871{
16872 struct sk_buff *msg;
16873 struct wireless_dev *wdev = dev->ieee80211_ptr;
16874 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16875
16876 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
16877
16878 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
16879 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
16880 return;
16881
16882 if (wdev->cqm_config) {
16883 wdev->cqm_config->last_rssi_event_value = rssi_level;
16884
16885 cfg80211_cqm_rssi_update(rdev, dev);
16886
16887 if (rssi_level == 0)
16888 rssi_level = wdev->cqm_config->last_rssi_event_value;
16889 }
16890
16891 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
16892 if (!msg)
16893 return;
16894
16895 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
16896 rssi_event))
16897 goto nla_put_failure;
16898
16899 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
16900 rssi_level))
16901 goto nla_put_failure;
16902
16903 cfg80211_send_cqm(msg, gfp);
16904
16905 return;
16906
16907 nla_put_failure:
16908 nlmsg_free(msg);
16909}
16910EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
16911
16912void cfg80211_cqm_txe_notify(struct net_device *dev,
16913 const u8 *peer, u32 num_packets,
16914 u32 rate, u32 intvl, gfp_t gfp)
16915{
16916 struct sk_buff *msg;
16917
16918 msg = cfg80211_prepare_cqm(dev, peer, gfp);
16919 if (!msg)
16920 return;
16921
16922 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
16923 goto nla_put_failure;
16924
16925 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
16926 goto nla_put_failure;
16927
16928 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
16929 goto nla_put_failure;
16930
16931 cfg80211_send_cqm(msg, gfp);
16932 return;
16933
16934 nla_put_failure:
16935 nlmsg_free(msg);
16936}
16937EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
16938
16939void cfg80211_cqm_pktloss_notify(struct net_device *dev,
16940 const u8 *peer, u32 num_packets, gfp_t gfp)
16941{
16942 struct sk_buff *msg;
16943
16944 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
16945
16946 msg = cfg80211_prepare_cqm(dev, peer, gfp);
16947 if (!msg)
16948 return;
16949
16950 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
16951 goto nla_put_failure;
16952
16953 cfg80211_send_cqm(msg, gfp);
16954 return;
16955
16956 nla_put_failure:
16957 nlmsg_free(msg);
16958}
16959EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
16960
16961void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
16962{
16963 struct sk_buff *msg;
16964
16965 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
16966 if (!msg)
16967 return;
16968
16969 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
16970 goto nla_put_failure;
16971
16972 cfg80211_send_cqm(msg, gfp);
16973 return;
16974
16975 nla_put_failure:
16976 nlmsg_free(msg);
16977}
16978EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
16979
16980static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
16981 struct net_device *netdev, const u8 *bssid,
16982 const u8 *replay_ctr, gfp_t gfp)
16983{
16984 struct sk_buff *msg;
16985 struct nlattr *rekey_attr;
16986 void *hdr;
16987
16988 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16989 if (!msg)
16990 return;
16991
16992 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
16993 if (!hdr) {
16994 nlmsg_free(msg);
16995 return;
16996 }
16997
16998 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16999 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17000 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
17001 goto nla_put_failure;
17002
17003 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
17004 if (!rekey_attr)
17005 goto nla_put_failure;
17006
17007 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
17008 NL80211_REPLAY_CTR_LEN, replay_ctr))
17009 goto nla_put_failure;
17010
17011 nla_nest_end(msg, rekey_attr);
17012
17013 genlmsg_end(msg, hdr);
17014
17015 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17016 NL80211_MCGRP_MLME, gfp);
17017 return;
17018
17019 nla_put_failure:
17020 nlmsg_free(msg);
17021}
17022
17023void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
17024 const u8 *replay_ctr, gfp_t gfp)
17025{
17026 struct wireless_dev *wdev = dev->ieee80211_ptr;
17027 struct wiphy *wiphy = wdev->wiphy;
17028 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17029
17030 trace_cfg80211_gtk_rekey_notify(dev, bssid);
17031 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
17032}
17033EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
17034
17035static void
17036nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
17037 struct net_device *netdev, int index,
17038 const u8 *bssid, bool preauth, gfp_t gfp)
17039{
17040 struct sk_buff *msg;
17041 struct nlattr *attr;
17042 void *hdr;
17043
17044 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17045 if (!msg)
17046 return;
17047
17048 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
17049 if (!hdr) {
17050 nlmsg_free(msg);
17051 return;
17052 }
17053
17054 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17055 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
17056 goto nla_put_failure;
17057
17058 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
17059 if (!attr)
17060 goto nla_put_failure;
17061
17062 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
17063 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
17064 (preauth &&
17065 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
17066 goto nla_put_failure;
17067
17068 nla_nest_end(msg, attr);
17069
17070 genlmsg_end(msg, hdr);
17071
17072 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17073 NL80211_MCGRP_MLME, gfp);
17074 return;
17075
17076 nla_put_failure:
17077 nlmsg_free(msg);
17078}
17079
17080void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
17081 const u8 *bssid, bool preauth, gfp_t gfp)
17082{
17083 struct wireless_dev *wdev = dev->ieee80211_ptr;
17084 struct wiphy *wiphy = wdev->wiphy;
17085 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17086
17087 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
17088 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
17089}
17090EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
17091
17092static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
17093 struct net_device *netdev,
17094 struct cfg80211_chan_def *chandef,
17095 gfp_t gfp,
17096 enum nl80211_commands notif,
17097 u8 count)
17098{
17099 struct sk_buff *msg;
17100 void *hdr;
17101
17102 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17103 if (!msg)
17104 return;
17105
17106 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
17107 if (!hdr) {
17108 nlmsg_free(msg);
17109 return;
17110 }
17111
17112 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
17113 goto nla_put_failure;
17114
17115 if (nl80211_send_chandef(msg, chandef))
17116 goto nla_put_failure;
17117
17118 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
17119 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
17120 goto nla_put_failure;
17121
17122 genlmsg_end(msg, hdr);
17123
17124 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17125 NL80211_MCGRP_MLME, gfp);
17126 return;
17127
17128 nla_put_failure:
17129 nlmsg_free(msg);
17130}
17131
17132void cfg80211_ch_switch_notify(struct net_device *dev,
17133 struct cfg80211_chan_def *chandef)
17134{
17135 struct wireless_dev *wdev = dev->ieee80211_ptr;
17136 struct wiphy *wiphy = wdev->wiphy;
17137 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17138
17139 ASSERT_WDEV_LOCK(wdev);
17140
17141 trace_cfg80211_ch_switch_notify(dev, chandef);
17142
17143 wdev->chandef = *chandef;
17144 wdev->preset_chandef = *chandef;
17145
17146 if ((wdev->iftype == NL80211_IFTYPE_STATION ||
17147 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
17148 !WARN_ON(!wdev->current_bss))
17149 cfg80211_update_assoc_bss_entry(wdev, chandef->chan);
17150
17151 cfg80211_sched_dfs_chan_update(rdev);
17152
17153 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
17154 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
17155}
17156EXPORT_SYMBOL(cfg80211_ch_switch_notify);
17157
17158void cfg80211_ch_switch_started_notify(struct net_device *dev,
17159 struct cfg80211_chan_def *chandef,
17160 u8 count)
17161{
17162 struct wireless_dev *wdev = dev->ieee80211_ptr;
17163 struct wiphy *wiphy = wdev->wiphy;
17164 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17165
17166 trace_cfg80211_ch_switch_started_notify(dev, chandef);
17167
17168 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
17169 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
17170}
17171EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
17172
17173void
17174nl80211_radar_notify(struct cfg80211_registered_device *rdev,
17175 const struct cfg80211_chan_def *chandef,
17176 enum nl80211_radar_event event,
17177 struct net_device *netdev, gfp_t gfp)
17178{
17179 struct sk_buff *msg;
17180 void *hdr;
17181
17182 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17183 if (!msg)
17184 return;
17185
17186 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
17187 if (!hdr) {
17188 nlmsg_free(msg);
17189 return;
17190 }
17191
17192 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
17193 goto nla_put_failure;
17194
17195 /* NOP and radar events don't need a netdev parameter */
17196 if (netdev) {
17197 struct wireless_dev *wdev = netdev->ieee80211_ptr;
17198
17199 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17200 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17201 NL80211_ATTR_PAD))
17202 goto nla_put_failure;
17203 }
17204
17205 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
17206 goto nla_put_failure;
17207
17208 if (nl80211_send_chandef(msg, chandef))
17209 goto nla_put_failure;
17210
17211 genlmsg_end(msg, hdr);
17212
17213 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17214 NL80211_MCGRP_MLME, gfp);
17215 return;
17216
17217 nla_put_failure:
17218 nlmsg_free(msg);
17219}
17220
17221void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
17222 struct sta_opmode_info *sta_opmode,
17223 gfp_t gfp)
17224{
17225 struct sk_buff *msg;
17226 struct wireless_dev *wdev = dev->ieee80211_ptr;
17227 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17228 void *hdr;
17229
17230 if (WARN_ON(!mac))
17231 return;
17232
17233 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17234 if (!msg)
17235 return;
17236
17237 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
17238 if (!hdr) {
17239 nlmsg_free(msg);
17240 return;
17241 }
17242
17243 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
17244 goto nla_put_failure;
17245
17246 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
17247 goto nla_put_failure;
17248
17249 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
17250 goto nla_put_failure;
17251
17252 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
17253 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
17254 goto nla_put_failure;
17255
17256 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
17257 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
17258 goto nla_put_failure;
17259
17260 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
17261 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
17262 goto nla_put_failure;
17263
17264 genlmsg_end(msg, hdr);
17265
17266 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17267 NL80211_MCGRP_MLME, gfp);
17268
17269 return;
17270
17271nla_put_failure:
17272 nlmsg_free(msg);
17273}
17274EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
17275
17276void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
17277 u64 cookie, bool acked, s32 ack_signal,
17278 bool is_valid_ack_signal, gfp_t gfp)
17279{
17280 struct wireless_dev *wdev = dev->ieee80211_ptr;
17281 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17282 struct sk_buff *msg;
17283 void *hdr;
17284
17285 trace_cfg80211_probe_status(dev, addr, cookie, acked);
17286
17287 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17288
17289 if (!msg)
17290 return;
17291
17292 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
17293 if (!hdr) {
17294 nlmsg_free(msg);
17295 return;
17296 }
17297
17298 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17299 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17300 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
17301 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
17302 NL80211_ATTR_PAD) ||
17303 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
17304 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
17305 ack_signal)))
17306 goto nla_put_failure;
17307
17308 genlmsg_end(msg, hdr);
17309
17310 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17311 NL80211_MCGRP_MLME, gfp);
17312 return;
17313
17314 nla_put_failure:
17315 nlmsg_free(msg);
17316}
17317EXPORT_SYMBOL(cfg80211_probe_status);
17318
17319void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
17320 size_t len, int freq, int sig_dbm)
17321{
17322 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17323 struct sk_buff *msg;
17324 void *hdr;
17325 struct cfg80211_beacon_registration *reg;
17326
17327 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
17328
17329 spin_lock_bh(&rdev->beacon_registrations_lock);
17330 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
17331 msg = nlmsg_new(len + 100, GFP_ATOMIC);
17332 if (!msg) {
17333 spin_unlock_bh(&rdev->beacon_registrations_lock);
17334 return;
17335 }
17336
17337 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
17338 if (!hdr)
17339 goto nla_put_failure;
17340
17341 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17342 (freq &&
17343 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
17344 KHZ_TO_MHZ(freq)) ||
17345 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
17346 freq % 1000))) ||
17347 (sig_dbm &&
17348 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
17349 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
17350 goto nla_put_failure;
17351
17352 genlmsg_end(msg, hdr);
17353
17354 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
17355 }
17356 spin_unlock_bh(&rdev->beacon_registrations_lock);
17357 return;
17358
17359 nla_put_failure:
17360 spin_unlock_bh(&rdev->beacon_registrations_lock);
17361 nlmsg_free(msg);
17362}
17363EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
17364
17365#ifdef CONFIG_PM
17366static int cfg80211_net_detect_results(struct sk_buff *msg,
17367 struct cfg80211_wowlan_wakeup *wakeup)
17368{
17369 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
17370 struct nlattr *nl_results, *nl_match, *nl_freqs;
17371 int i, j;
17372
17373 nl_results = nla_nest_start_noflag(msg,
17374 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
17375 if (!nl_results)
17376 return -EMSGSIZE;
17377
17378 for (i = 0; i < nd->n_matches; i++) {
17379 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
17380
17381 nl_match = nla_nest_start_noflag(msg, i);
17382 if (!nl_match)
17383 break;
17384
17385 /* The SSID attribute is optional in nl80211, but for
17386 * simplicity reasons it's always present in the
17387 * cfg80211 structure. If a driver can't pass the
17388 * SSID, that needs to be changed. A zero length SSID
17389 * is still a valid SSID (wildcard), so it cannot be
17390 * used for this purpose.
17391 */
17392 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
17393 match->ssid.ssid)) {
17394 nla_nest_cancel(msg, nl_match);
17395 goto out;
17396 }
17397
17398 if (match->n_channels) {
17399 nl_freqs = nla_nest_start_noflag(msg,
17400 NL80211_ATTR_SCAN_FREQUENCIES);
17401 if (!nl_freqs) {
17402 nla_nest_cancel(msg, nl_match);
17403 goto out;
17404 }
17405
17406 for (j = 0; j < match->n_channels; j++) {
17407 if (nla_put_u32(msg, j, match->channels[j])) {
17408 nla_nest_cancel(msg, nl_freqs);
17409 nla_nest_cancel(msg, nl_match);
17410 goto out;
17411 }
17412 }
17413
17414 nla_nest_end(msg, nl_freqs);
17415 }
17416
17417 nla_nest_end(msg, nl_match);
17418 }
17419
17420out:
17421 nla_nest_end(msg, nl_results);
17422 return 0;
17423}
17424
17425void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
17426 struct cfg80211_wowlan_wakeup *wakeup,
17427 gfp_t gfp)
17428{
17429 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17430 struct sk_buff *msg;
17431 void *hdr;
17432 int size = 200;
17433
17434 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
17435
17436 if (wakeup)
17437 size += wakeup->packet_present_len;
17438
17439 msg = nlmsg_new(size, gfp);
17440 if (!msg)
17441 return;
17442
17443 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
17444 if (!hdr)
17445 goto free_msg;
17446
17447 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17448 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17449 NL80211_ATTR_PAD))
17450 goto free_msg;
17451
17452 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
17453 wdev->netdev->ifindex))
17454 goto free_msg;
17455
17456 if (wakeup) {
17457 struct nlattr *reasons;
17458
17459 reasons = nla_nest_start_noflag(msg,
17460 NL80211_ATTR_WOWLAN_TRIGGERS);
17461 if (!reasons)
17462 goto free_msg;
17463
17464 if (wakeup->disconnect &&
17465 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
17466 goto free_msg;
17467 if (wakeup->magic_pkt &&
17468 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
17469 goto free_msg;
17470 if (wakeup->gtk_rekey_failure &&
17471 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
17472 goto free_msg;
17473 if (wakeup->eap_identity_req &&
17474 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
17475 goto free_msg;
17476 if (wakeup->four_way_handshake &&
17477 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
17478 goto free_msg;
17479 if (wakeup->rfkill_release &&
17480 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
17481 goto free_msg;
17482
17483 if (wakeup->pattern_idx >= 0 &&
17484 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
17485 wakeup->pattern_idx))
17486 goto free_msg;
17487
17488 if (wakeup->tcp_match &&
17489 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
17490 goto free_msg;
17491
17492 if (wakeup->tcp_connlost &&
17493 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
17494 goto free_msg;
17495
17496 if (wakeup->tcp_nomoretokens &&
17497 nla_put_flag(msg,
17498 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
17499 goto free_msg;
17500
17501 if (wakeup->packet) {
17502 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
17503 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
17504
17505 if (!wakeup->packet_80211) {
17506 pkt_attr =
17507 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
17508 len_attr =
17509 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
17510 }
17511
17512 if (wakeup->packet_len &&
17513 nla_put_u32(msg, len_attr, wakeup->packet_len))
17514 goto free_msg;
17515
17516 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
17517 wakeup->packet))
17518 goto free_msg;
17519 }
17520
17521 if (wakeup->net_detect &&
17522 cfg80211_net_detect_results(msg, wakeup))
17523 goto free_msg;
17524
17525 nla_nest_end(msg, reasons);
17526 }
17527
17528 genlmsg_end(msg, hdr);
17529
17530 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17531 NL80211_MCGRP_MLME, gfp);
17532 return;
17533
17534 free_msg:
17535 nlmsg_free(msg);
17536}
17537EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
17538#endif
17539
17540void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
17541 enum nl80211_tdls_operation oper,
17542 u16 reason_code, gfp_t gfp)
17543{
17544 struct wireless_dev *wdev = dev->ieee80211_ptr;
17545 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17546 struct sk_buff *msg;
17547 void *hdr;
17548
17549 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
17550 reason_code);
17551
17552 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17553 if (!msg)
17554 return;
17555
17556 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
17557 if (!hdr) {
17558 nlmsg_free(msg);
17559 return;
17560 }
17561
17562 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17563 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17564 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
17565 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
17566 (reason_code > 0 &&
17567 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
17568 goto nla_put_failure;
17569
17570 genlmsg_end(msg, hdr);
17571
17572 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17573 NL80211_MCGRP_MLME, gfp);
17574 return;
17575
17576 nla_put_failure:
17577 nlmsg_free(msg);
17578}
17579EXPORT_SYMBOL(cfg80211_tdls_oper_request);
17580
17581static int nl80211_netlink_notify(struct notifier_block * nb,
17582 unsigned long state,
17583 void *_notify)
17584{
17585 struct netlink_notify *notify = _notify;
17586 struct cfg80211_registered_device *rdev;
17587 struct wireless_dev *wdev;
17588 struct cfg80211_beacon_registration *reg, *tmp;
17589
17590 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
17591 return NOTIFY_DONE;
17592
17593 rcu_read_lock();
17594
17595 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
17596 struct cfg80211_sched_scan_request *sched_scan_req;
17597
17598 list_for_each_entry_rcu(sched_scan_req,
17599 &rdev->sched_scan_req_list,
17600 list) {
17601 if (sched_scan_req->owner_nlportid == notify->portid) {
17602 sched_scan_req->nl_owner_dead = true;
17603 schedule_work(&rdev->sched_scan_stop_wk);
17604 }
17605 }
17606
17607 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
17608 cfg80211_mlme_unregister_socket(wdev, notify->portid);
17609
17610 if (wdev->owner_nlportid == notify->portid) {
17611 wdev->nl_owner_dead = true;
17612 schedule_work(&rdev->destroy_work);
17613 } else if (wdev->conn_owner_nlportid == notify->portid) {
17614 schedule_work(&wdev->disconnect_wk);
17615 }
17616
17617 cfg80211_release_pmsr(wdev, notify->portid);
17618 }
17619
17620 spin_lock_bh(&rdev->beacon_registrations_lock);
17621 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
17622 list) {
17623 if (reg->nlportid == notify->portid) {
17624 list_del(&reg->list);
17625 kfree(reg);
17626 break;
17627 }
17628 }
17629 spin_unlock_bh(&rdev->beacon_registrations_lock);
17630 }
17631
17632 rcu_read_unlock();
17633
17634 /*
17635 * It is possible that the user space process that is controlling the
17636 * indoor setting disappeared, so notify the regulatory core.
17637 */
17638 regulatory_netlink_notify(notify->portid);
17639 return NOTIFY_OK;
17640}
17641
17642static struct notifier_block nl80211_netlink_notifier = {
17643 .notifier_call = nl80211_netlink_notify,
17644};
17645
17646void cfg80211_ft_event(struct net_device *netdev,
17647 struct cfg80211_ft_event_params *ft_event)
17648{
17649 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
17650 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17651 struct sk_buff *msg;
17652 void *hdr;
17653
17654 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
17655
17656 if (!ft_event->target_ap)
17657 return;
17658
17659 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
17660 GFP_KERNEL);
17661 if (!msg)
17662 return;
17663
17664 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
17665 if (!hdr)
17666 goto out;
17667
17668 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17669 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17670 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
17671 goto out;
17672
17673 if (ft_event->ies &&
17674 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
17675 goto out;
17676 if (ft_event->ric_ies &&
17677 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
17678 ft_event->ric_ies))
17679 goto out;
17680
17681 genlmsg_end(msg, hdr);
17682
17683 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17684 NL80211_MCGRP_MLME, GFP_KERNEL);
17685 return;
17686 out:
17687 nlmsg_free(msg);
17688}
17689EXPORT_SYMBOL(cfg80211_ft_event);
17690
17691void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
17692{
17693 struct cfg80211_registered_device *rdev;
17694 struct sk_buff *msg;
17695 void *hdr;
17696 u32 nlportid;
17697
17698 rdev = wiphy_to_rdev(wdev->wiphy);
17699 if (!rdev->crit_proto_nlportid)
17700 return;
17701
17702 nlportid = rdev->crit_proto_nlportid;
17703 rdev->crit_proto_nlportid = 0;
17704
17705 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17706 if (!msg)
17707 return;
17708
17709 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
17710 if (!hdr)
17711 goto nla_put_failure;
17712
17713 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17714 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17715 NL80211_ATTR_PAD))
17716 goto nla_put_failure;
17717
17718 genlmsg_end(msg, hdr);
17719
17720 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
17721 return;
17722
17723 nla_put_failure:
17724 nlmsg_free(msg);
17725}
17726EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
17727
17728void nl80211_send_ap_stopped(struct wireless_dev *wdev)
17729{
17730 struct wiphy *wiphy = wdev->wiphy;
17731 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17732 struct sk_buff *msg;
17733 void *hdr;
17734
17735 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17736 if (!msg)
17737 return;
17738
17739 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
17740 if (!hdr)
17741 goto out;
17742
17743 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17744 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
17745 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17746 NL80211_ATTR_PAD))
17747 goto out;
17748
17749 genlmsg_end(msg, hdr);
17750
17751 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
17752 NL80211_MCGRP_MLME, GFP_KERNEL);
17753 return;
17754 out:
17755 nlmsg_free(msg);
17756}
17757
17758int cfg80211_external_auth_request(struct net_device *dev,
17759 struct cfg80211_external_auth_params *params,
17760 gfp_t gfp)
17761{
17762 struct wireless_dev *wdev = dev->ieee80211_ptr;
17763 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17764 struct sk_buff *msg;
17765 void *hdr;
17766
17767 if (!wdev->conn_owner_nlportid)
17768 return -EINVAL;
17769
17770 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17771 if (!msg)
17772 return -ENOMEM;
17773
17774 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
17775 if (!hdr)
17776 goto nla_put_failure;
17777
17778 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17779 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17780 nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
17781 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
17782 params->action) ||
17783 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
17784 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
17785 params->ssid.ssid))
17786 goto nla_put_failure;
17787
17788 genlmsg_end(msg, hdr);
17789 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
17790 wdev->conn_owner_nlportid);
17791 return 0;
17792
17793 nla_put_failure:
17794 nlmsg_free(msg);
17795 return -ENOBUFS;
17796}
17797EXPORT_SYMBOL(cfg80211_external_auth_request);
17798
17799void cfg80211_update_owe_info_event(struct net_device *netdev,
17800 struct cfg80211_update_owe_info *owe_info,
17801 gfp_t gfp)
17802{
17803 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
17804 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17805 struct sk_buff *msg;
17806 void *hdr;
17807
17808 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
17809
17810 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17811 if (!msg)
17812 return;
17813
17814 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
17815 if (!hdr)
17816 goto nla_put_failure;
17817
17818 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17819 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17820 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
17821 goto nla_put_failure;
17822
17823 if (!owe_info->ie_len ||
17824 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
17825 goto nla_put_failure;
17826
17827 genlmsg_end(msg, hdr);
17828
17829 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17830 NL80211_MCGRP_MLME, gfp);
17831 return;
17832
17833nla_put_failure:
17834 genlmsg_cancel(msg, hdr);
17835 nlmsg_free(msg);
17836}
17837EXPORT_SYMBOL(cfg80211_update_owe_info_event);
17838
17839/* initialisation/exit functions */
17840
17841int __init nl80211_init(void)
17842{
17843 int err;
17844
17845 err = genl_register_family(&nl80211_fam);
17846 if (err)
17847 return err;
17848
17849 err = netlink_register_notifier(&nl80211_netlink_notifier);
17850 if (err)
17851 goto err_out;
17852
17853 return 0;
17854 err_out:
17855 genl_unregister_family(&nl80211_fam);
17856 return err;
17857}
17858
17859void nl80211_exit(void)
17860{
17861 netlink_unregister_notifier(&nl80211_netlink_notifier);
17862 genl_unregister_family(&nl80211_fam);
17863}
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-04-16 20:15:33 +0800